Forked from zmingxie/aws-ssm-ec2-proxy-command.sh
Last active
March 22, 2023 12:56
-
-
Save jabofh/d041bd1a0751f6275a080ef6cab237ac to your computer and use it in GitHub Desktop.
AWS SSM SSH Proxy Command
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env sh | |
######## Usage ################################################################# | |
# | |
# #1 Install the AWS CLI | |
# https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html | |
# | |
# #2 Install the Session Manager Plugin for the AWS CLI | |
# https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html | |
# | |
# #3 Install ProxyCommand | |
# - Move this script to ~/.ssh/aws-ssm-ec2-proxy-command.sh | |
# - Make it executable (chmod +x ~/.ssh/aws-ssm-ec2-proxy-command.sh) | |
# | |
# #4 Setup SSH Config | |
# - Add foolowing entry to your ~/.ssh/config | |
# - Adjust key file path if needed | |
# | |
# host i-* mi-* | |
# IdentityFile ~/.ssh/id_rsa | |
# ProxyCommand ~/.ssh/aws-ssm-ec2-proxy-command.sh %h %r %p ~/.ssh/id_rsa.pub | |
# StrictHostKeyChecking no | |
# | |
# #5 Ensure SSM Permissions fo Target Instance Profile | |
# | |
# https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html | |
# | |
# #6 Ensure latest SSM Agent on Target Instance | |
# | |
# yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm & service amazon-ssm-agent restart | |
# | |
# #7 Open SSH Connection | |
# - Ensure AWS CLI environemnt variables are set properly | |
# | |
# ssh <INSTACEC_USER>@<INSTANCE_ID> | |
# | |
# e.g. AWS_PROFILE='default' ssh ec2-user@i-xxxxxxxxxxxxxxxx | |
# | |
# - If default region does not match instance region you need to provide it like this | |
# | |
# ssh <INSTACEC_USER>@<INSTANCE_ID>::<INSTANCE_REGION> | |
# | |
################################################################################ | |
set -eu | |
REGION_SEPARATOR='::' | |
AWS_DEFAULT_REGION='' | |
ec2_instance_id="$1" | |
ssh_user="$2" | |
ssh_port="$3" | |
user_region=0 | |
#ssh_public_key_path="$4" | |
#ssh_public_key=$(cat ${ssh_public_key_path}) | |
if [[ "${ec2_instance_id}" = *${REGION_SEPARATOR}* ]]; then | |
export AWS_DEFAULT_REGION="${ec2_instance_id##*${REGION_SEPARATOR}}" | |
ec2_instance_id="${ec2_instance_id%%${REGION_SEPARATOR}*}" | |
user_region=1 | |
fi | |
if [[ ${user_region} -eq 0 ]]; then | |
echo "Remember to add the region (${REGION_SEPARATOR}region) when connecting outside the default region" > /dev/tty | |
fi | |
# echo "Add public key ${ssh_public_key_path} to instance ${ec2_instance_id}" >/dev/tty | |
# | |
aws ssm send-command \ | |
--instance-ids "${ec2_instance_id}" \ | |
--document-name 'AWS-RunShellScript' \ | |
--comment "Add a SSH public key to the authorized_keys file" \ | |
--parameters commands="\" | |
sudo -u ${ssh_user} mkdir -p /home/${ssh_user}/.ssh | |
\"" | |
# cd /home/${ssh_user}/.ssh | |
# echo ${ssh_public_key} | sudo -u ${ssh_user} tee authorized_keys > /dev/null | |
if [[ "$AWS_DEFAULT_REGION" != '' ]]; then | |
echo "Start ssm session to instance ${ec2_instance_id} in ${AWS_DEFAULT_REGION}" >/dev/tty | |
else | |
echo "Start ssm session to instance ${ec2_instance_id}" >/dev/tty | |
fi | |
aws ssm start-session \ | |
--target "${ec2_instance_id}" \ | |
--document-name 'AWS-StartSSHSession' \ | |
--parameters "portNumber=${ssh_port}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment