Feature Request: Add AWS SSM Session Manager Support as Transport Option

[Neopixler]

Add support for AWS Systems Manager (SSM) Session Manager as an alternative transport method to SSH/WinRM in kitchen-ec2, enabling Test Kitchen to connect to EC2 instances without requiring direct network connectivity or SSH key management. Currently, kitchen-ec2 requires SSH (Linux) or WinRM (Windows) connectivity, which presents challenges in several scenarios:

• Security-hardened environments where direct SSH/RDP access is disabled
• Private subnets without bastion hosts or VPN connectivity
• Zero-trust networks where SSM Session Manager is the preferred access method
• Compliance requirements that mandate all shell access go through audited channels like SSM
• Simplified key management - eliminating the need to manage SSH key pairs for testing

[williamtheaker]

Have you tried this? https://www.tecracer.com/blog/2022/11/test-kitchen-on-aws-2022-edition.html

[thheinen]

I saw the issue but was on travel - so thanks @williamtheaker for getting that link 👍

Well, it worked when I wrote that one. I am curious if that's still the case, maybe I get some time to re-validate this weekend 😅

I have been routinely using kitchen-transport-train from Chef 19 development the last months though, just not with the SSM train plugin. Small caveat though: it is using SSM-RunCommands and IIRC base64-encoding for file transfers.

I have some outdated tries around, trying to make the SSM Session Manager capabilities work instead. However, I was never able to finish reverse-engineering the (WebSocket-based) protocol. It simply was too much effort as a hobby and nobody wanted to pay for it 😅