@studion/infra-code-blocks 0.0.7 → 0.0.8

package/README.md

@@ -376,11 +376,12 @@ The [Database](#database) component deploys a database instance inside a private
 and it's not publicly accessible from outside of VPC.
 <br>
 In order to connect to the database we need to deploy the ec2 instance which will be used
-to open an SSH tunnel to the database instance.
+to forward traffic to the database instance.
 <br>
-Because of security reasons, ec2 instance is also deployed inside private subnet
+Because of security reasons, the ec2 instance is also deployed inside a private subnet
 which means we can't directly connect to it. For that purpose, we use AWS System Manager
-which enables us to connect to the ec2 instance even though it's inside private subnet.
+which enables us to connect to the ec2 instance even though it's inside a private subnet.
+The benefit of using AWS SSM is that we don't need a ssh key pair.
 
 ![AWS RDS connection schema](/assets/images/ssm-rds.png)
 
@@ -392,18 +393,6 @@ which enables us to connect to the ec2 instance even though it's inside private
 $ brew install --cask session-manager-plugin
 ```
 
-2. Generate a new ssh key pair or use the existing one.
-
-```bash
-$ ssh-keygen -f my_rsa
-```
-
-3. Set stack config property by running:
-
-```bash
-$ pulumi config set ssh:publicKey "ssh-rsa Z...9= mymac@Studions-MBP.localdomain"
-```
-
 SSM Connect can be enabled by setting `enableSSMConnect` property to `true`.
 
 ```ts
@@ -418,20 +407,13 @@ export const ec2InstanceId = project.ec2SSMConnect?.ec2.id;
 Open up your terminal and run the following command:
 
 ```bash
-$ aws ssm start-session --target EC2_INSTANCE_ID --document-name AWS-StartPortForwardingSession --parameters '{"portNumber":["22"], "localPortNumber":["9999"]}'
-```
-
-Where `EC2_INSTANCE_ID` is an ID of the EC2 instance that is created for you. ID can be
-obtained by exporting it from the stack.
-
-Next, open another terminal window and run the following command:
-
-```bash
-$ ssh ec2-user@localhost -p 9999 -N -L 5555:DATABASE_ADDRESS:DATABASE_PORT -i SSH_PRIVATE_KEY
+$ aws ssm start-session --target EC2_INSTANCE_ID --document-name AWS-StartPortForwardingSessionToRemoteHost --parameters '{"host": ["DATABASE_ADDRESS"], "portNumber":["DATABASE_PORT"], "localPortNumber":["5555"]}'
 ```
 
-Where `DATABASE_ADDRESS` and `DATABASE_PORT` are the address and port of the database instance,
-and `SSH_PRIVATE_KEY` is the path to the SSH private key.
+Where `EC2_INSTANCE_ID` is an ID of the EC2 instance that is created for you
+(ID can be obtained by exporting it from the stack), and
+`DATABASE_ADDRESS` and `DATABASE_PORT` are the address and port of the
+database instance.
 
 And that is it! 🥳
 Now you can use your favorite database client to connect to the database.
@@ -439,9 +421,9 @@ Now you can use your favorite database client to connect to the database.
 ![RDS connection](/assets/images/rds-connection.png)
 
 It is important that for the host you set `localhost` and for the port you set `5555`
-because we have an SSH tunnel open that forwards traffic from localhost:5555 to the
-DATABASE_ADDRESS:DATABASE_PORT. For the user, password, and database field, set values
-which are set in the `Project`.
+because we are port forwarding traffic from
+localhost:5555 to DATABASE_ADDRESS:DATABASE_PORT.
+For the user, password, and database field, set values which are set in the `Project`.
 
 ```ts
 const project = new studion.Project('demo-project', {

package/dist/components/ec2-ssm-connect.d.ts

@@ -3,7 +3,6 @@ import * as aws from '@pulumi/aws';
 import * as awsx from '@pulumi/awsx';
 export type Ec2SSMConnectArgs = {
     vpc: awsx.ec2.Vpc;
-    sshPublicKey: pulumi.Input<string>;
     tags?: pulumi.Input<{
         [key: string]: pulumi.Input<string>;
     }>;
@@ -14,6 +13,5 @@ export declare class Ec2SSMConnect extends pulumi.ComponentResource {
     ec2MessagesVpcEndpoint: aws.ec2.VpcEndpoint;
     ssmMessagesVpcEndpoint: aws.ec2.VpcEndpoint;
     ec2: aws.ec2.Instance;
-    sshKeyPair: aws.ec2.KeyPair;
     constructor(name: string, args: Ec2SSMConnectArgs, opts?: pulumi.ComponentResourceOptions);
 }

package/dist/components/ec2-ssm-connect.js

@@ -56,14 +56,10 @@ class Ec2SSMConnect extends pulumi.ComponentResource {
         const ssmProfile = new aws.iam.InstanceProfile(`${name}-ssm-profile`, {
             role: role.name,
         }, { parent: this, dependsOn: [ssmPolicyAttachment] });
-        this.sshKeyPair = new aws.ec2.KeyPair(`${name}-ec2-keypair`, {
-            publicKey: args.sshPublicKey,
-        }, { parent: this });
         this.ec2 = new aws.ec2.Instance(`${name}-ec2`, {
             ami: 'ami-067d1e60475437da2',
             associatePublicIpAddress: false,
             instanceType: 't2.micro',
-            keyName: this.sshKeyPair.keyName,
             iamInstanceProfile: ssmProfile.name,
             subnetId,
             vpcSecurityGroupIds: [this.ec2SecurityGroup.id],

package/dist/components/project.js

@@ -39,10 +39,8 @@ class Project extends pulumi.ComponentResource {
         this.vpc = this.createVpc();
         this.createServices(services);
         if (args.enableSSMConnect) {
-            const sshConfig = new pulumi.Config('ssh');
             this.ec2SSMConnect = new ec2_ssm_connect_1.Ec2SSMConnect(`${name}-ssm-connect`, {
                 vpc: this.vpc,
-                sshPublicKey: sshConfig.require('publicKey'),
             });
         }
         this.registerOutputs();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@studion/infra-code-blocks",
-  "version": "0.0.7",
+  "version": "0.0.8",
   "description": "Studion common infra components",
   "keywords": [
     "infrastructure",