Accessing both environments

There are various ways in which users/developers access the cloud provider environments, most of the time, a developer accesses a server via a webpage or through a terminal (CLI). Terminal access via ssh needs configuration as direct server access is blocked and only accessible via a bastion(jumpbox). This configuration should have been one of the first things a developer would have set up in their first week on the job

Complications

So having 2 environments on both Azure and AWS is not a major problem, the complication lies in the addresses we’ve assigned them to reduce the migration work. We use those addresses to connect to the servers but we assigned the same addresses to different servers

To connect to servers in the AWS infrastructure, we would need to make changes to the ssh configuration so that traffic can be routed via the AWS Bastion

This includes adding a new host and updating existing hosts to proxy traffic through it.

The following is the new configuration

Host hee-build-azure
    Hostname 52.166.140.118
    #Hostname jump.tis.nhs.uk
    port 9264
    User bastion
    ForwardAgent yes
    PubKeyAuthentication yes
    IdentityFile ~/.ssh/id_rsa
    LocalForward 1433 10.3.2.14:1433
    LocalForward 1434 10.3.2.15:1433
    LocalForward 1435 10.3.2.10:1433
Host hee-build-aws
    Hostname 18.133.20.74
    #Hostname aws.jump.tis.nhs.uk
    port 22
    User bastion
    ForwardAgent yes
    PubKeyAuthentication yes
    IdentityFile ~/.ssh/id_rsa
    LocalForward 1433 10.3.2.14:1433
    LocalForward 1434 10.3.2.15:1433
    LocalForward 1435 10.3.2.10:1433
Host 10.140.0.*
    User heetis
    #ProxyCommand ssh hee-build-aws nc %h %p
    ProxyCommand ssh hee-build-azure nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no
Host 10.150.0.*
    User heetis
    #ProxyCommand ssh hee-build-aws nc %h %p
    ProxyCommand ssh hee-build-azure nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no
Host 10.150.0.141
    User heetis
    #ProxyCommand ssh hee-build-aws nc %h %p
    ProxyCommand ssh hee-build-azure nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no
    LocalForward 9200 localhost:9200
Host 10.160.0.*
    User heetis
    #ProxyCommand ssh hee-build-aws nc %h %p
    ProxyCommand ssh hee-build-azure nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no
    IdentityFile ~/.ssh/id_rsa_aws
Host 10.170.0.*
    User heetis
    #ProxyCommand ssh hee-build-aws nc %h %p
    ProxyCommand ssh hee-build-azure nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no
Host 10.99.0.*
    User bastion
    #ProxyCommand ssh hee-build-aws nc %h %p
    ProxyCommand ssh hee-build-azure nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no
Host 10.200.0.*
    User heetis
    #ProxyCommand ssh hee-build-aws nc %h %p
    ProxyCommand ssh hee-build-azure nc %h %p
    ForwardAgent yes
    StrictHostKeyChecking no

Note the new Host “hee-build-aws” and the commented out proxy command for each host pointing to aws.

To connect to the aws servers like you did with azure, just uncomment the #ProxyCommand ssh hee-build-aws nc %h %p lines and comment out the ProxyCommand ssh hee-build-azure nc %h %p lines. You should now be able to connect to the AWS servers like you did with Azure

Easy switching

If you want to easily switch environment config’s then you can add these alias’ to you bashrc or whatever shell rc file you have and execute using the commands switchToAws or switchToAzure

Mac OS x

# switch ssh env
alias switchToAws="sed -i '' 's/ #ProxyCommand ssh hee-build-aws/ ProxyCommand ssh hee-build-aws/g' ~/.ssh/config && sed -i '' 's/ ProxyCommand ssh hee-build-azure/ #ProxyCommand ssh hee-build-azure/g' ~/.ssh/config"
alias switchToAzure="sed -i '' 's/ ProxyCommand ssh hee-build-aws/ #ProxyCommand ssh hee-build-aws/g' ~/.ssh/config && sed -i '' 's/ #ProxyCommand ssh hee-build-azure/ ProxyCommand ssh hee-build-azure/g' ~/.ssh/config"

Ubuntu

(not yet tested)

# switch ssh env
alias switchToAws="sed -i 's/ #ProxyCommand ssh hee-build-aws/ ProxyCommand ssh hee-build-aws/g' ~/.ssh/config && sed -i 's/ ProxyCommand ssh hee-build-azure/ #ProxyCommand ssh hee-build-azure/g' ~/.ssh/config"
alias switchToAzure="sed -i 's/ ProxyCommand ssh hee-build-aws/ #ProxyCommand ssh hee-build-aws/g' ~/.ssh/config && sed -i 's/ #ProxyCommand ssh hee-build-azure/ ProxyCommand ssh hee-build-azure/g' ~/.ssh/config"

Windows

Sorry

Security Groups

At the moment, AWS has been locked down and you’ll need your external IP address registered in the security group before the above works.