# See: https://aws.amazon.com/about-aws/whats-new/2022/05/aws-systems-manager-support-port-forwarding-remote-hosts-using-session-manager/
# And: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-sessions-start.html#sessions-remote-port-forwarding
function ssm_tunnel --description 'Access private AWS ressources via native SSM port forwarding through bastion'

    if test (count $argv) -lt 2
        echo "Provide an Host:Port Mapping & an Local Port"
        return
    end

    if [ "$env" != "ops" ]
        echo "Switch to OPS ENV first"
        return
    end

    # Get bastion host ID using it's name
    set INSTANCE_ID (aws ec2 describe-instances \
            --filter 'Name=tag:Name,Values=INSTANCE_NAME_HERE'\
            --query "Reservations[].Instances[?State.Name == 'running'].InstanceId[]"\
            --output text)
   
    # AWS Remote host i.e AWS Remote host i.e internal.x.yourdns / xxx.eu-west-1.elb.amazonaws.com
    set REMOTE_HOST (string split -f1 : $argv[1])
    set REMOTE_PORT (string split -f2 : $argv[1])
    # Local port to bind for forwarding
    set LOCAL_PORT $argv[2]

     # Seconds until forwarding session times out (6h max)
    set TIMEOUT 21600

    # Start tunnel session
    echo "Starting Tunnel"
    aws ssm start-session --target $INSTANCE_ID \
    --document-name "AWS-StartPortForwardingSessionToRemoteHost" \
    --parameters "host=[$REMOTE_HOST],portNumber=[$REMOTE_PORT],localPortNumber=[$LOCAL_PORT]"

    echo "Tunneling Session Exited."
end

# This function is for custom & higher privileged users only.
function ssm_tunnel_admin --description 'Access private AWS ressources via native SSM port forwarding through bastion'

    if test (count $argv) -lt 2
        echo "Provide an Host:Port Mapping & an Local Port"
        return
    end

    if [ "$env" != "ops" ]
        echo "Switch to OPS ENV first"
        return
    end

    # Get bastion host ID using it's name
    set INSTANCE_ID (aws ec2 describe-instances \
            --filter 'Name=tag:Name,Values=INSTANCE_NAME_HERE'\
            --query "Reservations[].Instances[?State.Name == 'running'].InstanceId[]"\
            --output text)
   
    # AWS Remote host i.e internal.x.yourdns / xxx.eu-west-1.elb.amazonaws.com
    set REMOTE_HOST (string split -f1 : $argv[1])
    set REMOTE_PORT (string split -f2 : $argv[1])
    # Local port to bind for forwarding
    set LOCAL_PORT $argv[2]

     # Seconds until forwarding session times out (6h max)
    set TIMEOUT 21600

    # Start tunnel session
    echo "Starting Tunnel"
    aws ssm start-session --target $INSTANCE_ID \
    --document-name "AWS-StartPortForwardingSessionToRemoteHost" \
    --parameters "host=[$REMOTE_HOST],portNumber=[$REMOTE_PORT],localPortNumber=[$LOCAL_PORT]"

    echo "Tunneling Session Exited."
end