#!/bin/bash AWS_REGION=us-east-1 EC2_NAME=pentestec2 EC2_KEY_NAME=ec2-pentest-key EC2_SECURITY_GROUP_NAME=ec2-pentest-usage MANAGEMENT_SCRIPT=ec2-utils.sh install_prerequisities() { if [[ ! -z "$(which ruby)" ]] && [[ ! -z "$(which gem)" ]] && [[ ! -z "$(which bundle)" ]]; then echo "[.] Prerequisities already installed." return fi sudo=sudo if [ $EUID -eq 0 ] || [[ ! -z "$(which sudo)" ]]; then sudo= fi if [[ ! -z "$(which dnf)" ]]; then $sudo dnf update $sudo dnf install -y ssh cron ruby rubygems awscli jq elif [[ ! -z "$(which apt-get)" ]]; then $sudo apt-get update $sudo apt-get install -y ssh cron ruby rubygems awscli jq elif [[ ! -z "$(which yum)" ]]; then $sudo yum update $sudo yum install -y ssh cron ruby rubygems awscli jq else echo "[!] Please install following packages: ssh, cron, ruby, rubygems, awscli, jq yourself first." exit 1 fi gem install bundler bundle install aw=$(which aws) if [ -z "$aw" ]; then echo "[!] Something went wrong. There is no 'aws' after installing 'awscli'." exit 1 fi } configure_credentials() { if [ -e ~/.aws/credentials ]; then con=$(cat ~/.aws/credentials) if echo $con | grep -q AKIA; then echo "[.] AWS CLI already configured." return fi fi if [ ! -d "~/.aws" ]; then mkdir -p ~/.aws fi access_key= secret_key= read -p 'AWS Access Key (AKIA...): ' access_key read -s -p "AWS Secret Access Key: " secret_key if [ "$secret_key" == "" ] || [ "$access_key" == "" ]; then echo "[!] You must specify both access key and secret key." exit 1 fi touch ~/.aws/config touch ~/.aws/credentials cat < ~/.aws/config [default] region = $AWS_REGION output = json EOT cat < ~/.aws/credentials [default] aws_access_key_id = $access_key aws_secret_access_key = $secret_key EOT } create_security_group() { groupId=$(aws ec2 create-security-group --group-name $EC2_SECURITY_GROUP_NAME --description "Security Group with allow any any for inbound and outbound." 2>&1 ) if echo $groupId | grep -q "InvalidGroup.Duplicate"; then echo "[.] Security Group already exists." return elif echo $groupId | grep -q "An error occurred" ; then echo "[!] Failed: $groupId" exit 1 fi groupId=$(echo $groupId | jq -r .GroupId) echo "[>] Security Group ID: $groupId" aws ec2 authorize-security-group-ingress --group-id $groupId --ip-permissions IpProtocol=tcp,FromPort=0,ToPort=65535,IpRanges='[{CidrIp=0.0.0.0/0,Description="allow any any"}]' aws ec2 authorize-security-group-ingress --group-id $groupId --ip-permissions IpProtocol=udp,FromPort=0,ToPort=65535,IpRanges='[{CidrIp=0.0.0.0/0,Description="allow any any"}]' aws ec2 authorize-security-group-egress --group-id $groupId --ip-permissions IpProtocol=tcp,FromPort=0,ToPort=65535,IpRanges='[{CidrIp=0.0.0.0/0,Description="allow any any"}]' aws ec2 authorize-security-group-egress --group-id $groupId --ip-permissions IpProtocol=udp,FromPort=0,ToPort=65535,IpRanges='[{CidrIp=0.0.0.0/0,Description="allow any any"}]' echo "[>] Created inbound/outbound allow any any rules" } delete_key_pair_and_instances() { echo "[.] Deleting key pair..." out=$(aws ec2 delete-key-pair --key-name $EC2_KEY_NAME 2>&1 ) if echo $out | grep -q "An error occurred" ; then echo "[!] Deleting key pair failed: $out" exit 1 fi echo "[.] Terminating related EC2 instances..." out=$(aws ec2 terminate-instances --instance-ids $(aws ec2 describe-instances --query 'Reservations[].Instances[].InstanceId' --filters "Name=key-name,Values=$EC2_KEY_NAME" --output text) 2>&1 ) if echo $out | grep -q "An error occurred" ; then echo "[!] Terminating instances failed: $out" exit 1 fi } create_ec2_key_pair() { keymaterial= out=$(aws ec2 describe-key-pairs --key-name $EC2_KEY_NAME 2>&1 ) if echo $out | jq -r .KeyPairs[0].KeyName | grep -q $EC2_KEY_NAME ; then echo "[.] Key pair already created in your AWS account." filefinger= if [ -f "~/.aws/$EC2_KEY_NAME.pem" ] ; then filefinger=$(openssl pkcs8 -in ~/.aws/$EC2_KEY_NAME.pem -inform PEM -outform DER -topk8 -nocrypt | openssl sha1 -c | cut -d= -f2 | tr -d ' ') fi awsfinger=$(echo $out | jq -r .KeyPairs[0].KeyFingerprint) if [ ! -e ~/.aws/$EC2_KEY_NAME.pem ]; then echo echo "[!] ERROR: It looks like you don't have ~/.aws/$EC2_KEY_NAME.pem file with your EC2 Key-Pair" echo "[!] This means you do have the key pair on your AWS account but not physically in a file." echo "[!] In such case you will be unable to SSH into previously created EC2 instances without it, so " echo "[!] you are left with creating a new key pair and then terminating existing EC2 instances." echo read -p "Do you want to remove your $EC2_NAME EC2 instance and recreate key pairs? [y/N] " -n 1 -r echo if [[ $REPLY =~ ^[Yy]$ ]] then delete_key_pair_and_instances else echo "[-] Unable to continue. You must sort this out yourself." return fi elif [ "$filefinger" != "" ] && [ "$awsfinger" != "" ] && [ "$filefinger" != "$awsfinger" ]; then echo echo "[!] ERROR: It looks like your EC2 Key Pair located at ~/.aws/$EC2_KEY_NAME.pem" echo "[!] has differrent fingerprint than the Key Pair on your AWS account." echo "[!] In such case you will be unable to SSH into previously created EC2 instances using it, so " echo "[!] you are left with creating a new key pair and then terminating existing EC2 instances." echo echo "Your locally stored PEM fingerprint: $filefinger" echo "Your on AWS stored PEM fingerprint: $awsfinger" echo read -p "Do you want to remove your $EC2_NAME EC2 instance and recreate key pairs? [y/N] " -n 1 -r echo if [[ $REPLY =~ ^[Yy]$ ]] then delete_key_pair_and_instances else echo "[-] Unable to continue. You must sort this out yourself." return fi else echo "[+] EC2 Key pair already created. PEM stored at: ~/.aws/$EC2_KEY_NAME.pem" return fi fi keymaterial=$(aws ec2 create-key-pair --key-name $EC2_KEY_NAME 2>&1 ) if echo $keymaterial | grep -q "An error occurred" ; then echo "[!] Creating key pair failed: $keymaterial" exit 1 fi touch ~/.aws/$EC2_KEY_NAME.pem echo $keymaterial | jq -r .KeyMaterial > ~/.aws/$EC2_KEY_NAME.pem chmod 400 ~/.aws/$EC2_KEY_NAME.pem echo "[+] EC2 Key pair created. PEM stored at: ~/.aws/$EC2_KEY_NAME.pem" } integrate_with_bashrc() { if cat ~/.bashrc | grep -q $MANAGEMENT_SCRIPT ; then echo "[.] Script is already integrated." return elif cat ~/.bashrc | grep -q "Adding aliases for EC2 single-instance management" ; then echo "[.] Script is already integrated." return fi sed -i -e "s@ruby ./aws-manager.rb@ruby $PWD/aws-manager.rb@" ./$MANAGEMENT_SCRIPT source $PWD/$MANAGEMENT_SCRIPT cat <> ~/.bashrc # Adding aliases for EC2 single-instance management. source $PWD/$MANAGEMENT_SCRIPT EOT } add_cron_job() { crontab -l > /tmp/.cr 2> /dev/null cp /tmp/.cr /tmp/.cr.bak if cat /tmp/.cr | grep -q "aws-manager.rb notify "; then echo "[.] Crontab job already scheduled." return fi cmd="$(which ruby) $PWD/aws-manager.rb notify $EC2_NAME" job=" * */2 * * * $USER $cmd" echo -e "[*] Adding following line to crontab:\n\n\t\t$job\n" echo $job >> /tmp/.cr crontab /tmp/.cr if [ $? -ne 0 ]; then echo "[!] Updating crontab failed. Restoring original one (you can find it at: /tmp/.cr.bak) " crontab /tmp/.cr.bak fi rm /tmp/.cr #rm /tmp/.cr.bak } echo echo "----------------------------------------------" echo echo ":: AWS EC2 single-instance management utilities installation script." echo echo "This script is going to:" echo -e "\t- Update your repos & install packages such as: ssh, cron, jq, ruby, rubygems, awscli, gem bundler, gem 'aws-sdk-ec2'" echo -e "\t- Configure your AWS credentials" echo -e "\t- Create AWS security groups, EC2 key pairs" echo -e "\t- Integrate EC2 management aliases into the end of your .bashrc" echo -e "\t- Add a cron job that will notify you every two hours if your EC2 machine is up and running" echo echo "----------------------------------------------" echo read -p "Would you like to proceed? [Y/n] " -n 1 -r echo if [[ $REPLY =~ ^[Yy]$ ]] then echo -e "\n[.] Step 1: Installing prerequisities first." install_prerequisities echo -e "\n[.] Step 2: Configuring credentials." configure_credentials echo -e "\n\n[.] Step 3: Creating Security Group." create_security_group echo -e "\n[.] Step 4: Creating EC2 Key Pairs." create_ec2_key_pair echo -e "\n[.] Step 5: Integrating scripts with your .bashrc" integrate_with_bashrc echo -e "\n[.] Step 6: Adding notification cron job" add_cron_job echo -e "\n[+] Ready to roll." echo echo "----------------------------------------------" echo echo -e "You can now try out our shiny new bash aliases:" echo -e "\t- check$EC2_NAME - To check an instance status" echo -e "\t- get$EC2_NAME - To get the instance IPv4 address." echo -e "\t- start$EC2_NAME - To start the instance." echo -e "\t- stop$EC2_NAME - To stop the instance." echo -e "\t- terminate$EC2_NAME - To terminate the instance." echo -e "\t- ssh$EC2_NAME - To ssh into that instance" echo echo "Go ahead, check them out. Start with creating EC2 first using 'start$EC2_NAME'" bash fi