通过堡垒服务器在私有IP上使用boto SSH到EC2实例 [英] SSH to EC2 instance using boto on private IP through bastion server

问题描述

我正在尝试使用boto在EC2实例上执行一些bash脚本. Boto提供了一种通过SSH到公共IP上的EC2实例的方法，但在我的情况下，这些实例只有私有IP.在这些实例上执行SSH的方式是使用主机，该主机可以使用专用IP(堡垒主机)在所有实例上进行SSH. 以下是用于连接到公共IP上的实例的脚本:

I am trying to execute some bash script on EC2 instance using boto. Boto provides a way SSH to EC2 instance on public IP but in my case the instances have only private IP. The way SSH is done on these instance is using a host which can SSH on all the instance using private IP (Bastion host). Following is the script to connect to instance on public IP:

s3_client = boto3.client('s3')
s3_client.download_file('mybucket','key/mykey.pem', '/tmp/mykey.pem')
k = paramiko.RSAKey.from_private_key_file("/tmp/mykey.pem")
c = paramiko.SSHClient()
c.set_missing_host_key_policy(paramiko.AutoAddPolicy())
host=event
print "Connecting to " + host
c.connect( hostname = host, username = "ec2-user", pkey = k )

如果我们要通过具有公共IP P.P.P.P的堡垒主机进行连接，如果host具有私有IP而不是公共密钥，那么如何连接到实例

How to connect to instances if host have private IP instead of public key if we want to connect through bastion host with public IP P.P.P.P

推荐答案

如果您的要求是触发在Amazon EC2实例上执行某些代码，那么最好使用

If your requirement is to trigger execution of some code on an Amazon EC2 instance, then it would be better to use the Amazon EC2 Run Command rather than try to automate an SSH connection.

Amazon EC2运行命令提供了一种自动化常见管理任务的简单方法，例如在Linux上执行Shell脚本和命令，在Windows上运行PowerShell命令，安装软件或补丁程序等等. Amazon EC2 Run Command允许您在多个实例之间执行这些命令，并提供结果的可见性，从而可以轻松管理实例之间的配置更改.

Amazon EC2 Run Command provides a simple way of automating common administrative tasks like executing Shell scripts and commands on Linux, running PowerShell commands on Windows, installing software or patches, and more. Amazon EC2 Run Command allows you to execute these commands across multiple instances and provides visibility into the results, making it easy to manage configuration change across fleets of instances.

您的实例将需要安装Amazon EC2 Systems Manager(SSM)代理.请参阅:安装SSM代理商

Your instances would need the Amazon EC2 Systems Manager (SSM) agent installed. See: Installing SSM Agent

然后，您将在Amazon EC2实例上运行命令从管理控制台， AWS命令行界面(CLI)或通过API打电话.

You would then run commands on Amazon EC2 instances from the management console, AWS Command-Line Interface (CLI) or via an API call.

send命令不接受标签作为输入.但是，您可以先执行list-instances命令以通过标签搜索实例，然后将instance-ids传递给send命令.请参阅: AWS CLI send-command

The send command does not accept tags as input. However, you could first perform a list-instances command to search for instances by tag, then pass the instance-ids to the send command. See: AWS CLI send-command

这篇关于通过堡垒服务器在私有IP上使用boto SSH到EC2实例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！