SSM

AWS-VAULT setup

Check https://github.com/99designs/aws-vault

Exporting AWS variables from aws-vault

manual

unset AWS_VAULT && export echo $(aws-vault exec -d 3h ${AWS_PROFILE} -- env | grep AWS)

automatic - via function

gen_aws ()
{
    unset AWS_VAULT;
    export echo $(aws-vault exec -d 3h $1 -- env | grep AWS)
}

connecting to the box

ssh ec2-user@i-01de2c7928c7fe462

creating ssh tunnel over ssm

ssh -Nf -L 3306:myrds-instance-1.c61palp56hdx.eu-central-1.rds.amazonaws.com.:3306 ec2-user@i-01de2c7928c7fe462

create mysql config as config.cnf

[client]
user = admin
password = XXXX
host = 127.0.0.1
max_allowed_packet = 512M

connect to rds

mysql --defaults-extra-file=config.cnf

SSM Parameter store

fetch single param

aws-vault exec $profile -- aws ssm get-parameter --name /my-app/dev/db-url

fetch multiple params

aws-vault exec $profile -- aws ssm get-parameters --names /my-app/dev/db-url /my-app/prod/db-url

fetch params with path

aws-vault exec $profile -- aws ssm get-parameter --path /my-app/dev

fetch param and decript it

aws-vault exec $profile -- aws ssm get-parameter-by-path --path /my-app/dev --with-decryption

References

https://nullsweep.com/a-better-way-to-ssh-in-aws/
https://globaldatanet.com/blog/ssh-and-scp-with-aws-ssm