Server Administrator Guide¶
Resources for system administrators and DevOps engineers setting up AWS Session Manager access to private RDS databases and internal services, plus SSH guidance for environments that still need it.
Quick Start¶
-
AWS Configuration
Configure EC2 connector instances, Session Manager, IAM roles, security groups, and RDS network access.
-
SSH Server Setup
Install and configure OpenSSH servers when you still need traditional SSH tunneling.
-
Server Security
Harden SSH servers with firewall rules, fail2ban, and 2FA when SSH is required.
-
Monitoring & Logging
Monitor AWS and SSH access paths, set up logging, and configure security alerts.
Common Tasks¶
Initial Setup¶
| Task | Guide |
|---|---|
| Configure AWS infrastructure | AWS Configuration |
| Install OpenSSH server | SSH Server Setup |
| Harden SSH security | Server Security |
| Set up logging | Monitoring & Logging |
Configuration Examples¶
| Environment | Key Settings |
|---|---|
| Development | Password auth OK, basic logging, open port forwarding |
| Staging | SSH keys required, verbose logging, restricted forwarding |
| Production | Keys only, 2FA, fail2ban, audit logging, IP restrictions |
See SSH Server Setup for full configurations.
Security Checklist¶
Essential (all environments):
- Disable root login (
PermitRootLogin no) - Use SSH keys (
PubkeyAuthentication yes) - Enable logging (
LogLevel VERBOSE) - Configure firewall rules
Production environments:
- Disable password auth (
PasswordAuthentication no) - Implement 2FA (Server Security)
- Configure fail2ban (Server Security)
- Set up audit logging (Monitoring)