0

In AWS, to gain access to our RDS instance we setup a dedicated EC2 bastion host that we securely access by invoking the SSM Agent in the EC2 dashboard.

This is done by writing a shell script after connecting to the bastion host, now the script usually disappears after a certain time(?). So, is there any way to create this file using CDK when I create the bastion host?

I tried using CFN.init but to no avail.

this.bastionHost = new BastionHostLinux(this, "BastionHost", {
      vpc: inspireStack.vpc,
      subnetSelection: { subnetType: SubnetType.PRIVATE_WITH_NAT },
      instanceType: InstanceType.of(InstanceClass.T2, InstanceSize.MICRO),
      init: CloudFormationInit.fromConfigSets({
        configSets: {
          default: ["install"],
        },
        configs: {
          install: new InitConfig([
            InitCommand.shellCommand("cd ~"),
            InitFile.fromString("jomar.sh", "testing 123"),
            InitCommand.shellCommand("chmod +x jomar.sh"),
          ]),
        },
      })
Jordin Vell
  • 141
  • 1
  • 2
  • 11
  • You invoke the SSM agent on the bastion host itself? How do you connect to the bastion host? – gshpychka Sep 15 '22 at 11:19
  • Why you don't ask "why my script disappears after the deploy"? Anyway, if you have a bastion host, may you would use port forwarding instead working around with some strange scripts? https://aws.amazon.com/blogs/database/securely-connect-to-an-amazon-rds-or-amazon-ec2-database-instance-remotely-with-your-preferred-gui/ – ZabielskiGabriel Sep 16 '22 at 19:08
  • @ZabielskiGabriel to be honest, we dont know when the file disappears. – Jordin Vell Sep 19 '22 at 04:32

2 Answers2

1

You can write files to an EC2 instance with cloud-init. Either from an existing file or directly from the TS (a json for instance)

const ec2Instance = new ec2.Instance(this, 'Instance', {
      vpc,
      instanceType: ec2.InstanceType.of(
        ec2.InstanceClass.T4G,
        ec2.InstanceSize.MICRO,
      ),
      machineImage: new ec2.AmazonLinuxImage({
        generation: ec2.AmazonLinuxGeneration.AMAZON_LINUX_2,
        cpuType: ec2.AmazonLinuxCpuType.ARM_64,
      }),
      init: ec2.CloudFormationInit.fromConfigSets({
        configSets: {
          default: ['install', 'config'],
        },
        configs: {
          install: new ec2.InitConfig([
            ec2.InitFile.fromObject('/etc/config.json', {
              IP: ec2Eip.ref,
            }),
            ec2.InitFile.fromFileInline(
              '/etc/install.sh',
              './src/asteriskConfig/install.sh',
            ),
            ec2.InitCommand.shellCommand('chmod +x /etc/install.sh'),
            ec2.InitCommand.shellCommand('cd /tmp'),
            ec2.InitCommand.shellCommand('/etc/install.sh'),
          ]),
          config: new ec2.InitConfig([
            ec2.InitFile.fromFileInline(
              '/etc/asterisk/pjsip.conf',
              './src/asteriskConfig/pjsip.conf',
            ),

https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_ec2.CloudFormationInit.html

  • See my updated answer, we dont invoke Ec2 Instance, but the bastionhost only. I tried adding it to its init but didnt create a file, or did i make any mistake? – Jordin Vell Sep 19 '22 at 04:33
1

I see there are three simple workarounds:

  • SSM start session contains 'profile' section, where you can add your script as a bash function.
  • You can create an SSM document that will create this file, so before starting the session you will only need to run this document to create a file...
  • Save this script on S3 and just download them

Regarding disappearing file - it's strange... This CDK construct is similar to Instance, try to use it instead, and create your script with user-data.

ZabielskiGabriel
  • 551
  • 3
  • 12