We recently switched all of our EC2 instances to use EC2-connect to gain CLI access to all the servers. This mean no more SSH keys. We now use AWS SSO to authenticate our local machine's shell and then use the aws cli utilities to connect to each server using EC2-connect with an EC2 Instance Connect Endpoint (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-using-eice.html)
We wrote ourselves a little shell function to alias ssh'ing to any server in any region without having to know the instance id. You just need to know something from the server's name and optionally the server's region.
Here is the function you can include in your .bashrc
file:
function nb-ssh-eice(){
local -r query="${1}"
local -r region_in="${2}"
declare -a all_regions
if [ -z $region_in ]; then
all_regions=($(aws ec2 describe-regions --query "Regions[].RegionName" --output json | jq -r '.[]'))
else
all_regions+=("$region_in")
fi
for region in "${all_regions[@]}"; do
echo "looking in ${region} for ${query}..."
instance_id=$(aws ec2 describe-instances --region="${region}" --filter "Name=tag:Name,Values=${query}" \
'Name=instance-state-name,Values=running' \
--query 'Reservations[].Instances[].InstanceId' \
--output text)
done
if [ -z "${instance_id}" ]; then
echo "EC2 instance not found."
elif [ $(echo "${instance_id}" | wc -w) -gt 1 ]; then
echo "Multiple EC2 instances found matching your query. Narrow down your query."
else
echo "---------------------------------------------------------------------------"
echo "--- Logging into: Instance-Id: ${instance_id} -- Region: ${region}"
echo "---------------------------------------------------------------------------"
aws ec2-instance-connect ssh --region="${region}" \
--os-user ubuntu \
--instance-id="${instance_id}" \
--connection-type eice
fi
}
- It takes two arguments: query and region_in.
- It first checks if region_in is empty. If it is, it retrieves all AWS regions using the AWS CLI (aws ec2 describe-regions), otherwise, it adds the provided region to the all_regions array.
- Then, for each region in the all_regions array, it searches for instances matching the provided query using the AWS CLI (aws ec2 describe-instances). It filters the instances by their state (running) and extracts their instance IDs.
- If no instances are found, it outputs "EC2 instance not found."
- If multiple instances are found, it outputs "Multiple EC2 instances found matching your query. Narrow down your query."
- If a single instance is found, it outputs information about the instance (ID and region) and initiates an SSH connection to the instance using the AWS EC2 Instance Connect feature (aws ec2-instance-connect ssh).
Examples:
ssh-eice "*test1" us-east-2
You can even pass a command to run remotely:
echo "ls -la" | ssh-eice "*test1" us-east-2
I hope this helps save you some time as it did for us.
Top comments (0)