ssm-sh
ssm-sh copied to clipboard
Experiment to use SSM RunCommand instead of SSH
SSM shell
Little experiment to mimic SSH by using SSM agent to send commands to remote instances and fetching the output.
Install
Grab a binary from the releases.
Docker
There is also a docker image here.
Manual install
Have Go installed:
$ which go
/usr/local/bin/go
$ echo $GOPATH
/Users/dalmo/go
$ echo $PATH
# Make sure $GOPATH/bin is in your PATH.
Get the repository:
go get -u github.com/itsdalmo/ssm-sh
If everything was successful, you should have a shiny new binary:
which ssm-sh
# Should point to $GOPATH/bin/ssm-sh
Usage
$ ssm-sh --help
Usage:
ssm-sh [OPTIONS] <command>
Application Options:
-v, --version Print the version and exit.
AWS Options:
-p, --profile= AWS Profile to use. (If you are not using Vaulted).
-r, --region= Region to target. (default: eu-west-1)
Help Options:
-h, --help Show this help message
Available commands:
describe Description a document from ssm.
list List managed instances or documents. (aliases: ls)
run Run a command or document on the targeted instances.
shell Start an interactive shell. (aliases: sh)
List instances usage
$ ssm-sh list instances --help
...
[instances command options]
-f, --filter= Filter the produced list by tag (key=value,..)
-l, --limit= Limit the number of instances printed (default: 50)
-o, --output= Path to a file where the list of instances will be written as JSON.
List documents usage
$ ssm-sh list documents --help
...
[documents command options]
-f, --filter= Filter the produced list by property (Name, Owner, DocumentType, PlatformTypes)
-l, --limit= Limit the number of instances printed (default: 50)
Run cmd/shell usage
$ ssm-sh run cmd --help
...
[cmd command options]
-i, --timeout= Seconds to wait for command result before timing out. (default: 30)
-t, --target= One or more instance ids to target
--target-file= Path to a JSON file containing a list of targets.
SSM options:
-x, --extend-output Extend truncated command outputs by fetching S3 objects containing full ones
-b, --s3-bucket= S3 bucket in which S3 objects containing full command outputs are stored. Required when --extend-output is provided.
-k, --s3-key-prefix= Key prefix of S3 objects containing full command outputs.
Run document usage
$ ssm-sh run document --help
...
[document command options]
-n, --name= Name of document in ssm.
-i, --timeout= Seconds to wait for command result before timing out. (default: 30)
-p, --parameter= Zero or more parameters for the document (name:value)
-t, --target= One or more instance ids to target
--target-file= Path to a JSON file containing a list of targets.
SSM options:
-x, --extend-output Extend truncated command outputs by fetching S3 objects containing full ones
-b, --s3-bucket= S3 bucket in which S3 objects containing full command outputs are stored. Required when --extend-output is provided.
-k, --s3-key-prefix= Key prefix of S3 objects containing full command outputs.
Example
$ vaulted -n lab-admin -- ssm-sh list instances --filter Name="*itsdalmo" -o example.json
Instance ID | Name | State | Image ID | Platform | Version | IP | Status | Last pinged
i-03762678c45546813 | ssm-manager-manual-test-itsdalmo | running | ami-db1688a2 | Amazon Linux | 2.0 | 172.53.17.163 | Online | 2018-02-09 12:37
i-0d04464ff18b5db7d | ssm-manager-manual-test-itsdalmo | running | ami-db1688a2 | Amazon Linux | 2.0 | 172.53.20.172 | Online | 2018-02-09 12:39
$ vaulted -n lab-admin -- ssm-sh shell --target-file example.json
Initialized with targets: [i-03762678c45546813 i-0d04464ff18b5db7d]
Type 'exit' to exit. Use ctrl-c to abort running commands.
$ ps aux | grep agent
i-03762678c45546813 - Success:
root 3261 0.0 1.9 243560 19668 ? Ssl Jan27 4:29 /usr/bin/amazon-ssm-agent
root 9058 0.0 0.0 9152 936 ? S 15:02 0:00 grep agent
i-0d04464ff18b5db7d - Success:
root 3245 0.0 1.9 317292 19876 ? Ssl Feb05 0:27 /usr/bin/amazon-ssm-agent
root 4893 0.0 0.0 9152 924 ? S 15:02 0:00 grep agent
$ echo $HOSTNAME
i-03762678c45546813 - Success:
ip-172-53-17-163.eu-west-1.compute.internal
i-0d04464ff18b5db7d - Success:
ip-172-53-20-172.eu-west-1.compute.internal
Note
If you don't see any instances listed and still want to test ssm-sh
,
you can see the terraform/README.md for a quick
way of setting up some test instances.