Connecting with AWS Systems Manager Session Manager
  • 06 Jan 2023
  • Dark
    Light
  • PDF

Connecting with AWS Systems Manager Session Manager

  • Dark
    Light
  • PDF

Article Summary

Note

This is a machine-translated version of the original Japanese article.
Please understand that some of the information contained on this page may be inaccurate.

summary

By creating an SSH tunnel between trocco and customer-provided servers via AWS Systems Manager Session Manager, you can connect to your data sources via a bastion server in your private subnet.
Compared to connecting using a regular SSH tunnel, you can use trocco more securely because you no longer need to place the bastion server in a public subnet.

The following is a schematic diagram of a connection using AWS Systems Manager Session Manager (hereafter referred to simply as Session Manager).

image.png

To configure the settings, create Session Manager connection information, and then select the Session Manager connection information you want to use from the connection information settings of the data source.
As of August 2022, only MySQL and PostgreSQL are supported. Other data sources will be supported sequentially.
For more information about Sesesion Manager, see the following AWS documentation:
AWS Systems ManagerSession Manager - AWS Systems Manager

precondition

You will need to do the following on your AWS account:
These are the minimum settings for using Session Manager with trocco.
Please modify it according to your organization's policy.

Creating a Bastion Server

Configuring an IAM Instance Profile to Allow Session Manager Connections to Bastion Servers

Configuring IAM Policies to Allow Session Manager Connections to Bastion Servers

How to set it up

Click SSM Session Manager Connection Information from Settings in the header.

image.png

You will be redirected to the list page of the created Session Manager connection information.
To create a new connection information, press New.
If you want to check or edit the existing connection information, click the connection information.

image.png

You will be redirected to the Create Connection Information page of Session Manager.
Enter the required fields to create the connection information.

image.png

On the Create or edit MySQL connection information page where you want to use Session Manager, check Connect via AWS Systems Manager Session Manager.
Next, select the Session Manager connection information you want to use for connection.
If you don't see the choices, click Load SSM connection information.
It cannot be used in conjunction with a connection using a normal SSH tunnel.

image.png

Input field

This section describes the input items required to create Session Manager connection information.

Itemnamerequireddefault
valuecontent
nameYes-Enter the name of the connection information to be used inside TROCCO.
memorandumNo-Enter a memo of the connection information used inside TROCCO.
AWS Access Key IDYes-Enter your AWS access key ID to use Session Manager.
AWS secret access keyYes-Enter your AWS secret access key to use Session Manager.
AWS RegionYesap-northeast-1Enter the region where you want to use Session Manager.
EC2 Instance IDYes-Enter the instance ID of the EC2 instance that will be a stepping stone when using Session Manager.
The instance ID is a string that begins with i- or mi-.
SSH portYes22When using Session Manager, enter the port to SSH into the EC2 instance that will be the springboard.
SSH UserYesec2-userWhen using Session Manager, enter the user name to SSH into the EC2 instance that will be the springboard.
SSH private keyYes-When connecting using Session Manager, enter the private key file to connect to the EC2 instance that will be the springboard.
In general, this is the secret key of the key pair that you selected or created when you created the EC2 instance.
SSH private key passphraseNo-Enter the passphrase for the SSH private key, if you have one.

supplement

The SSH tunnel through Session Manager is stretched before the transfer and closed after the transfer is complete.

Since the transfer execution environment is isolated, there is no Session Manager session or SSH tunnel shared between customers.

If the connection fails, try connecting from your environment.


Was this article helpful?