Highly Available Bastion Hosts with Route53

Instances in a private subnet don’t have a public IP address, and without a VPN or a DirectConnect option, Bastion Host (JumpBox) is the expected mechanism to reach your servers. Therefore, we should make it Highly Available.

In this quick post, I will show you how to setup a Highly Available Bastion Hosts with the following targets :

  • Bastion hosts will be deployed in two Availability Zones to support immediate access across the VPC & withstand an AZ failure.
  • Elastic IP addresses are associated with the bastion instances to make sure the same trusted Elastic IPs are used at all times.
  • Bastion Hosts will be reachable via a permanent DNS entry configured with Route53.

In order to easily setup the infrastructure described above, I used Terraform:

git clone https://github.com/mlabouardy/terraform-aws-labs
cd bastion-highavailability

Note: I did a tutorial on how to the setup a VPC with Terraform so make sure to read it for more details.

Update the variables.tfvars file with your SSH Key Pair name and an existing Hosted Zone ID. Then, issue the following command:

terraform apply -var-file=variables.tfvars

That will bring up the VPC, and all the necessary resources:

Now in your AWS Management Console you should see the resources created:

EC2 Instances:

DNS Record:

Finally, create an SSH tunnel using the DNS record to your private instance:

ssh -f ec2-user@bastion.slowcoder.com -i /d/aws/vpc.pem -L 2800: -N

Once done, you should now be able to access to your private instances via SSH:

ssh ec2-user@localhost -p 2800 -i /d/aws/vpc.pem

Take it further ? instead of defining number of bastion hosts, we could use a bastion host inside an autoscaling group with min target set to 1.

Drop your comments, feedback, or suggestions belowβ€Šβ€”β€Šor connect with me directly on Twitter @mlabouardy.

Running Docker on AWS EC2

In this quick tutorial, I will show you how to install Docker πŸ‹ on AWS EC2 instance and run your first Docker container.

1 – Setup EC2 instance

I already did a tutorial on how to create an EC2 instance, so I won’t repeat it. There are few ways you’ll want to differ from the tutorial:

We select the β€œAmazon Linux AMI 2017.03.1 (HVM), SSH Volume Type” as AMI. The exact versions may change with time.
We configure the security groups as below. This setting allows access to port 80 (HTTP) from anywhere, and SSH access also.

Go ahead and launch the instance, it will take couple of minutes:

2 – Install Docker

Once your instance is ready to use, connect via SSH to the server using the public DNS and the public key:

Once connected, use yum configuration manager to install Docker, by typing the following commands:

sudo yum update -y
sudo yum install -y docker

Next, start the docker service:

In order to user docker command without root privileges (sudo), we need to add ec2-user to the docker group:

sudo usermod -aG docker ec2-user

To verify that docker is correctly installed, just type:

As you can see the latest version of docker has been installed (v17.03.1-ce)

Congratulation ! πŸ’« πŸŽ‰ you have now an EC2 instance with Docker installed.

3 – Deploy Docker Container

It’s time to run your first container 😁. We will create an nginx container with this command:

If we run the list command β€œdocker ps”, we can see that a nginx container has been created from the nginx official image.

Finally, you visit your instance public DNS name in your browser, you should see something like this below:

Drop your comments, feedback, or suggestions belowβ€Šβ€”β€Šor connect with me directly on Twitter @mlabouardy.

Your browser is out-of-date!

Update your browser to view this website correctly. Update my browser now