ssh to the ec2 instance(beanstalk)

Configure Security Group

  1. In the AWS console, open the EC2 tab.
  2. Select the relevant region and click on Security Group.
  3. You should have an elasticbeanstalk-default security group if you have launched an Elastic Beanstalk instance in that region.
  4. Edit the security group to add a rule for SSH access. The below will lock it down to only allow ingress from a specific IP address.
    SSH | tcp | 22 | 22 |

Configure the environment of your Elastic Beanstalk Application

  1. If you haven’t made a key pair yet, make one by clicking Key Pairs below Security Group in the ec2 tab.
  2. In the AWS console, open the Elastic Beanstalk tab.
  3. Select the relevant region.
  4. Environment Details | Edit Configuration | Instances
  5. Under “EC2 key pair:”, select the name of your keypair in the Existing Key Pair field.

Once the instance has relaunched, you need to get the host name from the AWS Console EC2 instances tab, or via the API. You should then be able to ssh onto the server.

$ ssh -i path/to/

Note: For adding a keypair to the environment configuration, the instances’ termination protection must be off as Beanstalk would try to terminate the current instances and start new instances with the KeyPair.

.pem are too open


what you need to do is to

chmod 0400 keyPairFile

Note: If something is not working, check the “Events” tab in the Beanstalk application / environments and find out what went wrong.

access the tomcat log

you might get access denied when trying to access the tomcat directory because the ec2-user is not in tomcat group.

Instead of trying to access the logs as root user, it may be simpler to change the permissions on the server to grant access to the ec2-user. This can usually be done with the commands chown and chmod, but the exact steps depend on the way your server is set up. If you need help to do that, you can post the output of the following commands and I’ll try to help:

sudo ls -ld /var/log/tomcat7

Edit: Ok based on your output bellow, what you could do is change the group of the log directory to tomcat (instead of root) and then add the ec2-user to the tomcat group:

sudo chown -R tomcat:tomcat /var/log/tomcat7
sudo usermod -G ec2-user,wheel,tomcat ec2-user

Then you must log out and log back in for the new group membership to apply.

Reference here, here

One Comment Add yours

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s