AWS Session Manager is a component of AWS System Manager that allows you to manage your instances through a browser-based shell or AWS CLI. It uses a lightweight agent installed on your servers to execute server management tasks accessible through the console, this can eliminate the requirement of bastion hosts, minimise inbound ports/public ip's or maintaining SSH keys. This tool can also be extremely useful if you have lost communication to your EC2 via your normal method.

This guide shows you how to configure it to connect via SSH to a Linux EC2 and powershell to a Windows EC2 using the session manager within systems manager.

Create an instance profile for Systems Manager managed instances

Open the IAM console

In the navigation pane, choose Roles then Create role.

Select type of trusted entity, choose AWS service.

In Choose the service that will use this role, in the full list of services, choose EC2.

In Select your use case, choose EC2 Role then Next

On the Attached permissions policy page, verify that AmazonEC2RoleforSSM is listed, and then click Next

Add tags as per your requirements

On the Review page, type a logical name in the Role name box and give it a description then select Create Role

Attach IAM Role to your EC2

Select the EC2 you want to attach the IAM role then select "Attach/Replace IAM Role"

Attach the role you created earlier and click Apply

SSM Agent (Linux)

SSM Agent is installed by default, on Amazon Linux base AMIs dated 2017.09 and later. SSM Agent is also installed, by default, on Amazon Linux 2 AMIs.

Check the agent version

sudo snap list amazon-ssm-agent

Install the SSM Agent

sudo snap install amazon-ssm-agent --classic

Further details on the agent install for your Linux version is here,

https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-manual-agent-install.html

Check the status of the agent

sudo snap services amazon-ssm-agent

SSM Agent (Windows)

Install the SSM Agent

SSM Agent is installed by default on instances created from Windows Server 2016 and Windows Server 2019 Amazon Machine Images (AMIs), and on instances created from Windows Server 2003-2012 R2 AMIs published in November 2016 or later.

If you are unsure if you have it, look for a service called Amazon SSM Agent

Download and install the latest agent from the following link;

https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe

Start or Restart the agent in Powershell

Restart-Service AmazonSSMAgent

Give it a few minutes for the EC2 to appear within Session Manager

Start a session

Navigate to AWS System Manager > Session Manager > Start Session > select the instance and click Start session

If your EC2 is not shown, give it a few minutes for the EC2 to appear within Session Manager then click refresh

Linux

You are taken straight into a SSH session where you can run your commands as normal, i.e.

Windows

You are taken straight into a powershell session where you can run your commands as normal, i.e.

To terminate a session select terminate at the top right of the session window then confirm within the pop-up box