aws ec2.py companion script to generate sshconfigs with auto bastion host discovery

Related tags

General Utilitiesec2-bastion-sshconfig
Overview

ec2-bastion-sshconfig

This script will interate over instances found by ec2.py and if those instances are not publically accessible it will search the associated VPC for any public instance that can be used as a bastion. Additionally it will create host aliases for any DNS records found in route53 that match the instance's IP(s) and CNAME records. The resulting output can be added to your ~/.ssh/config.

Requirements

This scipt depends on the ec2.py script and ec2.ini configuration file to work. You also need a working AWS_PROFILE as expected by the boto module.

Assumptions

  • ec2.py and ec2.ini are installed.
  • group_by_vpc_id = True in ec2.ini
  • SSH keys are named on your filesystem to the value of ec2_key_name. (You can use symlinks)

Setup environment

Create a python environment for testing

# python3 -m venv ec2-bastion-sshconfig

Enter the environment

# source ec2-bastion-sshconfig/bin/activate

Install required python modules

# pip install -r requirements.txt

Set ENV vars

# export AWS_PROFILE=default
# export EC2_INI_PATH=/usr/local/etc/ec2.ini

Run

# ./ec2-bastion-sshconfig.py -h
usage: ec2-bastion-sshconfig.py [-h] [--profile PROFILE] [--ec2Py EC2PY]
                                [--ec2PyINI EC2PYINI] [--sshUser SSHUSER]
                                [--sshKeyPATH SSHKEYPATH] [--sshPort SSHPORT]
                                [--debug DEBUG] [--awsDNSProfile AWSDNSPROFILE]
                                [--tld TLD]

optional arguments:
  -h, --help            show this help message and exit
  --profile PROFILE     Specify AWS credential profile to use.
  --ec2Py EC2PY         inventory script to use.
  --ec2PyINI EC2PYINI   inventory config file to use
  --sshUser SSHUSER     SSH username
  --sshKeyPATH SSHKEYPATH
                        PATH to SSH keys
  --sshPort SSHPORT     Alternate SSH port
  --debug DEBUG         Set to True to enable debug msgs
  --awsDNSProfile AWSDNSPROFILE
                        The AWS profile used to interact with route53
  --tld TLD             tld to append to hostnames
Option Description Default
--profile AWS_PROFILE used to run ec2.py $AWS_PROFILE
--ec2Py Full path to the ec2.py script $PATH
--ec2PyINI Full path to the ec2.ini configuration file $EC2_INI_PATH
--sshUser Username to populate the User parameter in ~/.ssh/config. If set the IdentityFile parameter will be set to the value of ec2_key_name found by ec2.py. (requires --sshKeyPATH) $USER
--sshKeyPATH Full path to local folder containing ssh key files. None
--sshPort Alternate port to try in addition to the default SSH port "22"
--debug Show debug messages False
awsDNSProfile AWS_PROFILE used to read from route53 "default"
--tld DNS zone for which your instances belong "example.com"

Example

# python ./ec2-bastion-sshconfig.py \
  --profile test \
  --ec2Py /usr/local/bin/ec2.py \
  --ec2PyINI /usr/local/etc/ec2.ini \
  --sshUser ec2_user \
  --sshKeyPATH ~/.ssh/ec2_keys \
  --sshPort 2222 \
  --awsDNSProfile default \
  --tld example.com | tee -a ~/.ssh/conf.d/example.com

##################################################
####   vpc-99999999999999999   ###################
##################################################

# <--
Host bastion bastion.example.com i-99999999999999999
  ForwardAgent yes
  StrictHostKeyChecking no
  Hostname 1.2.3.257
  Port 2222
  User ec2_user
  IdentityFile /data/home/username/.ssh/ec2_keys/test.pem
# -->

# <--
Host web-1 web-1.example.com i-99999999999999991
  ForwardAgent yes
  StrictHostKeyChecking no
  Hostname 10.0.0.4
  User ec2_user
  IdentityFile /data/home/username/.ssh/ec2_keys/test.pem
  ProxyJump bastion
# -->

# <--
Host web-2 web-2.example.com i-99999999999999992
  ForwardAgent yes
  StrictHostKeyChecking no
  Hostname 10.0.0.5
  User ec2_user
  IdentityFile /data/home/username/.ssh/ec2_keys/test.pem
  ProxyJump bastion
# -->
Owner
Steve Melo
Steve Melo
GitHub Repository
Auto-generate /etc/hosts for HackTheBox machines

Auto-generate /etc/hosts for HackTheBox machines Save yourself some tedium on getting started on a new machine by having your /etc/hosts ready to go.

3 Feb 16, 2022
Brainfuck rollup scaling experiment for fun

Optimistic Brainfuck Ever wanted to run Brainfuck on ethereum? Don't ask, now you can! And at a fraction of the cost, thanks to optimistic rollup tech

Diederik Loerakker 48 Dec 28, 2022
A simple Python app that generates semi-random chord progressions.

chords-generator A simple Python app that generates semi-random chord progressions.

53 Sep 07, 2022
Fraud Multiplication Table Detection in python

Fraud-Multiplication-Table-Detection-in-python In this program, I have detected fraud multiplication table using python without class. Here, I have co

Sachin Vinayak Dabhade 4 Sep 24, 2021
A python package for your Kali Linux distro that find the fastest mirror and configure your apt to use that mirror

Kali Mirror Finder Using Single Python File A python package for your Kali Linux distro that find the fastest mirror and configure your apt to use tha

MrSingh 6 Dec 12, 2022
Use generator for range function

Use the generator for the range function! installation method: pip install yrange How to use: First import yrange in your application. You can then wo

1 Oct 28, 2021
Allows you to canibalize methods from classes effectively implementing trait-oriented programming

About This package enables code reuse in non-inheritance way from existing classes, effectively implementing traits-oriented programming pattern. Stor

1 Dec 13, 2021
A repository containing several general purpose Python scripts to automate daily and common tasks.

General Purpose Scripts Introduction This repository holds a curated list of Python scripts which aim to help us automate daily and common tasks. You

GDSC RCCIIT 46 Dec 25, 2022
ZX Spectrum Utilities: (zx-spectrum-utils)

Here are a few utility programs that can be used with the zx spectrum. The ZX Spectrum is one of the first home computers from the early 1980s.

Graham Oakes 4 Mar 07, 2022
✨ Un bot Twitter totalement fait en Python par moi, et en français.

Twitter Bot ❗ Un bot Twitter totalement fait en Python par moi, et en français. Il faut remplacer auth = tweepy.OAuthHandler(consumer_key, consumer_se

MrGabin 3 Jun 06, 2021
Personal Toolbox Package

Jammy (Jam) A personal toolbox by Qsh.zh. Usage setup For core package, run pip install jammy To access functions in bin git clone https://gitlab.com/

5 Sep 16, 2022
Backup a folder to an another folder by using mirror update method.

Mirror Update Backup Backup a folder to an another folder by using mirror update method. How to use Install requirement pip install -r requirements.tx

1 Nov 21, 2022
A simple language and reference decompiler/compiler for MHW THK Files

Leviathon A simple language and reference decompiler/compiler for MHW THK Files. Project Goals The project aims to define a language specification for

11 Jan 07, 2023
Lock files using python and cmd

Python_Lock_Files Lock files using python and cmd license feel free to do whatever you want to with these files, i dont take any responsibility tho, u

1 Nov 01, 2021
Kanye West Lyrics Generator

aikanye Kanye West Lyrics Generator Python script for generating Kanye West lyrics Put kanye.txt in the same folder as the python script and run "pyth

4 Jan 21, 2022
Course-parsing - Parsing Course Info for NIT Kurukshetra

Parsing Course Info for NIT Kurukshetra Overview This repository houses code for

Saksham Mittal 3 Feb 03, 2022
Simple web index to use bloom filter for Pwned Passwords

pwbloom Simple web index to use bloom filter for Pwned Passwords The index.py runs a simple CGI web service checking passwords with a bloom filter for

Hanno Böck 4 Nov 23, 2021
Shypan, a simple, easy to use, full-featured library written in Python.

Shypan, a simple, easy to use, full-featured library written in Python.

ShypanLib 4 Dec 08, 2021
'ToolBurnt' A Set Of Tools In One Place =}

'ToolBurnt' A Set Of Tools In One Place =}

MasterBurnt 5 Sep 10, 2022
WindowsDebloat - Windows Debloat with python

Windows Debloat 🗑️ Quickly and easily configure Windows 10. Disclaimer I am NOT

1 Mar 26, 2022