Connect to your first target

The Quick setup wizard is the fastest way to onboard a target to HCP Boundary.

The Quick setup wizard creates a default tcp target with the address 127.0.0.1 and the port 22 (the default SSH port using TCP). When you execute boundary connect against this target, Boundary establishes a local, authenticated proxy to the address on the target's default port (127.0.0.1:22.)

Connect using the CLI

To connect to the initial EC2 Instances target:

1. Copy the EC2 Instances target ID (such as ttcp_ZnHEU9h8qX).

2. Open a terminal session. Export the Boundary Cluster URL as an environment variable.

   $ export BOUNDARY_ADDR=<boundary-cluster-url>
   

3. Connect to the target.

   $ boundary connect -target-id ttcp_eTcZMueUYv
   

   The output displays the address and port that your SSH client must use.

The boundary connect command has a number of notable options, such as -listen-port to choose the port on which the connect command will listen for an incoming connection. This is convenient for allowing Boundary to work with applications that allow you to select the connection address, but not the port. For some applications there are still some extra hurdles that can exist, which is why connect helpers can be useful.

The dev-mode default target allows you to make as many connections as you want within the authorized session. When you finish making connections, a Ctrl-C/Command-C to the boundary connect process shuts down the session.

Select targets

When you use boundary connect, you must identify the target used for connecting. The convention in this documentation is to use the target ID because it refers to a single explicit value.

Other supported flags include:

• target-name: The name of the target
• target-scope-id: The ID of the scope in which the target lives
• target-scope-name: The name of the scope in which the target lives

Note however that these other flags are not uniquely identifying, as you may reuse names across scopes. Therefore, if you don't use the target ID, you must use the target's name in conjunction with the scope name or scope ID so that Boundary can identify the correct target.

Here is an SSH example in dev-mode:

$ boundary connect ssh -target-name "Generated target" -target-scope-name "Generated project scope"

Connect helpers

Connect helpers automatically accept host SSH key prompts for you. The connect helper format is boundary connect <subcommand>. Boundary includes connect helpers for the following connection types:

• HTTP
• Kubernetes
• PostgreSQL
• RDP
• SSH

Refer to the Connect helpers documentation for more information.

Exec flag

In addition to the built-in connect helpers, boundary connect can accommodate executing clients even when there is no built-in support for a specific client using -exec. The -exec flag is a powerful tool, allowing you to wrap Boundary TCP sessions in your preferred client. You can use this flag to create an authenticated proxy to almost anything.

Refer to the Exec flag documentation for more information.

SSH ProxyCommand

SSH ProxyCommand lets you proxy an SSH connection to a target according to a configuration file that you create. It can help simplify common developer and operator workflows. You can configure the file to connect to the target ID or the target domain.

Refer to the SSH ProxyCommand documentation for more information.

Desktop client

While you use the desktop client, choose the target and connect to retrieve local proxy details.

Tutorial

Refer to the Connect to your First Target tutorial for steps on how to create a host catalog, host set, and a target in Boundary.

Next steps

Refer to the basic administration workflows tutorial series for in depth discussions on managing scopes, targets, identities, and sessions.