VSCode SSH and SSM: The Ultimate Combo for Sleek Remote Dev in AWS

vscode remote

VSCode SSH Introduction

So a major issue I had run into was being able to develop ML models on my local laptop using VSCode that is able to utilize AWS Sagemaker pipelines. A simple way around this is by hosting an EC2 instance in AWS that has Sagemaker permissions and then just setting up SSH to be able to connect from your laptop at home to that instance. My company prohibits the use of SSH so I had to come up with another way. Although SSH is not enabled we do allow AWS SSM (Systems Manager). So I spent days trying to figure out how to get this all connected and working and was finally able to.

Setup / Configuration

Mac Setup

  • Download and Install VSCode – https://code.visualstudio.com/
  • Download and Install the Remote – SSH Plugin from Microsoft – Visual Studio Marketplace
  • Make sure to have HomeBrew installed on your Mac as well – https://brew.sh/
brew update
brew upgrade
# Install AWS cli via brew
brew install awscli
# Install saml2aws via brew & Verify Version Installed
# https://github.com/Versent/saml2aws
brew install saml2aws
saml2aws --version
# Configure AWS CLI Config
# Modify it with your own roles
nano config
# Once finished modifying it, copy it to the AWS directory
cp config ~/.aws/config
# Install saml2aws Config
# Modify it with your own information
cp saml2aws ~/.saml2aws
# Run saml2aws to test everything
$ saml2aws login -a aws-dev -p aws-dev

Create an SSH Key Pair

# Create Your SSH Key Pair
ssh-keygen -b 4096 -C 'VS Code Remote SSH user' -t rsa
# To avoid any confusion with your existing SSH key I saved my key like so

Create EC2 Instance

Log into AWS Console can create the appropriate EC2 Instance you would like to run VSCode Server on. Take note of the ID of the Instance.

Copy SSH Public Key to EC2 Instance

export AWS_PROFILE=aws-dev
export AWS_REGION=us-east-2
# Now we need to authenticate using Okta
saml2aws login -a aws-dev -p aws-dev
# Now we can connect to our EC2 Instance
aws ssm start-session --target instance-id
# Create or Edit ~/.ssh/authorized_keys if it exist
# And add your SSH Public Key to it.

Configure Local SSH

# Now you need to modify your local SSH config.
# This config is what VSCode needs in order to connect to
# your new EC2 instance.
# Create or Modify if exist.
nano ~/.ssh/config # On your local box
# Add the following after you modify it to fit your user role.
Host instance-id
  User ssm-user
  IdentityFile ~/.ssh/id_rsa-vscode
  ProxyCommand sh -c "saml2aws login -a aww-dev -p aws-dev; export AWS_PROFILE=aws-dev; export AWS_REGION=us-east-2; aws ssm start-session --target %h --document-name AWS-StartSSHSession --
parameters 'portNumber=%p'"

Test VSCode Connection to New EC2 Instance

Click in the bottom Left-hand corner an icon that looks like a “Lightning Bolt” Button.

vscode remote

Now you should be able to see the instance-id of your EC2 instance.

VSCode Server should now begin installing the server and your extensions on your EC2 instance and be able to begin remote development.

And thats that! I hope you have found this useful. Also make sure to keep coming back to my blog as I’m going to be putting out more text analytics and NLP posts here:


And as always, thank you for taking the time to read this. If you have any comments, questions, or critiques, please reach out to me on our FREE ML Security Discord Server – HERE