vpcjump 0.1.0 → 0.2.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +18 -5
  3. data/exe/vpcjump +38 -17
  4. data/lib/vpcjump/version.rb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 91bc9c02d6d0df3b88ee4e7660859087db1666ef
4
- data.tar.gz: 058a24349db38b81fb048eb9a464493c47701559
3
+ metadata.gz: 9b32988ef82af1b5bc9323a1e13f11ff52050424
4
+ data.tar.gz: a95fc8544d469c7c39c124f313660369e91861e7
5
5
  SHA512:
6
- metadata.gz: 269e9d7410ab40a60c21bd3625b948e3cd96ca0e4712109dab73c7debf413a4ed94fcbb0ebeb48332f43567e908d9780bffe87169d5cd5cd6a6b7d8472d16699
7
- data.tar.gz: 2cf93eb463b09b39e2da84b575e38c7fd016de82089d7b7815d1bc265b670b65023aba0f5f28c54ea234bdc64c407a49801ab1e89e581c55df1bb739c644e4ed
6
+ metadata.gz: 3243c2102311fb10531ac3a67f736c721177abbd4ca357b632e44c87b118a3661d6965c14258e071352338e34f9fa4c231cf4ac19dd109a6a4f1820b222332b0
7
+ data.tar.gz: 4159203ed939061675a3dc924fc508af9553b05787e716faa3ed5ce8ed996ac3b21ffed53cd4f917e0cfaae63dfd1eaf49874abcf476c9e454e32360267661fb
data/README.md CHANGED
@@ -16,8 +16,9 @@ When on step 3 (**Configure Instance Details**), expand **Advanced Details** and
16
16
 
17
17
  ```
18
18
  #!/bin/bash
19
+ REGION=`curl http://169.254.169.254/latest/dynamic/instance-identity/document|grep region|awk -F\" '{print $4}'`
19
20
  cd /tmp
20
- curl https://amazon-ssm-ap-southeast-2.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm
21
+ curl https://amazon-ssm-${REGION}.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm
21
22
  yum install -y amazon-ssm-agent.rpm
22
23
  curl https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip -o ngrok.zip
23
24
  unzip ngrok.zip
@@ -52,12 +53,14 @@ Parameters:
52
53
  Subcommands:
53
54
  kill Terminate ngrok tunnel
54
55
  ssh SSH into the jumpbox
56
+ sshuttle Use jumpbox for sshuttle VPN
55
57
 
56
58
  Options:
57
59
  --instance-id INSTANCE ID EC2 instance id of jump box (e.g. i-abc123)
58
60
  --name INSTANCE NAME EC2 instance name of jump box
59
61
  --ngrok-token NGROK TOKEN ngrok auth token
60
62
  --ngrok-region NGROK REGION ngrok region (default: "us")
63
+ --ssh-user SSH USER SSH user (default: "ec2-user")
61
64
  -v, --verbose Output AWS API calls
62
65
  -h, --help print help
63
66
 
@@ -67,12 +70,11 @@ Usage:
67
70
 
68
71
  Parameters:
69
72
  [SSHPARAMS] ... Arguments to pass to SSH
70
-
71
- Options:
72
- --ssh-user SSH USER SSH user (default: "ec2-user")
73
73
  ```
74
74
 
75
- Often you will want to use the jumpbox as an intermediary in order to connect to a second instance. This can be done using SSH port forwarding, e.g. `vpcjump --ngrok-token <auth token> --instance-id i-abc123 ssh -- -L 3389:172.16.0.1:3389` - This will let you to connect to Microsoft Remote Desktop on 127.0.0.1 and it will connect to the remote instance!
75
+ Often you will want to use the jumpbox as an intermediary in order to connect to a second instance. This can be done using SSH port forwarding, e.g. `vpcjump --ngrok-token <auth token> --instance-id i-abc123 ssh -- -L 3389:172.16.0.1:3389` - This will let you to connect to Microsoft Remote Desktop on 127.0.0.1 and it will connect to the remote instance.
76
+
77
+ Even better is [`sshuttle`](http://sshuttle.readthedocs.io/en/stable/). It transparently creates a VPN-like connection over SSH and allows you to connect to resources within the VPC directly. Simply type `vpcjump --ngrok-token <auth token> --instance-id i-abc123 sshuttle`. Then you can type something like `ssh ec2-user@172.16.0.1` in another window and you're in. 👍
76
78
 
77
79
  Finally, you may wish to terminate the jumpbox tunnel early. This can be done as such: `vpcjump --instance-id i-abc123 kill`.
78
80
 
@@ -85,3 +87,14 @@ Finally, you may wish to terminate the jumpbox tunnel early. This can be done as
85
87
  * Execute `ssh -p <ngrok port> <ssh user>@<ngrok host>` to log into your jumpbox through the ngrok tunnel.
86
88
  * Use SSM to execute `killall ngrok` on the remote instance when you explicitly terminate the tunnel. If you don't do this, the SSM agent process on the remote instance will terminate the ngrok tunnel after a predefined period.
87
89
 
90
+
91
+ ## Required permissions
92
+
93
+ To use `vpcjump` once you have a jumpbox up and running you will need the following permissions:
94
+
95
+ * `ssm:SendCommand`
96
+ * `ssm:ListCommandInvocations`
97
+ * `ec2:DescribeInstances`
98
+ * `ec2:DescribeVpcs`
99
+
100
+ The last two are only required for the `sshuttle` subcommand to determine the VPC CIDR block that you are jumping into.
@@ -11,6 +11,7 @@ module VpcJump
11
11
  option '--name', 'INSTANCE NAME', 'EC2 instance name of jump box'
12
12
  option '--ngrok-token', 'NGROK TOKEN', 'ngrok auth token'
13
13
  option '--ngrok-region', 'NGROK REGION', 'ngrok region', default: 'us'
14
+ option '--ssh-user', 'SSH USER', 'SSH user', default: 'ec2-user'
14
15
  option ['-v', '--verbose'], :flag, 'Output AWS API calls'
15
16
 
16
17
  subcommand 'kill', 'Terminate ngrok tunnel' do
@@ -23,7 +24,6 @@ module VpcJump
23
24
  end
24
25
 
25
26
  subcommand 'ssh', 'SSH into the jumpbox' do
26
- option '--ssh-user', 'SSH USER', 'SSH user', default: 'ec2-user'
27
27
  parameter '[SSHPARAMS] ...', 'Arguments to pass to SSH'
28
28
 
29
29
  def default_sshparams_list
@@ -33,27 +33,28 @@ module VpcJump
33
33
  def execute
34
34
  Aws.config[:logger] = Logger.new($stdout) if verbose?
35
35
 
36
- id = instance_id
36
+ uri = ssh_uri
37
+ cmd = "ssh -p #{uri.port} #{sshparams_list.join(' ')} #{ssh_user}@#{uri.hostname}"
37
38
 
38
- ssm_exec id, "ngrok tcp --log stdout --region #{ngrok_region} --authtoken #{ngrok_token} 22"
39
- sleep 20
39
+ puts cmd if verbose?
40
+ exec cmd
41
+ end
42
+ end
40
43
 
41
- tunnels = []
44
+ subcommand 'sshuttle', 'Use jumpbox for sshuttle VPN' do
45
+ def execute
46
+ Aws.config[:logger] = Logger.new($stdout) if verbose?
42
47
 
43
- loop do
44
- resp = ssm_exec id, 'curl -s http://localhost:4040/api/tunnels'
45
- output = ssm_output resp.command_id
46
- json = JSON.parse output
47
- tunnels = json['tunnels']
48
- break if tunnels.length > 0
49
- end
48
+ ec2 = Aws::EC2::Client.new
49
+
50
+ instance_info = ec2.describe_instances instance_ids: [instance_id]
51
+ vpc_id = instance_info.reservations[0].instances[0].vpc_id
52
+ vpc_info = ec2.describe_vpcs vpc_ids: [vpc_id]
53
+ cidr = vpc_info.vpcs[0].cidr_block
50
54
 
51
- url = tunnels[0]['public_url']
52
- uri = URI.parse url
53
- port = uri.port
54
- host = uri.hostname
55
+ uri = ssh_uri
56
+ cmd = "sshuttle -r #{ssh_user}@#{uri.hostname}:#{uri.port} #{cidr}"
55
57
 
56
- cmd = "ssh -p #{port} #{sshparams_list.join(' ')} #{ssh_user}@#{host}"
57
58
  puts cmd if verbose?
58
59
  exec cmd
59
60
  end
@@ -73,6 +74,26 @@ module VpcJump
73
74
  resp.command
74
75
  end
75
76
 
77
+ def ssh_uri
78
+ id = instance_id
79
+
80
+ ssm_exec id, "ngrok tcp --log stdout --region #{ngrok_region} --authtoken #{ngrok_token} 22"
81
+ sleep 20
82
+
83
+ tunnels = []
84
+
85
+ loop do
86
+ resp = ssm_exec id, 'curl -s http://localhost:4040/api/tunnels'
87
+ output = ssm_output resp.command_id
88
+ json = JSON.parse output
89
+ tunnels = json['tunnels']
90
+ break if tunnels.length > 0
91
+ end
92
+
93
+ url = tunnels[0]['public_url']
94
+ URI.parse url
95
+ end
96
+
76
97
  def ssm_output(command_id)
77
98
  ssm = Aws::SSM::Client.new
78
99
 
@@ -1,3 +1,3 @@
1
1
  module Vpcjump
2
- VERSION = '0.1.0'
2
+ VERSION = '0.2.0'
3
3
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: vpcjump
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.1.0
4
+ version: 0.2.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Aidan Steele
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2016-11-15 00:00:00.000000000 Z
11
+ date: 2016-12-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: bundler