In today's cloud-centric world, managing your EC2 instances efficiently is crucial for seamless operations. One powerful tool at your disposal is AWS Systems Manager (SSM), which enables you to automate administrative tasks and maintain oversight of your resources. In this blog, we’ll explore how to give your EC2 instances the permissions they need to leverage the full potential of SSM, enhancing your cloud management capabilities.

Step 1: Create an IAM Role

Go to the IAM Console: Open the AWS Management Console and navigate to the IAM service.

Create a Role: Click on "Roles" in the sidebar, then click on the "Create role" button.

Select Trusted Entity: Choose "AWS service" as the trusted entity and select "EC2" as the service that will use this role.

Attach Permissions Policy: Search for and select the AmazonSSMManagedInstanceCore policy. This policy grants the necessary permissions for SSM.

Review and Create: Give your role a name (e.g., EC2SSMRole) and review the configuration. Then, click on "Create role."


Step 2: Attach the IAM Role to Your EC2 Instance

Go to the EC2 Console: Navigate to the EC2 service in the AWS Management Console.

Select Your Instance: Find and select the EC2 instance that you want to enable for SSM.

Actions Menu: Click on the "Actions" button, then navigate to "Security" and select "Modify IAM Role."

Attach the Role: Choose the IAM role you just created from the dropdown list and click "Update IAM role."

Step 3: Install the SSM Agent (if necessary)

Most Amazon Machine Images (AMIs) come with the SSM Agent pre-installed. However, if you're using a custom AMI or an older version, you may need to install it:

For Amazon Linux, the SSM agent is usually installed by default. For other Linux distributions, you can install it using package managers like yum or apt.

For Windows, the SSM Agent is included in Windows Server 2016 and later versions.

Step 4: Verify Connectivity

To ensure everything is set up correctly: Check the SSM Agent:

Make sure the SSM Agent is running on your instance. You can check the agent's status by connecting to the instance and running:

sudo systemctl status amazon-ssm-agent

Use the SSM Console: Go to the AWS Systems Manager console and navigate to "Managed Instances" to verify that your EC2 instance appears there.

By following these steps to grant your EC2 instances the necessary SSM permissions, you’re not only streamlining your operations but also enhancing your overall cloud security and efficiency. Embracing tools like AWS Systems Manager can significantly reduce the complexity of managing your infrastructure, allowing you to focus on what truly matters: driving innovation and delivering value to your users. Happy managing!

Thanks for checking our blog, feel free to contact us for IT Cloud Services, Cloud Migration and Deployments for freelancing.