How to use SSM port forwarding to access a Private AWS ECS service from your local machine

Introduction

In modern cloud architectures, private services running within isolated networks offer enhanced security but can be challenging to access directly, especially for tasks like troubleshooting, testing, or administrative maintenance. Amazon ECS (Elastic Container Service) often hosts these private services within VPCs (Virtual Private Clouds), which limits external access if they are deployed in private subnets. Traditionally, gaining access to these private services requires complex configurations like VPNs or bastion hosts, but AWS offers a more straightforward solution: Systems Manager (SSM) Session Manager.

If stuck behind paywall: https://amlana21.medium.com/how-to-use-ssm-port-forwarding-to-access-a-private-aws-ecs-service-from-your-local-machine-8aae3de0247a?sk=7def3753d5a15e548a8ef691632d2e99

In this post, we’ll explore how to leverage SSM port forwarding to seamlessly connect to a private ECS service. We’ll cover prerequisites, configuration steps, and best practices, so you can integrate this powerful capability into your workflow and enhance your troubleshooting steps.

To follow the steps, you can use my code from the Github repository