Connect to your Amazon EC2 instance using Session Manager

You might encounter problems when you connect to the EC2 instance through the session manager for the first time. However, the following simple configuration can ensure a smooth process.

• Create an IAM Role and attach the policy "AmazonSSMManagedInstanceCore

• Create a custom Security Group which allows outbound HTTPS connection to the following endpoints.

ec2messages.region.amazonaws.com

ssm.region.amazonaws.com

ssmmessages.region.amazonaws.com

• Create an EC2 instance by clicking on Launch Instance

• Place your ec2 instance in a public subnet which contains a route pointing to an Internet Gateway object
• Enable Public IP for the instance.
• Attach the custom SG created on step2

• In the advanced section, select the IAM Instance profile created in step 1

• Launch instance

Well, it's not over yet. If you see the connect icon under session manager greyed out, check the following items.

1. SSM Agent not online

Reason: EC2 instance is not in a public subnet or does not have a route to the internet, or no Public IP is associated with the instance

2. Instance is not connected to the systems manager

Reason: Security Group does not have an outbound HTTPS rule enabled

Once these are sorted out, the connect icon becomes available.

The web shell would look like the one below.

Also, you will see the SSM agent status under the Fleet Manager.

In this way, Session Manager can be used to start a session with an instance in your account. After the session is started, you can run interactive commands on the instance as you would for any other connection type.

Resources:

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-with-systems-manager-session-manager.html
• https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-restrict-access-quickstart.html
• https://docs.aws.amazon.com/prescriptive-guidance/latest/patterns/connect-to-an-amazon-ec2-instance-by-using-session-manager.html