I'm trying to do a POC of AWS Systems Manager Session Manager Port Forwarding session but I can't seem to be able to start the PortForwarding session even though starting a normal session works.
A session starts and works as intended aws ssm start-session --target i-xxxxxxxxxxx
aws ssm start-session --target i-xxxxxxxxxxx \
--document-name AWS-StartPortForwardingSession \
--parameters '{"portNumber":["80"],"localPortNumber":["3001"]}'
The IAM role has the AWS policy AmazonSSMManagedInstanceCore and a sessions manager policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:GetEncryptionConfiguration"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": "arn:aws:kms:us-east-2:xxxxxxxxxxx:key/xxxxxxx-xxxx-xxxx-xxxx-xxxxxxx"
}
]
}
I expected the session to establish tunnel and start forwarding port 80 to my local port 3001
Instead I get the following error:
SessionId xxxx-xxxxxxxxxxx
----------ERROR-------
Encountered error while initiating handshake. SessionType failed on client with status 2 error: Failed to process action SessionType: Unknown session type Port```
Here is what I am trying to accomplish:
https://aws.amazon.com/blogs/aws/new-port-forwarding-using-aws-system-manager-sessions-manager/
I was having the same issue and it turned it out to be an outdated AWS session manager plugin for the aws cli. After updating the plugin it worked.
Instruction to install/update the plugin is here.