From d033ec79b5e5ea5bf605c8ea90943f60f4df00b4 Mon Sep 17 00:00:00 2001
From: hkobew <hkobew@amazon.com>
Date: Wed, 4 Dec 2024 16:18:01 -0500
Subject: [PATCH 1/2] avoid logging token

---
 packages/core/resources/ec2_connect       | 7 ++++++-
 packages/core/src/awsService/ec2/model.ts | 1 +
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/packages/core/resources/ec2_connect b/packages/core/resources/ec2_connect
index 518a5e86f58..5af5bad1de6 100755
--- a/packages/core/resources/ec2_connect
+++ b/packages/core/resources/ec2_connect
@@ -28,7 +28,6 @@ _require_nolog() {
 
 _require() {
     _require_nolog "$@"
-    _log "$1=$2"
 }
 
 _ec2() {
@@ -52,6 +51,12 @@ _main() {
     _require SESSION_ID "${SESSION_ID:-}"
     _require LOG_FILE_LOCATION "${LOG_FILE_LOCATION:-}"
 
+    # Avoid logging sensitive data
+    _log "AWS_SSM_CLI=$AWS_SSM_CLI"
+    _log "AWS_REGION=$AWS_REGION"
+    _log SESSION_ID "${SESSION_ID:-}"
+    _log "LOG_FILE_LOCATION=$LOG_FILE_LOCATION"
+
     _ec2 "$AWS_SSM_CLI" "$AWS_REGION" "$STREAM_URL" "$TOKEN" "$SESSION_ID"
 }
 
diff --git a/packages/core/src/awsService/ec2/model.ts b/packages/core/src/awsService/ec2/model.ts
index fa7bbee71b7..a8f90de316e 100644
--- a/packages/core/src/awsService/ec2/model.ts
+++ b/packages/core/src/awsService/ec2/model.ts
@@ -226,6 +226,7 @@ export class Ec2Connecter implements vscode.Disposable {
         await this.addActiveSession(selection.instanceId, ssmSession.SessionId!)
 
         const vars = getEc2SsmEnv(selection, ssm, ssmSession)
+        getLogger().info(`ec2: connect script logs at ${vars.LOG_FILE_LOCATION}`)
         const envProvider = async () => {
             return { [sshAgentSocketVariable]: await startSshAgent(), ...vars }
         }

From 42c14ac72653171766c8a2736e3b95d11abde2da Mon Sep 17 00:00:00 2001
From: hkobew <hkobew@amazon.com>
Date: Thu, 5 Dec 2024 10:23:14 -0500
Subject: [PATCH 2/2] use require no log instead

---
 packages/core/resources/ec2_connect | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/packages/core/resources/ec2_connect b/packages/core/resources/ec2_connect
index 5af5bad1de6..1fae562899b 100755
--- a/packages/core/resources/ec2_connect
+++ b/packages/core/resources/ec2_connect
@@ -28,6 +28,7 @@ _require_nolog() {
 
 _require() {
     _require_nolog "$@"
+    _log "$1=$2"
 }
 
 _ec2() {
@@ -46,17 +47,11 @@ _main() {
 
     _require AWS_SSM_CLI "${AWS_SSM_CLI:-}"
     _require AWS_REGION "${AWS_REGION:-}"
-    _require STREAM_URL "${STREAM_URL:-}"
-    _require TOKEN "${TOKEN:-}"
+    _require_nolog STREAM_URL "${STREAM_URL:-}"
+    _require_nolog TOKEN "${TOKEN:-}"
     _require SESSION_ID "${SESSION_ID:-}"
     _require LOG_FILE_LOCATION "${LOG_FILE_LOCATION:-}"
 
-    # Avoid logging sensitive data
-    _log "AWS_SSM_CLI=$AWS_SSM_CLI"
-    _log "AWS_REGION=$AWS_REGION"
-    _log SESSION_ID "${SESSION_ID:-}"
-    _log "LOG_FILE_LOCATION=$LOG_FILE_LOCATION"
-
     _ec2 "$AWS_SSM_CLI" "$AWS_REGION" "$STREAM_URL" "$TOKEN" "$SESSION_ID"
 }