AWS: Connect via localhost using AWS CLI and SSM


AWS account with an AWS access key id and and aws secret access key

Get yourself set up with the AWS CLI and SSM

  • Install AWS CLI: 
    • On a Mac:brew install awscli
    • On Windows: see here
  • Get your AWS access key and token: In AWS console, click your name top right and select Security Credentials
  • Export them to your env vars in ~/.bashrc as below
    • The ID is the 20-char one, probably all alpha characters
    • The key is the longer one (40 chars)
export AWS\_SECRET\_ACCESS\_KEY='xxx111/xxx111xxx111xxx111/xxx111xxx111+X'
  • Install the session manager plugin (Windows / Linux instructions and other details here)
-o ""
sudo ./sessionmanager-bundle/install -i /usr/local/sessionmanagerplugin
-b /usr/local/bin/session-manager-plugin
  • Get the AWS CLI set up
    • aws configure --profile \<PROFILENAME\>
    • (if you don’t have more than one aws account you can use default as the profile name or miss it out altogether)
    • AWS Access Key ID and secret access key as above
    • region name is whatever your region is, access key and token from the previous step.
    • If you have more than one AWS account you can change to this new profile (see below)
    • Now you can use the aws ssm command to connect (see below)





Connect Using SSM

Start a session to access the remote server.

  • On command line:
    • aws ssm start-session --target '\[EC2 instance id\]'
      • (on Windows, this doesn’t seem to work in GitBash - use Windows Terminal or a Linux shell instead)
    • Don’t forget the quotes around instance id - the resulting error if you forget is non-obvious
    • You might want to have the ec2-user credentials while you work: sudo su ec2-user – or if you’re doing database stuff you might want sudo su postgres
  • … or via AWS management console:
    • Use the Systems Manager service
    • Select Session Manager on left
    • Click Start Session, top right
    • Select the correct instance and click Start Session
    • You’ll want to have the ec2-user credentials while you work: sudo su ec2-user