====== Dig Portal Connection Guide ====== Author: David McGee ===== Connecting Via Putty ===== In order to connect to the Dig Portal instances with PuTTY, you need to have access to the dig portal private key (digportal.ppk) in dropbox. It can be found in “Errigal Shared Document/Amazon EC2/prod keys”. We need this key in order to SSH into the dig portal instances. Start up PuTTY and input the desired Dig Portal’s IP Address. You can find this in the hosts file of your computer, which is found under “C:\Windows\System32\drivers\etc”. Your screen should resemble the following: {{ :support:dig_portal:1.png?nolink |}} In the above example, I have used the IP address of Dig Portal 1a. I could have also entered “digportal1a” in the “Host Name (or IP address)” text box, as this should be a listed host in your hosts file. Next, we are going to use the digportal.ppk file to connect to the instance. We need to use the “Auth” for this, found under “Coonection/SSH”. Then, click on “browse” to select the digportal .ppk file. See below for an example of this: {{ :support:dig_portal:2.png?nolink |}} Next, we click on “Open”. We should see a command window open, prompting us for a username. The login details are in the password safe. Enter “Ubuntu” as your username and enter the password: {{ :support:dig_portal:3.png?nolink |}} You are now logged in to a Dig Portal instance! ==== Connecting to RDS via Dig Portal Instances ==== At the moment, we have connected to the Dig Portals Amazon instances. We must now either use the rds.txt file to find the necessary link to the RDS, or find the link in the AWS console. After logging in, the “rds.txt” file should be in the directory you begin in: {{ :support:dig_portal:image_1_.png?nolink |}} Use the command “vi rds.txt” in order to use Vim to view the files contents. It should show you the text “mysql -u developer -p -h”, followed by the link to the RDS itself. What the prefix to the password does, is set up a remote MySQL connection with the user account “developer”. After this, all you really need to do is enter the command retrieved from the file and enter the relevant password found in Password Safe. The following is an example of what your screen should look like once you have logged in. The command itself has been omitted for security’s sake: {{ :support:dig_portal:image_2_.png?nolink |}} ===== Connecting Outside of the Office VPN ===== In order to connect from outside our office VPN’s, we need to alter the security groups of our instances. A security group is kind of similar to how black lists and white lists work with regards to networking. There are outbound rules (For traffic that is leaving the server) and inbound rules (For traffic entering the server. In other words, you, at least initially.). Essentially, we can decide on what type of traffic is allowed (TCP, SSH, RDP) and where it is allowed to come from/go to (A specific IP address, a range of IP addresses, all IP addresses). In our case, we only use inbound rules, so do not need to worry about outbound rules. To begin, we need to log into our AWS account. You should be looking at the following screen: {{ :support:dig_portal:image_3_.png?nolink |}} If you’re being asked for an account, then you’re at the wrong screen and should click the link below the login button, which should bring you to the screen pictured above in this document. After logging in, you should see the following screen. Click on the “EC2” link: {{ :support:dig_portal:image_4_.png?nolink |}} You should then be directed to: {{ :support:dig_portal:image_5_.png?nolink |}} Where you should click on “Security Groups”, which will bring you to a list of the security groups: {{ :support:dig_portal:image_6_.png?nolink |}} From here, you can select a security group by clicking on the grey box on the left-hand side of the security groups row. Tabs named “Description”, “Inbound” and “Tags” should appear. Clicking on “Inbound” should show you all the traffic that a security group will allow. If you need to access the instances from home, you’ll have to edit the Security Group with the name “Dig Portal”. You need to allow your current IP address under the inbound rules, then save it. Once you’ve done that, you should be able to access the instances. Once you are done with whatever you needed to do with the instances, please remove your IP address from the inbound rules. ===== Additional Info ===== For additional information on EC2 instances, please see the “Starting and stopping EC2 Instances” document in Google Drive. Amazon files (Keys, etc) can be found in dropbox under “Errigal Shared Document/Amazon”. A guide on Amazon’s VPC’s can be found in dropbox under “Errigal Shared Document/Amazon (EC2)”