Skip to content

Latest commit

 

History

History
426 lines (348 loc) · 14.1 KB

README.md

File metadata and controls

426 lines (348 loc) · 14.1 KB

gotoaws Logo

gotoaws

gotoaws is an interactive CLI tool that you can use to connect to your AWS resources (EC2, ECS container) using the AWS Systems Manager Session Manager. It provides secure and auditable resource management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys.

summry

Prerequisites

  • session-manager-plugin must be installed on your client
  • SSM Agent version 2.3.672.0 or later must be installed on the instances you want to connect to through sessions
  • An instance profile with proper IAM permissions (e.g AmazonSSMManagedInstanceCore)
  • A connection to the AWS System Manager Servive via NAT or better via VPC Endpoint to further reduce the attack surface
  • Prerequisites for using ECS Exec

Installing

You can install the pre-compiled binary in several different ways

homebrew tap:

brew tap hupe1980/gotoaws
brew install gotoaws

snapcraft:

Get it from the Snap Store

sudo snap install --classic gotoaws

scoop:

scoop bucket add gotoaws https://github.com/hupe1980/gotoaws-bucket.git
scoop install gotoaws

deb/rpm/apk:

Download the .deb, .rpm or .apk from the releases page and install them with the appropriate tools.

manually:

Download the pre-compiled binaries from the releases page and copy to the desired location.

How to use

Usage:
  gotoaws [command]

Available Commands:
  completion  Prints shell autocompletion scripts for gotoaws
  config      Manage your local gotoaws CLI config file
  ec2         Connect to ec2
  ecs         Connect to ecs
  eks         Connect to eks
  help        Help about any command

Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
  -h, --help               help for gotoaws
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)
  -v, --version            version for gotoaws

Use "gotoaws [command] --help" for more information about a command.

EC2

You can connect to your instances by name, ID, DNS, IP or select an instance from a list.

Usage:
  gotoaws ec2 [command]

Available Commands:
  fwd         Port forwarding
  run         Run commands
  scp         SCP over Session Manager
  session     Start a session
  ssh         SSH over Session Manager

Flags:
  -h, --help   help for ec2

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

Use "gotoaws ec2 [command] --help" for more information about a command.

Start a session

Usage:
  gotoaws ec2 session [flags]

Examples:
gotoaws ec2 session -t myserver

Flags:
  -h, --help            help for session
  -t, --target string   name|ID|IP|DNS of the instance

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

Port forwarding

Usage:
  gotoaws ec2 fwd [flags]

Examples:
gotoaws fwd run -t myserver -l 8080 -r 8080
gotoaws fwd run -t myserver -l 5432 -r 5432 -H xxx.rds.amazonaws.com

Flags:
  -h, --help            help for fwd
  -H, --host string     remote host to forward to
  -l, --local string    local port to use (required)
  -r, --remote string   remote port to forward to (required)
  -t, --target string   name|ID|IP|DNS of the instance

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

Run commands

Usage:
  gotoaws ec2 run [flags] -- COMMAND [args...]

Examples:
gotoaws ec2 run -- date
gotoaws ec2 run -t myserver -- date

Flags:
  -h, --help            help for run
  -t, --target string   name|ID|IP|DNS of the instance

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

SSH over Session Manager

Usage:
  gotoaws ec2 ssh [command] [flags]

Examples:
gotoaws ssh -t myserver -i key.pem

Flags:
  -h, --help              help for ssh
  -i, --identity string   file from which the identity (private key) for public key authentication is read (required)
  -L, --lforward string   local port forwarding
  -p, --port string       SSH port to us (default "22")
  -t, --target string     name|ID|IP|DNS of the instance
  -l, --user string       SSH user to us (default "ec2-user")

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

SCP over Session Manager

Usage:
  gotoaws ec2 scp [source(s)] [target] [flags]

Examples:
gotoaws ec2 scp file.txt /opt/ -t myserver -i key.pem

Flags:
  -h, --help              help for scp
  -i, --identity string   file from which the identity (private key) for public key authentication is read (required)
  -p, --port string       SSH port to us (default "22")
  -R, --recv              receive files from target
  -t, --target string     name|ID|IP|DNS of the instance
  -l, --user string       SCP user to us (default "ec2-user")

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

ECS

You can directly interact with containers without needing to first interact with the host container operating system, open inbound ports, or manage SSH keys.

Usage:
  gotoaws ecs [command]

Available Commands:
  exec        Execute a command in a container

Flags:
  -h, --help   help for ecs

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

Use "gotoaws ecs [command] --help" for more information about a command.

Execute a command in a container

Usage:
  gotoaws ecs exec [flags] -- COMMAND [args...]

Examples:
gotoaws ecs exec --cluster demo-cluster

Flags:
      --cluster string     arn or name of the cluster (default "default")
      --container string   name of the container. A container name only needs to be specified for tasks containing multiple containers
  -h, --help               help for exec
      --task string        arn or id of the task

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

EKS

Usage:
  gotoaws eks [command]

Available Commands:
  exec              Execute a command in a container
  fwd               Port forwarding
  get-token         Get a token for authentication with an Amazon EKS cluster
  logs              Print the logs for a container in a pod
  update-kubeconfig Configures kubectl so that you can connect to an Amazon EKS cluster

Flags:
  -h, --help   help for eks

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

Use "gotoaws eks [command] --help" for more information about a command.

Execute a command in a container

Usage:
  gotoaws eks exec [flags] -- COMMAND [args...]

Examples:
gotoaws eks exec --cluster gotoaws --role cluster-admin
gotoaws eks exec --cluster gotoaws --role cluster-admin -- /bin/sh
gotoaws eks exec --cluster gotoaws --role cluster-admin -- cat /etc/passwd
gotoaws eks exec --cluster gotoaws --role cluster-admin --namespace default --pod nginx -- date

Flags:
      --cluster string     arn or name of the cluster
  -c, --container string   name of the container
  -h, --help               help for exec
  -n, --namespace string   namespace of the pod (default "all namespaces"
  -p, --pod string         name of the pod
      --role string        arn or name of the role

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

Port forwarding

Usage:
  gotoaws eks fwd [flags]

Examples:
gotoaws eks fwd --cluster gotoaws --role cluster-admin --pod nginx
gotoaws eks fwd --cluster gotoaws --role cluster-admin --pod nginx --local 8000 --remote 80

Flags:
      --cluster string     arn or name of the cluster
  -h, --help               help for fwd
  -l, --local int32        the local port
  -n, --namespace string   namespace of the pod (default "all namespaces"
  -p, --pod string         name of the pod
  -r, --remote int32       the container port
      --role string        arn or name of the role

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

Get a token for authentication with an Amazon EKS cluster

Usage:
  gotoaws eks get-token [flags]

Flags:
      --cluster string   arn or name of the cluster
  -h, --help             help for get-token
      --role string      arn or name of the role
      --token-only       Return only the token for use with Bearer token based tools

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

Print the logs for a container in a pod

Usage:
  gotoaws eks logs [flags]

Examples:
gotoaws eks logs --cluster gotoaws --role cluster-admin --pod nginx
gotoaws eks logs --cluster gotoaws --role cluster-admin --pod nginx --container nginx

Flags:
      --cluster string     arn or name of the cluster
  -c, --container string   name of the container
  -h, --help               help for logs
  -n, --namespace string   namespace of the pod (default for finder "all namespaces"
  -p, --pod string         name of the pod
      --role string        arn or name of the role

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

Configures kubectl so that you can connect to an Amazon EKS cluster

Usage:
  gotoaws eks update-kubeconfig [flags]

Flags:
      --alias string     alias for the cluster context name (default "arn of the cluster"
      --cluster string   arn or name of the cluster
  -h, --help             help for update-kubeconfig
      --role string      arn or name of the role

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

Manage your local gotoaws CLI config file

Usage:
  gotoaws config [command]

Available Commands:
  get         Print a config value
  set         Create a new config value
  unset       Remove a config value

Flags:
  -h, --help   help for config

Global Flags:
      --config string      config file (default "$HOME/.config/configstore/gotoaws.json")
      --profile string     AWS profile
      --region string      AWS region
      --silent             run gotoaws without printing logs
      --timeout duration   timeout for network requests (default 15s)

Use "gotoaws config [command] --help" for more information about a command.

Supported KEY values:

Key Description
profile AWS profile
region AWS region
timeout timeout for network requests
silent run gotoaws without printing logs

License

MIT