Last active
October 2, 2019 11:31
-
-
Save mhvelplund/6f53cbf5d78d7a5bb289bb3195e58e3a to your computer and use it in GitHub Desktop.
AWS SSM SSH ProxyCommand
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sh | |
| set -eu | |
| ######## Usage ################################################################# | |
| # | |
| # #1 Install the AWS CLI | |
| # https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html | |
| # | |
| # #2 Install the Session Manager Plugin for the AWS CLI | |
| # https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html | |
| # | |
| # #3 Install ProxyCommand | |
| # - Move this script to ~/.ssh/aws-ssm-ec2-proxy-command.sh | |
| # - Make it executable (chmod +x ~/.ssh/aws-ssm-ec2-proxy-command.sh) | |
| # | |
| # #4 Setup SSH Config | |
| # - Add foolowing entry to your ~/.ssh/config | |
| # | |
| # host i-* mi-* | |
| # ProxyCommand ~/.ssh/aws-ssm-ec2-proxy-command.sh %h %r %p | |
| # | |
| # #5 Ensure SSM Permissions fo Target Instance Profile | |
| # | |
| # https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html | |
| # | |
| # #6 Ensure latest SSM Agent on Target Instance | |
| # | |
| # yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm & service amazon-ssm-agent restart | |
| # | |
| # #7 Open SSH Connection | |
| # | |
| # AWS_PROFILE='default' ssh ec2-user@i-xxxxxxxxxxxxxxxx | |
| # | |
| ################################################################################ | |
| ec2_instance_id="$1" | |
| ssh_user="${2}" | |
| ssh_port="${3}" | |
| ssh_public_key_path="${HOME}/.ssh/id_rsa.pub" | |
| # Temporary add your public SSH key to authorized_keys on target instance | |
| ssh_public_key_timeout=10 | |
| ssh_public_key="$(cat "${ssh_public_key_path}")" | |
| echo "Temporary add your ssh key ${ssh_public_key_path} to authorized_keys on target instance ${ec2_instance_id}" | |
| aws ssm send-command \ | |
| --instance-ids "${ec2_instance_id}" \ | |
| --document-name 'AWS-RunShellScript' \ | |
| --parameters commands="\" | |
| [[ ! -d ~${ssh_user}/.ssh ]] && mkdir ~${ssh_user}/.ssh && chmod 700 ~${ssh_user}/.ssh && chown ${ssh_user}.${ssh_user} ~${ssh_user}/.ssh | |
| cd ~${ssh_user}/.ssh || exit 1 | |
| grep -F '${ssh_public_key}' authorized_keys || echo '${ssh_public_key} ssm-session' >> authorized_keys | |
| sleep ${ssh_public_key_timeout} | |
| grep -v -F '${ssh_public_key}' authorized_keys > .tmp.authorized_keys | |
| mv .tmp.authorized_keys authorized_keys | |
| \"" \ | |
| --comment "grant ssh access for ${ssh_public_key_timeout} seconds" | |
| # Start SSM SSH session | |
| aws ssm start-session \ | |
| --target "${ec2_instance_id}" \ | |
| --document-name 'AWS-StartSSHSession' \ | |
| --parameters "portNumber=${ssh_port}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment