REPLACE SSH WITH AWS SESSION MANAGER (NO KEYS REQUIRED)

FEB 19, 2025•12 MIN READ

AWS SSM Security Secrets Manager IAM

After setting up our CI/CD pipeline, let's enhance our security by:

Replacing SSH with AWS Systems Manager
Moving from .env files to AWS Secrets Manager
Using AWS Parameter Store for configuration

Prerequisites

Existing CI/CD pipeline from previous setup
AWS Account with EC2 instance
Access to AWS Console
Docker and GitLab Runner configured

IAM Role Configuration

Adding Required Permissions

Go to IAM Console > Roles
Find your EC2 role
Click "Attach policies"
Add these managed policies:

AmazonEC2ReadOnlyAccess for Get AWS Region
AmazonSSMFullAccess for SSM
SecretsManagerReadWrite for Secrets Manager

Security Improvements

1. AWS Systems Manager Setup

Why Replace SSH?

More secure access management
No need to manage SSH keys
Integration with IAM permissions

Attaching IAM Role to EC2 — Attaching IAM role to EC2 instance

Check SSM Agent Status:

systemctl status amazon-ssm-agent

shell

2. AWS Secrets Manager Setup

Why Use Secrets Manager?

Centralized secrets management (no more scattered .env files)
Fine-grained access control through IAM policies

3. AWS Parameter Store Setup

📄 File Changes

1. Gitlab CI Variable Changes

Adding new variable — Updated GitLab CI variable

Common Pitfalls

Forgetting to attach IAM role to EC2
Not checking SSM agent status
Using Secrets Manager for non-sensitive configuration
Storing sensitive data in Parameter Store instead of Secrets Manager

Learning Journey Highlights

SSH to SSM Migration

Improved security
Centralized access management

Secrets Management

Centralized configuration
Secure storage
Access control

Resources

Next Steps: Docker Build Improvements

Optimizing Dockerfile with better caching strategies
Adding commit ID to Docker images

Security Improvements

1. AWS Systems Manager Setup

Why Replace SSH?

More secure access management

No need to manage SSH keys

Integration with IAM permissions

Attaching IAM role to EC2 instance

Check SSM Agent Status:

systemctl status amazon-ssm-agent

shell

SSM agent status

2. AWS Secrets Manager Setup

Why Use Secrets Manager?

Centralized secrets management (no more scattered .env files)

Fine-grained access control through IAM policies

Creating a new secret

3. AWS Parameter Store Setup

Creating a new parameter

Prerequisites

IAM Role Configuration

Adding Required Permissions

Security Improvements

1. AWS Systems Manager Setup

Why Replace SSH?

2. AWS Secrets Manager Setup

Why Use Secrets Manager?

3. AWS Parameter Store Setup

📄 File Changes

1. Gitlab CI Variable Changes

Common Pitfalls

Learning Journey Highlights

SSH to SSM Migration

Secrets Management

Resources

Next Steps: Docker Build Improvements

Related Posts

GITLAB CI/CD: BUILD AND PUSH DOCKER TO AWS ECR

AWS S3 WITH GITLAB CI/CD: SYNC DEPLOYMENT FILES

HOW TO CREATE YOUR FIRST EC2 INSTANCE (FREE TIER GUIDE)

Prerequisites

IAM Role Configuration

Adding Required Permissions

Security Improvements

1. AWS Systems Manager Setup

Why Replace SSH?

2. AWS Secrets Manager Setup

Why Use Secrets Manager?

3. AWS Parameter Store Setup

📄 File Changes

1. Gitlab CI Variable Changes

Common Pitfalls

Learning Journey Highlights

SSH to SSM Migration

Secrets Management

Resources

Next Steps: Docker Build Improvements

Related Posts

GITLAB CI/CD: BUILD AND PUSH DOCKER TO AWS ECR

AWS S3 WITH GITLAB CI/CD: SYNC DEPLOYMENT FILES

HOW TO CREATE YOUR FIRST EC2 INSTANCE (FREE TIER GUIDE)