Allowing only my IP Address to connect via SSH to EC2

thisisqubika · Apr 1, 2024 · ea89a7b · ea89a7b
1 parent f8a0fea
commit ea89a7b
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 41 deletions.
diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml
@@ -59,3 +59,42 @@ jobs:
       #   run: |
       #     ssh -o StrictHostKeyChecking=no -i $SSH_KEY_PATH ubuntu@${{ env.EC2_INSTANCE_IP }} "bash /tmp/create-milvus.sh"
 
+
+
+
+
+
+
+
+
+### DEPLOY MILVUS WITH CI CD:
+
+# name: Deploy Milvus on EC2 Instance
+
+# on:
+#   push:
+#     branches:
+#       - feature/testing
+#   workflow_dispatch:
+
+# jobs:
+#   deploy:
+#     runs-on: ubuntu-latest
+#     steps:
+#       - name: Deploy to EC2
+#         env:
+#           SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+#           HOSTNAME: ${{ secrets.SSH_HOST }}
+#           USERNAME: ${{ secrets.USERNAME }}
+#           PROJECT_DIRECTORY: ${{ secrets.PROJECT_DIRECTORY }}
+#           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+#           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+#         run: |
+#           set -e
+#           echo "$SSH_PRIVATE_KEY" > private_key && chmod 600 private_key
+#           ssh -o StrictHostKeyChecking=no -i private_key ${USERNAME}@${HOSTNAME} "
+#               ps -ax | grep "[s]treamlit" | awk '{print $1}' | grep '^[0-9]*$' | xargs -r kill -9 &&
+#               sed -i 's|AWS_ACCESS_KEY_ID_PLACEHOLDER|${AWS_ACCESS_KEY_ID}|' start_app.sh &&
+#               sed -i 's|AWS_SECRET_ACCESS_KEY_PLACEHOLDER|${AWS_SECRET_ACCESS_KEY}|' start_app.sh &&
+#               ./start_app.sh
+#               "
diff --git a/.github/workflows/deploy_milvus.yml b/.github/workflows/deploy_milvus.yml
diff --git a/create-milvus.sh b/create-milvus.sh
@@ -2,7 +2,7 @@
 # /Users/miguelelhaiek/.pems/ec2-milvus-standalone-testing.pem
 
 # ssh -i "/Users/miguelelhaiek/.pems/ec2-milvus-api.pem" [email protected]
-
+# ssh -i "/Users/miguelelhaiek/.pems/ec2-milvus-api.pem" [email protected]
 
 #!/bin/bash
 # Update the system

diff --git a/terraform/main.tf b/terraform/main.tf
@@ -110,7 +110,6 @@ resource "aws_security_group" "nlb_sg" {
   }
 }
 
-
 resource "aws_security_group" "milvus_sg_api" {
   name        = "milvus-sg-api"
   description = "Security group for Milvus deployment with Docker for API"
@@ -120,7 +119,7 @@ resource "aws_security_group" "milvus_sg_api" {
     from_port   = 22
     to_port     = 22
     protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
+    cidr_blocks = ["186.141.232.131/32"] // Replace ONLY your public IP address
   }
 
   egress {
@@ -142,16 +141,16 @@ resource "aws_security_group_rule" "allow_nlb_to_ec2" {
   source_security_group_id = aws_security_group.nlb_sg.id
 }
 
-
 resource "aws_instance" "milvus_instance" {
-  ami             = var.ami
-  instance_type   = var.instance_type
-  key_name        = var.key_name
-  subnet_id       = aws_subnet.vectorstore_subnet.id // Place instance in the VPC subnet
-  vpc_security_group_ids = [aws_security_group.milvus_sg_api.id] // Associate with VPC security group
-
-  user_data       = file("${path.module}/../create-milvus.sh")
-
+  ami                         = var.ami
+  instance_type               = var.instance_type
+  key_name                    = var.key_name
+  subnet_id                   = aws_subnet.vectorstore_subnet.id
+  vpc_security_group_ids      = [aws_security_group.milvus_sg_api.id]
+  associate_public_ip_address = true // This line assigns a public IP address to your instance
+
+  user_data = file("${path.module}/../create-milvus.sh")
+
   root_block_device {
     volume_size = 30
   }