Configure Security Group
- In the AWS console, open the EC2 tab.
- Select the relevant region and click on Security Group.
- You should have an
elasticbeanstalk-defaultsecurity group if you have launched an Elastic Beanstalk instance in that region.
- Edit the security group to add a rule for SSH access. The below will lock it down to only allow ingress from a specific IP address.
SSH | tcp | 22 | 22 | 192.168.1.1/32
Configure the environment of your Elastic Beanstalk Application
- If you haven’t made a key pair yet, make one by clicking Key Pairs below Security Group in the ec2 tab.
- In the AWS console, open the Elastic Beanstalk tab.
- Select the relevant region.
- Environment Details | Edit Configuration | Instances
- Under “EC2 key pair:”, select the name of your keypair in the
Existing Key Pairfield.
Once the instance has relaunched, you need to get the host name from the AWS Console EC2 instances tab, or via the API. You should then be able to ssh onto the server.
$ ssh -i path/to/keypair.pub email@example.com
Note: For adding a keypair to the environment configuration, the instances’ termination protection must be off as Beanstalk would try to terminate the current instances and start new instances with the KeyPair.
.pem are too open
you might get ‘WARNING: UNPROTECTED PRIVATE KEY FILE!’
what you need to do is to
chmod 0400 keyPairFile
Note: If something is not working, check the “Events” tab in the Beanstalk application / environments and find out what went wrong.
access the tomcat log
you might get access denied when trying to access the tomcat directory because the ec2-user is not in tomcat group.
Instead of trying to access the logs as root user, it may be simpler to change the permissions on the server to grant access to the ec2-user. This can usually be done with the commands
chmod, but the exact steps depend on the way your server is set up. If you need help to do that, you can post the output of the following commands and I’ll try to help:
sudo ls -ld /var/log/tomcat7 id
Edit: Ok based on your output bellow, what you could do is change the group of the log directory to tomcat (instead of root) and then add the ec2-user to the tomcat group:
sudo chown -R tomcat:tomcat /var/log/tomcat7 sudo usermod -G ec2-user,wheel,tomcat ec2-user
Then you must log out and log back in for the new group membership to apply.