vpcjump 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +18 -5
  3. data/exe/vpcjump +38 -17
  4. data/lib/vpcjump/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 91bc9c02d6d0df3b88ee4e7660859087db1666ef
4
- data.tar.gz: 058a24349db38b81fb048eb9a464493c47701559
3
+ metadata.gz: 9b32988ef82af1b5bc9323a1e13f11ff52050424
4
+ data.tar.gz: a95fc8544d469c7c39c124f313660369e91861e7
5
5
  SHA512:
6
- metadata.gz: 269e9d7410ab40a60c21bd3625b948e3cd96ca0e4712109dab73c7debf413a4ed94fcbb0ebeb48332f43567e908d9780bffe87169d5cd5cd6a6b7d8472d16699
7
- data.tar.gz: 2cf93eb463b09b39e2da84b575e38c7fd016de82089d7b7815d1bc265b670b65023aba0f5f28c54ea234bdc64c407a49801ab1e89e581c55df1bb739c644e4ed
6
+ metadata.gz: 3243c2102311fb10531ac3a67f736c721177abbd4ca357b632e44c87b118a3661d6965c14258e071352338e34f9fa4c231cf4ac19dd109a6a4f1820b222332b0
7
+ data.tar.gz: 4159203ed939061675a3dc924fc508af9553b05787e716faa3ed5ce8ed996ac3b21ffed53cd4f917e0cfaae63dfd1eaf49874abcf476c9e454e32360267661fb
data/README.md CHANGED
@@ -16,8 +16,9 @@ When on step 3 (**Configure Instance Details**), expand **Advanced Details** and
16
16
 
17
17
  ```
18
18
  #!/bin/bash
19
+ REGION=`curl http://169.254.169.254/latest/dynamic/instance-identity/document|grep region|awk -F\" '{print $4}'`
19
20
  cd /tmp
20
- curl https://amazon-ssm-ap-southeast-2.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm
21
+ curl https://amazon-ssm-${REGION}.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm
21
22
  yum install -y amazon-ssm-agent.rpm
22
23
  curl https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip -o ngrok.zip
23
24
  unzip ngrok.zip
@@ -52,12 +53,14 @@ Parameters:
52
53
  Subcommands:
53
54
  kill Terminate ngrok tunnel
54
55
  ssh SSH into the jumpbox
56
+ sshuttle Use jumpbox for sshuttle VPN
55
57
 
56
58
  Options:
57
59
  --instance-id INSTANCE ID EC2 instance id of jump box (e.g. i-abc123)
58
60
  --name INSTANCE NAME EC2 instance name of jump box
59
61
  --ngrok-token NGROK TOKEN ngrok auth token
60
62
  --ngrok-region NGROK REGION ngrok region (default: "us")
63
+ --ssh-user SSH USER SSH user (default: "ec2-user")
61
64
  -v, --verbose Output AWS API calls
62
65
  -h, --help print help
63
66
 
@@ -67,12 +70,11 @@ Usage:
67
70
 
68
71
  Parameters:
69
72
  [SSHPARAMS] ... Arguments to pass to SSH
70
-
71
- Options:
72
- --ssh-user SSH USER SSH user (default: "ec2-user")
73
73
  ```
74
74
 
75
- Often you will want to use the jumpbox as an intermediary in order to connect to a second instance. This can be done using SSH port forwarding, e.g. `vpcjump --ngrok-token <auth token> --instance-id i-abc123 ssh -- -L 3389:172.16.0.1:3389` - This will let you to connect to Microsoft Remote Desktop on 127.0.0.1 and it will connect to the remote instance!
75
+ Often you will want to use the jumpbox as an intermediary in order to connect to a second instance. This can be done using SSH port forwarding, e.g. `vpcjump --ngrok-token <auth token> --instance-id i-abc123 ssh -- -L 3389:172.16.0.1:3389` - This will let you to connect to Microsoft Remote Desktop on 127.0.0.1 and it will connect to the remote instance.
76
+
77
+ Even better is [`sshuttle`](http://sshuttle.readthedocs.io/en/stable/). It transparently creates a VPN-like connection over SSH and allows you to connect to resources within the VPC directly. Simply type `vpcjump --ngrok-token <auth token> --instance-id i-abc123 sshuttle`. Then you can type something like `ssh ec2-user@172.16.0.1` in another window and you're in. 👍
76
78
 
77
79
  Finally, you may wish to terminate the jumpbox tunnel early. This can be done as such: `vpcjump --instance-id i-abc123 kill`.
78
80
 
@@ -85,3 +87,14 @@ Finally, you may wish to terminate the jumpbox tunnel early. This can be done as
85
87
  * Execute `ssh -p <ngrok port> <ssh user>@<ngrok host>` to log into your jumpbox through the ngrok tunnel.
86
88
  * Use SSM to execute `killall ngrok` on the remote instance when you explicitly terminate the tunnel. If you don't do this, the SSM agent process on the remote instance will terminate the ngrok tunnel after a predefined period.
87
89
 
90
+
91
+ ## Required permissions
92
+
93
+ To use `vpcjump` once you have a jumpbox up and running you will need the following permissions:
94
+
95
+ * `ssm:SendCommand`
96
+ * `ssm:ListCommandInvocations`
97
+ * `ec2:DescribeInstances`
98
+ * `ec2:DescribeVpcs`
99
+
100
+ The last two are only required for the `sshuttle` subcommand to determine the VPC CIDR block that you are jumping into.
@@ -11,6 +11,7 @@ module VpcJump
11
11
  option '--name', 'INSTANCE NAME', 'EC2 instance name of jump box'
12
12
  option '--ngrok-token', 'NGROK TOKEN', 'ngrok auth token'
13
13
  option '--ngrok-region', 'NGROK REGION', 'ngrok region', default: 'us'
14
+ option '--ssh-user', 'SSH USER', 'SSH user', default: 'ec2-user'
14
15
  option ['-v', '--verbose'], :flag, 'Output AWS API calls'
15
16
 
16
17
  subcommand 'kill', 'Terminate ngrok tunnel' do
@@ -23,7 +24,6 @@ module VpcJump
23
24
  end
24
25
 
25
26
  subcommand 'ssh', 'SSH into the jumpbox' do
26
- option '--ssh-user', 'SSH USER', 'SSH user', default: 'ec2-user'
27
27
  parameter '[SSHPARAMS] ...', 'Arguments to pass to SSH'
28
28
 
29
29
  def default_sshparams_list
@@ -33,27 +33,28 @@ module VpcJump
33
33
  def execute
34
34
  Aws.config[:logger] = Logger.new($stdout) if verbose?
35
35
 
36
- id = instance_id
36
+ uri = ssh_uri
37
+ cmd = "ssh -p #{uri.port} #{sshparams_list.join(' ')} #{ssh_user}@#{uri.hostname}"
37
38
 
38
- ssm_exec id, "ngrok tcp --log stdout --region #{ngrok_region} --authtoken #{ngrok_token} 22"
39
- sleep 20
39
+ puts cmd if verbose?
40
+ exec cmd
41
+ end
42
+ end
40
43
 
41
- tunnels = []
44
+ subcommand 'sshuttle', 'Use jumpbox for sshuttle VPN' do
45
+ def execute
46
+ Aws.config[:logger] = Logger.new($stdout) if verbose?
42
47
 
43
- loop do
44
- resp = ssm_exec id, 'curl -s http://localhost:4040/api/tunnels'
45
- output = ssm_output resp.command_id
46
- json = JSON.parse output
47
- tunnels = json['tunnels']
48
- break if tunnels.length > 0
49
- end
48
+ ec2 = Aws::EC2::Client.new
49
+
50
+ instance_info = ec2.describe_instances instance_ids: [instance_id]
51
+ vpc_id = instance_info.reservations[0].instances[0].vpc_id
52
+ vpc_info = ec2.describe_vpcs vpc_ids: [vpc_id]
53
+ cidr = vpc_info.vpcs[0].cidr_block
50
54
 
51
- url = tunnels[0]['public_url']
52
- uri = URI.parse url
53
- port = uri.port
54
- host = uri.hostname
55
+ uri = ssh_uri
56
+ cmd = "sshuttle -r #{ssh_user}@#{uri.hostname}:#{uri.port} #{cidr}"
55
57
 
56
- cmd = "ssh -p #{port} #{sshparams_list.join(' ')} #{ssh_user}@#{host}"
57
58
  puts cmd if verbose?
58
59
  exec cmd
59
60
  end
@@ -73,6 +74,26 @@ module VpcJump
73
74
  resp.command
74
75
  end
75
76
 
77
+ def ssh_uri
78
+ id = instance_id
79
+
80
+ ssm_exec id, "ngrok tcp --log stdout --region #{ngrok_region} --authtoken #{ngrok_token} 22"
81
+ sleep 20
82
+
83
+ tunnels = []
84
+
85
+ loop do
86
+ resp = ssm_exec id, 'curl -s http://localhost:4040/api/tunnels'
87
+ output = ssm_output resp.command_id
88
+ json = JSON.parse output
89
+ tunnels = json['tunnels']
90
+ break if tunnels.length > 0
91
+ end
92
+
93
+ url = tunnels[0]['public_url']
94
+ URI.parse url
95
+ end
96
+
76
97
  def ssm_output(command_id)
77
98
  ssm = Aws::SSM::Client.new
78
99
 
@@ -1,3 +1,3 @@
1
1
  module Vpcjump
2
- VERSION = '0.1.0'
2
+ VERSION = '0.2.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vpcjump
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aidan Steele
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-11-15 00:00:00.000000000 Z
11
+ date: 2016-12-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler