aws-gate is a AWS SSM Session Manager CLI client. It aims to provide richer user experience than official tooling.
- Opening AWS SSM session from CLI
- session-manager-plugin bootstrapping
- Querying instances by different instance identifiers
- config and config.d support
- SSH ProxyCommand support (allows to use ssh and scp over AWS SSM session)
- SSH client support to open SSH sessions directly (convenient wrapper around ssh)
- Docker container support
It is a very common and recommend security practice to run a bastion host if you want to connect to your workload in AWS. However, running bastion host has its own issues:
- maintaining additional instance which requires patching/updating
- SSH key management and distribution (SSH CA works nicely, but it still has to be owned by somebody)
- exposing SSH port to the network (ideally you want to have this behind a VPN or open only to trusted IPs, which can be seen as an anti-pattern in the cloud)
To address some of these issues, Amazon released a service while ago to fix this - AWS Systems Manager Session Manager. However, CLI user experience of Session Manager is limited and lacks some features:
- ability to connect to instances by other means (e.g. DNS, IP, tag, instance name, autoscaling group) as aws cli supports only connecting by instance IDs
- configuration file support for storing connection information via Session Manager
Out of the frustration with these problems, aws-gate was born.