bosh ssh on aws

[Cornelia Davis]

There are lots of posts around this, but all are fairly old and with things changing at the pace they do I wanted to check...

To bosh ssh to a machine in an AWS VPC setup, do I still need to already be sshed into a machine within that AWS VPC?

TIA

[Tony Hansmann]

The answer is 'yes and'. Being on a system in the security group is required, but you can also use that system to forward ssh connections through to the director and vms. 

What we do at CF is setup ssh-keys/agent to the director (micro or real) and then use the features of 'bosh ssh' to access the jobs in the VPC. Here's an example with the extended syntax version of 'bosh ssh'. The bash shortcut we use to do the same thing is here: https://gist.github.com/thansmann/6429523

-T

List the VMs in the current BOSH deployment;

$ bosh vms
Deployment `cf-a1'

Director task 506

Task 506 done

+-----------------------------+--------------------+------------------+-------------+
| Job/index                   | State              | Resource Pool    | IPs         |
+-----------------------------+--------------------+------------------+-------------+
| cloud_controller/0          | running            | common           | 10.10.2.16  |
| cloud_controller/1          | running            | common           | 10.10.2.17  |
| collector/0                 | running            | common           | 10.10.2.82  |
| dea_custom/0                | running            | dea              | 10.10.2.54  |
....
| syslog_aggregator/0         | running            | common           | 10.10.2.11  |
| uaa/0                       | running            | common           | 10.10.2.15  |
+-----------------------------+--------------------+------------------+-------------+

In the first column, the job name and it's index (instance) id are displayed. To start and SSH session to any of the VMs, router 1 for example, issue the following command;

$ bosh_ssh router/1
found agent
bosh ssh router/1 --gateway_host bosh.a1.cf-app.com --gateway_user vcap
Enter password (use it to sudo on remote host):

To unsubscribe from this group and stop receiving emails from it, send an email to bosh-users+...@cloudfoundry.org.

[Cornelia Davis]

Dude!! Tony, this is awesome.  Just exactly what I was looking for.  For those of you finding this thread, click on Tony's gist above.  The "yes and..." really is "yes, but we do the heavy lifting for you."

Thanks!!