feat: update ssm tunneling script
This commit is contained in:
@ -4,7 +4,7 @@
|
||||
set AWS_IAM_USER ""
|
||||
|
||||
# TODO setup your aws-mfa credential keys in the credentials file
|
||||
# TODO replace "Administrator" Role with the actual role you want to assume.
|
||||
# TODO replace "PLACE_YOUR_ROLE_HERE" with the actual role you want to assume.
|
||||
|
||||
# AWS Account details
|
||||
set DEV_ACCOUNT_ID ""
|
||||
@ -26,19 +26,19 @@ function envAWS --description 'switch to different aws account environments (-)
|
||||
switch $argv[1]
|
||||
case dev
|
||||
echo "switching to /refreshing dev"
|
||||
aws-mfa --assume-role arn:aws:iam::$DEV_ACCOUNT_ID:role/Administrator --duration 43200 --role-session-name $AWS_IAM_USER
|
||||
aws-mfa --assume-role arn:aws:iam::$DEV_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 43200 --role-session-name "$AWS_IAM_USER"
|
||||
getAWSenv
|
||||
case stg
|
||||
echo "switching to /refreshing staging"
|
||||
aws-mfa --assume-role arn:aws:iam::$STG_ACCOUNT_ID:role/Administrator --duration 43200 --role-session-name $AWS_IAM_USER
|
||||
aws-mfa --assume-role arn:aws:iam::$STG_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 43200 --role-session-name "$AWS_IAM_USER"
|
||||
getAWSenv
|
||||
case prod
|
||||
echo "switching to /refreshing prod"
|
||||
aws-mfa --assume-role arn:aws:iam::$PROD_ACCOUNT_ID:role/Administrator --duration 3600 --role-session-name $AWS_IAM_USER
|
||||
aws-mfa --assume-role arn:aws:iam::$PROD_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 3600 --role-session-name "$AWS_IAM_USER"
|
||||
getAWSenv
|
||||
case ops
|
||||
echo "switching to /refreshing ops"
|
||||
aws-mfa --assume-role arn:aws:iam::$OPS_ACCOUNT_ID:role/Administrator --duration 3600 --role-session-name $AWS_IAM_USER
|
||||
aws-mfa --assume-role arn:aws:iam::$OPS_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 3600 --role-session-name "$AWS_IAM_USER"
|
||||
getAWSenv
|
||||
case '*'
|
||||
echo "Wrong / Invalid Environment provided"
|
||||
@ -67,3 +67,12 @@ function getAWSenv --description 'verify and set environment'
|
||||
return 1
|
||||
end
|
||||
end
|
||||
|
||||
function getSecretAWS --description 'get & decrypt secrets from ssm parameter store via cli command if permissions are granted'
|
||||
if test (count $argv) -lt 1
|
||||
echo "Provide a Path to the Secret"
|
||||
return
|
||||
end
|
||||
|
||||
aws ssm get-parameter --name "$argv[1]" --with-decryption | jq .Parameter.Value -r
|
||||
end
|
||||
@ -1,4 +1,6 @@
|
||||
function ssm_tunnel --description 'access private AWS ressources via Bastion Host'
|
||||
# See: https://aws.amazon.com/about-aws/whats-new/2022/05/aws-systems-manager-support-port-forwarding-remote-hosts-using-session-manager/
|
||||
# And: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-sessions-start.html#sessions-remote-port-forwarding
|
||||
function ssm_tunnel --description 'Access private AWS ressources via native SSM port forwarding through bastion'
|
||||
|
||||
if test (count $argv) -lt 2
|
||||
echo "Provide an Host:Port Mapping & an Local Port"
|
||||
@ -12,7 +14,45 @@ function ssm_tunnel --description 'access private AWS ressources via Bastion Hos
|
||||
|
||||
# Get bastion host ID using it's name
|
||||
set INSTANCE_ID (aws ec2 describe-instances \
|
||||
--filter 'Name=tag:Name,Values=ops-infrastructure-bastion'\
|
||||
--filter 'Name=tag:Name,Values=INSTANCE_NAME_HERE'\
|
||||
--query "Reservations[].Instances[?State.Name == 'running'].InstanceId[]"\
|
||||
--output text)
|
||||
|
||||
# AWS Remote host i.e internal.s.twaice / dualstack.internal-stg-s-inter-9ov8h1o4saoa-793915940.eu-west-1.elb.amazonaws.com
|
||||
set REMOTE_HOST (string split -f1 : $argv[1])
|
||||
set REMOTE_PORT (string split -f2 : $argv[1])
|
||||
# Local port to bind for forwarding
|
||||
set LOCAL_PORT $argv[2]
|
||||
|
||||
# Seconds until forwarding session times out (6h max)
|
||||
set TIMEOUT 21600
|
||||
|
||||
# Start tunnel session
|
||||
echo "Starting Tunnel"
|
||||
aws ssm start-session --target $INSTANCE_ID \
|
||||
--document-name "AWS-StartPortForwardingSessionToRemoteHost" \
|
||||
--parameters "host=[$REMOTE_HOST],portNumber=[$REMOTE_PORT],localPortNumber=[$LOCAL_PORT]"
|
||||
|
||||
echo "Tunneling Session Exited."
|
||||
end
|
||||
|
||||
# This function is for Platform Admin / Infrastructure users only.
|
||||
# @TODO: It still utilized the old style of ssm tunneling -> needs c&p of new style as well
|
||||
function ssm_tunnel_admin --description 'access private AWS ressources via Bastion Host'
|
||||
|
||||
if test (count $argv) -lt 2
|
||||
echo "Provide an Host:Port Mapping & an Local Port"
|
||||
return
|
||||
end
|
||||
|
||||
if [ "$env" != "ops" ]
|
||||
echo "Switch to OPS ENV first"
|
||||
return
|
||||
end
|
||||
|
||||
# Get bastion host ID using it's name
|
||||
set INSTANCE_ID (aws ec2 describe-instances \
|
||||
--filter 'Name=tag:Name,Values=INSTANCE_NAME_HERE'\
|
||||
--query "Reservations[].Instances[?State.Name == 'running'].InstanceId[]"\
|
||||
--output text)
|
||||
|
||||
|
||||
@ -22,7 +22,6 @@ function prompt::pyenv
|
||||
set venv (echo "$VIRTUAL_ENV" | grep -Eo '[^/]+/?$' | cut -d / -f1)
|
||||
echo -n -s (printf '%s' \U1F40D)(yellow)"["(cyan)"$venv"(yellow)"@"(off)"$python_version"(yellow)"]"(off)
|
||||
else if test -n "$PYENV_VERSION"; and [ "$PYENV_VERSION" != "$python_version" ]
|
||||
# echo -n -s (yellow)(printf '%s' \U1F40D)"["(cyan)(pyenv version-name | sed 's/:.*$//' )(off)"@$python_version"(yellow)"]"(off)
|
||||
echo -n -s (yellow)(printf '%s' \U1F40D)"["(cyan)(pyenv version-name )(off)"@$python_version"(yellow)"]"(off)
|
||||
else if test -n "$python_version"
|
||||
echo -n -s (yellow)(printf '%s' \U1F40D)"["(off)$python_version(yellow)"]"(off)
|
||||
|
||||
Reference in New Issue
Block a user