aws-gate icon indicating copy to clipboard operation
aws-gate copied to clipboard

Published 20 hours ago verified publisher icon xen0l

Support `CNAME` dns records

Open nitrocode opened this issue 4 years ago • 2 comments

I have a a CNAME that points to ip-snip.snip.compute.internal

$ dig bastion.snip.com

;; QUESTION SECTION:
;bastion.snip.com. IN	A

;; ANSWER SECTION:
bastion.snip.com. 77 IN	CNAME	ip-snip.snip.compute.internal.

I can ssm directly to ip-snip.snip.compute.internal

aws-gate session ip-snip.snip.compute.internal

but I cannot do this

aws-gate session bastion.snip.com

nitrocode avatar Jul 19 '21 18:07 nitrocode

Hey @nitrocode, unfortunately, this is not easy. aws-gate requires that the resulting name identifier translates to instance iD or something that we can use to search EC2 API for instance.

If we added support for DNS query, we wouldn't be able to always guarantee that the CNAME record points to an AWS-managed record. With that in mind, I don't see how to implement this without breaking the current semantic. Thoughts?

xen0l avatar Jan 03 '22 16:01 xen0l

if it's in a form that doesn't match the ip.*compute.internal (and similar regexes) then we could assume a dns entry is passed in, no? or perhaps there could be an additional option for --dns which could then run a dig on the dns record and search for the ec2 instance id. This way it's backwards compatible if the switch is unspecified.

nitrocode avatar Feb 24 '22 01:02 nitrocode