There is a saying that something is more than sum of it’s parts, meaning it is the specific combination of things that makes it useful or valuable. But it can also be that one those parts is especially useful on it’s own too.
I did post earlier how you can (and should) get rid of bad habbit of using bastion hosts.
The Essense of those can be summarized into one-liner in
Host i-*.* mi-*.* ProxyCommand bash -c "aws ssm start-session --target $(echo %h|cut -d'.' -f1) --region $(echo %h|/usr/bin/cut -d'.' -f2) --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
Now you can, not just
ssh to instance without having a network connectivity
between your laptop and VPC, but also use
scp and other ssh-tools.
This has proven itself extermely useful during ad-hoc troubleshooting for clients I
don’t work with on daily basis. All I need is access to AWS API with key/secret/token,
instance-id and region.
% ssh email@example.com Last login: Wed Dec 30 08:23:41 2020 from localhost __| __|_ ) _| ( / Amazon Linux 2 AMI ___|\___|___| https://aws.amazon.com/amazon-linux-2/ [username@ip-10-0-0-91 ~]$
I learned this valuable one-liner from Jim Lamb’s blog.