Enterprise Onion Toolkit

When EOTK instances are deployed for a group, the following main AWS resources are created:

• An EC2 instance in us-east-2

• An EC2 instance in eu-central-1

• A S3 bucket to hold nginx access logs

The EC2 instances are running Ubuntu 20.04 LTS and are configured with ssm-agent and unattended-upgrades.

EOTK is automatically cloned at instance creation time from Alec Muffet’s GitHub repository to /home/ubuntu/eotk. The script to automatically build and install all dependencies is also executed at the instance creation time.

For full details on the instance configuration, refer to the cloud-init user data.

Logging in to an instance

Via the console

Using the AWS console, visit the Session Manager in the Systems Manager service. If using SSO, login before attempting to open the link.

Click “Start Session” to start a new session.

Select the instance from the list, and click “Start Session” again. Remember that the second instance will be found in the eu-central-1 region.

Use the following commands to get into the EOTK directory as the correct user:

sudo -u ubuntu bash
cd /home/ubuntu/eotk

Via the command line

Begin by discovering the instance ID:

AWS_REGION=us-east-2 aws ec2 describe-instances

Start an SSM session:

AWS_REGION=us-east-2 aws ssm start-session --target i-083da3fcf840c4797

To login with SSH via SSM, add the following to your ~/.ssh/config:

Note

No user SSH public keys are provisioned to the instance. You will need to add the public key you plan to use to the correct user’s authorized_keys file using a plain SSM session before attempting to use SSH.

Host i-* mi-*
     ProxyCommand sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"

You can then login with SSH, but be sure to include environment variables for your AWS region:

AWS_REGION=us-east-2 ssh ubuntu@i-083da3fcf840c4797

This will also work for scp, rsync, etc.

Configuring EOTK

Refer to the EOTK documentation.