AWS Express new install

That’s not a problem, that’s correct – it’s using a self-signed SSL certificate, which your browser properly dislikes. You’d need to add your own SSL cert once you’ve assigned a domain. You can connect to port 80 instead (nnnnnnot for production though) to avoid this message for now, though I’d rather you just clicked through.

I’ve been able to login to OpenEMR using your suggestion of going through Port 80 & it seems to be working great, but I’m unable to SSH into the site or connect through the other methods on AWS.

I’ve been able to connect when I put my Port 22 security rule to, for some reason setting it to MyIP seems to have been the problem? Why would that be?

Instance Connect doesn’t use /your/ IP, it uses the mothership IP (see OpenEMR 6.1.0 Devops - #17 by jesdynf), but that doesn’t explain why direct SSH connections are giving you grief. Maybe you should connect to the instance and then see what IPs are connected to it, if it doesn’t think your IP is really your IP?

I see that we need to run the following command to find the mothership IP. But not sure where we are supposed to run this? Within the instance?

$ curl -s| jq -r ‘.prefixes[] | select(.region==“us-east-1”) | select(.service==“EC2_INSTANCE_CONNECT”) | .ip_prefix’

Anywhere, it’s a public resource. Just make sure to put the right region in there, if you’re not in us-east-1. See the page I link from the forum post for more information.

Hey Asher,

Still having some problems with the SSH, started over with a Standard AWS Instance, I’ve done the following to debug:

  1. Modified the 3 security groups so they all have port 22 access
  2. Modified the policy so that - SendSSHPublicKey - is allowed for the instance ARM
  3. Made sure that I can connect with AWS Instance Connect & checked that the public key is the one I have on the server
  4. File not found - tried moving it into the SSH directory
  5. CHMOD 400 the .pem key file

The only thing that seems odd right now is that for some reason when I ssh in it seems to be looking for an ed25519 file instead of the rsa public key that I have.

I’m not sure I’m able to debug problems with your local ssh configuration, which is what “file not found” issues connecting sound like to me. AWS Standard is built on the Ubuntu 20.04 LTS instance AWS provides, it’s not anything strange or exotic, and if Instance Connect is working then sshd is functional and listening. There’s not a lot more I can say except that you should try connecting with another device maybe?

I tried looking into VPC & the internet gateway was not open, so just fixed that by adding a new route. Not sure that I did it correctly, but it seems like there are a lot of things that need to be done in order to get the Standard AWS version up & running, especially if you need access to the API.

I can’t find any straightforward documentation walking through all these steps. Do you know where that might be, because it seems like I keep stalling on simple things.

Wasn’t able to solve the SSH problem, so trying to set up a new instance with new key/pair in case its a perms issue.