ssm-session-client
ssm-session-client copied to clipboard
mmmorris1975
Issue connecting with KMS encryption
I recieved this error while trying to ssm-shell sessions encrypted with KMS
----------ERROR------- Encountered error while initiating handshake. Handshake timed out. Please ensure that you have the latest version of the session manager plugin
The actual session manager plugin i believe provides support for this. im actively playing with a forked repo to get it working and i will provide a merge request. Any help on this would be greatly appreciated. Thank you!
similar issue: https://github.com/surajincloud/kubectl-eks/issues/4#issuecomment-1435067191
Is the the ssh-shell command from the examples? My low-level code does not support KMS sessions, so this would not be a surprise to me. AWS has finally opened up the source code for their client-side SSM session plugin and I've been able to integrate it in this repo as of version v0.300.0. This AWS code integration should have all of the feature support of their client-side, standalone, ssm session plugin.
The example code does not make use of the integration with the AWS code, however, in the main.tf of the example, it shows how the code can be modified to use it.
tl;dr change ssmclient.ShellSession(cfg, tgt) to ssmclient.ShellPluginSession(cfg, tgt) in main.tf for the ssm-shell example and recompile. That should have working KMS session support (since it's using AWS's own code for the session)
Thanks @surajnarwade! If you're willing to do so, would you mind making the change referenced above locally to see if a KMS session can be started?
@mmmorris1975 I'm happy to let you know that, with the above changes you mentioned. I tried it out, and it is working as intended: https://github.com/surajincloud/kubectl-eks/pull/7.
I will raise a PR here to update the documentation. thank you so much for the amazing project 🙏