Nikhil NareddulaIntroduction
Managing EC2 instances using SSH or RDP has been the standard practice for years. But did you know that AWS provides a safer, more efficient alternative? Enter AWS Systems Manager (SSM) – a powerful service that allows you to access and manage your instances without needing SSH keys, IP addresses, or open ports!
In this blog, we’ll explore what AWS Systems Manager (SSM) is, why you should use it, how it compares to traditional access methods, and how to set it up step-by-step.
What is AWS Systems Manager (SSM)?
AWS Systems Manager (SSM) is a management service that enables users to view, control, and automate operational tasks across AWS resources. It consists of multiple capabilities, including:
Session Manager: Provides secure shell access to EC2 instances without SSH or RDP.
Run Command: Enables you to execute commands across multiple instances at once.
Patch Manager: Automates patching for enhanced security.
Parameter Store: Securely stores and retrieves configuration data.
State Manager: Ensures instances are in a predefined state.
Automation: Helps streamline repetitive administrative tasks.
Key Benefits of AWS SSM
✅ No Open Ports: No need to allow SSH (port 22) or RDP (port 3389),
making it much more secure.
✅ No Public IPs Needed: You can connect to private instances securely.
✅ IAM-Based Access Control: Manage access using AWS Identity and Access
Management (IAM) roles and policies.
✅ Centralized Management: Execute scripts and commands on multiple
instances at once.
✅ Logging & Monitoring: Track all actions using AWS CloudTrail and
Amazon CloudWatch.
✅ Cross-Platform Support: Works with Windows, Linux, and hybrid cloud
environments.
How to Set Up AWS SSM for EC2
Step 1: Ensure SSM Agent is Installed
AWS SSM Agent is pre-installed on the following AMIs:
Amazon Linux 2
Ubuntu 20.04+
Windows Server 2019+
For other Linux distributions, install it manually:
sudo yum install -y amazon-ssm-agent # For Amazon Linux & RHEL
sudo apt-get install -y amazon-ssm-agent # For Ubuntu
Step 2: Attach an IAM Role to the EC2 Instance
Go to the AWS IAM Console.
Create a new IAM role with the AmazonSSMManagedInstanceCore policy.
Attach this IAM role to your EC2 instance.
Step 3: Start a Session Using AWS Systems Manager
Navigate to AWS Console → Systems Manager.
Go to Session Manager → Click Start Session.
Select your EC2 instance and click Start.
🚀 That’s it! You’re now securely connected to your EC2 instance!
Additional AWS SSM Features
Beyond remote access, AWS SSM can be used for:
1. AWS Systems Manager Run Command
Run shell scripts or PowerShell commands across multiple EC2 instances without SSH/RDP.
Example:
aws ssm send-command --document-name "AWS-RunShellScript" --targets "Key=instanceids,Values=i-1234567890abcdef" --parameters "commands=['yum update -y']"
2. AWS Systems Manager Patch Manager
Automates patching of EC2 instances for better security.
Ensures compliance with security standards.
3. AWS Systems Manager Parameter Store
Securely stores configuration data, passwords, and API keys.
Example retrieval command:
aws ssm get-parameter --name "/myapp/database/password" --with-decryption
4. AWS Systems Manager Automation
Helps streamline administrative tasks like instance recovery and state enforcement.
Example use case: Automatically restarting failed instances.
Conclusion
AWS Systems Manager eliminates the need for SSH keys, open ports, and manual access management, making it the best way to securely access and manage EC2 instances. Whether you’re a Cloud Engineer, DevOps Specialist, or System Administrator, SSM can greatly improve your workflow, security, and automation.
🔍 Follow me on linkedin more AWS insights! 🚀
*Share it if you found it helpfull *
Note : SSM is more than this, we can do more with aws system manager.
