3

I have an AWS environment with a few instances that has no SSM agent preinstalled and no keypairs, is there a way to install the SSM agent without logging to my instance with SSH?.

Thanks in advance for your help!.

Ricardo Linares
  • 81
  • 1
  • 5
  • 1
    SSM agent is installed by default on AL2, Ubuntu and some other AMIs. Are you sure you don't have it? If you don't have keypairs, you need to detach the root volumes, mount it somewhere else, and manually setup all the SSM files. – Marcin Mar 14 '20 at 11:16
  • Thanks for your answer, you are right, I just forgot to attach the proper roles to the instances, my bad. It also takes some time to work after attaching the role. – Ricardo Linares Mar 17 '20 at 09:17

2 Answers2

2

Nope. This is a tricky one. The SSM agent must be installed manually when it is not present in the AMI. That simply means that an administrator must run the SSM install commands on the EC2 instance as root. Or Admin when the EC2 instance runs Windows.

Two references: Installing and Configuring SSM Agent on Amazon EC2 Linux Instances

Manually Install SSM Agent on Amazon EC2 Linux Instances

Once you install the agent, managing the EC2 instance is beautiful. No key-pair needed, simply execute commands with AWS System Manager Run Command.

Think fast!

starpebble
  • 504
  • 3
  • 7
  • 2
    Thanks, the issue is solved, I realized it is already installed on Amazon Linux and Ubuntu instances, I just needed to attach the proper role. I also learned that you can install it manually with user data in "View/Change User Data", but you need to stop the instance first. – Ricardo Linares Mar 17 '20 at 09:22
  • Sweet. A pre-installed agent is perfect. – starpebble Mar 18 '20 at 17:25
0

Q: Is there a way to install the SSM agent without logging to my instance with SSH?
A: Yes, you can use Amazon EC2 Instance Connect.

Amazon EC2 Instance Connect provides a simple and secure way to connect to your instances using Secure Shell (SSH). With EC2 Instance Connect, you use AWS Identity and Access Management (IAM) policies and principles to control SSH access to your instances, removing the need to share and manage SSH keys.

(*) Amazon Linux 2 2.0.20190618 or later and Ubuntu 20.04 or later comes preconfigured with EC2 Instance Connect. For other supported Linux distributions, you must set up Instance Connect for every instance that will support using Instance Connect. This is a one-time requirement for each instance.

Links:
Set up EC2 Instance Connect
Connect using EC2 Instance Connect
Securing your bastion hosts with Amazon EC2 Instance Connect

(!) I worked with this python repo - you can just run from the repo’s bin directory:

./mssh <instance-ID>

And you're connected.

Rot-man
  • 18,045
  • 12
  • 118
  • 124