On , I learnt ...
You can have SSH sessions via AWS Session Manager
This can be achieved by adding a block like this to your ~/.ssh/config
:
host i-* mi-*
ProxyCommand sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
This allows an SSH session to be started with:
ssh $INSTANCE_ID
If you work with more than one AWS account, you can use a pseudo host string to indicate which AWS profile to use:
Host i-*.*
ProxyCommand sh -c "aws --profile=$(echo %h | cut -d'.' -f2) ssm start-session --target $(echo %h | cut -d'.' -f1) --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
where we pass hosts in the form $INSTANCE_ID.$PROFILE_NAME
. For example:
ssh i-0c47f1891eb987860.staging
Note that commands aren’t logged for SSH sessions.
For more see the AWS SSM docs.