Use AWS Session Manager to Securely connect to an EC2 instance

In this article, you'll learn about AWS Systems Manager Session Manager, a powerful tool that allows you to securely connect to your EC2 instances.

We'll explore two methods to connect to an EC2 instance using Session Manager, one method is using the Amazon EC2 console and the other is with the AWS CLI.

Next to that we'll show you how you can make your Amazon EC2 instance compatible with AWS Session Manager, so that you can login safely on your instance using your IAM user or role instead of using SSH.

The quickest method is with the AWS CLI. In order to quickly and securely connect to an Amazon EC2 instance, run the command aws ssm start-session using the argument --target <instance-id> and it will connect to your instance using your active AWS IAM role or user.

What is AWS Systems Manager Session Manager?

AWS Systems Manager Session Manager is a fully managed service that enables you to manage and troubleshoot your EC2 instances.

With Session Manager, you can securely connect to your instances without the need for an open SSH port or a bastion host. This enhances security and simplifies the connection process.

Enabling AWS Session Manager on Your EC2 Instance

Before you can connect to an EC2 instance using AWS Session Manager, you must ensure that the instance is properly configured to support this service. You may also want to know how to get the metadata on an EC2 instance.

Here's a step-by-step guide to enabling AWS Session Manager on your EC2 instance:

1. Ensure IAM Role and Permissions: Your EC2 instance must have an IAM instance profile with the necessary permissions to communicate with Systems Manager. You can attach the AmazonEC2RoleforSSM policy to the role to grant these permissions.
2. Install or Update SSM Agent: The EC2 instance must have the SSM Agent installed and updated to the latest version. Most Amazon Machine Images (AMIs) come with the agent pre-installed. If not, you can manually install or update it.

By following these steps, you'll have AWS Session Manager enabled on your EC2 instance, allowing you to securely connect and manage your instance without the need for SSH keys or other complex setup.

How to Connect to an EC2 Instance Using Session Manager with the AWS CLI

For those who prefer using the command line, connecting to an EC2 instance using Session Manager with the AWS CLI is equally simple.

Here's how:

1. Install and configure your AWS CLI and login with your AWS CLI profile.
2. Install the aws ssm plugin if you haven't already (Note: This is also used to connect to ECS containers).
3. Run the following command to start a session with your desired EC2 instance:

aws ssm start-session --target instance-id

Replace instance-id with the actual ID of the EC2 instance you want to connect to. This command will utilize the aws ssm plugin to establish a secure connection.

This is what it looks like when you login to an Amazon Linux 2 instance:

~ on  tst-account-sso (eu-west-1) [4m40s]
➜ aws ssm start-session --target i-05ed0232095f21da6

Starting session with SessionId: dannysteenman-043c9e08917fec583
sh-5.2$

How to Connect to an EC2 Instance Using Session Manager with the Amazon EC2 Console

Connecting to an EC2 instance using Session Manager through the Amazon EC2 console is a straightforward process. Here are the detailed steps:

1. Sign in to the AWS Console with your credentials.
2. Navigate to the EC2 Dashboard and select the instance you want to connect to.
3. Click on the "Connect" button, then choose "Session Manager" from the connection methods.

4. Click "Connect" to initiate the connection. You'll be connected to your instance securely via the session manager plugin.

Conclusion

Securely connecting to an EC2 instance has never been easier, thanks to AWS Systems Manager Session Manager.

Whether you choose to connect via the Amazon EC2 console or the AWS CLI, the process is streamlined and secure.

By using the aws ssm start-session command and leveraging the session manager plugin, you can manage your instances without compromising on security.

Remember, the aws ssm plugin is a crucial component in this process, so ensure it's installed and configured properly.

---

Join my newsletter for real-world insights, actionable strategies, and lessons learned the hard way on my journey building a successful AWS Cloud Consulting business, delivered to your inbox.