aws

AWS Recipe: Using System Session Manager

Velda R

01 Jun 2025 — 3 min read

(instead of key pairs for connecting to EC2 instances)

What is AWS Systems Manager Session Manager?

Session Manager is a fully managed session manager of the AWS Systems Manager service. It frees you of opening ports like SSH in most scenarios and enables a more centralized control of accessing your services/instances.

Scenario Use Cases:

Not using key/pairs- You're labbing for an AWS certificate, and the thought of losing or managing your keys stresses you out.
Maybe you want an alternative to using a SSH client and just want to stick with the Console as much as possible.
You're on a team and want the ability to revoke access to another developer if needed, avoiding retaliation-related nightmare scenarios.

Basic Step-by-Step Guide

1. Launching an example EC2 instance with appropriate role

Here I'm launching an EC2 instance called `example_server` (using an Ubuntu quick start and instance type of t2.micro) and scrolling down to Advanced Details:

Screenshot of advanced details when creating an ec2 instance. There's a drop-down menu to select current IAM instance profile or creating a new one a link next to it

If you already created the EC2 instance you can edit this later through Actions > Security > Modify IAM Role.

Actions menu > Security > Modify IAM Role

2. Creating the IAM role

An IAM role is needed for access.

Landing page for creating a role. First select AWS Service then Use Case for EC2

3. Applying appropriate permissions to role

The most straightforward way to allow full access to an instance is to select the built-in policy AmazonSSMManagedInstanceCore

Adding permissions after choosing use case - second step of creating an IAM role

📝 Note: Make sure as of 2025 that `AmazonSSMManagedInstanceCore` policy is selected. Some older tutorials may still show `AmazonEC2RoleforSSM` but it will be deprecated in the near future.

4. Role created

`example_ssm_role` created. Used search bar under Roles to look for it more quickly.

EC2 Advanced Details showing IAM instance profile `example_ssm_role` selected in drop-down menu.

5. Connect to instance

EC2 > Connect > Connect to instance > Session Manager

This will launch the shell of the EC2 instance and you can sign in normally. (Default if you chose Ubuntu as a quick start: `sudo su ubuntu`, or, for a more comprehensive list of default usernames for other Linux distros see the docs.)

The Grass Is Greener on the Other Side Until It's Not

Content warning: Frank discussion of emotions, subtle classism, weird dreams. After an unusually stressful day at one of my jobs yesterday, I came home a bit frazzled. Having almost zero energy and needing to decompress, I watched a Dr K interview with Primeagen, while doing some lazy yoga-like stretches, and

Thoughts on Mortality

Content warning: Medical trauma, frank discussion of life and death. I haven't really listened to a lot of metal/rock music as I get older. Part of it is being easily overstimulated, having sensitive ears... Tinnitus, etc. However, there's something particularly moving about Ozzy Osbourne'

AI Shouldn't Be a Religion (Seriously)

Content/Possible trigger warning: existentialism, cults/religious extremism, mention of Elon Musk. I felt like my previous post might have been too blunt... Maybe a bit harsh. Maybe the technology is too recent to criticize... I had not so great feelings about GMOs until golden rice, thinking, "Oh, okay

AI Doesn't Have To Be a Cult

Content/Possible trigger warning: existentialism, misogyny, cult behaviors/survival. 6/26/2025 Update: Slight clarification to #8 and #9. “A big secret is that you can bend the world to your will a surprising percentage of the time — most people don’t even try,” he wrote on his blog. “The