ec2-ssh-proxy can be used in SSH ProxyCommand, and enables you to connect EC2 instance without managing ssh keys or
opening ssh server port.
-
First, set up your AWS account that you can use SSH over Session Manger and EC2 Instance Connect.
-
Confirm that an instance profile that contains the AWS managed policy
AmazonSSMManagedInstanceCoreis attached to your target instances. -
Confirm you have right permissions to access EC2 Instance Connect and Session Manager.
IAM Policy example:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowSendSSHPublicKey", "Effect": "Allow", "Action": "ec2-instance-connect:SendSSHPublicKey", "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "StringEquals": { "ec2:osuser": "ec2-user" } } }, { "Sid": "AllowStartSession", "Effect": "Allow", "Action": "ssm:StartSession", "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:document/AWS-StartSSHSession" ] }, { "Sid": "AllowDescribeSessions", "Effect": "Allow", "Action": [ "ssm:GetConnectionStatus", "ssm:DescribeSessions", "ssm:DescribeInstanceProperties", "ec2:DescribeInstances" ], "Resource": "*" }, { "Sid": "AllowTerminateYourSession", "Effect": "Allow", "Action": "ssm:TerminateSession", "Resource": "arn:aws:ssm:*:*:session/${aws:username}-*" } ] }
-
-
Install
ec2-instance-connect.Download the binary from https://github.com/ojima-h/ec2-ssh-proxy/releases.
-
Install the Session Manager Plugin.
-
Get AWS access key and secret key, and configure credentials.
$ aws configure [--profile ...] -
Configure your
~/.ssh/configfile:Host ec2.* User ec2-user ProxyCommand ec2-ssh-proxy %h %p
Now, you can connect to an EC2 instance as follows:
ssh ec2.YOUR_INSTANCE_NAME