Notes – ASAA

Session Manager usage:

  • Connect to your instance without SSH keys, a bastion host, or opening any inbound ports.
  • Sessions are secured using an AWS Key Management Service key.
  • You can log session commands and details in an Amazon S3 bucket or CloudWatch Logs log group.
  • Configure sessions on the Session Manager Preferences  page.

Policy sample: 

{
  "Id": "Policy1718206144629",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1718206142963",
      "Action": [
        "s3:GetObject",
        "s3:PutObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::reportbucket12343",
      "Principal": {
        "AWS": [
          "arn:aws:iam::267116102150:instance-profile/EC2InstanceProfile"
        ]
      }
    }
  ]
}