DEV Community

Cover image for Connecting to EC2 Instances using Azure AD Users
Bervianto Leo Pratama for AWS Community Builders

Posted on • Originally published at github.com

Connecting to EC2 Instances using Azure AD Users

Introduction

We will connect EC2 Instances using Session Manager. These steps are only for testing/evaluation purposes. Please use the least privileged permissions/roles.

Prerequisite

Configured Enterprise Application & Assigned Related IAM Role to Azure AD Users

Please refer to the main README.md.

Note:

Setting EC2 Instances to support Session Manager

Note:

Supported Tools

Steps

Configuration

  1. npm install -g aws-azure-login -> Install aws-azure-login
  2. aws configure --profile <target profile> -> Example: aws configure --profile aad, you only need to configure default region, if you want it.

    aws configure

  3. aws-azure-login --configure --profile <target-profile> -> Example: aws-azure-login --configure --profile aad

    aws azure login

    a. You only need to configure the tenant id, app id, and default session duration (recommend using 1 hour).

Connect to EC2 Instances using existing profile

  1. aws-azure-login --profile <target profile> -> Example aws-azure-login --profile <target profile>.

    azure login

    note: I use the default username, so I input the password only.

  2. aws ssm --region <target region> --profile <target profile> start-session --target <ec2-instance-id>. You don't need to set a region if your instance is the same as the default region.

    login

Note:

Key Resources


Source

Thank you

GIF Thanks

Oldest comments (0)