Embedded Files
Systems Manager ( SSM )
Systems Manager ( SSM )
Prerequisite
Prerequisite
To use Systems Manager you'll need to setup two Roles/Policies
Role to authorise users to use Systems Manager the
Authorises an instance to be managed by Systems Manager
The next is SSM agent this agent is installed on instance( EC2 OR On-Prem ) , The AGENT communicates with the systems manager
AWS Managed Policies are your friend
AWS Managed Policies are your friend
AmazonSSMDirectoryServiceAccess
Required only if you plan to join Amazon EC2 instances for Windows Server to a Microsoft AD directory.
CloudWatchAgentServerPolicy
Required only if you plan to install and run the CloudWatch agent on your instances to read metric and log data on an instance and write it to Amazon CloudWatch.
Instances registered using Default Host Management Configuration store registration information locally in the /lib/amazon/ssm or C:\ProgramData\Amazon directories
You can configure AWS Systems Manager to use an interface VPC endpoint to restrict all network traffic between your managed instances, Systems Manager, and Amazon EC2 to the Amazon network. This means that your managed instances don't have access to the Internet. If you use AWS PrivateLink, you don't need an internet gateway, a NAT device, or a virtual private gateway.
Your VPC endpoint policy must allow access to at least the Amazon S3 buckets listed in SSM Agent communications with AWS managed S3 buckets. [ https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-technical-details.html#ssm-agent-minimum-s3-permissions ]
Registering On prem Device to SSM
Registering On prem Device to SSM
Verify prerequisites
Create an IAM service role3
Create a managed-instance activation4
Install SSM Agent [ https://docs.aws.amazon.com/systems-manager/latest/userguide/manually-install-ssm-agent-windows.html ]5
Manage your hybrid environment, devices, and EC2 instances
Run Command
Run Command
Page updated
Google Sites
Report abuse