Skip to main content
HashnodeSyaifuddin’s Growing Space

Command Palette

Search for a command to run...

[EN] How I Stopped Copy-Pasting AWS EC2 IPs and Started SSHing Smarter

Updated
2 min read
[EN] How I Stopped Copy-Pasting AWS EC2 IPs and Started SSHing Smarter
M
Mochammad Syaifuddin
Started my IT career as a Technical Support at an Indonesian web hosting provider, then progressed through various roles as a Linux SysAdmin, Network Engineer, Product Designer, and DevOps Engineer. I moved to a SaaS company and since then I’ve built hands-on experience mainly with AWS and GCP and work daily with popular cloud native tools.
Part of seriesAWS

Remembering IP in a massive, dynamic environment is not easy. You may have an instance with IP 10.0.0.1 today, but there is no guarantee that the same server will be there tomorrow. If you are still SSH-ing to your server using a traditional method like ssh user@ip_addressyou’ll have a hard time remembering the IP address of that server. Wouldn't it be easier to just run server_a or server_b to get into that particular server? You just have to know the name of the server, which is easier to remember. Also, the command is dynamically updated when a new server is created or deleted.

tl;dr

  • Allow the bastion host to read EC2 metadata

  • Create a Python script to get all the instance names and private IPv4 addresses

  • Add the command alias to your .bashrc or .zshrc file.

  • Add cron to run the script automatically and update your alias.

Allow Bastion host to get EC2 instances

💡
Please review the IAM policy to comply with your security standards. Don’t blindly copy and paste.

  1. The script will get all the EC2 data using the describe-instances command. Create an AWS IAM policy to allow read access to the instances:

     {
   "Version": "2012-10-17",
   "Statement": [
     {
       "Effect": "Allow",
       "Action": "ec2:DescribeInstances",
       "Resource": "*"
     }
   ]
 }

  2. Create or modify your existing Bastion IAM role to attach this IAM policy.

  3. Verify the access by running aws ec2 describe-instances inside the Bastion host.

Create a script to generate the command alias

The idea is to generate this output that can be fed to the .bashrc:

alias server_a="ssh ubuntu@private_ipv4_address"
...

Here’s the Python code to do that:

https://gist.github.com/roboticpuppies/c0078aea83866fda9488ed55d464fb1d

Generate the alias and write it to ~/.awsvmaliases:

python3 aliasgen.py > ~/.awsvmaliases

Automatically load the aliases

To automatically load those aliases when you open the terminal, open your .bashrc or .zshrc file and append this line:

...
source ~/.awsvmaliases

Automatically update the list

In my case, it is sufficient to update the script once an hour. So I just use cron to update the aliases:

# Inside the crontab
@hourly /usr/bin/python3 path/to/aliasgen.py > ~/.awsvmaliases

If you need to manually update the list without waiting for cron to run, you can run this command:

python3 path/to/aliasgen.py > ~/.awsvmaliases
# If you use bash shell, tell bash to reload the .bashrc file and read the changes
source ~/.bashrc
#aws
14 views

Comments

Join the discussion

No comments yet. Be the first to comment.

AWS

Part 3 of 4
Up next

[EN] Be careful before applying immediate modifications in AWS RDS

tl;dr "Apply Immediately" applies everything in the pending modifications queue, not just your change. Always check pending modifications and maintenance tabs first. Don't accidentally trigger a db-upgrade unless you're ready for downtime. What ...

More from this blog

Syaifuddin’s Growing Space

10 posts

A personal documentation of what I've learned. Mostly about tech-related stuff.