AWS Systems Manager (formerly known as SSM) is an AWS service that you can use to view and control your infrastructure on AWS. With AWS Systems Manager, you can perform routine operations, proactively act on events and address security issues on multiple instances at the same time.
Usually, when we connect to EC2 instances using our local machines, we need to grant SSH (port 22) or RDP (port 3389) permissions from our IP address and we also need to provide the key pair.
In this post, I will share the steps on how you can securely connect to your EC2 instances using AWS Systems Manager, even without SSH permission in your EC2’s security group and not using a key pair.
For this, you will need to perform the following:
- Create an IAM Instance Profile
- Create and Launch an Amazon EC2 Instance
- Connect to EC2 using AWS Systems Manager
Step 1: Create an IAM Instance Profile
- Open the AWS IAM console, and then choose Roles from the navigation pane
- Select Create Role
- For the type of trusted entity, select AWS service
- For the use case, choose EC2
- Choose Next: Permissions
- For the policies to attach, search and select AmazonSSMManagedInstanceCore
- Choose Next: Tags and add tags as needed
- Enter a Role name and choose Create Role
Step 2: Create and Launch an Amazon EC2 instance
- Open the Amazon EC2 console, and then choose Launch instances
- Select an Amazon Machine Image (AMI). In this example, I will choose an Amazon Linux 2 AMI Note: In order to use AWS Systems Manager, an SSM Agent must be installed on the instance. By default, SSM Agent is preinstalled on instances created from some AMIs, including Amazon Linux 2.
Choose Next: Configure Instance Details
Choose Next: Add Storage and modify storage as needed
Choose Next: Add Tags and add tags as needed
Choose Next: Configure Security Group
Choose Review and Launch
Choose Launch Instances
Step 3: Connect to EC2 using AWS Systems Manager
Option A – EC2 Console
In the Amazon EC2 console, select the instance and then click on Actions and choose Connect from the dropdown
Option B – Systems Manager Console
- Open the AWS Systems Manager console, and then choose Session Manager under Node Management from the navigation pane
- Choose Start Session