Add aws session-manager-plugin to aws image (#24)

Signed-off-by: peterdeme <[email protected]>
spacelift-io · Oct 3, 2024 · 622f50c · 622f50c
1 parent 01935f2
commit 622f50c
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 1 deletion.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -53,6 +53,7 @@ jobs:
 
           if [ "${{ matrix.folder }}" == "aws" ]; then
             docker run --rm ${{ env.IMAGE_NAME }} sh -c "python3 -c \"import boto3; print(boto3.__version__)\""
+            docker run --rm ${{ env.IMAGE_NAME }} session-manager-plugin --version
           fi
           
           if [ "${{ matrix.folder }}" == "gcp" ]; then

diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@ The image is pushed to the `public.ecr.aws/spacelift/runner-ansible` public repo
 Altogether we have 3 flavors of the image:
 
 - `public.ecr.aws/spacelift/runner-ansible` - built on top of the [Spacelift Terraform runner image](https://github.com/spacelift-io/runner-terraform), with Ansible installed.
-- `public.ecr.aws/spacelift/runner-ansible-aws` - built on top of `runner-ansible`, with `boto3` installed.
+- `public.ecr.aws/spacelift/runner-ansible-aws` - built on top of `runner-ansible`, with `boto3` and [`session-manager-plugin`](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html) installed.
 - `public.ecr.aws/spacelift/runner-ansible-gcp` - built on top of `runner-ansible`, with `google-auth` installed.
 
 ## Branch Model

diff --git a/aws/Dockerfile b/aws/Dockerfile
@@ -1,5 +1,32 @@
 ARG REPOSITORY_BASE_PATH
 
+FROM alpine AS ssm-builder
+
+ARG TARGETARCH
+
+RUN apk add dpkg curl; \
+    if [ "$TARGETARCH" = "arm64" ]; then \
+     curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_arm64/session-manager-plugin.deb" -o "session-manager-plugin.deb"; \
+    else \
+     curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "session-manager-plugin.deb"; \
+    fi; \
+    dpkg -x session-manager-plugin.deb session-manager-plugin
+
 FROM ${REPOSITORY_BASE_PATH}:latest
 
+COPY --from=ssm-builder /session-manager-plugin/usr/local/sessionmanagerplugin/bin/session-manager-plugin /usr/local/bin/
+
+ARG TARGETARCH
+
+USER root
+
+# session-manager-plugin requires gcompat on amd64
+RUN if [ "$TARGETARCH" = "amd64" ]; then \
+     apk add --no-cache gcompat; \
+    fi
+
+RUN chmod +x /usr/local/bin/session-manager-plugin
+
+USER spacelift
+
 RUN pip install boto3 --break-system-packages