Both EC2 Instance Connect and Session Manager are features that let you connect to your EC2 through browser, need not worry about RSA Keys and save the trouble of provisioning a bastion server. But they have some differences.
For more details, please refer
EC2 Instance Connect Walk Through
AWS Session Manager Walk Through
In the post, I want to point out that IPv4 for Session Manager, as long as agent in your EC2 is able to communicate with SSM, then IPv4 is not compulsory. For example, if your EC2 is in public subnet with IPv4, then it can talk to SSM through internet. If your EC2 is in private subnet, then you either need to have NAT Gate/Instance or VPC endpoints setup so EC2 can talk to SSM through either of them.
Another point is that for Session Manager to work, you don’t need to configure any inbound Security Group for the EC2. Cause it is the agent installed on EC2 communicating to SSM which is outbound flow and it is open to all by default.
From the image, we can see that the EC2 is in public subnet with an IPv4, proper role attached and empty inbound security group.
Use Session Manager to connect the EC2 and working as expected!
Lastly, let’s check out CloudTrail. From log, we can see that a session started, role assumed and session ended!
