Did you know there is a better way to connect to your AWS Linux Instances than SSH?
For years, you used SSH as the only way to access your ec2 instances, surely you've exposed port 22 to anywhere (0.0.0.0/0) making your instances or bastion instances reachable from anyone on the internet. Some people prevent this by implementing VPN solutions, which increases the complexity and potential points of failure and tons of maintenance tasks.
Your search ended right here, there is a great tool that allows you to connect to the Linux terminal, SSM Session Manager.
This powerful tool adds great features and characteristics to improve your environment security:
Removes the administrative tasks to manage ssh keys
The authentication and authorization relies on your IAM
You can connect to your instance using the web console or the AWS CLI
Removes the needs to setup bastion hosts or VPN servers to connect to instances in private networks
One-click access to instances from the console and CLI
Provides logging and auditing session activity
Supports tunneling: you can use a Session-type SSM document to tunnel traffic, such as HTTP or a custom protocol, between a local port on a client machine and a remote port on an instance.
Where can I start?
Here is the official documentation:
The short version is:
Create an IAM role with an instance profile
Attach the policy named AmazonSSMManagedInstanceCore to the role
Attach an IAM instance profile to an EC2 instance as you launch it or to a previously launched instance.
Remove port 22 or the custom port associated with ssh from your instance
On the EC2 web console, select the instance and go to the Actions menu, select to connect, then on the second tab select Session manager and finally, hit on connect.
If you want to use your terminal:
You need to meet the requirements and install the session manager plugin