Automatically associating Elastic IP addresses to Elastic Agents
Scenario
You want your Elastic (EC2) Agents to have known IPs, but you don't want to have to assign these manually each time an agent starts.
Having known IPs can allow you to white-list these IP addresses in your firewall. (Note that this is not the same as VPC.)
The steps in the article applies for both Linux and Windows with the AWS tools.
Solution
How to associate an EIP
Amazon provides Elastic IP (EIP) addresses, bound to your account, that can be associated to Elastic Instances. This allows instances to have known IPs rather than random ones.
They also provide a number of tools for managing these Elastic IPs. A good overview of these tools can be found here.
The command to associate an Elastic IP to a running EC2 instance is:
$ ec2-associate-address -i i-b2e019da 75.101.157.145Once an Elastic IP has been associated to a running Elastic Agent, Bamboo will automatically pick up the change and start communicating with the agent over this new IP.
How to automate it
If you want an instance to have an EIP associated with it automatically when it starts, you will need to customise your instance in such a way that:
- your AWS private key (
pk.pem) and certificate (cert.pem) are on the instance, and the instance runs this command on start-up:
$ ec2-associate-address -K /root/pk.pem -C /root/cert.pem -i $(curl -s http://169.254.169.254/latest/meta-data/instance-id) 75.101.157.145This will associate the EIP
75.101.157.145with itself.
If you will have more than one concurrently running Elastic Agent, you will probably want multiple EIPs and some logic added to the script so that it will only assign an unused EIP to itself. e.g:
ec2-associate-address -K /root/pk.pem -C /root/cert.pem -i $(curl -s http://169.254.169.254/latest/meta-data/instance-id) $(ec2-describe-addresses | grep -v "i-" | head -n1 | cut -f2) How to customise your instance
The most common way to customise your instance is by using EBS. You can add the necessary commands into /mnt/bamboo-ebs/bin/customise-extras.sh.
You can also put the command into an image configuration's "", for example:
export EC2_HOME=/opt/aws/apitools/ec2
export JAVA_HOME=/opt/jdk-8
export EC2_URL=https://ec2.us-east-1.amazonaws.com
PATH=$PATH:$EC2_HOME/bin
/opt/aws/bin/ec2-associate-address -K /root/pk.pem -C /root/cert.pem -i $(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/instance-id) 75.101.157.145
If you do not want your private key and certificate files on the instance, you can also use the following command:
export EC2_HOME=/opt/aws/apitools/ec2
export JAVA_HOME=/opt/jdk-8
export EC2_URL=https://ec2.us-east-1.amazonaws.com
PATH=$PATH:$EC2_HOME/bin
/opt/aws/bin/ec2-associate-address --aws-access-key YOUR_ACCESS_KEY --aws-secret-key YOUR_SECRET_KEY -i $(/usr/bin/curl -s http://169.254.169.254/latest/meta-data/instance-id) 75.101.157.145If your Agent does not start
It's possible that your Agents now fails to start, this is caused by Amazon delaying the actual association of the Elastic IP and causing the Agent to be disconnected during start-up. Add the following line to the startup script above:
sleep 180This will delay the start-up of the Elastic agent for 3 minutes, which will give Amazon enough to time to associate the Elastic IP without interrupting any of the Bamboo processes.