How to install AWS SSM agent on CentOS 8 | CentOS 7

You can download this article in PDF format via the link below to support us.Download the guide in PDF formatClose

This article provides users with a guide on how to install AWS SSM agent on CentOS 8 and CentOS 7 EC2 Linux instances.

SSM stands for System Manager. It is a management service used to manage servers on AWS. The specific use cases for System Manager are:

Suppose the user wants to configure multiple servers/ec2 instances with the same configuration. Users can use System Manager to run commands on all servers at once, instead of having to do so on every instance at once.

It is also an excellent tool for automating tasks you want to perform on ec2 instances. For example, updating the operating system version or ensuring that your ec2 instance complies with certain management policies.

Systems Manager also allows users to connect to the instance without using ssh or having KeyPairs. This is good for security, because now we don’t have to open port 22 for ssh access.

SSM agent on CentOS 8 | CentOS 7 installation prerequisites

The setup requirements are:

  • An AWS account.
  • Users who have the right to create resources on AWS.
  • IDE for writing and editing CloudFormation templates.

Step 1: Create EC2 instance, configuration file and role

Instead of manually creating a single resource, I used a CloudFormation template. The template will be created;

  • SSM role.
  • The EC2 instance profile of the role created above will be used.
  • EC2 instance security group
  • Finally, the EC2 instance of the SSM agent is installed.

This is my CloudFormation template:

AWSTemplateFormatVersion: "2010-09-09"
Description: "Template to create Centos ec2 instance and install SSM on it"
Parameters:
    VPC:
        Type: String
        Description: The vpc to launch the service
        Default: vpc-ID

    PublicSubnet1:
        Type: String
        Description: The subnet where to launch the ec2
        Default: subnet-ID

Resources:
    IAMInstanceRole:
        Type: 'AWS::IAM::Role'
        Properties:
          Description: The SSM Instance Profile
          RoleName: AWSEC2SSMtest
          AssumeRolePolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Principal:
                  Service:
                  - ec2.amazonaws.com
                Action:
                  - 'sts:AssumeRole'
          ManagedPolicyArns:
            - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM
            - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
          Tags: 
            - 
              Key: "Project"
              Value: "test-blog"
            - 
              Key: "Environment"
              Value: "test"
            - 
              Key: "createdBy"
              Value: "Maureen Barasa"
            - 
              Key: "Name"
              Value: "AWSEC2SSMtest"

    IAMInstanceProfile:
        Type: AWS::IAM::InstanceProfile
        Properties: 
            InstanceProfileName: AWSEC2SSMtest
            Roles: 
             - !Ref IAMInstanceRole
                
    CentosServer:
        Type: "AWS::EC2::Instance"
        Properties:
            ImageId: "ami-ID"
            InstanceType: "t2.micro"
            KeyName: "test-key"
            AvailabilityZone: !Sub "${AWS::Region}a"
            Tenancy: "default"
            DisableApiTermination: true
            SubnetId: !Ref PublicSubnet1
            EbsOptimized: false
            SecurityGroupIds: 
              - !Ref CentosSecurityGroup
            SourceDestCheck: true
            BlockDeviceMappings: 
              - 
                DeviceName: "/dev/xvda"
                Ebs: 
                    Encrypted: false
                    VolumeSize: 20
                    VolumeType: "gp2"
                    DeleteOnTermination: true
            UserData: 
                "Fn::Base64":
                    !Sub |
                       #!/bin/bash
                       cd /tmp
                       sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
                       sudo systemctl enable amazon-ssm-agent
                       sudo systemctl start amazon-ssm-agent
            IamInstanceProfile: !Ref IAMInstanceProfile
            Tags: 
              - 
                Key: "Project"
                Value: "test-blog"
              - 
                Key: "Environment"
                Value: "test"
              - 
                Key: "createdBy"
                Value: "Maureen Barasa"
              - 
                Key: "Name"
                Value: "Test-Centos"
                
    CentosSecurityGroup:
        Type: "AWS::EC2::SecurityGroup"
        Properties:
            GroupDescription: "Security Group to control access to the test Centos server"
            GroupName: "Test-Centos-SG"
            VpcId: !Ref VPC
            SecurityGroupIngress: 
              - 
                CidrIp: 0.0.0.0/0
                FromPort: 22
                IpProtocol: "tcp"
                ToPort: 22
              - 
                CidrIp: 0.0.0.0/0
                FromPort: 443
                IpProtocol: "tcp"
                ToPort: 443                    
Outputs:
  Server1:
    Description: The created studio server
    Value: !Ref CentosServer
    
  SecurityGroup:
    Description: The server sg
    Value: !Ref CentosSecurityGroup   

The parameter section allows users to enter their own values. In our case, users should replace the VPC and subnet ID with the ID in their AWS account.

In the resources section, the template first creates an instance role. The instance role has a trust policy that allows the ec2 instance to assume the role. In addition, the role will have two additional strategies. AmazonEC2RoleforSSM and AmazonSSMManagedInstanceCore. Users can customize the role name and label according to their own choice.

Next, the template will create an instance configuration file and attach the role created above to it. Again, the user can customize the name of the role. Not applicable: The instance profile and role name should be the same. Otherwise, the ec2 instance will not see your role.

Finally, the template will create the ec2 instance security group and ec2 instance. Install the SSM agent using the user-data attribute of the resource. Users can customize the name and label to choose the appropriate options for them. Also, make sure to replace the AMI-ID with the Centos AMI associated with your AWS account.

Step 2: Execute CloudFormation template

You can use CodePipeline to deploy the template, or you can manually deploy the template on the CloudFormation console. In this tutorial, we will use the CloudFormation console.

On the CloudFormation console, click “Create Stack”.

Create stack

Then, choose to create a stack using the new template and resources.

How to install AWS SSM agent on CentOS 8 | CentOS 7Create a stack with new resources

Next choose your template. For our case, we will upload the template we created.

How to install AWS SSM agent on CentOS 8 | CentOS 7Upload our template

On the tab that opens, you will be asked to provide the name of the stack and enter the template parameters. Enter the details of your custom value and click Next.

How to install AWS SSM agent on CentOS 8 | CentOS 7Enter template parameters and stack name

The next tab allows users to add labels to their stack. It also provides users with the option to configure policies and notifications for their stack. When finished, click Next. It will provide you with a “View” tab where users can see an overall view of all the configurations they have made. If the user is satisfied with the displayed content, they can click to create a stack. Then CloudFormation will start creating resources for you.

Manually install SSM agent

If you want to manually install the SSM agent after creating a role with CloudFormation and attaching it to an EC2 instance, please run the following command in the VM console.

sudo yum install -y https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm
sudo systemctl enable amazon-ssm-agent
sudo systemctl start amazon-ssm-agent

Beware of my next tutorial, where I will explain how to deploy CloudFormation templates using CodePipeline.

The following are some good WS learning materials.

books:


Amazon Web Services in action

Amazon Web Services in action

$54.99 $42.67 37 new products in stock starting from $33.77 $36.05 with free shipping

Buy now
How to install AWS SSM agent on CentOS 8 | CentOS 7Amazon.com as of 1:44 pm on October 12, 2020


AWS: The most complete guide to Amazon Web Services from entry to advanced

AWS: The most complete guide to Amazon Web Services from entry to advanced

$21.99 $19.98 in stock 3 new models $19.98 from 1 used $22.11 free shipping

Buy now
How to install AWS SSM agent on CentOS 8 | CentOS 7Amazon.com as of October 12, 2020 1:44 pm


AWS Certified Solution Architect Study Guide: Associated with SAA-C01 Exam

AWS Certified Solution Architect Study Guide: Associated with SAA-C01 Exam

$60.00 $36.56 33 new products in stock, starting from $ 21.99 30 used, prices starting from $ 18.50

Buy now
How to install AWS SSM agent on CentOS 8 | CentOS 7Amazon.com as of October 12, 2020 1:44 pm

Video course:


AWS Certified Solution Architect-Assistant 2020

AWS Certified Solution Architect-Assistant 2020

★★★★★ (190820) $15.34 $153.38 in stock

Buy now

How to install AWS SSM agent on CentOS 8 | CentOS 7Udemy.com


AWS Certified Developer-Assistant 2020

AWS Certified Developer-Assistant 2020

★★★★☆ (37809) $ 15.34 $ 153.38 in stock

Buy now

How to install AWS SSM agent on CentOS 8 | CentOS 7Udemy.com


Final AWS Certified Solution Architect 2020 Assistant

Final AWS Certified Solution Architect 2020 Assistant

★★★★★ (45545) $17.70 $176.97 in stock

Buy now

How to install AWS SSM agent on CentOS 8 | CentOS 7Udemy.com


The final AWS Certified Developer Assistant 2020-New!

The final AWS Certified Developer Assistant 2020-New!

★★★★★ (26983) $ 20.06 $ 200.57 in stock

Buy now

How to install AWS SSM agent on CentOS 8 | CentOS 7Udemy.com

Happy Building! !

You can download this article in PDF format via the link below to support us.Download the guide in PDF formatClose

Sidebar