DEV Community

Aravind kumar TS
Aravind kumar TS

Posted on

How to connect to an EC2 Private Instance via SSM Port Forwarding !

#ec2 #ssm

Image description

AWS Cli installation in Windows and Linux

  1. https://awscli.amazonaws.com/AWSCLIV2.msi — download this in Windows machine

  2. curl “https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o “awscliv2.zip”

unzip awscliv2.zip

  1. sudo ./aws/install

Links from AWS for the above — Installing or updating the latest version of the AWS CLI — AWS Command Line Interface (amazon.com)

AWS Session Manager Installation in Windows and Linux

  1. https://s3.amazonaws.com/session-manager-downloads/plugin/latest/windows/SessionManagerPluginSetup.exe — — copy this URL and paste it in browser and download it/run it — For windows machine 64 bit

  2. curl “https://s3.amazonaws.com/session-manager-downloads/plugin/latest/linux_64bit/session-manager-plugin.rpm" -o “session-manager-plugin.rpm”

  3. sudo yum install -y session-manager-plugin.rpm — — run this and above command in Linux terminal

Policies to be applied for a IAM user to access the private EC2 instance via session manager from your local machine

  1. Configure IAM user in your laptop using

  2. $ aws configure

  3. AWS Access Key ID [None]: accesskey to be copy and pasted here

  4. AWS Secret Access Key [None]: secretkey to be copy and pasted here

  5. Default region name [None]: the region of your EC2 machine to be entered here for example for Mumbai ap-south-1

  6. Default output format [None]: click on Enter

the EC2 instance must have an IAM role with permission to invoke Systems Manager API. For this example, I am using AmazonSSMManagedInstanceCore.
Attach this role to your EC2 instance

Permission of IAM user to access Session Manager via Laptop Cli :

Image description

Command to execute from your laptop to access Windows Private EC2 instance –

aws ssm start-session — target (copy paste your instance id here) — document-name AWS-StartPortForwardingSession — parameters “portNumber”=[“3389”],”localPortNumber”=[“9090”]

Port 9090,3389 must be allowed in security group of EC2 instance

For more information pls check

SSM Port Forwarding — Private Windows RDP Access — YouTube

New — Port Forwarding Using AWS System Manager Session Manager | AWS News Blog (amazon.com)

To connect to your private EC2 instance follow the below from your laptop

Image description

(Since medium blog is not free, I have replicated my medium blog here)

Top comments (0)

Read next

gromnan profile image

Fix PHP 8.4 deprecation: Implicitly marking parameter as nullable is deprecated, the explicit nullable type must be used instead

Jérôme TAMARELLE -

callmeanupam profile image

Looking to Collaborate

Anupam Shakya -

nctepper profile image

Embarking on a New Journey: From Challenges to Code

NCTepper -

epakconsultant profile image

What is Spot Trading?: A Beginner's Guide to Buying and Selling Cryptocurrencies

sajjad hussain -