What it is: A secure way to open shell sessions to instances through SSM without SSH/RDP.

What it’s for:

• Remove the need to open port 22/3389.
• Log session activity for auditing.

Key ideas:

• Access is controlled by IAM.
• Can work in private subnets (with proper connectivity to SSM endpoints).

Exam cues:

• “no inbound ports allowed” → Session Manager.
• “need audit trail for admin sessions” → Session Manager + logging.

Hard words:

• *shell* /ʃel/: terminal
• *audit trail* /ˈɔːdɪt treɪl/: dấu vết kiểm toán
• *connectivity* /ˌkɑːnekˈtɪvəti/: khả năng kết nối