AWS has recently introduced the EC2 Serial Console, a tool to establish a serial connection to EC2 instances and troubleshoot boot and network connectivity issues.
The new feature is designed to help system and network administrators to address production issues. Julien Simon, global technical evangelist at AWS, explains how it works and the main benefits:
Without any need for a working network configuration, you can connect to an instance using either a browser-based shell in the AWS Management Console, or an SSH connection to a managed console server. No need for an sshd server to be running on your instance; the only requirement is that the root account has been assigned a password, as this is the one you will use to log in. Then, you can enter commands as if you have a keyboard and monitor directly attached to one of the instance’s serial ports.
With the EC2 Serial Console it is possible to trigger operating system specific procedures, like a Magic SysRq command on Linux, to generate a crash dump or kill processes. On Windows, it can interrupt the boot process and boot in safe mode using the Emergency Management Service and the Special Admin Console.
Source: https://aws.amazon.com/blogs/aws/troubleshoot-boot-and-networking-issues-with-new-ec2-serial-console/
Available at no additional cost using the EC2 console or the AWS CLI, the serial console is not enabled by default and requires a configuration of an IAM policy. Serial console access can be controlled at a granular level by using instance IDs and resource tags There are four levels of access: organization level, using a service control policy (SCP) to deny access for specific member accounts, instance level, IAM user level and OS level, setting a user password at the guest OS level.
Colm MacCárthaigh, engineer at AWS, tweets:
I have locked myself out of EC2 instances too many times conjuring up weird networking experiments and odd kernels. I have a little script for pivoting my root volume back! But no more ... I can now log in over the serial console like it's 1980 again.
Not every developer was impressed by the new feature, with comments suggesting that only few customers will need it and that is a jump in the past:
Can we hook a modem and dial up line up to it next? (virtual, of course)
asks Nik Weidenbacher, while another user on Twitter adds:
Which Fortune 500 company lost a ton of data because they couldn’t connect to a server anymore? Because that is probably the only reason this feature was built.
AWS is not the first cloud provider to support a serial connection for system and network administrators; Google Cloud Platform lets customers interact with the serial console and Azure introduced the Virtual Machine Serial Console in 2018.
EC2 Serial Console access is available for EC2 instances based on the AWS Nitro System. It supports all major Linux distributions, FreeBSD, NetBSD, Windows, and VMWare.