Github: github.com/rhysmcneill/ssmctl
I use AWS Session Manager a lot. No bastion hosts, no open ports, full CloudTrail audit trail — it's the right way to access EC2 instances. But every time I sat down to use it I found myself Googling the same commands, copy-pasting instance IDs from the console, and generally fighting the tooling more than getting work done.
The native experience looks like this:
aws ssm start-session --target i-0123456789abcdef0
And running a remote command means constructing a JSON document, calling send-command, then polling get-command-invocation for the output. There's no built-in file transfer at all.
I got fed up and built ssmctl. It is a thin CLI wrapper that gives SSM the same interface as ssh and scp, the commands I already know by heart.
What it does
# open an interactive shell
ssmctl connect web-1
# run a command
ssmctl run web-1 -- uname -a
# upload a file
ssmctl cp ./config.json web-1:/tmp/config.json
# download a file
ssmctl cp web-1:/var/log/app.log ./app.log
Targets can be an instance ID or an EC2 Name tag — so web-1 just works without having to look up the ID first.
It uses whatever AWS credentials you already have configured (env vars, ~/.aws/credentials etc). Nothing new to set up.
Why I built it in Go
It made sense for a single binary CLI tool — easy to cross-compile, easy to distribute via Homebrew or a direct download, no runtime dependency to manage on the user's machine.
Install
Homebrew
brew tap rhysmcneill/ssmctl
brew install ssmctl
or grab a binary from the releases page
Binaries for Linux, macOS (Intel + Apple Silicon), and Windows are on the releases page.
What is next for ssmctl?
It covers my day-to-day SSM workflow. Shell completions and JSON output for run/cp are on the roadmap, amongst a lot of other open issues (feel free to jump in if you are comfortable, we have a very open community contributing). If you use SSM regularly and have things you'd want it to do, open an issue — I'm genuinely interested in what would be useful.
Top comments (0)