Skip to content

AWS SSM

Introduction

Welcome to the comprehensive guide for using the AWS Systems Manager (SSM) through the Leverage framework integrated with AWS Single Sign-On (SSO). This documentation is designed to facilitate a smooth and secure setup for managing EC2 instances, leveraging advanced SSO capabilities for enhanced security and efficiency.

Overview

The AWS Systems Manager (SSM) provides a powerful interface for managing cloud resources. By initiating an SSM session using the leverage aws sso configure command, you can securely configure and manage your instances using single sign-on credentials. This integration simplifies the authentication process and enhances security, making it an essential tool for administrators and operations teams.

Key features

  • SSO Integration: Utilize the Leverage framework to integrate AWS SSO, simplifying the login process and reducing the need for multiple credentials.
  • Interactive Command Sessions: The start-session command requires the Session Manager plugin and is interactive, ensuring secure and direct command execution.

Command

This command configures your AWS CLI to use SSO for authentication, streamlining access management across your AWS resources.

leverage aws sso configure

Advantages of Terminal Access

While it is possible to connect to SSM through a web browser, using the terminal offers several benefits:

  • Direct Shell Access: Provides real-time, interactive management capabilities.
  • Operational Efficiency: Enhances workflows by allowing quick and direct command executions.

Security and Management Benefits

Adopting this integrated approach offers significant advantages:

  • Increased Security: By using SSO, the system minimizes risks associated with multiple credential sets and potential unauthorized access.
  • Efficient Management: Centralizes control over AWS resources, reducing complexity and improving oversight.

Getting Started

This guide is structured into detailed sections that cover:

  • Pre-requisites: Requirements needed before you begin.
  • Variable Initialization: Setup and explanation of the necessary variables.
  • Authentication via SSO: How to authenticate using the leverage aws sso configure command.
  • Exporting AWS Credentials: Guidelines for correctly exporting AWS credentials for session management.
  • Session Handling: Detailed instructions for starting, managing, and terminating SSM sessions.

Each section aims to provide step-by-step instructions to ensure you are well-prepared to use the AWS SSM configuration tool effectively.

Navigate through the subsections for detailed information relevant to each stage of the setup process and refer back to this guide as needed to enhance your experience and utilization of AWS SSM capabilities.

Prerequisites

Before you begin, ensure that you have the necessary tools and permissions set up:

  • SSM Plugin for AWS CLI: Crucial for starting SSM sessions from the command line. Install it by following the steps on the AWS Documentation site.

Getting Started Guide

Step 1: Initialize Environment Variables

Set up all necessary variables used throughout the session. These include directories, profiles, and configuration settings essential for the script’s functionality.

PROJECT_SHORT="bb"
FOLDER="le-tf-infra-aws"
COMMON_CONFIG_FILE="$FOLDER/config/common.tfvars"
REPO_URL="git@github.com:binbashar/$FOLDER.git"
AWS_CREDS_DIR="~/.aws/$PROJECT_SHORT"
AWS_PROFILE="$PROJECT_SHORT-shared-devops"
SKIP_VALIDATION="yes"

Step 2: Authenticate via SSO

Navigate to the required layer directory and perform authentication using AWS SSO. This step verifies your credentials and ensures that subsequent operations are secure.

cd $FOLDER/shared/us-east-1/tools-vpn-server
leverage aws sso configure

Step 3: Export AWS Credentials

Export the AWS credentials as environment variables to enable the AWS CLI and other tools to use them for session management.

export AWS_SHARED_CREDENTIALS_FILE="$AWS_CREDS_DIR/credentials"
export AWS_CONFIG_FILE="$AWS_CREDS_DIR/config"

Step 4: Validate Identity (Optional)

Optionally, you can validate your AWS identity to ensure that your configuration is correct. This step is recommended to avoid issues in later stages.

aws sts get-caller-identity --profile $AWS_PROFILE

Step 5: Start an SSM Session

Now that the setup is complete, you can start an SSM session. This is the final step and allows you to manage your AWS resources securely.

Command syntax

aws ssm start-session --target <instance-id> --profile <aws-profile> --region <aws-region>

Example command

Consider the following settings as an example:

  • Instance ID: i-0123456789abcdef0
  • AWS Profile: devops-profile
  • AWS Region: us-west-2
aws ssm start-session --target i-0123456789abcdef0 --profile devops-profile --region us-west-2

This command initiates a secure session to the specified EC2 instance using SSM. It's a crucial tool for managing your servers securely without the need for direct SSH access. Ensure that your permissions and profiles are correctly configured to use this feature effectively.

By following these steps, you can efficiently set up and use the AWS SSM configuration tool for enhanced security and management of your cloud resources.

For a complete view of the script and additional configurations, please refer to the full Gist.