Server Access Guide
This guide explains how to use your Terraform Cloud credentials to retrieve the production server IP and SSH key, and then securely SSH into the server.
Prerequisites
- You must have the Terraform CLI installed.
- You must have access to the Terraform Cloud workspace.
Step-by-Step Instructions
1. Authenticate with Terraform Cloud
If you haven't already, authenticate your local Terraform CLI with Terraform Cloud by running:
terraform loginFollow the prompts in the browser to generate and provide the API token.
2. Navigate to the Environment
Move into the production terraform environment folder:
cd infrastructure/terraform/environments/production3. Initialize Terraform
Ensure the workspace is initialized so it can fetch the latest state from Terraform Cloud:
terraform init4. Extract the SSH Key
The private key to access the nodes is stored securely in the Terraform state. Extract it using the terraform output command and save it to your local .ssh directory:
terraform output -raw swarm_ssh_private_key > ~/.ssh/busflow_productionSet the proper strict file permissions for the key (SSH will reject keys that are too open):
chmod 600 ~/.ssh/busflow_production5. Get the Server IP
Retrieve the public IP addresses of the Swarm Manager nodes:
terraform output manager_ips(Note down the IP address returned from the command above, e.g., 159.69.121.44)
6. SSH Into the Server
Now you can log into the root account on the manager using the extracted SSH key:
ssh -i ~/.ssh/busflow_production root@<MANAGER_IP>Note: If it is your first time connecting, your SSH client might warn you about an unknown host key. You can accept it by typing
yes. If you want to bypass strict checking (not recommended for strict security), you might add-o StrictHostKeyChecking=no.
Quick Start (Automated)
The steps above are automated in a single script. After a one-time terraform login, run:
# Production (default)
./infrastructure/scripts/ssh-connect.sh
# Studio
./infrastructure/scripts/ssh-connect.sh studio
# Observability
./infrastructure/scripts/ssh-connect.sh observability
# Run a remote command
./infrastructure/scripts/ssh-connect.sh production "docker service ls"