Comfortable server operation with AWS session manager

My name is Kotaro Nakane, and I work as a director at Definer Inc.

This time, I would like to talk about the AWS session manager service.

Creating and managing a stepladder server is a hassle

Many companies are using a treadle server for logging in to AP servers for business use.
However, we often hear of issues such as the need for periodic patching, and the cost of the server.
If you are using AWS, session manager is the solution.

AWS session manager eliminates the need for a stepping stone server

AWS session manager allows you to log in to the server from a web browser without a step server.
The session manager agent is installed by default on many AMIs such as ubuntu and Amazon Linux, so anyone can use it by setting the following
・Granting privileges to IAM users who use session manager
・Granting privileges to EC2 users who log in with session manager
　(Only grant the policy "AmazonEC2RoleforSSM" that AWS provides by default.
・Granting access to SSM/EC2 endpoints
　For private subnets, you will need to use a NAT gateway or create a VPC endpoint

This is all that is required to log in to the server from a browser.
After successful access, you will be logged in as a user named "ssm-user" and you can execute any command you like!
I feel that the time and effort required to check the logs on the server has been greatly eased by being able to do so with session manager.
Please consider using session manager!

Also, please note the following points, which we would appreciate it if you could check before using session manager.
・Some requirements, such as operating a DB by port forwarding via a step ladder with a SQL client, cannot be achieved without a step ladder server.
・ssm-user has strong privileges to use sudo without password by default, so it is necessary to design the privileges properly, such as which IAM users are allowed to use session manager and which users are not.

For those who have read this

If you have read this far, I am sure we share some values, and I would be very happy if we could talk casually first.
Definer, Inc. is looking for people to work with.

株式会社Definerでは一緒に働く仲間を募集しています

人事・経営・sennryaku
ソフトウェアエンジニア
カジュアル面談です

開発
ソフトウェアエンジニア
フルスタックエンジニア
プロダクトマネージャー（PdM）

ビジネス
人事・経営・sennryaku
ビジネスオープンポジション
インサイドセールス（マネジメント）

その他
カジュアル面談です