An Interest In:
Web News this Week
- April 21, 2024
- April 20, 2024
- April 19, 2024
- April 18, 2024
- April 17, 2024
- April 16, 2024
- April 15, 2024
April 26, 2022 01:46 pm GMT
Original Link: https://dev.to/entest/setup-vscode-ssh-remote-to-a-private-ec2-instance-via-ssm-dm7
Setup vscode ssh remote to a private EC2 instance via ssm
Summary
With AWS system manager (SSM), it is possible to setup vscode ssh remote to a EC2 in a private subnet, and without open 22 port. GitHub,
- Setup a connection to a private EC2 via SSM
- Setup vscode ssh remote to the EC2 by proxyCommand
- Create the infrastructure by a CDK stack
Reference
Architecture
CDK Stack
- create a VPC with a S3 VPC endpoint
const vpc = new aws_ec2.Vpc( this, 'VpcWithS3Endpoint', { gatewayEndpoints: { S3: { service: aws_ec2.GatewayVpcEndpointAwsService.S3 } } } )
- add system manager VPC interface endpoint
vpc.addInterfaceEndpoint( 'VpcIterfaceEndpointSSM', { service: aws_ec2.InterfaceVpcEndpointAwsService.SSM } )
- create an IAM role for the EC2
const role = new aws_iam.Role( this, 'RoleForEc2ToAccessS3', { roleName: 'RoleForEc2ToAccessS3', assumedBy: new aws_iam.ServicePrincipal('ec2.amazonaws.com'), } )
- role for EC2 to communicate with SSM
role.addManagedPolicy( aws_iam.ManagedPolicy.fromManagedPolicyArn( this, 'PolicySSMMangerAccessS3', 'arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore' ) )
- policy for EC2 to access S3
role.attachInlinePolicy( new aws_iam.Policy( this, 'PolicyForEc2AccessS3', { policyName: 'PolicyForEc2AccessS3', statements: [ new aws_iam.PolicyStatement( { actions: ['s3:*'], resources: ['*'] } ), ] } ) )
- launch an EC2 in a private subnet
const ec2 = new aws_ec2.Instance( this, 'Ec2ConnectVpcEndpointS3', { role: role, keyName: 'hai_ec2_t4g_large', vpc: vpc, instanceName: 'Ec2ConnectVpcEndpointS3', instanceType: aws_ec2.InstanceType.of(aws_ec2.InstanceClass.T2, aws_ec2.InstanceSize.SMALL), machineImage: aws_ec2.MachineImage.latestAmazonLinux(), securityGroup: sg, vpcSubnets: { subnetType: aws_ec2.SubnetType.PRIVATE } } )
Setup a connection to private EC2 via SSM
follow this to install ssm plugin for the local machine
start a ssm session from the local machine
aws ssm start-session --target "EC2-INSTANCE-ID"
Setup vscode ssh remote to the EC2
follow this to nstall ssh remote extension for vscode
generate SSH key pair from the local machine
ssh-keygen -b 4096 -C 'VS Code Remote SSH user' -t rsa
- configure the ~/.ssh/config file
Host ssm-private-ec2 IdentityFile ~/.ssh/id_rsa HostName i-026bb5f5caaf16aa1 User ec2-user ProxyCommand sh -c "~/.ssh/ssm-private-ec2-proxy.sh %h %p"
- create a ssm-private-ec2-proxy.sh file
#!/bin/bashAWS_PROFILE=''AWS_REGION=''MAX_ITERATION=5SLEEP_DURATION=5# Arguments passed from SSH clientHOST=$1PORT=$2echo $HOST# Start ssm sessionaws ssm start-session --target $HOST \ --document-name AWS-StartSSHSession \ --parameters portNumber=${PORT} \ --profile ${AWS_PROFILE} \ --region ${AWS_REGION}
vscode will create a ssh connection to the EC2 via the ProxyCommand script which creates a SSM session under the hood. This is the way vscode ssh remote with cloud9 works
Original Link: https://dev.to/entest/setup-vscode-ssh-remote-to-a-private-ec2-instance-via-ssm-dm7
Share this article:
Tweet
View Full Article
Dev To
An online community for sharing and discovering great ideas, having debates, and making friendsMore About this Source Visit Dev To