TechAnek

In today’s cloud computing environment, security is a top priority. One of the most common challenges when working with Amazon EC2 instances is ensuring secure and controlled access to them. Traditionally, administrators use SSH (for Linux instances) or RDP (for Windows instances) to manage EC2 instances. However, these methods can expose instances to various security risks, such as port exposure and unauthorized access.

To mitigate these issues, AWS Systems Manager Session Manager provides a secure and scalable way to connect to EC2 instances without the need to open inbound ports, manage SSH keys, or use bastion hosts. Session Manager allows for secure, auditable shell access to EC2 instances, significantly enhancing security posture.

In this blog, we’ll explore how AWS Session Manager works and two methods to connect with EC2 instances using this tool: via the Amazon EC2 Console and the AWS CLI.

Why Use AWS Session Manager?
Here are some reasons why we should use AWS Session Manager for connecting to EC2 instances:
1. Enhanced Security
  • No need to open SSH or RDP ports to the internet, reducing exposure to external threats.
  • Supports AWS IAM for access control and provides encrypted connections.
  • Logging and auditing are automatically enabled, ensuring compliance with security best practices.
2. Simplified Access Management
  • Manage access through IAM policies, ensuring that only authorized users and roles can connect to EC2 instances.
  • No need to manage SSH keys or passwords.
3. Centralized Session Management
  • Session Manager provides a single interface for managing all the EC2 instances, allowing for better control and auditing of administrative tasks.
4. Cross-Platform Support
  • Supports both Linux and Windows EC2 instances, providing consistent management for different environments.

Prerequisites:

Before we can use Session Manager to connect to the EC2 instances, ensure that the following prerequisites are met:
  • The EC2 instance must be associated with an IAM role that has the AmazonSSMManagedInstanceCore policy. This allows the instance to communicate with AWS Systems Manager.
  • The EC2 instance must have the SSM Agent installed. Most modern Amazon Machine Images (AMIs) come with the SSM Agent pre-installed, but if it’s not installed, we will need to install it manually.
  • The IAM user or role initiating the session must have appropriate permissions to use Session Manager, such as the ssm:StartSession and ssm:TerminateSession permissions.
Installing the SSM Agent (If Not Installed)
If the EC2 instance does not have the SSM Agent installed, we can easily install it using Snap (for Linux) or the standard installation method for Windows. For Ubuntu or Debian-based Linux Systems:
				
					sudo snap install amazon-ssm-agent --classic

sudo snap services amazon-ssm-agent
				
			

For Windows-based Systems

  1. Download the SSM Agent Installer: Visit the official SSM Agent download page or download the setup file from below link for Windows.
				
					https://s3.amazonaws.com/session-manager-downloads/plugin/latest/windows/SessionManagerPluginSetup.exe
				
			
  1. Run the Installer: Once downloaded, double-click the installer (amazon-ssm-agent-setup.exe) to start the installation process. Follow the on-screen instructions to complete the installation.
  2. Verify the Installation: After installation, open PowerShell or Command Prompt and verify that the SSM Agent is installed by running:
				
					session-manager-plugin
				
			
Method 1: Connect Using the Amazon EC2 Console
Connecting to an EC2 instance using the EC2 console is a simple and user-friendly method. Here’s how to do it:
Step 1: Open the EC2 Console Step 2: Select the EC2 Instance
  • From the list of instances, select the EC2 instance you want to connect to. Ensure that the instance has the appropriate IAM role and is running the SSM Agent.
Step 3: Initiate a Session
  • With the instance selected, click on the Connect button at the top of the screen.
  • In the pop-up window, select the Session Manager tab.
  • Click the Connect button to start a session.
Step 4: Start the Session
  • After a few seconds, the console will open a browser-based shell connected to expected EC2 instance. Now we can execute commands directly from the terminal window.
Method 2: Connect Using the AWS CLI

For those who prefer working with the command line, the AWS CLI provides a powerful way to connect to EC2 instances using Session Manager.

Step 1: Install and Configure the AWS CLI

  • If AWS CLI is not installed, follow the instructions in the AWS CLI User Guide to install it.
  • Once installed, configure the CLI by running the following command and providing the AWS credentials and default region:
				
					aws configure
				
			

Step 2: Start the Session

  • To connect to an EC2 instance using Session Manager, use the start-session command. Replace <instance-id> with your EC2 instance ID:
				
					aws ssm start-session --target <instance-id>
				
			
Step 3: Access the EC2 Instance
  • Once the session is established, you will be logged into the instance’s shell (Linux or Windows). From here, you can execute commands as needed.
Step 4: End the Session
  • When you’re done, you can simply type exit to terminate the session.

Conclusion

AWS Systems Manager Session Manager is an invaluable tool for securely connecting to your EC2 instances. Whether you prefer using the Amazon EC2 Console or the AWS CLI, both methods provide a seamless experience with added security benefits. By eliminating the need for open ports and SSH keys, Session Manager enhances the security of your cloud infrastructure while simplifying instance management.

By integrating Session Manager into your EC2 management workflows, you can reduce administrative overhead, improve security, and ensure a more controlled access environment for your AWS resources.

Leave a Reply

Your email address will not be published. Required fields are marked *