AWS file helper via Private IP and AWS SSM tunnel

[Arsobbiak]

I have a company requirement that all ec2 have to run at private subnets and additionally we are moving to AWS session manager.

As I can see ec2-file.go helpers are supporting only Public IP and there is no support for SSH SSM tunnel. I found as well CheckSsmCommand that is allowing to run the command on ec2 but it is not possible to transfer a file.

I would like to add:

• Support for ssh tunnel via AWS SSM. I would like to base the solution on packer SSM implementation
• Selector of public IP/private IP/AWS SSM connection for Files helpers (aws-files.go)

I'm not sure how to avoid breaking backwards compatibility without copy and pasting all file functions with the new prefix/suffix.

That issue is related to #251 #400

[brikis98]

Most of the SSH code uses the ssh.Host struct. Could you add some sort of parameters to that struct that indicate SSM should be used instead of a key pair?

[danquack]

I dabbled in this for a little, but didn't see an option in golang.org/x/crypto/ssh for a proxy command, but I also didn't dive too much into https://github.com/aws/session-manager-plugin to see if there's a direct hook. It looks like that link to packer ssm is no longer valid @Arsobbiak can you edit your issue with an updated link? Also there's a library that does this that may be useful for a different starting point: https://github.com/gjbae1212/gossm or https://github.com/mmmorris1975/ssm-session-client

[Arsobbiak]

@danquack That is almost a year since I post that issue 😄 . But sadly not sure if I will have time to work on that. Link updated!