Introduction
Effortlessly managing remote access to your Amazon Web Services (AWS) Elastic Compute Cloud (EC2) instances is a fundamental requirement for AWS users. AWS Systems Manager, particularly its Session Manager feature, offers a robust solution for securely managing and accessing EC2 instances. In this comprehensive guide, we’ll walk you through the process of configuring and using AWS Systems Manager’s Session Manager to connect to both Linux and Windows EC2 instances within private subnets. Whether you prefer Windows PowerShell or other CLI tools like Windows bash or GitBash, this guide will provide you with the necessary steps and insights.
Prerequisites
Before we delve into the implementation, ensure that you have the following prerequisites in place:
AWS Tools and Services:
- The AWS Command Line Interface (AWS CLI) must be installed on your local machine.
- The Session Manager plugin should be installed locally.
- An IAM user with programmatic access and the required permissions for Session Manager.
AWS Components and Services:
- Both Linux and Windows EC2 instances should be set up in a private subnet.(This is not a mandatory instance may be inside the public subnet too)
- The SSM agent must be installed in the EC2 instance (usually pre-installed in certain AWS-provided AMIs like AWS Linux 2).
- Ensure the necessary IAM permissions are added to the IAM role associated with your EC2 instances.
- Your EC2 Security Group should allow outbound connectivity on port 443 to Systems Manager endpoints, or you can use the default outbound rule that permits all traffic.
Implementation
1. AWS Systems Manager Overview
Begin by ensuring that your EC2 instances (both Linux and Windows) are set up in the private subnet and that all prerequisites, including the SSM agent, IAM role, and Security Group, are in place. These instances should be visible within AWS Systems Manager, specifically within the Session Manager service.
2. (Optional) Browser-Based CLI Session
For added convenience, AWS Systems Manager allows you to connect directly to your private EC2 instances from the AWS Systems Manager console, providing a browser-based CLI session.
3. Connecting to a Private Linux EC2 Instance
To access your private Linux EC2 instance from your local computer, execute the following PowerShell command:
1 |
aws ssm start-session --target <instance-id> --region <region> |
This command initiates a CLI session for your Linux instance.
4. Connecting to a Private Windows EC2 Instance
To connect to your private Windows EC2 instance from your local computer, follow these steps:
1 |
aws ssm start-session --target <instance-id> --document-name AWS-StartPortForwardingSession --parameters "localPortNumber=54321,portNumber=3389" --region <region> |
This command initiates the session and displays a screen. Keep this window open.
- Open an RDP session window and retrieve the Administrator user password from the AWS console using your EC2 private keypair.
- Enter the Administrator password to establish a GUI-based session on your Windows server.
Conclusion
In conclusion, AWS Systems Manager’s Session Manager simplifies remote access to your EC2 instances, whether they run Linux or Windows. This solution offers enhanced security and ease of management, allowing you to connect to your instances effortlessly. By following the steps outlined in this guide, you can troubleshoot issues and manage your instances with convenience and control. AWS Systems Manager Session Manager empowers you to optimize your AWS EC2 access, making remote management a seamless experience.