switch to go module, removed hardcoded check for environment variables, fix build process

Author: dan-v

.circleci/config.yml

@@ -2,15 +2,15 @@ version: 2
 jobs:
   build:
     docker:
-      - image: circleci/golang:1.9
+      - image: circleci/golang:1.12
 
-    working_directory: /go/src/github.com/dan-v/awslambdaproxy
+    working_directory: /tmp
 
     steps:
       - checkout
-
+      - run: wget https://bin.equinox.io/a/75VeNN6mcnk/github-com-kevinburke-go-bindata-go-bindata-linux-amd64.tar.gz
+      - run: sudo tar xvf github-com-kevinburke-go-bindata-go-bindata-linux-amd64.tar.gz -C /usr/bin
       - run: make all-zip
-
       - store_artifacts:
           path: build/zip/awslambdaproxy-linux-x86-64.zip
           destination: awslambdaproxy-linux-x86-64.zip

Makefile

@@ -5,7 +5,6 @@ lambda:
 	zip -jr data/lambda data/lambda
 
 bindata: lambda
-	go get github.com/jteeuwen/go-bindata/...
 	go-bindata -nocompress -pkg awslambdaproxy -o bindata.go data/lambda.zip
 
 linux: bindata
@@ -25,4 +24,4 @@ all-zip: all
 	zip -jr ./build/zip/awslambdaproxy-osx-x86-64 ./build/osx/x86-64/awslambdaproxy
 	zip -jr ./build/zip/awslambdaproxy-linux-x86-64 ./build/linux/x86-64/awslambdaproxy
 
-.PHONY: lambda bindata
+.PHONY: lambda bindata

README.md

@@ -14,7 +14,7 @@
 Current code status: <b>proof of concept</b>. This is the first Go application that I've ever written. It has no tests. It may not work. It may blow up. Use at your own risk.
 
 ## How it works
-At a high level, awslambdaproxy proxies TCP/UDP traffic through AWS Lambda regional endpoints. To do this, awslambdaproxy is setup on a publicly accessible host (e.g. EC2 instance) and it handles creating Lambda resources that run a proxy server ([ginuerzh/gost](https://github.com/ginuerzh/gost)). Since Lambda does not allow you to connect to bound ports in executing functions, a reverse SSH tunnel is established from the Lambda function to the host running awslambdaproxy. Once a tunnel connection is established, all user traffic is forwarded through this reverse tunnel to the proxy server. Lambda functions have a max execution time of 5 minutes, so there is a goroutine that continuously executes Lambda functions to ensure there is always a live tunnel in place. If multiple regions are specified, user traffic will be routed in a round robin fashion across these regions.
+At a high level, awslambdaproxy proxies TCP/UDP traffic through AWS Lambda regional endpoints. To do this, awslambdaproxy is setup on a publicly accessible host (e.g. EC2 instance) and it handles creating Lambda resources that run a proxy server ([ginuerzh/gost](https://github.com/ginuerzh/gost)). Since Lambda does not allow you to connect to bound ports in executing functions, a reverse SSH tunnel is established from the Lambda function to the host running awslambdaproxy. Once a tunnel connection is established, all user traffic is forwarded through this reverse tunnel to the proxy server. Lambda functions have a max execution time of 15 minutes, so there is a goroutine that continuously executes Lambda functions to ensure there is always a live tunnel in place. If multiple regions are specified, user traffic will be routed in a round robin fashion across these regions.
 
 ![](/images/how-it-works.png?raw=true)
 
@@ -28,25 +28,27 @@ The easiest way is to download a pre-built binary from the [GitHub Releases](htt
     * Port 22 - functions executing in AWS Lambda will open SSH connections back to the host running `awslambdaproxy`, so this port needs to be open to the world. The SSH key used here is dynamically generated at startup and added to the running users authorized_keys file.
     * Port 8080 - the default configuration will start a HTTP/SOCKS proxy listener on this port with default user/password authentication. If you don't want to publicly expose the proxy server, one option is to setup your own VPN server (e.g. [dosxvpn](https://github.com/dan-v/dosxvpn) or [algo](https://github.com/trailofbits/algo)), connect to it, and just run awslambdaproxy with the proxy listener only on localhost (-l localhost:8080).
 
-2. Optional, but I'd highly recommend taking a look at the Minimal IAM Policies section below. This will get you scoped access keys for running setup and run commands. Otherwise, if you don't care about security you can always use an access key with full administrator privileges.
+2. Optional, but I'd highly recommend taking a look at the Minimal IAM Policies section below. This will allow you to setup minimal permissions required to setup and run the project. Otherwise, if you don't care about security you can always use an access key with full administrator privileges. 
 
-2. Run `awslambdaproxy setup`. 
+3. `awslambdaproxy` will need access to credentials for AWS in some form. This can be either through exporting environment variables (as shown below), shared crendential file, or an IAM role if assigned to the instance you are running it on. See [this](https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials) for more details.
 
     ```sh
     export AWS_ACCESS_KEY_ID=XXXXXXXXXX
     export AWS_SECRET_ACCESS_KEY=YYYYYYYYYYYYYYYYYYYYYY
+    ```
+4. Run `awslambdaproxy setup`. 
+
+    ```sh
     ./awslambdaproxy setup
     ```
 
-3. Run `awslambdaproxy run`. 
+5. Run `awslambdaproxy run`. 
 
     ```sh
-    export AWS_ACCESS_KEY_ID=XXXXXXXXXX
-    export AWS_SECRET_ACCESS_KEY=YYYYYYYYYYYYYYYYYYYYYY
     ./awslambdaproxy run -r us-west-2,us-west-1,us-east-1,us-east-2
     ```
 
-3. Configure your web browser (or OS) to use the SOCKS5 proxy on the publicly accessible host running `awslambdaproxy` on port 8080.
+6. Configure your web browser (or OS) to use the SOCKS5 proxy on the publicly accessible host running `awslambdaproxy` on port 8080.
 
 ## Minimal IAM Policies
 * This assumes you have the AWS CLI setup with an admin user
@@ -88,21 +90,23 @@ aws iam create-access-key --user-name awslambdaproxy-run
 4. <b>Will this make me completely anonymous?</b> No, absolutely not. The goal of this project is just to obfuscate your web traffic by rotating your IP address. All of your traffic is going through AWS which could be traced back to your account. You can also be tracked still with [browser fingerprinting](https://panopticlick.eff.org/), etc. Your [IP address may still leak](https://ipleak.net/) due to WebRTC, Flash, etc.
 5. <b>How often will my external IP address change?</b> For each region specified, the IP address will change roughly every 4 hours. This of course is subject to change at any moment as this is not something that is documented by AWS Lambda.
 6. <b>How much does this cost?</b> awslambdaproxy should be able to run mostly on the [AWS free tier](https://aws.amazon.com/free/) minus bandwidth costs. It can run on a t2.micro instance and the default 128MB Lambda function that is constantly running should also fall in the free tier usage. The bandwidth is what will cost you money; you will pay for bandwidth usage for both EC2 and Lambda.
-7. <b>Why does my connection drop periodically?</b> AWS Lambda functions can currently only execute for a maximum of 5 minutes. In order to maintain an ongoing proxy a new function is executed and all new traffic is cut over to it. Any ongoing connections to the previous Lambda function will hard stop after a timeout period. You generally won't see any issues for normal web browsing as connections are very short lived, but for any long lived connections you may see issues.
+7. <b>Why does my connection drop periodically?</b> AWS Lambda functions can currently only execute for a maximum of 15 minutes. In order to maintain an ongoing proxy a new function is executed and all new traffic is cut over to it. Any ongoing connections to the previous Lambda function will hard stop after a timeout period. You generally won't see any issues for normal web browsing as connections are very short lived, but for any long lived connections you may see issues.
 
 # Powered by
 * [gost](https://github.com/ginuerzh/gost) - A simple security tunnel written in Golang.
 * [yamux](https://github.com/hashicorp/yamux) - Golang connection multiplexing library.
 * [goad](https://github.com/goadapp/goad) - Code was borrowed from this project to handle AWS Lambda zip creation and function upload.
 
 ## Build From Source
-1. Fetch the project with `git clone`:
+1. Install [Go](https://golang.org/dl/) and [go-bindata](https://github.com/kevinburke/go-bindata)
+
+2. Fetch the project with `git clone`:
 
   ```sh
   git clone git@github.com:dan-v/awslambdaproxy.git && cd awslambdaproxy
   ```
 
-2. Run make to build awslambdaproxy. You'll find your `awslambdaproxy` binary in the `build` folder.
+3. Run make to build awslambdaproxy. You'll find your `awslambdaproxy` binary in the `build` folder.
 
   ```sh
   make

cmd/awslambdaproxy/cmd/run.go

@@ -2,22 +2,23 @@ package cmd
 
 import (
 	"fmt"
-	"github.com/dan-v/awslambdaproxy"
-	"github.com/spf13/cobra"
-	"github.com/spf13/viper"
 	"os"
 	"os/user"
 	"strconv"
 	"strings"
 	"time"
+
+	"github.com/dan-v/awslambdaproxy"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
 )
 
 var (
 	frequency                            time.Duration
 	memory                               int64
 	sshUser, sshPort, regions, listeners string
-	// Max execution time on lambda is 300 seconds currently
-	lambdaMaxFrequency  = time.Duration(290 * time.Second) // leave 10 seconds of leeway
+	// Max execution time on lambda is 900 seconds currently
+	lambdaMaxFrequency  = time.Duration(890 * time.Second) // leave 10 seconds of leeway
 	lambdaMinMemorySize = 128
 	lambdaMaxMemorySize = 1536
 )
@@ -28,10 +29,6 @@ var runCmd = &cobra.Command{
 	Short: "Run awslambdaproxy",
 	Long: `This will execute awslambdaproxy in regions specified. Examples:
 
-# Make sure credentials are exported
-export AWS_ACCESS_KEY_ID=XXXXXXXXXX
-export AWS_SECRET_ACCESS_KEY=YYYYYYYYYYYYYYYYYYYYYY
-
 # Example 1 - Execute proxy in four different regions with rotation happening every 60 seconds
 ./awslambdaproxy run -r us-west-2,us-west-1,us-east-1,us-east-2 -f 60s
 
@@ -66,18 +63,6 @@ export AWS_SECRET_ACCESS_KEY=YYYYYYYYYYYYYYYYYYYYYY
 			os.Exit(1)
 		}
 
-		// check for required aws keys
-		access := os.Getenv("AWS_ACCESS_KEY_ID")
-		if access == "" {
-			fmt.Println("Must specify environment variable AWS_ACCESS_KEY_ID")
-			os.Exit(1)
-		}
-		secret := os.Getenv("AWS_SECRET_ACCESS_KEY")
-		if secret == "" {
-			fmt.Println("Must specify environment variable AWS_SECRET_ACCESS_KEY")
-			os.Exit(1)
-		}
-
 		awslambdaproxy.ServerInit(aSSHUser, aSSHPort, aRegions, aMemory, aFrequency, aListeners, aTimeout)
 	},
 }
@@ -95,7 +80,7 @@ func init() {
 
 	runCmd.Flags().StringVarP(&regions, "regions", "r", "us-west-2", "Regions to "+
 		"run proxy.")
-	runCmd.Flags().DurationVarP(&frequency, "frequency", "f", time.Duration(time.Second*260), "Frequency "+
+	runCmd.Flags().DurationVarP(&frequency, "frequency", "f", time.Duration(time.Second*860), "Frequency "+
 		"to execute Lambda function.  Maximum is "+lambdaMaxFrequency.String()+". If multiple "+
 		"lambda-regions are specified, this will cause traffic to rotate round robin at the interval "+
 		"specified here.")

cmd/awslambdaproxy/cmd/setup.go

@@ -2,24 +2,21 @@ package cmd
 
 import (
 	"fmt"
+	"os"
+
 	"github.com/dan-v/awslambdaproxy"
 	"github.com/spf13/cobra"
-	"os"
 )
 
 // setupCmd represents the setup command
 var setupCmd = &cobra.Command{
 	Use:   "setup",
 	Short: "Setup awslambdaproxy AWS infrastructure",
-	Long: `This will setup all required AWS infrastructure to run awslambdaproxy. Example:
-
-export AWS_ACCESS_KEY_ID=XXXXXXXXXX
-export AWS_SECRET_ACCESS_KEY=YYYYYYYYYYYYYYYYYYYYYY
-./awslambdaproxy setup`,
+	Long:  `This will setup all required AWS infrastructure to run awslambdaproxy.`,
 	Run: func(cmd *cobra.Command, args []string) {
 		err := awslambdaproxy.SetupLambdaInfrastructure()
 		if err != nil {
-			fmt.Print("Failed to run setup for awslambdaproxy", err)
+			fmt.Print("Failed to run setup for awslambdaproxy: ", err)
 			os.Exit(1)
 		}
 	},

go.mod

@@ -0,0 +1,47 @@
+module github.com/dan-v/awslambdaproxy
+
+go 1.12
+
+require (
+	github.com/Yawning/chacha20 v0.0.0-20170904085104-e3b1f968fc63
+	github.com/aead/chacha20 v0.0.0-20170614051014-8d6ce0550041
+	github.com/aws/aws-lambda-go v1.0.1
+	github.com/aws/aws-sdk-go v1.12.62
+	github.com/dan-v/gosocks5 v0.0.0-20171218225514-69190413d160
+	github.com/dan-v/gost v0.0.0-20171218225532-25d135e41663
+	github.com/dan-v/shadowsocks-go v0.0.0-20171218225457-a3924b5aead6
+	github.com/fsnotify/fsnotify v1.4.7
+	github.com/go-ini/ini v1.32.0
+	github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b
+	github.com/hashicorp/golang-lru v0.0.0-20160813221303-0a025b7e63ad
+	github.com/hashicorp/hcl v0.0.0-20171017181929-23c074d0eceb
+	github.com/hashicorp/yamux v0.0.0-20171219165022-683f49123a33
+	github.com/inconshreveable/mousetrap v1.0.0
+	github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8
+	github.com/klauspost/compress v1.2.1
+	github.com/klauspost/cpuid v0.0.0-20170728055534-ae7887de9fa5
+	github.com/klauspost/reedsolomon v0.0.0-20171001120606-6bb6130ff6a7
+	github.com/lucas-clemente/aes12 v0.0.0-20171027163421-cd47fb39b79f
+	github.com/lucas-clemente/fnv128a v0.0.0-20160504152609-393af48d3916
+	github.com/lucas-clemente/quic-go v0.5.0
+	github.com/lucas-clemente/quic-go-certificates v0.0.0-20160823095156-d2f86524cced
+	github.com/magiconair/properties v1.7.4
+	github.com/mitchellh/mapstructure v0.0.0-20180111000720-b4575eea38cc
+	github.com/pelletier/go-toml v1.0.1
+	github.com/pkg/errors v0.8.0
+	github.com/spf13/afero v1.0.2
+	github.com/spf13/cast v1.1.0
+	github.com/spf13/cobra v0.0.0-20180115160933-0c34d16c3123
+	github.com/spf13/jwalterweatherman v0.0.0-20180109140146-7c0cea34c8ec
+	github.com/spf13/pflag v1.0.0
+	github.com/spf13/viper v0.0.0-20171227194143-aafc9e6bc7b7
+	github.com/stretchr/testify v1.3.0 // indirect
+	golang.org/x/crypto v0.0.0-20180112200814-13931e22f9e7
+	golang.org/x/net v0.0.0-20180112015858-5ccada7d0a7b
+	golang.org/x/sys v0.0.0-20180115085844-fff93fa7cd27
+	golang.org/x/text v0.0.0-20171227012246-e19ae1496984
+	gopkg.in/gorilla/websocket.v1 v1.2.0
+	gopkg.in/xtaci/kcp-go.v2 v2.0.0-20170304104302-bf95749e1be2
+	gopkg.in/xtaci/smux.v1 v1.0.6
+	gopkg.in/yaml.v2 v2.0.0
+)