Both things have been introduced recently, and let you access even private ec2 instances
- Without VPN
- No open SSH port
- Authentication / Authorization is fully delegated to IAM
# Assumes valid AWS Credentials in ENV
ssh -v ec2-user@i-002afb820244e392f
What this will do (through the aws-proxy
script below):
- Generate a single use ssh key
- Push the generated publich key to AWS for the given user of the provided ec2 instance id
- Adds the private key to the ssh agent
- Create a tunnel through Session Manager
- Establish an SSH session
The host has to be configured to run:
- SSM Agent
- ec2-instance-connect
Locally, you'll have to have a recent version of the AWS cli and the SSM plugin
Nice post. I already have achieved this doing some changes in EC2 Instance Connect CLI but due the lack of AWS support I was looking for a pure ProxyCommand approach.
I have made a fork from your post with some changes for avoid the use of SSH Agent. Take a look I think you will find some nice improvements.