Connect Amazon EC2 Instances Using Session Manager

There are some prerequisites in order to access the Session Manager which is an SSM agent which actually handles everything there. In order for a Session Manager to work and perform this operation, you need to have this already installed on your machine. Also, if you are choosing your local laptop PC, it should be there, as well. AWS provides a certain list of AMIs that we can use in order to pair this SSM agent. It is already pre-installed. These are some of the Amazon Linux images, Ubuntu images, and a couple of Windows servers images. Here, the SMM agent is already pre-installed. In other cases, if you want to use an SSM agent, and you have an EC2 instance already running and you find an SSM agent is not installed there, what you need to do is install that, then you can use this. Otherwise, it’s not possible. It’s going to show you an error like you’re not connected.

What I’m going to do is a simple demo, where I’m going to use my laptop to start a session and connect my EC2 instance, which is present in a private subnet, and to connect it with an RDS. Moving on to the table. Currently, I have created an EC2 instance and a simple RDS. If I go and open RDS, you can see it’s set for PostgreSQL RDS, which is placed in private subnets. It’s not publicly accessible. In order to access it, we need to go through the EC2 instance, as well. Moving on, if I put the EC2 instance, you can see there is no public IP involved. I only have a private IP here. If I scroll down a bit, you can see that you have no key pair attached here, as well. If I open the role here, the permissions that I mentioned are attached to the EC2 instance. Furthermore, if I go into Security and click on the security group here, you can see that there is no inbound rule here. Outbound is present, but for inbound, there is no port available because we don’t need that.

How can we connect with this instance? There are two ways. First, is the most simple way where we can just click on this connect here. In the second portion, you can see which is referring to it as Session Manager. If I go and simply connect here, it takes a couple of seconds to start the session. We are here in the EC2 instance.

The second way, which I’m using, is going through my terminal. In order to access using this, your AWS credentials are required here, as well. In order to access it, we need some AWS CLI command to start the session you could type “AWS SSM Start Session” and we are going to enter the target. The target is the EC2 instance ID, which we can fetch from here. If I copy it here, and if I paste it here, enter. It’s going to take a couple of seconds to start the SSH session. Let me just give it sudo permissions. This was another way you can access your Session Manager through your terminal SM. You need to have that agent installed on your system, whether you’re using Mac or Windows, you want to have that installed here.

Moving on, I need to access and correct my RDS, which is this one I showed you earlier. In order to do that, I have created a simple script. If I go and create it. Get RDS, yes. What this file contains is simply a command login command to access my RDS, which is this one, where I’m just skimming its endpoint, its port, and its default user. Let me just execute this command. It’s asking for that RDS password that we just provided here and we can access the RDS. You can perform your basic operations whatever you want into RDS. For instance, I created a table here, and put the name ‘Friday demo.’ Other than that, the major advantage of using this is that it’s very simple as compared to using SSH. You are required to enter your PEM key and also the port, as well. It’s provided an extra layer of security to it, as well. It’s much safer than if I created a Bastion instance, which is part of a public IP, so it’s not exposed to the internet and is way more secure than that.