SSH Into AWS Elastic Beanstalk Instances

Your Beanstalk app runs on one or more EC2 instances managed by AWS behind the scenes. Occasionally, you’ll need to SSH into those instances, either to troubleshoot an issue or to set something up that couldn’t be done from the Beanstalk console. If you’ve ever SSHed into a normal EC2 instance, you know you need a private key in order to SSH. But in this case, since Beanstalk launched the instances for you, you never got a private key! Then how do you go about this?

Before you can access your Elastic Beanstalk–provisioned Amazon EC2 instances, you must create an Amazon EC2 key pair and configure your Elastic Beanstalk–provisioned Amazon EC2 instances to use the Amazon EC2 key pair.

Listing and connecting to server instances — Beanstalk documentation

First, find the instances’ security group & allow inbound SSh traffic at port 22 in it:

Then, edit the environment’s security settings & assign a key pair to the instances:

After the instance reboots, find its IP / DNS name & SSH to it:

Instances’ termination protection must be OFF because Beanstalk will recreate them with the key. For any other issues, see the Events tab in Beanstalk.

Default SSH usernames differ by system — Linux: ec2-user; RHEL: root, ec2-user; Ubuntu: ubuntu; SUSE: root.

Beanstalk CLI

Beanstalk CLI v3 supports direct SSH into the instances. Just run:

eb ssh your-environment-name

Install EB CLI on Mac using brew install awsebcli. Also, eb ssh --force will force open port 22 to 0.0.0.0/0 & keep it open till you exit.

If you have not previously configured SSH, you can use the EB CLI to create a key when running eb init. If you have already run eb init, run it again with the –interactive option and select Yes and Create New Key Pair when prompted to set up SSH. Keys created during this process will be stored in the proper folder by the EB CLI.

eb ssh — Beanstalk documentation

If you created your infrastructure using CloudFormation / Terraform, you can specify the SSH keys right there. For example, here’s the Terraform config:

resource "aws_elastic_beanstalk_environment" "my-beanstalk-env" {
   setting {
      namespace = "aws:autoscaling:launchconfiguration"
      name      = "EC2KeyName"
      value     = "${aws_key_pair.my-ssh-key.key_name}"
   }
}

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.