How to Set Up AWS SSM Connect on EC2: A Complete Guide (No SSH Required)
Ankur Dev
In modern cloud architectures, security and automation are key. AWS Systems Manager (SSM) Session Manager lets you securely connect to your EC2 instances without SSH, open ports, or bastion hosts. It uses SSM Agent and IAM policies to allow browser- or CLI-based shell access to your instances.
In this guide, weβll walk through everything you needβfrom IAM setup to connectivity checksβto get SSM Session Manager working seamlessly.
β¨ Why Use AWS SSM Connect?
No SSH keys to manage
No port 22 exposure
Centralized auditing and logging
Works over private networks via VPC endpoints
Supports EC2, on-premises servers, and hybrid environments
π§° Prerequisites
Before you begin, ensure the following:
| Component | Requirement |
| EC2 OS | Amazon Linux 2, Ubuntu, or other supported OS |
| Agent | SSM Agent installed and running |
| IAM | EC2 instance profile with SSM permissions |
| Connectivity | Internet access OR SSM VPC endpoints (for private subnets) |
π οΈ Step-by-Step: Setting up AWS SSM Connect
β Step 1: Create an IAM Role for SSM
Go to AWS Console β IAM > Roles > Create role
Trusted entity: Select EC2
Attach permissions policy: Choose
AmazonSSMManagedInstanceCoreGive it a name, e.g.,
EC2SSMRoleClick Create Role
Now, attach this IAM role to your EC2 instance:
EC2 Dashboard β Select your instance β Actions > Security > Modify IAM Role
Choose
EC2SSMRoleβ Apply
β Step 2: Install and Start the SSM Agent
Amazon Linux 2 and Ubuntu (20.04+):
Pre-installed and auto-running.
Other OS? Install it manually:
Ubuntu example:
sudo snap install amazon-ssm-agent --classic
sudo systemctl enable amazon-ssm-agent
sudo systemctl start amazon-ssm-agent
Check status:
sudo systemctl status amazon-ssm-agent
β Step 3: Ensure Network Connectivity
SSM Agent communicates with the following AWS services:
| Service | Required for |
ssm | SSM core APIs |
ec2messages | Communication between EC2 and SSM |
ssmmessages | Start-session communication |
β Step 4: Verify Instance in Systems Manager
Go to:
AWS Console β Systems Manager β Fleet Manager β Managed Instances
β Your instance should appear online and managed
If not:
Verify IAM role is attached
Check SSM Agent logs:
/var/log/amazon/ssm/amazon-ssm-agent.logEnsure proper internet/VPC connectivity
β Step 5: Connect via Session Manager
Via AWS Console
Go to EC2 β Instances β Select your instance
Click Connect
Select Session Manager tab β Click Connect
π Optional: Enable Logging and Audit Trails
1. Enable CloudWatch Logs for Session Manager
Go to: Systems Manager β Session Manager β Preferences
Enable session logging to:
CloudWatch Logs group OR
S3 bucket
2. Audit with AWS CloudTrail
Session events are recorded automatically.
You can filter CloudTrail logs by
StartSession,SendCommand, etc.
π― Final Thoughts
With AWS SSM Session Manager, you no longer need to expose your EC2 instances via SSH. This dramatically improves your security posture and simplifies access management, especially in production or compliance-heavy environments.
Subscribe to my newsletter
Read articles from Ankur Dev directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Ankur Dev
Ankur Dev
AWS Cloud Expertise : Skilled in EC2, S3, Lambda, CloudFormation, and more to architect, deploy, and manage cloud solutions. Infrastructure as Code (IaC) : Automating cloud infrastructure using Terraform and CloudFormation for consistency and scalability. CI/CD Pipelines : Designing and managing efficient, automated continuous integration and deployment pipelines for faster releases. Containerization & Orchestration : Leveraging Docker and Kubernetes for containerized applications and seamless orchestration. Serverless Architectures : Implementing serverless solutions using AWS Lambda to reduce overhead and enhance scalability. Cloud Security : Ensuring robust security practices and compliance in cloud environments to protect sensitive data. Scripting & Automation : Writing efficient scripts in Python and Bash to automate manual tasks and improve workflow. Monitoring & Logging : Utilizing AWS CloudWatch, ELK Stack, and other tools to monitor and analyze system performance in real-time. Performance Optimization : Focused on optimizing cloud resources to improve speed, scalability, and cost-efficiency.