Skip to content


AWS SSM documents and SSM session-start command to ssh directly to an instance without using the ssh keys

Assuming you have a role with the necessary permissions, you can list the instances InstanceId and the tags Name if present, within the region you define.


for instance in $(aws ec2 describe-instances | jq -r '.Reservations[].Instances[].InstanceId' ); do
    echo "${instance} : $(aws ec2 describe-instances --instance-ids ${instance} | jq '.Reservations[].Instances[].Tags[] | select(.Key == "Name")|.Value') "

("ping me" if you know how to simplify the above comand with the --query native from aws cli)

Then you can run various AWS Systems Manager documents (SSM document) against a "target" instance(s).

docs here -


If you prefer the AWS CLI, you can list available documents.

aws ssm list-documents

docs here -


docs here -

aws ssm start-session --target i-123456789012


Thank you for you time and happy learning,

Antonio Feijao