Connecting to Your EC2 Instance Using AWS Session Manager and Fleet Manager without opening RDP and SSH
This guide details the steps necessary to connect to an EC2 instance using AWS Session Manager and Fleet Manager without the need to open RDP or SSH ports. This method ensures compliance with HP Cloud network security standards, which can be reviewed here.
Prerequisites:
- Create an EC2 instance within a VPC and configure the security group according to HP Cloud requirements. Detailed guidelines are available here.
- I have established a policy named "GSS-Fleet-Manager" and assigned it to the role "GSS-Teradici". This configuration helps in connecting to the EC2 instance without needing to open RDP or SSH ports.
- The "GSS-Teradici" role is also designed to facilitate the downloading of drivers from the S3 bucket necessary for setting up the graphics agent on PCoIP. This is compatible with both Windows and Linux operating systems. (I have also Attached the document if you trying to setup the Graphics Agent on Linux and Windows)
- Important Notes:
- When using the Session Manager, note that it supports terminal access only, which is ideal for Linux-based instances.
- For graphical user interface (GUI) needs, Fleet Manager is recommended and is suitable for Windows-based instances.
- If the SSM Agent is not present on your machine, please proceed to install it manually.
- Navigate to your EC2 instance in the AWS Management Console.
- Go to "Actions" → "Security" → "Modify IAM Role".
- Choose the IAM role 'GSS-Teradici' from the list, then select 'Update IAM Role' to proceed with the changes.
- Confirm that it is attached to your instance.
- Firstly, go to the "Session manager" service on AWS.
- Wait for 5 to 10 min. You will see your instance as follows:
- From the above screen, select the instance and click on the "Start Session" button:
- This will open a new browser tab as follows:
- Navigate to the VPC service.
- In the VPC Dashboard, select "Endpoints" from the left-hand menu.
- Click on "Create Endpoint."
- Configure the following endpoints as shown in the image:
- SSM Endpoint:
- Name: Display Name
- Service name: com.amazonaws.us-west-1.ssm
- VPC: (replace with your VPC ID)
- SSM Messages Endpoint:
- Name: Display Name
- Service name: com.amazonaws.us-west-1.ssmmessages
- VPC: (replace with your VPC ID)
- EC2 Messages Endpoint:
- Name: Display Name
- Service name: com.amazonaws.us-west-1.ec2messages
- VPC: (replace with your VPC ID)
- S3 Endpoint:
- Name: Display Name
- Service name: com.amazonaws.us-west-1.s3
- VPC: (replace with your VPC ID)
- SSM Endpoint:
- Ensure the subnets and security groups are appropriately selected to allow communication.
- Navigate to Fleet Manager.
- Select your machine and proceed to 'Node actions'.
- Click on 'Connect' and then choose 'Connect with Remote Desktop'.
- If you already have the password, choose 'User Credentials'. Alternatively, select 'Key Pair' if you already have the PEM file saved.
To manually install the latest version of SSM Agent on EC2 instances for Windows Server
Windows - https://docs.aws.amazon.com/systems-manager/latest/userguide/manually-install-ssm-agent-windows.html
Linux - https://docs.aws.amazon.com/systems-manager/latest/userguide/manually-install-ssm-agent-linux.html