First version of aws ec2 instance connect proxy

Author: willthames

README.md

@@ -0,0 +1,22 @@
+# ProxyCommand helper for AWS EC2 Instance connect
+
+Usage
+
+```
+.ssh/aws-proxy.sh [--profile profile] [--region region] [--key key] [--filter filterkey] user host [port]
+```
+
+Here `filterkey` is the name of the filter to the [DescribeInstances](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeInstances.html)
+API call - it defaults to private-ip-address
+
+e.g. if all your instances in the 10.1.0.0 subnet are in ap-southeast-2, you can use the following `~/.ssh/config`
+
+```
+Host 10.1.0.*
+User ec2-user
+ProxyCommand sh ~/.ssh/aws-proxy.sh --profile test-account --region ap-southeast-2 --key ~/.ssh/test-aws %r %h %p
+
+Host ip-10-1-*
+User ec2-user
+ProxyCommand sh ~/.ssh/aws-proxy.sh --profile test-account --region ap-southeast-2 --filter private-dns-name --key ~/.ssh/test-aws %r %h %p
+```

aws-proxy.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+set -eu
+
+if [ $# -lt 2 ] ; then
+    echo "Usage: $0 [--profile profile] [--region region] [--key key] [--filter filterkey] user host [port]"
+    exit
+fi
+
+while true; do
+  case $1 in
+    --profile)
+      PROFILE="--profile $2"
+      shift 2
+      ;;
+    --region)
+      REGION="--region $2"
+      shift 2
+      ;;
+    --key)
+      KEY=$2
+      shift 2
+      ;;
+    --filter)
+      FILTER=$2
+      shift 2
+      ;;
+    *)
+      break
+      ;;
+  esac
+done
+
+FILTER="${FILTER:-private-ip-address}"
+ARGS="--ssh-public-key file://$KEY.pub --instance-os-user $1"
+PORT="${3:-22}"
+LOGIN=$1
+DESTHOST=$2
+read -r instance_id availability_zone <<< $(aws ec2 describe-instances $PROFILE $REGION --filter "Name=$FILTER,Values=$DESTHOST" --query 'Reservations[*].Instances[*].[InstanceId,Placement.AvailabilityZone]' --output text)
+
+aws ec2-instance-connect send-ssh-public-key $REGION $PROFILE --instance-id $instance_id --availability-zone $availability_zone $ARGS
+
+nc $DESTHOST $PORT