How To Connect To Ec2 Instance Using Session Manager

Please use the menu below to navigate the article sections:

SSH into an EC2 Example
AWS Systems Manager Session Manager
Security
AWS Training Courses

In this article, I will walk you through a multifariousness of ways to access the EC2 instances that you lot deploy on the AWS network. There are two main ways to achieve this. The first fashion to connect to an EC2 example is to SSH into it. This means creating a secure connection from a local customer to the AWS server using key pairs. The second way will be to apply the AWS Systems Managing director Session Manager. I'll demonstrate both these methods and compare the security of each. First off, I volition await into SSH.

SSH into an EC2 Instance

SSH or Secure Beat is a network protocol that will let yous to securely connect our machine to an EC2 instance. You volition be able to control the AWS EC2 example from our command line. Before you tin can practice this, take intendance of a few requirements.

Requirements :

AWS Account SETUP – Nosotros need to have our AWS business relationship fix upwardly and ready to launch instances. Check out the AWS documentation for specifics on how to configure your account correctly.
RUNNING EC2 Case – Y'all need to have a running instance in a public subnet. The instance launched in this article will exist the Linux ii AMI. Information technology is in the costless tier on AWS. Check out the AWS Documentation on how to launch an case. The instance needs a few specific configurations:
1. Security Group that allows for SSH admission – This volition use the TCP protocol on port 22.
2. Access to a keypair – Create a keypair for your example and download it to your local machine.
Linux or Mac – For this portion of the tutorial, I used a Mac. If y'all desire to navigate through this with Windows, here is a link to the AWS documentation .

Notation: For instructions on how to SSH into an example in a individual subnet with agent forwarding, see this article.

Given that you have the prerequisites taken care of, make certain the status of the EC2 example is "Running". You can see this demonstrated below.

Check that SSH is available on your local auto. In order to cheque that you accept SSH running, only run the control "ssh". As you tin come across below, my Mac recognized the command. This signals that the SSH client is working on my machine.

Many computers volition have the SSH customer already installed, but some won't. You can download OpenSSH on Windows, Linux, or Mac in guild to gain SSH access.

With the keypair created and example running , navigate to the EC2 console. Now, you just need to notice the public IP address . With this information, y'all can run a few commands in the terminal to connect to the instance.

The public IP address will show upwardly at the bottom of your panel when you select the running EC2 instance.

In order to again SSH access to the EC2 instance, use this control beneath:

ssh -i /path/my-key-pair .pem my-instance-user-name @ my-instance-public-dns-name

Before running the control, navigate to the directory where your central pair is stored. Run the SSH command.

Afterwards running this command, I ran into a very mutual error.

The AWS documentation provides the control to remedy the state of affairs. The error code states that our .pem file has permissions 0644. Run the chmod 0400 to alter these permissions. EC2 instances volition non take any .pem file if it is public. This control volition change the permissions of your .pem file.

With that mistake fixed, run the SSH command from before.

And in that location you have it! You have successfully navigated into the EC2 instance. From here, you can run commands in the Linux concluding of our instance!

One time you lot figure out the permissions of the .pem file, this is a very straightforward procedure. This is non the just way to proceeds access to an EC2 case. There are multiple other options, but I volition await at the AWS Systems Manager next.

AWS Systems Manager Session Director

Another option to gain access to an EC2 instance is the AWS Systems Manager Session Director. The session managing director allows you to manage EC2 instances, on-premises instances, and virtual machines. You might exist request yourself, why is this so different than SSH'ing into an instance? I will answer that presently enough, but start let me walk y'all through the Session Manager.

Just like the final scenario, nosotros need to take care of a few requirements in how nosotros set up our instances.

Requirements:

Have an AWS Account
Launch a running instance in an AZ . Session Manager will not start instances on its own, rather it will manage them.
Install the SSM Agent IF non already installed . Depending on the example, you might have to install the SSM Agent. The SSM agent is what will allow Session Manager to control your running EC2 instances. The EC2 Linux 2 AMI does already accept it installed. For any On-Premises servers, installing the SSM agent is mandatory.
Fix an IAM Role . If you search for AWS provided IAM roles, you will discover the EC2AccessForSSM. This allows for the Systems Session Manager to access your EC2 instance.

Once once again, here is the running instance:

With all this configured, you can use the session manager to connect to the instances. This can all happen through the AWS Panel! Given that we accept met the previous requirements, the instances volition show up under the Managed Instances tab in Systems Director.

Notice that we did Not set up a security grouping. There is no SSH access allowed on the EC2 Case. This is the major difference between the Session Manager and SSH.

In Systems Manager, navigate to the session director. Select Outset Session.

You will be presented with any instances that are beingness managed by Systems Director. Select the example you want to access and start the session.

You will be using a Secure Shell within the example entirely in the AWS console. In hither, you can run whatsoever Linux control necessary to complete your task.

And it's equally like shooting fish in a barrel as that. If your instances are running and allow SSM access, all it takes is clicking a few buttons in the AWS panel to gain access. Y'all too have the ability to use a simple one line command when the AWS CLI is configured.

Security

As you can run into from these demonstrations, the main difference between these two methods is how to gain access to the case. With SSH, you open up a port through a security group rule . Systems Manager Session Director utilizes an IAM function to connect with the instance. Each of these methods is simple to implement, simply which one is amend?

For the bulk of utilise cases, the session manager is going to be superior. The main reward for session manager is security.

Two of the principles of the AWS Well-Architected Framework on Security use to this sit-in:

Enable Traceability
Implement a strong identity foundation

With session manager, you don't have to expose a port to SSH traffic, therefore you avoid any take a chance with users sharing keys. Because the Session Manager occurs within the AWS panel or AWS CLI, each session is tied to only one IAM user. This allows for a great deal of traceability.

There are a diversity of AWS services that Systems Director can use for logging and auditing. Inside the Systems Manager console, yous can enable CloudWatch, CloudTrail, or S3. This is a necessity when you consider the AWS Well-Architected Framework.

Overall, both methods are quick and easy ways to gain access to EC2. Considering they are similarly easy to implement, I would choose the one with better security in Session Director. Equally a bonus, you tin can view everything inside the console.

AWS Training Courses

Amazon EC2 features in several of our AWS certification grooming courses including the post-obit:

AWS Certified Cloud Practitioner
AWS Certified Solutions Builder Associate
AWS Certified Developer Associate
AWS Certified SysOps Administrator Associate
AWS Certified Solutions Architect Professional