I finally figured this out, thanks to Google of course. No single post or documentation solved the issue, but after a 2 hour battle and various options, I finally have it working.
If you are running a java app on ec2 and want to remotely connect to it using jconsole or jvisualvm, you need to start your java app with a few options. Here is my configuration. Also, note that disabling authentication, opens this up for everyone. Not good, so don’t do this in production or on a box that matters. Also, this doesn’t work with a restrictive firewall. Since RMI port is chosen randomly, you must have a rather loose firewall policy. There are ways around it, with ssh tunneling I believe, but this post won’t cover it as this point, I might do it at some point later.
First you need a policy file. Again this can be fine tuned, the example below shows a dangerously loose one…
grant {
permission java.security.AllPermission;
};
Place this file in some directory. In my example it’s sitting in my home dir and is named .java.policy
java -Dcom.sun.management.jmxremote \
-Dcom.sun.management.jmxremote.port=9001 \
-Dcom.sun.management.jmxremote.authenticate=false \
-Dcom.sun.management.jmxremote.ssl=false \
-Djava.security.policy=.java.policy \
-Dcom.sun.management.jmxremote.local.only=false \
-Djava.rmi.server.hostname=your.public.hostname.com \
-jar test.jar Runner
This starts the app and an jndi service listening on port 9001.
In jvisualvm, you now can connect to your.public.hostname.com:9001. You can tune your parameters as needed, but two are crucial in my experience: com.sun.management.jmxremote.local.only and java.rmi.server.hostname. I had to specify these in order to make things work. Your mileage may vary.
