Node Management

As noted previously, Systems Session Manager is a service that is used to provide cli based access to EC2 workloads without the need to expose it on the internet or without the requirement of bastion host or jump host. It is part of Node Management sub service of AWS Systems Manager

AWS SSM Session Manager is an excellent feature to connect to and manage all hybrid infrastructure remotely without having to use SSH for Linux or RDP for Windows instances. It provides the added bonus of security, as IT Teams don't need SSH/RDP ports open and access control to who can establish shell sessions using IAM policies. It also allows for logging and auditing of all activity during a shell session via Session Manager.

For this to work, an SSM agent either needs to be preinstalled or needs to be installed on the EC2 instance. It is compatible with both Windows as well as Linux

The steps to setup the same are laid out in detail here.

SSM agent allows administrators to remotely execute commands, automate tasks, and manage configuration settings on those instances. It provides a secure and efficient way to perform various operational tasks, such as software patching, inventory management, and software installation with the highest privileges on the EC2 instances

Note that to connect Virtual Machines in other cloud providers i.e., Non-AWS Virtual machines or on-prem machines, Hybrid Activations can also be used. However, it requires Key activation for SSM Agent when installed on them. It can as summarized below:

Note all of the instances that have AWS SSM agent installed can be collectively managed into Fleet Manager

Another important feature to understand the types of automation that can be done is to check SSM Documents (present under Shared Resources -> Documents ). A sample SSM Document format can look like as shown below: