aws ec2.py companion script to generate sshconfigs with auto bastion host discovery

Related tags

General Utilitiesec2-bastion-sshconfig
Overview

ec2-bastion-sshconfig

This script will interate over instances found by ec2.py and if those instances are not publically accessible it will search the associated VPC for any public instance that can be used as a bastion. Additionally it will create host aliases for any DNS records found in route53 that match the instance's IP(s) and CNAME records. The resulting output can be added to your ~/.ssh/config.

Requirements

This scipt depends on the ec2.py script and ec2.ini configuration file to work. You also need a working AWS_PROFILE as expected by the boto module.

Assumptions

  • ec2.py and ec2.ini are installed.
  • group_by_vpc_id = True in ec2.ini
  • SSH keys are named on your filesystem to the value of ec2_key_name. (You can use symlinks)

Setup environment

Create a python environment for testing

# python3 -m venv ec2-bastion-sshconfig

Enter the environment

# source ec2-bastion-sshconfig/bin/activate

Install required python modules

# pip install -r requirements.txt

Set ENV vars

# export AWS_PROFILE=default
# export EC2_INI_PATH=/usr/local/etc/ec2.ini

Run

# ./ec2-bastion-sshconfig.py -h
usage: ec2-bastion-sshconfig.py [-h] [--profile PROFILE] [--ec2Py EC2PY]
                                [--ec2PyINI EC2PYINI] [--sshUser SSHUSER]
                                [--sshKeyPATH SSHKEYPATH] [--sshPort SSHPORT]
                                [--debug DEBUG] [--awsDNSProfile AWSDNSPROFILE]
                                [--tld TLD]

optional arguments:
  -h, --help            show this help message and exit
  --profile PROFILE     Specify AWS credential profile to use.
  --ec2Py EC2PY         inventory script to use.
  --ec2PyINI EC2PYINI   inventory config file to use
  --sshUser SSHUSER     SSH username
  --sshKeyPATH SSHKEYPATH
                        PATH to SSH keys
  --sshPort SSHPORT     Alternate SSH port
  --debug DEBUG         Set to True to enable debug msgs
  --awsDNSProfile AWSDNSPROFILE
                        The AWS profile used to interact with route53
  --tld TLD             tld to append to hostnames
Option Description Default
--profile AWS_PROFILE used to run ec2.py $AWS_PROFILE
--ec2Py Full path to the ec2.py script $PATH
--ec2PyINI Full path to the ec2.ini configuration file $EC2_INI_PATH
--sshUser Username to populate the User parameter in ~/.ssh/config. If set the IdentityFile parameter will be set to the value of ec2_key_name found by ec2.py. (requires --sshKeyPATH) $USER
--sshKeyPATH Full path to local folder containing ssh key files. None
--sshPort Alternate port to try in addition to the default SSH port "22"
--debug Show debug messages False
awsDNSProfile AWS_PROFILE used to read from route53 "default"
--tld DNS zone for which your instances belong "example.com"

Example

# python ./ec2-bastion-sshconfig.py \
  --profile test \
  --ec2Py /usr/local/bin/ec2.py \
  --ec2PyINI /usr/local/etc/ec2.ini \
  --sshUser ec2_user \
  --sshKeyPATH ~/.ssh/ec2_keys \
  --sshPort 2222 \
  --awsDNSProfile default \
  --tld example.com | tee -a ~/.ssh/conf.d/example.com

##################################################
####   vpc-99999999999999999   ###################
##################################################

# <--
Host bastion bastion.example.com i-99999999999999999
  ForwardAgent yes
  StrictHostKeyChecking no
  Hostname 1.2.3.257
  Port 2222
  User ec2_user
  IdentityFile /data/home/username/.ssh/ec2_keys/test.pem
# -->

# <--
Host web-1 web-1.example.com i-99999999999999991
  ForwardAgent yes
  StrictHostKeyChecking no
  Hostname 10.0.0.4
  User ec2_user
  IdentityFile /data/home/username/.ssh/ec2_keys/test.pem
  ProxyJump bastion
# -->

# <--
Host web-2 web-2.example.com i-99999999999999992
  ForwardAgent yes
  StrictHostKeyChecking no
  Hostname 10.0.0.5
  User ec2_user
  IdentityFile /data/home/username/.ssh/ec2_keys/test.pem
  ProxyJump bastion
# -->
Owner
Steve Melo
Steve Melo
GitHub Repository
Two fast AUC calculation implementations for python

fastauc Two fast AUC calculation implementations for python: python-based is approximately 5X faster than the default sklearn.metrics.roc_auc_score()

Vsevolod Kompantsev 26 Dec 11, 2022
Simplex using Jordan exchanges taught in 236A

Simplex for 236A Python script to solve LP using simplex by Jordan exchanges taught in 236A. You will need python installed along with the 'numpy' and

Kunal Kishore 1 Nov 30, 2021
Fraud Multiplication Table Detection in python

Fraud-Multiplication-Table-Detection-in-python In this program, I have detected fraud multiplication table using python without class. Here, I have co

Sachin Vinayak Dabhade 4 Sep 24, 2021
Simple web index to use bloom filter for Pwned Passwords

pwbloom Simple web index to use bloom filter for Pwned Passwords The index.py runs a simple CGI web service checking passwords with a bloom filter for

Hanno Böck 4 Nov 23, 2021
A simulator for xkcd 2529's weirdly concrete problem

What is this? This is a quick hack implementation of a simulator for xkcd 2529's weirdly concrete problem. This is barely tested and I suck at computa

Reuben Steenekamp 6 Oct 27, 2021
Finds price floor for every single attribute in a given collection

Solana Solanart Scanner Enjoy the Free Code Steps to run Download VS Code

Dalton Nisbett 19 Oct 20, 2022
Python library to decorate and beautify strings

outputformat Python library to decorate and beautify your standard output 💖 Ins

Felipe Delestro Matos 259 Dec 13, 2022
Import the module and create an object of the class LocalVariable.

LocalVariable Import the module and create an object of the class LocalVariable. Call the save method with the name and the value of a variable as arg

Sajedur Rahman Fiad 2 Dec 14, 2022
A Python library for reading, writing and visualizing the OMEGA Format

A Python library for reading, writing and visualizing the OMEGA Format, targeted towards storing reference and perception data in the automotive context on an object list basis with a focus on an urb

Institut für Kraftfahrzeuge, RWTH Aachen, ika 12 Sep 01, 2022
Group imports from Windows binaries

importsort This is a tool that I use to group imports from Windows binaries. Sometimes, you have a gigantic folder full of executables, and you want t

【☆ ゆう ☆ 】 15 Aug 27, 2022
Allows you to canibalize methods from classes effectively implementing trait-oriented programming

About This package enables code reuse in non-inheritance way from existing classes, effectively implementing traits-oriented programming pattern. Stor

1 Dec 13, 2021
Adding two matrix from scratch using python.

Adding-two-matrix-from-scratch-using-python. Here, I have take two matrix from user and add it without using any library. I made this program from scr

Sachin Vinayak Dabhade 4 Sep 24, 2021
NFT-Generator is the best way to generate thousands of NFTs quick and easily with Python.

NFT-Generator is the best way to generate thousands of NFTs quick and easily with Python. Just add your files, set your configuration and run the scri

78 Dec 27, 2022
Color box that provides various colors‘ rgb decimal code.

colorbox Color box that provides various colors‘ rgb decimal code

1 Dec 07, 2021
Display your calendar on the wallpaper.

wallCal Have your calendar appear as the wallpaper. disclaimer Use at your own risk. Don't blame me if you miss a meeting :-) Some parts of the script

7 Jun 14, 2022
JeNot - A tool to notify you when Jenkins builds are done.

JeNot - Jenkins Notifications NOTE: under construction, buggy, and not production-ready What A tool to notify you when Jenkins builds are done. Why Je

1 Jun 24, 2022
Monte Carlo simulation of 3G rules

mc3g Monte Carlo simulation of 3G rules This project contains the Python code to do simulations of events according to the 3G rule (in German: "Geimpf

Jan Christoph Terasa 4 Nov 01, 2021
Local backup made easy, with Python and shutil

KTBackup BETA Local backup made easy, with Python and shutil Features One-command backup and restore Minimalistic (only using stdlib) Convenient direc

kelptaken 1 Dec 27, 2021
This tool lets you perform some quick tasks for CTFs and Pentesting.

This tool lets you convert strings and numbers between number bases (2, 8, 10 and 16) as well as ASCII text. You can use the IP address analyzer to find out details on IPv4 and perform abbreviation a

Ayomide Ayodele-Soyebo 1 Jul 16, 2022
API for obtaining results from the Beery-Bukenica test of the visomotor integration development (VMI) 4th edition.

VMI API API for obtaining results from the Beery-Bukenica test of the visomotor integration development (VMI) 4th edition. Install docker-compose up -

Victor Vargas Sandoval 1 Oct 26, 2021