This topic describes how to install Privileged Session Manager (PSM) and Privileged Session Manager for SSH ( PSM for SSH) on AWS.
When installing and PSM for SSH on AWS, use the following additional security guidelines, which explain how to increase security in your PSM and PSM for SSH environment on AWS:
|■||In your firewall, add an outbound rule for the PSM servers that blocks all traffic to the remote 169.254.169.254 IP address. This address exposes the meta-data of the EC2 instance when accessing it from within the server and, therefore, must be blocked.|
|■||Do NOT save any kind of AWS security credentials or certificates locally on the PSM server.|
Run the standard installation procedure, as described in
After installation, before hardening the PSM server machine, do the following:
Remove the read-only permissions from the PSMHardening.ps1 script. This script is in the Hardening subfolder of the PSM installation folder.
Using Notepad, open the PSM hardening script.
In $AWS_FOLDER_PATH, specify the path where Amazon services (EC2ConfigService, XenTools, etc.) are installed. By default, Amazon services are installed in C:\Program Files\Amazon.
Save the hardening script and close it.
For more information about hardening the PSM server, refer to