[gunapologist99]

> For a good wee while now, AWS SSM (or AWS Systems Manager as I see they are calling it nowadays) has arguably been the most secure way to permit controlled and audited access to an EC2 instance.

SSM is definitely not the most secure way[0]. SSM is super complex and super-integrated into the rest of AWS, and also isn't cross-cloud to GCP, Azure, DO, etc, so now everyone needs an account just to log into a Linux server.

Worse, IAM roles are powerful but easy to misconfigure, and that's before getting into how hard they are to apply with any granularity because of the policy length limitations[1], so you're likely giving everyone access to log into every instance without even knowing it.

0. https://cloudonaut.io/aws-ssm-is-a-trojan-horse-fix-it-now/

1. https://aws.amazon.com/premiumsupport/knowledge-center/iam-i...

[tptacek]

What does being cross-cloud have to do with whether SSM is the most secure way to SSH into an AWS instance?

[gunapologist99]

Because everyone will need a (possibly misconfigured) AWS IAM account just to log into any Linux server.. this increases complexity and reduces isolation, compartmentalization, separation of concerns, least privilege, etc.

I was mentioning that particular misfeature because it was a personal annoyance of mine. Oh well, I suppose everything is about customer lock-in these days.

[tptacek]

It sounds like you don't think AWS is the most secure place to host an application. That's not the argument being made here; the argument stipulates AWS.

[nijave]

SSM supports BYO doesn't it? Can't you install the agent on any machine to enroll it in SSM or does that limit what you can do?