SSH into worker instance

There are some cases when SSH-ing into an AWS Cortex instance may be necessary.

This can be done via the AWS web UI or via the terminal. The first 5 steps are identical for both approaches.

Step 1

From the AWS EC2 dashboard, locate the instance you would like to connect to (it will start with something like cortex-ng-cortex-worker). Then in the "Security groups" section in the "Description", locate the group that is named something like eksctl-cortex-cluster-ClusterSharedNodeSecurityGroup-*** and click on it.

step 1

Step 2

On the Security Groups page, locate the same security group again and click on its ID.

step 2

Step 3

Click "Edit inbound rules".

step 3

Step 4

Click "Add rule".

step 4

Step 5

Select "SSH" for "Type" and "Anywhere" for "Source", and click "Save rules" (if you would like to have narrower access, this Stack Overflow answer describes how).

step 5

Web Console

Step 6 - Web Console

Back on the AWS EC2 dashboard, select the worker instance again and click "Connect".

step 6

Step 7 - Web Console

Select "EC2 Instance Connect (browser-based SSH connection)" and click "Connect".

step 7

Step 8 - Web Console

You should be SSH'd in!

step 8

Note: some browsers may not be compatible with the AWS EC2 Instance Connect window and may throw a timeout. It is therefore recommended to switch to Google Chrome if it doesn't work.

Terminal

Step 6 - Terminal

Take note of the "Instance ID", "Availability Zone", and "Public DNS (IPv4)" for your worker instance.

step 6

Step 7 - Terminal

Generate a new RSA key pair. OpenSSH and SSH2 are supported with 2048 and 4096 bit lengths.

ssh-keygen -t rsa -f my_rsa_key

Step 8 - Terminal

Provide the public key to the worker instance with aws ec2-instance-connect send-ssh-public-key command. The key is removed from the instance metadata within a 60 second timeframe. The public key can be reused any number of times.

aws ec2-instance-connect send-ssh-public-key \
--instance-id <Instance ID> \
--availability-zone <Availability Zone> \
--instance-os-user root \
--ssh-public-key file://my_rsa_key.pub && \
ssh -i my_rsa_key <Public DNS (IPv4)>