sigil

Description

Sigil is the hub of the Great Wheel, a city at the center of the Outlands, the most balanced of neutral areas at the center of the planes. Also known as the "City of Doors" for the multitude of portals to other planes of existence and the Cage since those portals are the only way in or out, it is the setting for most of Planescape: Torment.

Sigil is an AWS SSM Session manager client. Allowing access to EC2 instances without exposing any ports.

Features

configuration files support (TOML, YAML, JSON, etc.)
support for different configuration profiles
lightweight container image (~22MB)
SSH and SCP support

External dependencies

AWS session-manager-plugin (version 1.1.17.0+ for SSH support)
target EC2 instance must have AWS SSM Agent installed (full guide) (version 2.3.672.0+ for SSH support)
AWS ec2-instance-connect to use SSH with your own and/or temporary keys
to support AWS SSM target EC2 instance profile should have AmazonSSMManagedInstanceCore managed IAM policy attached or a specific policy with similar permissions (check About Policies for a Systems Manager Instance Profile and About Minimum S3 Bucket Permissions for SSM Agent)

Manual

The manual can be found here.

Installation

MacOS

brew tap danmx/sigil
brew install sigil

brew install danmx/sigil/sigil

Docker

docker pull danmx/sigil:0.3

Examples

Usage

Docker:

docker run --rm -it -v "${HOME}"/.sigil:/home/.sigil -v "${HOME}"/.aws:/home/.aws danmx/sigil:0.3 list --output-format wide

Binary:

sigil -r eu-west-1 session --type instance-id --target i-xxxxxxxxxxxxxxxxx

Using with aws-vault:

aws-vault exec AWS_PROFILE -- sigil -r eu-west-1 session --type instance-id --target i-xxxxxxxxxxxxxxxxx

SSH integration

Add an entry to your ssh_config:

Host i-* mi-*
    User ec2-user
    IdentityFile ~/.sigil/temp_key
    ProxyCommand sh -c 'sigil ssh --target %h --port %p --pub-key "${HOME}"/.sigil/temp_key.pub --gen-key-pair'
Host *.compute.internal
    User ec2-user
    IdentityFile ~/.sigil/temp_key
    ProxyCommand sh -c 'sigil ssh --type private-dns --target %h --port %p --pub-key "${HOME}"/.sigil/temp_key.pub --gen-key-pair'

and run:

ssh i-123456789

ssh ip-10-0-0-5.eu-west-1.compute.internal

Config file

By default configuration file is located in $HOME/.sigil/config.toml.

[default]
  type = "instance-id"
  output-format = "wide"
  region = "eu-west-1"
  profile = "dev"
  interactive = true

Build

Binaries

To build binaries for all platforms (Linux, Mac, Windows) and Docker image run:

make build

To run specific build use:

make build-[linux|mac|windows]

Binaries are located in:

Linux: bin/release/linux/amd64/sigil
Mac: bin/release/darwin/amd64/sigil
Windows: bin/release/darwin/amd64/sigil.exe

Container image

To only build docker image run:

make build-docker

It'll create a docker image tagged sigil:{version} where {version} corresponds to sigil's current version.

License

Considerations

Sigil was inspired by xen0l's aws-gate.

zscholl / sigil