Add instance-portforward() for SSM portforwarding #327
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi,
For those of us who are leaning more on SSM vs traditional VPN's/Bastions/etc, portforwarding is a powerful and secure way to access services on our AWS based instances. It's just like
ssh
portforwarding that we all know and love. Unfortunately, the command to run to stand-up a portforward is somewhat verbose and obnoxious. Which is where this function comes in.Some examples are given in the committed code, but to offer some additional high-level examples here:
So let's say you've got a Windows based instance and you need to RDP to it - you can just setup a portforward:
That will connect to the given instance's port 3389, and as we haven't supplied a second port number to locally map to, it will automatically attempt to use the same number as the first i.e. instance:3389 <--> localhost:3389
Then fire up an RDP client of choice and connect to localhost (Port 3389 is implied in this case)
Let's say we want to connect that remote port to local port 5006 instead:
Then fire up an RDP client of choice and connect to localhost:5006
I have also coded in port aliases based on the list that Amazon has built into its security group management. So, the previous example could also be expressed like:
I have tested this successfully with SSH, RDP, MS-SQL Management Studio and a handful of custom ports for web-UI's and API's.
I have at least one more commit to get-in to shore-up the documentation, but I figured I'd get this PR rolling in the meantime.
Discussion welcome :)