EC2 box ssh using new hostname - linux

I have an ec2 box, it is an ubuntu 18.04 OS. I can using "ssh -i {pemfile} ubuntu#{ip address}" also "ssh -i {pemfile} ubuntu#{ip-ipaddress.us-east-2.compute.internal}" from another EC2 box. Now I wanted to change the hostname and use it in ssh. I followed some of linux and AWS articles AWS Article and changed /etc/hostname and /etc/hosts file. Can not use route 53 DNS entry as per requirement.
/etc/hosts = 10.0.1.190 dev-host.example.trade
/etc/hostname = dev-host.example.trade
Getting below error "ssh -i {pemfile} ubuntu#dev-host.example.trade"
ssh: Could not resolve hostname dev-host.example.trade: Name or service not known.

As you’ve made the changes on the server only these will only be resolvable on that host (otherwise anyone could use any domain).
There are a few options you can take if you want to use a custom domain name.
The obvious one is you can use a domain you control, this will allow it to resolve across any hosts that are able to resolve your public DNS. If you don’t own a domain you can purchase one through a registrar (such as Route 53).
The second option is to look at using Route 53 private hosted zones. By attaching to your VPC you can set DNS records that resolve within your VPC. If you want these records to resolve in a hybrid network you would need to look at adding a DNS resolver.
The third option is to look at using a resource that can resolve the domain name, to do this you would either join a domain (using a service such as managed active directory or simple directory), or you could setup an EC2 host to resolve DNS. This is an expensive solution and the most complex if you’re using a hybrid architecture.
Take a look at the Centralized DNS management of hybrid cloud with Amazon Route 53 and AWS Transit Gateway post for more information about hybrid DNS

Your local machine knows nothing about changes you've made to the EC2 configuration. Those changes are local to the EC2 instance.
One way to connect to your cloud instance via a DNS name like dev-host.example.trade is to associate an elastic IP to the EC2 instance. Elastic IPs persist even if the instance is rebooted.
Next, create a new A-type DNS record at your DNS provider pointing to the newly issued IP address.
You can now connect to the server with the DNS name.

Related

Can I assign a custom FQDN for an Amazon EKS cluster?

When I run aws eks update-kubeconfig, my ~/.kube/config file contains the following line:
server: https://1234567890ABCDEF1234567890ABCDEF.xx0.region.eks.amazonaws.com
This hostname resolves to some IP address in our VPC.
Which used to work fine, but now my company is migrating to a DNS-based VPN and, due to factors outside my team's control, blanket DNS routing of a domain we don't control, such as eks.amazonaws.com, is not an option. Also the server hostnames are constantly changing because we use Blue-Green Deployment.
There's a really crappy workaround in which we manually keep a CNAME record in Route53 and manually edit that address in kube config after we run update-kubeconfig.
Is there a way to tell EKS to use a Route53 Record instead of that amazonaws.com URLs in a way that update-kubeconfig will know about?
DNS is the core discovery system for EKS, Kubernetes. Having said that, a potential solution is external DNS which integrates with Route53.

Cloud DNS with OpenVPN not resolving on client

I'm trying to use Google Cloud Platform's Cloud DNS to resolve internal IPs of Compute Engine instances by DNS from my local machine. I was able to setup an OpenVPN server on an instance by following this guide: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-openvpn-server-on-ubuntu-16-04
My VPN configuration successfully connects to the OpenVPN server, and allows me to ping internal IPs of my GCE instances. The instance hosting my OpenVPN server is able to resolve and ping cloud DNS entries, but my client local machine is unable to do the same.
Here's the content of my /etc/resolve.conf file after connecting to the VPN server.
search openvpn
nameserver 169.254.169.254
What additional configuration do I need to do to allow my local machine to resolve Cloud DNS addresses?
In Compute Engine, DNS resolution is performed against the metadata server, which always has IP 169.254.169.254. The issue arises from the fact that this IP is link-local and is non-routable, thus will not work over VPN/IPSEC.
There are a few solutions/workarounds for it:
You could map all internal GCE instances IPs in the hosts files of the servers in your private network - the drawback is that the process is manual and time-consuming depending on how many instances you have.
The second option would be an internal GCE server (internal resolver) running a DNS server which could cross networks. More information on this is available in this documentation.

AWS CLI to restrict inbound connections from a dynamic IP

My internet provider doesn't offer static IP, so I have to connect to my AWS instances with a dynamic IP. That means that my VPC security group in AWS has a ssh port that can be accessed from every IP (source: 0.0.0.0/0), obviously if you have the key.
I would want to restrict this rule, and I was thinking of writing a CLI script that revokes this 0.0.0.0 rule and creates a new inbound rule with my (dynamic) IP.
Is it possible? Is it a good idea?
You could connect through a VPN. Then SSH from inside the VPN.
setup a software VPN (OpenVPN, OpenSwan) on an existing instance and open just that port to the outside world. Once setup it would essentially be free if you are running it on an instance that you would normally run. This will have a little more setup involved but it's not too hard.
Previously I suggested the Amazon VPC VPN. But that requires a static IP so that will not work

Can you use a custom DNS server within EC2?

I need to set up a custom DNS server within EC2. I have one instance that acts as the DNS server, and N other instances that use this DNS server to connect to one another. Is this posible? Basically, I need to modify the DHCP settings for the N instances so that they connect to the DNS server. I can't find any good documentation on modifying the DHCP settings for an instance.
Note: I did find some documents, but they seem to only apply to Amazon VPC. Is there any way to do this without using VPC?
Short answer - no. You need a VPC. But once you have the VPC created - you can effectively do whatever you like with it.
Long answer - traditional AWS hosting gets an address directly from Amazon. This means you've got no control whatsoever of the IP addresses.
New accounts however come with a VPC by default, which means you can install a machine to act as a DNS server. (And I've done this in the past using Windows Active Directory)

Amazon Elastic IP + EC2

I have set up an EC2 instance and an Elastic IP which is associated to the instance. I have also set an A record in my DNS provider's Zone editor so that the domain name points to the elastic IP e.g. example.com = 123.123.123.123.
After reading many posts, this seems like it should be enough to work but my domain name still isn't resolving. I can't even ping the IP address! Weirdly I CAN ssh into the EC2 instance via the elastic IP and everything seems fine, except that my domain name doesn't resolve to the EC2 instance!
Any thoughts?
DNS names take a while to propagate so that is probably your first issue.
Go to http://www.whatsmydns.net/ and enter your domain name. If all of the locations are returning with the correct ip then you can safely assume its not a DNS propagation issue.
Enable ICMP rules in the security group. If using the aws console create a new rule for "All ICMP" with a source of "0.0.0.0/0". Enabling this creates a security risk for your server so only enable this temporarily while testing. At this point you should be able to ping your instance.
If using HTTP or HTTPS enable the correct ports on the security group for those protocols and as long as the instance is configured correctly with Apache you should be up and running.
Please check your EC2 security group & make sure desired ports are open

Resources