You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: .github/wiki/Connect-to-Bastion-via-SSM.md
+14-14Lines changed: 14 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,6 +11,20 @@ Traditional SSH key pairs have several drawbacks:
11
11
-**Rigid Access Control:** Revoking access requires deleting the entire key pair, affecting all users.
12
12
-**Management Overhead:** AWS doesn't store key pairs after creation - if lost, recovery is impossible.
13
13
14
+
## Benefits of SSM
15
+
16
+
-**Centralized Access Control:** Manage access via IAM policies - grant/revoke access without touching the instance.
17
+
-**Quick Response:** Immediately terminate all sessions in case of security incidents.
18
+
-**No Public IP Required:** Connect to instances in private subnets via VPC Endpoints.
19
+
-**Full Auditing:** Log every session and command to CloudWatch Logs or S3 for compliance.
20
+
21
+
## Considerations
22
+
23
+
-**Latency:** Session Manager tunnels traffic through AWS APIs, which may introduce slight lag compared to direct SSH connections.
24
+
-**Logging Costs:** While SSM is free, storing session logs in CloudWatch or S3 incurs costs. Consider configuring lifecycle rules or retention periods to manage costs.
25
+
26
+
For more information, refer to the [AWS Session Manager documentation](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html).
27
+
14
28
## Prerequisites
15
29
16
30
Before connecting via SSM, ensure the following requirements are met:
-**Centralized Access Control:** Manage access via IAM policies - grant/revoke access without touching the instance.
76
-
-**Quick Response:** Immediately terminate all sessions in case of security incidents.
77
-
-**No Public IP Required:** Connect to instances in private subnets via VPC Endpoints.
78
-
-**Full Auditing:** Log every session and command to CloudWatch Logs or S3 for compliance.
79
-
80
-
## Considerations
81
-
82
-
-**Latency:** Session Manager tunnels traffic through AWS APIs, which may introduce slight lag compared to direct SSH connections.
83
-
-**Logging Costs:** While SSM is free, storing session logs in CloudWatch or S3 incurs costs. Consider configuring lifecycle rules or retention periods to manage costs.
84
-
85
-
For more information, refer to the [AWS Session Manager documentation](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager.html).
0 commit comments