StartSession - AWS Systems Manager

StartSession

Initiates a connection to a target (for example, a managed node) for a Session Manager session. Returns a URL and token that can be used to open a WebSocket connection for sending input and receiving outputs.

Note

AWS CLI usage: start-session is an interactive command that requires the Session Manager plugin to be installed on the client machine making the call. For information, see Install the Session Manager plugin for the AWS CLI in the AWS Systems Manager User Guide.

AWS Tools for PowerShell usage: Start-SSMSession isn't currently supported by AWS Tools for PowerShell on Windows local machines.

Request Syntax

{ "DocumentName": "string", "Parameters": { "string" : [ "string" ] }, "Reason": "string", "Target": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

DocumentName

The name of the SSM document you want to use to define the type of session, input parameters, or preferences for the session. For example, SSM-SessionManagerRunShell. You can call the GetDocument API to verify the document exists before attempting to start a session. If no document name is provided, a shell to the managed node is launched by default. For more information, see Start a session in the AWS Systems Manager User Guide.

Type: String

Pattern: ^[a-zA-Z0-9_\-.:/]{3,128}$

Required: No

Parameters

The values you want to specify for the parameters defined in the Session document.

Type: String to array of strings map

Key Length Constraints: Minimum length of 1. Maximum length of 255.

Length Constraints: Minimum length of 1. Maximum length of 65535.

Required: No

Reason

The reason for connecting to the instance. This value is included in the details for the Amazon CloudWatch Events event created when you start the session.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: ^.{1,256}$

Required: No

Target

The managed node to connect to for the session.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 400.

Required: Yes

Response Syntax

{ "SessionId": "string", "StreamUrl": "string", "TokenValue": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

SessionId

The ID of the session.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 96.

StreamUrl

A URL back to SSM Agent on the managed node that the Session Manager client uses to send commands and receive output from the node. Format: wss://ssmmessages.region.amazonaws.com/v1/data-channel/session-id?stream=(input|output)

region represents the Region identifier for an AWS Region supported by AWS Systems Manager, such as us-east-2 for the US East (Ohio) Region. For a list of supported region values, see the Region column in Systems Manager service endpoints in the Amazon Web Services General Reference.

session-id represents the ID of a Session Manager session, such as 1a2b3c4dEXAMPLE.

Type: String

TokenValue

An encrypted token value containing session and caller information. This token is used to authenticate the connection to the managed node, and is valid only long enough to ensure the connection is successful. Never share your session's token.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 300.

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalServerError

An error occurred on the server side.

HTTP Status Code: 500

InvalidDocument

The specified SSM document doesn't exist.

HTTP Status Code: 400

TargetNotConnected

The specified target managed node for the session isn't fully configured for use with Session Manager. For more information, see Setting up Session Manager in the AWS Systems Manager User Guide. This error is also returned if you attempt to start a session on a managed node that is located in a different account or Region

HTTP Status Code: 400

Examples

Example

This example illustrates one usage of StartSession.

Sample Request

POST / HTTP/1.1 Host: ssm.us-east-2.amazonaws.com Accept-Encoding: identity X-Amz-Target: AmazonSSM.StartSession Content-Type: application/x-amz-json-1.1 User-Agent: aws-cli/2.0.0 Python/3.7.5 Windows/10 botocore/2.0.0dev4 X-Amz-Date: 20240221T181823Z Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20240221/us-east-2/ssm/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE Content-Length: 33 { "Target": "i-02573cafcfEXAMPLE" }

Sample Response

{ "SessionId": "John-Doe-0dc5b7af96EXAMPLE", "StreamUrl": "wss://ssmmessages.us-east-2.amazonaws.com/v1/data-channel/John-Doe-0dc5b7af96EXAMPLE?role=publish_subscribe", "TokenValue": "a3f5ff34-9bc4-4d2c-a665-4d1c1EXAMPLE/39c3b3042cd2aEXAMPLE" }

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: