We here at QloudX manage hundreds of Amazon EC2 instances for our clients. One of the routine activities you will end up doing several times a day when working with EC2 instances, is connecting to a terminal on your instances.
For security reasons, none of our security groups have the SSH port open, and most of the instances are in private subnets anyway.
AWS Systems Manager Session Manager is a great way to connect to your instances, especially in such restricted environments.
Session Manager is a fully managed AWS Systems Manager capability. With Session Manager, you can manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and virtual machines (VMs). You can use either an interactive one-click browser-based shell or the AWS Command Line Interface (AWS CLI). Session Manager provides secure and auditable node management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys.
Session Manage is great, but what if you have a real need to use SSH? In our case, we wanted to run Ansible playbooks on several private instances at once & since Ansible tries SSH connection to the instances, it would be great if we could somehow use the machine’s local SSH client with SSM.
The alternative would be to open up the SSH port on security groups & connect to them using SSH private keys via either a bastion host (jump box) or a VPN connectivity to the VPCs. All this is too cumbersome & difficult to maintain at scale. There has to be a better, simpler way! 🤔
SSH Over SSM!
As it turns out, it’s fairly easy to configure the SSH command on your terminal to use SSM behind the scenes! Once configured, everyone using SSH from this machine would use SSM automatically, including Ansible, Terraform, Packer, etc.
First, configure ~/.ssh/config to proxy all your SSH commands to a script we provide:
Privacy & Cookies Policy
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.