Add support for AWS SSM as a more secure private VPC entry point
AWS SSM (Secure Session Manager) is now the preferred way to connect to apps and services within a private VPC from an external location.
For the uninitiated, AWS services are all accessibile from within AWS (of course dependent on your config) but are not typically accessible from outside of your AWS VPC. If one would like to take advantage of an AWS hosted service or instance special steps must be taken to help get outside apps access to things "inside" of the network.
For example, if one is using an aurora DB it is preferred to keep the DB server private and only allow access via a defined route. Traditionally this is done with a "bastion" or "jump" server to bridge the gap between external and internal traffic.
However, AWS and devs alike now recommend the use of AWS SSM
due to some key advantages:
- More durable setup, no worries re: ssh tunnel failure which can happen time to time.
- SSM manages auth, more secure than IP address + SSH key setup
- No need for SSH rotation/management. SSM does this automagically
- SSM server can live INSIDE the vpc which is HUGE, less exposure, improved protection from attacks
Let's get it done :)
Thanks!