On , I learnt ...

You can have SSH sessions via AWS Session Manager

This can be achieved by adding a block like this to your ~/.ssh/config:

host i-* mi-*
    ProxyCommand sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"

This allows an SSH session to be started with:


If you work with more than one AWS account, you can use a pseudo host string to indicate which AWS profile to use:

Host i-*.*
    ProxyCommand sh -c "aws --profile=$(echo %h | cut -d'.' -f2) ssm start-session --target $(echo %h | cut -d'.' -f1) --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"

where we pass hosts in the form $INSTANCE_ID.$PROFILE_NAME. For example:

ssh i-0c47f1891eb987860.staging

Note that commands aren’t logged for SSH sessions.

For more see the AWS SSM docs.