AWS Session Manager is a component of AWS System Manager that allows you to manage your instances through a browser-based shell or AWS CLI. It uses a lightweight agent installed on your servers to execute server management tasks accessible through the console, this can eliminate the requirement of bastion hosts, minimise inbound ports/public ip's or maintaining SSH keys. This tool can also be extremely useful if you have lost communication to your EC2 via your normal method.
This guide shows you how to configure it to connect via SSH to a Linux EC2 and powershell to a Windows EC2 using the session manager within systems manager.
Create an instance profile for Systems Manager managed instances
Open the IAM console
In the navigation pane, choose Roles then Create role.
Select type of trusted entity, choose AWS service.
In Choose the service that will use this role, in the full list of services, choose EC2.
In Select your use case, choose EC2 Role then Next
On the Attached permissions policy page, verify that AmazonEC2RoleforSSM is listed, and then click Next
Add tags as per your requirements
On the Review page, type a logical name in the Role name box and give it a description then select Create Role
Attach IAM Role to your EC2
Select the EC2 you want to attach the IAM role then select "Attach/Replace IAM Role"
Attach the role you created earlier and click Apply
SSM Agent (Linux)
SSM Agent is installed by default, on Amazon Linux base AMIs dated 2017.09 and later. SSM Agent is also installed, by default, on Amazon Linux 2 AMIs.
Check the agent version
sudo snap list amazon-ssm-agent
Install the SSM Agent
sudo snap install amazon-ssm-agent --classic
Further details on the agent install for your Linux version is here,
https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-manual-agent-install.html
Check the status of the agent
sudo snap services amazon-ssm-agent
SSM Agent (Windows)
Install the SSM Agent
SSM Agent is installed by default on instances created from Windows Server 2016 and Windows Server 2019 Amazon Machine Images (AMIs), and on instances created from Windows Server 2003-2012 R2 AMIs published in November 2016 or later.
If you are unsure if you have it, look for a service called Amazon SSM Agent
Download and install the latest agent from the following link;
https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe
Start or Restart the agent in Powershell
Restart-Service AmazonSSMAgent
Give it a few minutes for the EC2 to appear within Session Manager
Start a session
Navigate to AWS System Manager > Session Manager > Start Session > select the instance and click Start session
If your EC2 is not shown, give it a few minutes for the EC2 to appear within Session Manager then click refresh
Linux
You are taken straight into a SSH session where you can run your commands as normal, i.e.
Windows
You are taken straight into a powershell session where you can run your commands as normal, i.e.
To terminate a session select terminate at the top right of the session window then confirm within the pop-up box