VSCode Remote to EC2 instance (via SSH over SSM)

[jovanshernandez]

Desktop (please complete the following information):

• OS: Ubuntu18 and/or Amazon Linux2
• VS Code version: 1.41.0
• AWS Toolkit extension version: 1.70

Anyway to connect to EC2 through VSCode without SSH Key?

Trying to connect to EC2 through VSCode without SSH Keys. I'm able to connect to EC2s using AWS Credentials, AWS Profiles, and AWS SSM, but is there a way to pass that connection through VSCode/?

[justinmk3]

Currently this requires:

• VS Code
• VS Code Remote extension
• aws cli version 2 ...
• SSH (OpenSSH feature on Windows)
• an SSH key on the EC2 instance

After this issue is addressed, these won't be needed:

• aws cli version 2
• a specific SSH configuration like so: Host devbox ...

AWS Toolkit will auto-configure SSH for you. The reason for requiring SSH is because that is what vscode-remote requires.

[serverhorror]

After this issue is addressed, these won't be needed:

• aws cli version 2

AWS Toolkit will auto-configure SSH for you. The reason for requiring SSH is because that is what vscode-remote requires.

Please keep in mind that some of us have a mind boggling amount of profiles in ~/.aws/config. If we don't need aws cli it would be great to still use the AWS eco system (profiles, SSO, ...).

[justinmk3]

If we don't need aws cli it would be great to still use the AWS eco system (profiles, SSO, ...).

Absolutely. If you get a chance to try out "Dev Environments" with https://codecatalyst.aws/ , please let us know what you think. We have put a lot of work into how AWS Toolkit presents credentials, with more improvements planned.

[sholtomaud]

I've tried out the "Dev Environments" for codecatalyts and it works great.

Now we need to be able to get VSCode to get a session into a specific EC2 with a similar method.

---

From: Justin M. Keyes @.> Sent: Tuesday, 14 March 2023 10:50 AM To: aws/aws-toolkit-vscode @.> Cc: Sholto Maud @.>; Comment @.> Subject: Re: [aws/aws-toolkit-vscode] VSCode Remote to EC2 instance (via SSH over SSM) (#941)

CAUTION: This email has originated outside our organisation. Do not CLICK on links or open attachments that are unexpected. If in doubt report this email as suspicious.

---

If we don't need aws cli it would be great to still use the AWS eco system (profiles, SSO, ...).

Absolutely. If you get a chance to try out "Dev Environments" with https://codecatalyst.aws/https://codecatalyst.aws/ , please let us know what you think. We have put a lot of work into how AWS Toolkit presents credentials, with more improvements planned.

— Reply to this email directly, view it on GitHubhttps://github.com/aws/aws-toolkit-vscode/issues/941#issuecomment-1467130503, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AADBIQRLIPN2AXHJE3436KLW36XCVANCNFSM4KZNQB7A. You are receiving this because you commented.Message ID: @.***>

---

We acknowledge the traditional custodians of the land on which we meet, work and live. We pay our respects to the ancestors and Elders, past and present.

The information in this email and any attachments may contain confidential, privileged or copyright material belonging to us, related entities or third parties. If you are not the intended recipient you are prohibited from disclosing this information. If you have received this email in error, please contact the sender immediately by return email or phone and delete it. We apologise for any inconvenience caused. We use security software but do not guarantee this email is free from viruses. You assume responsibility for any consequences arising from the use of this email. This email may contain personal views of the sender not authorised by us.

---

[borontion]

I implemented a simple prototype EC2 explorer, which can 1) start / stop instances and 2) open via SSH: https://marketplace.visualstudio.com/items?itemName=PengzhanZhao.ec2-farm. However, It does require to provision EC2 instances with a uploaded key pair.

[sholtomaud]

@borontion nice. However we don't want to use key pairs or ssh.

[serverhorror]

For anyone interested: the issue in microsoft/vscode-remote-release#8186 is now eligible for upvotes. If we reach 10 or more it will be considered for the next step. Let the upvotes ensue...

[serverhorror]

VS Code has accepted the refrenced issue in their backlog.

We might want to bring our input so it does get enough priority and people can create useful extensions with the solution they come up with.

[iancullinane]

@Roseidon your solution gets me through the mfa portion, but asks for a password afterwards. Is this supposed to happen? I don't have a password for this instance.

[Roseidon]

@Roseidon your solution gets me through the mfa portion, but asks for a password afterwards. Is this supposed to happen? I don't have a password for this instance.

Unfortunately not, I haven't been prompted for a password afterwards. Maybe that is an auth setting on the instance itself. So far I only worked with saving my public ssh key on the instance, but not with user/pass.

[trallnag]

For me it works on Windows 10, VS Code 1.79.2, Remote SSH 0.102.0. Entry in SSH config:

Host server
   User ubuntu
   ProxyCommand C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "aws ssm start-session --target i-0824c21f7abd6347c --document-name AWS-StartSSHSession --parameters portNumber=%p"

[justinmk3]

Status

We are actively working on these features.

• Implemented:
  • ✅ Open Terminal to an EC2 instance (including Windows instances)
  • ✅ AWS: Connect to EC2 Instance... command
    • 
  • ✅ Browse EC2 instances in AWS Explorer
  • ✅ Start/Stop/Reboot actions #1559
  • ✅ Connect to EC2 instance via VSCode remote-ssh
• Not implemented yet:
  • Connect to EC2 instance from Windows
  • Connect to EC2 Windows instance
  • Other actions: list EBS volumes, set shutdown schedule #1559

[mwanser1]

Status

We are actively working on these features.

• Implemented:

  • ✅ Open Terminal to an EC2 instance (including Windows instances)

  • ✅ AWS: Connect to EC2 Instance... command

    • 

  • ✅ Browse EC2 instances in AWS Explorer

  • ✅ Start/Stop/Reboot actions #1559

  • ✅ Connect to EC2 instance via VSCode remote-ssh

• Not implemented yet:

  • Connect to EC2 instance from Windows

  • Connect to EC2 Windows instance

  • Other actions: list EBS volumes, set shutdown schedule #1559

Is AWS: Connect to EC2 Instance in version 1.91.0? I'm not seeing it in VS code nor could I find anything about this functionality in the docs.

[justinmk3]

Is AWS: Connect to EC2 Instance in version 1.91.0?

The features in the above comment are implemented but not released. We're hoping to make it available as an "experimental" option.

Will update this issue when there is any news.

[mwanser1]

I'm not entirely sure if this is a workaround but with ssm-tool, an aws key pair , and the remote-ssh vscode extension to connect to the instance.

https://github.com/elpy1/ssm-tool

Followed the quick run instructions, including the update to the .ssh/config file ( the two

Put the host details above the ssm-tool match commands and set the instance Id as hostname, set identity file and user as usual. Confirmed it works with omitting identity file and using ssm-user as user.

Make sure the aws profile is connected and authenticated prior to using the remote-ssh: connect to host

Have run into weird UNKNOWN Port errors while trying to connect, usually resolved with restarting vscode.

Might not be an exact solution as desired, but it works for me.

[justinmk3]

See https://github.com/aws/aws-toolkit-vscode/issues/941#issuecomment-873096740

[jfmcdowell]

Is there an update on this? I periodically (about every VSCode update) lose the ability to run SSM via the proxy script. Using my terminal is fine but inside of VSCode it seems to lose the awscli path.

See this issue for additional details

[justinmk3]

Current status is https://github.com/aws/aws-toolkit-vscode/issues/941#issuecomment-1609299367

[la-cruche]

@justinmk3 those features are still not part of the extension? https://github.com/aws/aws-toolkit-vscode/issues/941#issuecomment-1609299367 any ETA?

[deanhtid]

anything new on this? @justinmk3

[justinmk3]

Current status is https://github.com/aws/aws-toolkit-vscode/issues/941#issuecomment-1609299367

[ekalosak]

Would like to see progress on this as well - it was a surprise to not see EC2 in the AWS VScode toolkit. I'm still cycling the public IP for my ec2 instance :(

[jordancparker]

Would it be possible to release this as experimental as mentioned in an above message @justinmk3.

My understand would be that there would be an ability to SSM on Linux/Mac in its current phase.

[sholtomaud]

This Connect to EC2 instance via VSCode remote-ssh, is that considered zero-trust with MFA auth + Enterprise AzureAD? Can I access the EC2 without being in the private network using the DirectConnection to the AWS data centre from the on-prem network? OR is all traffic over the public internet, and Enterprise AzureAD auth not supported?