Hacker News new | ask | show | jobs
by xomodo 2128 days ago
For accessing aws ec2 instances behind nat/fw add this lines ~/.ssh/config:

  Host i-* mi-*
   ProxyCommand sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
   UserKnownHostsFile /dev/null
   StrictHostKeyChecking no
   User ubuntu
   LogLevel ERROR
   DynamicForward 5060
Usage: `ssh -i key.pem i-0xxxxxxxxxx`. Last config line can be used for optional proxy browsing.
1 comments
whalesalad 2128 days ago
This is a game changer. I have a bastion host in certain environments I never realized AWS has built in kit to achieve this sort of thing. I assume the key product here is SSM?
link
mwakerman 2128 days ago
Correct. It’s not always this simple though, you also need an IAM profile that the EC2 instance can assume with the required permissions. Depending on how you configure your NAT Instance/Gateway, you may also need to whitelist the ssm service.
link
xomodo 2128 days ago
Im using this IAM policy on ec2 instance profile: "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
link