[derefr]

Are they basically trying to emulate GCP’s OS Login (https://cloud.google.com/compute/docs/instances/managing-ins...) feature here? We’ve been using that for a while, and it’s been a big relief.

[hexadec]

It seems like a re-implementation of cloud shell for Azure (https://docs.microsoft.com/en-us/azure/cloud-shell/overview). It also uses the browser and native IAM, but you can use the native AD integration and JIT permissions.

But it seems no one like Azure these days, but they have some nifty features.

[idunno246]

os login is probably a little closer to ec2 instance connect because you still need ssh inbound access right? whereas aws provides a bastion here

[aPoCoMiLogin]

There is a proxy called IAP [1] which is used to create SSH tunnel over HTTPS to instances without public IP.

[1] https://cloud.google.com/compute/docs/instances/connecting-a...

[WaxProlix]

You're right in a sense, but there's no aws-managed bastion. Session manager communicates with your instance via an outbound-created websocket connection. Inputs and outputs are piped through it.

[idunno246]

yea, i was trying to keep things simplified, but it has to proxy through something behind the vpc endpoint. could also say its not technically ssh

[zokier]

Though you can actually get ssh through ssm: https://docs.aws.amazon.com/systems-manager/latest/userguide...

[jon918]

Yeah, this is the same deal. Session Manager will log your sessions which is pretty cool.