essh - Ephemeral SSH keys for EC2 hosts using EC2 instance connect

At work, we recently standardised on Amazon Linux 2 for several reasons. One of which was to take advantage of EC2 instance connect so we no-longer have a public key distribution problem, and can grant SSH access using IAM.

I initially wrote a quick shell script to create and use ephemeral keys, using file based keys. It worked perfectly well, but got me thinking on how I could improve it. I had been wanting to write some more Go for a while, and wondered if I could use in-memory keys. I didn't want to create my own ssh client as the ssh command is incredibly mature and feature rich. After a brief discussion with a friend on how this could be implemented, it occurred to us that I could possibly take advantage of the ssh-agent to this. I started to read the Go ssh package docs, and found that this was indeed possible using the agent package.

The result is a project I named essh, "e" standing for "ephemeral".

It was quite a basic to start with, only allowing the user to specify either an instance ID, or the Name tag of the instance, but it did what I originally wanted.

A couple of weeks later Richard Bowden came along and opened an epic PR adding promptui support to list multiple instances.

Here's a demo of what it can do:

Download a release from Github, and give it a try: