Last active
April 30, 2024 22:24
-
-
Save atr0s/70d2c7327a3d1520d58998adc620fa5b to your computer and use it in GitHub Desktop.
AWS Session Manager SSH/SCP helper
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Snippet of code to be put on ~/.bash_profile to help SSH into instances via Session Manager while specifying AWS profiles | |
| # It can be used by saving ~/.ssm_bash_profile and adding the following line to ~/.bash_profile | |
| # source ~/.ssm_bash_profile | |
| function aws-ssm-instance-list { | |
| if [ "$#" -lt 1 ]; then | |
| echo "Usage: aws-ssm-instance-list <profile name>" | |
| else | |
| output=$(aws ssm describe-instance-information --profile $1 --query "InstanceInformationList[*].{Name:ComputerName,Id:InstanceId,IPAddress:IPAddress}" --output text) | |
| echo "$output" | |
| fi | |
| } | |
| function aws-ssm-menu { | |
| printf "List of instances for $1:\n\n" | |
| instance_list_output=$(aws-ssm-instance-list $1) | |
| IFS=$'\n' | |
| instance_list=($instance_list_output) | |
| unset IFS | |
| for i in "${!instance_list[@]}"; do | |
| printf "%s) %s\n" "$i" "${instance_list[$i]}" | |
| done | |
| printf "\nSelect an instance from the list above: " | |
| IFS= read -r opt | |
| if [[ $opt =~ ^[0-9]+$ ]] && (( (opt >= 0) && (opt < "${#instance_list[@]}") )); then | |
| return $opt | |
| else | |
| printf 'invalid option\n' | |
| return -1 | |
| fi | |
| } | |
| function aws-scp { | |
| if [ "$#" -lt 2 ]; then | |
| echo "Usage: aws-scp <profile name> <scp parameters>" | |
| else | |
| scp -o ProxyCommand="bash -c \"aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p' --profile $1\"" ${@:2} | |
| fi | |
| } | |
| function aws-ssh { | |
| if [ "$#" -lt 2 ]; then | |
| echo "Usage: aws-ssh <profile name> <ssh parameters>" | |
| else | |
| ssh ${@:2} -o ProxyCommand="bash -c \"aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p' --profile $1\"" | |
| fi | |
| } | |
| function aws-ssm-session { | |
| if [ "$#" -lt 2 ]; then | |
| echo "Usage: aws-ssm-session <profile name> <instance_id>" | |
| else | |
| aws ssm start-session --target $2 --profile $1 | |
| fi | |
| } | |
| function aws-session-interactive { | |
| if [ "$#" -lt 1 ]; then | |
| echo "Usage: aws-ssh-interactive <profile name>" | |
| else | |
| aws-ssm-menu $1 | |
| choice=$? | |
| if [ $choice -ne 255 ] ; then | |
| instance_id=$(echo "${instance_list[$choice]}"| awk {'print $2'}) | |
| aws-ssm-session $1 $instance_id | |
| fi | |
| fi | |
| } | |
the whole idea is to use SSM as the proxy command for SSH. In theory you should be able to do it without keys what I'd do is to try:
aws-scp your-profile -vvv /path/to/file user@host:/tmp
Check the verbose logs and the logs on the server side to make sure you're connecting with the right user. The command as such doesn't force the use of SSH keys.
Yeah, scp keeps looking for an identify file to use so same error (verbose output looks like it tries every key it can find before throwing the same error). Thought I found it here: https://github.com/elpy1/ssh-over-ssm ... but all it does is copy the key for you before using ssm! Thanks for your quick reply, much appreciated. If I figure it out I'll ping you back.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello .. came across your gist while trying to scp files via ssm without keys, which if I understand correctly is the whole point of using ssm. When I use your functions I always get Permission denied (publickey). Are you able to transfer without keys? Thanks!