- Local Setup
- Ensure Your IAM Permissions
- IAM Policy Example
ssm:StartSessionfor DocumentName:AWS-StartSSHSessionand Target Instancessm:SendCommandfor DocumentName:AWS-RunShellScriptand Target Instance
- Target Instance Setup
- Ensure SSM Permissions fo Target Instance Profile
- Ensure SSM Agent is installed (preinstalled on all AWS Linux AMIs already)
- Install SSM Agent on Linux Instances
yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm & service amazon-ssm-agent restart
- SSM Agent on Windows Instances
- Install SSM Agent on Linux Instances
- Move proxy command script aws-ssm-ec2-proxy-command.sh to
~/.ssh/aws-ssm-ec2-proxy-command.sh - Ensure it is executable (
chmod +x ~/.ssh/aws-ssm-ec2-proxy-command.sh)
- Add ssh config entry for aws ec2 instances to your
~/.ssh/config. Adjust key file path if needed.host i-* mi-* IdentityFile ~/.ssh/id_rsa ProxyCommand ~/.ssh/aws-ssm-ec2-proxy-command.sh %h %r %p ~/.ssh/id_rsa.pub StrictHostKeyChecking no
ssh <INSTACEC_USER>@<INSTANCE_ID>- Ensure AWS CLI environemnt variables are set properly
- e.g.
AWS_PROFILE='default' ssh ec2-user@i-xxxxxxxxxxxxxxxx - If default region does not match instance region you need to provide it like this
AWS_PROFILE='default' ssh <INSTACEC_USER>@<INSTANCE_ID>--<INSTANCE_REGION>
- e.g.
- Ensure Prerequisits
- Use aws-ssm-ec2-proxy-command--ec2-instance-connect.sh proxy command script instead
- Use this IAM Policy Example instead
ssm:StartSessionfor DocumentName:AWS-StartSSHSessionand Target Instanceec2-instance-connect:SendSSHPublicKeyfor Target Instance andec2:DescribeInstances
- Follow Install Guide