How Do I Enable SSH Access to Instances Within a Private Network?

Introduction

This guide provides a step-by-step approach to enabling SSH access to instances within a private network on AWS using Pulumi. By following this guide, you will learn how to create an AWS Virtual Private Cloud (VPC) with a private subnet, launch an EC2 instance within that subnet, and configure security settings to allow SSH access to the instance.

Step-by-Step Process

Create a VPC: Start by creating a new VPC with a specified CIDR block to define the network range.
Create a Subnet: Within the VPC, create a subnet that will host your EC2 instance. This subnet will be part of the VPC’s IP address range.
Set Up an Internet Gateway: An Internet Gateway is necessary for the VPC to communicate with the internet. Create and attach an Internet Gateway to the VPC.
Configure Route Table: Create a route table for the subnet and add a route to allow outbound internet access through the Internet Gateway.
Associate Route Table with Subnet: Link the route table to the subnet to ensure that traffic can flow through the Internet Gateway.
Create a Security Group: Define a security group to allow SSH access on port 22. This security group will control inbound and outbound traffic to the EC2 instance.
Launch an EC2 Instance: Deploy an EC2 instance within the subnet, associating it with the SSH security group. Specify the instance type, AMI, subnet, and key pair for SSH access.
Export Instance Details: Finally, export the instance’s public IP address and DNS for easy access.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create a new VPC
const vpc = new aws.ec2.Vpc("my-vpc", {
    cidrBlock: "10.0.0.0/16",
});

// Create a subnet within the VPC
const subnet = new aws.ec2.Subnet("my-subnet", {
    vpcId: vpc.id,
    cidrBlock: "10.0.1.0/24",
});

// Create an Internet Gateway for the VPC
const igw = new aws.ec2.InternetGateway("my-igw", {
    vpcId: vpc.id,
});

// Create a route table for the subnet
const routeTable = new aws.ec2.RouteTable("my-route-table", {
    vpcId: vpc.id,
    routes: [
        {
            cidrBlock: "0.0.0.0/0",
            gatewayId: igw.id,
        },
    ],
});

// Associate the route table with the subnet
new aws.ec2.RouteTableAssociation("my-route-table-association", {
    subnetId: subnet.id,
    routeTableId: routeTable.id,
});

// Create a security group to allow SSH access
const sshSecurityGroup = new aws.ec2.SecurityGroup("ssh-security-group", {
    vpcId: vpc.id,
    ingress: [
        {
            protocol: "tcp",
            fromPort: 22,
            toPort: 22,
            cidrBlocks: ["0.0.0.0/0"], // Allowing SSH access from anywhere (for demonstration purposes)
        },
    ],
    egress: [
        {
            protocol: "-1",
            fromPort: 0,
            toPort: 0,
            cidrBlocks: ["0.0.0.0/0"],
        },
    ],
});

// Launch an EC2 instance within the subnet
const instance = new aws.ec2.Instance("my-instance", {
    instanceType: "t2.micro",
    ami: "ami-0c55b159cbfafe1f0", // Amazon Linux 2 AMI for demonstration purposes
    subnetId: subnet.id,
    vpcSecurityGroupIds: [sshSecurityGroup.id],
    keyName: "my-key-pair", // Ensure you have created this key pair in your AWS account
});

// Export the instance's public IP address
export const publicIp = instance.publicIp;
export const publicDns = instance.publicDns;

Summary

In this guide, you learned how to set up a VPC with a private subnet on AWS using Pulumi. You created a security group to permit SSH access and launched an EC2 instance within this secure environment. This configuration enables you to securely manage your instances via SSH while maintaining control over network access.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.