DEV Community

Cover image for Managing on-prem systems with AWS Systems Manager : a Hands-On Guide
LionelPJ for AWS Community Builders

Posted on

Managing on-prem systems with AWS Systems Manager : a Hands-On Guide

Photo by Florian Gagnepain on Unsplash


In my last article I shared with you how to enable ssm on your account. Today, we are going to see how to manage on-prem systems using SSM.

My setup:

If you don't have an on-prem box, you may simulate the environment. Otherwise, please skip this section.

For simulating an on-prem system, I downloaded VMWare Fusion (personal use image) for my MacBook Pro (Apple M1 Chipset). I also downloaded Debian (arm based image) as my linux OS that I plan to install within VMWare. These selections are very specific to my system. Feel free to make relevant choices based on your OS.

In essence, you will need a virtual machine (and for which you can download either Oracle VirtualBox or VMWare) and any Linux or Windows image that you are comfortable with.
To reduce redundancy, for this guide I will share my steps based on my system. I hope that you figure out the right options that work for you!

Step 1: Create an IAM Role For Hybrid Activation

Let's create an IAM role for EC2 with the following attributes
Name : HybridActivation
Permissions: AmazonEC2RoleForSSM
Trust Relationship: change ec2 to ssm instead

Your trust policy should now look similar to the one given below -



{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "ssm.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}


Enter fullscreen mode Exit fullscreen mode

Step 2: Create a Hybrid Activation

Visit the Systems Manager page and click Hybrid Activations from the menu on the left side (seen under Node Management).

Provide the following details in the screen:

Description: ForLocalVm1
Instance Limit: leave at 1
IAM Role: select HybridActivation from existing roles

Now click Create activation button and copy the activation code and id into a scratch pad. You will need it in the next step to register the vm

Step 3: Registering the on-prem system

I assume by this time you have installed and you have your on-prem box ready. Login to the system with super user privileges. Visit the page https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-manual-agent-install.html and click on the link specific to your underlying OS and follow the instructions to install the ssm agent. In my case its Debian with an install page as seen here - https://docs.aws.amazon.com/systems-manager/latest/userguide/agent-install-deb.html

Now after the installation steps, I would suggest to stop the agent with the command



systemctl stop amazon-ssm-agent


Enter fullscreen mode Exit fullscreen mode

Next, issue the registration command with the template



amazon-ssm-agent -register -code "pastCodeHere" -id "pasteIdHere" -region us-east-1


Enter fullscreen mode Exit fullscreen mode

So if my Activation Code is apBIZ1Mz+RKDh+wgViz39d and Activation ID is 2a70c0a0-c2de-4f39-84ea-7cc17377e3a3 then the command would be



amazon-ssm-agent -register -code "apBIZ1Mz+RKDh+wgViz39d" -id "2a70c0a0-c2de-4f39-84ea-7cc17377e3a3" -region us-east-1


Enter fullscreen mode Exit fullscreen mode

Now, start your agent again using the command



systemctl start amazon-ssm-agent


Enter fullscreen mode Exit fullscreen mode

Step 4: Verify using Systems Manager

Visit Hybrid Activations inside Systems Manager, you should see your new instance listed there

Image description

Now you can use Sessions Manager to login to the machine successfully!

To verify that this is the same machine you could try any of the following commands on your ssm session and your virtual machine for comparison. They should be same.



cat /etc/os-release
hostname
hostname -I


Enter fullscreen mode Exit fullscreen mode

Any command within the session can be used to add in preventive measures or control, based on your needs!

Next Steps

Think about your on-prem environment and how it can be managed by the power of using Systems Manager to roll out changes across the environment or come up with your own innovative solutions.

If you are here - Congratulations!
You just learned how to manage a virtual machine using Systems Manager!

[about Lionel Pulickal]

Lionel is a Solutions Architect who has worked in the IT industry since 1997. He has all the three AWS associate level exams, the Solution Architect Professional and Networking Specialty exams under his belt. He loves hands-on and is always willing to share the knowledge he has gained over the years.

Top comments (0)