How to connect to a private EC2 instance from a local Visual Studio Code IDE with Session Manager and AWS SSO (CLI)
Easily and securely develop on private EC2 instances from a local VS Code
In this article, I show you how to connect your local VS Code IDE to an EC2 instance that is running in a private subnet by using AWS Systems Manager Session Manager and AWS Single Sign-On (SSO).
This is useful when you want to benefit from the capabilities of EC2 instances, while having consistent rich development experience. Because we use Session Manager here, no public access to the EC2 instance is needed.
- AWS CLI
- AWS CLI configured to use AWS SSO
- An EC2 instance that you can already connect to using Session Manager (see Session Manager prerequisites if this is the first time using Session Manager)
- Session Manager plugin for AWS CLI
- VS Code Remote Development extension
The following steps are tested on Mac. Similar process should work on other Operating Systems.
Add the following lines into your
i-00aa22bb33cc44dd5with your EC2 instance ID. Replace the
<REGION>with the actual values.
Host i-00aa22bb33cc44dd5 User ec2-user ProxyCommand sh -c "aws sso login --profile <SSO_PROFILE_NAME>; export AWS_PROFILE=<SSO_PROFILE_NAME>; export AWS_REGION=<REGION>; aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
On VS Code, "Open a Remote Window" as shown in the following images.
This opens your default browser and begins the login process for your AWS SSO account, the typical way when using AWS CLI with SSO.
Follow the steps on your browser to Allow the Authorize request.
- If the connection failed (timeout), it can be due to a long delay when you are going through the browser flow to Allow the Authorize request. In this case, simply click on Retry and Allow the request on browser again (shown below).
You should now be connected to the EC2 and be able to open folders on EC2 the same way you do for your local code.