pmazurek / aws-fuzzy-finder Goto Github PK

:zap: SSH into instances using fuzzy search.

License: MIT License

Python 100.00%

aws-fuzzy-finder's Introduction

AWS Fuzzy Finder

aws-fuzzy-finder aims at one thing: making the process of finding the IPs and SSH'ing into your EC2 instances super fast and easy. It will connect with AWS, automatically grab all the instances you have access to, and present them to you in a fuzzy searchable way!

It is built on top of fzf binaries and boto3.

Installation

To install use the following command:

pip install aws-fuzzy-finder

Manual install steps:

Clone the repo
In the repo directory run python setup.py install

This package uses boto to authenticate, so if you have your aws-cli or ansible configured and working, you can skip the following step, it will work out of the box.

if not, create ~/.aws/credentials file and make it look like this:

[default]
aws_access_key_id = your_key
aws_secret_access_key = your_secret
region = your_region_code

More information on alternative ways of configuring your AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_DEFAULT_REGION variables can be found here: http://boto3.readthedocs.io/en/latest/guide/configuration.html

Settings

You will need to set the user you want to SSH with and the path to your ssh key. --ssh-user will default to ec2-user and --key-path will default to ~/.ssh/id_rsa so if you use defaults, you can skip this step.

If you want to use private IP's instead of public ones, use --private flag.

Either use the command line params, or you can append this to your ~/.bashrc to make the settings permamant:

export AWS_FUZZ_USER="your.user"
export AWS_FUZZ_KEY_PATH="~/.ssh/your_private_key"
export AWS_FUZZ_PRIVATE_IP='true' # Delete this one if you want to use public IP's

Remeber that every change to ~/.bashrc requires you to re-load it: source ~/.bashrc or restart terminal.

AWS_FUZZ_SSH_COMMAND_TEMPLATE - set this env var if you want to customize the ssh command , defaults to ssh {key} {user}{host}

Multiple Regions

Getting instances from multiple regions instead of just one. If you have a large amount of instances adding more regions will significantly slow down the initial collection of data before it is presented to you on the screen.

This is optional, aws-fuzzy will use the AWS_DEFAULT_REGION by default and using the multiple regions option will ignore this.

In your ~/.bashrc append a list of AWS Regions separated by a comma and nothing else. The lists minimum size is one and has no maximum.

AWS_FUZZ_REGIONS="us-west-2,us-east-1,eu-central-1,ap-southeast-2,ap-northeast-1"

List of AWS Regions can be found here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-available-regions

Usage

To run, use the following command:

aws-fuzzy

To run using a different AWS profile, run the command as follows:

AWS_DEFAULT_PROFILE=profile_name aws-fuzzy

Enjoy!

Key bindings

It is very convenient to bind various aws-fuzzy profiles/settings to keys. This gives you even faster access to your instances. To achieve this, add this to your ~/.bashrc:

# This will bind the aws-fuzzy command to ctrl+f
bind  '"\C-f": "aws-fuzzy\e\C-e\er\C-m"'

# You can bind different settings to different keys
bind  '"\C-a": "AWS_DEFAULT_PROFILE=production aws-fuzzy --private\e\C-e\er\C-m"'

Advanced usage

Sometimes you need to use only the IP of the instance. You can use this command to interactively pick IP's to use with other commands. To do so, add --ip-only as a parameter. Example usage:

$ echo "foo $(aws-fuzzy --ip-only) bar"
> foo 10.123.42.12 bar

Example to make ansible interactive:

$ ansible --become --ask-become-pass -v -i "$(aws-fuzzy --ip-only)," all -m shell -a "setenforce 0"

This will bring an interactive prompt, and the IP of the instance of your choice will be used. You can combine it with basically any command you want, sky is the limit now ;)

Cache

If you are managing lots of instances and downloading the data takes too long, you can use the built in cache. To enable it set the following variables in your .bashrc:

export AWS_FUZZ_USE_CACHE=yes
export AWS_FUZZ_CACHE_EXPIRY=3600  # expiry time in seconds

If you set AWS_FUZZ_CACHE_EXPIRY=0 to zero, it will never expire your cache. To invalidate cache and refresh data, run with --no-cache param. Cache will be stored as a file in ~/.aws_fuzzy_finder_cache/ directory per AWS profile.

Tunneling

If you have to access your instances through a gateway instance, use the --tunneling param. This will make the fuzzy find to run twice: first time you will pick the gateway to tunnel through, and the second time you choose is the instance you would like to SSH into.

Gateway must be allowed to access the instance with its own ssh key. You may set the user and key path spearately using --tunnel-user and --tunnel-key-path params. The key will be looked up ON the gateway instace.

Dependency conflicts/ Virtualenvs

It's 2018, Summer and you are using pip to install aws-fuzzy-finder along with awscli on the same machine, but it fails, you see errors about botocore, you become sad. You want to be able to use both tools in a convenient and easy way. You accept that some initial configuration is OK, and a happy life afterwards is great, you are no longer sad.

Firstly we will need, python setup tools and virtualenv as provided by your distribution. (I assume you are using a Linux).

We will modify our pip config, so that packages installed with pip are always installed locally to / for the user, because you probably will not be running aws-fuzzy-finder as a system service.

Create a file in your home >> .config >> pip directory:

~/.config/pip/pip.conf

add this to the file

[install]
user = yes
no-binary = :all:

Then we will create a directory where we will store all the virtual environments for all tools that we might want to install like this.

mkdir -p ~/.virtualenvs

Now let's install awscli:

cd ~/.virtualenvs
virtualenv --system-site-packages -p python3 awscli
. awscli/bin/activate
pip install awscli
deactivate

Now let's install aws-fuzzy-finder:

cd ~/.virtualenvs
virtualenv --system-site-packages -p python3 aws-fuzzy-finder
. aws-fuzzy-finder/bin/activate
pip install aws-fuzzy-finder
deactivate

Now, in your ~/.local/bin/ directory, you should see aws "binary" and a aws-fuzzy "binary". If you head -n1 ~/.local/bin/aws you should see something like:

#!/home/your-user-name/.virtualenvs/awscli/bin/python

This is essentially telling the "binary" to use the virtual environment we specifically created just for this tool.

No more conflicts!!!

aws-fuzzy-finder's People

Contributors

Stargazers

Watchers

aws-fuzzy-finder's Issues

support aws graviton CPU

for aws graviton cpu it returns error:
Architecture (aarch64) is currently not supported

When using `--tunnel` should the first list be limited to public IPs?

Add new param to just return the IP

Feature request to add a parameter that would simply return the IP of the chosen instance to stdout.

This would allow for a whole new world of clever usage, and building custom commands, eg:
my_clever_command --ip=$(aws-fuzzy --ip-only) --other-params

Prefer using environment variables over hard-coded credentials?

Would you accept a pull request to change the README to suggest the use of credentials set by environment variable over hard-coded credentials? Doing so reduces the attack surface somewhat.

--ip-only is broken since the ssh-tunnel support went in..

$ /usr/local/bin/aws-fuzzy --ip-only
ssh -i ~/.ssh/id_rsa [email protected]
Warning: Identity file /home/ec2-user/.ssh/id_rsa not accessible: No such file or directory.
^C
Aborted!
$

Remove default value for ssh key

The default value don't allow the possibility to use an the ssh-agent or ssh the configuration (~/.ssh/config) to choose a key, also, the SSH client looks for the default private key (p.e. ~/.ssh/id_rsa) so really is not needed.

Remove default value for username

Having a default value for the username don't allows to use the ssh_config file (~/.ssh/config) to specify the username used to connect to the instances.

Multi-Region support

Would be nice to add multi-region and multi-account support, but then it would require extra settings, for example how to merge data together, not to mention it would extend time before quering for data from AWS API.

Not to mention this would really require additional caching layer.

On OSX doesn't work

Tested on:
OSX El Captain (10.11.4)
2.2 GHz Intel Core i7
Python 2.7.11
pip 8.0.2 from /usr/local/lib/python2.7/site-packages (python 2.7)
Darwin Kernel Version 15.4.0: Fri Feb 26 22:08:05 PST 2016; root:xnu-3248.40.184~3/RELEASE_X86_64 x86_64

$ aws-fuzzy
/bin/bash: line 12: /usr/local/lib/python2.7/site-packages/aws_fuzzy_finder/fzf-0.12.1-linux_386: cannot execute binary file

aws-fuzzy-finder broken in MacOS Monterey

MacOS Monterey completely breaks aws-fuzzy-finder:
`Exception occurred while getting cache, getting instances from AWS api: db type is dbm.gnu, but the module is not available
fatal error: runtime: bsdthread_register error

runtime stack:
runtime.throw(0x1163384, 0x21)
/usr/local/Cellar/go/1.9/libexec/src/runtime/panic.go:605 +0x95 fp=0x7ff7bfeff7b0 sp=0x7ff7bfeff790 pc=0x1028105
runtime.goenvs()
/usr/local/Cellar/go/1.9/libexec/src/runtime/os_darwin.go:108 +0x83 fp=0x7ff7bfeff7e0 sp=0x7ff7bfeff7b0 pc=0x10259a3
runtime.schedinit()
/usr/local/Cellar/go/1.9/libexec/src/runtime/proc.go:482 +0xa1 fp=0x7ff7bfeff820 sp=0x7ff7bfeff7e0 pc=0x102aab1
runtime.rt0_go(0x7ff7bfeff850, 0x1, 0x7ff7bfeff850, 0x1000000, 0x1, 0x7ff7bfeffa38, 0x0, 0x7ff7bfeffaa2, 0x7ff7bfeffab9, 0x7ff7bfeffacd, ...)
/usr/local/Cellar/go/1.9/libexec/src/runtime/asm_amd64.s:175 +0x1eb fp=0x7ff7bfeff828 sp=0x7ff7bfeff820 pc=0x105285b`

An investigation online reveals that this issue is related to the app being built in an earlier version of Go, which is no longer compatible with MacOS Monterery, the recommendation from Go is to rebuild the app with a newer version of Go. https://github.com/golang/go/wiki/MacOS12BSDThreadRegisterIssue

Error detecting Linux platform

I run Ubuntu 16.04, but aws-fuzzy fails with:

Currently only MAC OS and Linux are supported, exiting.

The problem is here:

 if sys.platform == 'linux2':
        lib = 'fzf-0.12.1-linux_386'
    elif sys.platform == 'darwin':
        lib = 'fzf-0.12.1-darwin_386'
    else:
        print('Currently only MAC OS and Linux are supported, exiting.')
        exit(1)

In my case (and I assume many others as well) the output of sys.platform is this:

Python 3.5.1+ (default, Mar 30 2016, 22:46:26) 
[GCC 5.3.1 20160330] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import sys
>>> sys.platform
'linux'

Fix seems trivial.
Thanks for your work!

Fails to run on CentOS7

Hi,

This looks like a great tool, but I've not been able to get it to work on CentOS7 .. this is the failure message:

/bin/bash: /usr/lib/python2.7/site-packages/aws_fuzzy_finder/libs/fzf-0.12.1-linux_386: /lib/ld-linux.so.2: bad ELF interpreter: No such file or directory

The installation output:

[user@host ~]$ sudo pip install aws-fuzzy-finder
You are using pip version 7.1.0, however version 8.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Collecting aws-fuzzy-finder
  Downloading aws-fuzzy-finder-0.3.3.tar.gz (2.5MB)
    100% |████████████████████████████████| 2.5MB 180kB/s
Collecting boto3==1.3.1 (from aws-fuzzy-finder)
  Downloading boto3-1.3.1-py2.py3-none-any.whl (113kB)
    100% |████████████████████████████████| 114kB 3.8MB/s
Collecting click==6.6 (from aws-fuzzy-finder)
  Downloading click-6.6.tar.gz (283kB)
    100% |████████████████████████████████| 286kB 1.6MB/s
Requirement already satisfied (use --upgrade to upgrade): futures<4.0.0,>=2.2.0 in /usr/lib/python2.7/site-packages (from boto3==1.3.1->aws-fuzzy-finder)
Requirement already satisfied (use --upgrade to upgrade): jmespath<1.0.0,>=0.7.1 in /usr/lib/python2.7/site-packages (from boto3==1.3.1->aws-fuzzy-finder)
Requirement already satisfied (use --upgrade to upgrade): botocore<1.5.0,>=1.4.1 in /usr/lib/python2.7/site-packages (from boto3==1.3.1->aws-fuzzy-finder)
Requirement already satisfied (use --upgrade to upgrade): python-dateutil<3.0.0,>=2.1 in /usr/lib/python2.7/site-packages (from botocore<1.5.0,>=1.4.1->boto3==1.3.1->aws-fuzzy-finder)
Requirement already satisfied (use --upgrade to upgrade): docutils>=0.10 in /usr/lib/python2.7/site-packages (from botocore<1.5.0,>=1.4.1->boto3==1.3.1->aws-fuzzy-finder)
Requirement already satisfied (use --upgrade to upgrade): six>=1.5 in /usr/lib/python2.7/site-packages (from python-dateutil<3.0.0,>=2.1->botocore<1.5.0,>=1.4.1->boto3==1.3.1->aws-fuzzy-finder)
Installing collected packages: boto3, click, aws-fuzzy-finder
  Running setup.py install for click
  Running setup.py install for aws-fuzzy-finder
Successfully installed aws-fuzzy-finder-0.3.3 boto3-1.3.1 click-6.6

Hopefully this is something you can help with?

Typo in aws_fuzzy_finder/settings.py

Line 13 contains
AWS_FUZZ_SSH_COMMAND_TEMLPATE
instead of
AWS_FUZZ_SSH_COMMAND_TEMPLATE
(The P and the L are transposed.)

Add cache

Cache the instance data somewhere on disk.

As cleverly pointed out by smart people, when you are working for a big company, and a lot of requests are being made, you might hit AWS API limits. You don't want that.

Also cache would improve performance. 👍

Need to add the ability to export just the instance id

Similar to the --ip-only functionality, we should add the ability to just export the instance_id when using the --ssm flag.

Feature Request

Support for ECS would be amazing. Perhaps as a runtime flag:

aws-fuzzy-finder --ecs

Then instead of searching by EC2 Name, we instead search by ECS Service Name. It then logs you into a shell of the continer (docker exec -it HASH sh).

There does not currently exist a good util for gaining shell on ECS services.

Cache feature is not working

After setting up required variables in ~/.bashrc on MacOS Sierra

$ echo  $AWS_FUZZ_USE_CACHE
yes
$ echo $AWS_FUZZ_CACHE_EXPIRY
3600

it doesn't populate ~/.aws_fuzzy_finder.cache file. instead there is another file ~/.aws_fuzzy_finder.cache.db. Not sure if this was intended.

This might be one of the reason.
jlee-made@062cc39

platform.processor() returns ''

maybe use platform.archictecture() and platform.platform() ?

Support psql to RDS instance

Would be great if it let you psql (or msql) to RDS instances in a similar way to what you already do for ssh to EC2 instances.

I currently do this with a script that ssh's to a hard-coded host (whose IP it fetches from AWS) and runs psql there. There are two AWS names involved in that (EC2 host to ssh to, and RDS host) -- don't know best way to handle that, perhaps finding a suitable EC2 host can be automated...