# aws-ssm-tools - AWS System Manager Tools
[](https://circleci.com/gh/mludvig/aws-ssm-tools)
[](https://pypi.org/project/aws-ssm-tools/)
[](https://pypi.org/project/aws-ssm-tools/)
Helper tools for AWS Systems Manager: `ec2-session`, `ec2-ssh` and `ssm-tunnel`,
and for ECS Docker Exec: `ecs-session`
## Scripts included
* **ec2-session** (formerly _ssm-session_)
Wrapper around `aws ssm start-session` that can open
SSM Session to an instance specified by *Name* or *IP Address*.
It doesn't need user credentials or even `sshd` running on the instance.
Check out *[SSM Sessions the easy
way](https://aws.nz/projects/ssm-session/)* for an example use.
Works with any Linux or Windows EC2 instance registered in SSM.
* **ecs-session**
Wrapper around `aws ecs execute-command` that can run a command
or open an interactive session to an Exec-enabled ECS container
specified by the service, name, IP address, etc.
It doesn't need user credentials or `sshd` running on the container,
however the containers must be configured to allow this access.
Check out *[Interactive shell in ECS Containers](https://aws.nz/projects/ecs-session/)*
for an example use.
* **ec2-ssh** (formerly _ssm-ssh_)
Open an SSH connection to the remote server through *Systems Manager*
without the need for open firewall or direct internet access. SSH can
then be used to forward ports, copy files, etc.
Unlike `ssm-tunnel` it doesn't create a full VPN link, however it's in
some aspects more versatile as it can be used with `rsync`, `scp`,
`sftp`, etc.
It works with any client that can run SSH (including Mac OS-X) and
doesn't require a special agent on the instance, other than the standard
AWS SSM agent.
Also supports pushing your SSH key to the instance with `--send-key` (aka
*EC2 Instance Connect*, although that's an odd name for this function).
* **ssm-tunnel**
Open *IP tunnel* to the SSM instance and to enable *network access*
to the instance VPC. This requires [ssm-tunnel-agent](README-agent.md)
installed on the instance.
Works with *Amazon Linux 2* instances and probably other recent Linux
EC2 instances. Requires *Linux* on the client side - if you are on Mac
or Windows you can install a Linux VM in a [VirtualBox](https://virtualbox.org).
Requires `ssm-tunnel-agent` installed on the instance - see below for
instructions.
## Usage
1. **List instances** available for connection
```
~ $ ec2-session --list
InstanceId InstanceName HostName Addresses
------------------- ---------------- ------------------------------ --------------
i-07c189021bc56e042 nginx-web-server ip-10-251-128-70.ec2.internal 10.251.128.70
i-094df06d3633f3267 bastion-host ip-10-251-128-73.ec2.internal 10.251.128.73
i-02689d593e17f2b75 jenkins-server ip-10-251-129-78.ec2.internal 10.251.129.78
```
If you're like me and have access to many different AWS accounts you
can select the right one with `--profile` and / or change the `--region`:
```
~ $ ec2-session --profile aws-sandpit --region us-west-2 --list
InstanceId InstanceName HostName Addresses
------------------- ---------------- ----------------------------- --------------
i-07c189021bc56e042 nginx-web-server ip-10-251-128-70.ec2.internal 10.251.128.70
```
Alternatively use the standard AWS *environment variables*:
```
~ $ export AWS_DEFAULT_PROFILE=aws-sandpit
~ $ export AWS_DEFAULT_REGION=us-west-2
~ $ ec2-session --list
InstanceId InstanceName HostName Addresses
------------------- ---------------- ----------------------------- -------------
i-07c189021bc56e042 nginx-web-server ip-10-251-128-70.ec2.internal 10.251.128.70
```
2. **Open SSM session** to an instance:
This opens an interactive shell session over SSM without the need for
a password or SSH key. Note that by default the login user is `ssm-user`.
You can specify most a different user with e.g. `--user ec2-user` or
even `--user root`.
Running `ec2-session` without specifying an IP or hostname to connect to will show a simple terminal menu.
You can see all the servers managed by SSM here and pressing enter will start a connection to the highted server.
note that you will still need to pass in `--user` if you are not using the default values.
You can skip the interactive menu by specifying the server directly into the command.
```
~ $ ec2-session -v nginx-web-server --user ec2-user --reason "optional - The reason why you are connecting to the instance"
InstanceId InstanceName HostName Addresses
------------------- ---------------- ----------------------------- -------------
i-07c189021bc56e042 nginx-web-server ip-10-251-128-70.ec2.internal 10.251.128.70
Starting session with SessionId: botocore-session-0d381a3ef740153ac
[ec2-user@ip-10-251-128-70] ~ $ hostname
ip-10-251-128-70.ec2.internal
```
You can specify other SSM documents to run with `--document-name AWS-...`
to customise your session. Refer to AWS docs for details.
3. **Open SSH session** over SSM with *port forwarding*.
The `ec2-ssh` tool provides a connection and authentication mechanism
for running SSH over Systems Manager.
The target instance *does not need* a public IP address, it also does
*not* need an open SSH port in the Security Group. All it needs is to be
registered in the Systems Manager.
All `ssh` options are supported, go wild. In this example we will port forward
our local 3306 port to our MySQL RDS database which is running on the same standard port
`-L 3306:mysql-rds.aws.nz:3306` SSH port forwarding method.
```
~ $ ec2-ssh ec2-user@test1 -L 3306:mysql-rds.aws.nz:3306 -i ~/.ssh/aws-nz.pem
InstanceId InstanceName HostName Addresses
------------------- --------------------------- ------------------------------ --------------
i-07c189021bc56e042 nginx-web-server ip-10-251-128-70.ec2.internal 10.251.128.70
[ec2-ssh] INFO: Resolved instance name 'test1' to 'i-07c189021bc56e042'
[ec2-ssh] INFO: Running: ssh -o ProxyCommand='aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p' i-07c189021bc56e042 -l ec2-user -L 3306:mysql-rds.aws.nz:3306 -i ~/.ssh/aws-nz.pem
OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017
...
Last login: Sun Apr 12 20:05:09 2020 from localhost
__| __|_ )
_| ( / Amazon Linux 2 AMI
___|\___|___|
[ec2-user@ip-192-168-45-158] ~ $
```
From another terminal we can now connect to the MySQL RDS. Since the
port 3306 is forwarded from *localhost* through the tunnel we will
instruct `mysql` client to connect to `127.0.0.1` (localhost).
```
~ $ mysql -h 127.0.0.1 -u {RdsMasterUser} -p
Enter password: {RdsMasterPassword}
Welcome to the MariaDB monitor. Commands end with ; or \g.
Server version: 5.6.10 MySQL Community Server (GPL)
MySQL [(none)]> show processlist;
+-----+------------+-----------------------+
| Id | User | Host |
+-----+------------+-----------------------+
| 52 | rdsadmin | localhost |
| 289 | masteruser | 192.168.45.158:52182 | <<< Connection from test1 IP
+-----+------------+-----------------------+
2 rows in set (0.04 sec)
```
4. **Use `rsync` with `ec2-ssh`** to copy files to/from EC2 instance.
Since in the end we run a standard `ssh` client we can use it with
[rsync](https://en.wikipedia.org/wiki/Rsync) to copy files to/from the
EC2 instance.
```
~ $ rsync -e ec2-ssh -Prv ec2-user@test1:some-file.tar.gz .
some-file.tar.gz
31,337,841 100% 889.58kB/s 0:00:34 (xfr#1, to-chk=0/1)
sent 43 bytes received 31,345,607 bytes 814,172.73 bytes/sec
total size is 31,337,841 speedup is 1.00
```
We can also select a different AWS profile and/or region:
```
~ $ rsync -e "ec2-ssh --profile aws-sandpit --region us-west-2" -Prv ...
```
Alternatively set the profile and region through standard AWS
*environment variables* `AWS_DEFAULT_PROFILE` and
`AWS_DEFAULT_REGION`.`
5. **Create IP tunnel** and SSH to another instance in the VPC through it.
We will use `--route 192.168.44.0/23` that gives us access to the VPC CIDR.
```
~ $ ssm-tunnel -v tunnel-test --route 192.168.44.0/23
[ssm-tunnel] INFO: Local IP: 100.64.160.100 / Remote IP: 100.64.160.101
00:00:15 | In: 156.0 B @ 5.2 B/s | Out: 509.0 B @ 40.4 B/s
```
Leave it running and from another shell `ssh` to one of the instances listed
with `--list` above. For example to `test1` that's got VPC IP `192.168.45.158`:
```
~ $ ssh ec2-user@192.168.45.158
Last login: Tue Jun 18 20:50:59 2019 from 100.64.142.232
...
[ec2-user@test1 ~]$ w -i
21:20:43 up 1:43, 1 user, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
ec2-user pts/0 192.168.44.95 21:20 3.00s 0.02s 0.00s w -i
^^^^^^^^^^^^^
[ec2-user@test1 ~]$ exit
Connection to 192.168.45.158 closed.
~ $
```
Note the source IP `192.168.44.95` that belongs to the `tunnel-test`
instance - our connections will *appear* as if they come from this instance.
Obviously the **Security Groups** of your other instances must allow SSH
access from the IP or SG of your tunnelling instance.
All these tools support `--help` and a set of common parameters:
--profile PROFILE, -p PROFILE
Configuration profile from ~/.aws/{credentials,config}
--region REGION, -g REGION
Set / override AWS region.
--verbose, -v Increase log level.
--debug, -d Increase log level even more.
`ec2-ssh` only supports the long options to prevent conflict with `ssh`'s
own short options that are being passed through.
Standard AWS environment variables like `AWS_DEFAULT_PROFILE`,
`AWS_DEFAULT_REGION`, etc, are also supported.
## Installation
All the tools use **AWS CLI** to open **SSM Session** and then use that
session to run commands on the target instance. The target instances **must be
registered in SSM**, which means they need:
- **connectivity to SSM endpoint**, e.g. through public IP, NAT Gateway, or
SSM VPC endpoint.
- **EC2 instance IAM Role** with permissions to connect to Systems Manager.
Follow the detailed instructions at [**Using SSM Session Manager for
interactive instance access**](https://aws.nz/best-practice/ssm-session-manager/)
for more informations.
### Install *AWS CLI* and `session-manager-plugin`
Make sure you've got `aws` and `session-manager-plugin` installed locally
on your laptop.
```
~ $ aws --version
aws-cli/1.18.31 Python/3.6.9 Linux/5.3.0-42-generic botocore/1.15.31
~ $ session-manager-plugin --version
1.1.56.0
```
Follow [AWS CLI installation
guide](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)
and [session-manager-plugin
installation guide](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html) to install them if needed.
Note that `ec2-ssh` needs `session-manager-plugin` version *1.1.23* or
newer. Upgrade if your version is older.
### Register your instances with Systems Manager
*Amazon Linux 2* instances already have the `amazon-ssm-agent` installed and
running. All they need to register with *Systems Manager* is
**AmazonEC2RoleforSSM** managed role in their *IAM Instance Role* and network
access to `ssm.{region}.amazonaws.com` either directly or through a *https proxy*.
Check out the [detailed instructions](https://aws.nz/best-practice/ssm-session-manager/) for more info.
### Install SSM-Tools *(finally! :)*
The easiest way is to install the ssm-tools from *[PyPI](https://pypi.org/)* repository:
```
sudo pip3 install aws-ssm-tools
```
**NOTE:** SSM Tools require **Python 3.9 or newer**. Only `ssm-tunnel-agent`
requires **Python 3.8 or newer** as that's what's available by default
on *Amazon Linux 2* instances.
### Standalone *ssm-tunnel-agent* installation
Refer to *[README-agent.md](README-agent.md)* for `ssm-tunnel-agent`
installation details.
Alternatively it's also bundled with this package, you can take it from here and
copy to `/usr/local/bin/ssm-tunnel-agent` on the instance. Make it executable
and it should just work.
## Other AWS Utilities
Check out **[AWS Utils](https://github.com/mludvig/aws-utils)**
repository for more useful AWS tools.
## Author and License
All these scripts were written by [Michael Ludvig](https://aws.nz/)
and are released under [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0).
Raw data
{
"_id": null,
"home_page": null,
"name": "aws-ssm-tools",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.8",
"maintainer_email": null,
"keywords": "aws, ec2-session, ec2-ssh, ecs-session, ssm, ssm-tunnel",
"author": null,
"author_email": "Michael Ludvig <mludvig@logix.net.nz>",
"download_url": "https://files.pythonhosted.org/packages/91/1a/7d594fa17197310515ae8a36bc01bf5bf0a50fd863f159cc8777cbd484c5/aws_ssm_tools-2.0.1.tar.gz",
"platform": null,
"description": "# aws-ssm-tools - AWS System Manager Tools\n\n[](https://circleci.com/gh/mludvig/aws-ssm-tools)\n[](https://pypi.org/project/aws-ssm-tools/)\n[](https://pypi.org/project/aws-ssm-tools/)\n\nHelper tools for AWS Systems Manager: `ec2-session`, `ec2-ssh` and `ssm-tunnel`,\nand for ECS Docker Exec: `ecs-session`\n\n## Scripts included\n\n* **ec2-session** (formerly _ssm-session_)\n\n Wrapper around `aws ssm start-session` that can open\n \u00a0SSM Session to an instance specified by *Name* or *IP Address*.\n\n It doesn't need user credentials or even `sshd` running on the instance.\n\n Check out *[SSM Sessions the easy\n way](https://aws.nz/projects/ssm-session/)* for an example use.\n\n Works with any Linux or Windows EC2 instance registered in SSM.\n\n* **ecs-session**\n\n Wrapper around `aws ecs execute-command` that can run a command\n or open an interactive session to an Exec-enabled ECS container\n specified by the service, name, IP address, etc.\n\n It doesn't need user credentials or `sshd` running on the container,\n however the containers must be configured to allow this access.\n\n Check out *[Interactive shell in ECS Containers](https://aws.nz/projects/ecs-session/)*\n for an example use.\n\n* **ec2-ssh** (formerly _ssm-ssh_)\n\n Open an SSH connection to the remote server through *Systems Manager*\n without the need for open firewall or direct internet access. SSH can\n then be used to forward ports, copy files, etc.\n\n Unlike `ssm-tunnel` it doesn't create a full VPN link, however it's in\n some aspects more versatile as it can be used with `rsync`, `scp`,\n `sftp`, etc.\n\n It works with any client that can run SSH (including Mac OS-X) and\n doesn't require a special agent on the instance, other than the standard\n AWS SSM agent.\n\n Also supports pushing your SSH key to the instance with `--send-key` (aka\n *EC2 Instance Connect*, although that's an odd name for this function).\n\n* **ssm-tunnel**\n\n Open *IP tunnel* to the SSM instance and to enable *network access*\n to the instance VPC. This requires [ssm-tunnel-agent](README-agent.md)\n installed on the instance.\n\n Works with *Amazon Linux 2* instances and probably other recent Linux\n EC2 instances. Requires *Linux* on the client side - if you are on Mac\n or Windows you can install a Linux VM in a [VirtualBox](https://virtualbox.org).\n\n Requires `ssm-tunnel-agent` installed on the instance - see below for\n instructions.\n\n## Usage\n\n1. **List instances** available for connection\n\n ```\n ~ $ ec2-session --list\n InstanceId InstanceName HostName Addresses\n ------------------- ---------------- ------------------------------ --------------\n i-07c189021bc56e042 nginx-web-server ip-10-251-128-70.ec2.internal 10.251.128.70\n i-094df06d3633f3267 bastion-host ip-10-251-128-73.ec2.internal 10.251.128.73\n i-02689d593e17f2b75 jenkins-server ip-10-251-129-78.ec2.internal 10.251.129.78\n ```\n\n If you're like me and have access to many different AWS accounts you\n can select the right one with `--profile` and / or change the `--region`:\n\n ```\n ~ $ ec2-session --profile aws-sandpit --region us-west-2 --list\n InstanceId InstanceName HostName Addresses\n ------------------- ---------------- ----------------------------- --------------\n i-07c189021bc56e042 nginx-web-server ip-10-251-128-70.ec2.internal 10.251.128.70\n ```\n\n Alternatively use the standard AWS *environment variables*:\n\n ```\n ~ $ export AWS_DEFAULT_PROFILE=aws-sandpit\n ~ $ export AWS_DEFAULT_REGION=us-west-2\n ~ $ ec2-session --list\n InstanceId InstanceName HostName Addresses\n ------------------- ---------------- ----------------------------- -------------\n i-07c189021bc56e042 nginx-web-server ip-10-251-128-70.ec2.internal 10.251.128.70\n ```\n\n2. **Open SSM session** to an instance:\n\n This opens an interactive shell session over SSM without the need for\n a password or SSH key. Note that by default the login user is `ssm-user`.\n You can specify most a different user with e.g. `--user ec2-user` or\n even `--user root`.\n\n\n Running `ec2-session` without specifying an IP or hostname to connect to will show a simple terminal menu.\n You can see all the servers managed by SSM here and pressing enter will start a connection to the highted server.\n note that you will still need to pass in `--user` if you are not using the default values.\n\n You can skip the interactive menu by specifying the server directly into the command.\n ```\n ~ $ ec2-session -v nginx-web-server --user ec2-user --reason \"optional - The reason why you are connecting to the instance\"\n InstanceId InstanceName HostName Addresses\n ------------------- ---------------- ----------------------------- -------------\n i-07c189021bc56e042 nginx-web-server ip-10-251-128-70.ec2.internal 10.251.128.70\n\n Starting session with SessionId: botocore-session-0d381a3ef740153ac\n [ec2-user@ip-10-251-128-70] ~ $ hostname\n ip-10-251-128-70.ec2.internal\n ```\n\n You can specify other SSM documents to run with `--document-name AWS-...`\n to customise your session. Refer to AWS docs for details.\n\n3. **Open SSH session** over SSM with *port forwarding*.\n\n The `ec2-ssh` tool provides a connection and authentication mechanism\n for running SSH over Systems Manager.\n\n The target instance *does not need* a public IP address, it also does\n *not* need an open SSH port in the Security Group. All it needs is to be\n registered in the Systems Manager.\n\n All `ssh` options are supported, go wild. In this example we will port forward\n our local 3306 port to our MySQL RDS database which is running on the same standard port\n `-L 3306:mysql-rds.aws.nz:3306` SSH port forwarding method.\n\n ```\n ~ $ ec2-ssh ec2-user@test1 -L 3306:mysql-rds.aws.nz:3306 -i ~/.ssh/aws-nz.pem\n InstanceId InstanceName HostName Addresses\n ------------------- --------------------------- ------------------------------ --------------\n i-07c189021bc56e042 nginx-web-server ip-10-251-128-70.ec2.internal 10.251.128.70\n [ec2-ssh] INFO: Resolved instance name 'test1' to 'i-07c189021bc56e042'\n [ec2-ssh] INFO: Running: ssh -o ProxyCommand='aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters portNumber=%p' i-07c189021bc56e042 -l ec2-user -L 3306:mysql-rds.aws.nz:3306 -i ~/.ssh/aws-nz.pem\n OpenSSH_7.6p1 Ubuntu-4ubuntu0.3, OpenSSL 1.0.2n 7 Dec 2017\n ...\n Last login: Sun Apr 12 20:05:09 2020 from localhost\n\n __| __|_ )\n _| ( / Amazon Linux 2 AMI\n ___|\\___|___|\n\n [ec2-user@ip-192-168-45-158] ~ $\n ```\n\n From another terminal we can now connect to the MySQL RDS. Since the\n port 3306 is forwarded from *localhost* through the tunnel we will\n instruct `mysql` client to connect to `127.0.0.1` (localhost).\n\n ```\n ~ $ mysql -h 127.0.0.1 -u {RdsMasterUser} -p\n Enter password: {RdsMasterPassword}\n Welcome to the MariaDB monitor. Commands end with ; or \\g.\n Server version: 5.6.10 MySQL Community Server (GPL)\n\n MySQL [(none)]> show processlist;\n +-----+------------+-----------------------+\n | Id | User | Host |\n +-----+------------+-----------------------+\n | 52 | rdsadmin | localhost |\n | 289 | masteruser | 192.168.45.158:52182 | <<< Connection from test1 IP\n +-----+------------+-----------------------+\n 2 rows in set (0.04 sec)\n ```\n\n4. **Use `rsync` with `ec2-ssh`** to copy files to/from EC2 instance.\n\n Since in the end we run a standard `ssh` client we can use it with\n [rsync](https://en.wikipedia.org/wiki/Rsync) to copy files to/from the\n EC2 instance.\n\n ```\n ~ $ rsync -e ec2-ssh -Prv ec2-user@test1:some-file.tar.gz .\n some-file.tar.gz\n 31,337,841 100% 889.58kB/s 0:00:34 (xfr#1, to-chk=0/1)\n sent 43 bytes received 31,345,607 bytes 814,172.73 bytes/sec\n total size is 31,337,841 speedup is 1.00\n ```\n\n We can also select a different AWS profile and/or region:\n\n ```\n ~ $ rsync -e \"ec2-ssh --profile aws-sandpit --region us-west-2\" -Prv ...\n ```\n\n Alternatively set the profile and region through standard AWS\n *environment variables* `AWS_DEFAULT_PROFILE` and\n `AWS_DEFAULT_REGION`.`\n\n5. **Create IP tunnel** and SSH to another instance in the VPC through it.\n\n We will use `--route 192.168.44.0/23` that gives us access to the VPC CIDR.\n\n ```\n ~ $ ssm-tunnel -v tunnel-test --route 192.168.44.0/23\n [ssm-tunnel] INFO: Local IP: 100.64.160.100 / Remote IP: 100.64.160.101\n 00:00:15 | In: 156.0 B @ 5.2 B/s | Out: 509.0 B @ 40.4 B/s\n ```\n\n Leave it running and from another shell `ssh` to one of the instances listed\n with `--list` above. For example to `test1` that's got VPC IP `192.168.45.158`:\n\n ```\n ~ $ ssh ec2-user@192.168.45.158\n Last login: Tue Jun 18 20:50:59 2019 from 100.64.142.232\n ...\n [ec2-user@test1 ~]$ w -i\n 21:20:43 up 1:43, 1 user, load average: 0.00, 0.00, 0.00\n USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT\n ec2-user pts/0 192.168.44.95 21:20 3.00s 0.02s 0.00s w -i\n ^^^^^^^^^^^^^\n [ec2-user@test1 ~]$ exit\n Connection to 192.168.45.158 closed.\n ~ $\n ```\n\n Note the source IP `192.168.44.95` that belongs to the `tunnel-test`\n instance - our connections will *appear* as if they come from this instance.\n Obviously the **Security Groups** of your other instances must allow SSH\n access from the IP or SG of your tunnelling instance.\n\nAll these tools support `--help` and a set of common parameters:\n\n --profile PROFILE, -p PROFILE\n Configuration profile from ~/.aws/{credentials,config}\n --region REGION, -g REGION\n Set / override AWS region.\n --verbose, -v Increase log level.\n --debug, -d Increase log level even more.\n\n`ec2-ssh` only supports the long options to prevent conflict with `ssh`'s\nown short options that are being passed through.\n\nStandard AWS environment variables like `AWS_DEFAULT_PROFILE`,\n`AWS_DEFAULT_REGION`, etc, are also supported.\n\n## Installation\n\nAll the tools use **AWS CLI** to open **SSM Session** and then use that\nsession to run commands on the target instance. The target instances **must be\nregistered in SSM**, which means they need:\n\n- **connectivity to SSM endpoint**, e.g. through public IP, NAT Gateway, or\n SSM VPC endpoint.\n- **EC2 instance IAM Role** with permissions to connect to Systems Manager.\n\nFollow the detailed instructions at [**Using SSM Session Manager for\ninteractive instance access**](https://aws.nz/best-practice/ssm-session-manager/)\nfor more informations.\n\n### Install *AWS CLI* and `session-manager-plugin`\n\nMake sure you've got `aws` and `session-manager-plugin` installed locally\non your laptop.\n\n```\n~ $ aws --version\naws-cli/1.18.31 Python/3.6.9 Linux/5.3.0-42-generic botocore/1.15.31\n\n~ $ session-manager-plugin --version\n1.1.56.0\n```\n\nFollow [AWS CLI installation\nguide](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html)\nand [session-manager-plugin\ninstallation guide](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html) to install them if needed.\n\nNote that `ec2-ssh` needs `session-manager-plugin` version *1.1.23* or\nnewer. Upgrade if your version is older.\n\n### Register your instances with Systems Manager\n\n*Amazon Linux 2* instances already have the `amazon-ssm-agent` installed and\nrunning. All they need to register with *Systems Manager* is\n**AmazonEC2RoleforSSM** managed role in their *IAM Instance Role* and network\naccess to `ssm.{region}.amazonaws.com` either directly or through a *https proxy*.\n\nCheck out the [detailed instructions](https://aws.nz/best-practice/ssm-session-manager/) for more info.\n\n### Install SSM-Tools *(finally! :)*\n\nThe easiest way is to install the ssm-tools from *[PyPI](https://pypi.org/)* repository:\n\n```\nsudo pip3 install aws-ssm-tools\n```\n\n**NOTE:** SSM Tools require **Python 3.9 or newer**. Only `ssm-tunnel-agent`\nrequires **Python 3.8 or newer** as that's what's available by default\non *Amazon Linux 2* instances.\n\n### Standalone *ssm-tunnel-agent* installation\n\nRefer to *[README-agent.md](README-agent.md)* for `ssm-tunnel-agent`\ninstallation details.\n\nAlternatively it's also bundled with this package, you can take it from here and\ncopy to `/usr/local/bin/ssm-tunnel-agent` on the instance. Make it executable\nand it should just work.\n\n## Other AWS Utilities\n\nCheck out **[AWS Utils](https://github.com/mludvig/aws-utils)**\nrepository for more useful AWS tools.\n\n## Author and License\n\nAll these scripts were written by [Michael Ludvig](https://aws.nz/)\nand are released under [Apache License 2.0](http://www.apache.org/licenses/LICENSE-2.0).\n",
"bugtrack_url": null,
"license": null,
"summary": "Tools for AWS Systems Manager: ec2-session ecs-session ec2-ssh ssm-tunnel",
"version": "2.0.1",
"project_urls": {
"Bug Tracker": "https://github.com/mludvig/aws-ssm-tools/issues",
"Documentation": "https://github.com/mludvig/aws-ssm-tools/blob/master/README.md",
"Source Code": "https://github.com/mludvig/aws-ssm-tools"
},
"split_keywords": [
"aws",
" ec2-session",
" ec2-ssh",
" ecs-session",
" ssm",
" ssm-tunnel"
],
"urls": [
{
"comment_text": null,
"digests": {
"blake2b_256": "0c679d32cedd6f58d7d5d77c829194fa9da45ac28b83365249583f45ae3d4843",
"md5": "81b83f8da7b93593b2895a0ea576ace0",
"sha256": "9906b8c256f124781aae6c95b0fb665dbc4ae1b6210452eb4873a192e6c9b433"
},
"downloads": -1,
"filename": "aws_ssm_tools-2.0.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "81b83f8da7b93593b2895a0ea576ace0",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8",
"size": 28919,
"upload_time": "2025-07-27T23:54:11",
"upload_time_iso_8601": "2025-07-27T23:54:11.313104Z",
"url": "https://files.pythonhosted.org/packages/0c/67/9d32cedd6f58d7d5d77c829194fa9da45ac28b83365249583f45ae3d4843/aws_ssm_tools-2.0.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": null,
"digests": {
"blake2b_256": "911a7d594fa17197310515ae8a36bc01bf5bf0a50fd863f159cc8777cbd484c5",
"md5": "eb42c20bf68bf8c48d11b31f68ed9701",
"sha256": "59e84a79ec9f448dde6bd0f2c24105a7adb385bc161dc8f15c5a22a9d5aaa564"
},
"downloads": -1,
"filename": "aws_ssm_tools-2.0.1.tar.gz",
"has_sig": false,
"md5_digest": "eb42c20bf68bf8c48d11b31f68ed9701",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8",
"size": 23162,
"upload_time": "2025-07-27T23:54:12",
"upload_time_iso_8601": "2025-07-27T23:54:12.420115Z",
"url": "https://files.pythonhosted.org/packages/91/1a/7d594fa17197310515ae8a36bc01bf5bf0a50fd863f159cc8777cbd484c5/aws_ssm_tools-2.0.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-07-27 23:54:12",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "mludvig",
"github_project": "aws-ssm-tools",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "aws-ssm-tools"
}
JSON
