In this post we will discuss on how to login Linux boxes without SSH Keys by using AWS system manager.
in general as soon as create an AWS Ec2 instance, we have to login to the instance and manage it right? So, in order to connect to Linux boxes needed SSH Keys and for Windows boxes RDP Protocol.
before going to the actual steps , we have to know about what is AWS system manager and the session Manager.
AWS Systems Manager is an AWS service that you can use to view and control our infrastructure on AWS.
With Systems Manager, we can group resources, like Amazon EC2 instances, Amazon S3 buckets, or Amazon RDS instances, by application, view operational data for monitoring and troubleshooting, and take action on our groups of resources.
Systems Manager simplifies resource and application management, shortens the time to detect and resolve operational problems, and makes it easy to operate and manage your infrastructure securely at scale.
The AWS Session Manager is part of the AWS Systems Manager service.
Session Manager is a new interactive shell and CLI that helps to provide secure, access-controlled, and audited Windows and Linux EC2 instance management. Session Manager removes the need to open inbound ports, manage SSH keys, or use bastion hosts.
With Session Manager, you can improve security, centralize access management, and receive detailed auditing. In addition to not requiring you to open inbound ports, you can use Session Manager with AWS Private Link to prevent traffic from going through the public internet
Session Manager users can get started quickly by clicking to start a session and then selecting an instance.
now jump in to the configure the actual steps.
Create Roles in IAM Console:
Go to IAM console and create Role with the below policies
AmazonEC2RoleforSSM and AmazonSSMAutomationApproverAccess
in my case I'm creating the name called AWS-SYSTEM-SESSION-Management
please find the below Summary of the Role which we have created for more understanding
Now we have to create the EC2 instance by providing the Roles which we have created above.as below
Go to EC2 dashboard
Launch Instance
Step 1: Choose an Amazon Machine Image (AMI)
select your desired AMI from the list
Step 2: Choose an Instance Type
choose t2.micro
Step 3: Configure Instance Details
Step 4: Add Storage
give it blank
Step 5: Add Tags
give it blank, if want you can add.
Step 6: Configure Security Group
Step 7: Review Instance Launch
Click on the Launch button and select the key pair as below screen
Then click on Launch Instance.
Now we will connect Ec2 Instance which we have created by 2 ways .
1. from EC2 Dashboard
click on connect we will get the below screen with out asking username and password to the box.
2. from the System Manager service :
We can configure AWS CloudWatch, to allows us to know what we are doing on created instance, in order to that go to CloudWatch service and create the log group
then go to System manager Service --> Session manager --> preferences
and click on Edit
select on the CloudWatch logs check box.
and Click on Save.
after completion of the Cloud watch configuration, we will run some commands on the linux box and see whether those are recorded on the cloud watch.
after some time .. CloudWatch will record the entire Box and its events.
For more details on AWS System Manager Session Manager can be found at :
No comments:
Post a Comment