EC2 via Systems Manager Agent (SSM)

Apono AWS EC2 Integration utilizes SSM (System Manager) Agent to for JIT access management for AWS VMs

Have you connected an AWS account?

Make sure you integrated your AWS account to Apono. Follow this AWS Integration step-by-step guide.

Intro

This integration provides the ability to grant users permissions to connect to the EC2 with a secure connection through SSM.

An integration between Apono and the AWS Organization or Account where the EC2 is.
EC2 machine with SSM agent installed. Installed by default in most EC2s docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent
End users will need to install the session manager plugin for AWS CLI on the local user's computer. docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin

Follow the steps below to create an EC2 instance role with the AmazonSSMManagedInstanceCore managed policy. Read more here.

In the AWS IAM, Click Create new IAM Role
1. Click Create Role
2. Choose the AWS Service option
3. From the dropdown list, choose EC2
4. Choose EC2 Role for AWS System Manager. Click Next.
5. Verify that the AmazonSSMManagerInstanceCore policy is added. Click Next
6. Fill the Role name box (for example, ec2-ssm)
7. Click Create role
Go back to the Modify IAM Role page
1. From the dropdown list, choose the new IAM role we created (ec2-ssm)
2. Click Update IAM role
3. Pleas note: it takes about 30 minutes for the AWS sync to finish.

In the Apono UI, edit an existing AWS Org or AWS Account integration or create a new one.
Add the EC2 Connect resource type.
Complete the integration and click Integrate.

Apono should now discover EC2 machines! You can now create access flows to EC2 instances.

Last updated 4 months ago

Was this helpful?