Set a banner for ssm sessions from the ami

Unfortunately, there isn't a direct way to set a banner for AWS Systems Manager (SSM) Session Manager logins directly from an Amazon Machine Image (AMI). The banner configuration for Session Manager is typically set at the AWS account level, not at the individual instance level.

However, you can create a Session Manager preferences document that defines session options, including a potential banner or warning message. This document is created and managed at the AWS account level, not within the AMI itself.

To implement a solution that works across a multi-account environment, you would need to:

1. Create a standardized Session Manager preferences document that includes your desired banner text.

2. Use automation, such as AWS CloudFormation or AWS Organizations, to deploy this preferences document consistently across all your accounts.

3. Ensure that the preferences document is set as the default for Session Manager in each account.

This approach would allow you to maintain a consistent banner across your multi-account environment without needing to bake it into each AMI. The banner would be displayed when users initiate a Session Manager session, regardless of which instance they're connecting to.

It's important to note that this solution operates at the AWS account level, not the individual instance level. Therefore, it wouldn't be possible to set different banners for different instances within the same account using this method.

If you specifically need instance-level customization, you might need to explore custom solutions, such as modifying the shell configuration on each instance to display a message upon login. However, this wouldn't be a native AWS Session Manager feature and would require additional setup and maintenance.
Sources
Create a Session Manager preferences document (command line) - AWS Systems Manager