Community
Products
Bamboo
Questions
EC2 elastic agent security groups.

EC2 elastic agent security groups.

Hi,

Having issues starting EC2 elastic agents within a VPC.

The way our VPC is configured, I require the agents to be assigned an additional security group to correctly function - specifically to get access to our corporate DNS server which is located on another subnet within the VPC. I have confirmed that when I manually add the required security group then run the agent start script, then the agent loads and the bamboo server marks the agent as ready.

How can I get the security group assignment configured?

Thanks.

1 answer

1 accepted

0 votes

Answer accepted

Hi @Alistair.Mackay

Your question seems pretty similar to this one:

Solved: How to associate an Amazon Security Group with a Bamboo Elastic Image when launching in a VPC

Have you tried to configure this in AWS side?

The VPC on Bamboo side is configured through Image configurations >> Edit (the image you want)>> Use Virtual Private Cloud, but I guess this is not your issue, right?

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Hi @Daniel Santos

The underlying issue is that in the VPC into which the agents are being launched, the only available DNS server is provided by an Active Directory instance. In order to reach that server, an additional security group is needed on the newly launched elastic instance.

We did not want to add a heap of AD rules to the default bamboo SGs.

I solved this by creating a lambda that's triggered when the instance is launched. This lambda adds the required SG before the instance reaches the agent load phase.

Cheers,

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • like this

Hi @Alistair.Mackay

Thank you so much for sharing how you solved the problem. This will certainly help other users that may face the same issue.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

When I have time, I'll publish the solution in my GiHub account.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Daniel Santos likes this

Great move! Thank you!

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like

@Daniel Santos Here you go :-)
https://github.com/fireflycons/bamboo-elastic-agent-security-groups

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • like this

Hi @Alistair.Mackay

Thank you for the awesome community initiative.
It does not matter the purpose of a given community, it will only succeed if we have people like you that take the time needed to share what they know with others.

Have a wonderful week ahead! =]

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Like • Steffen Opel _Utoolity_ likes this

Reply

Suggest an answer

Log in or Sign up to answer

Was this helpful?

Thanks!

TAGS