managng ips demo added

Author: Jaime Salas Zancada

04-cloud/aws/06-configuring-security-groups/diagrams.drawio

@@ -1 +1,105 @@
-> TODO: Create EIP demo
+# Demo
+
+We start from previously demo, where we have two instances running. The internal instance is only reachable from bastion instance. The problem that we face now is that our bastion instance is not associated with an elastic IP, so whenever we stop/run the instance the public IP will be revaluated and our connection setting throw away.
+
+## Searching for instance
+
+To assign an EIP, we need to know, the instance network interface unique identifier that we want to use. In our case the instance is the `bastion` one. So let's go ahead and try to solve this from AWS CLI. First let's grab all instance on london region:
+
+```bash
+aws ec2 describe-instances --region eu-west-2
+```
+
+We notice that we have a dedicated entry for network interface, inside the instance. The instance that we're interested on is just the `bastion` one so let's try to filter and grab only this one:
+
+```bash
+aws ec2 describe-instances \
+ --filters "Name=tag:Name,Values=bastion-server" \
+ --region eu-west-2
+```
+
+Now the response only comes with one instance. Now we need to get from overall response the network interface id:
+
+```bash
+aws ec2 describe-instances \
+ --filters "Name=tag:Name,Values=bastion-server" \
+ --region eu-west-2 | jq -r '.Reservations[0].Instances[0].NetworkInterfaces[0]."NetworkInterfaceId"'
+```
+
+We're going to need this value, so let's dump it into a variable:
+
+```bash
+ENI=$(aws ec2 describe-instances \
+ --filters "Name=tag:Name,Values=bastion-server" \
+ --region eu-west-2 | jq -r '.Reservations[0].Instances[0].NetworkInterfaces[0]."NetworkInterfaceId"')
+```
+
+```bash
+echo $ENI
+```
+
+Now, allocate an Elastic IP address by running the `aws ec2 allocate-address` command. This will return an allocation ID.
+
+```bash
+aws ec2 allocate-address --region eu-west-2
+```
+
+We get a response similar to this one:
+
+```json
+{
+    "PublicIp": "18.168.219.50",
+    "AllocationId": "eipalloc-08dfc2aab52a8e5a3",
+    "PublicIpv4Pool": "amazon",
+    "NetworkBorderGroup": "eu-west-2",
+    "Domain": "vpc"
+}
+```
+
+From this response, ee need the `AllocationId`, copy the value and dump it into terminal variable:
+
+```bash
+ALLOCATIONID=eipalloc-08dfc2aab52a8e5a3
+```
+
+Now, associate the allocated Elastic IP with a network interface or instance using the `aws ec2 associate-address` command.
+
+> NOTE: We can use a network interface or instance, in this demo we're using the network interface.
+
+```bash
+aws ec2 associate-address --allocation-id $ALLOCATIONID --network-interface-id $ENI --region eu-west-2
+```
+
+We get something as follows:
+
+```json
+{
+    "AssociationId": "eipassoc-08b38f40473c7179f"
+}
+```
+
+Move to EC2 dashboard on console and open `Elastic IPs`, we will find out our new EIP:
+
+![new elastic ip](./.resources/eip/01.png)
+
+Let's try to connect to our bastion server using this info
+
+```bash
+ssh -i "london-key.pem" ec2-user@ec2-18-168-219-50.eu-west-2.compute.amazonaws.com
+```
+
+Ok, now let's `exit` the instance, and from AWS console let's `stop` the bastion server:
+
+> Image 2
+![stopping bastion](./.resources/eip/02.png)
+
+Wait untill is full stopped. Notice that the `public IP` doesn't change, even when we have stopped the machine, ok, let's start it again:
+
+> Image 3
+![starting bastion](./.resources/eip/03.png)
+
+After is started, we can try previous SSH command and check that we can get into bastion server:
+
+```bash
+ssh -i "london-key.pem" ec2-user@ec2-18-168-219-50.eu-west-2.compute.amazonaws.com
+```

04-cloud/aws/08-managing-ips/demos/.resources/eip/01.png

@@ -1,33 +1,48 @@
-<mxfile host="app.diagrams.net" modified="2023-12-09T14:15:55.521Z" agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" etag="n3RHYS2_PkrsCZegqLuJ" version="22.1.7" type="device">
+<mxfile host="app.diagrams.net" modified="2023-12-17T10:58:23.293Z" agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" etag="dwxRtk53X5tc8e-AM6xi" version="22.1.11" type="device">
   <diagram name="Page-1" id="O0BnVBZXtNPuLVPcpNwy">
-    <mxGraphModel dx="1434" dy="820" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0">
+    <mxGraphModel dx="1205" dy="630" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0">
       <root>
         <mxCell id="0" />
         <mxCell id="1" parent="0" />
-        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-1" value="AWS Cloud" style="sketch=0;outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_aws_cloud;strokeColor=#AAB7B8;fillColor=none;verticalAlign=top;align=left;spacingLeft=30;fontColor=#AAB7B8;dashed=0;" vertex="1" parent="1">
+        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-1" value="AWS Cloud" style="sketch=0;outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_aws_cloud;strokeColor=#AAB7B8;fillColor=none;verticalAlign=top;align=left;spacingLeft=30;fontColor=#AAB7B8;dashed=0;" parent="1" vertex="1">
           <mxGeometry x="40" y="80" width="760" height="490" as="geometry" />
         </mxCell>
-        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-2" value="VPC 172.31.0.0/16" style="sketch=0;outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_vpc;strokeColor=#879196;fillColor=none;verticalAlign=top;align=left;spacingLeft=30;fontColor=#879196;dashed=0;" vertex="1" parent="1">
+        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-2" value="VPC 172.31.0.0/16" style="sketch=0;outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_vpc;strokeColor=#879196;fillColor=none;verticalAlign=top;align=left;spacingLeft=30;fontColor=#879196;dashed=0;" parent="1" vertex="1">
           <mxGeometry x="80" y="120" width="680" height="440" as="geometry" />
         </mxCell>
-        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-3" value="Internal Subnet 172.31.0.0/20" style="sketch=0;outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_subnet;strokeColor=#879196;fillColor=none;verticalAlign=top;align=left;spacingLeft=30;fontColor=#879196;dashed=0;" vertex="1" parent="1">
+        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-3" value="Internal Subnet 172.31.0.0/20" style="sketch=0;outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_subnet;strokeColor=#879196;fillColor=none;verticalAlign=top;align=left;spacingLeft=30;fontColor=#879196;dashed=0;" parent="1" vertex="1">
           <mxGeometry x="120" y="160" width="280" height="390" as="geometry" />
         </mxCell>
-        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-4" value="External Subnet 172.31.16.0/20" style="sketch=0;outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_subnet;strokeColor=#879196;fillColor=none;verticalAlign=top;align=left;spacingLeft=30;fontColor=#879196;dashed=0;" vertex="1" parent="1">
+        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-4" value="External Subnet 172.31.16.0/20" style="sketch=0;outlineConnect=0;gradientColor=none;html=1;whiteSpace=wrap;fontSize=12;fontStyle=0;shape=mxgraph.aws4.group;grIcon=mxgraph.aws4.group_subnet;strokeColor=#879196;fillColor=none;verticalAlign=top;align=left;spacingLeft=30;fontColor=#879196;dashed=0;" parent="1" vertex="1">
           <mxGeometry x="439" y="161" width="280" height="390" as="geometry" />
         </mxCell>
-        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-5" value="" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;fillColor=#ED7100;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.ec2;" vertex="1" parent="1">
+        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-5" value="" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;fillColor=#ED7100;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.ec2;" parent="1" vertex="1">
           <mxGeometry x="210" y="240" width="78" height="78" as="geometry" />
         </mxCell>
-        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-6" value="" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;fillColor=#ED7100;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.ec2;" vertex="1" parent="1">
+        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-6" value="" style="sketch=0;points=[[0,0,0],[0.25,0,0],[0.5,0,0],[0.75,0,0],[1,0,0],[0,1,0],[0.25,1,0],[0.5,1,0],[0.75,1,0],[1,1,0],[0,0.25,0],[0,0.5,0],[0,0.75,0],[1,0.25,0],[1,0.5,0],[1,0.75,0]];outlineConnect=0;fontColor=#232F3E;fillColor=#ED7100;strokeColor=#ffffff;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;fontSize=12;fontStyle=0;aspect=fixed;shape=mxgraph.aws4.resourceIcon;resIcon=mxgraph.aws4.ec2;" parent="1" vertex="1">
           <mxGeometry x="540" y="240" width="78" height="78" as="geometry" />
         </mxCell>
-        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-7" value="172.31.30.92" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
+        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-7" value="172.31.30.92" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
           <mxGeometry x="203.5" y="325" width="91" height="30" as="geometry" />
         </mxCell>
-        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-8" value="172.31.9.92&lt;br&gt;51.194.244.47" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
+        <mxCell id="rYg6fZ0COP3Tx7WlOynZ-8" value="172.31.9.92&lt;br&gt;51.194.244.47" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
           <mxGeometry x="533.5" y="325" width="91" height="30" as="geometry" />
         </mxCell>
+        <mxCell id="5XMmqp_fbMcfXs2NPOdR-1" value="" style="endArrow=classic;startArrow=classic;html=1;rounded=0;" edge="1" parent="1" target="rYg6fZ0COP3Tx7WlOynZ-6">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="288" y="280" as="sourcePoint" />
+            <mxPoint x="338" y="230" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="5XMmqp_fbMcfXs2NPOdR-2" value="" style="endArrow=classic;startArrow=classic;html=1;rounded=0;" edge="1" parent="1" target="5XMmqp_fbMcfXs2NPOdR-3">
+          <mxGeometry width="50" height="50" relative="1" as="geometry">
+            <mxPoint x="618" y="280" as="sourcePoint" />
+            <mxPoint x="820" y="280" as="targetPoint" />
+          </mxGeometry>
+        </mxCell>
+        <mxCell id="5XMmqp_fbMcfXs2NPOdR-3" value="" style="outlineConnect=0;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;shape=mxgraph.aws3.internet_2;fillColor=#D2D3D3;gradientColor=none;" vertex="1" parent="1">
+          <mxGeometry x="870" y="252" width="79.5" height="54" as="geometry" />
+        </mxCell>
       </root>
     </mxGraphModel>
   </diagram>

04-cloud/aws/08-managing-ips/demos/.resources/eip/02.png

@@ -26,4 +26,6 @@
 |                          Addressable from inside VPC only | Addressable from outside of VPC                                            |
 |                   Stays the same for lifetime of instance | Allow and deny rules                                                       |
 |                                      Based on subnet CIDR | Pulled from AWS pool of external IPs                                       |
-|                                 Assigned to all instances | Only assigned on launch if enabled                                         |
+|                                 Assigned to all instances | Only assigned on launch if enabled                                         |
+
+[Demo: Using EIP](./demos/02-eip.md)