aws

http://status.aws.amazon.com/ https://www.expeditedssl.com/aws-in-plain-english
viesti 2020-12-01T11:40:49.166100Z

+1 for SSM tunneling, it's my go-to tool currently. There's a nice helper for selecting the EC2 instance to connect to https://github.com/disneystreaming/ssm-helpers

viesti 2020-12-01T11:43:33.168Z

wrote a helper script for tunneling to rds via a host using ssm: https://github.com/metosin/cloud-busting/blob/main/aws/ecs-demo/modules/bastion/ssm-rds-tunnel.sh

viesti 2020-12-01T11:45:27.169900Z

there's some hoops to jump, the target instance has to have arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore policy attached and has to have the ssm agent running (current amazon linux 2 ami's have this agent running by default) and also ec2-instance-connect installed (that is installed to current amazon linux 2 ami's as well)

viesti 2020-12-01T11:45:59.170700Z

the script then uses the ssh daemon on the target host for port forwarding to remote hosts (ssm agent doen't yet support remote port forwarding)

viesti 2020-12-01T11:46:54.171700Z

anyhow, if the hadoop nodes don't explicitly require ssh access between each other, and you need only ssh access to the hosts themselves, then ssm is quite nice (competes with the gcp option)

orestis 2020-12-01T14:02:29.172200Z

@viesti thanks for that link, does that replace the clumsy (IMO) need to install a separate plugin to the AWS CLI?

viesti 2020-12-01T14:04:24.173300Z

I have the plugin installed so didn't actually know until reading the readme :) > It uses the Amazon-supplied session-manager-plugin binary in combination with the AWS CLI tool to create the actual sessions.

viesti 2020-12-01T14:06:25.176Z

anyways, provides a list of instances and -f tag=value is neat, e.g. -f Name=backend-1