I was having issues connecting to my session from a lab i was following. I kept banging my head but it finally worked after watching your vid. Awesome !! Thanks
Why is everyone bad at explaining stuff? You never explained how you got the roles page. I cant even find it. My Aws pages look completely different thajn yours.
If you have VPC without internet access, you can still use SSM, but you will need to add the following VPC PrivateLink endpoints (ec2, ec2-messages, SSM and SSM-messages)
I like SSM Session Manager because the command history and access calls go to CloudWatch / CloudTrail, and then I can run jobs as needed for various compliance functions
You should be able to enable bash using Shell Profiles. Navigate to the Preferences section of the AWS Sessions Manager and add /bin/bash to the Linux Shell Profile. You should be all set.
We run our instances in a private subnet and create a SSM VPC endpoint and are then able to get to them directly with an audit trail in CloudTrail and CloudWatch
Hi Zekeriya, I am finding difficulty in connecting private instance(with no public IP and no port for SSH/https ) using ec2-->connect-->session manger. Have you find any method other than using VPC endpoints ?
@@svsaws2142 Hello svs; In my opinion actually best secure way is the session manager for EC2 connection. For 3 VPC endpoints, you can use the same SG and after that, you need to attach EC2 SG to VPC SG inbound rule. Thank you
I get the following error: ----------ERROR------- Encountered error while initiating handshake. Fetching data key failed: Unable to retrieve data key, Error when decrypting data key AccessDeniedException: The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access.
1:53 "If you're using a different Linux, or a different AMI, you're going to have to build that into it..." This was the whole point of coming to the video...
I was having issues connecting to my session from a lab i was following. I kept banging my head but it finally worked after watching your vid. Awesome !! Thanks
Nice to hear someone teaching and being security conscious.
Thank you. This is a great demo and also promotes security best practices.
Great video!
Why is everyone bad at explaining stuff? You never explained how you got the roles page. I cant even find it. My Aws pages look completely different thajn yours.
What did you see on yours? Can you see Service at top left hand corner. just client and then type IAM.
If you have VPC without internet access, you can still use SSM, but you will need to add the following VPC PrivateLink endpoints (ec2, ec2-messages, SSM and SSM-messages)
does SSM (session manager) supported in lightsail instance (windows) as well?
can we use the instance without keypair in ssh
Is there any particular reason we are moving to SSM instead of ec2-instance-connect? What would be the drawbacks with SSM?
I like SSM Session Manager because the command history and access calls go to CloudWatch / CloudTrail, and then I can run jobs as needed for various compliance functions
No aws images. Please show us how to install for non-aws images
Very useful video... just one thing I hate about session manager no autocomplete
The first thing our team does when launching a SSM session is launch 'bash', which then acts like it should
It all seems nice and dandy but how do I get bash support within a session manager session?
You should be able to enable bash using Shell Profiles. Navigate to the Preferences section of the AWS Sessions Manager and add /bin/bash to the Linux Shell Profile. You should be all set.
Hello, do you have the advice or training to use session manager on private ec2.
We run our instances in a private subnet and create a SSM VPC endpoint and are then able to get to them directly with an audit trail in CloudTrail and CloudWatch
Hi Zekeriya,
I am finding difficulty in connecting private instance(with no public IP and no port for SSH/https ) using ec2-->connect-->session manger. Have you find any method other than using VPC endpoints ?
@@svsaws2142 Hello svs; In my opinion actually best secure way is the session manager for EC2 connection. For 3 VPC endpoints, you can use the same SG and after that, you need to attach EC2 SG to VPC SG inbound rule.
Thank you
I get the following error:
----------ERROR-------
Encountered error while initiating handshake. Fetching data key failed: Unable to retrieve data key, Error when decrypting data key AccessDeniedException: The ciphertext refers to a customer master key that does not exist, does not exist in this region, or you are not allowed to access.
Hello; Can you check the IAM role did you give the required metrics for the IAM role? Also make sure SSM agent working from EC2 client.
Do we have some integration for RDS DB ?
That’s the Data API feature you can enable on the RDS instance
1:53 "If you're using a different Linux, or a different AMI, you're going to have to build that into it..."
This was the whole point of coming to the video...