gathering public SSH keys from the AWS System Log and creating custom SSH host entries using Ansible

what is this and why? I work in private VPCs in AWS a lot. I’m testing, debugging, and fidgeting with instances, requiring SSH access. If DNS isn’t configured, I’ve then had to look up IP addresses for instances through the AWS console (or just memorize the IP). After that, there’s the SSH public host key fingerprint. I either blindly accept it or manually look it up. If I terminate and redeploy the instance, there’s a chance I’ll get that SSH WARNING!

personal AWS VPN using OpenVPN

Using Ansible Container, Ansible, and AWS, deploy a personal VPN server, while also creates a specified user, the appropriate OpenVPN configuration file, and saves it to the local user’s desktop. background Having a personal VPN server is immensely useful; we live in a mobile world with plenty of wifi hotspots. With these open access points, security is definitely a large issue. There are VPN services available, but it is often desirable to manage our own service.

securely gathering SSH public keys from the AWS System Log

A spin off from Ansible SSH bastion host for dynamic infrastructure in AWS, this post documents how to gather EC2 instance SSH public key from the AWS System Log. background For a while I was stumped at how to deal with AWS, AMIs and SSH fingerprints/public keys. Initially, it was through pre-baked AMIs. But what if pre-baking AMIs isn’t realistic? Or the AMIs are baked without SSH host keys generated and aren’t known?

using a bastion host to access a private VPC in AWS

Using Ansible to manage internal VPC private instances without using VPNs, by deploying a SSH proxy bastion host. background When dealing with a web stack or AWS infrastructure, how are private instances that do NOT need a public IP address managed? It’s not an extremely difficult question. In many cases VPNs are used for this purpose. But what if a VPN isn’t needed? It’s arguably overkill and it can introduce a lot of overhead, creating multiple site-to-site VPNs and linking various regions together.