Connect to AWS EC2 Using AWS SSM Session Manager | Secure your EC2 by Enabling AWS SSM | AWS Demo

Introduction

This tutorial will guide you through the process of connecting to an AWS EC2 instance using the AWS Systems Manager (SSM) Session Manager. This method allows you to securely access your EC2 instances in a private subnet without needing to use SSH over the internet. By following these steps, you can enhance the security of your EC2 instances and streamline your workflow.

Step 1: Create an IAM Role for the EC2 Instance

To enable SSM access, you need to create an IAM role that your EC2 instance will assume.

1. Open the IAM Console:

   • Navigate to the IAM Management Console in AWS.

2. Create a New Role:

   • Click on "Roles" in the sidebar.
   • Select "Create role."

3. Select EC2 as the Trusted Entity:

   • Choose "AWS service" and select "EC2" as the use case.

4. Attach Policies:

   • In the permissions policies list, search for and select the AmazonSSMManagedInstanceCore policy. This policy allows SSM to manage the instance.

5. Configure Role Name and Tags:

   • Provide a name for the role (e.g., SSM-EC2-Role).
   • Optionally add tags for organization.

6. Create the Role:

   • Review your settings and click "Create role."

Step 2: Attach the IAM Role to Your EC2 Instance

Now that you have created the IAM role, you need to attach it to your EC2 instance.

1. Open the EC2 Console:

   • Navigate to the EC2 Management Console.

2. Select Your Instance:

   • Locate and select the EC2 instance you want to connect to.

3. Modify IAM Role:

   • Click on "Actions," then "Security," and select "Modify IAM role."
   • Choose the role you created in Step 1 (SSM-EC2-Role) from the dropdown.

4. Apply Changes:

   • Click on "Update IAM role" to apply the changes.

Step 3: Verify SSM Agent Installation

Ensure that the SSM Agent is installed and running on your EC2 instance.

1. Connect to Your Instance (if necessary):

   • You may need to temporarily connect to your instance using SSH or another method.

2. Check SSM Agent:

   • Run the following command to check the status:

     sudo systemctl status amazon-ssm-agent
     

   • If it’s not installed, you can find installation instructions in the AWS documentation.

3. Start the Agent (if needed):

   • If the agent is not running, you can start it using:

     sudo systemctl start amazon-ssm-agent
     

Step 4: Connect to Your EC2 Instance Using Session Manager

With the setup complete, you can now connect to your EC2 instance.

1. Open the Systems Manager Console:

   • Navigate to the AWS Systems Manager console.

2. Access Session Manager:

   • In the left navigation pane, click on "Session Manager."

3. Start a Session:

   • Click on "Start session."
   • Select the instance you want to connect to from the list.

4. Initiate Connection:

   • Click on "Start session" to connect to your instance.

Conclusion

By following these steps, you have successfully connected to your AWS EC2 instance using AWS SSM Session Manager. This method enhances security by eliminating the need for SSH over the internet. Moving forward, consider exploring other features of AWS Systems Manager to further manage and automate your cloud infrastructure.