= AWS/SSM-Systems-Manager = sudo /etc/init.d/docker start docker ps docker build -t ssm-agent-build-image . docker run -it --rm --name ssm-agent-build-container -v `pwd`:/amazon-ssm-agent ssm-agent-build-image make build-release == Conditions for AWS SSM to work on instance == 1. Must be running the SSM agent, e.g. use Amazon image with it pre-loaded 2. The Instance must have a Instance Profile/Policy with "AmazonSSMManagedInstanceCore" 3. The SSM endpoint must be reachable for the instance, out to internet or PrivateLink. * ssm.region.amazonaws.com * ssmmessages.region.amazonaws.com * ec2messages.region.amazonaws.com == AWS SSM port forward windows RDP 3389 to local == 1. Install the [[https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html#install-plugin-linux | AWS system manager plugin]] 2. Install aws cli v2 3. Login to aws. 1. Using ~/.aws/config keys 1. aws configure sso / aws sso login 4. Connect and port forward {{{ aws ssm start-session --profile ssoMyProfile --target i-0abcdefgh --document-name AWS-StartPortForwardingSession --parameters '{"portNumber":["3389"], "localPortNumber":["3389"]}' }}} 5. RDP with client e.g. Remina to localhost:3389 == Setup Instance Profile -> role for ec2 ssm access == * terraform example {{{ resource "aws_iam_instance_profile" "ssm-profile" { name = "AmazonSSMManagedInstanceCore" role = aws_iam_role.AmazonSSMManaged.name } resource "aws_iam_role" "AmazonSSMManaged" { name = "AmazonSSMManagedInstance" #path = "/" assume_role_policy = data.aws_iam_policy_document.ssm-ec2.json } data "aws_iam_policy_document" "ssm-ec2" { statement { principals { type = "Service" identifiers = [ "ec2.amazonaws.com", ] } actions = [ "sts:AssumeRole", ] } } resource "aws_iam_role_policy_attachment" "SSM" { role = aws_iam_role.AmazonSSMManaged.name policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore" } }}}