feat(bastion): add socat-forwarder service to bastion host

briancaffey · Dec 19, 2022 · 17b6754 · 17b6754
1 parent dcc823f
commit 17b6754
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 1 deletion.
diff --git a/cdk.context.json b/cdk.context.json
@@ -0,0 +1,10 @@
+{
+  "availability-zones:account=733623710918:region=us-east-1": [
+    "us-east-1a",
+    "us-east-1b",
+    "us-east-1c",
+    "us-east-1d",
+    "us-east-1e",
+    "us-east-1f"
+  ]
+}
diff --git a/src/constructs/ad-hoc/base/index.ts b/src/constructs/ad-hoc/base/index.ts
@@ -3,7 +3,7 @@ import {
   RemovalPolicy,
   Stack,
 } from 'aws-cdk-lib';
-import { BastionHostLinux, CloudFormationInit, InitPackage, IVpc, Peer, Port, SecurityGroup, SubnetType } from 'aws-cdk-lib/aws-ec2';
+import { BastionHostLinux, CloudFormationInit, InitFile, InitPackage, InitService, InitServiceRestartHandle, IVpc, Peer, Port, SecurityGroup, SubnetType } from 'aws-cdk-lib/aws-ec2';
 import {
   ApplicationProtocol,
   ApplicationListener,
@@ -146,6 +146,29 @@ export class AdHocBase extends Construct {
     });
     this.databaseInstance = rdsInstance.rdsInstance;
 
+
+    const handle = new InitServiceRestartHandle();
+
+    const socatForwarderString = `
+# /etc/systemd/system/socat-forwarder.service
+[Unit]
+Description=socat forwarder service
+After=socat-forwarder.service
+Requires=socat-forwarder.service
+
+[Service]
+Type=simple
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=socat-forwarder
+
+ExecStart=/usr/bin/socat -d -d TCP4-LISTEN:5432,fork TCP4:${rdsInstance.rdsInstance.instanceEndpoint}:5432
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
+`;
+
     // Bastion host
     // https://github.com/aws/amazon-ssm-agent/issues/259#issuecomment-591850202
     new BastionHostLinux(this, 'BastionHost', {
@@ -155,6 +178,14 @@ export class AdHocBase extends Construct {
         InitPackage.yum('postgresql'),
         InitPackage.yum('socat'),
         // start socat as an init service?
+        InitFile.fromString(
+          '/etc/systemd/system/socat-forwarder.service',
+          socatForwarderString,
+          { serviceRestartHandles: [handle] },
+        ),
+        InitService.enable('socat-forwarder', {
+          serviceRestartHandle: handle,
+        }),
       ),
     });
   }