MIPS Proxy AWS EC2 Setup

Overview

When adding a new EC2 instance and configuring it to support proxying MIPs HTTP requests through the AWS EC2 instance.

For example, if an IP is blacklisted this might be done.

AWS Build

1. Log on to the Sterling AWS account (credentials stored in LastPass)
2. Connect to the N Virginia AWS region
3. Launch a new EC2 instance using RHEL 
4. If this is for dev/qa use the smallest instance (t2.micro) otherwise for production use t2.small or t2.medium depending on expected needs
5. Tag the instance name with (P|Q)AWSSSHxx like QAWSSSH03 for a QA server
6. Use an existing security group - "Inbound SSH" 
7. Using an existing keypair "sterling-keypair-1"

AWS Configuration

1. Once the EC2 instance is online, connect to it using PuTTY and the private key (aws-private.ppk stored in lastpass)
   1. 
      

      Root user account is ec2-user
      
2. Create the tunnel-user account.
   1. Run these commands
   2. sudo -s
      adduser tunnel-user
      mkdir /home/tunnel-user/.ssh/
   3. Create an authorized_keys file containing either the QA or Production rsa key
      1. See the lastpass "tunnel-user authorized_keys" note for the correct hash
   4. Run these commands to set the permissions (mandatory)
      
      chown -R tunnel-user:tunnel-user /home/tunnel-user/.ssh
      chmod -R 700 /home/tunnel-user/.ssh/
3. Install squid and take all the defaults
   1. yum install squid
4. Set squid to start automatically, and start it
   1. chkconfig squid on
   2. service squid start

Remaining steps (outside the scope of this document) are to update the MIPS servers with the new proxy server public IP and restart the proxy connection on those servers. 

IP RESET

1.5 MIPS proxy AWS management

See LastPass for credentials (check with security if you don't see it in your shared folders)

Select the appropriate instance (see below for which ones to work with)

• click Actions -> Instance State -> Stop to power down the instance
• click Actions -> Instance State -> Start to power on the instance

Just selecting reboot will not re-assign the IP address

Configuration Changes

On each server that utilizes the AWS servers for an external IP Address  must be edited

• Edit c:\ssh-packages\go.bat
  • plink.exe -i aws-tunnel-user-private.ppk tunnel-user@ip_address -L 55555:localhost:3128
    • Change the ip_address to the new Public IP Address for the appropriate AWS instance
• Run go.bat
  • Accept the key for the new IP Address

Current servers 

P111MIP17 uses the US-West Oregon region and the PAWSSSH05 instance

P111MIP18 and P111MIP22 uses the US-West N. California region and the PAWSSSH02 instance.  If you reset this instance make sure you update the batch file on BOTH P111MIP18 and P111MIP22 as resetting the IP address will effect both servers.