SSH in to EB instance launched in VPC with NAT Gateway

Question

I have Launched an Elastic Beanstalk application in a VPC with Amazon RDS (postgresql) using NAT Gateway (because I want to route my application traffic through a fix public ip address) following these instructions:

http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/vpc-rds.html

How can I ssh into the instance from my local system ?
eb ssh is showing following error however my instance is available and not terminating.

ERROR: This instance does not have a Public IP address. This is possibly because the instance is terminating.

How can I login to the postgresql client ?
Following command is not prompting anything:

psql --host= --port=5432 --username= --password --dbname=ebdb

I know they are in private subnet so can't be accessed from public network but I want to know the possibility of that. Please help !

Answer 1

If you use VPN, you can also modify sshops.py to use the private DNS name. Varies by OS and version, but mine is located here:

~/Library/Python/2.7/lib/python/site-packages/ebcli/operations/sshops.py

Search for PublicIpAddress (mine is on line 88), and change it to read:

ip = instance['PrivateDnsName'] #was PublicIpAddress

It's too bad that the EB CLI isn't on Github...otherwise I'd contribute a way to do this via a parameter.

I also added a convenient alias for this:

alias appname='eb init appname;eb ssh --region=us-east-1 appname -n'

This allows running appname 1 or appname n, where n is the number of hosts in your cluster.

Answer 2

You will have to have a server with a public IP (in a public VPC subnet) that you can connect to from outside your VPC. I recommend setting up a t2.nano server as a bastion host.