forked from qoomon/aws-ssm-ssh-proxy-command
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathaws-ssm-ec2-proxy-command.sh
63 lines (57 loc) · 2.24 KB
/
aws-ssm-ec2-proxy-command.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/usr/bin/env sh
######## Source ################################################################
#
# https://github.com/qoomon/aws-ssm-ec2-proxy-command
#
######## Usage #################################################################
# https://github.com/qoomon/aws-ssm-ec2-proxy-command/blob/master/README.md
#
# Install Proxy Command
# - Move this script to ~/.ssh/aws-ssm-ec2-proxy-command.sh
# - Ensure it is executable (chmod +x ~/.ssh/aws-ssm-ec2-proxy-command.sh)
#
# Add following SSH Config Entry to ~/.ssh/config
# host i-* mi-*
# IdentityFile ~/.ssh/id_rsa
# ProxyCommand ~/.ssh/aws-ssm-ec2-proxy-command.sh %h %r %p ~/.ssh/id_rsa.pub
# StrictHostKeyChecking no
#
# Ensure SSM Permissions for Target Instance Profile
# https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html
#
# Open SSH Connection
# ssh <INSTANCE_USER>@<INSTANCE_ID>
#
# Ensure AWS CLI environment variables are set properly
# e.g. AWS_PROFILE='default' ssh ec2-user@i-xxxxxxxxxxxxxxxx
#
# If default region does not match instance region you need to provide it like this
# ssh <INSTANCE_USER>@<INSTANCE_ID>--<INSTANCE_REGION>
#
################################################################################
set -eu
REGION_SEPARATOR='--'
ec2_instance_id="$1"
ssh_user="$2"
ssh_port="$3"
ssh_public_key_path="$4"
if echo "${ec2_instance_id}" | grep -qe "${REGION_SEPARATOR}"
then
export AWS_DEFAULT_REGION="${ec2_instance_id##*${REGION_SEPARATOR}}"
ec2_instance_id="${ec2_instance_id%%${REGION_SEPARATOR}*}"
fi
instance_availability_zone="$(aws ec2 describe-instances \
--instance-id "$ec2_instance_id" \
--query "Reservations[0].Instances[0].Placement.AvailabilityZone" \
--output text)"
>/dev/stderr echo "Add public key ${ssh_public_key_path} to instance ${ec2_instance_id} for 60 seconds"
aws ec2-instance-connect send-ssh-public-key \
--instance-id "$ec2_instance_id" \
--instance-os-user "$ssh_user" \
--ssh-public-key "file://$ssh_public_key_path" \
--availability-zone "$instance_availability_zone"
>/dev/stderr echo "Start ssm session to instance ${ec2_instance_id}"
aws ssm start-session \
--target "${ec2_instance_id}" \
--document-name 'AWS-StartSSHSession' \
--parameters "portNumber=${ssh_port}"