Currently, users must use the custom connection target approach to connect to services running on EC2 instances. This involves manually setting up connectivity (at init time) and providing Basti with the target's IP and port (at connect time).
Solution
The first-class EC2 support could be implemented in the following way:
User selects the EC2 instance and a port where the service is running during basti init
The Basti access security group, which allows connection from the bastion instance to the target will have one ingress rule service (one ingress rule will be added per one basti init run)
The per-service ingress rule will have the name of the service in the description (the
user will be prompted for a name during initialization)
When connecting, the user will be presented not only with the EC2 instances but with services running on those instances based on the ingress rules of the Basti access security group.
This includes:
Detecting EC2 instances in the user's AWS account and presenting them during initialization
EC2 instance initialization (setting up the access security group or reusing the existing one)
Detecting services running on the EC2 instances by the Basti access SG and it's ingress rules
EC2-related resources cleanup in basti cleanup command
Summary
Currently, users must use the custom connection target approach to connect to services running on EC2 instances. This involves manually setting up connectivity (at
inittime) and providing Basti with the target's IP and port (atconnecttime).Solution
The first-class EC2 support could be implemented in the following way:
basti initbasti initrun)This includes:
basti cleanupcommand