T31M/ubuntu-fish-dotfiles
0
1
Fork 0
Code Pull Requests Releases Activity

Compare commits

base: T31M:2ed69bc664912602faa705b9fe36cc22aa98221f
Branches Tags
T31M:master T31M:feature/update-enhance-dotfiles-for-new-package-versions
...
compare: T31M:master
Branches Tags
T31M:feature/update-enhance-dotfiles-for-new-package-versions T31M:master

2 Commits
2ed69bc664 ... master

Author SHA1 Message Date
T31M
66fbc7eeab Merge pull request 'Make FiSH >3.3 compatible + Update AWS SSM remote port forwarding config' (#4) from bugfix/make-fish-3-3-compatible into master 
Reviewed-on: #4
 2022-06-06 17:12:45 +02:00
T31M
a1186a2c1c feat: update ssm tunneling script 2022-06-05 10:26:10 +02:00
3 changed files with 57 additions and 9 deletions
Expand all files Collapse all files

19
fish/theme-t31m/functions/envAWS.fish
View File

@ -4,7 +4,7 @@
set AWS_IAM_USER "" set AWS_IAM_USER ""
# TODO setup your aws-mfa credential keys in the credentials file # TODO setup your aws-mfa credential keys in the credentials file
# TODO replace "Administrator" Role with the actual role you want to assume. # TODO replace "PLACE_YOUR_ROLE_HERE" with the actual role you want to assume.
# AWS Account details # AWS Account details
set DEV_ACCOUNT_ID "" set DEV_ACCOUNT_ID ""
@ -26,19 +26,19 @@ function envAWS --description 'switch to different aws account environments (-)
switch $argv[1] switch $argv[1]
case dev case dev
echo "switching to /refreshing dev" echo "switching to /refreshing dev"
aws-mfa --assume-role arn:aws:iam::$DEV_ACCOUNT_ID:role/Administrator --duration 43200 --role-session-name $AWS_IAM_USER aws-mfa --assume-role arn:aws:iam::$DEV_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 43200 --role-session-name "$AWS_IAM_USER"
getAWSenv getAWSenv
case stg case stg
echo "switching to /refreshing staging" echo "switching to /refreshing staging"
aws-mfa --assume-role arn:aws:iam::$STG_ACCOUNT_ID:role/Administrator --duration 43200 --role-session-name $AWS_IAM_USER aws-mfa --assume-role arn:aws:iam::$STG_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 43200 --role-session-name "$AWS_IAM_USER"
getAWSenv getAWSenv
case prod case prod
echo "switching to /refreshing prod" echo "switching to /refreshing prod"
aws-mfa --assume-role arn:aws:iam::$PROD_ACCOUNT_ID:role/Administrator --duration 3600 --role-session-name $AWS_IAM_USER aws-mfa --assume-role arn:aws:iam::$PROD_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 3600 --role-session-name "$AWS_IAM_USER"
getAWSenv getAWSenv
case ops case ops
echo "switching to /refreshing ops" echo "switching to /refreshing ops"
aws-mfa --assume-role arn:aws:iam::$OPS_ACCOUNT_ID:role/Administrator --duration 3600 --role-session-name $AWS_IAM_USER aws-mfa --assume-role arn:aws:iam::$OPS_ACCOUNT_ID:role/PLACE_YOUR_ROLE_HERE --duration 3600 --role-session-name "$AWS_IAM_USER"
getAWSenv getAWSenv
case '*' case '*'
echo "Wrong / Invalid Environment provided" echo "Wrong / Invalid Environment provided"
@ -67,3 +67,12 @@ function getAWSenv --description 'verify and set environment'
return 1 return 1
end end
end end
function getSecretAWS --description 'get & decrypt secrets from ssm parameter store via cli command if permissions are granted'
if test (count $argv) -lt 1
echo "Provide a Path to the Secret"
return
end
aws ssm get-parameter --name "$argv[1]" --with-decryption | jq .Parameter.Value -r
end

46
fish/theme-t31m/functions/ssm_tunnel.fish
View File

@ -1,4 +1,6 @@
function ssm_tunnel --description 'access private AWS ressources via Bastion Host' # See: https://aws.amazon.com/about-aws/whats-new/2022/05/aws-systems-manager-support-port-forwarding-remote-hosts-using-session-manager/
# And: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-sessions-start.html#sessions-remote-port-forwarding
function ssm_tunnel --description 'Access private AWS ressources via native SSM port forwarding through bastion'
if test (count $argv) -lt 2 if test (count $argv) -lt 2
echo "Provide an Host:Port Mapping & an Local Port" echo "Provide an Host:Port Mapping & an Local Port"
@ -12,7 +14,45 @@ function ssm_tunnel --description 'access private AWS ressources via Bastion Hos
# Get bastion host ID using it's name # Get bastion host ID using it's name
set INSTANCE_ID (aws ec2 describe-instances \ set INSTANCE_ID (aws ec2 describe-instances \
--filter 'Name=tag:Name,Values=ops-infrastructure-bastion'\ --filter 'Name=tag:Name,Values=INSTANCE_NAME_HERE'\
--query "Reservations[].Instances[?State.Name == 'running'].InstanceId[]"\
--output text)
# AWS Remote host i.e internal.s.twaice / dualstack.internal-stg-s-inter-9ov8h1o4saoa-793915940.eu-west-1.elb.amazonaws.com
set REMOTE_HOST (string split -f1 : $argv[1])
set REMOTE_PORT (string split -f2 : $argv[1])
# Local port to bind for forwarding
set LOCAL_PORT $argv[2]
# Seconds until forwarding session times out (6h max)
set TIMEOUT 21600
# Start tunnel session
echo "Starting Tunnel"
aws ssm start-session --target $INSTANCE_ID \
--document-name "AWS-StartPortForwardingSessionToRemoteHost" \
--parameters "host=[$REMOTE_HOST],portNumber=[$REMOTE_PORT],localPortNumber=[$LOCAL_PORT]"
echo "Tunneling Session Exited."
end
# This function is for Platform Admin / Infrastructure users only.
# @TODO: It still utilized the old style of ssm tunneling -> needs c&p of new style as well
function ssm_tunnel_admin --description 'access private AWS ressources via Bastion Host'
if test (count $argv) -lt 2
echo "Provide an Host:Port Mapping & an Local Port"
return
end
if [ "$env" != "ops" ]
echo "Switch to OPS ENV first"
return
end
# Get bastion host ID using it's name
set INSTANCE_ID (aws ec2 describe-instances \
--filter 'Name=tag:Name,Values=INSTANCE_NAME_HERE'\
--query "Reservations[].Instances[?State.Name == 'running'].InstanceId[]"\ --query "Reservations[].Instances[?State.Name == 'running'].InstanceId[]"\
--output text) --output text)
@ -40,4 +80,4 @@ function ssm_tunnel --description 'access private AWS ressources via Bastion Hos
# stop socat on the bastion # stop socat on the bastion
aws ssm cancel-command --command-id $CMD_INVOC_ID aws ssm cancel-command --command-id $CMD_INVOC_ID
echo "Command Cancelled Successfully." echo "Command Cancelled Successfully."
end end

1
fish/theme-t31m/functions/t31m_prompt.fish
View File

@ -22,7 +22,6 @@ function prompt::pyenv
set venv (echo "$VIRTUAL_ENV" | grep -Eo '[^/]+/?$' | cut -d / -f1) set venv (echo "$VIRTUAL_ENV" | grep -Eo '[^/]+/?$' | cut -d / -f1)
echo -n -s (printf '%s' \U1F40D)(yellow)"["(cyan)"$venv"(yellow)"@"(off)"$python_version"(yellow)"]"(off) echo -n -s (printf '%s' \U1F40D)(yellow)"["(cyan)"$venv"(yellow)"@"(off)"$python_version"(yellow)"]"(off)
else if test -n "$PYENV_VERSION"; and [ "$PYENV_VERSION" != "$python_version" ] else if test -n "$PYENV_VERSION"; and [ "$PYENV_VERSION" != "$python_version" ]
# echo -n -s (yellow)(printf '%s' \U1F40D)"["(cyan)(pyenv version-name | sed 's/:.*$//' )(off)"@$python_version"(yellow)"]"(off)
echo -n -s (yellow)(printf '%s' \U1F40D)"["(cyan)(pyenv version-name )(off)"@$python_version"(yellow)"]"(off) echo -n -s (yellow)(printf '%s' \U1F40D)"["(cyan)(pyenv version-name )(off)"@$python_version"(yellow)"]"(off)
else if test -n "$python_version" else if test -n "$python_version"
echo -n -s (yellow)(printf '%s' \U1F40D)"["(off)$python_version(yellow)"]"(off) echo -n -s (yellow)(printf '%s' \U1F40D)"["(off)$python_version(yellow)"]"(off)