如何使用以ruby开头的SSM端口转发会话的结果? [英] How do I use the results of an SSM port forwarding session started with ruby?

问题描述

我在调和使用aws cli和ruby sdk建立与实例的ssm连接之间的差异时遇到麻烦.例如，如果我尝试使用如下命令:

I'm having trouble reconciling the differences between using the aws cli and the ruby sdk to make ssm connections to an instance. For example, if I try using the command like like this:

aws ssm start-session \
  --target 'i-abc123' \
  --document-name AWS-StartPortForwardingSession \
  --parameters '{
    "portNumber": ["3000"], 
    "localPortNumber": ["13000"]
  }'

Starting session with SessionId: username-def456
Port 13000 opened for sessionId username-def456.
Waiting for connections...

Connection accepted for session [username-def456]

该工具将暂停，因为它将打开从目标实例上的端口3000到本地计算机上的端口13000的端口转发会话.然后，我可以在机器上打开Web浏览器并将其指向 http://localhost:13000 ，以浏览在远程实例上运行的应用程序.另外，我可以查看AWS控制台UI并看到有活动会话，直到我按下Ctrl-C

the tool will pause as it opens up a port forwarding session from port 3000 on the destination instance to port 13000 on my local machine. I can then open up a web browser on my machine and point it at http://localhost:13000 to browse around an app running on the remote instance. Also, I can look at the AWS console UI and see that there's an active session until I Ctrl-C

我遇到的麻烦是当我尝试使用ruby sdk执行相同的操作时:

The trouble I'm having is when I try to use the ruby sdk to do the same thing:

result = ssm.start_session(
  target: 'i-abc123',  
  document_name: 'AWS-StartPortForwardingSession',  
  parameters: {  
    'portNumber' => %w[3000],    
    'localPortNumber' => %w[13000]    
  }    
)  

result 对象是一个类似于以下内容的结构:

The result object is a struct that looks like the following:

=> #<struct Aws::SSM::Types::StartSessionResponse
 session_id="username-def456",
 token_value="...",
 stream_url="wss://ssmmessages.us-east-1.amazonaws.com/v1/data-channel/username-def456? 
 role=publish_subscribe">

同样，我在控制台UI中看到有一个活动会话.但是，如果尝试在计算机上浏览到 http://localhost:13000 ，则浏览器将无法访问任何内容.如何使用生成的流URL和令牌实际创建与ec2实例的连接?

Again, I can see in the console UI that there is an active session. However, if I try to browse to http://localhost:13000 on my machine, the browser can't reach anything. How do I use the resulting stream url and token to actually create a connection to the ec2 instance?

其他详细信息:

• ruby​​ sdk的核心宝石版本:3.109.2
• aws cli版本-aws-cli/2.1.16
• aws ssm代理版本-Amazon-ssm-agent-3.0.356.0-1.x86_64

推荐答案

从API中获得的回报是对Web套接字的引用.因此，您要么需要创建到本地侦听器代理的Web套接字，要么像aws cli实用程序一样使用session-manager-plugin.

What you get back from the API is a reference to a web socket. So you either need to create your own web socket to local listener proxy or use the session-manager-plugin as the aws cli utility does.

我最近想出了如何使用session-manager-plugin，下面的代码段是Python，但是应该很明显可以弄清楚它.

I recently figured out how to use the session-manager-plugin, the following snippet is Python but should be obvious enough to figure it out.

def start_aws_ssm_plugin(self, create_session_response, parameters, profile, region):
    print('start_aws_ssm_plugin() called: ' + str( create_session_response))

    arg0 = '"' + self.config.get_ssm_plugin() + '"'
    arg1 = '"' + str(create_session_response).replace('\'', '\\"') + '"'
    arg2 = region
    arg3 = 'StartSession'
    arg4 = profile
    arg5 = '"' + str(parameters).replace('\'', '\\"') + '"'
    arg6 = 'https://ssm.{region}.amazonaws.com'.format(region=region)

    command = arg0 + ' ' + arg1 + ' ' + arg2 + ' ' + arg3 + ' ' + arg4 + ' ' + arg5 + ' ' + arg6

    print(command)
    # print('session-manager-plugin', arg1, arg2, arg3, arg4, arg5, arg6)

    pid = subprocess.Popen(command).pid
    return pid

# end def

(是的，这只是一个快速而肮脏的原型.；))

(And yes, this was just a quick and dirty prototype.;))

这篇关于如何使用以ruby开头的SSM端口转发会话的结果?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！