3.1.1. Systems Manager Agent (SSM Agent)
š” First Principle: The Systems Manager Agent (SSM Agent) acts as a local client on EC2 instances and on-premises servers, enabling AWS Systems Manager to perform various operational tasks and collect data.
Scenario: You need to automate patching on your EC2 instances using Systems Manager Patch Manager and collect inventory information using Systems Manager Inventory. However, these features are not working for some instances.
The SSM Agent is a piece of software installed on your EC2 instances or on-premises servers. It processes requests from the AWS Systems Manager service in the cloud and sends back status and execution information. Without the SSM Agent running and properly configured, most Systems Manager capabilities will not function.
Key Roles of the SSM Agent:
- Communication: Facilitates secure communication between your instances and the Systems Manager service.
- Execution: Executes commands sent from Systems Manager (e.g., installing software, running scripts, applying patches).
- Data Collection: Gathers inventory data and sends it to Systems Manager Inventory.
- Prerequisites: Requires an IAM instance profile attached to the EC2 instance (or credentials for on-premises) with permissions to communicate with Systems Manager.
- Installation: Often pre-installed on Amazon Machine Images (AMIs). Can be manually installed or automated via User Data scripts.
ā ļø Common Pitfall: Incorrect IAM instance profile permissions, preventing the SSM Agent from communicating with the Systems Manager service.
Key Trade-Offs: Installing and managing the SSM Agent (minimal overhead) versus manual instance management (high overhead).
Reflection Question: How does the Systems Manager Agent (SSM Agent), by acting as a local client on your EC2 instances and requiring a proper IAM instance profile, enable AWS Systems Manager to perform various operational tasks and collect data?