-
Notifications
You must be signed in to change notification settings - Fork 74
/
aws-ssm-ssh-proxy-command.ps1
executable file
·50 lines (40 loc) · 1.52 KB
/
aws-ssm-ssh-proxy-command.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/usr/bin/env pwsh
Set-StrictMode -Version 3.0
$ErrorActionPreference = "Stop"
################################################################################
#
# For documentation see https://github.com/qoomon/aws-ssm-ssh-proxy-command
#
################################################################################
$instance_id = $args[0]
$ssh_user = $args[1]
$ssh_port = $args[2]
$ssh_public_key_path = $args[3]
$REGION_SEPARATOR = "--"
$splitted_instance = $instance_id -split $REGION_SEPARATOR
if ($splitted_instance.Length -gt 1) {
$instance_id = $splitted_instance[0]
$env:AWS_DEFAULT_REGION = $splitted_instance[1]
}
Write-Output "Add public key $ssh_public_key_path for $ssh_user at instance $instance_id for 10 seconds"
$ssh_public_key = (Get-Content $ssh_public_key_path | Select-Object -first 1)
aws ssm send-command `
--instance-ids "$instance_id" `
--document-name 'AWS-RunShellScript' `
--comment "Add an SSH public key to authorized_keys for 10 seconds" `
--parameters commands=@"
\"
set -eu
mkdir -p ~$ssh_user/.ssh && cd ~$ssh_user/.ssh
authorized_key='$ssh_public_key ssm-session'
echo \\\"`$authorized_key\\\" >> authorized_keys
sleep 10
(grep -v -F \\\"`$authorized_key\\\" authorized_keys || true) > authorized_keys~
mv authorized_keys~ authorized_keys
\"
"@
Write-Output "Start ssm session to instance $instance_id"
aws ssm start-session `
--target "$instance_id" `
--document-name 'AWS-StartSSHSession' `
--parameters "portNumber=$ssh_port"