What are the downsides to Session Manager? For example, why wouldn’t ACG use session manager in its hands on labs instead of using SSH to remote into instances?
2 Answers
While its probably a good tool I guess this comes down to the same argument about ‘why should you know how to use vi’… things that are always there in an emergency and legacy. Looking at session manager its clear there is a huge array of things that AWS are handling for you in the background. SSH is (reasonably) bulletproof, does one thing and does it well and in an emergency its good to feel comfortable. Will the day come where session manager or some other alternative replaces this? yep, but probably not in the foreseeable future…
1) By default SSM gives you root access. You need to control using policies
2) The server need to have the agent installed – normally not a problem, but even some of the latest AMIs do not have it – eg, as of today RHEL8 AMIs do not contain them
3) The server should have the IAM policies attached, and the default SSM policies have too much of permissions, so need to carefully edit them
4) And personally, I feel that SSM as a whole has a TERRIBLE user interface