New – AWS Systems Manager Session Manager for Shell Access to EC2 Instances
It is a very interesting time to be a corporate IT administrator. On the one hand, developers are talking about (and implementing) an idyllic future where infrastructure as code, and treating servers and other resources as cattle. On the other hand, legacy systems still must be treated as pets, set up and maintained by hand or with the aid of limited automation. Many of the customers that I speak with are making the transition to the future at a rapid pace, but need to work in the world that exists today. For example, they still need shell-level access to their servers on occasion. They might need to kill runaway processes, consult server logs, fine-tune configurations, or install temporary patches, all while maintaining a strong security profile. They want to avoid the hassle that comes with running Bastion hosts and the risks that arise when opening up inbound SSH ports on the instances.
We’ve already addressed some of the need for shell-level access with the AWS Systems Manager Run Command. This AWS facility gives administrators secure access to EC2 instances. It allows them to create command documents and run them on any desired set of EC2 instances, with support for both Linux and Microsoft Windows. The commands are run asynchronously, with output captured for review.
New Session Manager
Today we are adding a new option for shell-level access. The new Session Manager makes the AWS Systems Manager even more powerful. You can now use a new browser-based interactive shell and a command-line interface (CLI) to manage your Windows and Linux instances. Here’s what you get:
Secure Access – You don’t have to manually set up user accounts, passwords, or SSH keys on the instances and you don’t have to open up any inbound ports. Session Manager communicates with the instances via the SSM Agent across an encrypted tunnel that originates on the instance, and does not require a bastion host.
Access Control – You use IAM policies and users to control access to your instances, and don’t need to distribute SSH keys. You can limit access to a desired time/maintenance window by using IAM’s Date Condition Operators.
Auditability – Commands and responses can be logged to Amazon CloudWatch and to an S3 bucket. You can arrange to receive an SNS notification when a new session is started.
Interactivity – Commands are executed synchronously in a full interactive bash (Linux) or PowerShell (Windows) environment
Programming and Scripting – In addition to the console access that I will show you in a moment, you can also initiate sessions from the command line (aws ssm ...
) or via the Session Manager APIs.
The SSM Agent running on the EC2 instances must be able to connect to Session Manager’s public endpoint. You can also set up a PrivateLink connection to allow instances running in private VPCs (without Internet access or a public IP address) to connect to Session Manager.
Session Manager in Action
In order to use Session Manager to access my EC2 instances, the instances must be running the latest version (2.3.12 or above) of the SSM Agent. The instance role for the instances must reference a policy that allows access to the appropriate services; you can create your own or use AmazonEC2RoleForSSM. Here are my EC2 instances (sk1 and sk2 are running Amazon Linux; sk3-win and sk4-win are running Microsoft Windows):
Before I run my first command, I open AWS Systems Manager and click Preferences. Since I want to log my commands, I enter the name of my S3 bucket and my CloudWatch log group. If I enter either or both values, the instance policy must also grant access to them:
I’m ready to roll! I click Sessions, see that I have no active sessions, and click Start session to move ahead:
I select a Linux instance (sk1), and click Start session again:
The session opens up immediately:
I can do the same for one of my Windows instances:
The log streams are visible in CloudWatch:
Each stream contains the content of a single session:
In the Works
As usual, we have some additional features in the works for Session Manager. Here’s a sneak peek:
SSH Client – You will be able to create SSH sessions atop Session Manager without opening up any inbound ports.
On-Premises Access – We plan to give you the ability to access your on-premises instances (which must be running the SSM Agent) via Session Manager.
Available Now
Session Manager is available in all AWS regions (including AWS GovCloud) at no extra charge.
— Jeff;
from AWS News Blog https://ift.tt/2CHeeCu
via IFTTT
This comment has been removed by the author.
ReplyDeleteI really appreciate information shared above.
ReplyDeleteAmazon Web Services Online Training
your post is amazing for
ReplyDeleteba online training
Good work and you are putting the effort is very great. This post is having clear content about this topic and I hope more valuable post from your innovative blog. Keep it up...
ReplyDeleteAWS training in chennai | AWS training in anna nagar | AWS training in omr | AWS training in porur | AWS training in tambaram | AWS training in velachery
thx for all notify information
ReplyDeletePHP Training in Chennai | Certification | Online Training Course | Machine Learning Training in Chennai | Certification | Online Training Course | iOT Training in Chennai | Certification | Online Training Course | Blockchain Training in Chennai | Certification | Online Training Course | Open Stack Training in Chennai |
Certification | Online Training Course
Superb! shared information is very effective and informative.
ReplyDeleteAWS Devops Online training
https://mindmajix.com/aws-devops-training
Thanks for one marvelous posting! I enjoyed reading it; you are a great author. I will make sure to bookmark your blog and may come back someday. I want to encourage that you continue your great posts.
ReplyDeleteFull Stack Training in Chennai
Full Stack Course Chennai
Full Stack Training in Bangalore
Full Stack Course in Bangalore
Full Stack Training in Hyderabad
Full Stack Course in Hyderabad
Full Stack Training
Full Stack Course
Full Stack Online Training
Full Stack Online Course
Great blog. I am really enjoying reading your well written articles. It looks like you spend a lot of effort and time on your blog. Good Luck ! Keep it up.
ReplyDeleteHow to open QBO file?
Tableau training institute in Hyderabad can be a ticket to your fortunate tableau career. Dashboards, tableau desktop, Tableau online, charts, and many other key features of tableau this is best for you have interest visit my website link http://tableautrainings.in/
ReplyDeleteReact JS Training in Hyderabad
ReplyDeleteNice blog article , very informative
ReplyDeletejava full stack online training in hyderabad
A React course is a training program that teaches you how to use React, a JavaScript library for building user interfaces. React is one of the most popular JavaScript libraries in the world, and it is used by many large companies, such as Facebook, Airbnb, and Netflix.
ReplyDeleteA React course typically covers the following topics:
The basics of React, including components, state, and props
Advanced React topics, such as routing, Redux, and testing
How to build real-world applications with React
React training in Hyderabad
nice blog
ReplyDeletethanks for sheering information
thanks for sheering information
ReplyDeletenice blog
Nice post very informative
ReplyDeleteNice Article!
ReplyDeleteThanks for sharing with us 🙂
SAT Coaching in Hyderabad