Recover ssh access to amazon EC2 instance after ufw firewall activation by accident
There are two solutions to resolve this problem:
- cloud-init-per always fix_broken_ufw_1 sh -xc "/usr/sbin/service ufw stop >> /var/tmp/svc_$INSTANCE_ID 2>&1 || true"
- cloud-init-per always fix_broken_ufw_2 sh -xc "/usr/sbin/ufw disable>> /var/tmp/ufw_$INSTANCE_ID 2>&1 || true"
- Solution 1
- Stop your instance
- Go to User Data (Action > Instance Settings > View/Change User Data)
- Add following line then start instance again
- cloud-init-per always fix_broken_ufw_1 sh -xc "/usr/sbin/service ufw stop >> /var/tmp/svc_$INSTANCE_ID 2>&1 || true"
- cloud-init-per always fix_broken_ufw_2 sh -xc "/usr/sbin/ufw disable>> /var/tmp/ufw_$INSTANCE_ID 2>&1 || true"
- Solution 2
- Stop your instance
- Attach your EBS volume to another instance. if you don't have one, create a micro instance.
- Mount yor EBS volume somewhere ie. /opt/recover
- List item
- Edit {your-ebs-mount}/etc/ufw/ufw.conf and change enabled=yes to enabled=no
- Umount the EBS
- Detach from the temp instance
- Reattach to the original instance. (make sure to attach as root)
- Restart the instance
Log in to Google Compute Engine instance if ssh port is disabled by firewall
One of our developers forgot to add port 22 into allow list of firewall (Ubuntu Ufw). There are 2 way to resolve this problem:
- If you still have user/password of that VM, connect to the VM via Serial Port then login to open ssh port again.
- If you don't have user/password (My case), add a Startup Script to that VM then restart it. Start up script responsible is open port when the VM starts.
Then ... You have your VM back, Cheer!
[GCP] Why I choose Google Cloud Platform over Aws or Azure
My cloud story began with an EC2 instance of Aws Free Tier five years ago, at the first time, it's cool, it's shining, it's cheap without any infrastructure initial cost, it's easy to manage. Then I go deep dive with more components S3, Route 53, Lambda, Load balancing, Redshift to build my first cloud-based system. These days so beautiful !!!
Then my system gets bigger rapidly, it's slow down and stuck with performance issues. I remember that my EC2 instances were really slow in disk IO (40-60 MB/s) and internal network speed.
I asked myself where to go now? Switch to SSD disk? Increase instance size (burn more thousands dollar)? Migrate back to Digital Ocean? Give other cloud providers a try?
The second try with Azure does not bring any light-at-the-end-of-the-tunnel. Very high price, complicated admin dashboard which still shows everything in one page web app, poor document.
Finally, I felt in love with GCP, it's simple, good enough, blazing fast and much cheaper, besides some pros including global fiber network, server-less compute framework, terabyte big data processing, ... It's cut off my 40% cost, increase performance (x2 to x3) on internal services.
Then my system gets bigger rapidly, it's slow down and stuck with performance issues. I remember that my EC2 instances were really slow in disk IO (40-60 MB/s) and internal network speed.
I asked myself where to go now? Switch to SSD disk? Increase instance size (burn more thousands dollar)? Migrate back to Digital Ocean? Give other cloud providers a try?
The second try with Azure does not bring any light-at-the-end-of-the-tunnel. Very high price, complicated admin dashboard which still shows everything in one page web app, poor document.
Finally, I felt in love with GCP, it's simple, good enough, blazing fast and much cheaper, besides some pros including global fiber network, server-less compute framework, terabyte big data processing, ... It's cut off my 40% cost, increase performance (x2 to x3) on internal services.
Disclaimer: From 2016, I am GCP expert qualified by Google.
Subscribe to:
Posts (Atom)