Comments (6)
+1 For golang
from aws-ec2-instance-connect-config.
curl ships with a full Sigv4 implementation. So any language that supports libcurl seems to be fine
from aws-ec2-instance-connect-config.
Options considered thus far:
- C & C++ have high build/support complexity, particularly if Windows instances are supported in the future
- Java, Scala, etc's need for a JVM means either huge latency for startup or needing a background JVM running at all times
- Python, Ruby, and similar languages have some degree of interpreter startup time, but more annoyingly (as with all dynamic langauges) require ensuring dependency availability (eg, crypto libraries) when private subnets may not have access to standard repositories
- Golang has the advantages of static compilation without the build complexity of C/C++
- Due to need for minimum-version across various AMIs and historical precedent, Perl is considered too insecure an option for an sshd dependency
Current leading considerations:
- While Python would be a good choice, the issue of supporting private subnets still stands - if standard repositories are not available we cannot guarantee dependency availability. Amazon will consider this facet internally. Similarly, the concern of interpreter performance/time still stands but may be assuaged through testing.
- Golang would require some build complexity to support standard AMIs (Amazon Linux, Ubuntu, RHEL, etc), but thanks to static compilation would avoid many of the concerns with Python.
For anyone watching this repository: any other particular opinions on language?
from aws-ec2-instance-connect-config.
Secondary-but-manageable concern with Python: CentOS adds a particular concern due to how deeply baked into the system it is. We would need to earliest still-supported CentOS AMI as a guide for picking a Python version and ensure it is not exceeded. While less likely to break, we would also need to ensure language compatibility with newer Python versions that may be available on other AMIs.
from aws-ec2-instance-connect-config.
Third concern that makes Python a non-option: The eic_harvest_hostkeys script needs to make a Sigv4 call to the EC2 Instance Connect Service. Currently this is written in a hard shell implementation. Part of the draw of re-implementing in another language is the ability to use native language SDKs vended by AWS.
There is no official release of the AWS CLI/Python SDKs for RHEL and its sibling distributions - they instead expect installation through Pip. This would mean a package install for those distros would need to invoke Pip install, which is not something a package installation process should do (particularly as that also means installing and configuring Pip itself). We could simply (re-)write an implementation of AWS Sigv4, but that would mean needing to make breaking changes if and when AWS ever releases a new signature algorithm (versus simply updating SDK).
from aws-ec2-instance-connect-config.
For consistency's sake, I'd probably say "go with however AWS CLIv2 is implemented".
That said: if you implement in Go, you'll need to ensure that your releases include binary-packagings for various platforms. Many Go-based packages can be a righteous pain to compile on isolated networks or non-public AWS-partitions (and supporting such networks' security-demands are where InstanceConnect and similar solutions are really nice options to have available).
from aws-ec2-instance-connect-config.
Related Issues (20)
- Got "Permission denied (publickey)" after "Successfully pushed the public key" HOT 3
- Please provide better documentation, preferably manpages
- Makefiles requested HOT 2
- metadata gives SHA256 for OCSP, but ec2-instance-connect only verify by SHA 1 and cause ALL connections refused HOT 2
- eic_harvest_hostkeys fails in local zones HOT 8
- Permission denied (publickey) error despite public key sucessfully pushed to instance
- Secret key HOT 3
- No import users ala aws-ec2-ssh ? HOT 1
- Permission Denied after "Successfully pushed the public key" HOT 6
- Support EC2 Mac Instances
- using on host with no internet access HOT 1
- VPC endpoint support ? HOT 3
- Key trust verification fails on Ubuntu 22.04 HOT 6
- `eic_curl_authorized_keys` returns incorrect exit code in some cases
- 'make rpm' fails after the removal of host key harvesting HOT 2
- Publishing RPM packages for RedHat and CentOS? HOT 2
- Unable to connect to EC2 instance HOT 1
- RPM spec file should not build requires systemd
- Support creating users on login HOT 1
- Packaging for Debian
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-ec2-instance-connect-config.