The MEAN stack deployment exposes two distinct access paths. Public Node.js instances accept direct SSH connections on port 22, scoped to the IP you provided inDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/mcamacho97/terraform-mean-stack-aws/llms.txt
Use this file to discover all available pages before exploring further.
allowed_ssh_ip at deploy time. The MongoDB instance lives in a private subnet with no public IP, so you reach it either by hopping through a Node instance as a jump host, or by using AWS Systems Manager Session Manager — which works for all three instances and requires no open SSH port at all.
Key Pair Setup
Thekeypair module generates a 4096-bit RSA key pair at terraform apply time using the tls_private_key resource. The public half is registered in AWS as <project_name>-key; the private half is written to keys/<project_name>.pem on your local machine with 0400 permissions. Terraform also exports the full path as an output:
SSH to Node.js Instances
Both Node.js instances are deployed in public subnets and are reachable directly over SSH.Verify key file permissions
SSH will refuse to use a key file that is too permissive. If you copied the key to another machine, reset permissions first:
Access MongoDB via Jump Host
The MongoDB instance has no public IP — its security group (terraform-mean-mongo-sg) only accepts inbound traffic on port 27017 from the Node security group. To open a shell on the MongoDB instance, use Node 1 as an SSH jump host:
-J flag instructs SSH to establish the outer connection to Node 1 and then tunnel the inner connection onward to the MongoDB private IP — all in a single command.
AWS Systems Manager Session Manager
Every EC2 instance in the stack — including the private MongoDB instance — is attached to an IAM instance profile that carries theAmazonSSMManagedInstanceCore managed policy. This grants SSM Agent the permissions it needs to register each instance with Systems Manager, letting you open a browser or CLI terminal session without any SSH key or open port.
Application Service Management
Once connected to a Node.js instance, usesystemctl and journalctl to manage the Node.js application (nodeapp) and the Nginx reverse proxy:
/opt/app as a simple systemd service. It is configured to restart automatically on failure (Restart=always, RestartSec=5), so transient errors recover without manual intervention.
MongoDB Service Management
Once connected to the MongoDB instance, use the following commands to inspect and control themongod service:
0.0.0.0 so the Node.js instances can reach it over the private subnet. Access from outside the VPC is blocked entirely by the terraform-mean-mongo-sg security group.