Why SSM over SSH?
Session Manager (SSM) provides more security over a SSH connection. With SSM, a port isn’t exposed for SSH traffic, and it avoids any risk with users sharing keys. SSM occurs within the AWS console and it is tied to only one IAM user.
In two previous articles, I covered how to connect to an EC2 via SSH and RDP. In this article we are going to beef up security and use session manager to connect to our EC2. If you haven’t done so already, take a look at the previous two articles below and get logged into the AWS console!
- Since you have looked over the previous two articles, I will assume that you are logged into the AWS console. We need to launch a new EC2 Instance!
2. Give the instance a unique name and select Amazon Linux for the Amazon Machine Image (AMI).
3. Instance type will remain default as “t2.micro” and we can proceed without a key pair since we aren’t using ssh or rdp.
4. For this EC2 instance, we are doing a few things differently than the previous two articles. Leave “Create security group” selected and remove the check mark from “Allow SSH traffic from”.
Launch the Instance
Wait until your instance is “Running”
5. Select the newly created instance, click on the “actions” drop down, click “security”, and select “Modify IAM role”. Once on the Modify IAM role page, select “create new IAM role”, and select “Create role”.
6. Next, we need to select the “trusted entity”.
7. Next, we will select the “use case” from the drop down and select the specified service.
click “Next”
9. Give the role a unique name, this role allows EC2 instances to call Systems Manager.
Create Role
10. In the EC2 dashboard under “Instances”, select the running instance and select “Actions”, “Security”, “Modify IAM role”
Choose the IAM role that was just created and Update the IAM role.
Lets go to Session Manager
11. In the AWS console, using the search bar at the top of the page type “Systems Manager”. On the left pane under “Node Management” select “Session Manager” . Select “Start Session”
Start Session
12. Select your EC2 instance and start the session
If successful, you will be able to connect to your EC2 instance
Congratulations, you have successfully connected to an EC2 Instance using SSM! DON’T FORGET to TERMINATE the session as well as navigate back to your EC2 dashboard and TERMINATE YOUR EC2 INSTANCE to AVOID monetary charges!