Support for shell init files

[acdha]

We use SSM sessions extensively for servers which have restricted network environments. One common source of confusion is that the sessions started via SSM through the AWS console do not load common files like /etc/environment (presumably because it's not a full PAM session hitting pam_env) or the shell config files such as /etc/profile.

In my case, it would be especially useful to get /etc/environment since that's what our servers have configured for values expected by cron tasks, applications like Apache, etc.

[yuting-fan]

Thank you for reaching out to us. As you figured, Session Manager allows you to connect to your managed instance as an administrative tool; it is not used as a login tool that establishes a real SSH connection. So it doesn't load shell configs or use linux PAM. For your use case, you could try the Session Manager shell profile feature. It'll allow you to execute some commands as if a shell profile / shell config at the start of a session. The documentation is here https://docs.aws.amazon.com/systems-manager/latest/userguide/session-preferences-shell-config.html

[ziggythehamster]

I use (a series of shell functions that evaluate to) the following command, which has the effect you're looking for I think:

aws ssm start-session --target i-whatever --document-name AWS-StartInteractiveCommand --parameters command="cat /etc/motd && cd / && exec bash -li"

[j-rat]

I still believe using shell profiles should be able to suppress the command(s) executed in a shell profile to make the login experience a bit cleaner. I linked to below as well.

https://github.com/aws/amazon-ssm-agent/issues/175#issuecomment-2099421533

[joshuahigginson1]

@j-rat have you found a workaround since? Asking as I too would like to suppress the commands before showing them to a user :)