Boundary
Connect to your first target
A target represents a networked service with an associated set of permissions a user can connect to through a Boundary session. A target can be part of a host set or have an address attached directly to the target.
Direct target addressing, introduced in Boundary 0.12, is useful for stand-alone services or smaller environments. Host sets are useful when there are multiple related network resources that are functionally equivalent.
In this tutorial, you will create a target with a direct address specified. You can learn more about host catalogs and host sets in the HCP Administration tutorials.
Prerequisites
- Access to an HCP Boundary instance.
- Boundary 0.12.0 installed.
- Completed the previous quick start tutorials.
- A publicly accessible Ubuntu instance.
- A ssh key-pair that can be used to authenticate with the Ubuntu instance.
Note
Ubuntu is used in this tutorial for demonstration purposes only. You can follow this guide to create a publicly accessible EC2 instance to use for this tutorial.
Lab setup
Note
The use of environment variables is not required to use HCP Boundary. Environment variables are used throughout the tutorial for ease of following along and copying the required commands.
Verify you have the necessary environment variables set from the previous getting started tutorials.
$ printenv | grep 'BOUNDARY_\|ORG_ID\|BOUNDARY_AUTH_METHOD_ID'
Example output:
BOUNDARY_ADMIN=admin ORG_ID=o_WxyZ123d BOUNDARY_AUTH_METHOD_ID=ampw_hiJKlm404 BOUNDARY_ADDR=https://501abc-8675-309e-n1n3-18f2be8b9714.boundary.hashicorp.cloud
If you do not have
BOUNDARY_ADMIN
,BOUNDARY_ADDR
,ORG_ID
, andBOUNDARY_AUTH_METHOD_ID
set, complete the previous tutorials.Retrieve the public IP address of your Ubuntu instance and export the address as an environment variable. Replace
public-ip
with the actual IP address.$ export UBUNTU_IP=public-ip
Export an environment variable for your Ubuntu host's username and path to the private key. Replace the username and path to the key file with valid values for your host.
$ export UBUNTU_USER=actualusername UBUNTU_KEY=private_key.pem
Use the same terminal for the duration of this tutorial for both the Boundary CLI and Boundary Admin UI workflows.
Configure HCP Boundary
Open a web browser and log into the HCP Portal.
Click Boundary in the left navigation menu and select your Boundary instance.
Click the Open Admin UI button.
Log in with the username and password you created in the Create a Boundary Instance on HCP tutorial.
Note: If you were already authenticated from the previous tutorial, you will redirected to the Orgs page.
Click quick-start-org to load the Projects page.
Projects are contained within an
org
, and are organizational scopes to contain roles, host catalogs, hosts, and targets.From the Projects page, click New.
In the Name field enter
quick-start-project
and then click Save.After creating a new project the ID is displayed.
Click the copy icon for the project ID.
Switch to the terminal used in the Lab setup section.
Create an environment variable named
PROJECT_ID
with the value copied from the previous step.$ export PROJECT_ID=<actual-project-id>
Return to the Boundary Admin UI.
Click Targets in the left navigation menu.
Targets are defined within a project and their associated permissions end users can interact with. Users that have permission to establish sessions with a target through a role can connect to targets through Boundary.
Click New, enter
ubuntu-target
in the Name field and selectGeneric TCP
for the Type.Enter
22
in the Default Port field and enter the IP address of your Ubuntu host in the Address field. Enter-1
in the **Maximum Connections` field to allow an unlimited number of connections to the target.Click Save. The target ID is then displayed.
Click the copy icon for the target ID.
Switch to the terminal used in the Lab setup section and create an environment variable named
TARGET_ID
with the value copied from the previous step.$ export TARGET_ID=<actual-host-id>
Connect to a target
You are now ready to connect to the target and establish a session.
Connect to the
ubuntu-target
using Boundary.Note
$UBUNTU_USER
should reference the login user for the Ubuntu host and$UBUNTU_KEY
should reference the path to your private key. See the Lab setup section if these values are not defined. If prompted, enteryes
to continue connecting.$ boundary connect ssh -target-id=$TARGET_ID -- -l $UBUNTU_USER -i $UBUNTU_KEY The authenticity of host 'ec2-198-52-100-1.compute-1.amazonaws.com (198-51-100-1)' can't be established. ECDSA key fingerprint is l4UB/neBad9tvkgJf1QZWxheQmR59WgrgzEimCG6kZY. Are you sure you want to continue connecting (yes/no)? yes ubuntu@ip-172-32-88-177:~
You are now connected to your Ubuntu host!
Next steps
In this tutorial you learned how to configure Boundary and connect to an external host. Next, you will learn how to broker static credentials to the client when connecting to a target.