# Creates a tunnel using AWS session manager to an AWS instance so that you can connect with a local client over the tunnel
# https://github.com/broo0ose 24/08/2021
# pre-reqs for this script
#  - AWS CLI environment on powershell
#  - the AWS Session Manager plugin https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html

#  - I use SSO to connect to AWS so I needed to use 'aws configure sso' to the correct account and profile. 
#  - logged in using 'aws login sso' Or however you connect to AWS, eg IAM account. 

#  - the instance must be set up to use AWS Session Manager, and you must have the rights to run the client connection eg. remote admin group.

Clear-Host

# set up some defaults
$target="i-whatever"
$localport=54321
$remoteport=3389
$region="eu-west-1"
$profile="name_of_profile"

# Check the values with the user

$prompt = Read-Host "Enter the profile, default is" [$($profile)]""
if (!$prompt -eq "") {$profile = $prompt}
 
$prompt = Read-Host "Enter the region, default is" [$($region)]""
if (!$prompt -eq "") {$region = $prompt}

$prompt = Read-Host "enter the instance to connect to " [$($target)]""
if (!$prompt -eq "") {$target = $prompt}

$prompt = Read-Host "enter the remote port to connect to (e.g. RDP is 3389) " [$($remoteport)]""
if (!$prompt -eq "") {$remoteport = $prompt}


Write-Output "When the 'Waiting for connections' message comes up, connect your local client to 127.0.0.1:$localport"

#  Start the session manager to create a tunnel to the instance. 
aws ssm start-session --target $target --document-name AWS-StartPortForwardingSession --parameters "localPortNumber=$localport,portNumber=$remoteport" --region $region --profile $profile