Connecting to EC2 instances without a headache

ajardin profile image Alexandre Jardin Originally published at ajardin.fr on ・2 min read

AWS provides one powerful feature called auto-scaling. If you configure it on your infrastructure, you will be able to automatically adjust capacity to maintain optimal performances at the lowest possible cost. But it will be more difficult to open an SSH connection on your EC2 instances as the associated IP addresses will change regularly.

There are two main advantages to using auto-scaling (source).

You can use Amazon EC2 Auto Scaling for fleet management of EC2 instances to help maintain the health and availability of your fleet and ensure that you are running your desired number of Amazon EC2 instances.

You can also use Amazon EC2 Auto Scaling for dynamic scaling of EC2 instances to automatically increase the number of Amazon EC2 instances during demand spikes to maintain performance and decrease capacity during lulls to reduce costs.

In addition to that, it’s a security best practice to protect your application servers by using a bastion architecture. In other terms, only one EC2 instance will be exposed in a public subnet when all other EC2instances will be configured in a private subnet. And to access those servers, you’ll need to open an SSH connection through the bastion host.

AWS bastion architecture

Even if it’s the preferable approach with cloud infrastructure, it’s less user friendly when you need to reach one of your applications servers by SSH. Hopefully, it’s not something you do very often on “production-ready” platforms since AWS provides enough services (CloudWatch especially) to let you monitor all your instances.

But when you are working on the building of new infrastructure, it’s useful to be able to quickly SSH into a specificEC2 instance. By default, you need to retrieve IP addresses from the AWS console first and then, paste them in your terminal. That’s a massive waste of time when EC2 instances are renewed several times a day.

At some time, I decided to create a small script to improve that. The principle is pretty simple: instead of using IP addresses, I will use instead instances tags that we previously defined to facilitate the billing monitoring. If you want to use my script, you will need three things:

  • a tag Environment on your EC2 instances, basically the name of the associated platform.
  • a tag Name on your EC2 instances, prefixed by the Environment value.
  • a command-line JSON processor called jq on the computer where the script is executed.

Long story short, everything is described below! The only thing you will probably need to change is the SSH account since I let ec2-user in my snippet.

Thanks for reading!


markdown guide