SSH over AWS SSM. No bastions or public-facing instances. SSH user management through IAM. No requirement to store SSH keys locally or on server.
Why do you think that https://github.com/umotif-public/terraform-aws-ssm-parameters is a good alternative to ssh-over-ssm