In this blog post , We will learn how to login to Linux EC2 Instances using Session manager.
What is Session Manager?
Session Manager is a fully managed AWS Systems manager capability which will help us to manage EC2 instances through an interactive one-click browser-based shell.
Using Session Manager we can start a session with an instance in the AWS account.
Once the session is started , We can run bash commands as usual.
It provides secure and auditable instance management without the need to open inbound ports , maintain bastion hosts or SSH keys.
Supported Operating Systems
Session Manager supports most of the Linux operating systems.
Session manager supports Windows Server 2008 R2 – Windows Server 2019.
Before connecting to Linux EC2 instances using Session Manager we need to complete the below steps.
- Amazon SSM agent should be installed on the Linux EC2 Instances.
- Create an IAM Role with the required permissions
- Attach IAM Role with the Instance
- Connect to Instance using Session Manager
Creating IAM Role
The EC2 instances should have necessary permission in order to connect to Linux instances using Systems Manager Session manager.
Lets go ahead and create an IAM Role.
Login to IAM console.IN the navigation pane , Choose Roles
Click Create role ,
For Select type of trusted entity , Choose AWS service
For Choose a use case , Select EC2 and click Next: Permissions
Search for core and then choose AmazonSSMManagedInstanceCore
Click Next: Tags , You can tag the role.
Click Next: Review , Provide a name for the IAM role and then click Create role
Attaching IAM Role with EC2 Instance
Once the IAM role with the required permission are created , We need to attach the IAM role with the EC2 Instances.
Login to EC2 management console.
In the navigation pane , Choose Instances
Select the instance , Under Actions , Hover to Instance Settings and then select Attach/Replace IAM Role
For IAM role* , From the drop down , Choose the IAM role which you have created.
and then click Apply
We have successfully completed 2 minimum requirements such as Installing SSM agent and Attaching IAM role with EC2 Instance.
To verify this , Login to Systems Manager console.
In the navigation pane , Under Instance & Nodes , Select Session Manager
You will see this page , Click Start Session
Under Target instances , You should see the EC2 Instances listed here.
Connecting Linux Instances using Session Manager
To connect Linux EC2 Instances , Select the instance and then click Start Session
It will open a browser bases shell in the new tab.
You will be logged in as ssm-user.To login as root user , Enter sudo su.
If you go back to Systems manager console , You can find all the sessions created for an EC2 instance by an IAM user.
We can also connect with EC2 instance using Session Manager from EC2 management console.
Go to EC2 console , From the list of instances Select the instance.
Click Connect , For Connection method , Select Session Manager
You should not see any errors below , If the instance didnt pass 2 minimum requirements (ssm agent and IAM role) ,It shows an error.
After selecting Session Manager , You should get a response as shown below.
and click Connect.
It should open a browser based shell where you can run bash commands as usual.
Now We are able to Login to Linux EC2 Instances securely without the the need of SSH keys , .pem file and opening Inbound rules.
Hope you find it helpful.
Please do check out my other articles.