What is Amazon SSM & how to install SSM Agent on EC2 Linux instances?

What is Amazon SSM & how to install SSM Agent on EC2 Linux instances?

May 15, 2020 / Nirav Shah

What Is Amazon SSM ?

  • AWS Systems Manager Agent (SSM Agent) is Amazon software that can be installed and configured on an EC2 instance, an on-premises server, or a virtual machine (VM). SSM Agent makes it possible for Systems Manager to update, manage, and configure these resources. The agent processes requests from the Systems Manager service in the AWS Cloud, and then runs them as specified in the request. SSM Agent then sends status and execution information back to the Systems Manager service by using the Amazon Message Delivery Service (service prefix: ec2messages).

Keeping SSM Agent up-to-date

  • An updated version of SSM Agent is released whenever new capabilities are added to Systems Manager or updates are made to existing capabilities. If an older version of the agent is running on an instance, some SSM Agent processes can fail. For that reason, we recommend that you automate the process of keeping SSM Agent up-to-date on your instances

SSM Agent and the Instance Metadata Service (IMDS)

  • Systems Manager relies on EC2 instance metadata to function correctly. Systems Manager can access instance metadata using either version 1 or version 2 of the Instance Metadata Service (IMDSv1 and IMDSv2)

Installing SSM Agent on EC2 instances for Linux

  • Important Note
  • SSM Agent is preinstalled, by default, on the following Amazon Machine Images (AMIs):
    • Amazon Linux
    • Amazon Linux 2
    • Ubuntu Server 16.04
    • Ubuntu Server 18.04
    • Amazon ECS-Optimized
  • GitHub Repository to install SSM Agent

To install SSM Agent on Amazon Linux

  • Use one of the following commands to download and run the SSM Agent installer.
$ sudo yum install -y

https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm

  • Run the following command to determine if SSM Agent is running. The command should return the message “amazon-ssm-agent is running.”
$ sudo status amazon-ssm-agent
  • Run the following commands if the previous command returns the message “amazon-ssm-agent is stopped”
$ sudo start amazon-ssm-agent
  • And check the status again by
$ sudo status amazon-ssm-agent

To install SSM Agent on Ubuntu Server 18.04 and 16.04 LTS 64-bit instances (with Snap package)

  • SSM Agent is installed, by default, on Ubuntu Server 18.04 and on 16.04 LTS 64-bit AMIs
  • You can use the following script if you need to install SSM Agent on an on-premises server or if you need to reinstall the agent. You don’t need to specify a URL for the download, because the snap command automatically downloads the agent from the Snap app store
$ sudo snap install amazon-ssm-agent
  • Run the following command to determine if SSM Agent is running.
$ sudo snap list amazon-ssm-agent
  • Run the following command to start the service if the previous command returned amazon-ssm-agent is stopped, inactive, or disabled.
$ sudo snap start amazon-ssm-agent
  • Check the status of the agent.
$ sudo snap services amazon-ssm-agent

Configuring SSM Agent on EC2 instances for Linux

You can configure SSM Agent to talk via an HTTP proxy by means of including the http_proxy, https_proxy, and no_proxy settings to an amazon-ssm-agent.override configuration file. An override file additionally preserves the proxy settings if you deploy more newer or older versions of SSM Agent. This area consists of techniques for upstart and systemd environments.

Configure SSM Agent to use a proxy (upstart)

  • Connect to the instance where you installed SSM Agent.
  • Go to the specific path as /etc/init/
$ cd /etc/init/
  • Create a file name amazon-ssm-agent.override (We are using vim but you can use whichever editor you want)
$ sudo vim amazon-ssm-agent.override
  • Depending on whether you’re using HTTP proxy server or HTTPS proxy server, specify one of the following setting options.
    • HTTP proxy server:
      • env http_proxy=http://hostname:port
      • env https_proxy=http://hostname:port
      • env no_proxy=169.254.169.254
    • HTTPS proxy server:
      • env http_proxy=http://hostname:port
      • env https_proxy=https://hostname:port
      • env no_proxy=169.254.169.254
    • Note
      • You must add the no_proxy setting to the file and specify the IP address listed here. It is the instance metadata endpoint for Systems Manager. Without this IP address, calls to Systems Manager fail.
    • Stop and restart SSM Agent using the following commands:
$ sudo stop amazon-ssm-agent
$ sudo start amazon-ssm-agent

Configure SSM Agent to use a proxy (systemd)

  • The steps in the following system describe how to configure SSM Agent to use a proxy in systemd environments.
  • Connect to the instance where you installed SSM Agent.
  • Run the following command:
$ systemctl edit amazon-ssm-agent
  • For Ubuntu Server instances installed by using a snap, run the following command:
    • systemctl edit snap.amazon-ssm-agent.amazon-ssm-agent
  • Go to the specific path as etc/systemd/system/amazon-ssm-agent.service.d
$ cd /etc/systemd/system/amazon-ssm-agent.service.d
  • Create a file name amazon-ssm-agent.override (We are using vim but you can use whichever editor you want)
$ sudo vim amazon-ssm-agent.override
  • Depending on whether you’re using an HTTP proxy server or HTTPS proxy server, specify one of the following setting options.
    • HTTP proxy server:
      • [Service]
      • Environment=”http_proxy=http://hostname:port”
      • Environment=”http_proxy=http://hostname:port”
      • Environment=”no_proxy=169.254.169.254″
    • HTTPS proxy server:
      • [Service]
      • Environment=”http_proxy=http://hostname:port”
      • Environment=”https_proxy=https://hostname:port”
      • Environment=”no_proxy=169.254.169.254”
  • Note
    • You must add the no_proxy setting to the file and specify the IP address listed here. It is the instance metadata endpoint for Systems Manager. Without this IP address, calls to Systems Manager fail.
  • Restart SSM Agent by using the following commands:
$ sudo systemctl stop amazon-ssm-agent
$ sudo systemctl daemon-reload
  • For Ubuntu Server instances installed by using a snap, restart SSM Agent by using the following command:
$ systemctl start snap.amazon-ssm-agent.amazon-ssm-agent

Talk to AWS Certified Consultant

    Spread Love By Sharing:

    Let’s Talk About Your Needed AWS Infrastructure Management Services

    Have queries about your project idea or concept? Please drop in your project details to discuss with our AWS Global Cloud Infrastructure service specialists and consultants.

    • Swift Hiring and Onboarding
    • Experienced and Trained AWS Team
    • Quality Consulting and Programming
    Let’s Connect and Discuss Your Project