How do I install SSM Agent on an Amazon EC2 Linux instance at launch?

4 minute read
1

I want to install the AWS Systems Manager Agent (SSM Agent) on my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance and have it start before launch.

Short description

For a list of Amazon Machine Images (AMIs) with SSM Agent preinstalled, see Amazon Machine Images (AMIs) with SSM Agent preinstalled.

You must manually install SSM Agent on Amazon EC2 instances created from other versions of Linux AMIs. You can install SSM Agent by adding user data to an Amazon EC2 Linux instance before the launch. You can keep the SSM Agent up to date by activating SSM Agent auto update under Fleet Manager settings.

Important: Before installing SSM Agent, make sure that the following requirements are met:

Resolution

1.    Create an AWS Identity and Access Management (IAM) instance profile to use with SSM Agent.

2.    Launch a new Amazon EC2 instance. Then, configure your instance parameters, such as application and OS images, instance type, key pair, network settings, and storage.

3.    Expand the Advanced Details section. In the IAM Instance Profile dropdown list, select the instance profile that you created in step 1.

4.    In the User data box, enter the following information.

Amazon Linux 2023, Amazon Linux 2, RHEL 7, and CentOS 7 (64 bit)

#!/bin/bash
cd /tmp
sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
sudo systemctl enable amazon-ssm-agent
sudo systemctl start amazon-ssm-agent

RHEL 9, RHEL 8, and CentOS 8

#!/bin/bash
cd /tmp
sudo dnf install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
sudo systemctl enable amazon-ssm-agent
sudo systemctl start amazon-ssm-agent

Note: Python 2 or Python 3 must be installed on your RHEL 9, RHEL 8 or CentOS 8 instance for SSM Agent to work correctly. To verify that Python is installed, add the following command to the preceding command examples:

sudo dnf install python3

Amazon Linux, CentOS 6 (64 bit)

#!/bin/bash
cd /tmp
sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
sudo start amazon-ssm-agent

Ubuntu 22 and Ubuntu 16 (Deb Installer), Debian 8 and 9

#!/bin/bash
mkdir /tmp/ssm
cd /tmp/ssm
wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
sudo dpkg -i amazon-ssm-agent.deb
sudo systemctl enable amazon-ssm-agent

Ubuntu 14 (Deb installer)

#!/bin/bash
mkdir /tmp/ssm
cd /tmp/ssm
wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
sudo dpkg -i amazon-ssm-agent.deb
sudo start amazon-ssm-agent

Suse 15, Suse 12

#!/bin/bash
mkdir /tmp/ssm
cd /tmp/ssm
wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
sudo rpm --install amazon-ssm-agent.rpm
sudo systemctl enable amazon-ssm-agent
sudo systemctl start amazon-ssm-agent

For more information, see User data and the console.

6.    Enter the number of instances to be launched.

7.    Launch your instance(s).

For Windows, see How do I install AWS Systems Manager Agent (SSM Agent) on an Amazon EC2 Windows instance at launch?

Activate SSM Agent auto update

1.    Open the AWS Systems Manager console.

2.    In the navigation pane, choose Fleet Manager.

3.    Choose the Settings tab, and then choose Auto update SSM Agent under Agent auto update.

Note: The Auto update SSM Agent setting applies to all the managed nodes in the Region where this setting is configured.

4.    Then, configure your SSM Agent fleet:

  • To change the version of SSM Agent your fleet updates to, choose Edit under Agent auto update on the Settings tab. Then, enter the version number of SSM Agent you want to update to in Version under Parameters. If the version number isn't specified, then the agent updates to the latest version.
  • To change the defined schedule (the default is to run every 14 days), choose Edit under Agent auto update on the Settings tab. Then, configure your preferred schedule using the On Schedule option under Specify schedule based on Cron and rate expressions for associations.
  • To stop automatically deploying updated versions of SSM Agent to managed nodes in your account, choose Delete under Agent auto update on the Settings tab. This deletes the State Manager association that automatically updates SSM Agent on your managed nodes.

Related information

Automating updates to SSM Agent

Working with SSM Agent on EC2 instances for Linux

Setting up AWS Systems Manager

Working with SSM Agent on EC2 instances for Windows Server

Why is my EC2 instance not displaying as a managed node or showing a "Connection lost" status in Systems Manager?

AWS OFFICIAL
AWS OFFICIALUpdated 10 months ago
4 Comments

If executing the userdata after the initial launch, add the below before your #!/bin/bash :

Content-Type: multipart/mixed; boundary="//" MIME-Version: 1.0

--// Content-Type: text/cloud-config; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="cloud-config.txt"

#cloud-config cloud_final_modules:

  • [scripts-user, always]

--// Content-Type: text/x-shellscript; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="userdata.txt"

replied a year ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied a year ago

When using Graviton hosts, in step 4 replace _amd64 with _arm64 in the .deb or .rpm download URL.

E.g. for RHEL9 you must use:

sudo dnf install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_arm64/amazon-ssm-agent.rpm
AWS
replied 2 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 2 months ago