Hi, my team currently testing session manager feature to adopt our environment and client's environment.
basic session manager feature seems to working very well, we dont have any troulbe to connect ec2 via session manager.
but after we enable the session manager logging feature on AWS UI ->AWS Systems Manager->
Session Manager-> prefereance
conencting to ec2 instance via session manager took almost 3 minutes (if we turn the logging feature disable, connecting to ec2 happen instantly) and logging seems to not working on our specified target (currently we set the target to cloudwatch log-groups)
is there some more process we should done to work this out?
fyi
so far we done
- DNS features enabled on VPC
- create 3 endpoints (ssm, ssmmessages and ec2messages) and put the security group allow https
- use Amazon supplied basic AMI (Amazon linux AMI)
- made role with two policies attaced and put this on ec2 instances
- AmazonSSMManagedInstanceCore
- custom policy to work with cloudwatch with following statesments
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:DescribeLogGroups",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
AWS 官方已更新 1 年前