Use AWS Session Manager to Securely connect to an EC2 instance

In this article, you’ll learn about AWS Systems Manager Session Manager, a powerful tool that allows you to securely connect to your EC2 instances.

We’ll explore two methods to connect to an EC2 instance using Session Manager, one method is using the Amazon EC2 console and the other is with the AWS CLI.

Next to that we’ll show you how you can make your Amazon EC2 instance compatible with AWS Session Manager, so that you can login safely on your instance using your IAM user or role instead of using SSH.

The quickest method is with the AWS CLI. In order to quickly and securely connect to an Amazon EC2 instance, run the command aws ssm start-session using the argument --target <instance-id> and it will connect to your instance using your active AWS IAM role or user.

What is AWS Systems Manager Session Manager?

AWS Systems Manager Session Manager is a fully managed service that enables you to manage and troubleshoot your EC2 instances.

With Session Manager, you can securely connect to your instances without the need for an open SSH port or a bastion host. This enhances security and simplifies the connection process.

Enabling AWS Session Manager on Your EC2 Instance

Before you can connect to an EC2 instance using AWS Session Manager, you must ensure that the instance is properly configured to support this service.

Here’s a step-by-step guide to enabling AWS Session Manager on your EC2 instance:

  1. Ensure IAM Role and Permissions: Your EC2 instance must have an IAM instance profile with the necessary permissions to communicate with Systems Manager. You can attach the AmazonEC2RoleforSSM policy to the role to grant these permissions.
  2. Install or Update SSM Agent: The EC2 instance must have the SSM Agent installed and updated to the latest version. Most Amazon Machine Images (AMIs) come with the agent pre-installed. If not, you can manually install or update it.

By following these steps, you’ll have AWS Session Manager enabled on your EC2 instance, allowing you to securely connect and manage your instance without the need for SSH keys or other complex setup.

How to Connect to an EC2 Instance Using Session Manager with the AWS CLI

For those who prefer using the command line, connecting to an EC2 instance using Session Manager with the AWS CLI is equally simple.

Here’s how:

  1. Install and configure your AWS CLI and login with your AWS CLI profile.
  2. Install the aws ssm plugin if you haven’t already.
  3. Run the following command to start a session with your desired EC2 instance:
aws ssm start-session --target instance-id

Replace instance-id with the actual ID of the EC2 instance you want to connect to. This command will utilize the aws ssm plugin to establish a secure connection.

This is what it looks like when you login to an Amazon Linux 2 instance:

~ on  tst-account-sso (eu-west-1) [4m40s]
➜ aws ssm start-session --target i-05ed0232095f21da6

Starting session with SessionId: dannysteenman-043c9e08917fec583

How to Connect to an EC2 Instance Using Session Manager with the Amazon EC2 Console

Connecting to an EC2 instance using Session Manager through the Amazon EC2 console is a straightforward process. Here are the detailed steps:

  1. Sign in to the AWS Console with your credentials.
  2. Navigate to the EC2 Dashboard and select the instance you want to connect to.
  3. Click on the “Connect” button, then choose “Session Manager” from the connection methods.
  1. Click “Connect” to initiate the connection. You’ll be connected to your instance securely via the session manager plugin.


Securely connecting to an EC2 instance has never been easier, thanks to AWS Systems Manager Session Manager.

Whether you choose to connect via the Amazon EC2 console or the AWS CLI, the process is streamlined and secure.

By using the aws ssm start-session command and leveraging the session manager plugin, you can manage your instances without compromising on security.

Remember, the aws ssm plugin is a crucial component in this process, so ensure it’s installed and configured properly.

Danny Steenman

A Senior AWS Cloud Engineer with over 9 years of experience migrating workloads from on-premises to AWS Cloud.

I have helped companies of all sizes shape their cloud adoption strategies, optimizing operational efficiency, reducing costs, and improving organizational agility.

Connect with me today to discuss your cloud aspirations, and let’s work together to transform your business by leveraging the power of AWS Cloud.

I need help with..
stacked cubes
Improving or managing my CDK App.Maximize the potential of your AWS CDK app by leveraging the expertise of a seasoned CDK professional.
Reducing AWS Costs.We can start by doing a thorough assessment of your current AWS infrastructure, identifying areas with potential for cost reduction and efficiency improvement.
Verifying if my infrastructure is reliable and efficient.We’ve created a comprehensive AWS Operations Checklist that you can utilize to quickly verify if your AWS Resources are set up reliably and efficiently.