Why am I not able to connect to my AWS Glue development endpoint using SSH?

Resolution

Connect to development endpoint using SSH

• Be sure that you've changed the permissions on your key pair file in the development endpoint. Confirm that only you can view the file by running the following command:

$ chmod 400 my-key-pair.pem

• Confirm the following:

• The path to your private key is correct.
• The private extension is .pem and enclosed in double quotes.

• Be sure to check the network connectivity to the development endpoint on port 22 using tools such as Telnet or Netcat.
• Be sure that your security group allows traffic from your IP address on port 22. Check if the rule for the outbound traffic is correct. The rule for the outbound traffic must confirm that the outbound traffic is open to all ports. Or, the rule must be a self-referencing rule with the following parameters: Type as All TCP, Protocol as TCP, Port Range as ALL, and Source with the same security group name as the Group ID. For more information, see Setting up your network for a development endpoint.
• Be sure that the Edit DNS Hostnames setting is turned on in the virtual private cloud (VPC) used for the AWS Glue development endpoint. Also, confirm that the Amazon Simple Storage Service (Amazon S3) endpoint is attached to the VPC subnet used for the development endpoint.
• If you are using PuTTY as the SSH client, then convert your private .pem file to a .ppk file using the PuTTYgen tool.

Connect to development endpoint using SSH port forwarding

SSH port forwarding requires a public DNS address to connect to the development endpoint. To add a public DNS address to your development endpoint, do the following:

1.    Create a development endpoint with a VPC.

2.    In the AWS Glue console, choose Dev endpoints. Note the Private address for your development endpoint. You will use this address in the next step.

3.    In the Amazon Elastic Compute Cloud (Amazon EC2) console, choose Network & Security from the navigation pane. Then, choose Network Interfaces. In the Network interfaces page, search for the Private IPv4 DNS address that corresponds to the Private Address field on your development endpoint.

4.    Allocate an Elastic IP address and associate the address to the elastic network interface using the following instructions:
For Resource type, choose Network interface.
For Network interface, choose the elastic network interface that you noted in the previous step.
Verify that the address in the Private IP address field is same as the IP address of your endpoint.

5.    To validate the setup, use the command similar to the following to check if you can connect to the development endpoint using SSH:

ssh -i dev-endpoint-private-key.pem glue@elastic-ip

6.    If you can connect successfully using this command, then use the same Elastic IP address in the actual command:

ssh -i private-key-file-path -NTL 9007:169.254.76.1:9007 glue@elastic_ip

For more information, see Accessing your development endpoint.

Note: If you are trying to connect a Jupyter notebook to a development endpoint and can't create a port forwarding tunnel, then check the port in the ssh command. Be sure that the port used in the command is 8998 instead of 9007.

For more information, see Tutorial: Set up a Jupyter notebook in JupyterLab to test and debug ETL scripts.

---

Related information

Managing your development endpoint