AWS – Using AWS Systems Manager to log in to instances from the console

How to change the time zone on Windows Server 2019

AWS Systems Manager is a service that many administrators overlook, but if you take the time to learn its capabilities, you will find that it offers invaluable ways to group large numbers of resources together to issue batch operations quickly and efficiently. At the time of writing, it provides a quick overview of EC2 instances, S3 buckets, and RDS databases. One of its most common uses is patch management on a fleet of EC2 instances. If you have ever spent time manually patching a large number of instances, you know that it can be a tedious and error-prone process. Systems Manager solves this problem for you. But patching isn’t all that it offers. In this recipe, you will learn how to take advantage of one of the newer features that has been added to Systems Manager so that you can log in to your EC2 instances directly from the console, with no key pairs or external terminal window required.

Getting ready…

You will need an EC2 instance to complete this recipe. If you already have an instance, you can skip these steps and move on to the How to do it… section:

  1. Log in to your AWS account, go to the EC2 dashboard, and click Launch Instance.
  2. Select the default instance type, which at the time of writing is  Amazon Linux 2 AMI (HVM) > SSD Volume Type.
  3. On the next screen, go with the default selection of T2.micro and click Review and launch.
  4. Click Launch on the following screen to launch your instance.


  1. On the key pair dialog, select Proceed without a key pair. Normally, this would make it impossible to access the instance using SSH, but the Systems Manager Session Manager will allow us to connect:

Proceeding without a key pair
  1. Click Launch Instances and wait until the instance is fully initialized.

An agent running on the EC2 instance is required to facilitate Systems Manager actions. In most cases, the SSM Agent will already be installed on your instances. If you have an instance that uses an operating system such as RedHat, you might need to install it manually. Follow the instructions on the following page to learn how to do this:

How to do it…

Follow these steps to log in to your instance using Systems Manager Session Manager:

  1. Systems Manager needs permissions to access your instance, so you will need to create an instance profile and associate it with the instance. Instance profiles are containers for roles that apply to all applications running on the instance and are used to avoid the need for storing access keys and secrets on the machine. First, go to the Identity and Access Management (IAM) dashboard, select Roles, and then click Create Role.
  2. Choose EC2 as the service that will use this role and click Next: Permissions.
  3. Search for and select AmazonEC2RoleforSSM:

  1. Click Next: Tags and then Next: Review.
  2. Name the role  MyEC2RoleForSSM and click Create role.


  1. Go back to the EC2 dashboard and select your running instance. Click Actions  >  Instance Settings  >  Attach/Replace IAM Role:

Attaching an IAM role to an EC2 instance
  1. On the following screen, select the role you just created and click Apply.
  2. Go to the AWS Systems Manager dashboard:

AWS Systems Manager dashboard
  1. Select Session Manager from the menu on the left-hand side of the screen, and then click Start Session. You should see your EC2 instance in the list of available instances. If you don’t see it, wait a few minutes and refresh the screen since it might take a while for Systems Manager to notice that you added the instance profile to your instance:

Starting a session
  1. Select the instance and click Start session. A Terminal session will open in a new tab:

A Systems Manager Session Manager Terminal window
  1. Terminate the EC2 instance to avoid future charges if you don’t have any further use for it.

Session Manager is a great tool that simplifies gaining access to your EC2 instances, thus improving security by removing the need to manage an externally stored key pair.

How it works…

Systems Manager Session Manager allows you to log in to your instances without the need for SSH keys or Terminal clients. This allows you to rescue instances if you happen to lose your key pairs, and it can add an increased level of security since, if you never create a key pair in the first place, there is no chance that it could ever be compromised.

The SSM Agent, which is installed by default on Amazon Linux instances, combined with the instance profile that is attached to the instance, allows Systems Manager to take actions on that instance on your behalf.

There’s more…

Session Manager is just the tip of the iceberg as far as Systems Manager is concerned! Take some time to explore the service to find out about its many organizational benefits that can increase your productivity and take the repetitive motions out of your administration routine.

Here are a few features that are offered by Systems Manager:

  • Resource Groups allow you to create groups of instances that can easily be searched, and these groups can be acted on all at once. An example is applying a patch to all the instances in the group.
  • Use Built-in Insights to check Config rule compliance, CloudTrail logs, and Trusted Advisor recommendations.
  • Use the Run command to issue shell commands to a large batch of instances.

Comments are closed.