Oct 25, 2019
AWS SSM — EC2 Setup and On-Premise Setup
In this article, we are going to set up an EC2 instance and on-premise servers with SSM (System Manager).
Before we start with setup, I’ll provide an overview of SSM.
AWS Systems Manager is a collection of capabilities for configurations to manage your Amazon EC2 instances, on-premises servers, virtual machines (VMs), and certain other AWS resources. Systems Manager includes a unified interface (web and mobile platforms) that lets you easily centralize operational data and automate tasks across your AWS resources.
Systems Manager shortens the time to detect and resolve operational problems in your infrastructure. It gives you a complete view of your infrastructure performance and configuration, simplifies resource and application management, and makes it easy to operate and manage your infrastructure at scale.
AWS Systems Manager was formerly known as Amazon Simple Systems Manager (SSM) and Amazon EC2 Systems Manager (SSM).
The Scenario
Let’s say we have 50k instances that we use. How will we manage them and run commands? It would be impossible to do it manually.
SSM allows us to maintain the packages installed, apply changes/patches, automated processes, secure/share environment variables, maintain state, and more. Let’s see how to set it up to manage
Set Up SSM with EC2
All Linux AMI instances can have SSM pre-installed, so you don’t need to install it yourself. You just need to attach proper IAM role to be part of an SSM managed instance. So, let’s get our hands dirty.
Go to EC2 and click “Launch Instance”. Select Amazon Linux 2 AMI(which has already SSM installed), select the t.micro instance type, and click next.
In “Configure Instance Details”, create an IAM role for SSM, and click on “Create new IAM role”.
In the IAM Role, attach the below policy “AmazonSSMManagedInstanceCore” for EC2 instance and create the role.
Once it is created, select the IAM role in the configure instance details section and click next. Keep the same storage and click next. You can add tags for a better understanding. Configure a Security group, open port 22 for SSH, review, select the key pair (if any) or create new, and launch the instance.
Go to instances & wait for few seconds to come it up.
We have successfully launched the instance, now go to the SSM service and check the managed instance.
Now you are able to see the EC2 instance under managed instance of SSM. We are done with part 1, now let’s setup On-premise instance with SSM.
Set Up SSM with an On-Premise
For an on-premise setup, we will launch the type of EC2 instance where SSM agent is not installed, so we will ignore Amazon Linux Type instance. Let’s go ahead and choose the Red Hat Enterprise Linux AMI.
Do the same configuration as above except one thing.
DO NOT ATTACH ANY IAM ROLE TO THE INSTANCE since we are launching an on-premise instance.
Now we have successfully launched an on-premise instance where no SSM agent is installed and no IAM role is attached (as you can see yellow highlighted part). Now we will install the SSM agent on the on-prem instance and add SSM.
Follow the below steps/commands to install the SSM agent on the instance. If we see there is no SSM agent is running.
Run the below commands on the instance:
mkdir /tmp/ssmThen
curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm -o /tmp/ssm/amazon-ssm-agent.rpmThen
sudo yum install -y /tmp/ssm/amazon-ssm-agent.rpmsudo systemctl stop amazon-ssm-agent
Now SSM agent is installed on the on-prem instance, but it’s not registered with SSM so for the hybrid type instance, we need to activate a code from SSM. Let’s go to SSM, inside “Hybrid Activations”, click “Create an Activation”.
Keep all things by default and click Create.
Your Activation Code and ID have been created. Let’s run one more command to set it up with SSM.
# edit the code, id and region in the command below
sudo amazon-ssm-agent -register -code “activation-code” -id “activation-id” -region “region”
Start the SSM Agent
sudo systemctl start amazon-ssm-agentCheck the status of SSM agent: sudo systemctl status amazon-ssm-agent
Now go to SSM and check under the managed instance. Your on-premise instance will be available.
All EC2 Instance will be start from i-0 and on-prem instance will start from mi-0
We have successfully set up the SSM for an EC2 instance and an On-Premise instance. That’s it for this article. If you like the content, please hit the clap button :)
