Dynamic Host Catalogs on AWS

polcikj · April 12, 2022, 2:31pm

Hi,

I followed this tutorial. I am running a local Boundary DEV server.

I successfully added a dynamic host set from AWS (which I created with provided .tf scripts):

boundary host-sets read -id hs_cUbrdfM9ue

Host Set information:
  Created Time:        Tue, 12 Apr 2022 16:05:08 CEST
  Host Catalog ID:     hc_X0gEiwiaNj
  ID:                  hs_cUbrdfM9ue
  Name:                aws-db
  Type:                plugin
  Updated Time:        Tue, 12 Apr 2022 16:05:09 CEST
  Version:             2

  Scope:
    ID:                p_rzKJdZblQY
    Name:              CC
    Parent Scope ID:   o_kgnhZkSsNI
    Type:              project

  Plugin:
    ID:                pl_AZ3oaWKC3w
    Name:              aws

  Attributes:
    filters:           [tag:service-type=database]

  Authorized Actions:
    no-op
    read
    update
    delete

  Host IDs:
    h_JzIzZSTZhj
    h_o55LEvw1hI
    h_pnLP7d8GHb
    h_RiiGoZePVd

I would like to connect to this host:

boundary hosts read -id h_JzIzZSTZhj

Host information:
  Created Time:        Tue, 12 Apr 2022 16:05:09 CEST
  External ID:         i-08473d17b1f63397d
  Host Catalog ID:     hc_X0gEiwiaNj
  ID:                  h_JzIzZSTZhj
  Type:                plugin
  Updated Time:        Tue, 12 Apr 2022 16:05:09 CEST
  Version:             1

  Scope:
    ID:                p_rzKJdZblQY
    Name:              CC
    Parent Scope ID:   o_kgnhZkSsNI
    Type:              project

  Plugin:
    ID:                pl_AZ3oaWKC3w
    Name:              aws

  Authorized Actions:
    no-op
    read

  Host Set IDs:
    hs_cUbrdfM9ue

  IP Addresses:
    172.31.24.133
    18.197.157.139

  DNS Names:
    ec2-18-197-157-139.eu-central-1.compute.amazonaws.com
    ip-172-31-24-133.eu-central-1.compute.internal

so I run this cmd:

boundary connect ssh -target-id=ttcp_wRaMApXz67 -host-id=h_JzIzZSTZhj -- -l ec2-user -i ~/.ssh/id_rsa

or

boundary connect ssh -target-id=ttcp_wRaMApXz67 -host-id=h_JzIzZSTZhj

but I’m getting this message after 1-2 mins:

kex_exchange_identification: Connection closed by remote host
Connection closed by 127.0.0.1 port 52594

Before I get this message I can see an active session for those 1-2 mins:

boundary sessions list -scope-id=p_rzKJdZblQY

Session information:
  ID:                    s_iDjSzrmtgy
    Status:              active
    Created Time:        Tue, 12 Apr 2022 16:26:51 CEST
    Expiration Time:     Wed, 13 Apr 2022 00:26:51 CEST
    Updated Time:        Tue, 12 Apr 2022 16:26:51 CEST
    User ID:             u_KeETXXcOx2
    Target ID:           ttcp_wRaMApXz67
    Authorized Actions:
      no-op
      read
      read:self
      cancel
      cancel:self

I tested SSH connection directly and it’s working:

ssh ec2-user@18.197.157.139                                                                          

       __|  __|_  )
       _|  (     /   Amazon Linux 2 AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-2/
-bash: warning: setlocale: LC_CTYPE: cannot change locale (UTF-8): No such file or directory
[ec2-user@ip-172-31-24-133 ~]$

so how can I connect to this AWS host, please?

Thank you

omkensey · April 12, 2022, 5:31pm

I suspect the worker is trying to proxy to the private IP. Try setting preferred_endpoints on the plugin host set – something like dns:*.compute.amazonaws.com should get it picking the public IP to connect to.

polcikj · April 13, 2022, 8:05am

Thank you very much. It’s working now.