Is there a way to configure the Session Manager via CDK?
I want to change settings like enabling KMS encryption and max session duration as well as writing session data to a S3 bucket. The online documentation from AWS (https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-configure-preferences.html) only has manual steps via the console described. However, everything is set up via CDK in my case and I also want to have those things configured via CDK, so in case the S3 bucket which is created via CDK is deleted/renewed I don’t have to do any manual steps to configure SSM again.
2
Answers
You cant do that. Those settings are set per account globally. CDK/Cloudformation is resource provisioning tool.
Session Manager preferences are regional and since they be changed via command line, they can also be changed via a CDK custom resource.
Just create a lambda that runs the
aws ssm update-document –name "SSM-SessionManagerRunShell"
with a json config as explained here:
https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-configure-preferences-cli.html
If you pass the name of your S3 bucket as a parameter of your custom resource it will trigger an on_event update every time your bucket changes.