dms1981
dms1981
Not sure what the jump server name is / would be, but I don't see any evidence of an instance with that name nor a bastion host. The readme has...
https://aws.amazon.com/blogs/compute/how-to-enable-x11-forwarding-from-red-hat-enterprise-linux-rhel-amazon-linux-suse-linux-ubuntu-server-to-support-gui-based-installations-from-amazon-ec2/ https://aws.amazon.com/blogs/aws/new-port-forwarding-using-aws-system-manager-sessions-manager/
Further to this, it looks like it's quite possible to forward X11 over SSH through SSM - https://github.com/aws/session-manager-plugin/issues/66
I've updated the subject value through this PR: https://github.com/ministryofjustice/modernisation-platform/pull/4677 However, looking in the cloudtrail logs for the example account still shows an unknown error: https://eu-west-2.console.aws.amazon.com/cloudtrail/home?region=eu-west-2#/events/9774b62d-d9fa-4a86-8544-1a27e4da83e2 I've updated the support case...
Raised case in the main Modernisation Platform account - 13520776201 - to allow AWS Support to observe successful authentication behaviour.
Updated the version of the credentials provider used in GitHub, and it looks like it now successfully authenticates and completes the `aws s3 ls` command: * https://eu-west-2.console.aws.amazon.com/cloudtrail/home?region=eu-west-2#/events/e1c22688-c0d3-4ab3-ab82-9502b897749e * https://github.com/ministryofjustice/modernisation-platform-configuration-management/actions/runs/5831574052/job/15815250311
We can now supply managed rulesets to our firewall policies. I think we still need to consider how traffic is matched against the rulesets in our policies, as since this...
This was traced back to how AWS expects TCP connections to be utilised, and how the database differed in its expectations of long-running TCP connections. A way to configure keepalives...
Looks like it was solved in this commit: https://github.com/ministryofjustice/aws-root-account/pull/724?
I've had a look at this one compared to the state of our VPN code today. We only declare two blocks of VPN routes now, so I don't think this...