Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Goodbye SSH, use AWS Session Manager instead

Goodbye SSH, use AWS Session Manager instead

Replacing SSH with the AWS Session Manager simplifies authentication, authorization, networking, as well as audit logs for administrator sessions on EC2 instances. So is it already time to say goodbye to SSH? Yes, especially if you are aiming for immutable virtual machines and therefore only need remote access for debugging.

Andreas Wittig

May 08, 2019
Tweet

More Decks by Andreas Wittig

Other Decks in Technology

Transcript

  1. • Covers fundamental parts of AWS: EC2, EBS, EFS, S3,

    RDS, DynamoDB, Lambda, VPC, IAM, Auto Scaling, ELB, … • Learn how to build scalable, highly available, or even fault tolerant systems • Focuses on Infrastructure as Code with CloudFormation manning.com, amazon.com, or amazon.de Book Amazon Web Services in Action 3
  2. • Running your web application on AWS with Docker: ECS

    and Fargate. • Simple to use and fast to implement! • A production-ready infrastructure for everyone. • Including deployment pipeline and Infrastructure as Code. cloudonaut.io/rapid-docker-on-aws/ Book Rapid Docker on AWS 4
  3. Incident Mgmt marbot.io 6 • Manage CloudWatch alarms via Slack.

    • Built for small and agile teams. • Integrates with Elastic Beanstalk, RDS, EC2, Lambad, SNS, … • Built-in escalation strategy to minimize distraction. marbot.io
  4. 9

  5. 1. Install the AWS Systems Manager agent on each EC2

    instance (already installed on Amazon Linux). 2. Create an IAM role for the EC2 instance which grants access to the AWS Systems Manager. 3. Use IAM policies to restrict which IAM user or role can start a session with an EC2 instance. 4. Configure audit logs. 5. Use IAM policies to make sure engineers are not able to modify the audit log settings. Configuration 10
  6. • No built-in way to transfer files. • Copy&Paste of

    multiple lines is slow. • CTRL+C and others are not working (known bug). • EC2 instance is responsible for writing the audit log. Limitations 12
  7. Credits Special thanks to all the people who made and

    released these awesome resources for free: • Presentation template by SlidesCarnival • Photographs by Unsplash 15