Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Document "Connect VSCode to EC2 Instance" #6434

Closed
ketozhang opened this issue Jan 24, 2025 · 7 comments
Closed

Document "Connect VSCode to EC2 Instance" #6434

ketozhang opened this issue Jan 24, 2025 · 7 comments
Labels
documentation pending-release

Comments

@ketozhang
Copy link

To use this feature, it seems like a few steps are required:

First, this feature is still experimental, so you must enable it:

"aws.experiments": {
  "ec2RemoteConnect": true
}

Second, the EC2 Instance Profile must have the following IAM permissions

"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel",
"ssm:DescribeAssociation",
"ssm:ListAssociations",
"ssm:UpdateInstanceInformation

VSCode will attempt to attach these permission to the instance profile, but unless you've IAM edit privileges, you are stuck here.

Documentation for this at AWS docs doesn't exist yet.
@justinmk3 justinmk3 pinned this issue Jan 24, 2025
@justinmk3
Copy link
Contributor

Thanks for the notes, we are eager to hear feedback on the EC2 features.

VSCode will attempt to attach these permission to the instance profile, but unless you've IAM edit privileges, you are stuck here.

Did AWS Toolkit give useful hints about the required permissions? Or how did you end up finding those?

@ketozhang
Copy link
Author

There was a pop-up message with the list of permission above and stated which IAM instance profile it (i.e., assuming inline policy) would be attached to.

@justinmk3
Copy link
Contributor

Note also that as an alternative, either of these policies is sufficient:

AmazonSSMManagedEC2InstanceDefaultPolicy
AmazonSSMManagedInstanceCore

@ketozhang
Copy link
Author

Oh interesting, the instance I'm connecting to does have AmazonSSMManagedInstanceCore attached. It doesn't look like the extension recognizes this and still attempts to attach other permissions.

@justinmk3
Copy link
Contributor

To confirm, when you attached the explicit permissions to the EC2 Instance Profile, that worked, but attaching a policy containing the required permissions didn't work?

@justinmk3
Copy link
Contributor

Updated documentation: https://docs.aws.amazon.com/toolkit-for-vscode/latest/userguide/ec2-overview.html

@tomcat323
Copy link
Contributor

This request was addressed in AWS Toolkit 3.44.0 and/or Amazon Q 1.45.0!

AWS Toolkit changelog: https://github.com/aws/aws-toolkit-vscode/blob/master/packages/toolkit/CHANGELOG.md
Amazon Q changelog: https://github.com/aws/aws-toolkit-vscode/blob/master/packages/amazonq/CHANGELOG.md
Release artifacts: https://github.com/aws/aws-toolkit-vscode/releases

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation pending-release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ketozhang @justinmk3 @tomcat323