The latest articles on Forem by Panickos Neophytou (@panickos). https://forem.com/panickos https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1157826%2F17b43f85-b949-43f0-84dd-65b86bf5de5a.jpeg https://forem.com/panickos en Panickos Neophytou Wed, 08 May 2024 15:18:40 +0000 https://forem.com/panickos/ssh-to-your-aws-ec2-instances-using-ec2-connect-eice-using-this-alias-289l https://forem.com/panickos/ssh-to-your-aws-ec2-instances-using-ec2-connect-eice-using-this-alias-289l <p>We recently switched all of our EC2 instances to use EC2-connect to gain CLI access to all the servers. This mean no more SSH keys. We now use AWS SSO to authenticate our local machine's shell and then use the aws cli utilities to connect to each server using EC2-connect with an EC2 Instance Connect Endpoint (<a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-using-eice.html">https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-using-eice.html</a>)</p> <p>We wrote ourselves a little shell function to alias ssh'ing to any server in any region without having to know the instance id. You just need to know something from the server's name and optionally the server's region.</p> <p>Here is the function you can include in your <code>.bashrc</code> file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="k">function </span>nb-ssh-eice<span class="o">(){</span> <span class="nb">local</span> <span class="nt">-r</span> <span class="nv">query</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">1</span><span class="k">}</span><span class="s2">"</span> <span class="nb">local</span> <span class="nt">-r</span> <span class="nv">region_in</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">2</span><span class="k">}</span><span class="s2">"</span> <span class="nb">declare</span> <span class="nt">-a</span> all_regions <span class="k">if</span> <span class="o">[</span> <span class="nt">-z</span> <span class="nv">$region_in</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nv">all_regions</span><span class="o">=(</span><span class="si">$(</span>aws ec2 describe-regions <span class="nt">--query</span> <span class="s2">"Regions[].RegionName"</span> <span class="nt">--output</span> json | jq <span class="nt">-r</span> <span class="s1">'.[]'</span><span class="si">)</span><span class="o">)</span> <span class="k">else </span>all_regions+<span class="o">=(</span><span class="s2">"</span><span class="nv">$region_in</span><span class="s2">"</span><span class="o">)</span> <span class="k">fi for </span>region <span class="k">in</span> <span class="s2">"</span><span class="k">${</span><span class="nv">all_regions</span><span class="p">[@]</span><span class="k">}</span><span class="s2">"</span><span class="p">;</span> <span class="k">do </span><span class="nb">echo</span> <span class="s2">"looking in </span><span class="k">${</span><span class="nv">region</span><span class="k">}</span><span class="s2"> for </span><span class="k">${</span><span class="nv">query</span><span class="k">}</span><span class="s2">..."</span> <span class="nv">instance_id</span><span class="o">=</span><span class="si">$(</span>aws ec2 describe-instances <span class="nt">--region</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">region</span><span class="k">}</span><span class="s2">"</span> <span class="nt">--filter</span> <span class="s2">"Name=tag:Name,Values=</span><span class="k">${</span><span class="nv">query</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> <span class="s1">'Name=instance-state-name,Values=running'</span> <span class="se">\</span> <span class="nt">--query</span> <span class="s1">'Reservations[].Instances[].InstanceId'</span> <span class="se">\</span> <span class="nt">--output</span> text<span class="si">)</span> <span class="k">done if</span> <span class="o">[</span> <span class="nt">-z</span> <span class="s2">"</span><span class="k">${</span><span class="nv">instance_id</span><span class="k">}</span><span class="s2">"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"EC2 instance not found."</span> <span class="k">elif</span> <span class="o">[</span> <span class="si">$(</span><span class="nb">echo</span> <span class="s2">"</span><span class="k">${</span><span class="nv">instance_id</span><span class="k">}</span><span class="s2">"</span> | <span class="nb">wc</span> <span class="nt">-w</span><span class="si">)</span> <span class="nt">-gt</span> 1 <span class="o">]</span><span class="p">;</span> <span class="k">then </span><span class="nb">echo</span> <span class="s2">"Multiple EC2 instances found matching your query. Narrow down your query."</span> <span class="k">else </span><span class="nb">echo</span> <span class="s2">"---------------------------------------------------------------------------"</span> <span class="nb">echo</span> <span class="s2">"--- Logging into: Instance-Id: </span><span class="k">${</span><span class="nv">instance_id</span><span class="k">}</span><span class="s2"> -- Region: </span><span class="k">${</span><span class="nv">region</span><span class="k">}</span><span class="s2">"</span> <span class="nb">echo</span> <span class="s2">"---------------------------------------------------------------------------"</span> aws ec2-instance-connect ssh <span class="nt">--region</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">region</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--os-user</span> ubuntu <span class="se">\</span> <span class="nt">--instance-id</span><span class="o">=</span><span class="s2">"</span><span class="k">${</span><span class="nv">instance_id</span><span class="k">}</span><span class="s2">"</span> <span class="se">\</span> <span class="nt">--connection-type</span> eice <span class="k">fi</span> <span class="o">}</span> </code></pre> </div> <ol> <li>It takes two arguments: query and region_in.</li> <li>It first checks if region_in is empty. If it is, it retrieves all AWS regions using the AWS CLI (aws ec2 describe-regions), otherwise, it adds the provided region to the all_regions array.</li> <li>Then, for each region in the all_regions array, it searches for instances matching the provided query using the AWS CLI (aws ec2 describe-instances). It filters the instances by their state (running) and extracts their instance IDs.</li> <li>If no instances are found, it outputs "EC2 instance not found."</li> <li>If multiple instances are found, it outputs "Multiple EC2 instances found matching your query. Narrow down your query."</li> <li>If a single instance is found, it outputs information about the instance (ID and region) and initiates an SSH connection to the instance using the AWS EC2 Instance Connect feature (aws ec2-instance-connect ssh).</li> </ol> <p>Examples:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>ssh-eice "*test1" us-east-2 </code></pre> </div> <p>You can even pass a command to run remotely:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>echo "ls -la" | ssh-eice "*test1" us-east-2 </code></pre> </div> <p>I hope this helps save you some time as it did for us.</p> aws ssh search