====== Session Manager ======

**What it is:** A secure way to open shell sessions to instances through SSM without SSH/RDP.

**What it’s for:**
  * Remove the need to open port 22/3389.
  * Log session activity for auditing.

**Key ideas:**
  * Access is controlled by IAM.
  * Can work in private subnets (with proper connectivity to SSM endpoints).

**Exam cues:**
  * “no inbound ports allowed” → Session Manager.
  * “need audit trail for admin sessions” → Session Manager + logging.

**Hard words:**
  * *shell* /ʃel/: terminal
  * *audit trail* /ˈɔːdɪt treɪl/: dấu vết kiểm toán
  * *connectivity* /ˌkɑːnekˈtɪvəti/: khả năng kết nối