46°F

Aaron Parecki

  • Articles
  • Notes
  • Photos
  • SSH to EC2 Servers by Instance ID

    February 11, 2014

    I often know an EC2 instance ID and need to SSH to the server. In order to avoid manually looking up the IP address or hostname, I wrote a small script to let myself SSH to an EC2 given an instance ID.

    I also frequently switch between 4-5 different AWS accounts and regions, with different private keys and AWS API keys, and most existing scripts I found do not support this. Below is my setup that allows me to quickly SSH to any EC2 server across all the accounts and regions.

    The SSH Script

    Filename: ssh-ec2

    #!/usr/bin/env ruby
    require 'aws-sdk'
    
    profile = ARGV[0]
    ssh_command = ARGV[1]
    
    config = File.read("#{File.dirname(__FILE__)}/aws/#{profile}.profile")
    
    if !config
      puts "No config file found for #{profile}"
      exit
    end
    
    access_key_id = config.match(/AWS_ACCESS_KEY=(.+)/)[1]
    secret_access_key = config.match(/AWS_SECRET_KEY=(.+)/)[1]
    region = config.match(/EC2_REGION=(.+)/)[1]
    default_username = (m=config.match(/DEFAULT_USERNAME=(.+)/)) ? m[1] : 'ubuntu'
    
    AWS.config access_key_id: access_key_id, secret_access_key: secret_access_key, region: region
    
    if match=ssh_command.match(/(.+)@(.+)/)
      username = match[1]
      instance_id = match[2]
    else
      username = default_username
      instance_id = ssh_command
    end
    
    begin
      i = AWS.ec2.instances[instance_id]
      if i.public_dns_name
        puts "ssh -i ~/.ssh/#{profile}.aws.pem #{username}@#{i.public_dns_name}"
        system "ssh -i ~/.ssh/#{profile}.aws.pem #{username}@#{i.public_dns_name}"
        exit
      end
    rescue
    end
    
    puts "Could not find instance with id #{instance_id} on aws account #{profile}"
    

    The Environment

    A good place for this script is a "scripts" folder in your dotfiles repo which you can then add to your path, or if you don't have something like that set up, then just put it in your ~/.ssh/ folder and make a symlink to this script in /usr/local/bin/.

    In order to specify your AWS credentials and region, you'll need to make a folder containing your AWS credentials. Create a folder in the same folder as this script called aws, and it will contain one file per AWS profile. The profile specifies the AWS account as well as the region.

    For example:

    .
    ├── aws
    │   ├── geoloqi.profile
    │   ├── geotrigger-production.profile
    │   ├── geotrigger-dev.profile
    │   └── esripdx.profile
    ├── ssh-ec2
    

    Each of the *.profile files looks like the below:

    export AWS_ACCESS_KEY=XXXXXXXXX
    export AWS_SECRET_KEY=XXXXXXXXX
    export EC2_REGION=us-east-1
    

    You should also ensure you name your SSH private keys to correspond to the profiles you have here. So for example I have a private key named ~/.ssh/esripdx.aws.pem that I use to SSH to all the servers in that account and region. (See our project Blacksmith for a way to manage SSH keys for multiple users across multiple AWS accounts).

    Once this is set up, you can SSH to a server as follows:

    $ ssh-ec2 esripdx i-a3e8542d
    

    The Shortcut

    This is pretty good. But what if you want to type even fewer characters! This is where some clever bash aliases come in. I've defined short bash functions that help with this.

    function ssh-p() {
      if [[ "$1" =~ i-[a-f0-9]+ ]]
      then
        ssh-ec2 geotrigger-production $1
      else
        echo ssh -i geotrigger-production.aws.pem ubuntu@$1
        ssh -i ~/.ssh/geotrigger-production.aws.pem ubuntu@$1
      fi
    }
    

    Now I can use this to either SSH to an instance ID, or use it to choose the proper private key when SSH'ing to a server by IP address.

    $ ssh-p i-a3e8542d
    $ ssh-p 54.243.231.166
    
    Tue, Feb 11, 2014 11:14am -08:00 #ssh #ec2 #aws #ops
    1 like 2 reposts 1 reply
    • Darrell Fuhriman
    • Eoin Brazil
    • Darrell Fuhriman
    • Darrell Fuhriman twitter.com/nixzusehen
      @aaronpk Very handy!
      Tue, Feb 11, 2014 12:16pm -08:00 (via brid-gy.appspot.com)
Posted in /articles

Hi, I'm Aaron Parecki, Director of Identity Standards at Okta, and co-founder of IndieWebCamp. I maintain oauth.net, write and consult about OAuth, and participate in the OAuth Working Group at the IETF. I also help people learn about video production and livestreaming. (detailed bio)

I've been tracking my location since 2008 and I wrote 100 songs in 100 days. I've spoken at conferences around the world about owning your data, OAuth, quantified self, and explained why R is a vowel. Read more.

  • Director of Identity Standards at Okta
  • IndieWebCamp Founder
  • OAuth WG Editor
  • OpenID Board Member

  • 🎥 YouTube Tutorials and Reviews
  • 🏠 We're building a triplex!
  • ⭐️ Life Stack
  • ⚙️ Home Automation
  • All
  • Articles
  • Bookmarks
  • Notes
  • Photos
  • Replies
  • Reviews
  • Trips
  • Videos
  • Contact
© 1999-2025 by Aaron Parecki. Powered by p3k. This site supports Webmention.
Except where otherwise noted, text content on this site is licensed under a Creative Commons Attribution 3.0 License.
IndieWebCamp Microformats Webmention W3C HTML5 Creative Commons
WeChat ID
aaronpk_tv