Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

It’s possible to connect to your database using a publically available bastion as a jump host. Use an EC2 instance deployed in a public subnet with inbound rules from our Pisaas IPv4 address 54.216.240.181 (you can find this IP address from the table above.) and outbound rules to your database. The port for this should be 22. Set the inbound on the database to accept connections from the bastion host security group. The port allocation between the bastion and the database should match that of your database.

...

  • Sign into your AWS account.

  • Create an EC2 instance (a micro instance is ok for this purpose)

  • Specify appropriate security groups or create a security group for the bastion host.

  • Create an inbound rule on your bastion security group that opens port 22 to the IP address given by Panintelligence (found in the table above).

  • Create an inbound rule on your bastion security group that opens port 22 to your IP address.

  • Create an outbound rule on your bastion security group that opens your database port (5432 for Postgres) to your database security group.

  • Create an inbound rule on your database security group that opens your database port (5432 for Postgres) from your new bastion security group.

  • log into your new Bastion host

  • create a new user sudo useradd panintelligence

  • switch to your new user sudo su - panintelligence

  • create the ~/.ssh directory if it does not exist mkdir ~/.ssh

  • change the permissions of this new directory chmod 700 ~/.ssh

  • create a file called authorized_keys in the ~/.ssh directory `touch ~/.ssh/authorized_keys

  • change the permissions of this new file chmod 600 ~/.ssh/authorized_keys

  • edit the authorized_keys file and copy the contents of the panintelligence public key

...