#SSM
2 posts
-
AWS Private EC2 Operations Guide Part 4: Deploying to Private EC2 from GitHub Actions — OIDC, SSM Run Command, CodeDeploy
Build a deployment pipeline that puts no port 22 and no AWS access key on the path. OIDC federation removes static credentials, S3 acts as the artifact hub, and either SSM Run Command (simple) or CodeDeploy (zero-downtime) lands the code on the instance.
-
AWS Private EC2 Operations Guide Part 3: Connecting Without Bastion via SSM Session Manager — IAM Role, VPC Endpoint, and Port Forwarding
How to land a shell on a Private EC2 without ever opening port 22. The mechanics of SSM Session Manager (the agent polls AWS), the three prerequisites (Agent / IAM / network path), the cost trade-off between NAT Gateway and VPC Endpoints, and the port-forwarding pattern that securely reaches RDS without a VPN.