AWS SSM Session Manager

0

Can I use an SSM session manager like bastion host to SSH any Linux instances? I want all the capabilities like what I can do after connecting to a Linux instance from the Bastion host.

3 Answers
2
Accepted Answer

Yes, it's possible and purely depends on exact use case.

To best answer your question, please see this re:Post Knowledge Article and re:Post Answer

Additional discussions for your reference:

Instance Connect vs Session Manager

Bastion host service

profile pictureAWS
EXPERT
answered 8 months ago
profile picture
EXPERT
reviewed 8 months ago
  • I can currently run an Ansible playbook command from the bastion host to update a ssl cert. in Java keystore on all 50+ instances. This is just an example, I can do many other stuff using Ansible. Is it possible with SSM?

  • Absolutely, you can run shell scripts, ansible playbooks. Basically SSM is just forwarding your commands to EC2. You may have preferences but I intentionally put references of other options as well that you can consider one over other depending on which method you find more convenient. Recently EC2 Instance Connect Endpoint feature is also launched, which provides great options and flexibilities. Recently I was helping one of the other re:Post user, you may want to take a look at this re:Post Answer too. So ultimately, it purely depends on your preference and use case. Hope this answers your question.

    Feel free to comment here, if you have questions further, happy to help. If this answers your question, please approve the answer for better community experience.

0

Yes, it is possible.
The following document shows port forwarding to RDS, but it is also possible to port forward SSH to Linux EC2.
https://aws.amazon.com/jp/blogs/mt/use-port-forwarding-in-aws-systems-manager-session-manager-to-connect-to-remote-hosts/

It is also possible to connect directly with Session Manager if the Linux EC2 is registered as a managed node of Systems Manager.

If this answer leads to a resolution, please approve the answer for the betterment of the community.

profile picture
EXPERT
answered 8 months ago
profile picture
EXPERT
reviewed 8 months ago
0

Also, consider that using SSM fir bastion host purposes has been dramatically simplified with this recently: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-using-eice.html

profile picture
EXPERT
answered 8 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions