Transfer a file to EC2 SSM instance without using S3 (SSM only)

transfer_ssm_file.sh

# This script will explain how to transfer a file to EC2 using SSM ONLY!

# You will need to have permission to run SSM commands on the target machine and have sudo access as well

# Infos
INSTANCE_ID=i-1234567890
FILE_NAME=the_file.tar.gz

# Step 1: Run command on machine to install netcat and dump from port to filename
# < Start session
aws ssm start-session --target $INSTANCE_ID --document-name
# < (On target machine) :
cd && sudo yum install nc -y && sudo nc -l -p 1234 > the_file.tar.gz

# Step 2: On another shell, open a port-forwarding session from your machine to the target machine
aws ssm start-session --target $INSTANCE_ID --document-name AWS-StartPortForwardingSession --parameters '{"portNumber":["1234"],"localPortNumber":["1234"]}'

# Step 3: On yet another shell, cat the source file into the transfer port on localhost over the tunnel
nc -w 3 127.0.0.1 1234 < the_file.tar.gz

# Step 4: Once the command in step 3 finishes, close all of the other shell sessions. Your file should be on the target now.

@lukeplausin thanks for the script. But how about security issues? NC sends raw data over the tunnel, any data that passes through could potentially be intercepted if the port forwarding or the session is compromised. EC2 instance has a nc listener running on port 1234 while you're using AWS SSM to forward traffic, having an open port increases the risk of unauthorized access, especially if the security group or other controls are misconfigured. NC does not authenticate the sender, meaning anyone with access to the port could send data if they know the port number and the instance is exposed.

it's quick-and-dirty but very useful!

SSM is encrypted by default and 'nc' traffic is always over SSM

Hero! smart solution to an annoying problem ;)

This is remarkable. Thanks for the tip!