Quickly Connect to an EC2 Instance deployed in a VPC using the AWS Systems Manager Session Manager

This article provides a solution for users who need to connect to an Amazon EC2 instance that has been deployed in a Virtual Private Cloud using the AWS Systems Manager Session Manager (SMSM).

Setup SSM on EC2 TOC

The Problem: Why isn’t Session Manager connecting to my EC2 instance?

The background to this problem is that I deployed an Amazon EC2 instance in an Amazon Virtual Private Cloud (VPC) and was trying to connect to this using the AWS Systems Manager Session Manager and this just wasn’t working.

The information available indicated that a role with the AmazonSSMManagedInstanceCore policy should be enough to connect to the EC2 instance however as is everything with software development or anything around this subject, it wasn’t that simple.

The Solution: We need an Internet Gateway.

Below I’ve attempted to capture the solution in picture form with a brief explanation for each step.

Keep in mind that we have an EC2 instance running in a VPC that has one subnet.

Example AWS EC2 Configuration

An AWS EC2 Instance Summary For an instance id with pointers to the public IPv4 address, the IAM Role, the VPC ID, and the subnet ID.
AWS SSM Setup EC2 Step #1

AWS EC2 Security Group Configuration

AWS Systems Manager Session Manager (AWS SSM) EC2 Security details with pointers to the security group and source IP address (which is my IP address).
AWS Systems Manager Session Manager (AWS SSM) EC2 Security Inbound Rules and Outbound Rules.

AWS EC2 Security Group: Launch Wizard Inbound Rules Configuration

EC2 Security Groups for sg-0nnn, Inbound Rules with a pointer to the Source IP address (which is noted as my IP address).
EC2 Security Groups for sg-0nnn, Inbound Rules with a pointer to the Source IP address.

AWS EC2 Security Group: Launch Wizard Outbound Rules Configuration

Example Setup for EC2 Security Groups Outbound Rules for AWS SSM.
Example Setup for EC2 Security Groups Outbound Rules for AWS SSM.

AWS Identity and Access Management (IAM) Configuration

AWS Identity and Access Management (IAM) Setup Access Management Roles with a pointer to the AmazonSSMManagementInstanceCore policy name.
AWS IAM Setup Access Management Roles using the AmazonSSMManagementInstanceCore policy.

AWS VPC Configuration

AWS SSM VPC Setup for ssm-vpc with an IPv4 CIDR of 10.0.0.0/28.
AWS SSM VPC Setup

AWS VPC Configuration: CIDRs

Step 4A: AWS Systems Manager Session Manager Setup VPC
Setup a VPC for AWS SSM

AWS VPC Internet Gateway: Routes Configuration

AWS Systems Manager Session Manager Setup for a VPC Route Table (Step 4B) with a pointer to the igw-0 target.
AWS SSM setup for a VPC Route Table

AWS VPC Internet Gateways Configuration

AWS Systems Manager Session Manager (AWS SSM) Setup VPC Internet Gateway Step 4C
AWS SSM Setup VPC Internet Gateway Step 4C

AWS VPC Internet Gateway: Details Configuration

AWS SSM setup VPC Internet Gateway igw-0 with an attached state
AWS SSM setup VPC Internet Gateway igw-0 with an attached state

AWS VPC Subnet Configuration

AWS Systems Manager Session Manager (AWS SSM) Setup VPC Subnet Step 4E
AWS Systems Manager Session Manager (AWS SSM) Setup VPC Subnet Step 4E

AWS VPC Subnet Configuration: Details

AWS Systems Manager Session Manager (AWS SSM) Setup VPC Subnet Step 4F
AWS SSM Setup VPC Subnet (Step 4F)

AWS VPC Subnet Route Table Configuration

AWS SSM AWS Systems Manager Session Manager Setup VPC Subnet Route Table Step 4G: A Routing table configuration with two routes
AWS SSM AWS Systems Manager Session Manager : A Routing table configuration with two routes

AWS VPC Subnet: Network ACL Configuration

AWS Systems Manager Session Manager AWS SSM Setup VPC Subnet Network ACL Step 4H with pointers to the inbound rules and outbound rules, which are both set to default values.
AWS Systems Manager Session Manager AWS SSM Setup VPC Subnet Network ACL Step 4H

Conclusion

If you try this solution and find that it’s incomplete or that something isn’t clear, please add your thoughts in the comments section — I’ve tried to be comprehensive with this example however it’s possible that I’ve missed something.

ThosPFuller

When it comes to Digital Marketing as a/an: Organic SEO Consultant: I can help improve your website traffic, increase search engine rankings, and increase brand visibility; Technical SEO Consultant: I can help improve your website performance, identify and fix errors, improve crawlability, and optimize your website structure and code; WordPress SEO Consultant: I can help improve your WordPress website ranking, improve your WordPress website usability, and optimize your WordPress website content and plugins. I am based in Northern Virginia -- which is in the Washington DC metropolitan area.

Leave a Reply