Skip to content

EC2 Instance Connect meets AWS Session Manager via SSH

By Sebastian Korfmann

Posted in aws

EC2 Instance Connect meets AWS Session Manager via SSH

Both things have been introduced recently, and let you access even private ec2 instances

  1. Without VPN
  2. No open SSH port
  3. Authentication / Authorization is fully delegated to IAM
# Assumes valid AWS Credentials in ENV
ssh -v ec2-user@i-002afb820244e392f

What this will do (through the aws-proxy script below):

  • Generate a single use ssh key
  • Push the generated publich key to AWS for the given user of the provided ec2 instance id
  • Adds the private key to the ssh agent
  • Create a tunnel through Session Manager
  • Establish an SSH session

The host has to be configured to run:

  • SSM Agent
  • ec2-instance-connect

Locally, you'll have to have a recent version of the AWS cli and the SSM plugin