sigil
sigil copied to clipboard
danmx
AWS SSM Session manager client
sigil
Description
Sigil is the hub of the Great Wheel, a city at the center of the Outlands, the most balanced of neutral areas at the center of the planes. Also known as the "City of Doors" for the multitude of portals to other planes of existence and the Cage since those portals are the only way in or out, it is the setting for most of Planescape: Torment.
Sigil is an AWS SSM Session manager client. Allowing access to EC2 instances without exposing any ports.
Features
- configuration files support (TOML, YAML, JSON, etc.)
- support for different configuration profiles
- lightweight container image
- SSH and SCP support
External dependencies
Local
- AWS session-manager-plugin (version 1.1.17.0+ for SSH support)
Remote
- target EC2 instance must have AWS SSM Agent installed (full guide) (version 2.3.672.0+ for SSH support)
- AWS ec2-instance-connect to use SSH with your own and/or temporary keys
- to support AWS SSM target EC2 instance profile should have AmazonSSMManagedInstanceCore managed IAM policy attached or a specific policy with similar permissions (check About Policies for a Systems Manager Instance Profile and About Minimum S3 Bucket Permissions for SSM Agent)
Documentation
The manual can be found here.
Installation
Homebrew
brew tap danmx/sigil
brew install sigil
or
brew install danmx/sigil/sigil
Docker
docker pull danmx/sigil:0.7
Examples
Usage
Docker:
docker run --rm -it -v "${HOME}"/.sigil:/home/nonroot/.sigil -v "${HOME}"/.aws:/home/.aws danmx/sigil:0.7 list --output-format wide
Binary:
sigil -r eu-west-1 session --type instance-id i-xxxxxxxxxxxxxxxxx
Using with aws-vault:
aws-vault exec AWS_PROFILE -- sigil -r eu-west-1 session --type instance-id i-xxxxxxxxxxxxxxxxx
SSH integration
Add an entry to your ssh_config:
Host i-* mi-*
IdentityFile /tmp/sigil/%h/temp_key
IdentitiesOnly yes
ProxyCommand sigil ssh --port %p --pub-key /tmp/sigil/%h/temp_key.pub --gen-key-pair --os-user %r --gen-key-dir /tmp/sigil/%h/ %h
Host *.compute.internal
IdentityFile /tmp/sigil/%h/temp_key
IdentitiesOnly yes
ProxyCommand sigil ssh --type private-dns --port %p --pub-key /tmp/sigil/%h/temp_key.pub --gen-key-pair --os-user %r --gen-key-dir /tmp/sigil/%h/ %h
and run:
ssh ec2-user@i-123456789
or
ssh [email protected]
Config file
By default configuration file is located in ${HOME}/.sigil/config.toml.
[default]
type = "instance-id"
output-format = "wide"
region = "eu-west-1"
profile = "dev"
interactive = true
Changelog
See CHANGELOG.md
Build
Binaries
To build binaries (development and release) run:
bazelisk build //...
To run specific build use:
bazelisk build --config cross:[darwin|linux|windows]_amd64 :[dev|release]
for working Docker image:
bazelisk build --config cross:linux_amd64 :[dev|release]-image
Container image
To only build docker image run:
bazelisk run :dev-image
It'll create a docker image tagged bazel:dev-image.
Contributions
All contributions are welcomed!
Dev Dependencies
Commits
I'm trying to follow Conventional Commits.
Bootstraping
pre-commit install
pre-commit install --hook-type pre-push
bazelisk sync
License
Apache 2.0
Considerations
Sigil was inspired by xen0l's aws-gate.
danmx