arch_features.md

Architecture: design and implementation of product features

How the main end-user features are designed and where (in code) they are implemented. Corresponds to the "Logical view" of the 4+1 architectural views.

Explorer

TODO

Local debugging of SAM Lambdas

TODO

Remote connect

Toolkit provides "remote connect" for CodeCatalyst, EC2, and ECS (terminal only). This means customers can connect (1) a new VSCode instance and (2) a VSCode Terminal to remote machines in AWS and CodeCatalyst.

Design of remote connect

For connecting a new VSCode instance, remote connect works like this:

1. User chooses the machine they want to connect to (CodeCatalyst dev env, or EC2 machine)
2. Toolkit ensures that the vscode remote-ssh extension is installed.
3. Toolkit automatically downloads a private copy of session-manager-plugin, or uses its previous copy.
4. Toolkit ensures that the user's ~/.ssh/config file contains a special host-name pattern.
   • The SSH config item defines a ProxyCommand that invokes a Toolkit-provided shell script codecatalyst_connect or ec2_connect.
5. Toolkit starts a SSM session using the service API.
6. Toolkit starts a new instance of VSCode with environment variables containing values needed to connect (SSM session id, etc).
7. VSCode invokes ssh which invokes the Toolkit-defined ProxyCommand mentioned above, which uses the environment variables to invoke session-manager-plugin to create an SSH connection.
8. VSCode's remote-ssh feature uses the SSH connection to provide remote VSCode session on the remote machine.

For connecting a new VSCode terminal, remote connect works like this:

1. User chooses the machine they want to connect to (CodeCatalyst dev env, EC2, or ECS machine)
2. Toolkit automatically downloads a private copy of session-manager-plugin, or uses its previous copy.
3. Toolkit starts a SSM session using the service API.
4. Toolkit builds a session-manager-plugin command and passes it to a new VSCode Terminal.
5. VSCode displays the terminal, so the user can enter shell commands on the remote machine.

For EC2 specifically, there are a few additional steps:

1. Remote window connections are only supported for EC2 instances running a linux based OS such as Amazon Linux or Ubuntu. However, the terminal option is supported by all OS, and will open a Powershell-based terminal for Windows instances.
2. If connecting to EC2 instance via remote window, the toolkit generates temporary SSH keys (30 second lifetime), with the public key sent to the remote instance.
   • Key type is ed25519 if supported, or RSA otherwise.
   • Lines in .ssh/authorized_keys marked with the comment #AWSToolkitForVSCode will be removed by AWS Toolkit.
   • Assumes .sss/authorized_keys can be found under /home/ec2-user/ on Amazon Linux and /home/ubuntu/ on Ubuntu.
3. If insufficient permissions are detected on the attached IAM role, toolkit will prompt to add an inline policy with the necessary actions.
4. If SSM sessions remain open after closing the window/terminal, the toolkit will terminate them on-shutdown, or when starting another session to the same instance.

Implementation of remote connect

These modules show how to use and extend the "remote connect" functionality:

• shared/remoteSession.ts
• CodeCatalyst: openDevEnv()
• EC2: openSessionInTerminal()
• ECS: openTaskInTerminal()