Agilicus Connector in Private VPC In AWS EC2
You have a Virtual Private Cloud (VPC) in AWS EC2. It has private-only IP addressing. You need to ssh to some hosts within it, or remote desktop, or share some folders, etc. In this example we will show how to install the Agilicus Connector onto a t2.micro instance, with no public IP (and no NAT Gateway), and, use that to reach other instances within the VPC directly. There is no routing, no inbound or outbound connectivity otherwise.
Note: you can also follow these instructions AWS Doc to install a NAT gateway into your VPC, and then install the Agilicus Agent Connector on a single machine within the VPC. This would allow your other VPC components to reach outbound.
In this example we will show a setup where a dual-homed t2.micro
Step 1: Create Private VPC
For this demonstration the private VPC has no NAT gateway, no Internet access. This is an internal only network. You can decide whether it has onwards access to other Amazon services if needed.
Step 3: Create private EC2 Server
For demonstration purposes we create an EC2 server to ssh to.
Step 4: Create dual-homed EC2 instance for Agilicus Connector
This machine will act to straddle the private VPC and the public Internet. It does not route, it does not NAT. No traffic will flow from/to it without going through the Agilicus Identity-Aware Firewall.
OK at this stage we have a VPC with no public IP. We have a private server on it with no public IP. We have a 2nd server, with a public IP, that can reach the devices in the VPC. We will now install the Agilicus Connector to facility onwards ssh.
Now, if we look at the config of the private server, we can see its hostname and IP:
Step 5: Install Agilicus Connector
These instructions are as normal for a Linux host. We create the connector in the web front end, it gives us a command line to run.
We are now given a command line to run. We paste it into the ssh on the Agilicus Gateway server (the one with the public IP):
ubuntu@ip-172-31-13-67:~$ ssh ubuntu@PUBLICIP ubuntu@ip-172-31-13-67:~$ sudo -i root@ip-172-31-13-67:~# which curl && (curl -sL agilicus.com/www/releases/secure-agent/stable/install.sh > /tmp/i.sh) || (wget -O - agilicus.com/www/releases/secure-agent/stable/install.sh > /tmp/i.sh); sh /tmp/i.sh XXXXXXXXXX https://auth.dbt.agilicus.cloud ... https://auth.dbt.agilicus.cloud/auth?client_id=agilicus-builtin-agent-connector&code_challenge=XXXXXXXXXX&code_challenge_method=S256&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&scope=openid+profile+email+offline_access+urn%3Aagilicus%3Aapplication_service%3A%2A%3Aowner%3F+urn%3Aagilicus%3Aapi%3Aapplications%3Areader%3F+urn%3Aagilicus%3Aapi%3Aapplications%3Aowner%3F+urn%3Aagilicus%3Aapi%3Atraffic-tokens%3Aowner&state=1656984427 Enter verification code: XXXXXXXXXXXXXXXXX checking code INFO[2022-07-05T01:27:16Z] Check if the agilicus-agent is already running as a service. If so stop it INFO[2022-07-05T01:27:16Z] Create a directory at /etc/agilicus/agent ... INFO[2022-07-05T01:27:17Z] Start agilicus-agent service INFO[2022-07-05T01:27:18Z] Installation Complete
At this stage we are done, and ready to create an SSH resource in the Agilicus Admin GUI. We do this as normal, first create a network endpoint:
We then add permission:
Now we add a ~/.ssh/config entry:
Host ec2-private-server Port 22 User ec2-user ProxyCommand agilicus-agent wscat --oidc-issuer https://auth.dbt.agilicus.cloud --hostname %h --port %p IdentityFile /home/don/.ssh/don-ec2.pem
At this stage we are done. We can ssh directly there:
$ ssh ec2-user ast login: Tue Jul 5 01:36:47 2022 from ip-172-31-13-67.ca-central-1.compute.internal __| __|_ ) _| ( / Amazon Linux 2 AMI ___|\___|___| https://aws.amazon.com/amazon-linux-2/ [ec2-user@ip-172-31-6-69 ~]$
Return to Product Configuration
- Sample: CNAME With Google Domains
- Sample Application Demonstration
- Sample Hosted Application
- Sample React Application
- Sample LibreNMS Application
- Sample Grafana In Kubernetes
- Agilicus Connector in Private VPC In AWS EC2
- Sample Kafka Messaging From AWS VPC To Private Network
- Sample Ubiquity EdgeRouter-X EdgeMax Web Interface
- Sample Dual-Endpoint Web Application (Dashboard + API)
- Sample: Hosted Icecast
- Sample: Rockwell Studio 5000