Introduction
We will connect EC2 Instances using Session Manager. These steps are only for testing/evaluation purposes. Please use the least privileged permissions/roles.
Prerequisite
Configured Enterprise Application & Assigned Related IAM Role to Azure AD Users
Please refer to the main README.md.
Note:
Setting EC2 Instances to support Session Manager
- Please refer to this documentation to set up Session Manager.
Note:
- Supported OS.
- Required IAM Profile for EC2 Instances.
- Setting up SSM Agent - if it's not installed by default.
- If you have other cases, please refer to this documentation for setting up AWS Systems Manager.
Supported Tools
- AWS CLI
- aws-azure-login: Integrate AWS CLI with Azure AD SSO
- Session Manager Plugin
Steps
Configuration
-
npm install -g aws-azure-login-> Installaws-azure-login -
aws configure --profile <target profile>-> Example:aws configure --profile aad, you only need to configure default region, if you want it.
-
aws-azure-login --configure --profile <target-profile>-> Example:aws-azure-login --configure --profile aad
a. You only need to configure the tenant id, app id, and default session duration (recommend using 1 hour).
Connect to EC2 Instances using existing profile
-
aws-azure-login --profile <target profile>-> Exampleaws-azure-login --profile <target profile>.
note: I use the default username, so I input the password only.
-
aws ssm --region <target region> --profile <target profile> start-session --target <ec2-instance-id>. You don't need to set a region if your instance is the same as the default region.
Note:
- More information to connect EC2 Instances using Session Manager: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-sessions-start.html
Key Resources
- Session Manager Plugin
- SSM Prerequisites
- Required IAM Policies for Users
- Required IAM Profile for EC2 Instances
Thank you
Top comments (0)