Last year, Amazon Web Services
announced new capabilities in the AWS Systems Manager Session Manager. Users are now capable of tunneling SSH (Secure Shell) and SCP (Secure Copy) connections directly from a local client without the need for the AWS management console.For years, users have relied on firewalls and bastion hosts in order to
securely access cloud assets, but these options have security and management overhead tradeoffs. The Session Manager allows for secure, audited console access to
cloud resources without the need for additional ingress points.The addition of secure copy (SCP) capability removes one of the obstacles encountered by users adopting the AWS Session Manager. Cloud asset console access was provided within the AWS management console, but until now, there was no simple way to move files onto the remote systems. In many scenarios, development or administration of a live system may require copying patches or other data onto your live instances, and now Session Manager allows this without the need for additional solutions such as firewalls, bastions or intermediate S3 usage.How to SetupIn order to perform SCP and SSH operations from your local host to the remote cloud asset, you will need to perform the following setup steps:
Install or Update Systems Manager Agent on your EC2 instance – Most importantly, these new capabilities require the newest SSM agents to be running on your cloud assets. If you were already running the Systems Manager agent, you must upgrade.
using
session
manager
enhanced
capability
