KodKloud Engineer: Level 2 Cloud (AWS) Task 4

Cloud AWS
,
#1

Hi everyone, I am not able to complete a task and support told me that “Cloud tasks cannot be reviewed in KodKloud Engineer”. That is why I am posting my question here. I will appreciate your help.

Task question:
The Nautilus DevOps team needs to set up a new EC2 instance that can be accessed securely from their landing host (aws-client ). The instance should be of type t2.micro and named xfusion-ec2 . A new SSH key should be created on the aws-client host if it doesn’t already exist. This key should then be added to the authorized keys of the root user on the EC2 instance, allowing password-less SSH access from the aws-client host.
Create the resources only in us-east-1 region

My Answer:
name=‘xfusion-ec2’

aws ec2 create-key-pair --key-name $name-key --query KeyMaterial --output text | tee $name.pem

chmod 400 $name.pem

instance_id=$(aws ec2 run-instances --instance-type t2.micro --key-name $name-key --image-id ami-00b8917ae86a424c9 --query Instances[0].InstanceId --output text) && echo $instance_id

aws ec2 create-tags --tags Key=Name,Value=$name --resources $instance_id

security_group=$(aws ec2 describe-instances --filters Name=tag:Name,Values=$name --query Reservations[].Instances[].SecurityGroups[*].GroupId --output text) && echo $security_group

aws ec2 authorize-security-group-ingress --protocol tcp --port 22 --cidr 0.0.0.0/0 --group-id $security_group

ssh -o StrictHostKeyChecking=no -i $name.pem ec2-user@$(aws ec2 describe-instances --filters Name=tag:Name,Values=$name --query Reservations[].Instances[].PublicIpAddress --output text) – sudo cp /home/ec2-user/.ssh/authorized_keys /root/.ssh/authorized_keys

ssh -i $name.pem root@$(aws ec2 describe-instances --filters Name=tag:Name,Values=$name --query Reservations[].Instances[].PublicIpAddress --output text)

Review Error
SSH access is not configured correctly for instance xfusion-ec2

Discussion
Even though after my answer I am able to ssh using root user to the newly created instance, I still get “SSH access is not configured correctly for instance xfusion-ec2”.

Note: I am enabling ssh using 0.0.0.0/0 cidr in Security Group because the aws-client (machine that I am working on) is a docker container (it has /.dockerenv file) and I am not able to find it’s public IP

#2

Create ssh key pair using ssh-keygen command with default name. If you create a key pair with custom name, you would have to pass that as an argument during ssh(if it’s not configured in config file).

I suppose the validation passes only if ssh root@<instance-public-ip> is successful. It doesn’t pass the -i argument.

1 Like
#3

You were absolutely right sir, thank you very much.

For reference these commands worked:
name=‘devops-ec2’

ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa -N “”

aws ec2 import-key-pair --key-name “$name-key” --public-key-material fileb://~/.ssh/id_rsa.pub

instance_id=$(aws ec2 run-instances --instance-type t2.micro --key-name $name-key --image-id ami-00b8917ae86a424c9 --query Instances[0].InstanceId --output text) && echo $instance_id

aws ec2 create-tags --tags Key=Name,Value=$name --resources $instance_id

security_group=$(aws ec2 describe-instances --filters Name=tag:Name,Values=$name --query Reservations[].Instances[].SecurityGroups[*].GroupId --output text) && echo $security_group

aws ec2 authorize-security-group-ingress --protocol tcp --port 22 --cidr 0.0.0.0/0 --group-id $security_group

ssh root@$(aws ec2 describe-instances --filters Name=tag:Name,Values=$name --query Reservations[].Instances[].PublicIpAddress --output text)

#4

You are welcome… and I’m no sir :sweat_smile: