Use AWS Systems Manager: Bastion free & SSH Key free access to EC2 Instances

Girish V P
Sep 12, 2018 · 4 min read

This Blog has moved from Medium to All the latest content will be available there. Subscribe to our newsletter to stay updated.

Ever since I learned AWS I had a basic requirement, Access the EC2 instance from AWS web console without using a bastion host or an SSH key. Is it possible to do it ? Yes, this can be done with a simpler configuration using the AWS System Manager’s Session Manager options. Also, System Manager can access Windows systems CLI.

How does it help ?

  1. Since the SSH port is not opened, SSH brute force attack risks are eliminated completely. Communication between instance and System Manager is through a encrypted tunnel.
  2. Bastion host is not required, and user is free from login to multiple systems before accessing the instances.
  3. The key sharing can be avoided and access to the instance can be limited using AWS IAM permissions. Read our blog on the issues associated with sharing SSH keys here.
  4. It provides an easy access to the EC2 instances. Just like traditional virtualisation setup you can switch between the instances easily.
  5. Session Manager API can provide programatic access and further integration with other services.


AWS Region: N.Virginia
OS: Amazon Linux 2
RPMS: amazon-ssm-agent-
  • Instance preparation
  • SSM agent Installation
  • AWS Systems Manager setup

Instance preparation

  1. Create a IAM Role which will be attached the EC2 instance later in the experiment. AmazonEC2RoleForSSM policy allows SSM service access.

2) Create an EC2 Instance of your preference. I have used Amazon Linux 2 AMI. Attach the Role you created to the instance.

SSM Agent Installation

  1. Access the EC2 instance you have created with the SSH key for the one time SSM agent configuration.
  2. Execute the commands below after you login(sudo) as root.
# mkdir /tmp/ssm
# cd /tmp/ssm
# yum install -y
# systemctl enable amazon-ssm-agent
# systemctl start amazon-ssm-agent

For more information on SSM agent installation, please follow document below.

3)Make sure that SSM agent version is 2.3.12 or above.

AWS Systems Manager setup

  1. From the AWS Web Console access the System Manager service

2) Click Session Manager and then click “Start Session”.

3) In the next window, select the instance and click “Start Session

4) The OS console window opens and you are able to execute any command on the instance.

Note: For Windows make sure that you have installed latest or supported SSM agent. System Manager can access Windows CLI.


Accessing the EC2 instance is an easy process now. No need of a bastion host or the SSH key. You can do it using AWS session manager with a simple configuration.

Related information

Tensult Blogs

Stories on Cloud computing, Analytics, Automation and…

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store