Amazon SSM provides on-demand SSH access to hosts that may not be

exposed to the Internet in any form, adding extra security to

infrastructure.
SSM support can now be enabled by passign use_ssm=True to

EC2RoleDefs. This will result in EC2 instance IDs being returned

instead of hostnames.
This does require ~/.ssh/config to be configured properly for SSM

support, and that env.use_ssh_config = True is enabled in the

fabfile.

Tested this with our deployment infrastructure and verified that

Fabric and Paramiko engaged with SSM and connected.