At re:invent 2017, many features were introduced such as SSM PrivateLink, PCI compliance. I decided to investigate on SSM and SendCommand to understand its capabilities in a real world. SSHLess is a python implementation of SSM SendCommand to simulate the usage of a normal CLI
this script is designed to run across multiple accounts and across multiple regions you can switch between regions/accounts using some OS vars
To execute an assume role action
$ export AWS_SSM_ROLE=arn:aws:iam::111111111:role/admin
sshless use a local file to save the Target filters in order to simplify and avoid to have long command line history
Example:
$ sshless cmd --name web-1 "uname -a"
..... output omitted ....
$ cat ~/.sshless/filters # local file with your filter
{
"Targets": [{
"Key": "tag:Name",
"Values": ["web-1"]
}]
}
$ sshless cmd "uname -a" # valid command to the same target
..... output omitted ....
Instance ID Filter:
$ export SSHLESS_ID_FILTER=i-0da73e7c56e628889,i-0b83e0b9f8f900500 $ sshless cmd "uname -a" $ sshless cmd -i i-0da73e7c56e628889,i-0b83e0b9f8f900500 "uname -a"
Tag Name Filter:
$ export SSHLESS_NAME_FILTER=web-1 $ sshless cmd "uname -a" $ sshless cmd --name web-1 "uname -a"
Advanced Tag filter:
$ export SSHLESS_FILTER=tag:Role=web $ sshless cmd "uname -a" $ sshless cmd --filters tag:Role=web "uname -a"
SSM Parameter store integration:
$ sshless cmd --name web-1 "echo {{ssm:example.parameter}}"
List of all SSM instances Online:
$ sshless list
Execute command and save output to S3:
$ sshless cmd --name web-1 "uname -a" --s3-output=[your-s3-bucket-ssm-output] $ sshless cmd --name web-1 "uname -a" --s3-output=[your-s3-bucket-ssm-output] --preserve-s3-output
Full Demo Lab is available HERE
Cloudreach shall, where possible, use reasonable efforts to maintain this repository. Typically the repository is maintained by the developer in his/her free or personal development time.
sshless is licensed under the Apache2.