How to securely connect EC2 via SSH with AWS Systems Manager

Modern best practice to connect Amazon EC2 instance via SSH without SSH key/password and with closed inbound 22 port. AWS Systems Manager Session Manager tutorial.

Table of Contents

  • Step 1: Launch Amazon EC2 Instance
  • Step 2: Create AWS IAM Role
  • Step 3: Connect Amazon EC2 via SSH
  • Extra: Connect using SSH command and SSH key
  • Sources

Step 1: Launch Amazon EC2 Instance

Navigate to Amazon EC2 and start launching new instance. In this tutorial I will use Amazon Linux 2 AMI (HVM) operating system.

Step 2: Create AWS IAM Role

Navigate to AWS IAM and create new role. Choose EC2 service and click Next: Permissions:

Step 3: Connect Amazon EC2 via SSH

You can connect EC2 instance with AWS Systems Manager Session Manager in multiple ways: E2 console, Systems Manager console, AWS CLI.

$ aws ssm start-session --target INSTANCE_ID
$ aws ssm start-session --target i-06fd9f063a7cf53fd

Extra: Connect using SSH command and SSH key

Launch new EC2 instance (e.g. i-077b1f947c98988d5) and download SSH key (e.g. key.pem).

$ sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
$ ssh -i SSH_KEY ec2-user@INSTANCE_ID
$ ssh -i key.pem ec2-user@i-077b1f947c98988d5

Sources

  1. Toward a bastion-less world
  2. Install the Session Manager Plugin for the AWS CLI
  3. Securing your bastion hosts with Amazon EC2 Instance Connect
  4. Securely Connect to Linux Instances Running in a Private Amazon VPC

Python Developer and Artificial Intelligence Engineer