Secure Connections… No this is not a dating app thing…
Remember that bank from last time, they’re looking to deploy some servers and need some mechanisms to manage them remotely from their global team. I decided to give them some basic pieces that are more OS native depending on each of their preferred OS of use.
I deployed a Linux and Windows VM using CloudFoundation template, including Security Groups to allow for ssh (tcp port 22) for Linux and rdp (tcp port 3389) for Windows.
Template used:
Resources:
LinuxInstance:
Type: AWS::EC2::Instance
Properties:
AvailabilityZone: us-east-1a
ImageId: ami-05548f9cecf47b442
InstanceType: t2.micro
KeyName: LUIT_Linux
SecurityGroups:
- !Ref LinuxSecurityGroup
LinuxEIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref LinuxInstance
LinuxSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: SSH on Port 22
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
FromPort: 22
IpProtocol: tcp
ToPort: 22
WindowsInstance:
Type: AWS::EC2::Instance
Properties:
AvailabilityZone: us-east-1a
ImageId: ami-0fc682b2a42e57ca2
InstanceType: t2.micro
KeyName: LUIT_Linux
SecurityGroups:
- !Ref WindowsSecurityGroup
WindowsEIP:
Type: AWS::EC2::EIP
Properties:
InstanceId: !Ref WindowsInstance
WindowsSecurityGroup:
Type: AWS::EC2::SecurityGroup
Properties:
GroupDescription: RDP on 3389
SecurityGroupIngress:
- CidrIp: 0.0.0.0/0
FromPort: 3389
IpProtocol: tcp
ToPort: 3389A little example of what Cloud Foundation will look like upon completion:
Instead of diving through the UI, I used the AWS CLI to query the appropriate info for the running VMs:
stevenjones@stevenjones Downloads % aws - profile default ec2 describe-instances - filters "Name=instance-state-name,Values=running" - query 'Reservations[*].Instances[*].[InstanceId, PlatformDetails, InstanceType, PublicDnsName, State.Name]' - output table
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| DescribeInstances |
+ - - - - - - - - - - -+ - - - - - - -+ - - - - - -+ - - - - - - - - - - - - - - - - - - - - - - -+ - - - - - -+
| i-0f054fd2c23fb1372| Windows | t2.micro | ec2–44–216–96–152.compute-1.amazonaws.com | running |
| i-0cccaee06abdcf462| Linux/UNIX | t2.micro | ec2–3–214–12–222.compute-1.amazonaws.com | running |
+ - - - - - - - - - - -+ - - - - - - -+ - - - - - -+ - - - - - - - - - - - - - - - - - - - - - - -+ - - - - - -+
stevenjones@stevenjones Downloads %
Since I have the private key, I used ssh to login to the Linux instance without moving further.
I also verified I could pass commands for additional administration, scripting, etc.
For Windows, I needed to go into the UI and retrieve the password. I go back to the UI and identify the Windows instance using the instanceID retrieved from the CLI output: i-0f054fd2c23fb1372
I select it and use the connect function in the AWS UI:
This pops up:
I select the RDP client tab from the UI:
I select the get password link:
I upload my private key, select Decrypt Password and retrieve my password:
Now that I have my password and the hostname, I can connect to my Windows EC2 instance.
Using the Microsoft Remote Desktop for Mac, I use the hostname of the Windows instance:
I copy and paste the password from the AWS UI. And login.
I accepted the cert and allowed the login to continue.
Login complete!!
I ran a command to show the same info I retrieved from the Linux machine.
This gives the tooling for admins to perform a great number of remote administration tasks on either Linux or Windows instances.
These are the basics. You can also use AWS Systems Manager Session Manager — which I will cover in another article. Ta Ta for now!!