Attach the AmazonSSMManagedInstanceCore IAM policy to an IAM role that is associated with the EC2 instances. Instruct the developers to use AWS Systems Manager Session Manager to access the EC2 instances.
Yes! You can use AWS Systems Manager Session Manager from your PC without SSH, and without going through the AWS console. Here’s how:
1. Install AWS CLI
- Make sure the AWS CLI v2 is installed on your PC.
- Configure it with your AWS credentials that have permission to use Session Manager (
ssm:StartSession).
aws configure
2. Start a Session
- Run the following command to connect to your EC2 instance:
aws ssm start-session --target <instance-id>
- This opens an interactive shell on the EC2 instance, just like SSH.
3. Optional: Use Session Manager Plugin
- Some systems may require the Session Manager plugin for CLI to open sessions.
- Install it from AWS: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html
Advantages over SSH
| Feature | SSH | Session Manager |
|---|---|---|
| No Internet Needed | ❌ (unless bastion host) | ✅ (works in private subnet) |
| No Key Management | ❌ | ✅ (IAM-based access) |
| Audit Logging | ❌ (manual) | ✅ (CloudTrail logs) |
| Remote Access | ❌ | ✅ (CLI or console) |
Summary
- From your PC, Session Manager works like SSH, but uses IAM credentials instead of keys.
- No need for bastion hosts or VPNs if the instance is in a private subnet.
- Fully secure and auditable.
Top comments (0)