This post summarizes how to work as ec2-user or root user in AWS Systems Manager (SSM) Session Manager.
Introduction
SSM Session Manager is a convenient service that allows you to operate a shell on an EC2 instance without logging in via SSH.
However, some subtle differences exist compared to logging in as ec2-user via SSH.
This post is a simple memo on how to work as ec2-user or root using Session Manager.
# Environment in this post EC2 instance: Amazon Linux 2 SSM Agent version: 2.3.714.0
Note: This article was translated from my original post.
Working as ec2-user or root with Session Manager
Current Situation: Shell Access as ssm-user
When you connect to an EC2 instance using Session Manager, you get shell access as ssm-user.
$ whoami ssm-user
However, as ssm-user, you cannot access files owned by the default EC2 user ec2-user.
# Go to ssm-user's home directory $ cd ~ # Try to access ec2-user's home directory $ cd .. $ ls ec2-user ssm-user $ cd ec2-user sh: cd: ec2-user: Permission denied
To access ec2-user's files as ssm-user, you would need to use sudo.
Using sudo every time is a hassle.
Solution: sudo su --login ec2-user
It’s simple: just use sudo privileges to log in as ec2-user. This allows you to work much like you would when SSH-ing as ec2-user.
# Log in as ec2-user $ sudo su --login ec2-user Last login: Thu Mar 12 13:44:03 UTC 2020 on pts/0 # Confirm switch to ec2-user $ whoami ec2-user
Similarly, you can switch to the root user like this:
# Log in as root $ sudo su --login Last login: Thu Mar 12 13:43:50 UTC 2020 on pts/0 # Confirm switch to root $ whoami root
Conclusion
It’s such a simple solution to just switch users with sudo, but since I didn't realize it, I found Session Manager a bit inconvenient.
I hope this helps someone.
[Related Articles]
