🚀 AWS Session Manager: Secure Remote Access Without SSH
AWS Systems Manager (SSM) Session Manager enables secure, keyless remote access to EC2 instances without requiring SSH, public IPs, or bastion hosts. This feature simplifies remote instance management using AWS-managed networking and IAM-based authentication.
🔗 Key Benefits of AWS SSM Session Manager
- No Public IPs Required - Connect to instances inside private subnets.
- No SSH Key Management - Eliminates the need for manually managing SSH key pairs.
- IAM-Based Access Control - Grants secure, audited access via AWS IAM permissions.
- No Need for Bastion Hosts - Reduces infrastructure complexity and security risks.
-
AWS Console & CLI Integration - Connect directly from AWS Console or via
aws ssm start-session. - Session Logging & Auditing - Tracks user activity for security and compliance.
🛠 Prerequisites
Before using AWS SSM Session Manager, ensure you have:
- EC2 instance with SSM Agent installed (Amazon Linux 2 has it by default; Amazon Linux 2023 requires installation).
-
IAM Role with
AmazonSSMManagedInstanceCoreattached. - AWS CLI installed (Setup Guide).
- AWS SSM Session Manager Plugin installed (Installation Guide).
- Outbound internet access (via NAT Gateway) or AWS PrivateLink for SSM endpoints.
🌐 How AWS SSM Session Manager Works
When a user initiates a session via AWS Console or CLI, AWS Systems Manager establishes a secure, TLS-encrypted session between the user and the instance. The IAM policy attached to the instance role controls permissions and access.
🚀 AWS SSM Session Manager for Private Subnets
AWS Systems Manager Session Manager allows access to instances in private subnets without SSH or public IPs.
🛠 How It Works
- Attach an IAM Role with
AmazonSSMManagedInstanceCorepolicy to the instance. - Ensure the instance has SSM Agent installed and running.
- Use the AWS CLI or Console to initiate a session.
- AWS handles authentication and communication securely.
📚 Terraform Sample Repository
For a working Terraform example demonstrating AWS SSM Session Manager, check out:
👉 GitHub Repository: AWS SSM Session Manager Terraform Demo
📊 IAM Policy Example
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:StartSession",
"ssm:TerminateSession",
"ssm:DescribeSessions",
"ssm:GetConnectionStatus"
],
"Resource": "*"
}
]
}
📃 Common Issues & Fixes
❌ Instance Not Found in AWS SSM Session Manager
✅ Ensure the IAM Role includes AmazonSSMManagedInstanceCore.
✅ Verify SSM Agent is installed and running (systemctl status amazon-ssm-agent).
✅ Ensure the instance has outbound internet access or AWS SSM VPC Endpoints configured.
❌ Session Manager Plugin Not Found
✅ Install the AWS Session Manager Plugin:
Debian/Ubuntu
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "session-manager-plugin.deb"
sudo dpkg -i session-manager-plugin.deb
Amazon Linux 2 & RHEL 7
sudo yum install -y https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm
Amazon Linux 2023 & RHEL 8/9
sudo dnf install -y https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm
macOS
curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/mac/sessionmanager-bundle.zip" -o "sessionmanager-bundle.zip"
unzip sessionmanager-bundle.zip
sudo ./sessionmanager-bundle/install -i /usr/local/sessionmanagerplugin -b /usr/local/bin/session-manager-plugin
Verify installation:
session-manager-plugin --version
🌟 Summary
AWS Systems Manager Session Manager provides secure, keyless remote access to private EC2 instances, eliminating the need for public IPs, SSH keys, or bastion hosts.
Want to try it out? Implement AWS SSM Session Manager in your Terraform setup today!
Top comments (0)