My notes on how to nicely ssh into any EC2 instance you have access.
Incomplete probably :)
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.2 LTS
Release: 22.04
Codename: jammy
- The awscli v2 is installed
- Your private/public key is already generated in ~/.ssh
- AWS SSM agents running on EC2 instance. This is default for Amazon Linux 2
Through AWS console is easier because it creates the instance profile needed to attach to the EC2 instance.
Or follow https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html for awscli steps.
Make sure your EC2 instance has this instance profile attached to it.
Testing:
session-manager-plugin
The Session Manager plugin was installed successfully. Use the AWS CLI to start a session.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:StartSession"
],
"Resource": [
"arn:aws:ec2:*:471745365606:instance/*",
"arn:aws:ssm:*:*:document/AWS-StartSSHSession"
]
},
{
"Effect": "Allow",
"Action": [
"ssm:DescribeSessions",
"ssm:GetConnectionStatus",
"ssm:DescribeInstanceProperties",
"ec2:DescribeInstances",
"ec2-instance-connect:SendSSHPublicKey"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ssm:TerminateSession",
"ssm:ResumeSession"
],
"Resource": [
"arn:aws:ssm:*:*:session/${aws:username}-*"
]
}
]
}
host i-*
IdentityFile ~/.ssh/id_rsa
User ec2-user
ProxyCommand sh -c "aws ec2-instance-connect send-ssh-public-key --instance-id %h --instance-os-user %r --ssh-public-key 'file://~/.ssh/id_rsa.pub' --availability-zone '$(aws ec2 describe-instances --instance-ids %h --query 'Reservations[0].Instances[0].Placement.AvailabilityZone' --output text)' && aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
Testing
ssh i-0339264777c461477