SSH Over SSM tunnel with AWS DirectConnect without Internet
Hi Dear Sir(Lady):
While we will use AWS DirectConnect to access AWS VPC, at on-premise PC we want use ssh by SSM session manager tunnel without Internet to access EC2 instance in VPC, is it feasible or not.
Thank you very much.
Best Regards.
- Newest
- Most votes
- Most comments
Hi, yes, it is feasible to use SSH by SSM Session Manager tunnel without Internet to access EC2 instance in VPC using AWS DirectConnect.
Here are the steps involved:
Create a VPC endpoint for Systems Manager in your VPC. Install the SSM Agent on your on-premise PC. Configure the SSM Agent to use the VPC endpoint for Systems Manager. Launch a session to the EC2 instance using SSM Session Manager. The SSM Agent will create a secure tunnel between your on-premise PC and the EC2 instance. This tunnel will allow you to SSH to the EC2 instance without having to open any ports on your on-premise PC.
Here are some additional details:
The VPC endpoint for Systems Manager will allow you to access SSM Session Manager without having to go through the Internet. The SSM Agent will create a secure tunnel using the HTTPS protocol. The tunnel will be encrypted using the TLS 1.2 protocol.
Relevant content
- asked a year ago
- Accepted Answerasked 8 months ago
- asked 16 days ago
AWS OFFICIALUpdated 8 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
Thank you very much
Wouldn't you need Direct Connect public virtual interface to be able to route traffic from on-prem to SSM over Direct Connect? Otherwise the first leg from on-prem to SSM API would go over the internet or did I miss something?