SSM

Tunnel to a resource in a private subnet using instance connect.

#!/bin/bash

green=`tput setaf 2`
reset=`tput sgr0`

echo "${green}Hostname of the resource you want to connect to:${reset}"
read -e hostname
echo "${green}Port of the thing you want to connect to:${reset}"
read -e port
echo "${green}Connecting (quit with ctrl+c)${reset}"

export ID=$(aws ec2 describe-instances --output=text --query "Reservations[*].Instances[*].InstanceId" --filters Name=tag:Name,Values="BastionStack*")
export AZ=$(aws ec2 describe-instances --output text --query 'Reservations[*].Instances[*].[Placement.AvailabilityZone]' --filters Name=tag:Name,Values="BastionStack*")

aws ec2-instance-connect \
    send-ssh-public-key \
    --availability-zone $AZ \
    --instance-id $ID \
    --instance-os-user ssm-user \
    --ssh-public-key file://$HOME/.ssh/id_ed25519.pub &>/dev/null & disown;

ssh ssm-user@$ID -NL $port\:$hostname\:$port

~/.ssh/config

host i-* mi-*
    ProxyCommand sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"