NYPL Digital uses a variety of services provided by AWS, including
- Simple Storage Service [S3] -- used for basic storage of data
- Elastic Container Service [ECS]-- for hosting apps
- Elastic Beanstalk Service [EBS] -- for deploying web services
- CloudWatch -- a logging tool
- A VPN account
- An AWS Identity and Access Management [IAM] account tied to one or more NYPL Digital account IDs, e.g.
nypl
ornypl-dev
, depending on what infrastructure you need to access. See Commonly Used Accounts for a list of Digital account IDs. - A multifactor account associated with each AWS identity you need to access.
- Meet the above requirements.
- Connect to VPN.
- Log into AWS control panel.
Using a terminal to access a Dockerized ECS app is only recommended for Dev and QA instances for the purposes of debugging. Accessing a production instance is risky and should be avoided. If accessing logs on a production service is necessary, consider using AWS Cloudwatch or installing New Relic monitoring.
- A shared key file associated with the AWS account you wish to access, e.g.
dgdvteam.pem
, must be located in the~/.ssh
directory of your local machine. This file can be provided by a colleague or DevOps. - Set permissions on the local file to
600
To interact with an app via SSH you must first access the ECS "cluster" that contains the Docker image. Then you must run bash on the container for that image.
- Log into the AWS control panel.
- Select "Elastic Container Service" from the bar at the top of the dashboard.
- Select the "cluster" you wish to access.
- Click the "Infrastructure" tab.
- Under "Container Instances," click any active instance.
- At the bottom-right of the Container Instance page will be a Private IP number. Copy it.
- In your terminal type
ssh -i ~/.ssh/[your_shared_ssh_key.pem] ec2-user@[private_IP]
- Once logged in, type
docker ps
to get the container ID. Some instances may have multiple containers. Check the name/process to make sure you copy the correct ID. - Type
docker exec -it [container_ID] bash
. - You are now logged into the container and may issue terminal commands to interact with it.