A powerful Windows desktop app to manage EC2 instances via AWS Systems Manager. SSH, RDP, port forwarding and file transfer — all from a single, intuitive interface. No VPN, no bastion host, no open inbound ports.
No VPN, no bastion host — just your AWS credentials and SSM Manager.
Open a terminal to any SSM-enabled Linux instance in one click. The connection closes automatically when you exit the terminal.
Connect to Windows instances via Remote Desktop. SSM Manager sets up the port tunnel and launches mstsc automatically.
Forward any port from the instance or through it to a remote host. Useful for databases, internal dashboards and microservices.
Upload or download files to/from Linux instances via SCP over an automatic SSH tunnel. Progress bar with speed and ETA.
Search by name or instance ID, filter by type (Linux, Windows, SSM, active connections), and navigate large fleets with pagination.
Detects all AWS profiles from ~/.aws/credentials and ~/.aws/config. Supports SSO, role_arn and Leapp.
Decrypt the EC2 Windows Administrator password directly inside SSM Manager. Paste your PEM private key — decryption happens locally via RSA, never sent to AWS.
Download and run the installer. No admin rights required. SSM Manager installs to your local user profile. See system requirements before installing.
Pick your AWS CLI profile and region. SSM Manager reads your existing credentials automatically — no setup needed.
Click Connect to see all your SSM-enabled EC2 instances. SSH, RDP, forward a port or transfer a file in one click.
AWS Systems Manager (SSM) is a broad AWS management service that covers
patch management, parameter store, run command, automation, inventory, OpsCenter and more.
In this context we focus on one specific capability:
Session Manager — which provides secure, auditable
remote access to EC2 instances via a reverse tunnel over HTTPS,
with no open inbound ports, no bastion host and no long-lived credentials.
Official AWS Session Manager documentation
Security groups can block all inbound traffic. The SSM Agent initiates the outbound connection — there is nothing to expose.
Access is granted through IAM policies. Revoke access instantly by removing IAM permissions — no SSH key rotation needed.
Session Manager API calls can be logged in AWS CloudTrail for full accountability. Not enabled by default — you must enable CloudTrail in your AWS account and optionally configure session logging to S3 or CloudWatch Logs.
All traffic between your machine and the instance is encrypted using TLS 1.2+. No plaintext credentials or data in transit.
Eliminate the operational overhead, patching and cost of maintaining bastion/jump hosts. AWS SSM is the secure channel.
Session Manager does not require SSH key pairs on the instance. Zero standing credentials stored on your EC2 machines.
Official AWS documentation
Opens a terminal window with a direct SSM SSH session. No key pair required on the instance — IAM permissions are enough. The connection is automatically removed from the active list when the terminal closes.
Creates a secure SSM tunnel to port 3389 and launches Windows Remote Desktop automatically. A dynamic local port is allocated so multiple RDP sessions can run simultaneously.
Two modes: forward a port directly on the instance (e.g. a local database on port 5432), or route traffic through the instance to a remote host and port (e.g. an RDS endpoint). A clickable localhost link is shown for HTTP/HTTPS tunnels.
Upload a file from your PC to the instance, or download a file from the instance to a local folder. Transfer runs over a temporary SSM SSH tunnel — set up and torn down automatically. Native file/folder browser included.
Active connections are tracked in real time inside each instance card. Each session shows the connection type, start time, local and remote port details, and a one-click terminate button.
SSM Manager runs as a native Windows desktop application. No browser or server required.
The AWS CLI and the Session Manager plugin must be installed and configured on your machine.
Install guideValid AWS credentials configured via the AWS CLI, AWS SSO, or Leapp.
Instances must have the SSM Agent installed and the appropriate IAM permissions to use Session Manager.
SSM Manager is community-driven. Every bug report, pull request and idea makes it better for everyone.
Found something broken or unexpected? Open a GitHub issue with steps to reproduce — even small reports are valuable.
Open an IssueFork the repo, implement your improvement on a feature branch, and open a pull request. All skill levels welcome — from docs to new features.
Fork & ContributeHave an idea for an improvement? Share it as a feature request on GitHub Issues. The backlog is open — vote on existing ideas or propose new ones.
View BacklogSSM Manager is MIT-licensed and actively maintained. Contributions of all kinds are welcome: code, documentation, bug reports, translations, UI improvements. Check the project backlog for open items, or browse release notes to see what has already shipped.
View on GitHubFree, open source and no subscription needed. Just download and connect.
Fully open source — MIT license, no telemetry, no accounts, no subscription.