1
00:00:00,330 --> 00:00:02,310
So now let's talk about Systems Manager

2
00:00:02,310 --> 00:00:06,270
and more specifically the SSM Session Manager subservice.

3
00:00:06,270 --> 00:00:08,670
So it allows you to start a secure shell

4
00:00:08,670 --> 00:00:11,670
on your EC2 instance and your on-premises server,

5
00:00:11,670 --> 00:00:15,600
but the particularity is that you don't need any SSH access.

6
00:00:15,600 --> 00:00:17,400
You don't need any bastion host,

7
00:00:17,400 --> 00:00:19,500
you don't need any SSH keys,

8
00:00:19,500 --> 00:00:22,650
and therefore you do not open the port 22

9
00:00:22,650 --> 00:00:24,390
on your EC2 instances,

10
00:00:24,390 --> 00:00:27,630
therefore providing you with better security.

11
00:00:27,630 --> 00:00:28,980
So you have your EC2 instance

12
00:00:28,980 --> 00:00:30,690
and it's running the SSM agents,

13
00:00:30,690 --> 00:00:33,960
and for example, the Amazon in Linux 2 AMI

14
00:00:33,960 --> 00:00:36,930
do have these kind of agents running on it.

15
00:00:36,930 --> 00:00:39,420
And then we go onto Session Manager

16
00:00:39,420 --> 00:00:41,310
with the right IAM permissions

17
00:00:41,310 --> 00:00:44,700
and we execute commands directly on the EC2 instance.

18
00:00:44,700 --> 00:00:48,090
So it supports Linux, macOS, and Windows,

19
00:00:48,090 --> 00:00:53,070
and any session data can be sent to S3 or Calabash logs.

20
00:00:53,070 --> 00:00:55,980
So whatever commands someone types on Session Manager,

21
00:00:55,980 --> 00:00:58,980
you can see an audit, which is really good.

22
00:00:58,980 --> 00:01:02,790
The one thing is that the EC2 instance must have an IAM role

23
00:01:02,790 --> 00:01:06,630
that is allowing it to access the Session Manager service.

24
00:01:06,630 --> 00:01:11,010
So if you see access to a secure shell on EC2 instances,

25
00:01:11,010 --> 00:01:14,700
for example, but without connecting through SSH

26
00:01:14,700 --> 00:01:18,090
or EC2 instance connect, which also leverages SSH,

27
00:01:18,090 --> 00:01:21,840
then you have to think about the SSM Session Manager.

28
00:01:21,840 --> 00:01:23,970
So that's it for this lecture, I hope you liked it,

29
00:01:23,970 --> 00:01:25,920
and I will see you in the next lecture.