diff --git a/README.md b/README.md
index 0aed8a3..850b52b 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,7 @@
# Manage AWS EC2 SSH access with IAM
+> You might want to checkout the newly launched [AWS Systems Manager Session Manager for Shell Access to EC2 Instances](https://aws.amazon.com/de/blogs/aws/new-session-manager/)
+
Use your IAM user's public SSH key to get access via SSH to an **EC2 instance** running
* Amazon Linux 2017.09
* Amazon Linux 2 2017.12
@@ -54,7 +56,7 @@ A picture is worth a thousand words:
4. Click the **Upload SSH public key** button at the bottom of the page
5. Paste your public SSH key into the text-area and click the **Upload SSH public key** button to save
2. Attach the IAM permissions defined in [`iam_ssh_policy.json`](./iam_ssh_policy.json) to the EC2 instances (by creating an IAM role and an Instance Profile)
-3. Install the RPM1: `rpm -i https://s3-eu-west-1.amazonaws.com/widdix-aws-ec2-ssh-releases-eu-west-1/aws-ec2-ssh-1.7.0-1.el7.centos.noarch.rpm`
+3. Install the RPM1: `rpm -i https://s3-eu-west-1.amazonaws.com/widdix-aws-ec2-ssh-releases-eu-west-1/aws-ec2-ssh-1.9.2-1.el7.centos.noarch.rpm`
4. The configuration file is placed into `/etc/aws-ec2-ssh.conf`
5. The RPM creates a crontab file to run import_users.sh every 10 minutes. This file is placed in `/etc/cron.d/import_users`
@@ -102,7 +104,7 @@ one or more of the following lines:
```
ASSUMEROLE="IAM-role-arn" # IAM Role ARN for multi account. See below for more info
IAM_AUTHORIZED_GROUPS="GROUPNAMES" # Comma separated list of IAM groups to import
-SUDOERS_GROUPS="GROUPNAMES" # Comma seperated list of IAM groups that should have sudo access
+SUDOERS_GROUPS="GROUPNAMES" # Comma seperated list of IAM groups that should have sudo access or `##ALL##` to allow all users
IAM_AUTHORIZED_GROUPS_TAG="KeyTag" # Key Tag of EC2 that contains a Comma separated list of IAM groups to import - IAM_AUTHORIZED_GROUPS_TAG will override IAM_AUTHORIZED_GROUPS, you can use only one of them
SUDOERS_GROUPS_TAG="KeyTag" # Key Tag of EC2 that contains a Comma separated list of IAM groups that should have sudo access - SUDOERS_GROUPS_TAG will override SUDOERS_GROUPS, you can use only one of them
SUDOERSGROUP="GROUPNAME" # Deprecated! IAM group that should have sudo access. Please use SUDOERS_GROUPS as this variable will be removed in future release.
diff --git a/authorized_keys_command.sh b/authorized_keys_command.sh
index 7763507..44efeb7 100755
--- a/authorized_keys_command.sh
+++ b/authorized_keys_command.sh
@@ -5,7 +5,7 @@ if [ -z "$1" ]; then
fi
# check if AWS CLI exists
-if ! which aws; then
+if ! [ -x "$(which aws)" ]; then
echo "aws executable not found - exiting!"
exit 1
fi
diff --git a/aws-ec2-ssh.conf b/aws-ec2-ssh.conf
index f28d16d..7d089a0 100644
--- a/aws-ec2-ssh.conf
+++ b/aws-ec2-ssh.conf
@@ -6,5 +6,5 @@ ASSUMEROLE=""
# Remove or set to 0 if you are done with configuration
# To change the interval of the sync change the file
-# /etc/cron.d/aws-ec2-ssh
+# /etc/cron.d/import_users
DONOTSYNC=0
diff --git a/aws-ec2-ssh.spec b/aws-ec2-ssh.spec
index 25a827a..60a7a09 100644
--- a/aws-ec2-ssh.spec
+++ b/aws-ec2-ssh.spec
@@ -46,7 +46,7 @@ chmod 0644 ${RPM_BUILD_ROOT}%{_sysconfdir}/cron.d/import_users
%include install_configure_sshd.sh
%include install_configure_selinux.sh
%include install_restart_sshd.sh
-echo "To configure the aws-ec2-ssh package, edit /etc/aws-ec-ssh.conf. No users will be synchronized before you did this."
+echo "To configure the aws-ec2-ssh package, edit /etc/aws-ec2-ssh.conf. No users will be synchronized before you did this."
%postun
diff --git a/iam_crossaccount_policy.json b/iam_crossaccount_policy.json
index bf51b7a..c03f714 100644
--- a/iam_crossaccount_policy.json
+++ b/iam_crossaccount_policy.json
@@ -6,5 +6,9 @@
"Resource": [
"arn:aws:iam:::role/"
]
+ },{
+ "Effect": "Allow",
+ "Action": "ec2:DescribeTags",
+ "Resource": "*"
}]
}
diff --git a/import_users.sh b/import_users.sh
index 8efda08..933df65 100755
--- a/import_users.sh
+++ b/import_users.sh
@@ -1,8 +1,12 @@
#!/bin/bash -e
+function log() {
+ /usr/bin/logger -i -p auth.info -t aws-ec2-ssh "$@"
+}
+
# check if AWS CLI exists
-if ! which aws; then
- echo "aws executable not found - exiting!"
+if ! [ -x "$(which aws)" ]; then
+ log "aws executable not found - exiting!"
exit 1
fi
@@ -14,7 +18,7 @@ fi
if [ ${DONOTSYNC} -eq 1 ]
then
- echo "Please configure aws-ec2-ssh by editing /etc/aws-ec2-ssh.conf"
+ log "Please configure aws-ec2-ssh by editing /etc/aws-ec2-ssh.conf"
exit 1
fi
@@ -54,10 +58,6 @@ fi
INSTANCE_ID=$(curl -s http://169.254.169.254/latest/meta-data/instance-id)
REGION=$(curl -s http://169.254.169.254/latest/dynamic/instance-identity/document | grep region | awk -F\" '{print $4}')
-function log() {
- /usr/bin/logger -i -p auth.info -t aws-ec2-ssh "$@"
-}
-
function setup_aws_credentials() {
local stscredentials
if [[ ! -z "${ASSUMEROLE}" ]]
@@ -171,7 +171,7 @@ function create_or_update_local_user() {
# check that username contains only alphanumeric, period (.), underscore (_), and hyphen (-) for a safe eval
if [[ ! "${username}" =~ ^[0-9a-zA-Z\._\-]{1,32}$ ]]
then
- echo "Local user name ${username} contains illegal characters"
+ log "Local user name ${username} contains illegal characters"
exit 1
fi
@@ -227,16 +227,13 @@ function clean_iam_username() {
function sync_accounts() {
if [ -z "${LOCAL_MARKER_GROUP}" ]
then
- echo "Please specify a local group to mark imported users. eg iam-synced-users"
+ log "Please specify a local group to mark imported users. eg iam-synced-users"
exit 1
fi
# Check if local marker group exists, if not, create it
/usr/bin/getent group "${LOCAL_MARKER_GROUP}" >/dev/null 2>&1 || /usr/sbin/groupadd "${LOCAL_MARKER_GROUP}"
- # setup the aws credentials if needed
- setup_aws_credentials
-
# declare and set some variables
local iam_users
local sudo_users
@@ -249,8 +246,23 @@ function sync_accounts() {
get_iam_groups_from_tag
get_sudoers_groups_from_tag
+ # setup the aws credentials if needed
+ setup_aws_credentials
+
iam_users=$(get_clean_iam_users | sort | uniq)
+ if [[ -z "${iam_users}" ]]
+ then
+ log "we just got back an empty iam_users user list which is likely caused by an IAM outage!"
+ exit 1
+ fi
+
sudo_users=$(get_clean_sudoers_users | sort | uniq)
+ if [[ ! -z "${SUDOERS_GROUPS}" ]] && [[ ! "${SUDOERS_GROUPS}" == "##ALL##" ]] && [[ -z "${sudo_users}" ]]
+ then
+ log "we just got back an empty sudo_users user list which is likely caused by an IAM outage!"
+ exit 1
+ fi
+
local_users=$(get_local_users | sort | uniq)
intersection=$(echo ${local_users} ${iam_users} | tr " " "\n" | sort | uniq -D | uniq)
@@ -262,7 +274,7 @@ function sync_accounts() {
then
create_or_update_local_user "${user}" "$sudo_users"
else
- echo "Can not import IAM user ${user}. User name is longer than 32 characters."
+ log "Can not import IAM user ${user}. User name is longer than 32 characters."
fi
done
diff --git a/install.sh b/install.sh
index 679d118..8a7c99d 100755
--- a/install.sh
+++ b/install.sh
@@ -2,7 +2,7 @@
show_help() {
cat << EOF
-Usage: ${0##*/} [-hv] [-a ARN] [-i GROUP,GROUP,...] [-l GROUP,GROUP,...] [-s GROUP] [-p PROGRAM] [-u "ARGUMENTS"]
+Usage: ${0##*/} [-hv] [-a ARN] [-i GROUP,GROUP,...] [-l GROUP,GROUP,...] [-s GROUP] [-p PROGRAM] [-u "ARGUMENTS"] [-r RELEASE]
Install import_users.sh and authorized_key_commands.
-h display this help and exit
@@ -23,6 +23,9 @@ Install import_users.sh and authorized_key_commands.
Defaults to '/usr/sbin/useradd'
-u "useradd args" Specify arguments to use with useradd.
Defaults to '--create-home --shell /bin/bash'
+ -r release Specify a release of aws-ec2-ssh to download from GitHub. This argument is
+ passed to \`git clone -b\` and so works with branches and tags.
+ Defaults to 'master'
EOF
@@ -39,8 +42,9 @@ LOCAL_GROUPS=""
ASSUME_ROLE=""
USERADD_PROGRAM=""
USERADD_ARGS=""
+RELEASE="master"
-while getopts :hva:i:l:s: opt
+while getopts :hva:i:l:s:p:u:r: opt
do
case $opt in
h)
@@ -68,6 +72,9 @@ do
u)
USERADD_ARGS="$OPTARG"
;;
+ r)
+ RELEASE="$OPTARG"
+ ;;
\?)
echo "Invalid option: -$OPTARG" >&2
show_help
@@ -88,16 +95,22 @@ export USERADD_PROGRAM
export USERADD_ARGS
# check if AWS CLI exists
-if ! which aws; then
+if ! [ -x "$(which aws)" ]; then
echo "aws executable not found - exiting!"
exit 1
fi
+# check if git exists
+if ! [ -x "$(which git)" ]; then
+ echo "git executable not found - exiting!"
+ exit 1
+fi
+
tmpdir=$(mktemp -d)
cd "$tmpdir"
-git clone -b master https://github.com/widdix/aws-ec2-ssh.git
+git clone -b "$RELEASE" https://github.com/widdix/aws-ec2-ssh.git
cd "$tmpdir/aws-ec2-ssh"
diff --git a/install_configure_sshd.sh b/install_configure_sshd.sh
index e7b9564..8d8bcf5 100755
--- a/install_configure_sshd.sh
+++ b/install_configure_sshd.sh
@@ -1,17 +1,14 @@
#!/bin/bash -e
-if grep -q '#AuthorizedKeysCommand none' "$SSHD_CONFIG_FILE"; then
- sed -i "s:#AuthorizedKeysCommand none:AuthorizedKeysCommand ${AUTHORIZED_KEYS_COMMAND_FILE}:g" "$SSHD_CONFIG_FILE"
-else
- if ! grep -q "AuthorizedKeysCommand ${AUTHORIZED_KEYS_COMMAND_FILE}" "$SSHD_CONFIG_FILE"; then
- echo "AuthorizedKeysCommand ${AUTHORIZED_KEYS_COMMAND_FILE}" >> "$SSHD_CONFIG_FILE"
- fi
+# add new line if file does not end with new line
+if [ -n "$(tail -c1 ${SSHD_CONFIG_FILE})" ]; then
+ echo >> ${SSHD_CONFIG_FILE}
fi
-if grep -q '#AuthorizedKeysCommandUser nobody' "$SSHD_CONFIG_FILE"; then
- sed -i "s:#AuthorizedKeysCommandUser nobody:AuthorizedKeysCommandUser nobody:g" "$SSHD_CONFIG_FILE"
-else
- if ! grep -q 'AuthorizedKeysCommandUser nobody' "$SSHD_CONFIG_FILE"; then
- echo "AuthorizedKeysCommandUser nobody" >> "$SSHD_CONFIG_FILE"
- fi
+if ! grep -q '^AuthorizedKeysCommand /opt/authorized_keys_command.sh' ${SSHD_CONFIG_FILE}; then
+ sed -e '/AuthorizedKeysCommand / s/^#*/#/' -i ${SSHD_CONFIG_FILE}; echo "AuthorizedKeysCommand ${AUTHORIZED_KEYS_COMMAND_FILE}" >> ${SSHD_CONFIG_FILE}
+fi
+
+if ! grep -q '^AuthorizedKeysCommandUser nobody' ${SSHD_CONFIG_FILE}; then
+ sed -e '/AuthorizedKeysCommandUser / s/^#*/#/' -i ${SSHD_CONFIG_FILE}; echo 'AuthorizedKeysCommandUser nobody' >> ${SSHD_CONFIG_FILE}
fi
diff --git a/showcase-rpm.yaml b/showcase-rpm.yaml
index 477d012..3d4014d 100644
--- a/showcase-rpm.yaml
+++ b/showcase-rpm.yaml
@@ -1,4 +1,13 @@
---
+# The MIT License (MIT)
+#
+# Copyright (c) 2016 widdix GmbH
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS EC2 SSH access with IAM showcase using RPM'
Parameters:
@@ -35,16 +44,19 @@ Mappings:
AmazonLinux:
RegionMap: RegionMapAmazonLinux
UserData: |
+ trap '/opt/aws/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR
/opt/aws/bin/cfn-init --verbose --stack=${STACKNAME} --region=${REGION} --resource=Instance
/opt/aws/bin/cfn-signal -e 0 --stack=${STACKNAME} --region=${REGION} --resource=Instance
AmazonLinux2:
RegionMap: RegionMapAmazonLinux2
UserData: |
+ trap '/opt/aws/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR
/opt/aws/bin/cfn-init --verbose --stack=${STACKNAME} --region=${REGION} --resource=Instance
/opt/aws/bin/cfn-signal -e 0 --stack=${STACKNAME} --region=${REGION} --resource=Instance
SUSELinuxEnterpriseServer:
RegionMap: RegionMapSUSELinuxEnterpriseServer
UserData: |
+ trap '/usr/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR
mkdir aws-cfn-bootstrap-latest
curl -s -m 60 https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1
easy_install aws-cfn-bootstrap-latest
@@ -53,6 +65,7 @@ Mappings:
RHEL:
RegionMap: RegionMapRHEL
UserData: |
+ trap '/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR
mkdir aws-cfn-bootstrap-latest
curl -s -m 60 https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1
easy_install aws-cfn-bootstrap-latest
@@ -61,6 +74,7 @@ Mappings:
CentOS:
RegionMap: RegionMapCentOS
UserData: |
+ trap '/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR
mkdir aws-cfn-bootstrap-latest
curl -s -m 60 https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1
easy_install aws-cfn-bootstrap-latest
@@ -299,13 +313,19 @@ Resources:
prepareSUSELinuxEnterpriseServer: {}
prepareRHEL:
packages:
- rpm:
- epel: 'http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm'
yum:
git: []
- python2-pip: []
- python:
- awscli: []
+ unzip: []
+ commands:
+ a_download:
+ command: 'curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"'
+ cwd: '/tmp'
+ b_extract:
+ command: 'unzip awscli-bundle.zip'
+ cwd: '/tmp'
+ c_install:
+ command: './awscli-bundle/install -i /usr/local/aws -b /bin/aws'
+ cwd: '/tmp'
prepareCentOS:
packages:
rpm:
@@ -330,7 +350,6 @@ Resources:
'Fn::Base64': !Sub
- |
#!/bin/bash -ex
- trap '/opt/aws/bin/cfn-signal -e 1 --stack=${AWS::StackName} --region=${AWS::Region} --resource=Instance' ERR
export REGION=${AWS::Region}
export STACKNAME=${AWS::StackName}
${UserData}
@@ -348,7 +367,7 @@ Resources:
CreationPolicy:
ResourceSignal:
Count: 1
- Timeout: PT15M
+ Timeout: PT20M
Outputs:
PublicName:
Description: 'The public name of the EC2 instance.'
diff --git a/showcase.yaml b/showcase.yaml
index 309e8ac..f48dc8a 100644
--- a/showcase.yaml
+++ b/showcase.yaml
@@ -1,4 +1,13 @@
---
+# The MIT License (MIT)
+#
+# Copyright (c) 2016 widdix GmbH
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
AWSTemplateFormatVersion: '2010-09-09'
Description: 'AWS EC2 SSH access with IAM showcase using install.sh'
Parameters:
@@ -32,16 +41,19 @@ Mappings:
AmazonLinux:
RegionMap: RegionMapAmazonLinux
UserData: |
+ trap '/opt/aws/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR
/opt/aws/bin/cfn-init --verbose --stack=${STACKNAME} --region=${REGION} --resource=Instance
/opt/aws/bin/cfn-signal -e 0 --stack=${STACKNAME} --region=${REGION} --resource=Instance
AmazonLinux2:
RegionMap: RegionMapAmazonLinux2
UserData: |
+ trap '/opt/aws/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR
/opt/aws/bin/cfn-init --verbose --stack=${STACKNAME} --region=${REGION} --resource=Instance
/opt/aws/bin/cfn-signal -e 0 --stack=${STACKNAME} --region=${REGION} --resource=Instance
Ubuntu:
RegionMap: RegionMapUbuntu
UserData: |
+ trap '/usr/local/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR
apt-get update
apt-get -y install python-setuptools
mkdir aws-cfn-bootstrap-latest
@@ -52,6 +64,7 @@ Mappings:
SUSELinuxEnterpriseServer:
RegionMap: RegionMapSUSELinuxEnterpriseServer
UserData: |
+ trap '/usr/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR
mkdir aws-cfn-bootstrap-latest
curl -s -m 60 https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1
easy_install aws-cfn-bootstrap-latest
@@ -60,6 +73,7 @@ Mappings:
RHEL:
RegionMap: RegionMapRHEL
UserData: |
+ trap '/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR
mkdir aws-cfn-bootstrap-latest
curl -s -m 60 https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1
easy_install aws-cfn-bootstrap-latest
@@ -68,6 +82,7 @@ Mappings:
CentOS:
RegionMap: RegionMapCentOS
UserData: |
+ trap '/bin/cfn-signal -e 1 --stack=${STACKNAME} --region=${REGION} --resource=Instance' ERR
mkdir aws-cfn-bootstrap-latest
curl -s -m 60 https://s3.amazonaws.com/cloudformation-examples/aws-cfn-bootstrap-latest.tar.gz | tar xz -C aws-cfn-bootstrap-latest --strip-components 1
easy_install aws-cfn-bootstrap-latest
@@ -342,13 +357,19 @@ Resources:
prepareSUSELinuxEnterpriseServer: {}
prepareRHEL:
packages:
- rpm:
- epel: 'http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm'
yum:
git: []
- python2-pip: []
- python:
- awscli: []
+ unzip: []
+ commands:
+ a_download:
+ command: 'curl "https://s3.amazonaws.com/aws-cli/awscli-bundle.zip" -o "awscli-bundle.zip"'
+ cwd: '/tmp'
+ b_extract:
+ command: 'unzip awscli-bundle.zip'
+ cwd: '/tmp'
+ c_install:
+ command: './awscli-bundle/install -i /usr/local/aws -b /bin/aws'
+ cwd: '/tmp'
prepareCentOS:
packages:
rpm:
@@ -376,7 +397,6 @@ Resources:
'Fn::Base64': !Sub
- |
#!/bin/bash -ex
- trap '/opt/aws/bin/cfn-signal -e 1 --stack=${AWS::StackName} --region=${AWS::Region} --resource=Instance' ERR
export REGION=${AWS::Region}
export STACKNAME=${AWS::StackName}
${UserData}
@@ -394,7 +414,7 @@ Resources:
CreationPolicy:
ResourceSignal:
Count: 1
- Timeout: PT15M
+ Timeout: PT20M
Outputs:
PublicName:
Description: 'The public name of the EC2 instance.'
diff --git a/test/pom.xml b/test/pom.xml
index 7a30fd4..40e3fb1 100644
--- a/test/pom.xml
+++ b/test/pom.xml
@@ -78,6 +78,15 @@
1.8
+
+ org.apache.maven.plugins
+ maven-surefire-plugin
+ 2.20
+
+ methods
+ 2
+
+
diff --git a/test/src/test/java/de/widdix/awsec2ssh/AAWSTest.java b/test/src/test/java/de/widdix/awsec2ssh/AAWSTest.java
index 841b8cb..8585179 100644
--- a/test/src/test/java/de/widdix/awsec2ssh/AAWSTest.java
+++ b/test/src/test/java/de/widdix/awsec2ssh/AAWSTest.java
@@ -14,9 +14,6 @@
import com.jcraft.jsch.KeyPair;
import java.io.ByteArrayOutputStream;
-import java.lang.reflect.InvocationTargetException;
-import java.lang.reflect.Method;
-import java.util.Base64;
import java.util.List;
import java.util.UUID;
@@ -42,17 +39,6 @@ public AAWSTest() {
this.iam = AmazonIdentityManagementClientBuilder.standard().withCredentials(this.credentialsProvider).build();
}
- public static final class User {
- public final String userName;
- public final byte[] sshPrivateKeyBlob;
- public final String sshPublicKeyId;
- public User(final String userName, final byte[] sshPrivateKeyBlob, final String sshPublicKeyId) {
- super();
- this.userName = userName;
- this.sshPrivateKeyBlob = sshPrivateKeyBlob;
- this.sshPublicKeyId = sshPublicKeyId;
- }
- }
protected final User createUser(final String userName) throws JSchException {
final JSch jsch = new JSch();
final KeyPair keyPair = KeyPair.genKeyPair(jsch, KeyPair.RSA, 2048);
diff --git a/test/src/test/java/de/widdix/awsec2ssh/ATest.java b/test/src/test/java/de/widdix/awsec2ssh/ATest.java
index 8e29ac0..7b58f57 100644
--- a/test/src/test/java/de/widdix/awsec2ssh/ATest.java
+++ b/test/src/test/java/de/widdix/awsec2ssh/ATest.java
@@ -33,7 +33,19 @@ protected final T retry(Callable callable) {
return (T) results.getResult();
}
- protected final void probeSSH(final String host, final AAWSTest.User user) {
+ public static final class User {
+ public final String userName;
+ public final byte[] sshPrivateKeyBlob;
+ public final String sshPublicKeyId;
+ public User(final String userName, final byte[] sshPrivateKeyBlob, final String sshPublicKeyId) {
+ super();
+ this.userName = userName;
+ this.sshPrivateKeyBlob = sshPrivateKeyBlob;
+ this.sshPublicKeyId = sshPublicKeyId;
+ }
+ }
+
+ protected final void probeSSH(final String host, final User user) {
final Callable callable = () -> {
final JSch jsch = new JSch();
final Session session = jsch.getSession(user.userName, host);