vpcjump 0.1.0 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -5
- data/exe/vpcjump +38 -17
- data/lib/vpcjump/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9b32988ef82af1b5bc9323a1e13f11ff52050424
|
4
|
+
data.tar.gz: a95fc8544d469c7c39c124f313660369e91861e7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 3243c2102311fb10531ac3a67f736c721177abbd4ca357b632e44c87b118a3661d6965c14258e071352338e34f9fa4c231cf4ac19dd109a6a4f1820b222332b0
|
7
|
+
data.tar.gz: 4159203ed939061675a3dc924fc508af9553b05787e716faa3ed5ce8ed996ac3b21ffed53cd4f917e0cfaae63dfd1eaf49874abcf476c9e454e32360267661fb
|
data/README.md
CHANGED
@@ -16,8 +16,9 @@ When on step 3 (**Configure Instance Details**), expand **Advanced Details** and
|
|
16
16
|
|
17
17
|
```
|
18
18
|
#!/bin/bash
|
19
|
+
REGION=`curl http://169.254.169.254/latest/dynamic/instance-identity/document|grep region|awk -F\" '{print $4}'`
|
19
20
|
cd /tmp
|
20
|
-
curl https://amazon-ssm
|
21
|
+
curl https://amazon-ssm-${REGION}.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm
|
21
22
|
yum install -y amazon-ssm-agent.rpm
|
22
23
|
curl https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip -o ngrok.zip
|
23
24
|
unzip ngrok.zip
|
@@ -52,12 +53,14 @@ Parameters:
|
|
52
53
|
Subcommands:
|
53
54
|
kill Terminate ngrok tunnel
|
54
55
|
ssh SSH into the jumpbox
|
56
|
+
sshuttle Use jumpbox for sshuttle VPN
|
55
57
|
|
56
58
|
Options:
|
57
59
|
--instance-id INSTANCE ID EC2 instance id of jump box (e.g. i-abc123)
|
58
60
|
--name INSTANCE NAME EC2 instance name of jump box
|
59
61
|
--ngrok-token NGROK TOKEN ngrok auth token
|
60
62
|
--ngrok-region NGROK REGION ngrok region (default: "us")
|
63
|
+
--ssh-user SSH USER SSH user (default: "ec2-user")
|
61
64
|
-v, --verbose Output AWS API calls
|
62
65
|
-h, --help print help
|
63
66
|
|
@@ -67,12 +70,11 @@ Usage:
|
|
67
70
|
|
68
71
|
Parameters:
|
69
72
|
[SSHPARAMS] ... Arguments to pass to SSH
|
70
|
-
|
71
|
-
Options:
|
72
|
-
--ssh-user SSH USER SSH user (default: "ec2-user")
|
73
73
|
```
|
74
74
|
|
75
|
-
Often you will want to use the jumpbox as an intermediary in order to connect to a second instance. This can be done using SSH port forwarding, e.g. `vpcjump --ngrok-token <auth token> --instance-id i-abc123 ssh -- -L 3389:172.16.0.1:3389` - This will let you to connect to Microsoft Remote Desktop on 127.0.0.1 and it will connect to the remote instance
|
75
|
+
Often you will want to use the jumpbox as an intermediary in order to connect to a second instance. This can be done using SSH port forwarding, e.g. `vpcjump --ngrok-token <auth token> --instance-id i-abc123 ssh -- -L 3389:172.16.0.1:3389` - This will let you to connect to Microsoft Remote Desktop on 127.0.0.1 and it will connect to the remote instance.
|
76
|
+
|
77
|
+
Even better is [`sshuttle`](http://sshuttle.readthedocs.io/en/stable/). It transparently creates a VPN-like connection over SSH and allows you to connect to resources within the VPC directly. Simply type `vpcjump --ngrok-token <auth token> --instance-id i-abc123 sshuttle`. Then you can type something like `ssh ec2-user@172.16.0.1` in another window and you're in. 👍
|
76
78
|
|
77
79
|
Finally, you may wish to terminate the jumpbox tunnel early. This can be done as such: `vpcjump --instance-id i-abc123 kill`.
|
78
80
|
|
@@ -85,3 +87,14 @@ Finally, you may wish to terminate the jumpbox tunnel early. This can be done as
|
|
85
87
|
* Execute `ssh -p <ngrok port> <ssh user>@<ngrok host>` to log into your jumpbox through the ngrok tunnel.
|
86
88
|
* Use SSM to execute `killall ngrok` on the remote instance when you explicitly terminate the tunnel. If you don't do this, the SSM agent process on the remote instance will terminate the ngrok tunnel after a predefined period.
|
87
89
|
|
90
|
+
|
91
|
+
## Required permissions
|
92
|
+
|
93
|
+
To use `vpcjump` once you have a jumpbox up and running you will need the following permissions:
|
94
|
+
|
95
|
+
* `ssm:SendCommand`
|
96
|
+
* `ssm:ListCommandInvocations`
|
97
|
+
* `ec2:DescribeInstances`
|
98
|
+
* `ec2:DescribeVpcs`
|
99
|
+
|
100
|
+
The last two are only required for the `sshuttle` subcommand to determine the VPC CIDR block that you are jumping into.
|
data/exe/vpcjump
CHANGED
@@ -11,6 +11,7 @@ module VpcJump
|
|
11
11
|
option '--name', 'INSTANCE NAME', 'EC2 instance name of jump box'
|
12
12
|
option '--ngrok-token', 'NGROK TOKEN', 'ngrok auth token'
|
13
13
|
option '--ngrok-region', 'NGROK REGION', 'ngrok region', default: 'us'
|
14
|
+
option '--ssh-user', 'SSH USER', 'SSH user', default: 'ec2-user'
|
14
15
|
option ['-v', '--verbose'], :flag, 'Output AWS API calls'
|
15
16
|
|
16
17
|
subcommand 'kill', 'Terminate ngrok tunnel' do
|
@@ -23,7 +24,6 @@ module VpcJump
|
|
23
24
|
end
|
24
25
|
|
25
26
|
subcommand 'ssh', 'SSH into the jumpbox' do
|
26
|
-
option '--ssh-user', 'SSH USER', 'SSH user', default: 'ec2-user'
|
27
27
|
parameter '[SSHPARAMS] ...', 'Arguments to pass to SSH'
|
28
28
|
|
29
29
|
def default_sshparams_list
|
@@ -33,27 +33,28 @@ module VpcJump
|
|
33
33
|
def execute
|
34
34
|
Aws.config[:logger] = Logger.new($stdout) if verbose?
|
35
35
|
|
36
|
-
|
36
|
+
uri = ssh_uri
|
37
|
+
cmd = "ssh -p #{uri.port} #{sshparams_list.join(' ')} #{ssh_user}@#{uri.hostname}"
|
37
38
|
|
38
|
-
|
39
|
-
|
39
|
+
puts cmd if verbose?
|
40
|
+
exec cmd
|
41
|
+
end
|
42
|
+
end
|
40
43
|
|
41
|
-
|
44
|
+
subcommand 'sshuttle', 'Use jumpbox for sshuttle VPN' do
|
45
|
+
def execute
|
46
|
+
Aws.config[:logger] = Logger.new($stdout) if verbose?
|
42
47
|
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
end
|
48
|
+
ec2 = Aws::EC2::Client.new
|
49
|
+
|
50
|
+
instance_info = ec2.describe_instances instance_ids: [instance_id]
|
51
|
+
vpc_id = instance_info.reservations[0].instances[0].vpc_id
|
52
|
+
vpc_info = ec2.describe_vpcs vpc_ids: [vpc_id]
|
53
|
+
cidr = vpc_info.vpcs[0].cidr_block
|
50
54
|
|
51
|
-
|
52
|
-
|
53
|
-
port = uri.port
|
54
|
-
host = uri.hostname
|
55
|
+
uri = ssh_uri
|
56
|
+
cmd = "sshuttle -r #{ssh_user}@#{uri.hostname}:#{uri.port} #{cidr}"
|
55
57
|
|
56
|
-
cmd = "ssh -p #{port} #{sshparams_list.join(' ')} #{ssh_user}@#{host}"
|
57
58
|
puts cmd if verbose?
|
58
59
|
exec cmd
|
59
60
|
end
|
@@ -73,6 +74,26 @@ module VpcJump
|
|
73
74
|
resp.command
|
74
75
|
end
|
75
76
|
|
77
|
+
def ssh_uri
|
78
|
+
id = instance_id
|
79
|
+
|
80
|
+
ssm_exec id, "ngrok tcp --log stdout --region #{ngrok_region} --authtoken #{ngrok_token} 22"
|
81
|
+
sleep 20
|
82
|
+
|
83
|
+
tunnels = []
|
84
|
+
|
85
|
+
loop do
|
86
|
+
resp = ssm_exec id, 'curl -s http://localhost:4040/api/tunnels'
|
87
|
+
output = ssm_output resp.command_id
|
88
|
+
json = JSON.parse output
|
89
|
+
tunnels = json['tunnels']
|
90
|
+
break if tunnels.length > 0
|
91
|
+
end
|
92
|
+
|
93
|
+
url = tunnels[0]['public_url']
|
94
|
+
URI.parse url
|
95
|
+
end
|
96
|
+
|
76
97
|
def ssm_output(command_id)
|
77
98
|
ssm = Aws::SSM::Client.new
|
78
99
|
|
data/lib/vpcjump/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: vpcjump
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Aidan Steele
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-
|
11
|
+
date: 2016-12-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: bundler
|