Why? Because the DNS record in Route53 doesn't get updated to the public IP address that the instance acquires on restart.
The only known fix is to manually edit the DNS record in Route53 after the instance has come up.
I suppose I could write a script that uses the aws command line client to automate that.
Tried using aws cloudformation update-stack to fix this, but that seems to have a penchant for recreating the instances (which blows away all the data stored on them, since we haven't set up external EBS storage). I'm pretty sure I tried pretty carefully to ask for the same base AMI as the instance already had, but cloudformation still said "I want to recreate the instance because its base AMI changed".
Another alternative would be to give the instances elastic IP addresses, but we (by default) only get five of those per region, so we're clearly not intended to do that.
Perhaps it would be possible to configure the Elastic Load Balancers to accept incoming ssh requests and forward them?
Perhaps it would be possible to rearrange the configuration into one VPC (which is desirable anyway #8) and then use a single gateway to dispatch incoming ssh connections among private IP addresses?
Why? Because the DNS record in Route53 doesn't get updated to the public IP address that the instance acquires on restart.
The only known fix is to manually edit the DNS record in Route53 after the instance has come up.
I suppose I could write a script that uses the aws command line client to automate that.
Tried using aws cloudformation update-stack to fix this, but that seems to have a penchant for recreating the instances (which blows away all the data stored on them, since we haven't set up external EBS storage). I'm pretty sure I tried pretty carefully to ask for the same base AMI as the instance already had, but cloudformation still said "I want to recreate the instance because its base AMI changed".
Another alternative would be to give the instances elastic IP addresses, but we (by default) only get five of those per region, so we're clearly not intended to do that.
Perhaps it would be possible to configure the Elastic Load Balancers to accept incoming ssh requests and forward them?
Perhaps it would be possible to rearrange the configuration into one VPC (which is desirable anyway #8) and then use a single gateway to dispatch incoming ssh connections among private IP addresses?