AWS Session Manager Integration¶

AWS Session Manager provides secure access to your EC2 instances without needing SSH keys or open ports.

What is AWS Session Manager?¶

AWS Session Manager lets you connect to EC2 instances through the AWS console or CLI. StormTunnel integrates with Session Manager to provide simple tunnel management for AWS.

Benefits¶

• No SSH Keys Needed - Uses AWS IAM for security
• Audit Logging - All sessions logged in CloudTrail
• Port Forwarding - Forward local ports to remote services
• No Open Ports - No need to open inbound SSH ports

License¶

AWS Session Manager is available in the Premium tier only.

What You Need¶

To use AWS Session Manager in StormTunnel:

1. AWS Account with active EC2 instances
2. IAM Permissions - Ask your AWS admin to add SSM permissions to your user
3. EC2 Instances with:
   • SSM Agent installed (default on recent AMIs)
   • IAM instance profile with SSM permissions
   • Network access to AWS SSM endpoints
4. AWS Credentials configured on your Mac

Setting Up¶

Step 1: Configure AWS Credentials¶

Ask your AWS admin to provide your credentials. Store them using one of these methods:

Option 1: Use AWS CLI

Open Terminal and run:

aws configure

Follow the prompts to enter your access key, secret key, region, and output format.

Option 2: Manual Configuration

Create a file at ~/.aws/credentials with your credentials (ask your admin for help).

Step 2: Create a Tunnel¶

1. Click + button in StormTunnel
2. Select Tunnel Type: AWS Session Manager
3. Configure settings:
   • Region: Your AWS region (e.g., us-east-1)
   • Instance ID: EC2 instance ID
   • Local Port: Port on your Mac
   • Remote Host: Destination (e.g., localhost or database host)
   • Remote Port: Port on the instance
4. Click Save

Using AWS Session Manager Tunnels¶

Connect to a Database¶

Forward a database port through an EC2 instance:

• Local Port: 5432
• Remote Host: mydb.example.com
• Remote Port: 5432

Then connect with: psql -h localhost -p 5432 -U username

Access Web Services¶

Forward a web app port for local development:

• Local Port: 3000
• Remote Host: localhost
• Remote Port: 3000

Then access at: http://localhost:3000

Multiple Tunnels¶

Create multiple tunnels to access different services on the same instance.

Troubleshooting¶

"Instance not found" Error¶

• Verify the instance ID is correct
• Confirm the AWS region matches where the instance is located
• Check that the instance is running

"Access denied" Error¶

• Ask your AWS admin to verify your IAM permissions
• Confirm the instance has the correct IAM instance profile attached

"Connection timeout" Error¶

• Check your network connection
• Ask your AWS admin to verify security group outbound rules
• Verify VPC routing is configured correctly

Need Help?¶

• Ask your AWS administrator for configuration help
• See Troubleshooting Guide for more issues
• Review AWS documentation for Session Manager

Related Topics:

• Creating Tunnels
• Authentication
• Troubleshooting