Comments (7)
Guimove
commented on August 29, 2024
mmh I don't see any issue with your code, I think the issue is in the user data script execution.
Are all the scripts created on the server ?
I mean are these script present on the bastion :
- /usr/bin/bastion/sync_users
- /usr/bin/bastion/sync_s3
- /usr/bin/bastion/shell
The crontab of the root user is empty ?
from terraform-aws-bastion.
brunelloriserva
commented on August 29, 2024
The scripts are there, no crontab entry.
…On Mon, Apr 25, 2022, at 12:29 AM, Guillaume wrote:
mmh I don't see any issue with your code, I think the issue is in the user data script execution.
Are all the scripts created on the server ?
I mean are these script present on the bastion :
* /usr/bin/bastion/sync_users
* /usr/bin/bastion/sync_s3
* /usr/bin/bastion/shell
The crontab of the root user is empty ?
—
Reply to this email directly, view it on GitHub <#137 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAZJ4SEWVBVDJ5NFCD7MQYTVGYNQZANCNFSM5UHJYKIA>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
from terraform-aws-bastion.
matloob-smartmimic
commented on August 29, 2024
I am getting the same issue as well, however I see crontab entries present on my bastion box, also files sync_users is also present at /usr/bin/bastion/
[root@ip-10-122-22-79 home]# crontab -l
*/5 * * * * /usr/bin/bastion/sync_users
0 0 * * * yum -y update --security
*/5 * * * * /usr/bin/bastion/sync_s3
@brunelloriserva did you get your problem sorted?
@Guimove - can you please help us with this.
AWS- Looks like on this bastion aws cli version is 1.2x
NOTE- I am not sure, but looks like it does not respond at following script line
aws s3api list-objects --bucket
from terraform-aws-bastion.
kcasas
commented on August 29, 2024
I got the same issue and it has something to do with the s3 bucket name.
I renamed the s3 bucket after the second apply. The s3 bucket was replaced just fine but the scripts inside the ec2 instance was not updated and it still points to the old bucket.
from terraform-aws-bastion.
kcasas
commented on August 29, 2024
@matloob-smartmimic @brunelloriserva I resolved my issue by making sure that the bastion EC2 instance is updated with the latest launch template template version. You can compare the EC2 tag aws:ec2launchtemplate:version with the launch template tag.
TLDR: Triggering instance refresh on EC2 > Auto Scaling Groups > ${bastion ASG} > Instance Refresh resolved my issue. You can also do this using awscli.
@Guimove I guess the fix would be utilizing https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group#instance_refresh.
from terraform-aws-bastion.
josescuderoh
commented on August 29, 2024
I had this problem when I was setting the auto_scaling_group_subnets to private subnets just like @brunelloriserva. The fix was using public subnets for the ASG and triggering an Instance Refresh as indicated by @kcasas
from terraform-aws-bastion.
ruiwei
commented on August 29, 2024
@josescuderoh I'm having the same problem. how do you trigger an Instance Refresh?
from terraform-aws-bastion.
Related Issues (20)
- Failed to connect via ssh due to script not able to open log file HOT 8
- Add IPv6 Support to ingress security groups
- IPv6 Support causes existing module to fail HOT 8
- Permission denied (publickey,gssapi-keyex,gssapi-with-mic) HOT 1
- attach existing security group id HOT 2
- Is the logfile in S3 empty or is it my misconfiguration? HOT 4
- Unable To Set "Instance Metadata Service Version 2" HOT 1
- [BUG] Parameter private_ssh_port not used in aws_lb_target_group HOT 1
- Issue when loging "Cannot open /var/log/bastiont..." HOT 2
- SSH Host-Key Pinning? HOT 2
- Error: error creating S3 bucket ACL "AccessControlListNotSupported" -Recent AWS change causing issues- HOT 3
- Bug - v3.0.3 fails to run HOT 2
- Bug - v3.0.4 Doesn't run when create_elb=false
- Bug - Incompatible with v5.0.0 of terraform-aws-modules/vpc/aws HOT 3
- Bug - v3.0.6 - No ingress rule when no ELB used
- Feature: Add an option to enable MFA to the bastion hosts
- When enable_http_endpoint is set to false user_data are not executed
- user_data.sh assumes AMI is Amazon Linux
- Documentation fix for bastion_host_security_group
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from terraform-aws-bastion.