- Newest
- Most votes
- Most comments
Yes, it's possible and purely depends on exact use case.
To best answer your question, please see this re:Post Knowledge Article and re:Post Answer
Additional discussions for your reference:
Yes, it is possible.
The following document shows port forwarding to RDS, but it is also possible to port forward SSH to Linux EC2.
https://aws.amazon.com/jp/blogs/mt/use-port-forwarding-in-aws-systems-manager-session-manager-to-connect-to-remote-hosts/
It is also possible to connect directly with Session Manager if the Linux EC2 is registered as a managed node of Systems Manager.
If this answer leads to a resolution, please approve the answer for the betterment of the community.
PS: If you are using a region or AMI that meets your requirements, you could consider using Instance Connect Endpoint. For more information on Instance Connect Endpoint, please refer to the following document. https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Connect-using-EC2-Instance-Connect-Endpoint.html
Also, consider that using SSM fir bastion host purposes has been dramatically simplified with this recently: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/connect-using-eice.html
Relevant content
- Accepted Answerasked 4 years ago
- asked 2 years ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
I can currently run an Ansible playbook command from the bastion host to update a ssl cert. in Java keystore on all 50+ instances. This is just an example, I can do many other stuff using Ansible. Is it possible with SSM?
Absolutely, you can run shell scripts, ansible playbooks. Basically SSM is just forwarding your commands to EC2. You may have preferences but I intentionally put references of other options as well that you can consider one over other depending on which method you find more convenient. Recently EC2 Instance Connect Endpoint feature is also launched, which provides great options and flexibilities. Recently I was helping one of the other re:Post user, you may want to take a look at this re:Post Answer too. So ultimately, it purely depends on your preference and use case. Hope this answers your question.
Feel free to comment here, if you have questions further, happy to help. If this answers your question, please approve the answer for better community experience.