Skip to content

Instantly share code, notes, and snippets.

@anthonybouton

anthonybouton/bash.sh

Last active August 12, 2024 14:05
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save anthonybouton/b16788712230aedabaf75aa9258b9248 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save anthonybouton/b16788712230aedabaf75aa9258b9248 to your computer and use it in GitHub Desktop.
Download ZIP
Auto refreshing SSM Forward host script (x86)
Raw
bash.sh
#!/bin/bash
set -e
# Detect the system architecture
arch=$(uname -m)
# Set ARCH variable based on the detected architecture
if [ "$arch" == "x86_64" ]; then
ARCH="linux_64bit"
elif [ "$arch" == "aarch64" ]; then
ARCH="linux_arm64"
else
echo "Unsupported architecture: $arch"
exit 1
fi
echo "Installing Session manager plugin";
yum install -y -q socat || echo "Socat Already Installed?";
yum install -y -q psmisc || echo "psmisc Already Installed?";
yum install -y -q https://s3.amazonaws.com/session-manager-downloads/plugin/latest/$ARCH/session-manager-plugin.rpm || echo "Session Plugins Already Installed?";
start_ssm_session() {
echo "Retrieving Instance ID On $BASTION_INSTANCE_ID_SSM_PARAMETER_NAME";
INSTANCE_ID=$(aws ssm get-parameter \
--name ${BASTION_INSTANCE_ID_SSM_PARAMETER_NAME} \
--output text \
--profile $AWS_PROFILE \
--query 'Parameter.Value' \
--region $AWS_REGION);
echo "Retrieving RDS Host On $RDS_ENDPOINT_ID_SSM_PARAMETER_NAME";
RDS_HOST=$(aws ssm get-parameter \
--name ${RDS_ENDPOINT_ID_SSM_PARAMETER_NAME} \
--output text \
--profile $AWS_PROFILE \
--query 'Parameter.Value' \
--region $AWS_REGION);
echo "Starting Tunnel";
socat tcp-listen:$PROXY_PORT,reuseaddr,fork tcp:localhost:$LOCAL_PORT & SOCAT_PID=$!;
echo "Starting Session To $RDS_HOST On Port $REMOTE_PORT Forwarded Locally on $LOCAL_PORT";
aws ssm start-session \
--target $INSTANCE_ID \
--profile $AWS_PROFILE \
--document-name AWS-StartPortForwardingSessionToRemoteHost \
--parameters host="$RDS_HOST",portNumber="$REMOTE_PORT",localPortNumber="$LOCAL_PORT" \
--region $AWS_REGION &
SSM_PID=$!
}
check_session_status() {
if [ -d "/proc/$SSM_PID" ]; then
return 0
else
return 1
fi
}
check_socat_status() {
if [ -d "/proc/$SOCAT_PID" ]; then
return 0
else
return 1
fi
}
while true; do
# Start SSM session with explicit credentials
start_ssm_session
# Check session status every minute
while check_session_status; do
if ! check_socat_status; then
echo "Socat seems disconnected";
break;
else
sleep 15
fi
done
echo "Session closed. Restarting..."
killall socat || echo "Socat process has been killed";
kill -9 $SSM_PID || echo "SSM process has been killed";
sleep 3
done
@anthonybouton
Copy link
Author

anthonybouton commented Aug 12, 2024
edited
Loading

Example usage in docker

  tunnel_folo_dev:
    image: amazon/aws-cli
    stdin_open: true
    tty: true
    entrypoint: /bin/bash
    restart: always
    volumes:
      - ~/.aws:/root/.aws
    ports:
      - 13000:13000
    environment:
      - AWS_PROFILE=twinonline-dev
      - AWS_REGION=eu-west-1
      - REMOTE_PORT=5432
      - LOCAL_PORT=5432
      - PROXY_PORT=13000
      - BASTION_INSTANCE_ID_SSM_PARAMETER_NAME=/bastion/instance_id
      - RDS_ENDPOINT_ID_SSM_PARAMETER_NAME=/twol/rds/id/0/endpoint
    command:
      - "-c"
      - "curl -s -o bash.sh https://gist.githubusercontent.com/anthonybouton/b16788712230aedabaf75aa9258b9248/raw/1d42644c22c5eb4c8333682a6c8d7f65092a9254/bash.sh && printenv && . bash.sh"```

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment