SSH has an advantage over AWS SSM in that it is easier to use and you do not have to create an AWS IAM user for an external user that needs access to your private subnet. pem certificates on the bastion host itself. It is also more work to manage physical Linux users with their. This increases your surface of attack, anything available on the internet is vulnerable to port enumerations, brute force attacks, DOS attacks and more. SSH on the other hand requires your bastion host to be in the public subnet with a public IP and open port for SSH. It is easier to update the agent with AWS SSM by using the AWS-UpdateSSMAgent document than doing it manually. Most AMIs (like Amazon Linux 2) already have the Agent installed but last time I checked, the installed version is less than the required version and needs updating.
#SSH TUNNEL AWS INSTALL#
You also need to install the SSM Agent version >. To use AWS SSM, you need to install the AWS CLI and the session-manager-plugin locally on your machine. This is great for your security footprint as there are no publicly available entry points.ĪWS SSM also uses IAM authentication which makes it easier to manage authentication if you are already managing users via IAM.
AWS SSM allows us to place the bastion host (also known as a jump host) in a private subnet with no open inbound ports (rules in the security group). The AWS recommend method of port forwarding is to use AWS Session Manager (AWS SSM) which is more secure than SSH. Written by: Rehan van der Merwe AWS SSM vs SSH #
0 kommentar(er)
