Skip to main content

Cross-platform AWS SSM tunnel/connection manager for EC2 instances

Project description

EC2 Session Gate

Secure EC2 instance management and connection gateway
A modern, cross-platform application for managing AWS EC2 instances and establishing secure connections via AWS Systems Manager Session Manager.

Python Flask License


EC2 Session Gate Screenshot


๐Ÿš€ Overview

EC2 Session Gate simplifies secure access to your EC2 instances without exposing SSH ports or managing complex VPN configurations. Built on AWS Systems Manager Session Manager, it provides a seamless interface for SSH, RDP, and custom port forwarding connections.

Why EC2 Session Gate?

  • โœ… Zero Open Ports - No need to expose SSH ports or manage security groups
  • โœ… Secure by Default - Uses AWS SSM Session Manager for encrypted connections
  • โœ… Cross-Platform - Works seamlessly on Windows, macOS, and Linux
  • โœ… Easy to Use - Intuitive web interface with desktop app option
  • โœ… Multi-Profile Support - Switch between AWS profiles effortlessly
  • โœ… Auto Key Detection - Automatically finds and uses SSH keys for password decryption

โœจ Features

Core Capabilities

  • ๐Ÿ” SSH Connections
    Secure shell access via SSM port forwarding with automatic SSH key detection and path resolution

  • ๐Ÿ–ฅ๏ธ RDP Support
    Remote desktop connections for Windows instances with automatic password decryption using SSH keys

  • ๐Ÿ”Œ Custom Port Forwarding
    Forward any port through SSM tunnels with flexible port selection and automatic port management

  • ๐Ÿ“Š Instance Management
    View, filter, and manage EC2 instances with real-time status updates and comprehensive instance details

  • ๐Ÿ”‘ Multi-Directory SSH Keys
    Support for multiple SSH key directories with automatic key lookup and path resolution

  • โšก Auto-Refresh
    Automatic instance list refresh with configurable intervals

  • ๐ŸŽจ Modern UI
    Clean, responsive interface built with Bootstrap 5


๐Ÿ“‹ Prerequisites

Before you begin, ensure you have:

  • Python 3.9+ installed
  • AWS CLI v2 installed and configured
  • AWS Session Manager Plugin installed
  • AWS credentials configured (via ~/.aws/credentials or environment variables)

Installing Prerequisites

Install AWS CLI v2

macOS:

brew install awscli

Linux:

curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

Windows: Windows:

choco install awscli

Download and run the installer from AWS CLI Downloads

Install Session Manager Plugin

macOS:

brew install --cask session-manager-plugin

Linux:

curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm" -o "session-manager-plugin.rpm"
sudo yum install -y session-manager-plugin.rpm

Windows:

choco install awscli-session-manager

Download and run the installer from Session Manager Plugin Downloads


๐Ÿ› ๏ธ Installation

  1. Clone the repository

    git clone https://github.com/boussaffawalid/ec2-session-gate.git
    cd ec2-session-gate
    
  2. Create a virtual environment

    python -m venv .venv
    
    # Activate virtual environment
    # On macOS/Linux:
    source .venv/bin/activate
    # On Windows:
    .venv\Scripts\activate
    
  3. Install dependencies

    pip install -r requirements.txt
    

Installing from PyPI

Alternatively, install directly from PyPI:

pip install ec2-session-gate

After installation, launch the application:

# Desktop GUI mode (default)
ec2-session-gate-gui

# Or API/server mode
APP_MODE=api ec2-session-gate

# Or web browser mode
APP_MODE=web ec2-session-gate

๐ŸŽฎ Usage

Running the Application

EC2 Session Gate supports three execution modes:

๐Ÿ–ฅ๏ธ Desktop Mode (Recommended)

Launches a native desktop window using PyWebView.

python run.py
# or explicitly:
APP_MODE=desktop python run.py

๐ŸŒ Web Browser Mode

Opens the application in your default web browser.

APP_MODE=web python run.py

๐Ÿ”Œ API/Server Mode

Runs the Flask server only (useful for remote access or API usage).

APP_MODE=api python run.py

The application will be available at http://127.0.0.1:5000

Quick Start Guide

  1. Connect to AWS

    • Select your AWS profile from the dropdown
    • Choose the AWS region
    • Click "Connect"
    • View your EC2 instances in the list
  2. Start a Connection

    • SSH: Click the "SSH" button on an instance card
    • RDP: Click the "RDP" button (Windows instances only)
    • Custom Port: Click the "Port" button and specify remote/local ports
  3. Manage Connections

    • View active connections in the sidebar
    • Copy connection details to clipboard
    • Terminate connections when done

Advanced Features

Instance Filtering

Use the filter box to search instances by:

  • Instance name
  • Instance ID
  • Instance type
  • Instance state
  • Operating system

Supports regular expressions for advanced filtering.

Port Selection

  • SSH/RDP: Automatically uses the same local port as remote port (22 for SSH, 3389 for RDP)
  • Custom Ports: Uses the same local port if available, otherwise falls back to configured range
  • Port Range: Configurable in Preferences with OS-specific defaults:
    • Windows: 40000-40100 (below ephemeral port range)
    • Linux/macOS: 61000-61100 (above ephemeral port range)

โš™๏ธ Configuration

Preferences

Preferences are stored in:

  • Linux/macOS: ~/.config/ec2-session-gate/preferences.json
  • Windows: %APPDATA%\ec2-session-gate\preferences.json

Available Settings

Setting Description Default
Port Range Port range for port forwarding OS-specific (Windows: 40000-40100, Linux/macOS: 61000-61100)
SSH Key Folders Directories where SSH keys are stored (one per line) ~/.ssh
Logging Level Application log level INFO

SSH Key Configuration

Configure multiple SSH key directories in Preferences:

  • Each folder path on its own line
  • Supports ~ expansion (e.g., ~/.ssh)
  • Keys are automatically searched when decrypting Windows passwords
  • SSH commands include the key path automatically

Example:

~/.ssh
~/Projects/keys
/path/to/custom/keys

๐Ÿ“ Project Structure

ec2-session-gate/
โ”œโ”€โ”€ src/                          # Source code
โ”‚   โ”œโ”€โ”€ app.py                    # Flask app factory + blueprints
โ”‚   โ”œโ”€โ”€ api.py                    # REST API endpoints
โ”‚   โ”œโ”€โ”€ ui.py                     # UI routes
โ”‚   โ”œโ”€โ”€ aws_manager.py            # AWS SSM connection management
โ”‚   โ”œโ”€โ”€ preferences_handler.py    # User preferences
โ”‚   โ”œโ”€โ”€ health.py                 # Health check utilities
โ”‚   โ”œโ”€โ”€ utils.py                  # Utility functions
โ”‚   โ””โ”€โ”€ static/                   # Frontend assets
โ”‚       โ”œโ”€โ”€ css/                  # Stylesheets
โ”‚       โ”œโ”€โ”€ js/                   # JavaScript
โ”‚       โ””โ”€โ”€ templates/            # HTML templates
โ”œโ”€โ”€ run.py                        # Application launcher
โ”œโ”€โ”€ requirements.txt              # Python dependencies
โ”œโ”€โ”€ pyproject.toml               # Project metadata
โ””โ”€โ”€ tests/                        # Test files

๐Ÿ”ง Development

Running Tests

python -m pytest tests/

Building Desktop App

Using PyInstaller (Standalone Executable)

# Install PyInstaller
pip install pyinstaller

# Build standalone executable
python build_standalone.py

# Or manually:
pyinstaller --onefile \
    --windowed \
    --add-data "src/static:src/static" \
    --add-data "src/defaults.json:src" \
    --add-data "src/logging.yaml:src" \
    --hidden-import=webview \
    --hidden-import=flask \
    run.py

The executable will be created in the dist/ directory:

  • Windows: dist/ec2-session-gate.exe
  • macOS: dist/ec2-session-gate.app
  • Linux: dist/ec2-session-gate

Project Dependencies

  • Flask>=2.3 - Web framework
  • boto3>=1.34 - AWS SDK for Python
  • botocore>=1.34 - AWS SDK core library
  • PyYAML>=6.0 - YAML parsing for configuration
  • pywebview>=4.0 - Desktop application framework
  • cryptography>=41.0 - Password decryption for Windows instances
  • psutil>=5.9.0 - Process management and cleanup

๐Ÿ› Troubleshooting

Common Issues

AWS CLI not found

Solution: Install AWS CLI v2 and ensure it's in your PATH.

Verify installation:

aws --version
Session Manager Plugin missing

Solution: Install the AWS Session Manager Plugin.

Verify installation:

session-manager-plugin
No AWS credentials detected

Solution: Configure AWS credentials via aws configure or environment variables.

aws configure
# or set environment variables:
export AWS_ACCESS_KEY_ID=your_access_key
export AWS_SECRET_ACCESS_KEY=your_secret_key
export AWS_DEFAULT_REGION=us-east-1
Port already in use

Solution: Adjust port range in Preferences or specify a different local port when starting a connection.

SSH key not found

Solution: Add SSH key directories in Preferences. Ensure keys have correct permissions:

chmod 600 ~/.ssh/your-key.pem

Logs

Application logs are written to:

  • Development: src/app.log
  • Production: ~/.config/ec2-session-gate/logs/app.log

View logs:

tail -f src/app.log

๐Ÿค Contributing

Contributions, feedback, and improvement ideas are welcome!

How to Contribute

  1. Fork the repository
  2. Create a feature branch (git checkout -b feature/amazing-feature)
  3. Commit your changes (git commit -m 'Add some amazing feature')
  4. Push to the branch (git push origin feature/amazing-feature)
  5. Open a Pull Request

Contact


๐Ÿ“ License

This project is licensed under the MIT License - see the LICENSE file for details.


๐Ÿ“ฆ Publishing to PyPI

Installing from PyPI

Once published, users can install the package using:

pip install ec2-session-gate

After installation, the application can be launched with:

# Desktop GUI mode (default)
ec2-session-gate-gui

# Or API/server mode
APP_MODE=api ec2-session-gate

# Or web browser mode
APP_MODE=web ec2-session-gate

Publishing a New Version

  1. Update version in setup.py and pyproject.toml

  2. Install build tools:

    pip install build twine
    
  3. Build the package:

    make build
    # or: python -m build
    
  4. Test on TestPyPI (optional):

    make publish-test
    # or: twine upload --repository testpypi dist/*
    
  5. Publish to PyPI:

    make publish
    # or: twine upload dist/*
    

Standalone Executable Distribution

To create standalone executables for distribution:

# Build standalone executable
make build-standalone
# or: python build_standalone.py

The executables will be in the dist/ directory and can be distributed independently without requiring Python installation.


๐Ÿ“š Additional Resources


๐ŸŽฏ Roadmap

  • Enhanced connection history
  • Connection templates/presets
  • Batch operations on instances
  • Export connection details
  • Dark mode support
  • Mobile-responsive improvements

๐Ÿ™ Acknowledgments

This project was inspired by SSM Manager, a Windows desktop application for managing AWS SSM sessions. EC2 Session Gate extends this concept with cross-platform support and additional features.

Built with:


Made with โค๏ธ for the AWS community

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ec2_session_gate-1.0.5.tar.gz (2.6 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

ec2_session_gate-1.0.5-py3-none-any.whl (2.6 MB view details)

Uploaded Python 3

File details

Details for the file ec2_session_gate-1.0.5.tar.gz.

File metadata

  • Download URL: ec2_session_gate-1.0.5.tar.gz
  • Upload date:
  • Size: 2.6 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.9.25

File hashes

Hashes for ec2_session_gate-1.0.5.tar.gz
Algorithm Hash digest
SHA256 e1ab251efa9d701a962cac55aebf11da3465b5b32e43be796ef91d74a5800c13
MD5 39e9569bf60a04af2e333e3629dc30d6
BLAKE2b-256 1d2bcd093c514284209702f35df1af8d64c3c6492f506019e3e0c5c64450f24b

See more details on using hashes here.

File details

Details for the file ec2_session_gate-1.0.5-py3-none-any.whl.

File metadata

File hashes

Hashes for ec2_session_gate-1.0.5-py3-none-any.whl
Algorithm Hash digest
SHA256 851b5dd9a080a06ebac85c321a67fb18f9e06a9febfdc151d25ec6cecb122055
MD5 2238d95c2dd65011026a9b9ebad22a43
BLAKE2b-256 cf3037fafd7f77cf62af7a5d367bf792bbae45a1ea8dcda51d099916bfb2b02c

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page