aws ec2.py companion script to generate sshconfigs with auto bastion host discovery

Overview

ec2-bastion-sshconfig

This script will interate over instances found by ec2.py and if those instances are not publically accessible it will search the associated VPC for any public instance that can be used as a bastion. Additionally it will create host aliases for any DNS records found in route53 that match the instance's IP(s) and CNAME records. The resulting output can be added to your ~/.ssh/config.


Requirements

This scipt depends on the ec2.py script and ec2.ini configuration file to work. You also need a working AWS_PROFILE as expected by the boto module.


Assumptions

  • ec2.py and ec2.ini are installed.
  • group_by_vpc_id = True in ec2.ini
  • SSH keys are named on your filesystem to the value of ec2_key_name. (You can use symlinks)

Setup environment

Create a python environment for testing

# python3 -m venv ec2-bastion-sshconfig

Enter the environment

# source ec2-bastion-sshconfig/bin/activate

Install required python modules

# pip install -r requirements.txt

Set ENV vars

# export AWS_PROFILE=default
# export EC2_INI_PATH=/usr/local/etc/ec2.ini

Run

# ./ec2-bastion-sshconfig.py -h
usage: ec2-bastion-sshconfig.py [-h] [--profile PROFILE] [--ec2Py EC2PY]
                                [--ec2PyINI EC2PYINI] [--sshUser SSHUSER]
                                [--sshKeyPATH SSHKEYPATH] [--sshPort SSHPORT]
                                [--debug DEBUG] [--awsDNSProfile AWSDNSPROFILE]
                                [--tld TLD]

optional arguments:
  -h, --help            show this help message and exit
  --profile PROFILE     Specify AWS credential profile to use.
  --ec2Py EC2PY         inventory script to use.
  --ec2PyINI EC2PYINI   inventory config file to use
  --sshUser SSHUSER     SSH username
  --sshKeyPATH SSHKEYPATH
                        PATH to SSH keys
  --sshPort SSHPORT     Alternate SSH port
  --debug DEBUG         Set to True to enable debug msgs
  --awsDNSProfile AWSDNSPROFILE
                        The AWS profile used to interact with route53
  --tld TLD             tld to append to hostnames
Option Description Default
--profile AWS_PROFILE used to run ec2.py $AWS_PROFILE
--ec2Py Full path to the ec2.py script $PATH
--ec2PyINI Full path to the ec2.ini configuration file $EC2_INI_PATH
--sshUser Username to populate the User parameter in ~/.ssh/config. If set the IdentityFile parameter will be set to the value of ec2_key_name found by ec2.py. (requires --sshKeyPATH) $USER
--sshKeyPATH Full path to local folder containing ssh key files. None
--sshPort Alternate port to try in addition to the default SSH port "22"
--debug Show debug messages False
awsDNSProfile AWS_PROFILE used to read from route53 "default"
--tld DNS zone for which your instances belong "example.com"

Example

# python ./ec2-bastion-sshconfig.py \
  --profile test \
  --ec2Py /usr/local/bin/ec2.py \
  --ec2PyINI /usr/local/etc/ec2.ini \
  --sshUser ec2_user \
  --sshKeyPATH ~/.ssh/ec2_keys \
  --sshPort 2222 \
  --awsDNSProfile default \
  --tld example.com | tee -a ~/.ssh/conf.d/example.com

##################################################
####   vpc-99999999999999999   ###################
##################################################

# <--
Host bastion bastion.example.com i-99999999999999999
  ForwardAgent yes
  StrictHostKeyChecking no
  Hostname 1.2.3.257
  Port 2222
  User ec2_user
  IdentityFile /data/home/username/.ssh/ec2_keys/test.pem
# -->

# <--
Host web-1 web-1.example.com i-99999999999999991
  ForwardAgent yes
  StrictHostKeyChecking no
  Hostname 10.0.0.4
  User ec2_user
  IdentityFile /data/home/username/.ssh/ec2_keys/test.pem
  ProxyJump bastion
# -->

# <--
Host web-2 web-2.example.com i-99999999999999992
  ForwardAgent yes
  StrictHostKeyChecking no
  Hostname 10.0.0.5
  User ec2_user
  IdentityFile /data/home/username/.ssh/ec2_keys/test.pem
  ProxyJump bastion
# -->

Owner
Steve Melo
Steve Melo
A string extractor module for python

A string extractor module for python

Fayas Noushad 4 Jul 19, 2022
This is a package that allows you to create a key-value vault for storing variables in a global context

This is a package that allows you to create a key-value vault for storing variables in a global context. It allows you to set up a keyring with pre-defined constants which act as keys for the vault.

Data Ductus 2 Dec 14, 2022
Python tool to check a web applications compliance with OWASP HTTP response headers best practices

Check Your Head A quick and easy way to check a web applications response headers!

Zak 6 Nov 09, 2021
A python app which aggregates and splits costs from multiple public cloud providers into a csv

Cloud Billing This project aggregates the costs public cloud resources by accounts, services and tags by importing the invoices from public cloud prov

1 Oct 04, 2022
A sys-botbase client for remote control automation of Nintendo Switch consoles. Based on SysBot.NET, written in python.

SysBot.py A sys-botbase client for remote control automation of Nintendo Switch consoles. Based on SysBot.NET, written in python. Setup: Download the

7 Dec 16, 2022
A random cats photos python module

A random cats photos python module

Fayas Noushad 6 Dec 01, 2021
Produce a simulate-able SDF of an arbitrary mesh with convex decomposition.

Mesh-to-SDF converter Given a (potentially nasty, nonconvex) mesh, automatically creates an SDF file that describes that object. The visual geometry i

Greg Izatt 22 Nov 23, 2022
A simple toolchain for moving Remarkable highlights to Readwise

A simple toolchain for moving Remarkable highlights to Readwise

zach wick 20 Dec 20, 2022
Color getter (including method to get random color or complementary color) made out of Python

python-color-getter Color getter (including method to get random color or complementary color) made out of Python Setup pip3 install git+https://githu

Jung Gyu Yoon 2 Sep 17, 2022
This python program will display all SSID usernames and SSID passwords you once connected to your laptop

Windows-Wifi-password-extractor This python program will display all SSID usernames and SSID passwords you once connected to your laptop How to run th

Bhaskar Pal 3 Apr 26, 2022
A python lib for generate random string and digits and special characters or A combination of them

A python lib for generate random string and digits and special characters or A combination of them

Torham 4 Nov 15, 2022
This project is a set of programs that I use to create a README.md file.

This project is a set of programs that I use to create a README.md file.

Tom Dörr 223 Dec 24, 2022
WindowsDebloat - Windows Debloat with python

Windows Debloat 🗑️ Quickly and easily configure Windows 10. Disclaimer I am NOT

1 Mar 26, 2022
Obsidian tools - a Python package for analysing an Obsidian.md vault

obsidiantools is a Python package for getting structured metadata about your Obsidian.md notes and analysing your vault.

Mark Farragher 153 Jan 04, 2023
Airspy-Utils is a small software collection to help with firmware related operations on Airspy HF+ devices.

Airspy-Utils Airspy-Utils is a small software collection to help with firmware related operations on Airspy HF+ devices on Linux (and other free syste

Dhiru Kholia 11 Oct 04, 2022
Python Libraries with functions and constants related to electrical engineering.

ElectricPy Electrical-Engineering-for-Python Python Libraries with functions and constants related to electrical engineering. The functions and consta

Joe Stanley 39 Dec 23, 2022
Astvuln is a simple AST scanner which recursively scans a directory, parses each file as AST and runs specified method.

Astvuln Astvuln is a simple AST scanner which recursively scans a directory, parses each file as AST and runs specified method. Some search methods ar

Bitstamp Security 7 May 29, 2022
Aurin - A quick AUR installer for Arch Linux. Install packages from AUR website in a click.

Aurin - A quick AUR installer for Arch Linux. Install packages from AUR website in a click.

Suleman 51 Nov 04, 2022
Experimental python optimistic rollup fraud-proof generation

Macula Experimental python optimistic rollup fraud-proof generation tech by @protolambda. Working on a python version for brevity and simplicity. See

Diederik Loerakker 30 Sep 01, 2022
Script to rename and resize folders of images

script to rename and resize folders of images

Tega Brain 2 Oct 29, 2021