Photo by Florian Gagnepain on Unsplash
In my last article I shared with you how to enable ssm on your account. Today, we are going to see how to manage on-prem systems using SSM.
My setup:
If you don't have an on-prem box, you may simulate the environment. Otherwise, please skip this section.
For simulating an on-prem system, I downloaded VMWare Fusion (personal use image) for my MacBook Pro (Apple M1 Chipset). I also downloaded Debian (arm based image) as my linux OS that I plan to install within VMWare. These selections are very specific to my system. Feel free to make relevant choices based on your OS.
In essence, you will need a virtual machine (and for which you can download either Oracle VirtualBox or VMWare) and any Linux or Windows image that you are comfortable with.
To reduce redundancy, for this guide I will share my steps based on my system. I hope that you figure out the right options that work for you!
Step 1: Create an IAM Role For Hybrid Activation
Let's create an IAM role for EC2 with the following attributes
Name : HybridActivation
Permissions: AmazonEC2RoleForSSM
Trust Relationship: change ec2 to ssm instead
Your trust policy should now look similar to the one given below -
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ssm.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
Step 2: Create a Hybrid Activation
Visit the Systems Manager page and click Hybrid Activations from the menu on the left side (seen under Node Management).
Provide the following details in the screen:
Description: ForLocalVm1
Instance Limit: leave at 1
IAM Role: select HybridActivation from existing roles
Now click Create activation button and copy the activation code and id into a scratch pad. You will need it in the next step to register the vm
Step 3: Registering the on-prem system
I assume by this time you have installed and you have your on-prem box ready. Login to the system with super user privileges. Visit the page https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-manual-agent-install.html and click on the link specific to your underlying OS and follow the instructions to install the ssm agent. In my case its Debian with an install page as seen here - https://docs.aws.amazon.com/systems-manager/latest/userguide/agent-install-deb.html
Now after the installation steps, I would suggest to stop the agent with the command
systemctl stop amazon-ssm-agent
Next, issue the registration command with the template
amazon-ssm-agent -register -code "pastCodeHere" -id "pasteIdHere" -region us-east-1
So if my Activation Code is apBIZ1Mz+RKDh+wgViz39d and Activation ID is 2a70c0a0-c2de-4f39-84ea-7cc17377e3a3 then the command would be
amazon-ssm-agent -register -code "apBIZ1Mz+RKDh+wgViz39d" -id "2a70c0a0-c2de-4f39-84ea-7cc17377e3a3" -region us-east-1
Now, start your agent again using the command
systemctl start amazon-ssm-agent
Step 4: Verify using Systems Manager
Visit Hybrid Activations inside Systems Manager, you should see your new instance listed there
Now you can use Sessions Manager to login to the machine successfully!
To verify that this is the same machine you could try any of the following commands on your ssm session and your virtual machine for comparison. They should be same.
cat /etc/os-release
hostname
hostname -I
Any command within the session can be used to add in preventive measures or control, based on your needs!
Next Steps
Think about your on-prem environment and how it can be managed by the power of using Systems Manager to roll out changes across the environment or come up with your own innovative solutions.
If you are here - Congratulations!
You just learned how to manage a virtual machine using Systems Manager!
[about Lionel Pulickal]
Lionel is a Solutions Architect who has worked in the IT industry since 1997. He has all the three AWS associate level exams, the Solution Architect Professional and Networking Specialty exams under his belt. He loves hands-on and is always willing to share the knowledge he has gained over the years.
Top comments (0)