Skip to main content
All CollectionsUser Guides
EC2 Remote Connect

EC2 Remote Connect

Request access to Amazon EC2 instances, and connect via SSH

Updated over 7 months ago

Jump to:

Overview

  • Admins can create Axiom scopes for individual EC2 instances, groups of EC2s, or all EC2s in an AWS account.

  • Users can request access to EC2 instances (that they have scope for), and once approved can SSH to the EC2 with a single click, or use their own terminal to SSH or RDP to the instance.

Prerequisites

  1. If you are running your own Axiom Runner, ensure you are running version v22.790.0 or higher (how to check), and if needed update the Axiom Runner to the latest version.
    ​

  2. If you integrated any of your AWS organization/ accounts before 2024-05-20, then go to your AWS IAM console, and update the IAM policy attached to the IAM role used by Axiom.

    1. The IAM policy name is "AxiomAWSIntegrationPolicy", and the IAM role name is "AxiomIntegrationRole" (unless you changed either one manually when you did your AWS integration/s).

    2. Add the following permissions to AxiomAWSIntegrationPolicy:

      ec2:Describe*

      logs:GetL*

      ssm:DescribeI*

      ssm:DescribeS*

Scoping for specific EC2s

Create or edit a new Axiom scope, and select an EC2 instance as the Target in the scope rule (one EC2 per scope rule).

Scoping for all EC2s in an AWS account

Create or edit a new Axiom scope, select an AWS account as the Target, and toggle on the "Include sub resources" switch.

Requesting SSH access to an EC2 instance

  1. Got to the Home page, or the Requests list page, and press the "New request" button

  2. Select "AWS" from the built-in templates

  3. In the Target selector, choose the EC2 instance you wish to SSH to.

  4. If you need access to more than one EC2, just add more requests to the request bundle you are creating.

  5. Submit your request, and wait for approval.

Connecting to an EC2 instance

  1. Go to the Requests list page, identify your approved request for EC2 Remote Connect, and press the connect button

  2. On the dialog that pop up, press on the "Sign in to AWS console" link. You will be connected to the AWS console through your SSO, and AWS' built in SSH terminal will open automatically
    ​

  3. Optionally, you can connect through you own terminal and AWS CLi.

Session logs

EC2 session logs visibility is coming to the Axiom user console soon.

In the meantime you can use the AWS console to view the session logs.

Preventing EC2 from appearing as Targets

If you don't want Axiom to recognize EC2 as addressable resources at all (i.e., not include them as Targets in request form for any of your users, and not display them in Scopes and Workflows), then follow the instructions here.

Related Articles
Axiom Runner - Setup and Secret Configuration
Release Notes 2024
Using Axiom through Slack
Axiom Scopes
How can I prevent AWS EC2s from being included in Targets lists?
Did this answer your question?