Connect to Public Instance
- Click on Public Linux Instance.
- Click Actions.
- Click Security.
- Click Modify IAM role.
- At the Modify IAM role page.
- Click to select SSM-Role.
- Click Save.
You will need to wait about 10 minutes before performing the next step. This time our EC2 instance will automatically register with the Session Manager.
- Drag the left menu slider down.
- Click Session Manager.
- Click Start Session.
- Then select Public Linux Instance and click Start session to access the instance.
- Terminal will appear on the browser. Testing with the command
sudo tcpdump -nn port 22andsudo tcpdumpwe will see no SSH traffic but only HTTPS traffic.
Above, we have created a connection to the public instance without opening SSH port 22, for better security, avoiding any attack to the SSH port.
One disadvantage of the above method is that we have to open the Security Group outbound at port 443 to the internet. Since it’s a public instance, it probably won’t be a problem, but if you want extra security, you can block port 443 to the internet and still use the Session Manager. We will go through this in the private instance section below.
You can click terminate to end the currently connected session before proceeding to the next step.