A Guide to Set Up AWS Session Manager for Amazon EC2 Instances and Enhancing Remote Access Management

Introduction

In today’s fast-paced digital world, managing multiple sessions and access to various systems can be daunting. Traditional methods of handling sessions, such as using multiple SSH connections or relying on third-party tools, can be cumbersome and pose security risks. Enter the AWS Session Manager, a modern solution simplifying session management, enhancing security and streamlining workflows for system administrators and developers.

AWS Session Manager is a powerful tool that allows users to create and manage interactive sessions with instances in the cloud or on-premises servers. Unlike traditional methods, it operates over a secure and encrypted channel, eliminating the need to manage SSH keys and reducing the risk of security breaches.

Features & Advantages

Centralized Access Control: AWS Session Managers offer centralized access control, making managing and monitoring user access to different systems easier. Administrators can define granular permissions based on roles and users, ensuring only authorized personnel can access sensitive resources.
Audit Trails and Logging: AWS Session Managers provide detailed audit trails and logs of all session activities. This feature enhances accountability and helps to investigate and resolve security incidents effectively.
Multi-Platform Support: A robust AWS Session Manager supports various operating systems and cloud environments, making it versatile across different infrastructures.
No need for Inbound Ports: Unlike traditional SSH, AWS Session Managers require no inbound ports, eliminating the need for complicated network configurations and reducing the attack surface.
Seamless Integration: AWS Session Managers can be easily integrated with existing identity providers, making it convenient to leverage existing user directories for authentication.

Pioneers in Cloud Consulting & Migration Services

Reduced infrastructural costs
Accelerated application deployment

Get Started

Use Cases

Remote Server Administration: System administrators can manage and troubleshoot servers located anywhere, reducing the need for physical access and saving time and resources.
DevOps and CI/CD Pipelines: Integrating AWS Session Managers into DevOps workflows allows developers to securely access build environments, deployment servers, and other resources.
Troubleshooting Production Issues: Developers and support teams can quickly diagnose and resolve production issues by accessing the required servers securely.

Step-by-Step Guide

You must manually install SSM Agent on Amazon EC2 instances created from other versions of Linux AMIs. Below are the AMIs that come pre-installed.

Amazon Linux Base AMIs dated 2017.09 and later.
Amazon Linux 2
Amazon Linux 2 ECS-Optimized Base AMIs
Amazon Linux 2023 (AL2023)
Amazon EKS-Optimized Amazon Linux AMIs
macOS 10.14.x (Mojave), 10.15.x (Catalina), and 11.x (Big Sur)
SUSE Linux Enterprise Server (SLES) 12 and 15
Ubuntu Server 16.04, 18.04, and 20.04
Windows Server 2008-2012 R2 AMIs published in November 2016 or later.
Windows Server 2016, 2019, and 2022

Step 1 – SSH into the server to install the SSM agent and paste the following command to check if the agent is installed.

step1

Step 2 – Enter the following command to install the SSM agent and Verify the installation by entering the above command (from Step1)

step2

Note:- If the SSM agent is not there on EC2-server, please use the following command to install the SSM agent.

mkdir /tmp/ssm
cd /tmp/ssm
wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
sudo dpkg -i amazon-ssm-agent.deb
sudo systemctl start amzon-ssm-agent
sudo systemctl enable amazon-ssm-agent
sudo systemctl status amazon-ssm-agent

mkdir /tmp/ssm

cd /tmp/ssm

wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb

sudo dpkg -i amazon-ssm-agent.deb

sudo systemctl start amzon-ssm-agent

sudo systemctl enable amazon-ssm-agent

sudo systemctl status amazon-ssm-agent

If the above command does not work so use the following command.

sudo snap install amazon-ssm-agent –classic
sudo apt-get install snapd
sudo snap start amazon-ssm-agent
sudo snap services amazon-ssm-agent

sudo snap install amazon-ssm-agent –classic

sudo apt-get install snapd

sudo snap start amazon-ssm-agent

sudo snap services amazon-ssm-agent

Step 3 – Go to the AWS IAM console and click on the role

step3

Step 4 – Create an AWS Identity and Access Management (IAM) instance profile to use with SSM Agent.

step4

step4b

step4c

step4d

Step 5 – Choose the Amazon EC2, click on the action section, then choose Security and Modify AWS IAM role. In the AWS IAM Instance Profile dropdown list, select the instance profile you created in Step 4.

step5

step5b

Step 6 – Open the AWS Systems Manager console. In the navigation pane, choose Fleet Manager.

step6

Step 7 – Choose the Settings tab, and then choose Auto-update SSM Agent under Agent auto-update.

step7

Note: The Auto update SSM Agent setting applies to all the managed nodes in the Region where this setting is configured.

Step 8 – Go to the Amazon EC2 Dashboard, select Amazon EC2, click Connect and choose AWS Session Manager.

step8

step8b

For more information on installing SSM Agent, visit https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-manual-agent-install.html

Conclusion

AWS Session Manager is a powerful tool that simplifies session management, enhances security, and streamlines workflows for developers and system administrators. By centralizing access control, providing detailed audit trails, and streamlining development processes, AWS Session Managers offer a secure and efficient solution for modern IT environments. Embracing this technology empowers organizations to stay competitive, respond rapidly to changing needs, and protect sensitive data effectively.

Drop a query if you have any questions regarding AWS Session Manager and we will get back to you quickly.

Making IT Networks Enterprise-ready – Cloud Management Services

Accelerated cloud migration
End-to-end view of the cloud environment

Get Started

About CloudThat

CloudThat is an official AWS (Amazon Web Services) Advanced Consulting Partner and Training partner and Microsoft Gold Partner, helping people develop knowledge of the cloud and help their businesses aim for higher goals using best in industry cloud computing practices and expertise. We are on a mission to build a robust cloud computing ecosystem by disseminating knowledge on technological intricacies within the cloud space. Our blogs, webinars, case studies, and white papers enable all the stakeholders in the cloud computing sphere.

To get started, go through our Consultancy page and Managed Services Package that is CloudThat’s offerings.

FAQs

1. Can AWS Session Managers be used with on-premises servers or only in the cloud?

ANS: – AWS Session Managers are versatile and can be used with cloud-based instances and on-premises servers, providing a unified approach to session management across different infrastructures.

2. How does AWS Session Manager enhance security for my organization?

ANS: – AWS Session Managers enhance security by encrypting all communications, eliminating the need for SSH keys, and providing centralized access control. Detailed audit trails and logs help administrators monitor user activities and investigate security incidents effectively.

3. What platforms and environments do AWS Session Managers support?

ANS: – A robust AWS Session Manager typically supports various operating systems, including Windows, Linux, and MacOS, and is compatible with popular cloud providers such as AWS, Azure, and Google Cloud Platform.