Using knife ec2 plugin to create VM in VPC private subnet

Question

Although I\'ve written a fair amount of chef, I\'m fairly new to both AWS/VPC and administrating network traffic (especially a bastion host).

Using the knife ec2 plugin,

Answer 1

I finally resolved this. I was missing the username when specifying my gateway. I originally thought that the --ssh-user argument would be used for both the gateway AND the VM I'm attempting to bootstrap. This was incorrect, username must be specified for both.

knife ec2 server create \
    --flavor t1.micro \
    --identity-file <ssh_private_key> \
    --image ami-3fec7956 \
    --security-group-ids sg-9721e1f8 \
    --subnet subnet-e4764d88 \
    --ssh-user ubuntu \
    --server-connect-attribute private_ip_address \
    --ssh-port 22 \
    --ssh-gateway ubuntu@<gateway_public_dns_hostname (route 53)> \
    --tags isVPC=true,os=ubuntu-12.04,subnet_type=public-build-1c \
    --node-name <VM_NAME>

Just the line containing the update (notice the ubuntu@ in front):

    --ssh-gateway ubuntu@<gateway_public_dns_hostname (route 53)>

I have now gone through and locked my bastion host back down, including removal of /home/ubuntu/.ssh/identity, as storing the private key on the bastion host was really bugging me.

FYI: When setting up a bastion host, the "out of the box" configuration of sshd will work when using the Amazon Linux AMI image. Also, some of the arguments above are optional, such as --ssh-port.