AWS SSM
1. Architecture
왼쪽은 SSH 로 접속시이고, 오른쪽은 SSM으로 연결했을때 입니다.
1.2 SSM 의 장점
- Bastion Host 필요 없어진다
2. Setting Up
2.1 Installation on Local
아래는 Ubuntu에서의 설치 방법입니다.
# Intel 64
$ curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o "session-manager-plugin.deb"
# ARM 64
$ curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_arm64/session-manager-plugin.deb" -o "session-manager-plugin.deb"
설치합니다.
$ sudo dpkg -i session-manager-plugin.deb
$ session-manager-plugin
2.2 SSM Agent on EC2
EC2 Instance 로 접속을 합니다.
$ sudo snap switch --channel=candidate amazon-ssm-agent
$ sudo snap install amazon-ssm-agent --classic
$ sudo systemctl start snap.amazon-ssm-agent.amazon-ssm-agent.service
$ sudo systemctl status snap.amazon-ssm-agent.amazon-ssm-agent.service
$ sudo snap start amazon-ssm-agent
$ sudo snap services amazon-ssm-agent
2.3 Role
- IAM
- Roles 선택 -> Create Role
- 추가할 Policies
- AmazonSSMManagedInstanceCore
- AmazonSSMDirectoryServiceAccess
- CloudWatchAgentServerPolicy
- Name: ssm-instance-profile
- EC2
- SSM으로 접속할 Instance 선택
- Actions -> Security -> Modify IAM Role
- ssm-instance-profile 추가
2.4 Connect to EC2
EC2 접속은 다음과 같이 합니다.
$ aws ssm start-session --region us-east-2 --target i-abc12345