forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
cloudform_elb_ssh_proxy.html.md.erb
53 lines (31 loc) · 2.66 KB
/
cloudform_elb_ssh_proxy.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
---
title: Creating a Proxy ELB for Diego SSH without CloudFormation
owner: Diego
---
<strong><%= modified_date %></strong>
If you want to allow SSH connections to application containers, you may want to use an Elastic Load Balancer (ELB) as the SSH proxy.
Users who deploy a [Pivotal Cloud Foundry®](https://network.pivotal.io/products/pivotal-cf) (PCF) 1.6+ installation on Amazon Web Services (AWS) using the CloudFormation template will automatically have this ELB created for them. However, if you are not using the CloudFormation template, or you are upgrading from an earlier version of PCF, perform the following steps to create this ELB in AWS manually:
1. On the EC2 Dashboard, click **Load Balancers**.
1. Click **Create Load Balancer**, and configure a load balancer with the following information:
<%= image_tag("aws/aws_ssh_elb_step1.png") %>
* Enter a load balancer name.
* **Create LB Inside**: Select the pcf-vpc VPC where your PCF installation lives.
* Ensure that the **Create an internal load balancer** checkbox is not selected.
1. Under **Load Balancer Protocol**, ensure that this ELB is listening on TCP port 2222 and forwarding to TCP port 2222.
1. Under **Select Subnets**, select the public subnet.
1. On the **Assign Security Groups** page, create a new Security Group. This Security Group should allow inbound traffic on TCP port 2222.
<%= image_tag("aws/aws_ssh_elb_securitygroup.png") %>
1. The **Configure Security Settings** page displays a security warning because your load balancer is not using a secure listener. You can ignore this warning.
<%= image_tag("aws/aws_ssh_elb_security_warning.png") %>
1. Click **Next: Configure Health Check**.
<%= image_tag("aws/aws_ssh_elb_healthcheck.png") %>
1. Select **TCP in Ping Protocol** on the **Configure Health Check** page. Ensure that the **Ping Port** value is 2222 and set the **Health Check Interval** to 30 seconds.
1. Click **Next: Add EC2 Instances**.
1. Accept the defaults on the **Add EC2 Instances** page and click **Next: Add Tags**.
1. Accept the defaults on the **Add Tags** page and click **Review and Create**.
1. Review and confirm the load balancer details, and click **Create**.
1. With your DNS service (for example, Amazon Route 53), create an <code>ssh.system.YOUR-SYSTEM-DOMAIN</code> DNS record that points to this ELB that you just created.
<%= image_tag("aws/aws_ssh_elb_domain.png") %>
1. You can now use this ELB to the SSH Proxy of your Elastic Runtime installation.
2. In Elastic Runtime, select **Resource Config**, and enter the ELB that you just created in the **Diego Brain** row, under the ELB Names column.
<%= image_tag("aws/aws_ssh_er_diego_brain_config.png") %>