I just signed up for Amazon's new Elastic Beanstalk offering. What I can't figure out is how to SSH to a Beanstalk instance. I don't have a private key because Beanstalk generated the instance on my behalf.


Solution 1:

I found it to be a 2-step process. This assumes that you've already set up a keypair to access EC2 instances in the relevant region.

Configure Security Group

  1. In the AWS console, open the EC2 tab.

  2. Select the relevant region and click on Security Group.

  3. You should have an elasticbeanstalk-default security group if you have launched an Elastic Beanstalk instance in that region.

  4. Edit the security group to add a rule for SSH access. The below will lock it down to only allow ingress from a specific IP address.

    SSH | tcp | 22 | 22 | 192.168.1.1/32
    

Configure the environment of your Elastic Beanstalk Application

  1. If you haven't made a key pair yet, make one by clicking Key Pairs below Security Group in the ec2 tab.
  2. In the AWS console, open the Elastic Beanstalk tab.
  3. Select the relevant region.
  4. Select relevant Environment
  5. Select Configurations in left pane.
  6. Select Security.
  7. Under "EC2 key pair:", select the name of your keypair in the Existing Key Pair field.

If after these steps you see that the Health is set Degraded

enter image description here

that's normal and it just means that the EC2 instance is being updated. Just wait on a few seconds it'll be Ok again

enter image description here

Once the instance has relaunched, you need to get the host name from the AWS Console EC2 instances tab, or via the API. You should then be able to ssh onto the server.

$ ssh -i path/to/keypair.pub [email protected]

Note: For adding a keypair to the environment configuration, the instances' termination protection must be off as Beanstalk would try to terminate the current instances and start new instances with the KeyPair.

Note: If something is not working, check the "Events" tab in the Beanstalk application / environments and find out what went wrong.

Solution 2:

Elastic beanstalk CLI v3 now supports direct SSH with the command eb ssh. E.g.

eb ssh your-environment-name

No need for all the hassle of setting up security groups of finding out the EC2 instance address.

There's also this cool trick:

eb ssh --force

That'll temporarily force port 22 open to 0.0.0.0, and keep it open until you exit. This blends a bit of the benefits of the top answer, without the hassle. You can temporarily grant someone other than you access for debugging and whatnot. Of course you'll still need to upload their public key to the host for them to have access. Once you do that (and as long as you're inside eb ssh), the other person can

ssh [email protected]

Solution 3:

My experience in August 2013 with a linux client and a simple AWS Beanstalk installation (single EC2 instance) is as follows (based on Community Wiki above)

Configure Security Group

  1. In the AWS console, select EC2 to go to the EC2 Dashboard
  2. Discover the security group to which your EC2 instance belongs by clicking Instances in the left hand panel and then selecting the instance you want to connect to (in my case there is only one - called Default Environment). The details are shown at the base of the page - You should see a field for Security Groups - make a note of the name - in my case "awsweb...".
  3. From the left hand panel select Security Groups.
  4. Select the awsweb... security group and the details should show at the base of the page
  5. Select the Inbound tab and choose SSH from the "Create a New Rule" drop down. Insert the ip address/CIDR of your local machine (from which you intend to connect), e.g. 192.168.0.12/32 and click Add Rule and Apply Rule Changes.

Create Public-Private Key Pair

  1. From the EC2 dashboard select Key Pairs from the left hand panel
  2. Click Key Pair (at top) and enter a name such as myname-key-pair-myregion or whatever valid key name you like.
  3. Confirm and then accept the download of the private key from the browser saving it for instance to your home directory or wherever you fancy. Make sure the directory only has write permissions for you.

Associate the Public Private Key Pair with the Elastic Beanstalk EC2 Server

  1. To add a public-private key pair to an Elastic Beanstalk EC2 instance do: Services -> Elastic Beanstalk -> My App -> Default Environment takes you to the default environment (the one where you upload your app)
  2. Click Configuration (on left hand panel) and then on the gear/cog associated with "Instances"
  3. A page entitled "Server" is displayed
  4. Select your prebuilt key par from EC2 Key Pair and do Save
  5. Some warning message is displayed so do Save again.

Connect to AWS EC2 Instance using SSH

  1. In a terminal session change to the directory containing your private key (.pem file).
  2. If you've had a few goes at this you should probably do something about .ssh/known_hosts if you have one such as renaming it. Otherwise you may get an error about the host's identity having changed.
  3. Do: ssh -i ./myname-key-pair-my-region.pem [email protected]

Good luck

Solution 4:

I have been playing with this as well.

  1. goto your elastic beanstalk service tab
  2. on your application overview goto action --> edit configuration
  3. add the name of a key as it appears in your EC2 tab (for the same region) to the existing keypair box and hit apply changes

The service will be relaunched so make a coffee for 5 mins

On your ec2 tab for the same region you'll see your new running instance. ssh to the public dns name as ec2-user using the key added in 3 e.g. ssh [email protected]

Solution 5:

There is a handy 'Connect' option in the 'Instance Actions' menu for the EC2 instance. It will give you the exact SSH command to execute with the correct url for the instance. Jabley's overall instructions are correct.