EC2 instance connect vs Sessions Manager
- EC2 instance connect works
- only when you have public ip
- works by creating temporary ssh keys and uses sshd
- logging is limited.
- Sessions manager works
- after enabling systems manager
- works with private ips
- uses the ssm agent installed in the machine
- Audit and access controls are better here
- used by admins.
- Sessions manager IAM Role Requirements:
- We are able to connect to ec2 instances with public ip
- With private ip’s we will do that later.
Scenario 2: Patching Operatings Systems Every Quarter.
- Your organization has a policy of updating all the os quarterly
- How to automate this.
-
option 1
- AWS -> Systems Manager.
- Azure -> Operations
- option2 : Your organization has a script (shell/python/ansible…) which needs to be executed on machines
EC2 Systems Manager
- AWS by default doesnot have built in agents in ec2 instances
-
To solve this AWS has created a systems manager which solves
- State Management
- Session Management
- Chanage Management
- Node Management
- In AWS for any service to access other service we require permissions (Roles) and install agents
- AWS is adopting new approaches for systems manager
