DevOpsLesson
DevOpsLesson

Free, comprehensive DevOps tutorials and learning roadmaps. Master Docker, Kubernetes, CI/CD, and more.

Stay Updated

Get notified about new tutorials and features.

Tutorials

  • What is DevOps?
  • Docker Tutorial
  • Terraform Tutorial
  • CI/CD Pipeline
  • All Tutorials

Roadmaps

  • DevOps Engineer
  • Cloud Engineer
  • SRE Path
  • All Roadmaps

Company

  • About Us
  • Blog
  • Contact
  • Privacy Policy
  • Terms of Service

© 2026 DevOpsLesson. All rights reserved.

DOCKERKUBERNETESTERRAFORMAWSCI/CDLINUXGITDEVOPS ROADMAPCLOUD ROADMAPSRE ROADMAPGIT CHEATSHEETDOCKER CHEATSHEETK8S CHEATSHEETTF CHEATSHEETLINUX CHEATSHEETDOCKERFILE LINTERYAML VALIDATORCRON PARSERREGEX TESTER

Aws Tutorial

Introduction to AWS
AWS Global Infrastructure
Setting Up AWS
AWS IAM
AWS EC2
AWS VPC
AWS S3
AWS RDS
AWS Lambda
AWS ECS and EKS
AWS CloudWatch
AWS CodePipeline
AWS Cost Optimization
AWS Elastic Load Balancing
AWS Auto Scaling
AWS CloudFront
AWS Route 53
AWS DynamoDB
AWS ElastiCache
AWS SQS
AWS SNS
AWS EventBridge
AWS Step Functions
AWS API Gateway
AWS ECR
AWS EKS
AWS CloudFormation
AWS Elastic Beanstalk
AWS KMS
AWS Secrets Manager
AWS WAF and Shield
AWS CloudTrail
AWS Config
AWS Systems Manager
AWS Organizations
AWS EFS
AWS EBS Deep Dive
AWS Kinesis
AWS Athena
AWS CodeDeploy
AWS CodeCommit
AWS CDK
AWS SAM

AWS SSM Session Manager

PreviousPrev
Next

Learn how Session Manager provides SSH-free shell access to EC2 instances with IAM controls and CloudTrail auditability.

AWS SSM Session Manager replaces many traditional SSH workflows with browser or CLI sessions brokered through AWS Systems Manager. For DevOps teams, it matters because it reduces the need for bastion hosts, key pair distribution, and open inbound port 22 on every managed instance. Instead of relying on one fragile manual configuration, you can design a repeatable service boundary that stays stable while the workload behind it changes.

Core ideas

The main ideas to understand are instances need the SSM Agent and an IAM role that permits Systems Manager connectivity; operators can open sessions from the console or CLI without exposing SSH to the public internet; because Session Manager is integrated with AWS, access can be controlled through IAM and recorded through CloudTrail; and this approach is often easier to standardise than juggling many key pairs across accounts and environments. These details shape architecture decisions, but they also shape day-to-day operations. When a team chooses defaults without understanding how the service behaves under failure, scale, or security review, the platform often becomes harder to debug than the application itself.

Access methodOperational burdenSecurity posture
SSH with key pairsHigherRequires key handling and open port
Session ManagerLowerIAM controlled and auditable
Bastion hostMedium to highExtra server to secure and patch

From an operations perspective, the goal is to make interactive access the exception and keep it auditable when it is required for troubleshooting. The comparison below highlights the choices that usually matter first. It is often better to start with a simpler design and add sophistication only after metrics, incidents, or delivery requirements prove the change is necessary.

Practical commands

aws ssm start-session --target i-0123456789abcdef0
aws cloudtrail lookup-events --lookup-attributes AttributeKey=EventName,AttributeValue=StartSession --max-results 10

Practical CLI checks make the service easier to support in real environments. Use the commands below to inspect the current state and confirm that automation matches intent. Before you promote a change, verify session permissions, instance agent status, and logging configuration before retiring SSH-based access paths. A safe default is deny direct SSH by default once Session Manager is proven and operational runbooks are updated. That discipline makes later troubleshooting, scaling, and security reviews far less painful.

Exercise

Port 22

What is a key benefit of Session Manager for EC2 access?

Exercise

Auditing

Which service can help audit Session Manager access events?

PreviousPrev
Next

Continue Learning

AWS CloudTrail

Learn how CloudTrail records AWS API activity, separates management and data events, and supports audit and investigation workflows.

12 min·Intermediate

AWS Config

Learn how AWS Config tracks resource configuration history and compliance with managed or custom rules and remediation actions.

12 min·Intermediate

AWS Systems Manager

Learn how AWS Systems Manager centralizes operational tasks such as shell access, parameter storage, patching, and remote command execution.

15 min·Intermediate

Explore Related Topics

Te

Terraform Tutorials

Manage AWS infrastructure as code

Li

Linux Tutorials

Essential Linux skills for working with EC2

On This Page

Core ideasPractical commands