Quickly Connect to an EC2 Instance deployed in a VPC using the AWS Systems Manager Session Manager
This article provides a solution for users who need to connect to an Amazon EC2 instance that has been deployed in a Virtual Private Cloud using the AWS Systems Manager Session Manager (SMSM).
Setup SSM on EC2 TOC
The Problem: Why isn’t Session Manager connecting to my EC2 instance?
The background to this problem is that I deployed an Amazon EC2 instance in an Amazon Virtual Private Cloud (VPC) and was trying to connect to this using the AWS Systems Manager Session Manager and this just wasn’t working.
The information available indicated that a role with the AmazonSSMManagedInstanceCore policy should be enough to connect to the EC2 instance however as is everything with software development or anything around this subject, it wasn’t that simple.
The Solution: We need an Internet Gateway.
Below I’ve attempted to capture the solution in picture form with a brief explanation for each step.
Keep in mind that we have an EC2 instance running in a VPC that has one subnet.
Example AWS EC2 Configuration
AWS EC2 Security Group Configuration
AWS EC2 Security Group: Launch Wizard Inbound Rules Configuration
AWS EC2 Security Group: Launch Wizard Outbound Rules Configuration
AWS Identity and Access Management (IAM) Configuration
AWS VPC Configuration
AWS VPC Configuration: CIDRs
AWS VPC Internet Gateway: Routes Configuration
AWS VPC Internet Gateways Configuration
AWS VPC Internet Gateway: Details Configuration
AWS VPC Subnet Configuration
AWS VPC Subnet Configuration: Details
AWS VPC Subnet Route Table Configuration
AWS VPC Subnet: Network ACL Configuration
If you try this solution and find that it’s incomplete or that something isn’t clear, please add your thoughts in the comments section — I’ve tried to be comprehensive with this example however it’s possible that I’ve missed something.