How to configure AWS Systems Manager Session Manager with CDK

Question

Is there a way to configure the Session Manager via CDK?

I want to change settings like enabling KMS encryption and max session duration as well as writing session data to a S3 bucket. The online documentation from AWS (https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-configure-preferences.html) only has manual steps via the console described. However, everything is set up via CDK in my case and I also want to have those things configured via CDK, so in case the S3 bucket which is created via CDK is deleted/renewed I don't have to do any manual steps to configure SSM again.

Lasek · Answer 1 · 2022-07-28T11:44:29.120

1

You cant do that. Those settings are set per account globally. CDK/Cloudformation is resource provisioning tool.

edited Jul 28 '22 at 11:44

answered Jul 28 '22 at 11:44

Lasek

290
1
3

Thanks for your answer. Confirms my thoughts, so we may need to have a script defined which is run after the deployment to ensure that those settings are still valid. – p4si Jul 28 '22 at 13:50

score 0 · Answer 2 · answered Jan 07 '23 at 18:04

Session Manager preferences are regional and since they be changed via command line, they can also be changed via a CDK custom resource. Just create a lambda that runs the

aws ssm update-document --name "SSM-SessionManagerRunShell"

with a json config as explained here: https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-configure-preferences-cli.html

If you pass the name of your S3 bucket as a parameter of your custom resource it will trigger an on_event update every time your bucket changes.

How to configure AWS Systems Manager Session Manager with CDK

2 Answers2