Skip to content

AWS SSM command to tunnel proxy network traffic to another remote instance

If you have access to an instance (server, virtual machine) in AWS,

and this instance can access to other applications,

this means you can use this machine to proxy traffic from your local laptop (desktop or server) to the specified host.


Your local laptop needs permission to use the AWS SSM agent - AWS STS role or temporary token.

Your local laptop connects to the instance in AWS and then forward the traffic to the host specified in the command.

If you do not specify the remote host, you will be connected to a local port on your AWS instance.


For example, adjust as needed.

Connect to ${INSTANCE_ID} and tunnel (forward, proxy) traffic to the remote IP


aws ssm start-session \
    --target ${INSTANCE_ID} \
    --document-name AWS-StartPortForwardingSessionToRemoteHost \
    --parameters '{ "host":[""], "portNumber":["443"], "localPortNumber":["8443"] }'


antonio feijao uk

Happy learning,

Antonio Feijao