Connect to AWS EC2 instance without SSH, only via AWS SSM

[serverhorror]

I did look for "ssm" or "aws" issues, none seem to apply.

There is a discussion in aws/aws-toolkit-vscode#941. A lot of people, including myself, would like to be able to use AWS SSM directly instead of tunneling SSH thru SSM.

Is it possible to provide a hook so the community can create this or even add this directly?

Thank you so much!

[serverhorror]

Just to be clear: I think this is not labeled correctly.

It should not work via SSH.

[VSCodeTriageBot]

This feature request is now a candidate for our backlog. The community has 60 days to upvote the issue. If it receives 10 upvotes we will move it to our backlog. If not, we will close it. To learn more about how we handle feature requests, please see our documentation.

Happy Coding!

[justinmk3]

Other requests for a "hook" or similar interface:

• Before Connecting hook for Remote SSH #2775
• Enable custom shell initialization script on the remote #141
• Cluster workflow feature to allow shell commands or script to run before remote server setup (e.g. slurm) (wrap install script) #1722

[VSCodeTriageBot]

🙂 This feature request received a sufficient number of community upvotes and we moved it to our backlog. To learn more about how we handle feature requests, please see our documentation.

Happy Coding!

[roblourens]

This seems to be an aws-specific feature, right? I don't think it makes sense to provide built-in support for this. If it helps, an extension could probably build this on top of Remote-SSH, and you would still have to tunnel ssh over ssm, but you could probably get a more streamlined experience.

[justinmk3]

This seems to be an aws-specific feature, right? I don't think it makes sense to provide built-in support for this.

To avoid aws-specific solution, some sort of extensibility is needed, perhaps one of the issues I linked above.

If it helps, an extension could probably build this on top of Remote-SSH, and you would still have to tunnel ssh over ssm, but you could probably get a more streamlined experience.

Isn't that prohibited by the license?

You cannot create other extensions that extend or manipulate the Remote Development extensions.

[roblourens]

I don't think this is what is meant by "build my own product or service". But I'm not a lawyer and I'll try to get a better answer for you. Will have to be after the holidays though.

[serverhorror]

This seems to be an aws-specific feature, right? I don't think it makes sense to provide built-in support for this. If it helps, an extension could probably build this on top of Remote-SSH, and you would still have to tunnel ssh over ssm, but you could probably get a more streamlined experience.

That's badly phrased on my end.

I want to be able for extension authors to provide a custom connection method. Currently only SSH works.

Situations:

• we have a bastion host that requires custom commands to connect next to the final hop
• We use AWS SSM
• connect to a shell a container in Kubernetes
• Connect to shell to an ephemeral Container in Kubernetes
• Connect to a shell in a singularity container
• ...

Does that make more sense?

[roblourens]

I get it, I think we aren't interested in supporting a custom connection method, supporting ssh is complex enough as it is. We have the 3 extensions for WSL, Containers, and ssh, and ssh can do a lot.

[justinmk3]

Sure, but what about providing before/after hooks for the ssh case?

• Enable custom shell initialization script on the remote #141
• Cluster workflow feature to allow shell commands or script to run before remote server setup (e.g. slurm) (wrap install script) #1722

[v-au]

I get it, I think we aren't interested in supporting a custom connection method, supporting ssh is complex enough as it is. We have the 3 extensions for WSL, Containers, and ssh, and ssh can do a lot.

There are main differences between SSH and AWS SSM which makes the latter the preferred choice for AWS customers.
SSH requires the remote to have SSH configured (service, keys). AWS SSM requires none of that. Additionally, AWS SSM doesn't require a network port to be open on the host. Yes, you can do SSH over SSM but that is a band-aid solution..