Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

BitBucket clone via ssh from separate AWS account

bengecko
bengecko January 22, 2019

We have multiple AWS accounts to keep infrastructure, dev, and prod separate. Currently our BitBucket server lives in our "infrastructure" account and I am trying to set up a client in our "dev" account. We have a NAT gateway set up for both the bitbucket server and the client. The bitbucket server is behind a load balancer and the client is simply trying to clone via ssh through the NAT gateway but it is not working (ssh timeout). 

I tried turning on debug logging but there is nothing showing up in the logs so this tells me that perhaps my client is not reaching the server. 

Question: What is the best practice for setting up BitBucket in AWS with the requirement that we have enable client access from a different AWS account? 

I have confirmed that we can clone repositories with a client corp env that is not in AWS so we know that cloning works in general. I just can't get cloning to work from a different AWS account. 

Thoughts?

Answer
Watch
Like Be the first to like this
352 views

1 answer

1 accepted

1 vote
Answer accepted
Jobin Kuruvilla [Adaptavist]
Jobin Kuruvilla [Adaptavist]
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
January 24, 2019

Can you check if the SSH port is opened in the security groups?

Also, see https://confluence.atlassian.com/bitbucketserver/getting-started-with-bitbucket-server-and-aws-776640193.html

View More Comments
bengecko
bengecko January 25, 2019

I found the issue. It seems that the best way to communicate with bitbucket is using the public IP. The answer was to use a NAT gateway with an EIP as the default route for the Jenkins slaves and whitelisting the EIP for SSH on the BB server side. On a side note, we set up the VPC peer for the Jenkins master to connect to the Jenkins slaves via the internal IP address thereby enabling full control from the Jenkins master while allowing the slaves to communicate as clients to BB. The only issue is now we need to set up an SSH gateway to enable us to connect to Jenkins slaves from the local VPC for troubleshooting on the command line when necessary. This makes things a bit more secure since now the Jenkins slaves do not require a public IP address which was part of the goal anyway. 

Like Jobin Kuruvilla [Adaptavist] likes this
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
TAGS
AUG Leaders

Atlassian Community Events

    See all events