skip to Main Content

Is there a way to configure the Session Manager via CDK?

I want to change settings like enabling KMS encryption and max session duration as well as writing session data to a S3 bucket. The online documentation from AWS (https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-configure-preferences.html) only has manual steps via the console described. However, everything is set up via CDK in my case and I also want to have those things configured via CDK, so in case the S3 bucket which is created via CDK is deleted/renewed I don’t have to do any manual steps to configure SSM again.

2

Answers


  1. You cant do that. Those settings are set per account globally. CDK/Cloudformation is resource provisioning tool.

    Login or Signup to reply.
  2. Session Manager preferences are regional and since they be changed via command line, they can also be changed via a CDK custom resource.
    Just create a lambda that runs the

    aws ssm update-document –name "SSM-SessionManagerRunShell"

    with a json config as explained here:
    https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-configure-preferences-cli.html

    If you pass the name of your S3 bucket as a parameter of your custom resource it will trigger an on_event update every time your bucket changes.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search