# EB SSM
This simple script helps you SSH into an Elastic Beanstalk server using AWS SSM.
eb-ssm is desinged to combine tools from the EB CLI and the AWS CLI to provide a better alternaitve to `eb ssh`.
It's a pip library, installed by `pip install eb-ssm`.
Once it's set up, you can SSH into your Elastic Beanstalk servers with `eb-ssm [ENVIRONMENT_NAME]`.
## Why you should use it
While `eb ssh` exists, it requires each individual user to have the EC2 instance private keys locally. This is unideal
from both an information security and access management standpoint. If you've configured SSM, users will no longer need
SSH keys to SSH into Elastic Beanstalk instances and instead have their access managed via IAM.
The main advantages of eb-ssm are the following:
1. **Server SSH access is managed through IAM.** Normally, you have to manage SSH access to Elastic Beanstalk environments yourself. IAM is where AWS manages user access for everything else, and with eb-ssm, you can manage server SSH access for EB environments there as well.
2. **No shared SSH keys.** Sharing, tracking, and rotating SSH keys is a pain. Using eb-ssm, you there are no SSH keys, so these problems go away.
3. **No mucking around with port 22.** The EB CLI is supposed to open port 22 just for the SSH session but it doesn't close it in the event of non-graceful termination of the SSH session. eb-ssm does one better by never opening port 22 in the first place.
4. **Audit log of SSH sessions.** AWS SSM keeps a log of SSH sessions. This is one more benefit that comes from using it over native SSH.
5. **Ability to access non-public servers.** If you have servers in a privative subnet, you can use eb-ssm to SSH into them without needing a bastion host.
## Prerequisites
### Set up your Elastic Beanstalk Environment to allow SSH via AWS SSM
The following steps need to be done once per environment.
1. Go to Elastic Beanstalk > ENVIRONEMNT_NAME > Configuration > Security and find the "IAM instance profile" (by default, this is "aws-elasticbeanstalk-ec2-role"). This is ROLE_NAME in step 2.
2. Go to IAM > Roles > ROLE_NAME. Under permissions, add "AmazonSSMManagedInstanceCore".
3. Go to Systems Manager > Session Manager > Preferences > Edit. Enable "Run As Support" and set the "Run As Defualt User" to be "ec2-user" (or whatever the default user for your Elastic Beanstalk servers is).
Note that it may take some time (~10 minutes) for the IAM changes to propagate. If you have completed the AWS setup and get a "TargetNotConnected" error, wait 10-15 minutes and try again.
### Configure your local computer
The following steps need to be done once per computer.
1. Install the AWS CLI: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html
2. Install the Session Manager Plugin: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html
## Using EB SSM
Install eb-ssm via `pip install eb-ssm`.
Once it is installed, all you need to do is run `eb-ssm` from your repository and it will automatically hook into your repository's EB configuration (in .elasticbeanstalk/config.yml).
To ssh into a specific environment, use `eb-ssm ENVIRONMENT_NAME`.
You can also optionally pass other parameters, such as an AWS CLI profile or a region to eb-ssm. See `eb-ssm --help` for a full list of options.
## Config
eb-ssm uses the EB CLI configuration files. If you have not used the EB CLI to set up a project, here is the minimal configruation needed by eb-ssm; this configraution lives in `.elasticbeanstalk/config.yml`:
```
global:
application_name: EB_APPLICATION_NAME
default_region: REGION_NAME
profile: PROFILE_NAME
```
Raw data
{
"_id": null,
"home_page": "https://github.com/zagaran/eb-ssm",
"name": "eb-ssm",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": "",
"keywords": "aws eb ssm elastic beanstalk systems manager agent ssh",
"author": "Zagaran, Inc.",
"author_email": "info@zagaran.com",
"download_url": "https://files.pythonhosted.org/packages/7a/3b/d3d922bc5ff225a2b9e6307c474e8f3643ee96178184186b617b728dfa57/eb-ssm-1.2.1.tar.gz",
"platform": null,
"description": "# EB SSM\n\nThis simple script helps you SSH into an Elastic Beanstalk server using AWS SSM.\n\neb-ssm is desinged to combine tools from the EB CLI and the AWS CLI to provide a better alternaitve to `eb ssh`.\n\nIt's a pip library, installed by `pip install eb-ssm`.\n\nOnce it's set up, you can SSH into your Elastic Beanstalk servers with `eb-ssm [ENVIRONMENT_NAME]`.\n\n\n## Why you should use it\n\nWhile `eb ssh` exists, it requires each individual user to have the EC2 instance private keys locally. This is unideal\nfrom both an information security and access management standpoint. If you've configured SSM, users will no longer need\nSSH keys to SSH into Elastic Beanstalk instances and instead have their access managed via IAM.\n\nThe main advantages of eb-ssm are the following:\n\n1. **Server SSH access is managed through IAM.** Normally, you have to manage SSH access to Elastic Beanstalk environments yourself. IAM is where AWS manages user access for everything else, and with eb-ssm, you can manage server SSH access for EB environments there as well.\n\n2. **No shared SSH keys.** Sharing, tracking, and rotating SSH keys is a pain. Using eb-ssm, you there are no SSH keys, so these problems go away.\n\n3. **No mucking around with port 22.** The EB CLI is supposed to open port 22 just for the SSH session but it doesn't close it in the event of non-graceful termination of the SSH session. eb-ssm does one better by never opening port 22 in the first place.\n\n4. **Audit log of SSH sessions.** AWS SSM keeps a log of SSH sessions. This is one more benefit that comes from using it over native SSH.\n\n5. **Ability to access non-public servers.** If you have servers in a privative subnet, you can use eb-ssm to SSH into them without needing a bastion host.\n\n\n## Prerequisites\n\n### Set up your Elastic Beanstalk Environment to allow SSH via AWS SSM\n\nThe following steps need to be done once per environment.\n\n1. Go to Elastic Beanstalk > ENVIRONEMNT_NAME > Configuration > Security and find the \"IAM instance profile\" (by default, this is \"aws-elasticbeanstalk-ec2-role\"). This is ROLE_NAME in step 2.\n\n2. Go to IAM > Roles > ROLE_NAME. Under permissions, add \"AmazonSSMManagedInstanceCore\".\n\n3. Go to Systems Manager > Session Manager > Preferences > Edit. Enable \"Run As Support\" and set the \"Run As Defualt User\" to be \"ec2-user\" (or whatever the default user for your Elastic Beanstalk servers is).\n\nNote that it may take some time (~10 minutes) for the IAM changes to propagate. If you have completed the AWS setup and get a \"TargetNotConnected\" error, wait 10-15 minutes and try again.\n\n### Configure your local computer\n\nThe following steps need to be done once per computer.\n\n1. Install the AWS CLI: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html\n\n2. Install the Session Manager Plugin: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html\n\n## Using EB SSM\n\nInstall eb-ssm via `pip install eb-ssm`.\n\nOnce it is installed, all you need to do is run `eb-ssm` from your repository and it will automatically hook into your repository's EB configuration (in .elasticbeanstalk/config.yml).\n\nTo ssh into a specific environment, use `eb-ssm ENVIRONMENT_NAME`.\n\nYou can also optionally pass other parameters, such as an AWS CLI profile or a region to eb-ssm. See `eb-ssm --help` for a full list of options.\n\n## Config\n\neb-ssm uses the EB CLI configuration files. If you have not used the EB CLI to set up a project, here is the minimal configruation needed by eb-ssm; this configraution lives in `.elasticbeanstalk/config.yml`:\n\n```\nglobal:\n application_name: EB_APPLICATION_NAME\n default_region: REGION_NAME\n profile: PROFILE_NAME\n```\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Simple tool to SSH into an Elastic Beanstalk server using AWS SSM.",
"version": "1.2.1",
"project_urls": {
"Homepage": "https://github.com/zagaran/eb-ssm"
},
"split_keywords": [
"aws",
"eb",
"ssm",
"elastic",
"beanstalk",
"systems",
"manager",
"agent",
"ssh"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "9694ae9526b4f1c5b8365590b7a2a58f5948fb58c4ea0245e95fb81f99ce14f0",
"md5": "f29c968e4676ec5ef809a103c1291708",
"sha256": "0f004844ce3a65081c9196d17fd5070196b2ad2d18b772ce676abfcc58227baf"
},
"downloads": -1,
"filename": "eb_ssm-1.2.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "f29c968e4676ec5ef809a103c1291708",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 5571,
"upload_time": "2023-10-27T14:15:48",
"upload_time_iso_8601": "2023-10-27T14:15:48.855805Z",
"url": "https://files.pythonhosted.org/packages/96/94/ae9526b4f1c5b8365590b7a2a58f5948fb58c4ea0245e95fb81f99ce14f0/eb_ssm-1.2.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "7a3bd3d922bc5ff225a2b9e6307c474e8f3643ee96178184186b617b728dfa57",
"md5": "bf930f007407bfea9ee6ae43604e9a74",
"sha256": "78341a42407336c161301b330178e93e0857ce548e79a05d16dca52068fcf30b"
},
"downloads": -1,
"filename": "eb-ssm-1.2.1.tar.gz",
"has_sig": false,
"md5_digest": "bf930f007407bfea9ee6ae43604e9a74",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 5213,
"upload_time": "2023-10-27T14:15:51",
"upload_time_iso_8601": "2023-10-27T14:15:51.249132Z",
"url": "https://files.pythonhosted.org/packages/7a/3b/d3d922bc5ff225a2b9e6307c474e8f3643ee96178184186b617b728dfa57/eb-ssm-1.2.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-10-27 14:15:51",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "zagaran",
"github_project": "eb-ssm",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"requirements": [],
"lcname": "eb-ssm"
}
JSON
