bertrandmartel / aws-ssm-session Goto Github PK

Hi, I'm trying to get this working on Node with ECS tasks, and while I can connect to the container, I don't get any response back when I try to execute any commands.

I was trying with the examples, I updated line 3 in app.js from const session = require("../../scripts/aws-get-session"); to const session = require("../../scripts/aws-get-session-ecs");,

It works with EC2 instances.

When SSM is protected with KMS, the payload fails to send/receive data.

See https://github.com/aws/session-manager-plugin/blob/mainline/src/datachannel/streaming.go:

// Encrypt if encryption is enabled and payload type is Output
if dataChannel.encryptionEnabled && payloadType == message.Output {
	inputData, err = dataChannel.encryption.Encrypt(log, inputData)
	if err != nil {
		return err
	}
}

case message.KMSEncryption:
	processedAction.ActionType = action.ActionType
	err := dataChannel.ProcessKMSEncryptionHandshakeAction(log, action.ActionParameters)
	if err != nil {
		processedAction.ActionStatus = message.Failed
		processedAction.Error = fmt.Sprintf("Failed to process action %s: %s",
			message.KMSEncryption, err)
		errorList = append(errorList, err)
	} else {
		processedAction.ActionStatus = message.Success
		processedAction.ActionResult = message.KMSEncryptionResponse{
			KMSCipherTextKey: dataChannel.encryption.GetEncryptedDataKey(),
		}
		dataChannel.encryptionEnabled = true
	}

I’m not sure if this is really a bug with aws-ssm-session, but I wanted to get your thoughts.

I’ve tested this project against SSM agents running on instances, and that works fine.

Recently, AWS added SSM support for ECS tasks. Using the AWS CLI, you can connect to them just fine, as they too leverage an SSM agent.

You can request the WSS URL and token via this endpoint: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/ECS.html#executeCommand-property

However, using aws-ssm-session, I’m unable to connect to an ECS task. I’ve tried via the web client and the node script. I can connect to these tasks just fine though, when using the AWS CLI command: https://aws.amazon.com/blogs/containers/new-using-amazon-ecs-exec-access-your-containers-fargate-ec2/

Do you think this is something that could be added / supported to aws-ssm-session, or do you think this is a bug on the AWS side of things?

Hello, I'm following the nodejs example in the example dir but am having some issues supported pasted text. It seems to append tilde's (~) around the pasted content (and only when setting the stdin into raw mode, without it I seem to be getting the control characters).

eg. irb(main):001:0> ^[[200~www.sephora.sg^[[201~

Is there any way to fix that?

There are syntax errors in the nodejs section of the README. The websocket is named connection in the outer context but the callbacks use the name socket.

My socket connection is closed after 2 min of inactivity. How to implement ping following this binary format?

~/aws-ssm-session $ npm i
npm ERR! code E404
npm ERR! 404 Not Found - GET https://npm.labinno.fr/ws/-/ws-7.4.4.tgz
npm ERR! 404
npm ERR! 404 'ws@https://npm.labinno.fr/ws/-/ws-7.4.4.tgz' is not in the npm registry.
npm ERR! 404 You should bug the author to publish it (or use the name yourself!)
npm ERR! 404
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

npm ERR! A complete log of this run can be found in:

Running into some funky terminal outputs when using this repo. I essentially have the same setup as the source code, but when running commands like ls, I get ordering problems, and missing characters like below. Is this a known issue and are there potential work around?

Hi, thanks for creating this library!

I have a use case where I connect to an EC2 instance via SSM, but then want to execute an SSH command to tunnel (I cannot use the native SSM tunnel). The problem I have is I do not know when the prompt is ready for the SSH command, so don't know when to run it. I currently have a setTimeout on connection.onopen but it won't work all the time.

Would it be possible to have some callback?

Thanks

I get this error when running the Node example:

{"MessageId":"e61ab986-c9c4-4b9c-a557-0c7fe13ee4c5","CreatedDate":"2021-10-01T09:24:34.917Z","DestinationId":"9eb2aa6d-936c-44a9-80aa-2c163fd558d8","SessionId":"xxxxxxxxxxxx-00326d985ae62b3af","MessageType":"channel_closed","SchemaVersion":1,"Output":"\n----------ERROR-------\nEncountered error while initiating handshake. Handshake timed out. Please ensure that you have the latest version of the session manager plugin."}

I've updated the session manager plugin to the latest and the issue is the same.

Hello! Awesome project!

I made it running locally and it's working fine.

But, after running rails c, I enter into the rails terminal and when I send a command, I don't get any response back. I added logs to check if the command is send it, and it's. The connection is still opened, but nothing.

I'm working if it's related to message number sequence or something.

After each command I send I get payloadType=0

Any ideas? @bertrandmartel

Hello @bertrandmartel ,

great library, just a quick question, I use byobu ( on top of tmux / screen ) and I notice that some characters are not render correctly :

Did you face the same issue maybe ?

Thanks