I'm currently working on setting up a RabbitMQ broker within an AWS private subnet and accessing it securely using AWS Systems Manager (SSM)
Note: working solution: I have tried with bastion host in public subnet and rabbitmq broker in private subnet and attached the proper security group and proxy setting and able access the rabbitmq console in firefox browser
below is my ssh port forwarding command
ssh -i "poc-rabbitmq-jump-box-2.pem" -N -C -f -D 4444 ec2-user@<ec2-public-address>
But want to access using SSM ,Here's what I've tried so far:
I've successfully used SSM to establish port forwarding sessions for other services(RDS) using commands like:
aws ssm start-session --target <ssm-managed-instance-id> --document-name AWS-StartPortForwardingSessionToRemoteHost --parameters '{"portNumber":["3306"],"localPortNumber":["1053"],"host":[" remote-database-host-name"]
However, when attempting to adapt this approach for RabbitMQ which is in private subnet, I encountered issues. Here's the command I tried:
aws ssm start-session --target <ssm-managed-instance-id> --document-name AWS-StartPortForwardingSessionToRemoteHost --parameters '{"portNumber":["443"],"localPortNumber":["5555"],"host":["b-<someid>.mq.us-east-1.amazonaws.com "]}
rabbitmq web Console url: https://b-<someid>.mq.us-east-1.amazonaws.com
PortNumber tried: 443, 15672
The RabbitMQ broker's console URL is: https://b-.mq.us-east-1.amazonaws.com.
Unfortunately, this approach didn't work as expected, and I'm struggling to identify the root cause of the issue.
I would greatly appreciate any insights or guidance on how to effectively utilize AWS Systems Manager for securely accessing a RabbitMQ broker within a private subnet. Thank you in advance for your assistance!
Following will work
aws ssm start-session --target <ssm-managed-instance-id> --document-name AWS-StartPortForwardingSessionToRemoteHost --parameters '{"portNumber":["443"],"localPortNumber":["5555"],"host":["b-<someid>.mq.us-east-1.amazonaws.com "]}
rabbitmq web Console url: https://b-<someid>.mq.us-east-1.amazonaws.com
PortNumber tried: 443, 15672
need to use 443 and https://localhost:5555 worked
i was trying http://localhost:5555. need to use https because security group was configured for https 443 port. My Bad:)