如何建立 AWs Systems Manager PortForwarding 会话?未知会话类型端口

Posted

技术标签:

【中文标题】如何建立 AWs Systems Manager PortForwarding 会话?未知会话类型端口【英文标题】:How to establish AWs Systems Manager PortForwarding session? Unknown session type Port 【发布时间】:2020-02-18 22:23:32 【问题描述】:

我正在尝试对 AWS Systems Manager Session Manager Port Forwarding 会话进行 POC,但我似乎无法启动 PortForwarding 会话,即使启动正常会话也是如此。

会话开始并按预期工作 aws ssm start-session --target i-xxxxxxxxxxx

aws ssm start-session --target i-xxxxxxxxxxx \
                       --document-name AWS-StartPortForwardingSession \
                       --parameters '"portNumber":["80"],"localPortNumber":["3001"]'

IAM 角色具有 AWS 策略 AmazonSSMManagedInstanceCore 和会话管理器策略


    "Version": "2012-10-17",
    "Statement": [
        
            "Effect": "Allow",
            "Action": [
                "ssmmessages:CreateControlChannel",
                "ssmmessages:CreateDataChannel",
                "ssmmessages:OpenControlChannel",
                "ssmmessages:OpenDataChannel"
            ],
            "Resource": "*"
        ,
        
            "Effect": "Allow",
            "Action": [
                "s3:GetEncryptionConfiguration"
            ],
            "Resource": "*"
        ,
        
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt"
            ],
            "Resource": "arn:aws:kms:us-east-2:xxxxxxxxxxx:key/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxx"
        
    ]

我希望会话建立隧道并开始将端口 80 转发到我的本地端口 3001

相反,我收到以下错误:

SessionId xxxx-xxxxxxxxxxx

----------ERROR-------
Encountered error while initiating handshake. SessionType failed on client with status 2 error: Failed to process action SessionType: Unknown session type Port```

Here is what I am trying to accomplish: 

https://aws.amazon.com/blogs/aws/new-port-forwarding-using-aws-system-manager-sessions-manager/

【问题讨论】:

【参考方案1】:

我遇到了同样的问题,结果证明它是用于 aws cli 的过时 AWS 会话管理器插件。更新插件后它工作了。

安装/更新插件的说明是here。

【讨论】:

以上是关于如何建立 AWs Systems Manager PortForwarding 会话?未知会话类型端口的主要内容,如果未能解决你的问题,请参考以下文章

text 使用PowerShell创建AWS Systems Manager关联

powershell 编写Systems Manager库存记录

text 编写Systems Manager合规性项目

python 获取存储在EC2 Systems Manager中的Secure String参数

如何通过python更新AWS Secrets Manager?

如何限制 AWS IAM 组访问 AWS Secret Manager?