{"id":18376197,"url":"https://github.com/kj187/aws_proxy","last_synced_at":"2025-09-13T01:14:19.870Z","repository":{"id":152862213,"uuid":"423139569","full_name":"kj187/aws_proxy","owner":"kj187","description":"The AWS proxy enables you from localhost to reach AWS services which are based in a private subnet (VPC).","archived":false,"fork":false,"pushed_at":"2021-11-15T12:06:56.000Z","size":40,"stargazers_count":2,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-07-01T22:07:26.643Z","etag":null,"topics":["authentication","aws","proxy"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kj187.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-10-31T12:18:05.000Z","updated_at":"2023-12-12T12:56:37.000Z","dependencies_parsed_at":null,"dependency_job_id":"008e52fb-bc0d-4773-b095-2973f5ec11b0","html_url":"https://github.com/kj187/aws_proxy","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/kj187/aws_proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kj187%2Faws_proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kj187%2Faws_proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kj187%2Faws_proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kj187%2Faws_proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kj187","download_url":"https://codeload.github.com/kj187/aws_proxy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kj187%2Faws_proxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274904080,"owners_count":25371255,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-12T02:00:09.324Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","aws","proxy"],"created_at":"2024-11-06T00:22:14.994Z","updated_at":"2025-09-13T01:14:19.822Z","avatar_url":"https://github.com/kj187.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AWS Proxy\n\nThe AWS proxy enables you to reach AWS services which are based in a private subnet (VPC) from localhost.\n\n## Problem\n\nIn a modern infrastructure architecture, services like RDS, ElastiCache, OpenSearch, MQ etc. should be live in a protected private network which is not accessable from the public. Some of these services are providing web interfaces which are quite helpful to debug problems. But how is it possible to reach them in the browser? And how is it possible to have a look in a database or any other AWS service which is protected and not accessable via the AWS Console? \n\nOne way to solve this kind of problem is to open a **proxy** to these services. \nAnd on this way the **AWS Proxy** as a small CLI utility comes into play to support you with that.\n\n```\n                                             AWS ACCOUNT\n--------------------------------------------------------------------------\n                            |    PUBLIC SUBNET              PRIVATE SUBNET\n-------------+              |    +----------+               +-------------\n    LOCAL    |              |    |  BASTION |               |     AWS\n    CLIENT   | \u003c== SSH 22 =====\u003e |  SERVER  | \u003c== local ==\u003e |   SERVICE\n-------------+              |    +----------+               +-------------\n                            |\n--------------------------------------------------------------------------\n```\n\n\n## Supported AWS services\n\nCurrently we support the following AWS services\n\n- RDS (default local port `6950`)\n- OpenSearch (Elasticsearch, with Kibana) (default local port `6951`)\n- RabbitMQ (default local port `6952`)\n- ElastiCache (default local port `6953`)\n\n## Requirements\n\n### Bastion Host and SSH access to this\n\nTo open a proxy to your private network services, we need something like a bridge between your public and your private network. \nThis kind of bridge is called a **jump host** or a **bastion server**. \nThis is a server which lives in your public network and has access to your private network. \nFor security reasons you should only allow SSH as ingress. \nAlso, you need to have access from you local machine to the bastion server. \nThe AWS Proxy assumes that you have access to the bastion with a valid user and a valid SSH key. \n\nYou need also configure the security group of your protected AWS services to allow access from the bastion host.\n\n## Examples\n\n``` \naws_proxy --aws-profile AWSPROFILENAME --bastion-host 1.2.3.4 --bastion-username firstname.lastname opensearch\naws_proxy --aws-profile AWSPROFILENAME --bastion-host 1.2.3.4 --bastion-username firstname.lastname opensearch --local-bind-port 8888\naws_proxy --aws-profile AWSPROFILENAME --bastion-host 1.2.3.4 --bastion-username firstname.lastname opensearch --local-bind-port 8888 --cluster-name CLUSTERNAME\n```\n\nYou can also ignore the `--bastion-host` flag, in this case the `--bastion-label-selector` flag with its default value of `tag:Name=bastion` comes into play. \nIt will search an EC2 instance with a tag \"Name\" and with the Value \"bastion\". So, just tag your bastion host with this Key=Value. \n\n## Based on \n\n- Python 3+ \n- SSHTunnel Module\n- Click CLI Module\n- AWS Boto SDK\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkj187%2Faws_proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkj187%2Faws_proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkj187%2Faws_proxy/lists"}