AWS Systems Manager Session Manager lets you manage your Amazon EC2 instances through an interactive one-click browser-based shell or through the AWS CLI. Session Manager provides secure and auditable instance management without the need to open inbound ports, maintain bastion hosts, or manage SSH keys. Session Manager also makes it easy to comply with corporate policies that require controlled access to instances, strict security practices, and fully auditable logs with instance access details, while still providing end users with simple one-click cross-platform access to your Amazon EC2 instances.

When used with Microsoft Windows, the AWS Systems Manager Session Manager provides access to a PowerShell console on the instance.

In this task, you will access the Amazon EC2 instance via Session Manager.

-In the Management Console, in the left navigation pane, click Session Manager.

-Click Start Session

-Select Managed Instance.

-Click Start session

A session window will open in your browser.

-Click in the session to activate the cursor.

-Run this command in the session window:

ls /var/www/html

You will see application files that were installed on the instance.

Run this command in the session window:

# Get region
AZ=`curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone`
export AWS_DEFAULT_REGION=${AZ::-1}
# List information about EC2 instances
aws ec2 describe-instances

-This demonstrates how AWS Systems Manager Session Manager can be used to login to an instance without using SSH. In fact, this instance does not have SSH port 22 opened in its Security Group. Optional you could verify the same by browsing to the Security Group used by the instance.

Access to the Session Manager can be restricted via IAM policies and usage is logged in AWS CloudTrail. This provides much better security and auditing than traditional SSH access.