Access bastion servers
As we move from SSH to SSM, this server is now used to access the database, access to the other ec2’s is made directly via SSM.
Secrets
Extract the SSH Key secrets for the bastion server:
- Dev (alpaca) secret name:
keys/alpaca-bastion-20230120 - staging secret name:
keys/govwifi-staging-bastion-key-20200717 - production secret name:
keys/govwifi-bastion-key
SSH/SSM Config
We have transitioned to SSM, there should be no differences when running commands, the only difference is in the config, for example you’ll now need to know the instance id of the host rather than the IP address.
We recommended setting up a SSH config for ease of use. Instructions how to set up your SSH config exist in the Password Store of GovWifi where you can run:
PASSWORD_STORE_DIR=<password_store_dir> pass show ssh/instructions.txt
where <password_store_dir> is the path of the passwords directory of the govwifi-build repository on your local machine.
You should now be able to connect to each of the hosts using ssh and the hostnames mentioned in instructions.txt.
Example:
ssh example.hostname