AWS Session Manager Integration¶
Connect to EC2 instances through AWS Session Manager -- no SSH keys or open inbound ports required. Requires a Premium license.
How It Works¶
Session Manager uses the SSM Agent on your EC2 instances and IAM for authentication. StormTunnel wraps this into a standard tunnel interface with port forwarding.
- Uses IAM instead of SSH keys
- All sessions logged in CloudTrail
- No inbound ports needed on security groups
Prerequisites¶
See AWS Configuration for credential setup and IAM requirements.
You also need:
- An EC2 instance with SSM Agent installed (default on recent AMIs)
- An IAM instance profile on the EC2 instance with SSM permissions
- Network access from the EC2 instance to AWS SSM endpoints
Creating a Tunnel¶
- Click + in StormTunnel
- Select Tunnel Type: AWS Session Manager
- Configure:
- Region: Your AWS region (e.g.,
us-east-1) - Instance ID: EC2 instance ID
- Local Port: Port on your Mac
- Remote Host: Destination (e.g.,
localhostor a database endpoint) - Remote Port: Port on the remote host
- Region: Your AWS region (e.g.,
- Click Save
Usage Examples¶
Database Access¶
Forward a database port through an EC2 instance:
- Local Port: 5432
- Remote Host: mydb.example.com
- Remote Port: 5432
Connect with: psql -h localhost -p 5432 -U username
For RDS-specific setup, see Connecting to AWS RDS Databases.
Web Services¶
Forward a web app port:
- Local Port: 3000
- Remote Host: localhost
- Remote Port: 3000
Access at: http://localhost:3000
Multiple Tunnels¶
Create separate tunnels to forward different ports on the same instance. Use distinct local ports to avoid conflicts.
Troubleshooting¶
See Troubleshooting for common errors including "Instance not found", "Access denied", and connection timeouts.