In this project, you’ll learn how to set up secured server remote access sessions with multi-factor authentication (MFA) using AWS Systems Manager Session Manager and AWS IAM Identity Center (successor to AWS SSO).
AWS Systems Manager gives you visibility and control of your infrastructure on AWS. Systems Manager provides a unified user interface so you can view operational data from multiple AWS services and allows you to automate operational tasks across your AWS resources. With Session Manager, AWS Systems Manager provides a browser-based interactive shell and CLI for managing Windows and Linux EC2 instances, without the need to open inbound ports, manage SSH keys, or use bastion hosts. Administrators can grant and revoke access to instances through a central location by using AWS Identity and Access Management (IAM) policies.
AWS IAM Identity Center (successor to AWS SSO) makes it easy to centrally manage access to multiple AWS accounts and business applications and provide users with single sign-on access to all their assigned accounts and applications from one place. AWS IAM Identity Center (successor to AWS SSO) configures and maintains all the necessary permissions for your accounts automatically, without requiring any additional setup in the individual accounts. You can assign user permissions based on common job functions and customize these permissions to meet your specific security requirements.
What you'll accomplish:
Configure AWS Single Sign-On with separate users and groups and enable multi-factor authentication (MFA) for all users.
Configure AWS Systems Manager to enable logging capabilities through Session Manager.
Test your configuration by accessing production and development instances with the appropriate permissions and MFA tokens.
What you'll need before starting:
An AWS Account: You will need an AWS account for Amazon WorkSpaces. Sign up for AWS.
Skill level: A basic understanding of desktop computing and authentication is helpful, but not required.
AWS Experience: Some prior experience with AWS is helpful to complete this project.
Tutorial Billing Estimate:
The total cost of setting up remote access with AWS Systems Manager and AWS IAM Identity Center (successor to AWS SSO) will vary depending on your needs and configuration. If you use the resources described in the implementation guide for 2 hours, your cost will be less than $1. This excludes the cost of configuring an on-premises server. This estimate assumes that you generate less than 10 KB of session logs in an Amazon S3 bucket and send less than 10 KB of data to Amazon CloudWatch Logs through Session Manager testing.
To see a breakdown of the services used in this project and their associated costs, see Services Used and Costs.
Need more resources to get started with AWS? Visit the Getting Started Resource Center to learn more.
Visit the AWS IAM Identity Center (successor to AWS SSO) Getting Started page for access to instructional videos, blog posts, and technical documentation.
Visit the AWS Systems Manager Getting Started page for access to instructional videos, blog posts, and technical documentation.