Guides
Log In
Guides

Configuring Access to a Server in the AWS Cloud (SSH)

Suggest Edits

Configuration


  1. Name and Description

Categories - Optionally, users can click on the search bar to select a category. For this article, we choose the
category Servers, which was created on the Applications > Add > Category page. Identities, Supervision and Auditing Roles, and Rules set under a category are applied to all its members. For more information on configuring categories, refer to the section: Add Application Category.

Provider and Protocol

Set the location and protocol information of the server.

  • Providers -- The Cyolo platform currently supports applications hosted in two locations: Local and AWS. For this article, we will select AWS.

  • Protocol - Click on Servers and select SSH.

  • Port - The default SSH port number of 22 is auto-filled.

Application Parameter

Set the internal and external IP address or URL of the server, and other parameters.

Configuration options specific to this article are shown here. For more information on the various options available while configuring applications, refer to the section: Application Parameters.

  • Visible - The toggle button is enabled by default.

  • Site - Click the drop-down under Site to select either All Sites or a specific site by name. If a specific site is selected, the application is published on the IDACs within that site. If All Sites is selected, the application is published on all current and future IDACs. For this article, we select the site name Site.

  • Subdomain - Enter a prefix name preceding the tenant domain name. In this example, we enter cloud-ssh. The published URL will be cloud-ssh.domain.cyolo.io.

  • Domain - Domains added under the Applications > Domains page are listed here. By default, the first domain is displayed in this field. Click the drop-down to select the domain of your choice. For this article, we select the domain *.domain.cyolo.io. The published URL will be cloud-ssh.domain.cyolo.io.

  • Icon - Upload an image file to serve as an icon. This will appear above the application on the Cyolo Application Portal of the user.

  • Choose connection method -- Select the method the user will use to connect to the server. These are the two options available:

    • Allow Web Access - Selecting Web Access will open the SSH connection within the browser.

    • Allow Native Access -- As this is for cloud configuration, leave this option unchecked.

  • AWS Regions -- Select the AWS Region where your servers are located from the drop-down list.

  • Cloud Provider Matchers -- This section configures the identification of the server. Tags are key-value pairs used as metadata to organize AWS resources. In this context, the Tag option sets the identifier for the server, while the Value option specifies the value associated with the tag. Both Tag and Value are case-sensitive. One advantage of using tags is that if the IP address of a server changes, the tag does not need to be updated. Another advantage is that the admin can grant access to a group of servers sharing the same tag and its value.

  • Tag - Enter the identifier for one or a group of servers, such as "name", "owner", "environment", "org".

  • Value - Enter the specific value for the tag. For example, if the tag is "name," the tag value would be the server's specific name. To display multiple servers sharing the same tag, enter the tag and its value common to all the servers. For example, the tag "org" and its value would display all the servers under the tag "org".

    • For this article, we use the tag "Name" and its value "FileServer". Examples of adding a tag to display a group of servers is shown below in the User Experience section.

Authentication Method - Sign-in Settings

Set the authentication parameters for logging in to the server after connecting to it. For more information on authentication methods, refer to the section: Authentication Method.

  • For the purpose of this article, we select Assign secret from vault. Click Private Key under Sign-in settings and select Assign secret from vault.

  • Click the drop-down and select the secret name, ssh-private-key, for the username and private key combination created on the Vaults > Secrets page.

Identities

Specify the users or user groups that can log in to the Cyolo Application Portal to view and access the
server. For more information on configuring identities, refer to the section: Identities.

  • For the purpose of this article, we select None as user authentication is configured at the category level. Since this application is added to the category Servers, the identity and other parameters selected within the category are inherited by this application.

Supervision and Auditing Roles

For more information on Supervision and Auditing, refer to the section: Supervision and Auditing Roles.

  • For the purpose of this article, we retain the default settings for each role. Keep the option Same as defined in Roles enabled.

Rules

For more information, refer to the relevant section in Rules.

  • Rules -- Since this application belongs to the category Servers, a rule is auto-created with authentication parameters set at the category level. This is applied to all applications added to the category Servers.

  • Click Create to publish the application.

Updated 3 days ago