Skip to content

AWS - Pluto

Overview

Attribute Value
Provider AWS
Region us-west-2
Instance Type t3.micro
Instance ID i-05e7dd5e009d6d766
Internal IP 10.0.0.10
Static IP 52.32.80.62
Purpose Production workloads
Trust Level ✅ Trusted

Access

SSH

# Via SSH config alias (recommended)
ssh joe@pluto

# Direct via public IP
ssh joe@52.32.80.62

# Via ZeroTier
ssh joe@192.168.194.x

Emergency Access (SSM)

If SSH is unreachable:

# Interactive shell via SSM
aws ssm start-session --target i-05e7dd5e009d6d766 --region us-west-2

See Emergency Access for details.

Network

Attribute Value
VPC 10.0.0.0/16
Subnet 10.0.0.0/24
Security Group SSH (22), ZeroTier (9993/UDP)
ZeroTier 192.168.194.x

Static IP

Protected Resource

The Elastic IP (52.32.80.62) is protected with prevent_destroy = true and managed in a separate Terraform state file.

Attribute Value
IP Address 52.32.80.62
Allocation ID eipalloc-05fa588c23ff2037e
Tag pluto-public-ip
Allocated 2023-02-28

Services

Service Status Notes
ZeroTier ✅ Running Network 6ab565387a4b9177
fail2ban ✅ Running sshd jail active
cloudflared ✅ Running Zero Trust tunnel
cf-ddns ✅ Running Updates every 5 min

1Password Access

Pluto has 1Password service account access:

export OP_SERVICE_ACCOUNT_TOKEN=$(sudo cat /etc/op-service-account.token)
op item get "Item Name" --vault scandora.net --fields credential

Dynamic DNS

Record Type Updated By
pluto.scandora.net A cf-ddns.sh

Script location: /usr/local/bin/cf-ddns.sh Config: /usr/local/etc/cf-ddns.conf Schedule: 1-59/5 * * * *

Terraform

# Directory
cd cloud/terraform/environments/production/aws/pluto

# Plan changes
terraform plan -target=aws_instance.pluto

# Apply
terraform apply -target=aws_instance.pluto

Ansible

# Full deployment
ansible-playbook -i inventory/production.yml playbooks/site.yml --limit pluto

# Base only
ansible-playbook -i inventory/production.yml playbooks/base.yml --limit pluto

Backup

AMI Creation

# Stop instance first for consistency
aws ec2 stop-instances --instance-ids i-05e7dd5e009d6d766
aws ec2 wait instance-stopped --instance-ids i-05e7dd5e009d6d766

# Create AMI
aws ec2 create-image \
  --instance-id i-05e7dd5e009d6d766 \
  --name "pluto-backup-$(date +%Y%m%d)" \
  --description "Pluto backup"

Mickey (Dev Instance)

Mickey is cloned from Pluto's AMI for dev/IaC work:

Attribute Value
Instance Type t3a.medium
Internal IP 10.0.0.20
Static IP (none - ephemeral)
Purpose Dev/IaC workstation
Trust Level ✅ Trusted (ephemeral secrets only)

Ephemeral

Mickey should be terminated when not in use to save costs. The IP changes each time it's started.

# Connect
ssh joe@mickey
ssh joe@44.245.154.242  # Example ephemeral IP