Connect to services via SSH

Edit on GitHub
Restrictions apply
  • The following instruction are for personnel to connect to the cloud infrastructure and should not be used to connect other infrastructure components and systems to the cloud infrastructure.
  • A direct RDS connection can be established only from Spryker services. Direct connection to RDS database outside of the the application’s internal networks is prohibited.

We add your SSH public key to the bastion host during the onboarding, so you can access your environments’ internal networks via SSH right after. Bastion is the only instance you can connect to via SSH.

You can use SSH in two ways:

  • Connect to the bastion host and, subsequently, connect to other supported infrastructure components
  • Set up SSH port forwarding through bastion host to access a specific service from your computer

Prerequisites

To get SSH access, request an IAM user by creating an Infrastructure Change Request/Access Management in our Support Portal. Make sure to include your SSH key in the request.

Together with an IAM user, you will also get VPN access via an OVPN profile.

Connect to a service

Example services

In the following instructions we use the Jenkins service as an example. Adjust the service name per your requirements.

  1. Connect to the VPN using the provided OVPN profile.
  2. Connect to the bastion host:
    1. In the AWS Management Console, go to Services > EC2 > Instances.
    2. Select {environment_name}-bastion. This opens a pane at the bottom of the page.
    3. Copy the value of the Public IPv4 address field.
    4. Connect to the copied IP address via SSH.
  3. In the AWS Management Console, find the endpoint to connect to a service endpoint:
    1. Go to Services > Route53 > Hosted Zones.
    2. Select the desired hosted zone.
    3. Enter jenkins in the search field and press Enter.
    4. Copy the value of the Value/Route traffic to field.
    5. Connect to the copied endpoint via SSH.
  4. Optional: Set up SSH port forwarding:
    1. In the bastion host, get the IP address of the endpoint by resolving the copied endpoint:
    dig +short staging.cxg4btdhhsrr.eu-central-1.example.amazonaws.com
    10.111.4.63
    
    1. Set up SSH port forwarding using the IP address. For example:
    ssh -A ubuntu@<private_bastion_ip> -L 0.0.0.0:8080:<private_scheduler_ip>:80