Highlights:

  • AWS recently publicized the details about a tool called EC2 Serial Console.
  • EC2 Serial Console offers one-click, text-based access for interactive troubleshooting.
  • Using EC2 Serial Console, one can trigger operating system-specific procedures such as the Magic SysRq command on Linux.
  • Utilizing instance IDs and resource tags, one can control serial console access at a granular level.

EC2 Serial Console – all-new tool by AWS

Amazon Web Services (AWS) recently publicized the details about a tool called EC2 Serial Console. The device is intelligently designed to troubleshoot boot and network configuration issues by establishing a serial connection to Amazon Elastic Compute Cloud (EC2) instances. EC2 Serial Console offers one-click, text-based access for interactive troubleshooting.

The new eye of the tool is designed to help network and system administrators to address production issues. EC2 cases gain access from EC2 Serial Console based on the AWS Nitro System. It supports all major Linux distributions, NetBSD, VMWare, FreeBSD, and Microsoft Windows. The tool is perfect for situations where it is impossible to connect to an instance through RDP or SSH.

Using EC2 Serial Console, one can trigger operating system-specific procedures such as the Magic SysRq command on Linux to produce a crash dump or kill the process. On Windows, it could interrupt the boot process and boot in safe mode with Emergency Management Service and the Special Admin Console.

EC2 Serial Console and the AWS CLI are available at no extra cost. Also, it is not permitted by default (because getting access to an instance’s console is a privileged operation that should be tightly controlled) and needs a configuration of an IAM policy. With the help of instance IDs and resource tags, one can control serial console access at a granular level.

There are four levels of access:

  • Organization level
  • Utilizing service control policy (SCP) to deny access for specific member accounts
  • Instance level, AWS IAM (Identity and Access Management) user level, and OS level
  • Setting a user password at the guest OS level

Expert’s thoughts

Julien Simon, Global Technical Evangelist, Artificial Intelligence, and Machine Learning at Amazon Web Services, explains: “Without any need for a working network configuration, you can connect to an instance using either a browser-based shell in the AWS Management Console, or an SSH connection to a managed console server. No need for a sshd server to be running on your instance: the only requirement is that the root account has been assigned a password, as this is the one you will use to log in. Then, you can enter commands as if you have a keyboard and monitor directly attached to one of the instance’s serial ports.”

Colm MacCárthaigh, VP/Distinguished Engineer at Amazon Web Services, tweets: “I have locked myself out of EC2 instances too many times conjuring up weird networking experiments and odd kernels. I have a little script for pivoting my root volume back! But no more … I can now log in over the serial console like it’s 1980 again.”