0

I have multiple EC2 instances running in the same VPC (and thus same region). Is there a way that I can resolve those EC2 instances uniquely for SSH access? Let's assume that I am not using elastic IPs for these instances, so the assigned IP for each instance will change over time.

I was contemplating setting up a unique subdomain for each instance, but then I realize I would still need a permanent public IP in the A record unique to each instance.

E.g.

ssh user@host1.mydomain.net
ssh user@host2.mydomain.net
ssh user@host3.mydomain.net

For a web server one could reference the same IP for each host, yet still internally direct the request to correct instance based on the DNS name. Is this possible with SSH also?

Is there a different way to get this working? AWS only gives us 5 elastic IPs per region.

kashiraja
  • 211
  • 2
  • 5

2 Answers2

2

The easiest way to do this, if you have long running instances, is to request an Elastic IP limit increase and associate one with each instance. EIPs are free.

I thought using Route53 alias records could be an option to cope with the public IP changing, but you can't alias to an EC2 instance, just things like ELB and VPC endpoints.

You could of course create A records every time an instance public IP changes, either manually or using a lambda function.

Tim
  • 31,888
  • 7
  • 52
  • 78
  • I was able to up the limit on the EIPs, so this turned out to be a viable workaround because the number of hosts was fairly limited in my case. – kashiraja Jan 11 '20 at 01:32
  • I was hoping the solution would have been to just configure Route53 or LB, but I guess the limitation is that a subdomain has to be bound to a public IP. So this would require updating the DNS record each time the instance was restarted. – kashiraja Jan 11 '20 at 01:35
  • Public IP changes when the instance is stopped and started, not when it's restarted - a minor but important distinction. As I mentioned, you could automate that with lambda. The idea on the other answer of using a jump host and private IPs is good too. – Tim Jan 11 '20 at 06:03
2

You could put your network inside a VPC and give one instance an elastic IP which you can then use to build a tunnel. From there you can SSH to the other instances using local IPs, which you will be able to control and set statically.

LTPCGO
  • 508
  • 1
  • 3
  • 15
  • Sounds like this solution would require using a jump server within the VPC? Which is fine, as you point out, because an internal IP could be kept constant. This would ensure that I wouldn't need to update the ssh config on my dev machine when an instance is rebooted. – kashiraja Jan 11 '20 at 01:38