help! our devops created a bastion host with terraform and I don't understand how to connect. We've been talking back and forth all day and getting nowhere. He asked me for my pub key, I provided it. When I try to connect with ssh -i mykey.pub ec2-user#mydomain.com, it doesn't work. Our devops is asking me why I'm connecting to that host when I'm the bastion server (?!?). This doesn't make sense he's expecting me to connect to ubuntu#myip, but that doesn't work and I don't understand why it would because how would it know which AWS server to connect to? I asked for an AWS pem key but he said I need to use my pub key.
I've been trying to find documentation online that would explain how I'm supposed to connect (I'm on macos) but all documentation shows that an AWS pem key is required.
Related
I want to host a database in Heroku server and also a django application. The problem is: To transfer data to my Heroku database i would need be connected to a VPN. Does Heroku provides a way to connect to a VPN in order to access another database, like AWS client VPN?
My infra would be like this:
Airflow running DAGs to pull data from a AWS database that requires VPN connection to source from it. I would transfer the data from this AWS database to my heroku database.
Is it possible?
Thank you
Another thing that i'm wondering is if it is possible to connect Heroku to AWS client VPN, in case Heroku does not have something similar or a way to do this step.
Yes Heroku does provides a VPN labelled as Heroku Private Spaces and Shield Spaces.
Here is the link
https://devcenter.heroku.com/articles/private-space-vpn-connection
I'm using Amazon Aurora PostgreSQL in VPC. I created an EC2 instance as a bastion host to connect via pgAdmin. When I first connect to the DB with "Connection" and "SSH Tunnel" tabs filled out, it works. But then when I close pgAdmin and try to connect again, it asks for a password to my EC2 key-pair which I don't have. Has anyone else run into this?
i'm a beginner to Docker, hope everyone can help, much appreciated.
I downloaded a docker image from my company repository and i managed to create a container in my local machine from the image, let's named it mydb. It is created through command below:
docker run --name mydb -p 1521:1521 -d mycompany.com:5000/docker-db:20.0.04
I am able to access the database with following connection string through my sqldqveloper : system/abc123#127.0.0.1:1521/ORCL
Our company have a database server in AWS, let's name it awsdb. I can access it after vpn login.
I am able to access the database with following connection string in sqldqveloper :
system/abc123#awsdb.amazonaws.com:1521/awsdb
Question:
How can i create a database link in mydb to awsdb with database link "my_dblink"? eg. select sysdate from dual#my_dblink.
I try with following command:
CREATE PUBLIC DATABASE LINK my_dblink
CONNECT TO system
IDENTIFIED BY abc123
USING 'awsdb.amazonaws.com:1521/awsdb';
but it return error ORA-12543: TNS:destination host unreachable.
I tried remove the container and recreated it by set the net=host:
docker run --name mydb -p 1521:1521 -d --net=host mycompany.com:5000/docker-db:20.0.04
then now i can't even connect is with system/abc123#127.0.0.1:1521/ORCL
error ORA-12541 returned: no listener.
How can i open the connection between internal docker to AWS database server? Thank you.
First of all, I do believe you need to understand what you are trying to accomplish.
When you create a database link between two databases, the main requirement you must fulfil is to have network connectivity between both of them in the ports you are using. As one of them is stored in public cloud, at least you would need:
A network connection between the network where the docker is installed and the public cloud in AWS.
But, as your docker is installed in your local laptop, the AWS should be opened to Internet, something that it is a security issue and probably it is not enabled.
Moreover, you would need Firewall rules in all the ports you might need to use in this connectivity.
As you are using a VPN login that allows you to access the AWS Cloud resources because you are connecting through it ( probably using Active Directory and/or a certificate, perhaps even using SSO federation between your AD in your company and the resources in AWS ), the database can't connect using that.
Summarizing, that is not possible, and if I were someone in Security I would never allow it. The only option for you would be to create a docker with the database in AWS and then create the database link there.
This is the first time I use the sshuttle.
I am running into an issue working with sshuttle.
I run the sshuttle to connect my local with a remote server on my local machine.
I can access the server by using ssh and pem file.
I used the following command on my MacOS.
sshuttle --dns -vr dev 10.0.0.0/0 --ssh-cmd 'ssh -i ~/.ssh/dev.pem'
I have set ssh config to use the dev hostname in .ssh/config file
host dev
HostName xx.xxx.xx.xx
user root
IdentityFile ~/.ssh/dev
But I couldn't connect my local to the remote server, even all the internet traffic keeps loading and never loads anything.
I am using a dedicated IP on VPN service (PureVPN). Wihtout VPN, sshuttle is working well so meaning that running sshuttle on top of other VPN service is a problem?
I don't think it's a problem since it's a dedicated IP. And if it's a problem, how can I address this issue since I must use the dedicated IP for an another service.
If you have faced the same issue before, please let me know.
Thank you in advance!
From the looks of what you mentioned there could be two things that can be the cause. One, the credentials that are given to you by the third party hosting are incorrect. But since you mentioned that you are able to access the sshuttle without a VPN, this clearly indicates that you need to get your dedicated IP approved from the hosting service if it's not marked spam. If you are looking for a dedicated IP VPN service provider try Ivacy.
Ok, so I've read the tutorial here:
http://www.powercram.com/2009/07/connecting-to-aws-ec2-instance-linux.html
I created a keypair on Ec2, and ran it through puttygen, and tried to login via putty. I tried logging into the ip of the site, the url of the site, and the public DNS given to me by Amazon. I've tried logging in as root, ec2-user, ubuntu (even though I think its a fedora install, I'm just not sure because I just inherited this project). The name of the keypair on amazon's interface is hooper, so I tried logging in as that. Every time I get "server refused our key". I've read many peoples post on this problem, and none of the solutions seem to work for me. If any one has any other ideas, I'd appreciate it.
Make sure the instance is running under the keypair you think it is - you have to ensure the key PEM file you ran through PuttyGEN is the actual key that the instance is authenticated with.