There is a saying that something is more than sum of it’s parts, meaning it is the specific combination of things that makes it useful or valuable. But it can also be that one those parts is especially useful on it’s own too.

I did post earlier how you can (and should) get rid of bad habbit of using bastion hosts.

The Essense of those can be summarized into one-liner in .ssh/config

Host i-*.* mi-*.*
  ProxyCommand bash -c "aws ssm start-session --target $(echo %h|cut -d'.' -f1) --region $(echo %h|/usr/bin/cut -d'.' -f2) --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"

Now you can, not just ssh to instance without having a network connectivity between your laptop and VPC, but also use scp and other ssh-tools. This has proven itself extermely useful during ad-hoc troubleshooting for clients I don’t work with on daily basis. All I need is access to AWS API with key/secret/token, instance-id and region.

% ssh
Last login: Wed Dec 30 08:23:41 2020 from localhost

       __|  __|_  )
       _|  (     /   Amazon Linux 2 AMI
[username@ip-10-0-0-91 ~]$

I learned this valuable one-liner from Jim Lamb’s blog.