Grant Session Manager permissions to the EC2 instance IAM role by either attaching the AWS-provided default policy AmazonSSMManagedInstanceCore or adding the Session Manager permissions through a new or existing policy to the EC2 instance IAM role.
Verify that the EC2 instance is displayed as a managed node in AWS Systems Manager. If not, please refer to the following article. Please note that NAT Gateway or VPC endpoints can be used in order to privately access an EC2 instance and Systems Manager APIs.
There is no need to add inbound rules to the EC2 instance security group.
There is no need for an EC2 instance key pair to establish the connection from the local machine.
Add the EC2 instance security group to the Amazon Redshift security group on the Redshift port.
If AWS CLI is not yet configured on the local machine, use the AWS configure command for setup.