im using latest build ec2box-jetty-v0.11_01 on micro instance, and server going into swap and page loading time too slow.

before was build 0.7x, very fast and light , even without swap file,

memory set for java 256M

While using MQL prompt in EC2Box terminal, arrow keys returning characters such as A,B,C,D instead of its normal functionality like arrow-up key for last history command.
[MQL ref : http://enoviaplm.blogspot.in/2009/07/mql-commands.html ]

At beginning i though data is getting replaced in terms.js, but actually jsch only returning such data ('A' for up arrow key . . ) . i have tried arrow-up key inside MQL prompt on putty and its working properly.

I also tried with mysql prompt also, Keys are working properly.
Can you please tell us why its returning such chars only with MQL prompt.

Thanks in advance.

When I attempt to delete a user from EC2Box, I immediately get logged out. The following message is then logged:
2017-05-24 16:48:10.706:INFO:oejs.session:qtp428746855-9: Session node0726rajz2qo191gb6tiw6hzo3n0 already being invalidated

Upon logging back into EC2Box, the user is still there. I've tried deleting multiple users and it's always the same result.

EC2Box v0.30.03
Java 8
Ubuntu 16.04

I am getting this with Username: admin and Password: changeme as documented in the readme. This is from a binary installation of the v0.30.03 release.

Not allowing to copy text from line which contains terminal cursor. I think it is due to blinking of cursor.
If you know any solution then please let me know.

Thanks in advance.

Since a while now AWS offers the "EU Frankfurt" region. Would be nice to enhance the EC2 Region list.

Users get access to boxes that should be filtered out based on their profile.

steps to reproduce:

1. create 3 boxes in AWS named 'DEV', 'STG', and 'PRD'
2. set up a profile with filter 'Name=DEV,Name=STG' and assign it to a user.
3. As that user, do a search for 'Name=STG,Name=PRD'.

Expected Behavior:
You should only see the box STG.

Actual Behavior:
You see all 3 boxes.

My understanding is that the logic should be:

(Profile1_Filter OR Profile2_Filter OR ... ProfileN_Filter) AND User_Filter.

While troubleshooting why a particular user could not access some boxes in ec2box, we escallated the user to "Full Access". It did not resolve his problem. We later realized the problem was that the tags we had for the profile he was assigned to needed to be updated and we fixed the problem.

So we then changed the user back to "Admin Access Only". It was then that we noticed that the profiles originally assigned to him were still present.

So it seems the bug is that if a user is marked as "Full Access", but they have Profiles Associated with them, the Profiles take Precedence and limit his access. I would think if someone is Full Access, then there Profile tags would be ignored and then would get access to everything. Because if a user is marked a "Full Access", then the "Assign Profiles button dissapears" and you can't make changes.

Hi,
showing which tags are available for each instance would make the use of the tag filter easier. The current use is to memorise some tags and write them as free text in the tag section (e.g.: Environment=Production)

This could be part 1 of a 2 part tag improvement story:

1. List the tags next to each instance (this issue)
2. Create a multi-selection dropdown list of all possible filters instead of the free text "Tag" field. (can be created as a separate issue).

Any thoughts or comments?
Regards
Allen

All I get is "No systems associated with upload"

You can leave this. We'll provide a pull request for it.:

• Note in README.md about:

http://blogs.aws.amazon.com/security/post/Tx29HCT3ABL7LP3/Resource-level-Permissions-for-EC2-Controlling-Management-Access-on-Specific-Ins

(At least people should know about the options to enhance the restriction.)

• Add example for tags in profile/add dialog

Anyone running EC2box publically may want to turn it off as a precaution. I've seen signatures in my ec2box logs contingent to this attack.

https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=1013

My colleague reported a bug to me, and I just reproduced the problem: We found that after 60 seconds of inactivity, the SSH connection is disconnecting, and then the web based terminal locks and doesn't accept any inputs. After that, opening a new terminal to any host results in a blank terminal, even though I can see that the new underlying SSH connection has been made - it sits idle with no way to receive input from the terminal. I suppose they'll time out on the server after a while and be closed down, but they don't seem to have the same 60-second idle timeout!

I want to list out active terminals and disconnect terminal with specific condition (snooping).

Please let me know possibility.

Thanks in Advance.

Is it possible to Implement below options for this?

1. Do not automatically close the SSH session opened server-side immediately when web socket on client side is disconnected
2. Reassign SSH session with web socket if web socket is disconnected
3. Close SSH session server-side after a given timeout if web socket does not reconnect

Really great job here - do you plan on adding support for copying / pasting via the terminal windows?

EC2Box Version: 0.30.03
Mumbai region is missing when importing EC2 keys.

Really a nice tool.
Can it support download file feature. As it will be really helpful or any idea how we can get this feature in EC2box.

I can log into EC2Box on my iPad (iOS 10.3.2) using Safari and Chrome. When I try to bring up a terminal (or multiple terminals), all I get is a collapsed gray bar with the terminal name in it. There is no apparent way to expand these bars to show the actual terminal. Safari for iOS is web socket compliant, so it's not clear what the problem might be.

Is anyone else using EC2Box from an iPad?

Hi @skavanagh,
I was browsing github today for a quite similar idea, as EC2 Box offers. My initial intention was to find a terminal access via browser for SSH sessions. Then I found your project. I like it a lot, as you are doing in partial what I as was seeking for.

Here I have a few question:

• You are opening SSH Session on the server-side and the client is triggering the session each 500 milliseconds right?
• Did you think of using Websockets?
• Did you think of using a generic approach of SSH Session in the browser. What I mean here is detaching the exclusiveness from EC2 towards all types of SSH session?
• Did you think of switching from JQuery to some more usable stuff like angular?

I would really be happy to hear from you and discuss the above points.

Regards,
Johannes

An unique anti-CSRF token should be generated and included to all POST requests and that token should be invalidated after it is used to prevent replay attacks.

The anti-CSRF tokens should be tied to the user session, and be invalidated after the user session is ended. In the case of long-lasting sessions, the anti-CSRF tokens should also have a shorter timeout.

It took a little doing to figure out where the specific data is stored, you might give some instructions for how to save your user data if you upgrade versions (I'm using the prebuilt jetty version)

1. Maybe just highlight that the user data is all stored in EC2Box-jetty/jetty/ec2box/WEB-INF/classes/ec2db/ec2box.h2.db
2. I'm now moving the parent ec2db dir somewhere else and symlinking out to it, might consider a standard/recommended way to handle this

Item 1 would have solved my immediate issue, Item 2 would be great but understandably is more work.

Hi,

I have an inquiry regarding “Bastillion for EC2” in which I need your assistance.
We are currently using Bastillion as our EC2 SSH management system, and its web interface is accessible from the instance’s public IP address with a warning message when open it in the browser.

My question is, how can I configure the system so it opens with a friendly name and a certificate form a Certificate Authority. I have created a subdomain for it called: “bastillion.compnay.com” and I will purchase a certificate from our CA provider, but need to know how to configure the system in the right way as per this scenario.

Thanks,
Ali

I just upgraded to 0.30 and I got 2 logging errors for log4j-core and log4j2.xml.
ERROR StatusLogger Log4j2 could not find a logging implementation. Please add log4j-core to the classpath.
ERROR StatusLogger No log4j2 configuration file found. Using default configuration: logging only errors to the console.

Here are the workarounds to resolve them:
*Manually download log4j and copy log4j-core to lib:
cp /tmp/log4j-core-2.7.jar jetty/ec2box/WEB-INF/lib/
*Copy log4j2.xml to classes:
cp jetty/modules/log4j2-impl/resources/log4j2.xml jetty/ec2box/WEB-INF/classes/

com.amazonaws.AmazonServiceException: 554 exceeds the maximum number of instance IDs that can be specificied (100). Please specify fewer than 100 instance IDs. (Service: AmazonEC2; Status Code: 400; Error Code: InvalidRequest; Request ID: c6708e8d-4f89-47ca-bd89-a3f405610206)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:805)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:428)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:234)
at com.amazonaws.services.ec2.AmazonEC2Client.invoke(AmazonEC2Client.java:8711)
at com.amazonaws.services.ec2.AmazonEC2Client.describeInstanceStatus(AmazonEC2Client.java:6068)
at com.ec2box.manage.action.SystemAction.viewSystems(SystemAction.java:186)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:450)
at com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(DefaultActionInvocation.java:289)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:252)
at org.apache.struts2.interceptor.DeprecationInterceptor.intercept(DeprecationInterceptor.java:41)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at org.apache.struts2.interceptor.debugging.DebuggingInterceptor.intercept(DebuggingInterceptor.java:256)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:167)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:265)
at org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:138)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:254)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:254)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:191)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at org.apache.struts2.interceptor.MultiselectInterceptor.intercept(MultiselectInterceptor.java:73)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(CheckboxInterceptor.java:91)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUploadInterceptor.java:252)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(ModelDrivenInterceptor.java:100)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.intercept(ScopedModelDrivenInterceptor.java:141)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(ChainingInterceptor.java:145)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(PrepareInterceptor.java:171)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:98)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInterceptor.java:139)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(ServletConfigInterceptor.java:164)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasInterceptor.java:193)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.intercept(ExceptionMappingInterceptor.java:189)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:246)
at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.java:54)
at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.java:562)
at org.apache.struts2.dispatcher.ng.ExecuteOperations.executeAction(ExecuteOperations.java:77)
at org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter.doFilter(StrutsPrepareAndExecuteFilter.java:99)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1639)
at com.ec2box.common.filter.AuthFilter.doFilter(AuthFilter.java:107)
at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1631)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:549)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:568)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:221)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1111)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:478)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:183)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1045)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:199)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:462)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:279)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:232)
at org.eclipse.jetty.io.AbstractConnection$2.run(AbstractConnection.java:534)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:607)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:536)
at java.lang.Thread.run(Thread.java:724)

it would be nice to get an error message that the EC2 key is invalid. I spent a little time trying to figure out why I was getting the "No sessions could be created" error, when I realized that the end rsa key line was cut off when I pasted it into the form.

Great tool, thank you.

Hi. Thanks for taking the time on this project. It looks like it will be very handy. I am having one issue adding AWS credentials to my account. I have added both Access and Secret keys, but it does not save. The page returns invalids entry. This is 100% correct and i copied to notepad removed the leading blank spaces, but still not saving.
I also tried firefox and google chrome.

Thanks for your help
John

Hi,
I noticed that the Create SSH terminal button is hidden when there are many servers in the list.
The reason is that it is located inside the scrollWrapper div, whereas ideally it should be located outside of it.
A simple change in the JSP should be sufficient, I can create a pull request for this if you agree that it will improve usability.
Cheers
Allen

Hello all,

Is it possible to access the private AWS databases through any UI; such as MySQL Workbench.

Because currently we can access the bastion from the Bastillion web console, and from it we access other private instances via the terminal only.

We need to know if we can implement any SSH tunneling to open our applications and databases via GUI.

Thanks,
Ali

No option in import key dropdown for Ohio.

I'm new to this but loving what you've done !

I'm struggling with filtering tags at the moment. I want to create profile(s) so that my dev team can access non-production hosts so the widcards are Name=QA and Name=DEV.

When filtering in the composite terminal list, either one of those brings up the correct hosts; but I can't use multiple to bring up all the relevant hosts no matter what I try. If I try comma separating the filters (eg Name=QA,Name=PT) then it only shows the hosts that match the last term

Next up I tried creating individual profiles and applying them to an account. The account can now see only the hosts for the last profile I add, instead of all the hosts the profiles match.

Is there a way to stack up filters ? Maybe a way of adding an OR statement to matching ?

Hi,

I am using EC2Box for the past 1 month. Is this possible to grouping the server.

Hello,

Currently we extend session on every keyword type in terminal by adding AuthUtil.setTimeout(httpSession) in SecureShellWS/onMessage.

But if we type commands like 'top' session will not update. So i have added AuthUtil.setTimeout(httpSession) in SentOutputTask on every response from server. It will work fine some time. but after it throws bellow error.

java.lang.IllegalStateException
	at org.eclipse.jetty.server.session.AbstractSession.checkValid(AbstractSession.java:106)
	at org.eclipse.jetty.server.session.HashedSession.checkValid(HashedSession.java:79)
	at org.eclipse.jetty.server.session.AbstractSession.changeAttribute(AbstractSession.java:518)
	at org.eclipse.jetty.server.session.AbstractSession.setAttribute(AbstractSession.java:469)
	at com.ec2box.common.util.AuthUtil.setTimeout(AuthUtil.java:186)
	at com.ec2box.manage.task.SentOutputTask.run(SentOutputTask.java:67)
	at java.lang.Thread.run(Unknown Source)

Can you please suggest me any alternate way to extend session for above scenario or way to solve above issue.

Thanks in advance.

While I am building with mvn this error showed up and not running the app. Please help to check on this.

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:30 min
[INFO] Finished at: 2018-05-22T08:12:44Z
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal on project ec2box: Could not resolve dependencies for project com.ec2box:ec2box:war:1.00.00: Could not find artifact loophole.mvc:lmvc:jar:1.00.00 in central (https://repo.maven.apache.org/maven2) -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/DependencyResolutionException

I enabled access to EC2 via a proxy by editing EC2BoxConfig.properties:

proxy settings for AWS client

awsProtocol=https
awsProxyHost=proxyhost
awsProxyPort=80
awsProxyUser=userid
awsProxyPassword=password

With proxy enabled, I am able to retrieve the list of running EC2 instances that use my private key. However, when I try to create an SSH terminal to any instance, I get "Error: DNS Lookup Failed".

If I disable the proxy settings and connect directly to the public Internet, I am able to retrieve the list of running EC2 instances that use my private key and I can create an SSH terminal to any instance.

I am currently using EC2Box v0.26.01 w/jetty.

EC2Box v0.30.03 on Ubuntu 16.04 LTS

We have multiple Full Access users. When we add new EC2 instances they don't always show up in their inventory. So far there doesn't appear to be any rhyme or reason as to who this effects.

Trying to connect terminals using SSH tunneling. Not getting proper documents.
As you mentioned on sshkeybox that its not possible. But is it possible on ec2box ?

waiting for reply,
Thanks.

I am trying to setup AWS credentials for an IAM account with Two Factor authentication enabled. Is it possible to use Two Factor auth on AWS when using EC2Box and if so how do I set this up?

Probably dumb questions but I can't figure out the following:

• change SSL port (tried changing \EC2Box-jetty\jetty\etc\jetty.xml) but didn't work
• change SSL cert (tried keystore command to install cert, but still uses self-sign cert)
• where can I set things link gzip compression, static file expiration, etc.?

Thanks!

Hi,

We were facing issues with the connection pool that is created to talk to the H2 db. Looks like the pool size is hard coded to be 25 and given our user base we are constantly having login issues where the app complains with the following exception :

Caused by: java.util.NoSuchElementException: Timeout waiting for idle object
at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:1134)
at org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java:106)
... 98 more
java.lang.NullPointerException
org.apache.commons.dbcp.SQLNestedException: Cannot get a connection, pool error Timeout waiting for idle object

We use the release tar to install the app and given that these parameters are not coming from a config file we wanted to check if there is a way to increase the pool size without having to build from source.

Thanks,
Pramod.

Nice work, I see it has more value behind firewall where outgoing ssh are blocked.

However, I can configure it working properly (web+ssh) without firewall, but when using behind a corporate firewall, I can only make web interface work by setting values in
./src/main/resources/EC2BoxConfig.properties
awsProxyHost=
awsProxyPort=

The "Composite SSH Terminals" never works for me when using behind firewall. Is SSH still using default port-22? Or it uses http_proxy as specified above?

It would be great if we could use this from behind our corporate proxy.
Any plans to include this?

I have multiple aws ec2 instances and I need to manage access those servers across the team.
-- I should be able to manage ssh keys across the ec2 instances
-- Run command on multiple instances simultaneously

So, I am look at tool which has both ec2Box and KeyBox functionality.

Discuss support for IAM policies / IAM users which may want to add (or have to add) there own AWS credentials / keys. (In that case users can access machines via EC2Box both ways: assigned by profile and by there IAM ressource (user account).

I do not have a final idea yet. But maybe you have.

Hi - I would really like to see the LDAP support (in skybox) ported over to EC2Box. In addition, I'm wondering if you can use the logged in user's username as the username that is used to login into the instance. Currently, admins are able to change the user name by clicking on it in the grid.

Both of these changes would really help me out, as it would allow my users to login using their active directory credentials and then use their username when connecting to the actual instance (this latter point helps w/ auditing).

If both items are too much to ask, the LDAP support (by itself) would be great.

Thanks!

Hi @skavanagh,

In our current setup the H2DB has grown beyond 7GB of size due to Audit Logging being enabled. This is causing the Audit Session screen load very slowly. We tried reducing the "deleteAuditLogAfter" from 90 to 30, and after that the Screen does not even load as it is not able to delete the older entries from the db.

I was then trying to connect to the DB using the H2DB Shell utility to see if i could flush the audit entries directly, however looks like the DB is encrypted and wanted to check with you what the default key is for decrypting it.

Pramod.

Would be nice if you can merge pull request #48 from Keybox also to EC2Box. Thx!

Hi - is it possible to configure ec2box to use profile role instead of the access keys?

Thanks!

Hi,

We are using Ec2Box for handling access to our AWS infrastructure and Profile seem to be behaving incorrectly. E.g.

Instances we have in EC2 are :

1. instance-1 -> Tag - {Role : DB}
2. instance-2 -> Tag - {Role : APP}

We created a Profile in Ec2Box with the following tag entry:
{Role=DB,Role=APP}

The expectation was the user who we assign the above profile will get access to both instances. However we can see that viewSystems screen shows only one instance i.e. instance-2.

When we swap the Tags in the profile configuration to {Role=APP,Role=DB}, the user starts seeing instance-1 and not instance-2.

Also, Creating multiple profiles and assigning them to user seems to be doing an AND of the tags to filter instances instead of an OR. E.g.

Instances in EC2 are :

1. instance-1 -> Tag - {Tag1 : Value1}
2. instance-2 -> Tag - {Tag2 : Value2}

Profiles we created :

1. Profile1 - {Tag1 : Value1}
2. Profile2 - {Tag2 : Value2}

When we assign both the profiles to the user the viewSystems screen shows an empty list of instances, however we expected that by assigning multiple profiles we should get a union of instances returned by each profile filter.

Thanks,
Pramod.

It will be beneficial if we can configure default TIMEOUT value on EC2BoxConfig.properties file.