Cross-platform AWS SSM tunnel/connection manager for EC2 instances
Project description
EC2 Session Gate
Secure EC2 instance management and connection gateway
A modern, cross-platform application for managing AWS EC2 instances and establishing secure connections via AWS Systems Manager Session Manager.
๐ Overview
EC2 Session Gate simplifies secure access to your EC2 instances without exposing SSH ports or managing complex VPN configurations. Built on AWS Systems Manager Session Manager, it provides a seamless interface for SSH, RDP, and custom port forwarding connections.
Why EC2 Session Gate?
- โ Zero Open Ports - No need to expose SSH ports or manage security groups
- โ Secure by Default - Uses AWS SSM Session Manager for encrypted connections
- โ Cross-Platform - Works seamlessly on Windows, macOS, and Linux
- โ Easy to Use - Intuitive web interface with desktop app option
- โ Multi-Profile Support - Switch between AWS profiles effortlessly
- โ Auto Key Detection - Automatically finds and uses SSH keys for password decryption
โจ Features
Core Capabilities
-
๐ SSH Connections
Secure shell access via SSM port forwarding with automatic SSH key detection and path resolution -
๐ฅ๏ธ RDP Support
Remote desktop connections for Windows instances with automatic password decryption using SSH keys -
๐ Custom Port Forwarding
Forward any port through SSM tunnels with flexible port selection and automatic port management -
๐ Instance Management
View, filter, and manage EC2 instances with real-time status updates and comprehensive instance details -
๐ Multi-Directory SSH Keys
Support for multiple SSH key directories with automatic key lookup and path resolution -
โก Auto-Refresh
Automatic instance list refresh with configurable intervals -
๐จ Modern UI
Clean, responsive interface built with Bootstrap 5
๐ Prerequisites
Before you begin, ensure you have:
- Python 3.9+ installed
- AWS CLI v2 installed and configured
- AWS Session Manager Plugin installed
- AWS credentials configured (via
~/.aws/credentialsor environment variables)
Installing Prerequisites
Install AWS CLI v2
macOS:
brew install awscli
Linux:
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
Windows: Windows:
choco install awscli
Download and run the installer from AWS CLI Downloads
Install Session Manager Plugin
macOS:
brew install --cask session-manager-plugin
Linux:
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm" -o "session-manager-plugin.rpm"
sudo yum install -y session-manager-plugin.rpm
Windows:
choco install awscli-session-manager
Download and run the installer from Session Manager Plugin Downloads
๐ ๏ธ Installation
-
Clone the repository
git clone https://github.com/boussaffawalid/ec2-session-gate.git cd ec2-session-gate
-
Create a virtual environment
python -m venv .venv # Activate virtual environment # On macOS/Linux: source .venv/bin/activate # On Windows: .venv\Scripts\activate
-
Install dependencies
pip install -r requirements.txt
Installing from PyPI
Alternatively, install directly from PyPI:
pip install ec2-session-gate
After installation, launch the application:
# Desktop GUI mode (default)
ec2-session-gate-gui
# Or API/server mode
APP_MODE=api ec2-session-gate
# Or web browser mode
APP_MODE=web ec2-session-gate
๐ฎ Usage
Running the Application
EC2 Session Gate supports three execution modes:
๐ฅ๏ธ Desktop Mode (Recommended)
Launches a native desktop window using PyWebView.
python run.py
# or explicitly:
APP_MODE=desktop python run.py
๐ Web Browser Mode
Opens the application in your default web browser.
APP_MODE=web python run.py
๐ API/Server Mode
Runs the Flask server only (useful for remote access or API usage).
APP_MODE=api python run.py
The application will be available at http://127.0.0.1:5000
Quick Start Guide
-
Connect to AWS
- Select your AWS profile from the dropdown
- Choose the AWS region
- Click "Connect"
- View your EC2 instances in the list
-
Start a Connection
- SSH: Click the "SSH" button on an instance card
- RDP: Click the "RDP" button (Windows instances only)
- Custom Port: Click the "Port" button and specify remote/local ports
-
Manage Connections
- View active connections in the sidebar
- Copy connection details to clipboard
- Terminate connections when done
Advanced Features
Instance Filtering
Use the filter box to search instances by:
- Instance name
- Instance ID
- Instance type
- Instance state
- Operating system
Supports regular expressions for advanced filtering.
Port Selection
- SSH/RDP: Automatically uses the same local port as remote port (22 for SSH, 3389 for RDP)
- Custom Ports: Uses the same local port if available, otherwise falls back to configured range
- Port Range: Configurable in Preferences with OS-specific defaults:
- Windows: 40000-40100 (below ephemeral port range)
- Linux/macOS: 61000-61100 (above ephemeral port range)
โ๏ธ Configuration
Preferences
Preferences are stored in:
- Linux/macOS:
~/.config/ec2-session-gate/preferences.json - Windows:
%APPDATA%\ec2-session-gate\preferences.json
Available Settings
| Setting | Description | Default |
|---|---|---|
| Port Range | Port range for port forwarding | OS-specific (Windows: 40000-40100, Linux/macOS: 61000-61100) |
| SSH Key Folders | Directories where SSH keys are stored (one per line) | ~/.ssh |
| Logging Level | Application log level | INFO |
SSH Key Configuration
Configure multiple SSH key directories in Preferences:
- Each folder path on its own line
- Supports
~expansion (e.g.,~/.ssh) - Keys are automatically searched when decrypting Windows passwords
- SSH commands include the key path automatically
Example:
~/.ssh
~/Projects/keys
/path/to/custom/keys
๐ Project Structure
ec2-session-gate/
โโโ src/ # Source code
โ โโโ app.py # Flask app factory + blueprints
โ โโโ api.py # REST API endpoints
โ โโโ ui.py # UI routes
โ โโโ aws_manager.py # AWS SSM connection management
โ โโโ preferences_handler.py # User preferences
โ โโโ health.py # Health check utilities
โ โโโ utils.py # Utility functions
โ โโโ static/ # Frontend assets
โ โโโ css/ # Stylesheets
โ โโโ js/ # JavaScript
โ โโโ templates/ # HTML templates
โโโ run.py # Application launcher
โโโ requirements.txt # Python dependencies
โโโ pyproject.toml # Project metadata
โโโ tests/ # Test files
๐ง Development
Running Tests
python -m pytest tests/
Building Desktop App
Using PyInstaller (Standalone Executable)
# Install PyInstaller
pip install pyinstaller
# Build standalone executable
python build_standalone.py
# Or manually:
pyinstaller --onefile \
--windowed \
--add-data "src/static:src/static" \
--add-data "src/defaults.json:src" \
--add-data "src/logging.yaml:src" \
--hidden-import=webview \
--hidden-import=flask \
run.py
The executable will be created in the dist/ directory:
- Windows:
dist/ec2-session-gate.exe - macOS:
dist/ec2-session-gate.app - Linux:
dist/ec2-session-gate
Project Dependencies
- Flask>=2.3 - Web framework
- boto3>=1.34 - AWS SDK for Python
- botocore>=1.34 - AWS SDK core library
- PyYAML>=6.0 - YAML parsing for configuration
- pywebview>=4.0 - Desktop application framework
- cryptography>=41.0 - Password decryption for Windows instances
- psutil>=5.9.0 - Process management and cleanup
๐ Troubleshooting
Common Issues
AWS CLI not found
Solution: Install AWS CLI v2 and ensure it's in your PATH.
Verify installation:
aws --version
Session Manager Plugin missing
Solution: Install the AWS Session Manager Plugin.
Verify installation:
session-manager-plugin
No AWS credentials detected
Solution: Configure AWS credentials via aws configure or environment variables.
aws configure
# or set environment variables:
export AWS_ACCESS_KEY_ID=your_access_key
export AWS_SECRET_ACCESS_KEY=your_secret_key
export AWS_DEFAULT_REGION=us-east-1
Port already in use
Solution: Adjust port range in Preferences or specify a different local port when starting a connection.
SSH key not found
Solution: Add SSH key directories in Preferences. Ensure keys have correct permissions:
chmod 600 ~/.ssh/your-key.pem
Logs
Application logs are written to:
- Development:
src/app.log - Production:
~/.config/ec2-session-gate/logs/app.log
View logs:
tail -f src/app.log
๐ค Contributing
Contributions, feedback, and improvement ideas are welcome!
How to Contribute
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Contact
- Maintainer: Walid Boussafa
- Email: walid.boussafa@outlook.com
- GitHub: @boussaffawalid
๐ License
This project is licensed under the MIT License - see the LICENSE file for details.
๐ฆ Publishing to PyPI
Installing from PyPI
Once published, users can install the package using:
pip install ec2-session-gate
After installation, the application can be launched with:
# Desktop GUI mode (default)
ec2-session-gate-gui
# Or API/server mode
APP_MODE=api ec2-session-gate
# Or web browser mode
APP_MODE=web ec2-session-gate
Publishing a New Version
-
Update version in
setup.pyandpyproject.toml -
Install build tools:
pip install build twine
-
Build the package:
make build # or: python -m build
-
Test on TestPyPI (optional):
make publish-test # or: twine upload --repository testpypi dist/*
-
Publish to PyPI:
make publish # or: twine upload dist/*
Standalone Executable Distribution
To create standalone executables for distribution:
# Build standalone executable
make build-standalone
# or: python build_standalone.py
The executables will be in the dist/ directory and can be distributed independently without requiring Python installation.
๐ Additional Resources
๐ฏ Roadmap
- Enhanced connection history
- Connection templates/presets
- Batch operations on instances
- Export connection details
- Dark mode support
- Mobile-responsive improvements
๐ Acknowledgments
This project was inspired by SSM Manager, a Windows desktop application for managing AWS SSM sessions. EC2 Session Gate extends this concept with cross-platform support and additional features.
Built with:
Made with โค๏ธ for the AWS community
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ec2_session_gate-1.0.4.tar.gz.
File metadata
- Download URL: ec2_session_gate-1.0.4.tar.gz
- Upload date:
- Size: 2.6 MB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.25
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
2a99f941634aa26c1cfcc2637b440f8f9191bcdac4fcfe4b1391cc8b8feda7e9
|
|
| MD5 |
99169e768e216300cbdc1867577c0728
|
|
| BLAKE2b-256 |
125c4002b57d09a33d4491f27018fc7e976bfb64fd2c33fd6385230074938ea4
|
File details
Details for the file ec2_session_gate-1.0.4-py3-none-any.whl.
File metadata
- Download URL: ec2_session_gate-1.0.4-py3-none-any.whl
- Upload date:
- Size: 2.6 MB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.9.25
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d62c15f94e496ee8293216b8c0fdada0a1205ec52ca57e888b0c2736982d98fa
|
|
| MD5 |
865bb0ca63adb561a534e3fc5b737171
|
|
| BLAKE2b-256 |
1c8b13cb12280a3d3d2fb6751fe69a4ae99a55a00c88d5cf13a0d1f7e0b19f7d
|
