Connect to services via SSH

We add your SSH public key to the bastion host during the onboarding, so you can access your environments’ internal networks via SSH right after. Bastion is the only instance you can connect to via SSH.

You can use SSH in two ways:

• Connect to the bastion host and, subsequently, connect to other supported infrastructure components
• Set up SSH port forwarding through bastion host to access a specific service from your computer

Prerequisites

To get SSH access, request an IAM user by creating an Infrastructure Change Request/Access Management in our Support Portal. Make sure to include your SSH key in the request.

Together with an IAM user, you will also get VPN access via an OVPN profile.

Connect to a service

1. Connect to the VPN using the provided OVPN profile.
2. Connect to the bastion host:
   1. In the AWS Management Console, go to Services > EC2 > Instances.
   2. Select {environment_name}-bastion. This opens a pane at the bottom of the page.
   3. Copy the value of the Public IPv4 address field.
   4. Connect to the copied IP address via SSH.
3. In the AWS Management Console, find the endpoint to connect to a service endpoint:
   1. Go to Services > Route53 > Hosted Zones.
   2. Select the desired hosted zone.
   3. Enter jenkins in the search field and press Enter.
   4. Copy the value of the Value/Route traffic to field.
   5. Connect to the copied endpoint via SSH.
4. Optional: Set up SSH port forwarding:
   1. In the bastion host, get the IP address of the endpoint by resolving the copied endpoint:

   dig +short staging.cxg4btdhhsrr.eu-central-1.example.amazonaws.com
   10.111.4.63
   

   2. Set up SSH port forwarding using the IP address. For example:

   ssh -A ubuntu@<private_bastion_ip> -L 0.0.0.0:8080:<private_scheduler_ip>:80