Tech ramblings by Marcin

Get to your AWS host with ease

2024-06-27 00:00

If you deploy to cloud, ideally you should be able to analyze and debug your system using observability tools. There should be no need to log in to your hosts directly. But life is life, and there might be issues with this or that, and to debug them, direct access to a host is just much easier.

Instead of doing a long sequence of clicks through your WebUI in AWS console, you can also access your host with a script.

This one is mine, works pretty well :)


if [[ -z ${AWS_PROFILE} ]]; then
    echo "ERROR: Please set AWS_PROFILE variable"
    exit 1

echo "Working with $AWS_PROFILE"

en=`aws configure export-credentials --profile $AWS_PROFILE --format env`

eval $en

cluster=`aws ecs list-clusters`

if [[ ! $? -eq 0 ]]; then
    exit 1

cluster=`echo "$cluster" | jq -r ".clusterArns[]" | fzf | sed "s/.*cluster\///"`
service=`aws ecs list-services --cluster $cluster | jq -r ".serviceArns[]" | fzf`
task_id=`aws ecs list-tasks --cluster $cluster --service-name $service | jq -r ".taskArns[]" | fzf`;
task_id=`sed "s/.*$cluster\///" <<< $task_id`;

echo "Processing for $cluster / $service"
echo "[+] got task_id: $task_id";

container_id=`aws ecs describe-tasks --cluster $cluster --task $task_id  | jq -r ".tasks[].containerInstanceArn"`
echo "[+] got container_id: $container_id";

instance_id=`aws ecs describe-container-instances --cluster $cluster --container-instance $container_id | jq -r ".containerInstances[].ec2InstanceId"`
echo "[+] got instance_id: $instance_id";

ip=`aws ec2 describe-instances --instance-ids $instance_id | jq -r ".Reservations[].Instances[].PrivateIpAddress"`
echo "[*] got ip: $ip"
echo "[*] logging you in...";

key=$(a-script-to-generate-ssh-key for $IP)
set -x 
export IP=$ip; ssh -i $key -o IdentitiesOnly=yes \
  $@ \

In this script, there’s an additional piece used a-script-to-generate-ssh-key - which interfaces with AWS infrastructure and uploads a temporary ssh key there.