Session Manager provides secure and auditable access to your Amazon EC2 instances without the need for bastion hosts, open inbound ports, or managing SSH keys. Users authorized by your AWS Identity and Access Management (IAM) policies can connect to and run specific commands on an EC2 instance, for example to view a log file on a production server or to execute an interactive script when troubleshooting events. Sessions are logged to AWS CloudTrail, and a record of session activity including commands and responses can be stored in Amazon S3 or Amazon CloudWatch logs.