In this tutorial, you'll learn how to connect to EC2 instances using Session Manager's browser based shell in AWS Systems Manager service.
_
Video Transcript:
_
Hi guys, this is Abhi from Gokcedb. In this video, you're going to learn how to open browser-based sessions to your EC2 instances in AWS. Let's get into it. Let's start by navigating to the EC2 service then click on the launch instance then give your instance a name.
Choose an Amazon Linux AMI instance type and key pair. I'm going to leave the network settings to default and then expand the advanced details section. Usually, for an IAM instance profile, I select the SSM-managed instance core role.
However, for this tutorial, I'll be picking Amazon SSM's full access role. Here's why the session manager sends data to Cloudwatch. It needs access to the Cloudwatch service.
I want you guys to pay attention here because this is important. If you expand the Amazon SSM-managed instance core policy in the IAM console, you won't find any actions related to Cloud watch. However, in the Amazon SSM full access policy you can see the cloud watch.
Put metric data action defined with an effect of allow. Click on the launch instance then view all instances. Let's launch one more instance but this time we'll select a Windows AMI.
I'm going to leave all the other settings the same as before then hit the launch instance. If we head back to your EC2 dashboard, you'll notice that our Linux server is now up and running but the Windows server is in a pending state it should be up and running shortly. Next, let's head to the systems management service then click on session manager in the left menu then navigate to the preferences tab.
Click edit then specify a value of idle session timeout in minutes then scroll down to the cloud watch logging section. Enable cloud watch logging then set stream session logs as the logging option. For the log group name let's head to the cloud watch service and create a new group first.
Click on log groups in the left menu then hit the create button. Give your log group a name then hit the create button again. Now we can select the log group that we just created from the list.
I'm going to leave the S3 logging disabled then hit save. Let's head back to the session tab then click on start session. I'm going to select my Window Server as the target instance then click on the start session button again.
Here we can run commands like hostname to get the current hostname or run a command like dir to list all the files and directories in the current working directory. I'm going to terminate this session and start a brand new session on my Linux server. On the Linux box we can run commands like hostname hyphen f or ls-ltr but this time I'm going to pipe it to head so we only see the first files.
If I run the PS command and pipe the output to grep to search for the SSM keyword you'll notice that the SSM user has an active process called sh which is the current shell that we're working on. Let's terminate this session and head to the session history tab. Here you can find all historical sessions that have been opened using the session manager.
To view these session logs, click on the cloud watch logs link under the output location column. If you expand the log lines, you can find all the commands and their output that were run during this session. There you have it.
If you have any questions, leave them in the comment section below. Don't forget to like, subscribe, and turn on your notification bell. Until next
