Connect to Your First Target
A target represents a networked service with an associated set of permissions a user can connect to through a Boundary session. A target can be part of a host set or have an address attached directly to the target.
Direct target addressing, introduced in Boundary 0.12, is useful for stand-alone services or smaller environments. Host sets are useful when there are multiple related network resources that are functionally equivalent.
In this tutorial, you will create a target with a direct address specified. You can learn more about host catalogs and host sets in the HCP Administration tutorials.
- Access to an HCP Boundary instance.
- Boundary 0.12.0 installed.
- Completed the previous quick start tutorials.
- A publicly accessible Ubuntu instance.
- A ssh key-pair that can be used to authenticate with the Ubuntu instance.
Ubuntu is used in this tutorial for demonstration purposes only. You can follow this guide to create a publicly accessible EC2 instance to use for this tutorial.
The use of environment variables is not required to use HCP Boundary. Environment variables are used throughout the tutorial for ease of following along and copying the required commands.
Verify you have the necessary environment variables set from the previous getting started tutorials.
$ printenv | grep 'BOUNDARY_\|ORG_ID\|BOUNDARY_AUTH_METHOD_ID'
BOUNDARY_ADMIN=admin ORG_ID=o_WxyZ123d BOUNDARY_AUTH_METHOD_ID=ampw_hiJKlm404 BOUNDARY_ADDR=https://501abc-8675-309e-n1n3-18f2be8b9714.boundary.hashicorp.cloud
If you do not have
BOUNDARY_AUTH_METHOD_IDset, complete the previous tutorials.
Retrieve the public IP address of your Ubuntu instance and export the address as an environment variable. Replace
public-ipwith the actual IP address.
$ export UBUNTU_IP=public-ip
Export an environment variable for your Ubuntu host's username and path to the private key. Replace the username and path to the key file with valid values for your host.
$ export UBUNTU_USER=actualusername UBUNTU_KEY=private_key.pem
Use the same terminal for the duration of this tutorial for both the Boundary CLI and Boundary Admin UI workflows.
Configure HCP Boundary
Open a web browser and log into the HCP Portal.
Click Boundary in the left navigation menu and select your Boundary instance.
Click the Open Admin UI button.
Log in with the username and password you created in the Create a Boundary Instance on HCP tutorial.
Note: If you were already authenticated from the previous tutorial, you will redirected to the Orgs page.
Click quick-start-org to load the Projects page.
Projects are contained within an
org, and are organizational scopes to contain roles, host catalogs, hosts, and targets.
From the Projects page, click New.
In the Name field enter
quick-start-projectand then click Save.
After creating a new project the ID is displayed.
Click the copy icon for the project ID.
Switch to the terminal used in the Lab setup section.
Create an environment variable named
PROJECT_IDwith the value copied from the previous step.
$ export PROJECT_ID=<actual-project-id>
Return to the Boundary Admin UI.
Click Targets in the left navigation menu.
Targets are defined within a project and their associated permissions end users can interact with. Users that have permission to establish sessions with a target through a role can connect to targets through Boundary.
Click New, enter
ubuntu-targetin the Name field and select
Generic TCPfor the Type.
22in the Default Port field and enter the IP address of your Ubuntu host in the Address field. Enter
-1in the **Maximum Connections` field to allow an unlimited number of connections to the target.
Click Save. The target ID is then displayed.
Click the copy icon for the target ID.
Switch to the terminal used in the Lab setup section and create an environment variable named
TARGET_IDwith the value copied from the previous step.
$ export TARGET_ID=<actual-host-id>
Connect to a target
You are now ready to connect to the target and establish a session.
Connect to the
$UBUNTU_USERshould reference the login user for the Ubuntu host and
$UBUNTU_KEYshould reference the path to your private key. See the Lab setup section if these values are not defined. If prompted, enter
yesto continue connecting.
$ boundary connect ssh -target-id=$TARGET_ID -host-id=$HOST_ID -- -l $UBUNTU_USER -i $UBUNTU_KEY The authenticity of host 'ec2-198-52-100-1.compute-1.amazonaws.com (198-51-100-1)' can't be established. ECDSA key fingerprint is l4UB/neBad9tvkgJf1QZWxheQmR59WgrgzEimCG6kZY. Are you sure you want to continue connecting (yes/no)? yes ubuntu@ip-172-32-88-177:~
You are now connected to your Ubuntu host!
In this tutorial you learned how to configure Boundary and connect to an external host. Next, you will learn how to broker static credentials to the client when connecting to a target.