AWS : Connect to EC2 Instance via Systems Manager (SSM) and Browser SSH

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys it's manny uh continuing from the previous video where we connected to the instance through uh windows using putty i wanted to move towards showing you the other two ways that you can connect to your aws ec2 instance via the aws uh ui so here you want to use uh select the instance three that's the last one we used previously we want to try to connect it's download ssh client uh we can't unless we use putty right on the sessions manager you'll see an error like this we're not able to connect to your instance usually it's because hey the ssm agent assistance manager agent is not installed on the instance right and we need it to be installed and then they will tell you hey well i think you know what what the problem is is probably your setup when your sessions manager and that that could be the case as well so we'll go over that first and then we'll go into seeing why the ec2 instance connect which essentially should work right it's a browser-based https connection uh you'll see that uh we we can't type anything it's kind of like frozen what this will do will eventually time out and uh even though our security group only allows a connection from our ip based on on last video just to make it more secure it's it's not working we're not able to to browse uh via the the browser to it unfortunately unless we make some changes and that will that's something that we will touch second so close out of that the instance three and we'll actually let me go to ssm here we're gonna open in a different tab and keep the ec2 instance open uh okay assistance manager you'll go here you'll see manage instances let's go to session manager because that's the error we saw right that hey your sessions manager might not be set up okay so we're gonna start a session here we can see hey there are no instances which are associated with the required iam rule okay so we need to assign an imrow that gives the ec2 instance or gives systems manager permission to talk to the ec2 instance right and if you want documentation uh you you can go here and see the different options that did you have to attach an imroll to an instance right okay so let's go back to the ec2 instance the i am roll for this one right now is easy to full access and we will go ahead and change that um attach and replace imro okay so you might have one already created but we're gonna go from from scratch because ideally what we want to do is give the ec2 permission or create a role right that gives permission for them to talk to to to each other so we're going to create a role we need to create one for a an aws service and we wanted to use uh ec2 we'll go to permissions and then here we're going to get a list of a lot of permissions showing 702 results for some reason i only saw like 20. i guess um oh there we are okay it just keeps on okay the scoreboard was was fairly small so we want to look for systems manager we're gonna look for ssm and you'll see here uh this was gonna be soon be deprecated so you don't use this one even though the name kind of tells you hey use this me use me uh you don't use that one you want to give it a full access and that ec2 roll for ssm tells you to use the manage instance score what i've done up to now is use both then we want to click on uh next then uh we don't need to do that that green allows this to call it so there you have yep uh just put ssm um access you can do full access if you want we'll name ssm updated let's say let's call it ssm instance three okay i'm going to create the roll okay now we'll go back to here when i click on refresh it will very likely give you that new i am roller you created ssm-instance three i'm gonna click on apply okay so this might work right away and you'll be able to maybe see it here however what i've noticed is sometimes it just needs it just needs a quick reboot right because as you can see here it already changed the imroll to ssm instance three however what we need to do is just just reboot it it just make the changes a little a little bit faster okay so let's go back to systems manager and of course this this will probably take a little bit to come back online i don't even know if it actually listened to me or not okay so let's i am roll ssm instance it will give you these okay so while that uh gets resolved let's go back here let's go to this manager refresh uh it's not it doesn't seem to be to be rebooting i'm just going to click on stop yes i know i want to stop it okay we'll stop it make sure the imroll is the ssm instance 3 that you created then one of the one of the things that that we can we can take a look at in the meantime is the security group that we have here with the with launch wizard 2. and you can see the inbound rules are only hey you can only connect from your ip which is great the view outbound rules you can just go out to anything okay so we'll start this and then we're going to modify the security group okay as you could see before let me drag this down launch wizard 2 was the right one we just have to check here make sure it's this one yep okay so we're going to edit the inbound rules we're going to create actually want to change it i want to say anywhere this is very bad practice but just for now we're going to do it just because i want to show you why it's for some reason that's that's fixing one of the issues so we're going to go back to the ec2 instances right this is three it's still running with the security group launch wizard two the view inbound rules change now it's not just our ip but literally anything outside the web i'm gonna hit refresh here make sure it's initializing and then we're going to try to connect right and we're going to try to connect via the ec2 instance connect the browser-based ssh connection this is going to work because we just changed that security group rule boom we didn't have to run into any problem we it's still pulling the same ip but for some reason it wasn't working so in case you guys run into that problem it might be a an issue on aws's end i'm not particularly sure but here um let's see i don't know i'm sorry last cool let's go i'm just gonna i like to i like to see something sometimes i'll just go back to uh to the main to root and just list just so hey there's commands are working i'm able to change directories and list what's uh what's in there so there you go so that fixed that and if you if you want we'll just for security purposes i'm going to go back into that security group and edit the inbound and we are going to remove that and put my ip because oh i don't want this one i just need a one i'm not sure why i gave me two okay and now that p is back to normal we will try to connect here one more time let's go back to ec2 instances try to connect again and it'll just time out right so those changes that you make the security group are very uh very quick okay all right so now it launched up again it has the ssm instance uh set the role that we gave it full permissions to it let's go to systems manager this is the sessions manager's location and we will see that once we change the iam role on that ec2 instance boom now it's showing up under systems managed that means we have control over this and essentially right if you have different groups etc you will be able to manage them from a central location that's what session manager allows you to do so you can click on instance three and start session and that that's actually it so again we changed uh directory ls and look we were making changes this is to the same instance and you can see the instance d85e uh we'll go back here d85e that's what we're connected to through uh systematic we're gonna terminate that yep i wanna terminate i don't care for the connection we're gonna go back to the ec2 instance and then we're going to try to connect and then now you'll see that sessions manager actually works it doesn't have that horrible message that tells you hey you did not configure anything properly please configure it okay we're going to connect and it's gonna be the exact same uh connection right but this is using the systems manager um and you can see hey who am i you're ssm dash user you're not logged in as the ec2 user that you would be connected to through putty okay we're going to terminate this connection uh terminating that of course does not terminate the instance i know those sometimes those words can get confusing sometimes but that's it that's all we did so changing the iem role to ssm to a role that will give you and you'll see the permissions here ssn managed instance score and ssn full access it will allow you to be able to for for that particular management service to be able to use uh sessions manager to be able to to remote uh to the ec2 instance right and that is that is it if you guys have any other questions regarding that or if you would like me to to to do a video on anything else or any errors let me know i did i do have the solutions architect and the sysops administrator certificates for aws so these those help me and have helped me to troubleshoot things like this that are very minimal or very basic but it's they're so frustrating when you don't know where to look and what to search for that's why again i make these videos to be able to document um my problems that i've that i've had while while in the aws ui that i haven't really been able to pinpoint clearly what the error was and i was able to to resolve it that way okay have a great day see ya

Info

Channel: MannyinTheCloud

Views: 11,495

Rating: undefined out of 5

Keywords: AWS, Azure, Cloud, 100daysofcloud, SysOps, Administrator, Windows, linux, Amazon Web Services

Id: w64LEE73HYI

Channel Id: undefined

Length: 12min 39sec (759 seconds)

Published: Sat Aug 22 2020