Managing the Bastion

Throughout this page, the following metavariables are used:

The bastion is provided for developer access, and should not be used for client applications. See Client Applications for details about configuring application access.

Starting and Stopping the Bastion

The bastion is part of an AutoScalingGroup of size one. You can view this group in the AutoScalingGroups tab of the EC2 Console, named $(SystemName)-BastionAutoScalingGroup-<ID>.

You should use CloudFormation's Update Stack feature to manage starting and stopping bastion instances.

To start a bastion instance, if one is not already running:

  1. Find your Primary Compute Resrouces stack in the CloudFormation window and click the checkbox at the start of its row.
  2. Choose Actions and then Update Stack
  3. Accept the default Use current template and click Next
  4. Choose Yes for the Enable bastion? option and click Next
  5. Click Next again to accept the defaults on the Options page
  6. On the Review page, under Capabilities, click the checkbox stating "I acknowledge that AWS CloudFormation might create IAM resources with custom names."
  7. Click Update to update the stack.
  8. The details in the Events tab of the CloudFormation stack will display UPDATE_COMPLETE when the update is done.

To stop a bastion instance when one is already running, follow the above steps, choosing No for Enable bastion? in step 4.

You can monitor the status of the bastion in the AWS EC2 Management Console. The bastion is named SystemName-bastion. When the Instance State is running, the bastion is available for use. An Instance State of terminated indicates the bastion has completely stopped, and therefore you will incur no more charges for that instance.

The SOCKS Proxy Script

The datomic-socks-proxy script used in the Getting Started directions requires one argument, the system-name. It can also take several optional arguments:

-p <aws-profile> -- name of an AWS Credentials Profile to use
-r <aws-region> -- AWS Region in which the Datomic system is running
--port <socks-port> -- Port to use for the proxy, default 8182