vpcjump 0.1.0 → 0.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 91bc9c02d6d0df3b88ee4e7660859087db1666ef
-  data.tar.gz: 058a24349db38b81fb048eb9a464493c47701559
+  metadata.gz: 9b32988ef82af1b5bc9323a1e13f11ff52050424
+  data.tar.gz: a95fc8544d469c7c39c124f313660369e91861e7
 SHA512:
-  metadata.gz: 269e9d7410ab40a60c21bd3625b948e3cd96ca0e4712109dab73c7debf413a4ed94fcbb0ebeb48332f43567e908d9780bffe87169d5cd5cd6a6b7d8472d16699
-  data.tar.gz: 2cf93eb463b09b39e2da84b575e38c7fd016de82089d7b7815d1bc265b670b65023aba0f5f28c54ea234bdc64c407a49801ab1e89e581c55df1bb739c644e4ed
+  metadata.gz: 3243c2102311fb10531ac3a67f736c721177abbd4ca357b632e44c87b118a3661d6965c14258e071352338e34f9fa4c231cf4ac19dd109a6a4f1820b222332b0
+  data.tar.gz: 4159203ed939061675a3dc924fc508af9553b05787e716faa3ed5ce8ed996ac3b21ffed53cd4f917e0cfaae63dfd1eaf49874abcf476c9e454e32360267661fb

data/README.md

@@ -16,8 +16,9 @@ When on step 3 (**Configure Instance Details**), expand **Advanced Details** and
 
 ```
 #!/bin/bash
+REGION=`curl http://169.254.169.254/latest/dynamic/instance-identity/document|grep region|awk -F\" '{print $4}'`
 cd /tmp
-curl https://amazon-ssm-ap-southeast-2.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm
+curl https://amazon-ssm-${REGION}.s3.amazonaws.com/latest/linux_amd64/amazon-ssm-agent.rpm -o amazon-ssm-agent.rpm
 yum install -y amazon-ssm-agent.rpm
 curl https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip -o ngrok.zip
 unzip ngrok.zip
@@ -52,12 +53,14 @@ Parameters:
 Subcommands:
     kill                          Terminate ngrok tunnel
     ssh                           SSH into the jumpbox
+    sshuttle                      Use jumpbox for sshuttle VPN
 
 Options:
     --instance-id INSTANCE ID     EC2 instance id of jump box (e.g. i-abc123)
     --name INSTANCE NAME          EC2 instance name of jump box
     --ngrok-token NGROK TOKEN     ngrok auth token
     --ngrok-region NGROK REGION   ngrok region (default: "us")
+    --ssh-user SSH USER           SSH user (default: "ec2-user")
     -v, --verbose                 Output AWS API calls
     -h, --help                    print help
     
@@ -67,12 +70,11 @@ Usage:
 
 Parameters:
     [SSHPARAMS] ...               Arguments to pass to SSH
-
-Options:
-    --ssh-user SSH USER           SSH user (default: "ec2-user")
 ```
 
-Often you will want to use the jumpbox as an intermediary in order to connect to a second instance. This can be done using SSH port forwarding, e.g. `vpcjump --ngrok-token <auth token> --instance-id i-abc123 ssh -- -L 3389:172.16.0.1:3389` - This will let you to connect to Microsoft Remote Desktop on 127.0.0.1 and it will connect to the remote instance!
+Often you will want to use the jumpbox as an intermediary in order to connect to a second instance. This can be done using SSH port forwarding, e.g. `vpcjump --ngrok-token <auth token> --instance-id i-abc123 ssh -- -L 3389:172.16.0.1:3389` - This will let you to connect to Microsoft Remote Desktop on 127.0.0.1 and it will connect to the remote instance.
+
+Even better is [`sshuttle`](http://sshuttle.readthedocs.io/en/stable/). It transparently creates a VPN-like connection over SSH and allows you to connect to resources within the VPC directly. Simply type `vpcjump --ngrok-token <auth token> --instance-id i-abc123 sshuttle`. Then you can type something like `ssh ec2-user@172.16.0.1` in another window and you're in. 👍
 
 Finally, you may wish to terminate the jumpbox tunnel early. This can be done as such: `vpcjump --instance-id i-abc123 kill`. 
 
@@ -85,3 +87,14 @@ Finally, you may wish to terminate the jumpbox tunnel early. This can be done as
 * Execute `ssh -p <ngrok port> <ssh user>@<ngrok host>` to log into your jumpbox through the ngrok tunnel. 
 * Use SSM to execute `killall ngrok` on the remote instance when you explicitly terminate the tunnel. If you don't do this, the SSM agent process on the remote instance will terminate the ngrok tunnel after a predefined period.
 
+
+## Required permissions
+
+To use `vpcjump` once you have a jumpbox up and running you will need the following permissions:
+
+* `ssm:SendCommand`
+* `ssm:ListCommandInvocations`
+* `ec2:DescribeInstances`
+* `ec2:DescribeVpcs`
+
+The last two are only required for the `sshuttle` subcommand to determine the VPC CIDR block that you are jumping into.

data/exe/vpcjump

@@ -11,6 +11,7 @@ module VpcJump
     option '--name', 'INSTANCE NAME', 'EC2 instance name of jump box'
     option '--ngrok-token', 'NGROK TOKEN', 'ngrok auth token'
     option '--ngrok-region', 'NGROK REGION', 'ngrok region', default: 'us'
+    option '--ssh-user', 'SSH USER', 'SSH user', default: 'ec2-user'
     option ['-v', '--verbose'], :flag, 'Output AWS API calls'
 
     subcommand 'kill', 'Terminate ngrok tunnel' do
@@ -23,7 +24,6 @@ module VpcJump
     end
 
     subcommand 'ssh', 'SSH into the jumpbox' do
-      option '--ssh-user', 'SSH USER', 'SSH user', default: 'ec2-user'
       parameter '[SSHPARAMS] ...', 'Arguments to pass to SSH'
 
       def default_sshparams_list
@@ -33,27 +33,28 @@ module VpcJump
       def execute
         Aws.config[:logger] = Logger.new($stdout) if verbose?
 
-        id = instance_id
+        uri = ssh_uri
+        cmd = "ssh -p #{uri.port} #{sshparams_list.join(' ')} #{ssh_user}@#{uri.hostname}"
 
-        ssm_exec id, "ngrok tcp --log stdout --region #{ngrok_region} --authtoken #{ngrok_token} 22"
-        sleep 20
+        puts cmd if verbose?
+        exec cmd
+      end
+    end
 
-        tunnels = []
+    subcommand 'sshuttle', 'Use jumpbox for sshuttle VPN' do
+      def execute
+        Aws.config[:logger] = Logger.new($stdout) if verbose?
 
-        loop do
-          resp = ssm_exec id, 'curl -s http://localhost:4040/api/tunnels'
-          output = ssm_output resp.command_id
-          json = JSON.parse output
-          tunnels = json['tunnels']
-          break if tunnels.length > 0
-        end
+        ec2 = Aws::EC2::Client.new
+
+        instance_info = ec2.describe_instances instance_ids: [instance_id]
+        vpc_id = instance_info.reservations[0].instances[0].vpc_id
+        vpc_info = ec2.describe_vpcs vpc_ids: [vpc_id]
+        cidr = vpc_info.vpcs[0].cidr_block
 
-        url = tunnels[0]['public_url']
-        uri = URI.parse url
-        port = uri.port
-        host = uri.hostname
+        uri = ssh_uri
+        cmd = "sshuttle -r #{ssh_user}@#{uri.hostname}:#{uri.port} #{cidr}"
 
-        cmd = "ssh -p #{port} #{sshparams_list.join(' ')} #{ssh_user}@#{host}"
         puts cmd if verbose?
         exec cmd
       end
@@ -73,6 +74,26 @@ module VpcJump
       resp.command
     end
 
+    def ssh_uri
+      id = instance_id
+
+      ssm_exec id, "ngrok tcp --log stdout --region #{ngrok_region} --authtoken #{ngrok_token} 22"
+      sleep 20
+
+      tunnels = []
+
+      loop do
+        resp = ssm_exec id, 'curl -s http://localhost:4040/api/tunnels'
+        output = ssm_output resp.command_id
+        json = JSON.parse output
+        tunnels = json['tunnels']
+        break if tunnels.length > 0
+      end
+
+      url = tunnels[0]['public_url']
+      URI.parse url
+    end
+
     def ssm_output(command_id)
       ssm = Aws::SSM::Client.new
 

data/lib/vpcjump/version.rb

@@ -1,3 +1,3 @@
 module Vpcjump
-  VERSION = '0.1.0'
+  VERSION = '0.2.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vpcjump
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.2.0
 platform: ruby
 authors:
 - Aidan Steele
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2016-11-15 00:00:00.000000000 Z
+date: 2016-12-19 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler