Skip to content

Instantly share code, notes, and snippets.

@leonardossz

leonardossz/EC2-SSH-solution.md

Created April 2, 2023 14:01
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save leonardossz/23add58639cc137e3013572531632d27 to your computer and use it in GitHub Desktop.
Save leonardossz/23add58639cc137e3013572531632d27 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
EC2-SSH-solution.md

Ultimate SSH setup for EC2 Instances on AWS

My notes on how to nicely ssh into any EC2 instance you have access.

Incomplete probably :)

Tested on Ubuntu

$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.2 LTS
Release:        22.04
Codename:       jammy

Requirements

  • The awscli v2 is installed
  • Your private/public key is already generated in ~/.ssh
  • AWS SSM agents running on EC2 instance. This is default for Amazon Linux 2

Attach IAM Role granting SSM API Access to EC2 instances

Through AWS console is easier because it creates the instance profile needed to attach to the EC2 instance.

Or follow https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-service.html for awscli steps.

Make sure your EC2 instance has this instance profile attached to it.

Install AWS Session Manager plugin

https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html#install-plugin-debian

Testing:

session-manager-plugin                                                                    
The Session Manager plugin was installed successfully. Use the AWS CLI to start a session.

Required permissions

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ssm:StartSession"
            ],
            "Resource": [
                "arn:aws:ec2:*:471745365606:instance/*",
                "arn:aws:ssm:*:*:document/AWS-StartSSHSession"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "ssm:DescribeSessions",
                "ssm:GetConnectionStatus",
                "ssm:DescribeInstanceProperties",
                "ec2:DescribeInstances",
                "ec2-instance-connect:SendSSHPublicKey"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ssm:TerminateSession",
                "ssm:ResumeSession"
            ],
            "Resource": [
                "arn:aws:ssm:*:*:session/${aws:username}-*"
            ]
        }
    ]
}

SSH Configuration

host i-*
IdentityFile ~/.ssh/id_rsa
User ec2-user
ProxyCommand sh -c "aws ec2-instance-connect send-ssh-public-key --instance-id %h --instance-os-user %r --ssh-public-key 'file://~/.ssh/id_rsa.pub' --availability-zone '$(aws ec2 describe-instances --instance-ids %h --query 'Reservations[0].Instances[0].Placement.AvailabilityZone' --output text)' && aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"

Testing

ssh i-0339264777c461477
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment