By using AWS re:Post, you agree to the Terms of Use

What protocol and port # does SSM agent run on?

0

HI,

I'm running SSM agent in a hybrid environment behind a firewall. I like to know what port needs to be open to allow SSM to remotely manage the agent behind the firewall.

Thank you.

asked 5 years ago1670 views
4 Answers
1

Hi,

The SSM agent doesn't require any inbound ports to be opened, all communication from the agent is outbound HTTPS to the SSM and EC2 Messages endpoints in the region where your instances are registered:

https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html

Hope that helps.

/Mats

profile picture
answered 5 years ago
0

Thanks!

answered 5 years ago
0

An inbound port is required to create a Systems Manager Session Manager session.
The minimum requirement seems to be port 22 inbound from the security group itself - port 22 can be happily blocked in the VPC NACL and just allowed on the Security Group from the security group to itself.

answered 2 years ago
0

Session Manager does not require any inbound ports to support any of the features it supports. Even if you make use of the SSH tunneling feature of Session Manager (https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-enable-ssh-connections.html), there's no need for any inbound ports to be open.

/Mats

profile picture
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions