Did you know there is a better way to connect to your AWS Linux Instances than SSH?

For years, you used SSH as the only way to access your ec2 instances, surely you've exposed port 22 to anywhere (0.0.0.0/0) making your instances or bastion instances reachable from anyone on the internet. Some people prevent this by implementing VPN solutions, which increases the complexity and potential points of failure and tons of maintenance tasks.

Your search ended right here, there is a great tool that allows you to connect to the Linux terminal, SSM Session Manager.


This powerful tool adds great features and characteristics to improve your environment security:

  • Removes the administrative tasks to manage ssh keys

  • The authentication and authorization relies on your IAM

  • You can connect to your instance using the web console or the AWS CLI

  • Removes the needs to setup bastion hosts or VPN servers to connect to instances in private networks

  • One-click access to instances from the console and CLI

  • Provides logging and auditing session activity

  • Supports tunneling: you can use a Session-type SSM document to tunnel traffic, such as HTTP or a custom protocol, between a local port on a client machine and a remote port on an instance.


Where can I start?


Here is the official documentation:

https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html


The short version is:

  • Create an IAM role with an instance profile

  • Attach the policy named AmazonSSMManagedInstanceCore to the role

  • Attach an IAM instance profile to an EC2 instance as you launch it or to a previously launched instance.

  • Verify that your instance meets the requirements

  • Remove port 22 or the custom port associated with ssh from your instance

On the EC2 web console, select the instance and go to the Actions menu, select to connect, then on the second tab select Session manager and finally, hit on connect.


If you want to use your terminal:

  • You need to meet the requirements and install the session manager plugin

  • Run this command aws ssm start-session --target <<instance_id>>


Now you know how to use this fantastic tool and improve your workload security,

Give it a try, you will no regret it.



Follow us on @Teracloud.io for more #TeraTips








Damian Gitto Olguin

CTO

Teracloud.io





#Teracloud #aws #TeraTips #awsLinux #SSH #sessionmanager #everydaywiser #EC2Instances #Amazon EC2

Entradas recientes
Archivo