Skip to content

Commit 0ffda94

Browse files
bpmctbpmct
committed
add aws-linux debugging
1 parent ea10443 commit 0ffda94

File tree

4 files changed

+91
-43
lines changed

4 files changed

+91
-43
lines changed

docs/images/quickstart/aws/public_ip.png

179 KB
Loading

docs/images/quickstart/aws/securitygroup.png renamed to docs/images/quickstart/aws/security_group.png

File renamed without changes.

examples/templates/aws-linux/README.md

Lines changed: 90 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ Follow the on-screen instructions to proceed.
1313

1414
This template assumes that coderd is run in an environment that is authenticated
1515
with AWS. For example, run `aws configure import` to import credentials on the
16-
system and user running coderd. For other ways to authenticate [consult the
16+
system and user running coderd. For other ways to authenticate [consult the
1717
Terraform docs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration).
1818

1919
## Required permissions / policy
@@ -23,49 +23,49 @@ instances provisioned by Coder:
2323

2424
```json
2525
{
26-
"Version": "2012-10-17",
27-
"Statement": [
28-
{
29-
"Sid": "VisualEditor0",
30-
"Effect": "Allow",
31-
"Action": [
32-
"ec2:GetDefaultCreditSpecification",
33-
"ec2:DescribeIamInstanceProfileAssociations",
34-
"ec2:DescribeTags",
35-
"ec2:CreateTags",
36-
"ec2:RunInstances",
37-
"ec2:DescribeInstanceCreditSpecifications",
38-
"ec2:DescribeImages",
39-
"ec2:ModifyDefaultCreditSpecification",
40-
"ec2:DescribeVolumes"
41-
],
42-
"Resource": "*"
43-
},
44-
{
45-
"Sid": "CoderResources",
46-
"Effect": "Allow",
47-
"Action": [
48-
"ec2:DescribeInstances",
49-
"ec2:DescribeInstanceAttribute",
50-
"ec2:UnmonitorInstances",
51-
"ec2:TerminateInstances",
52-
"ec2:StartInstances",
53-
"ec2:StopInstances",
54-
"ec2:DeleteTags",
55-
"ec2:MonitorInstances",
56-
"ec2:CreateTags",
57-
"ec2:RunInstances",
58-
"ec2:ModifyInstanceAttribute",
59-
"ec2:ModifyInstanceCreditSpecification"
60-
],
61-
"Resource": "arn:aws:ec2:*:*:instance/*",
62-
"Condition": {
63-
"StringEquals": {
64-
"aws:ResourceTag/Coder_Provisioned": "true"
65-
}
66-
}
26+
"Version": "2012-10-17",
27+
"Statement": [
28+
{
29+
"Sid": "VisualEditor0",
30+
"Effect": "Allow",
31+
"Action": [
32+
"ec2:GetDefaultCreditSpecification",
33+
"ec2:DescribeIamInstanceProfileAssociations",
34+
"ec2:DescribeTags",
35+
"ec2:CreateTags",
36+
"ec2:RunInstances",
37+
"ec2:DescribeInstanceCreditSpecifications",
38+
"ec2:DescribeImages",
39+
"ec2:ModifyDefaultCreditSpecification",
40+
"ec2:DescribeVolumes"
41+
],
42+
"Resource": "*"
43+
},
44+
{
45+
"Sid": "CoderResources",
46+
"Effect": "Allow",
47+
"Action": [
48+
"ec2:DescribeInstances",
49+
"ec2:DescribeInstanceAttribute",
50+
"ec2:UnmonitorInstances",
51+
"ec2:TerminateInstances",
52+
"ec2:StartInstances",
53+
"ec2:StopInstances",
54+
"ec2:DeleteTags",
55+
"ec2:MonitorInstances",
56+
"ec2:CreateTags",
57+
"ec2:RunInstances",
58+
"ec2:ModifyInstanceAttribute",
59+
"ec2:ModifyInstanceCreditSpecification"
60+
],
61+
"Resource": "arn:aws:ec2:*:*:instance/*",
62+
"Condition": {
63+
"StringEquals": {
64+
"aws:ResourceTag/Coder_Provisioned": "true"
6765
}
68-
]
66+
}
67+
}
68+
]
6969
}
7070
```
7171

@@ -81,6 +81,53 @@ This often occurs when the EC2 instance cannot reach your Coder access URL. If y
8181

8282
You can also troubleshoot by connecting directly into the instance and checking the agent logs. First, log in to the [AWS Console](https://console.aws.amazon.com) and create a security group that permits inbound SSH.
8383

84+
![AWS Security Groups](https://raw.githubusercontent.com/coder/coder/main/docs/images/quickstart/aws/security_group.png)
85+
86+
Next, edit the template (`vim main.tf`) and to use the security group and add your public SSH key (often `~/.ssh/id_rsa.pub`).
87+
88+
```yaml
89+
users:
90+
- name: ${local.linux_user}
91+
sudo: ALL=(ALL) NOPASSWD:ALL
92+
shell: /bin/bash
93+
# Uncomment to add SSH public key for debugging
94+
ssh-authorized-keys:
95+
- ssh-rsa AAA...
96+
```
97+
98+
```hcl
99+
resource "aws_instance" "dev" {
100+
ami = data.aws_ami.ubuntu.id
101+
availability_zone = "${var.region}a"
102+
instance_type = var.instance_type
103+
104+
user_data = data.coder_workspace.me.transition == "start" ? local.user_data_start : local.user_data_end
105+
tags = {
106+
Name = "coder-${data.coder_workspace.me.owner}-${data.coder_workspace.me.name}"
107+
# Required if you are using our example policy, see template README
108+
Coder_Provisioned = "true"
109+
}
110+
# Uncomment to enable SSH access for debugging
111+
# This assumes you have a security group named "SSH"
112+
security_groups = ["SSH"]
113+
}
114+
```
115+
116+
Next, push a new template version and update your workspace:
117+
118+
```sh
119+
coder templates push
120+
coder workspaces update <workspace-name>
121+
```
122+
123+
Now that the instance has been rebuilt with SSH access, log in using public IP and check the logs:
124+
125+
![AWS Security Groups](https://raw.githubusercontent.com/coder/coder/main/docs/images/quickstart/aws/public_ip.png)
126+
84127
```sh
128+
ssh coder@<ec2-public-ip>
85129
cat /tmp/coder-agent.log
130+
86131
```
132+
133+
If you are still running into issues, see our [generic troubleshooting instructions](https://coder.com/docs/coder-oss/latest/templates#troubleshooting-templates) or reach out [on Discord](https://discord.gg/coder).

examples/templates/aws-linux/main.tf

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -180,6 +180,7 @@ resource "aws_instance" "dev" {
180180
Coder_Provisioned = "true"
181181
}
182182
# Uncomment to enable SSH access for debugging
183+
# This assumes you have a security group named "SSH"
183184
# security_groups = ["coder_debug"]
184185
}
185186

0 commit comments

Comments
 (0)