I use CoreTunnel to connect to my non-public RDS databases in AWS. I am currently doing this through a standard SSH tunnel and everything is working great.
AWS recently announced AWS session manager, a new service for connecting to private AWS resources without tunneling through a publicly available box. They also introduced a plugin that makes it easier to set everything up locally: (Optional) Install the Session Manager plugin for the AWS CLI - AWS Systems Manager.
It would be great to be able to use the AWS session manager plugin with CoreTunnel. I've attempted configure CoreTunnel in two different ways.
First by using the ProxyCommand and IdentityFile settings in Advanced:
ProxyCommand = aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p` IdentityFile - ~/.ssh/key
I set this up along with the AWS instance ID as my host. This outputs the following command:
ssh -i ~/.ssh/key -vvv -L 5439:AWSDB:5439 -o ServerAliveInterval=15 -o ProxyCommand="aws - ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p" -o ExitOnForwardFailure=yes -o ServerAliveCountMax=3 ec2-user@i-ID
I also attempted to configure this in my local ssh config file
Host i-* mi-* ProxyCommand sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'" IdentityFile ~/.ssh/key User ec2-user
Neither of these options seem to work with CoreTunnel however both work on the command line. It could be that the AWS
session-manager-plugin is binding to
ssh somehow and CoreTunnel is using it's own version. Do you know if this is supported at all or if there is any plans for future support?