AWS-CLI then executes the session-manager-plugin that we installed above which then negotiates a secure WebSocket channel with SSM.When we run aws ssm start-session also connects to the AWS SSM service endpoint (very likely a different node though).When the instance boots up it connects to AWS SSM service endpoint and awaits the commands. ![]() Instead all the traffic is relayed through the SSM service. It would be nice to have a record of these logins in the standard places – if you know how to do that let me know in the comments.Īs I mentioned above the Session Manager doesn’t need inbound access to the instances. USER TTY FROM IDLE JCPU PCPU ~ # ~ # last One little unsettling thing is that this session doesn’t appear in who, w or last outputs… ~ # wĢ2:20:09 up 3:53, 0 users, load average: 0.00, 0.01, 0.05 22:05:58 INFO Successfully changed mode of /etc/sudoers.d/ssm-agent-users to 288 22:05:58 INFO Successfully created file /etc/sudoers.d/ssm-agent-users You can check what has been done in /var/log/amazon/ssm/amazon-ssm-agent.log: 22:05:58 INFO Successfully created ssm-user SSM Agent has automatically created this ssm-user for us and gave it sudo privileges. Check it out here: ssm-session – SSM Sessions the easy way UPDATE: I wrote a script to start SSM Sessions by instance name, IP, etc. Starting session with SessionId: dvig-006c1ff2b131a2531 With the plugin installed the usage is really simple: ~ $ aws ssm start-session -target i-0123abcd1234abcd ~ $ aws ssm start-session -target i-0123abcd1234abcd Otherwise you will get a message prompting you to do so. Make sure you’ve got the session-manager-plugin installed. There I can keep pressing Ctrl+W as much as I want □ I find it much better to open the shell session through aws cli.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |