Reputation: 48
AWS SSM port forwarding : Not able to restrict port
How can I restrict the ports that is open for port forwarding in AWS SSM. I've cloned the publicly available SSM document AWS-StartPortForwardingSession.
Trying to edit the allowedPattern parameter from accepting the regular expression for all ports in between 1024 to 65535 to accept only 4 port numbers (3142,4200,121,1300).
I've tried using JSON array to specify the needed port numbers but it is gining the error
InvalidDocumentContent: JSON not well-formed. at Line: 15, Column: 25
The original SSM document content
{
"schemaVersion":"1.0",
"description":"Document to start port forwarding session over Session Manager",
"sessionType":"Port",
"parameters":{
"portNumber":{
"type":"String",
"description":"(Optional) Port number of the server on the instance",
"allowedPattern":"^([1-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$",
"default": "80"
},
"localPortNumber":{
"type":"String",
"description":"(Optional) Port number on local machine to forward traffic to. An open port is chosen at run-time if not provided",
"allowedPattern":"^([1-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$",
"default": "0"
}
},
"properties":{
"portNumber":"{{ portNumber }}",
"type":"LocalPortForwarding",
"localPortNumber":"{{ localPortNumber }}"
}
}
The code that I've cloned, edited and which is not working
{
"schemaVersion":"1.0",
"description":"Document to start port forwarding session over Session Manager",
"sessionType":"Port",
"parameters":{
"portNumber":{
"type":"String",
"description":"(Optional) Port number of the server on the instance",
"allowedPattern":"^([1-9]|[1-9][0-9]{1,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$",
"default": "80"
},
"localPortNumber":{
"type":"String",
"description":"(Optional) Port number on local machine to forward traffic to. An open port is chosen at run-time if not provided",
"allowedPattern": ["9200","9042","13000","389"],
"default": "0"
}
},
"properties":{
"portNumber":"{{ portNumber }}",
"type":"LocalPortForwarding",
"localPortNumber":"{{ localPortNumber }}"
}
}
Upvotes: 1
Views: 724
Answers (1)
Reputation: 3189
The problem you are having is because you are specifying a list instead of a pattern. Try this regex:
"(3142|4200|121|1300)"
To be clear, the quotes are not part of the regex, the entire line above is a string value for your AllowedPattern
Upvotes: 2
Related Questions
- AWS SSM IAM Access Issue
- AWS Session Manager can't connect unless opening SSH port
- How to forward port in AWS Application load balancer (ALB) port forwarding
- SSH reverse port forward on EC2 aws instance
- Source and destination ports are different, so which port number i need to mention in inbound aws security group
- Access AWS SSM Port inside Docker container
- SSM connection from local to AWS ECS with Port Forwarding
- AWS Systems Manager Session Manager Port Forwarding not connecting
- How to establish AWs Systems Manager PortForwarding session? Unknown session type Port
- AWS Port in Security Group but Can't Connect