DEV Community

Cover image for Stop using SSH, use AWS Session Manager

Posted on • Updated on

Stop using SSH, use AWS Session Manager

Stop opening port 22 for ssh (or any port). AWS SSM Session Manager can manage ssh connections to instances for you from your CLI, even private networked resources, and permission based on IAM policies.

You can "ssh" to your instances using session manager in your CLI and also open tunnels, which allows you to use features like VSCode remote development (example included).


Basic SSH Connection:

aws ssm start-session --target i-<your instance id>

VSCode via tunnel

  1. Enable vscode remote plugin
  2. Copy your public ssh key to an instance (unless you added it to the instance via user data)
  3. Add your connection to VSCode
  4. Update your local ssh config
$ vim ~/.ssh/config
Host i-<your instance id>
   ProxyCommand sh -c "aws ssm start-session --profile <your aws profile name> --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
Enter fullscreen mode Exit fullscreen mode

\6. connect with vscode ubuntu@i-<instance id>

Bonus! Use the terraform above to deploy vpc endpoints so zero traffic goes over the internet between SSM and your instance!

vpc_endpoints_enabled = true

Alt Text


  • Does your user have permissions to access ssm?
  • Did I miss something? please lmk in the comments and ill update!

Top comments (0)