1

The SSM client for boto3 uses AWS config settings as an authentication mechanism, allowing a python program to run commands on a remote ec2 instance.

I would like to upload files to the ec2 instance. Previous SO questions (How to scp to ec2 instance via ssm agent using boto3 and send file) indicate that this is possible over ssh.

Is it possible to upload files to the instance using SSM without an SSH keypair?

One way to do this may be something like:

with open('path/to/file', r) as f:
  contents = f.read()

resp = boto3('ssm').send_command(
  InstanceIds=[...],
  Commands=[f'echo "{contents}" > file.txt']
)

but this seems very fragile.

Context: I am building a script that is meant to be run by non-technical users. The script sets up a new EC2 instance and programmatically runs several commands on that instance to set up a http server. As far as I know, there is not a good way to automatically generate ssh keypairs, and I dont want to have to manually manage multiple ssh keypairs for every ec2 instance that is deployed.

Improve this question
9
  • I'm not sure what security you're looking for but if you've got an HTTP server then you could use that to upload. You'd have to have some code running with it or behind it but it would work with perhaps a curl command. Boto3 is just using the underlying AWS APIs and it's not going to work around the ssh requirements. Commented Jul 7, 2022 at 16:53
  • 1
    I would push the file(s) to a private S3 bucket first, and then run aws s3 cp commands on the EC2 server via SSM. Commented Jul 7, 2022 at 17:03
  • @stdunbar well the files for the server are what I want to upload! I specifically wanted to use SSM to upload the py files and the requirements and so on, instead of trying to clone from github remotely (would have to go through an additional layer of auth) Commented Jul 7, 2022 at 17:13
  • 1
    I misunderstood - thought it was for after the server was up. @MarkB has likely the best suggestion then. Use either SSM or give the instance an IAM role and aws s3 cp them from the bucket as part of your user data setup of the EC2. Commented Jul 7, 2022 at 17:27
  • "The script sets up a new EC2 instance and programmatically runs several commands on that instance to set up a http server. " I just saw this part. Why not just pass the commands as user-data instead of using SSM? Commented Jul 7, 2022 at 17:36

1 Answer 1

Reset to default
0

Not quite an answer, but I ended up going with @MarkB's suggestion to create an S3 file as an intermediary and upload/download from there.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

so echo didn't work for you SSM

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.