From 86a90678242bdbca0209b0670084b34d8e672220 Mon Sep 17 00:00:00 2001 From: Winston Nolan Date: Wed, 26 Jun 2024 13:16:45 +1200 Subject: [PATCH 1/3] Creating documentation for docker-sdk VPN alternative --- _data/sidebars/ca_dev_sidebar.yml | 3 +- docs/ca/dev/access/access.md | 1 + ...nect-to-services-via-aws-and-docker-sdk.md | 97 +++++++++++++++++++ ...tting-started-with-cloud-administration.md | 1 + 4 files changed, 101 insertions(+), 1 deletion(-) create mode 100644 docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.md diff --git a/_data/sidebars/ca_dev_sidebar.yml b/_data/sidebars/ca_dev_sidebar.yml index f38667b8d59..5ee0a3da607 100644 --- a/_data/sidebars/ca_dev_sidebar.yml +++ b/_data/sidebars/ca_dev_sidebar.yml @@ -17,7 +17,8 @@ entries: url: /docs/ca/dev/access/locate-service-credentials.html - title: Connect to services via SSH url: /docs/ca/dev/access/connect-to-services-via-ssh.html - + - title: Connect to services via AWS Systems Manager & the docker-sdk + url: /docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.html - title: Connecting the Docker SDK url: /docs/ca/dev/connecting-the-docker-sdk.html - title: Connect a code repository diff --git a/docs/ca/dev/access/access.md b/docs/ca/dev/access/access.md index e382d6947a8..d835b5ea3fd 100644 --- a/docs/ca/dev/access/access.md +++ b/docs/ca/dev/access/access.md @@ -12,3 +12,4 @@ This section describes how to access AWS Management Console as an Identity and A * [Accessing AWS Management Console](/docs/ca/dev/access/access-the-aws-management-console.html) * [Locating service credentials](/docs/ca/dev/access/locate-service-credentials.html) * [Connecting to services via SSH](/docs/ca/dev/access/connect-to-services-via-ssh.html) +* [Connecting to services via AWS Systems Manager & the docker-sdk](/docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.html) \ No newline at end of file diff --git a/docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.md b/docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.md new file mode 100644 index 00000000000..2ba7936ade3 --- /dev/null +++ b/docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.md @@ -0,0 +1,97 @@ +--- +title: Connect to services via AWS Systems Manager & the docker-sdk +description: Access Spryker Cloud services via AWS Systems Manager & the docker-sdk. +template: howto-guide-template +last_updated: Jun 26, 2024 +--- + +{% info_block warningBox %} + +Connecting to services via AWS Systems Manager & the docker-sdk is currently running under an Early Access Release. Early Access Releases are subject to specific legal terms, they are unsupported and do not provide production-ready SLAs. They can also be deprecated without a General Availability Release. Nevertheless, we welcome feedback from early adopters on these cutting-edge, exploratory features. + +{% endinfo_block %} + +At Spryker, our customers mainly connect to their PAAS services via a VPN connection. The VPN connection works very well for 99% of our customers. But, there are instances where customers have difficulty using the VPN Connection. For these customers, and customers who would like to explore an alternative method to connect to their PAAS services, we created a solution to connect to services via AWS Systems Manager & the docker-sdk + +This method enables you to connect to PAAS services, as soon as you have received access to your AWS Account + +## Prerequisites +1. [Install or update to the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) +2. [Install the Session Manager plugin for the AWS CLI](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html) +3. Install the patch to the docker-sdk +3.1. Clone the docker-sdk +```shell +git clone git@github.com:spryker/docker-sdk.git +``` +3.2 Apply the diff [docker-sdk-paas.diff](https://github.com/spryker-community/docker-sdk-vpn-alternative/commit/009ecdedbad9d99505de6210064dcb2fa194b20e.diff) +```shell +cd docker-sdk +git apply --whitespace=nowarn ../docker-sdk-paas.diff +``` + +4. Set the [AWS Authentication Environment Variables](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html#envvars-set) in your shell +```shell +export AWS_ACCESS_KEY_ID="AWS_ACCESS_KEY_ID" +export AWS_SECRET_ACCESS_KEY="AWS_SECRET_ACCESS_KEY" +export AWS_SESSION_TOKEN="AWS_SESSION_TOKEN" +export AWS_REGION="AWS_REGION" +``` + +## Connect to a service + +1. Issue the PAAS `create-tunnel` command, with `--environment={environment_name} service1 service2` +```shell +docker/sdk paas create-tunnel --environment=spryker-b2bmarketplace database database-ro-replica storage search scheduler broker +--> DEVELOPMENT MODE + +Environment spryker-b2bmarketplace + +Fetching Service Connection Parameters + +Selecting Random EC2 Instance Jump Host Within Environment spryker-b2bmarketplace + +Selected EC2 Instance i-0c8e03846... + +Establishing tunnel to database service +Port 5000 is Free +Waiting for connections... + +Remote Endpoint: spryker-b2bmarketplace.abcdefg.us-east-2.rds.amazonaws.com Remote Port: 3306 Local Endpoint: localhost Local Port: 5000 + +Establishing tunnel to database-ro-replica RO REPLICA service. Only for PRODUCTION environments. Use the credentials for the database to connect +READ-REPLICA not found. + +Establishing tunnel to storage service +Port 5020 is Free +Waiting for connections... + +Remote Endpoint: spryker-b2bmarketplace-cluster.abcdefg.ng.0001.use2.cache.amazonaws.com Remote Port: 6379 Local Endpoint: localhost Local Port: 5020 + +Establishing tunnel to search service +Port 5030 is Free +Waiting for connections... + +Remote Endpoint: vpc-spryker-b2bmarketplace-abcdefg.us-east-2.es.amazonaws.com Remote Port: 80 Local Endpoint: localhost Local Port: 5030 + +Establishing tunnel to scheduler service +Port 5040 is Free +Waiting for connections... + +Remote Endpoint: scheduler.b2b-marketplace.demo-spryker.com Remote Port: 80 Local Endpoint: localhost Local Port: 5040 + +Establishing tunnel to broker service +Port 5050 is Free +Waiting for connections... + +Remote Endpoint: rabbitmq.b2b-marketplace.demo-spryker.com Remote Port: 15672 Local Endpoint: localhost Local Port: 5050 +``` +2. Once the tunnels to each service has been established, use your favourite tools and connect to `{Local Endpoint}:{Local Port}` for example +```shell +mysql --host=127.0.0.1 --port=5000 --user=$SPRYKER_DB_USERNAME --password=$SPRYKER_DB_PASSWORD +``` + +{% info_block warningBox %} + +By default, sessions time out after 20 minutes of inactivity. + +{% endinfo_block %} diff --git a/docs/ca/dev/getting-started-with-cloud-administration.md b/docs/ca/dev/getting-started-with-cloud-administration.md index ff879e71b5f..216a6d9e644 100644 --- a/docs/ca/dev/getting-started-with-cloud-administration.md +++ b/docs/ca/dev/getting-started-with-cloud-administration.md @@ -38,6 +38,7 @@ You can access your cloud environments via the following means: * IAM account: provides access to the AWS Management Console. For instructions, see [Access AWS Management Console](/docs/ca/dev/access/access-the-aws-management-console.html). * SSH: provides access to internal services via [bastion host](https://docs.aws.amazon.com/quickstart/latest/linux-bastion/overview.html). For instructions, see [Connect to services via SSH](/docs/ca/dev/access/connect-to-services-via-ssh.html). * VPN: provides access to internal services via [bastion host](https://docs.aws.amazon.com/quickstart/latest/linux-bastion/overview.html). You receive these access details during the onboarding. +* AWS SSM: provides access to internal services via port forwarding with [AWS Systems Manager & the docker-sdk](/docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.html). You receive these access details during the onboarding. * SFTP: provides access to the SFTP folder mounted inside the Jenkins container. You receive these access details during the onboarding. From a68df1939c493e066588cc7bb3f7141f1ba2864e Mon Sep 17 00:00:00 2001 From: Winston Nolan Date: Tue, 10 Sep 2024 13:27:39 +1200 Subject: [PATCH 2/3] Enhancing the docker/sdk vpn alternative documentation --- ...nect-to-services-via-aws-and-docker-sdk.md | 170 +++++++++++++++--- 1 file changed, 145 insertions(+), 25 deletions(-) diff --git a/docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.md b/docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.md index 2ba7936ade3..63424acef81 100644 --- a/docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.md +++ b/docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.md @@ -11,78 +11,147 @@ Connecting to services via AWS Systems Manager & the docker-sdk is currently run {% endinfo_block %} -At Spryker, our customers mainly connect to their PAAS services via a VPN connection. The VPN connection works very well for 99% of our customers. But, there are instances where customers have difficulty using the VPN Connection. For these customers, and customers who would like to explore an alternative method to connect to their PAAS services, we created a solution to connect to services via AWS Systems Manager & the docker-sdk +At Spryker, our customers mainly connect to their PaaS services via a VPN connection. This feature introduces an alternative method to connect to PaaS services. We created a solution to connect to services via AWS Systems Manager integrated into the the docker-sdk -This method enables you to connect to PAAS services, as soon as you have received access to your AWS Account +{% info_block infoBox "docker/sdk VPN Alternative" %} + +This method enables you to connect to PaaS services, as soon as you have received access to your AWS Account and you no longer need to request VPN Access + +{% endinfo_block %} ## Prerequisites -1. [Install or update to the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) +1. [Install or update to the latest version of the AWS CLI V2](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) 2. [Install the Session Manager plugin for the AWS CLI](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html) -3. Install the patch to the docker-sdk +3. Install or Upgrade to the latest version of the docker-sdk 3.1. Clone the docker-sdk ```shell git clone git@github.com:spryker/docker-sdk.git ``` -3.2 Apply the diff [docker-sdk-paas.diff](https://github.com/spryker-community/docker-sdk-vpn-alternative/commit/009ecdedbad9d99505de6210064dcb2fa194b20e.diff) +3.2 Verify the docker/sdk paas (or cloud) commands exist ```shell -cd docker-sdk -git apply --whitespace=nowarn ../docker-sdk-paas.diff +docker/sdk + +┌────╮ ┌─┐ ╭────┬────╮─┬─┐ +│ ╮ │───┬───┤ ├─┬───┬─┬─┐ │ ───┤ ╮ │ ┌─┘ +│ ╯ │ ┼ │ ├─┤───┤ ┼─┤ ┌─╯ ├─── │ ╯ │ └─┐ +└────┴───┴───┴─┴─┴───┴─┘ └────┴────┴─┴─┘ + + + +Basic usage: + SPRYKER_PROJECT_NAME= docker/sdk [args...] Runs the command for the specified . + docker/sdk [-p ] [args...] Runs the command for the specified . + +Installation: + docker/sdk bootstrap | boot [-v] Prepares all the files to run the application based on . + docker/sdk bootstrap | boot [-v] Prepares all the files to run the application based on deploy.local.yml or deploy.yml. + docker/sdk config Outputs deploy file into the cli. + +Quick start: +docker/sdk bootstrap && docker/sdk up + +Paas | Cloud: + The AWS CLI is required for Paas | Cloud Commands + The AWS Session Manager plugin for the AWS CLI is required for Paas | Cloud Commands. See https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html + AWS Session Tokens and AWS Region are required for Paas | Cloud Commands. See https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html + +Commands: + docker/sdk paas | cloud get-region List AWS Region set in your shell + docker/sdk paas | cloud environments List Paas Environments + docker/sdk paas | cloud service-details --environment=ENVIRONMENT_NAME service [database storage ..] List Paas Environment Service Details. See output from environments command. Services: database database-ro-replica storage search scheduler broker + docker/sdk paas | cloud create-tunnel --environment=ENVIRONMENT_NAME service [database storage ..] Create AWS SSM Tunnels to one or more Paas Environment Services. See output from environments command. Services: database database-ro-replica storage search scheduler broker + docker/sdk paas | cloud close-tunnel service [database storage ..] Close ALL Active AWS SSM Tunnels for Service. Services: database database-ro-replica storage search scheduler broker + docker/sdk paas | cloud tunnels ``` 4. Set the [AWS Authentication Environment Variables](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html#envvars-set) in your shell ```shell export AWS_ACCESS_KEY_ID="AWS_ACCESS_KEY_ID" export AWS_SECRET_ACCESS_KEY="AWS_SECRET_ACCESS_KEY" -export AWS_SESSION_TOKEN="AWS_SESSION_TOKEN" -export AWS_REGION="AWS_REGION" ``` +4.1 Set the AWS Region of the PaaS environment you want to connect to +```shell +aws configure set region AWS_REGION + +# example +aws configure set region eu-central-1 +``` +4.2 Verify your region with the `docker/sdk paas get-region` command + +## Search for PaaS environments in your AWS Account (All AWS Regions) +If you are unsure which environments exist within your AWS Account, and in which AWS Regions these environments exist, issue the `docker/sdk paas environments` command. This command, will search your entire AWS Account, all AWS Regions, and return all PaaS environments found, together with their AWS Regions +```shell +docker/sdk paas environments + +┌────╮ ┌─┐ ╭────┬────╮─┬─┐ +│ ╮ │───┬───┤ ├─┬───┬─┬─┐ │ ───┤ ╮ │ ┌─┘ +│ ╯ │ ┼ │ ├─┤───┤ ┼─┤ ┌─╯ ├─── │ ╯ │ └─┐ +└────┴───┴───┴─┴─┴───┴─┘ └────┴────┴─┴─┘ + + + +You are authenticated with AWS Account ****** +This operation is currently searching the AWS Account for Paas environments (All AWS Regions). + +Interact with the environment by setting your AWS Region to the same region of the environment. +Set your AWS Region with aws configure set region AWS_REGION Example: aws configure set region eu-central-1 +Then, specify the environment name with the parameter --environment=ENVIRONMENT_NAME + +Found Environment spryker-b2bmarketplace in AWS Region eu-central-1 +Found Environment spryker-b2cmarketplace in AWS Region eu-central-1 +``` + + ## Connect to a service -1. Issue the PAAS `create-tunnel` command, with `--environment={environment_name} service1 service2` +1. Issue the `docker/sdk paas create-tunnel` command, with `service1 service2 --environment={environment_name}` ```shell -docker/sdk paas create-tunnel --environment=spryker-b2bmarketplace database database-ro-replica storage search scheduler broker ---> DEVELOPMENT MODE +docker/sdk paas create-tunnel database database-ro-replica storage search scheduler broker --environment=spryker-b2bmarketplace -Environment spryker-b2bmarketplace +┌────╮ ┌─┐ ╭────┬────╮─┬─┐ +│ ╮ │───┬───┤ ├─┬───┬─┬─┐ │ ───┤ ╮ │ ┌─┘ +│ ╯ │ ┼ │ ├─┤───┤ ┼─┤ ┌─╯ ├─── │ ╯ │ └─┐ +└────┴───┴───┴─┴─┴───┴─┘ └────┴────┴─┴─┘ -Fetching Service Connection Parameters -Selecting Random EC2 Instance Jump Host Within Environment spryker-b2bmarketplace -Selected EC2 Instance i-0c8e03846... +You are authenticated with AWS Account ****** +Your current AWS Region is eu-central-1. Change your region with aws configure set region AWS_REGION. Example aws configure set region eu-central-1 + +Environment spryker-b2bmarketplace +Fetching Service Connection Parameters +Selecting Random EC2 Instance Jump Host Within Environment spryker-b2bmarketplace +Selected EC2 Instance i-0f74ce96a0bfd5f2d Establishing tunnel to database service Port 5000 is Free Waiting for connections... - -Remote Endpoint: spryker-b2bmarketplace.abcdefg.us-east-2.rds.amazonaws.com Remote Port: 3306 Local Endpoint: localhost Local Port: 5000 +Remote Endpoint: spryker-b2bmarketplace.abcdefg.eu-central-1.rds.amazonaws.com Remote Port: 3306 Local Endpoint: localhost Local Port: 5000 Establishing tunnel to database-ro-replica RO REPLICA service. Only for PRODUCTION environments. Use the credentials for the database to connect -READ-REPLICA not found. +Port 5010 is Free +Waiting for connections... +Remote Endpoint: spryker-b2bmarketplace-ro-replica-0.abcdefg.eu-central-1.rds.amazonaws.com Remote Port: 3306 Local Endpoint: localhost Local Port: 5010 Establishing tunnel to storage service Port 5020 is Free Waiting for connections... - -Remote Endpoint: spryker-b2bmarketplace-cluster.abcdefg.ng.0001.use2.cache.amazonaws.com Remote Port: 6379 Local Endpoint: localhost Local Port: 5020 +Remote Endpoint: spryker-b2bmarketplace-cluster.abcdefg.ng.0001.apse1.cache.amazonaws.com Remote Port: 6379 Local Endpoint: localhost Local Port: 5020 Establishing tunnel to search service Port 5030 is Free Waiting for connections... - -Remote Endpoint: vpc-spryker-b2bmarketplace-abcdefg.us-east-2.es.amazonaws.com Remote Port: 80 Local Endpoint: localhost Local Port: 5030 +Remote Endpoint: vpc-spryker-b2bmarketplace-abcdefg.eu-central-1.es.amazonaws.com Remote Port: 80 Local Endpoint: localhost Local Port: 5030 Establishing tunnel to scheduler service Port 5040 is Free Waiting for connections... - Remote Endpoint: scheduler.b2b-marketplace.demo-spryker.com Remote Port: 80 Local Endpoint: localhost Local Port: 5040 Establishing tunnel to broker service Port 5050 is Free Waiting for connections... - Remote Endpoint: rabbitmq.b2b-marketplace.demo-spryker.com Remote Port: 15672 Local Endpoint: localhost Local Port: 5050 ``` 2. Once the tunnels to each service has been established, use your favourite tools and connect to `{Local Endpoint}:{Local Port}` for example @@ -95,3 +164,54 @@ mysql --host=127.0.0.1 --port=5000 --user=$SPRYKER_DB_USERNAME --password=$SPRYK By default, sessions time out after 20 minutes of inactivity. {% endinfo_block %} + +## Frequently Asked Questions + +### Do I still need VPN Access? +No. The docker/sdk VPN alternative solution can replace your VPN access, and when you use the docker/sdk VPN alternative solution you no longer need the Spryker VPN + +### Where do I find my AWS Access Keys +You can use the AWS Management Console to manage the access keys of an IAM user. See [Managing access keys (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey) + +When you create an access key pair, save the access key ID and secret access key in a secure location. The secret access key is available only at the time you create it. If you lose your secret access key, you must delete the access key and create a new one. For more instructions, see [Update access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_RotateAccessKey.html). + +### Where do I find the Credentials and Service details for my PaaS Services? +The `docker/sdk paas service-details` command will retrieve and display PaaS Services details. Alternatively see [Locate service credentials](/docs/ca/dev/access/locate-service-credentials.html) + +```shell +docker/sdk paas service-details database database-ro-replica storage search scheduler broker --environment={environment_name} +``` + +### When I execute the `docker/sdk paas create-tunnel` command I receive no errors, and the command executes successfully, but no tunnels are created + +Verify that you [installed the Session Manager plugin for the AWS CLI](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html) + +### Can I connect to multiple environments at the same time? +Yes. You can connect to multiple environments at the same time. Set the the correct AWS Access Keys, and AWS Region of the environment. Then specify the correct `--environment={environment_name}` within the `docker/sdk paas create-tunnel` command + +Each tunnel to a PaaS service will claim a different port. The solution allows for 10 tunnel connections for each PaaS service at the same time. + +The local port ranges are +database (RDS) 5000-5009 +database-ro-replica (RDS READ-REPLICA) 5010-5019 +storage (REDIS) 5020-5029 +search (ElasticSearch/OpenSearch) 5030-5039 +scheduler (Jenkins) 5040-5049 +broker (RabbitMQ) 5050-5059 + +### Can I specify my own ports? +No. Specifying your own ports is not a feature. + +### How long does the tunnels stay active? +By default, sessions time out after 20 minutes of inactivity. + +### Can I create a tunnel to any EC2 instances? +No. You will not be able to use this method to connect to any EC2 instances. + +### I am unable to connect to my services using the docker/sdk VPN alternative +Please [contact support](https://support.spryker.com) via **Create Case** - **Get Help**. + +Be sure to add the example commands that you tried, and the errors that you received + + + From 6dc517c8b624b9b9cbb78c2e93a911dbe19f51d8 Mon Sep 17 00:00:00 2001 From: Winston Nolan Date: Mon, 16 Sep 2024 10:00:14 +1200 Subject: [PATCH 3/3] Enhancing the docker/sdk vpn alternative documentation --- ...nect-to-services-via-aws-and-docker-sdk.md | 120 ++++++++++++++---- 1 file changed, 92 insertions(+), 28 deletions(-) diff --git a/docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.md b/docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.md index 63424acef81..3316a5963b6 100644 --- a/docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.md +++ b/docs/ca/dev/access/connect-to-services-via-aws-and-docker-sdk.md @@ -53,11 +53,10 @@ docker/sdk bootstrap && docker/sdk up Paas | Cloud: The AWS CLI is required for Paas | Cloud Commands The AWS Session Manager plugin for the AWS CLI is required for Paas | Cloud Commands. See https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html - AWS Session Tokens and AWS Region are required for Paas | Cloud Commands. See https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html + AWS Access credentials are required for Paas | Cloud Commands. See https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html Commands: - docker/sdk paas | cloud get-region List AWS Region set in your shell - docker/sdk paas | cloud environments List Paas Environments + docker/sdk paas | cloud environments Search the AWS Account for Paas Environments, and list them docker/sdk paas | cloud service-details --environment=ENVIRONMENT_NAME service [database storage ..] List Paas Environment Service Details. See output from environments command. Services: database database-ro-replica storage search scheduler broker docker/sdk paas | cloud create-tunnel --environment=ENVIRONMENT_NAME service [database storage ..] Create AWS SSM Tunnels to one or more Paas Environment Services. See output from environments command. Services: database database-ro-replica storage search scheduler broker docker/sdk paas | cloud close-tunnel service [database storage ..] Close ALL Active AWS SSM Tunnels for Service. Services: database database-ro-replica storage search scheduler broker @@ -70,17 +69,9 @@ export AWS_ACCESS_KEY_ID="AWS_ACCESS_KEY_ID" export AWS_SECRET_ACCESS_KEY="AWS_SECRET_ACCESS_KEY" ``` -4.1 Set the AWS Region of the PaaS environment you want to connect to -```shell -aws configure set region AWS_REGION - -# example -aws configure set region eu-central-1 -``` -4.2 Verify your region with the `docker/sdk paas get-region` command - ## Search for PaaS environments in your AWS Account (All AWS Regions) -If you are unsure which environments exist within your AWS Account, and in which AWS Regions these environments exist, issue the `docker/sdk paas environments` command. This command, will search your entire AWS Account, all AWS Regions, and return all PaaS environments found, together with their AWS Regions +If you are unsure which environments exist within your AWS Account, and in which AWS Regions these environments exist, issue the `docker/sdk paas environments` command. This command, will search your entire AWS Account, all AWS Regions, and return all PaaS environments found, together with their AWS Regions + ```shell docker/sdk paas environments @@ -92,20 +83,89 @@ docker/sdk paas environments You are authenticated with AWS Account ****** -This operation is currently searching the AWS Account for Paas environments (All AWS Regions). +This operation is currently searching the AWS account for Paas environments (All AWS regions) -Interact with the environment by setting your AWS Region to the same region of the environment. -Set your AWS Region with aws configure set region AWS_REGION Example: aws configure set region eu-central-1 -Then, specify the environment name with the parameter --environment=ENVIRONMENT_NAME +Creating environments cache file Found Environment spryker-b2bmarketplace in AWS Region eu-central-1 Found Environment spryker-b2cmarketplace in AWS Region eu-central-1 + +Environments cache file /tmp/******_spryker_paas_environments.tmp ``` +## Retrieve service credentials +Issue the `docker/sdk paas service-details` command, with `service1 service2 --environment={environment_name}` +Service options are: `database database-ro-replica storage search scheduler broker` + +```shell +docker/sdk paas service-details database database-ro-replica storage search scheduler broker --environment=spryker-b2bmarketplace + +┌────╮ ┌─┐ ╭────┬────╮─┬─┐ +│ ╮ │───┬───┤ ├─┬───┬─┬─┐ │ ───┤ ╮ │ ┌─┘ +│ ╯ │ ┼ │ ├─┤───┤ ┼─┤ ┌─╯ ├─── │ ╯ │ └─┐ +└────┴───┴───┴─┴─┴───┴─┘ └────┴────┴─┴─┘ + + + +You are authenticated with AWS Account ****** + +Target environment spryker-b2bmarketplace AWS region eu-central-1 + +Fetching database details +SPRYKER_DB_PASSWORD=****** +SPRYKER_DB_DATABASE=****** +SPRYKER_DB_HOST=****** +SPRYKER_DB_PORT=****** +SPRYKER_DB_ROOT_PASSWORD=****** +SPRYKER_DB_IDENTIFIER=****** +SPRYKER_DB_ROOT_USERNAME=****** +SPRYKER_DB_ENGINE=****** +SPRYKER_DB_COLLATE=****** +SPRYKER_DB_CHARACTER_SET=****** +SPRYKER_DB_USERNAME=****** + +Fetching database-ro-replica details. Only for PRODUCTION environments. Use the credentials for the database to connect +READ-REPLICA not found. + +Fetching storage details +SPRYKER_KEY_VALUE_STORE_ENGINE=****** +SPRYKER_KEY_VALUE_STORE_HOST=****** +SPRYKER_KEY_VALUE_STORE_CONNECTION_OPTIONS=****** +SPRYKER_KEY_VALUE_STORE_PORT=****** +SPRYKER_SESSION_FE_PORT=****** +SPRYKER_SESSION_FE_HOST=****** +SPRYKER_SESSION_BE_ENGINE=****** +SPRYKER_SESSION_BE_PORT=****** +SPRYKER_SESSION_BE_HOST=****** + +Fetching search details +SPRYKER_SEARCH_INDEX_PREFIX=****** +SPRYKER_SEARCH_HOST=****** +SPRYKER_SEARCH_PORT=****** +SPRYKER_SEARCH_ENGINE=****** + +Fetching scheduler details +SPRYKER_SCHEDULER_HOST=****** +SPRYKER_SCHEDULER_PORT=****** + +Fetching broker details +SPRYKER_BROKER_API_PASSWORD=****** +SPRYKER_BROKER_PROTOCOL=****** +SPRYKER_BROKER_CONNECTIONS=****** +SPRYKER_BROKER_ENGINE=****** +SPRYKER_BROKER_USERNAME=****** +SPRYKER_BROKER_API_PORT=****** +SPRYKER_BROKER_API_USERNAME=****** +SPRYKER_BROKER_PORT=****** +SPRYKER_BROKER_API_HOST=****** +SPRYKER_BROKER_HOST=****** +SPRYKER_BROKER_PASSWORD=****** +``` ## Connect to a service -1. Issue the `docker/sdk paas create-tunnel` command, with `service1 service2 --environment={environment_name}` +1. Issue the `docker/sdk paas create-tunnel` command, with `service1 service2 --environment={environment_name}` +Service options are: `database database-ro-replica storage search scheduler broker` ```shell docker/sdk paas create-tunnel database database-ro-replica storage search scheduler broker --environment=spryker-b2bmarketplace @@ -117,12 +177,11 @@ docker/sdk paas create-tunnel database database-ro-replica storage search schedu You are authenticated with AWS Account ****** -Your current AWS Region is eu-central-1. Change your region with aws configure set region AWS_REGION. Example aws configure set region eu-central-1 -Environment spryker-b2bmarketplace -Fetching Service Connection Parameters -Selecting Random EC2 Instance Jump Host Within Environment spryker-b2bmarketplace -Selected EC2 Instance i-0f74ce96a0bfd5f2d +Target environment spryker-b2bmarketplace AWS region eu-central-1 +Fetching service connection parameters +Selecting random EC2 instance jump host within the environment spryker-b2bmarketplace +Selected EC2 instance i-0c951b987b22e0ed9 Establishing tunnel to database service Port 5000 is Free @@ -154,7 +213,7 @@ Port 5050 is Free Waiting for connections... Remote Endpoint: rabbitmq.b2b-marketplace.demo-spryker.com Remote Port: 15672 Local Endpoint: localhost Local Port: 5050 ``` -2. Once the tunnels to each service has been established, use your favourite tools and connect to `{Local Endpoint}:{Local Port}` for example +2. Once the tunnels to each service has been established, use your favourite tools and connect to `{Local Endpoint}:{Local Port}` ```shell mysql --host=127.0.0.1 --port=5000 --user=$SPRYKER_DB_USERNAME --password=$SPRYKER_DB_PASSWORD ``` @@ -168,12 +227,14 @@ By default, sessions time out after 20 minutes of inactivity. ## Frequently Asked Questions ### Do I still need VPN Access? -No. The docker/sdk VPN alternative solution can replace your VPN access, and when you use the docker/sdk VPN alternative solution you no longer need the Spryker VPN +No. The docker/sdk VPN alternative solution can replace your VPN access, and when you use the docker/sdk VPN alternative solution you no longer need the Spryker VPN. + +The docker/sdk VPN alternative solution is not a replacement for a Site-to-Site VPN solution. The solution is intended for users. ### Where do I find my AWS Access Keys You can use the AWS Management Console to manage the access keys of an IAM user. See [Managing access keys (console)](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#Using_CreateAccessKey) -When you create an access key pair, save the access key ID and secret access key in a secure location. The secret access key is available only at the time you create it. If you lose your secret access key, you must delete the access key and create a new one. For more instructions, see [Update access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_RotateAccessKey.html). +When you create an access key pair, save the access key ID and secret access key in a secure location. The secret access key is available only at the time you create it. If you lose your secret access key, you must delete the access key and create a new one. For more instructions, see [Update access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/Using_RotateAccessKey.html) ### Where do I find the Credentials and Service details for my PaaS Services? The `docker/sdk paas service-details` command will retrieve and display PaaS Services details. Alternatively see [Locate service credentials](/docs/ca/dev/access/locate-service-credentials.html) @@ -186,8 +247,11 @@ docker/sdk paas service-details database database-ro-replica storage search sche Verify that you [installed the Session Manager plugin for the AWS CLI](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html) +Verify that your local firewall software, or your organisation firewall is not blocking your tunnel requests. + ### Can I connect to multiple environments at the same time? -Yes. You can connect to multiple environments at the same time. Set the the correct AWS Access Keys, and AWS Region of the environment. Then specify the correct `--environment={environment_name}` within the `docker/sdk paas create-tunnel` command +Yes. You can connect to multiple environments at the same time. +Set the the correct AWS Access Keys for the AWS Accoun. Then specify the correct `--environment={environment_name}` within the `docker/sdk paas create-tunnel` command Each tunnel to a PaaS service will claim a different port. The solution allows for 10 tunnel connections for each PaaS service at the same time. @@ -211,7 +275,7 @@ No. You will not be able to use this method to connect to any EC2 instances. ### I am unable to connect to my services using the docker/sdk VPN alternative Please [contact support](https://support.spryker.com) via **Create Case** - **Get Help**. -Be sure to add the example commands that you tried, and the errors that you received +Be sure to add the example commands that you tried, and the errors that you received.