EC2 Devbox¶
Shared development instance deployed in ap-south-1 (AWS account 113497775157).
Terraform module: environments/aws/edge/ap-south-1/dev/00-Infrastructure/02-ec2-devbox
| Property | Value |
|---|---|
| Instance ID | i-08c77c53f64ec312b |
| Instance Type | m5.2xlarge (8 vCPU / 32 GiB RAM) |
| AMI | Amazon Linux 2023 (ami-016f910f55cb4096d) |
| Storage | 1 TB gp3, encrypted, delete_on_termination = false |
| Region | ap-south-1 |
| Public IP (EIP) | 3.111.79.98 |
| Subnet | subnet-07818af774af240be (public) |
| Security Group | sg-093ee885cd1b04e3f — SSH (22), app ports 3000-3004 & 8001-8004, open to 0.0.0.0/0 |
| Terraform state | s3://ai71-aps1-dev-edge-terraform-state/infrastructure/ec2-devbox/terraform.tfstate |
How users are provisioned¶
Each developer is an entry in the users map in keypairs.tf. For every entry, Terraform:
- Generates an RSA-4096 keypair (
tls_private_key). - Registers the public key as an AWS key pair (
aws_key_pair). - Stores the private key in Secrets Manager at
ai71-aps1-dev-edge-devbox/keypairs/<username>(aws_secretsmanager_secret/_version). - Bakes the username + public key into the instance's
user_data(main.tf), which creates the Linux account, authorizes the key, and grants passwordlesssudo— but only when the instance is created or replaced.
An entry can also be marked keypair_only = true, which generates credentials but skips step 4 (no login user is created).
Connecting¶
ssh -i <(aws secretsmanager get-secret-value \
--secret-id ai71-aps1-dev-edge-devbox/keypairs/<username> \
--region ap-south-1 \
--query SecretString \
--output text) <username>@3.111.79.98
See Adding a Developer for the full onboarding flow.