Connect to EC2 via AWS Session Manager and without SSH inbound rule

The AWS EC2 and SSH connection always go hand in hand. As a DevOps engineer, you would always want to connect to your EC2 instance via SSH and perform various tasks.

To connect EC2 via SSH, we must add an inbound rule for port 22 and specify range address. Many times, engineers leave port open to “0.0.0.0/0” even though AWS console warns about it. (Who takes warning seriously unless there is an error, right?). The open SSH port could lead to an attack from outside and thus its very important to secure it.

The AWS System Manager service has introduced new feature called “Session Manager” which allow users to connect to their EC2 without enabling SSH port. Yes, no open port for SSH i.e. port 22 and still we can connect to EC2 instance with SSH terminal!

In this post, we will setup Session manager and connect to EC2 via AWS Console.

Assign IAM policy to EC2 instance

The EC2 instance should have a IAM role attached so that Session Manager can access it. We can setup the role as below:

• Login to AWS Console
• Open EC2 Dashboard
• Select target EC2 instance in list
• Right click on EC2 instance and select “Instance Settings -> Attach/Replace IAM Role” as shown in figure.