Session Manager usage:
- Connect to your instance without SSH keys, a bastion host, or opening any inbound ports.
- Sessions are secured using an AWS Key Management Service key.
- You can log session commands and details in an Amazon S3 bucket or CloudWatch Logs log group.
- Configure sessions on the Session Manager Preferences page.
Policy sample:
{
"Id": "Policy1718206144629",
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1718206142963",
"Action": [
"s3:GetObject",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::reportbucket12343",
"Principal": {
"AWS": [
"arn:aws:iam::267116102150:instance-profile/EC2InstanceProfile"
]
}
}
]
}