Host aws-sshless-basion
Hostname i-xxxxxxxxxxxx
IdentityFile ~/.ssh/ssh_key
ProxyCommand sh -c "aws ssm start-session --profile aws-profile --region us-east-2 --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
Iam permissions AWS SSM (terraform)
locals {
hostname = "host.com"
attach_general_policies = [
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
"arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy",
]
}
resource "aws_iam_role" "host-role" {
name = "${local.hostname}-host-role"
path = "/"
assume_role_policy = <<POLICY
{
"Version": "2008-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
POLICY
}
resource "aws_iam_role_policy_attachment" "attach_policies-general" {
count = length(local.attach_general_policies)
role = aws_iam_role.host-role.name
policy_arn = local.attach_general_policies[count.index]
}
resource "aws_iam_role_policy_attachment" "attach_policies-var" {
count = length(var.attach_policies)
role = aws_iam_role.host-role.name
policy_arn = var.attach_policies[count.index]
}
resource "aws_iam_instance_profile" "campus-general-host-profile" {
name = "${local.hostname}-profile"
role = aws_iam_role.host-role.name
}