[AWS]use aws session manage in your on-premise server
If you want use aws ssm manager your on-premise vm or server.
You can follow these steps.
Step 1 : Add IAM Role
create SSM.json file for ssm service
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": {"Service": "ssm.amazonaws.com"},
"Action": "sts:AssumeRole"
}
}
add role
aws iam create-role --role-name SsmForOnPremise --assume-role-policy-document file://SSM.json
attach role policy
aws iam attach-role-policy --role-name SsmForOnPremise --policy-arn arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
create hybrid-activation
aws ssm create-activation --default-instance-name wei-home-server --iam-role SSMForOnPremise --registration-limit 20 --region us-east-1
will result
------------------------------------------------------------------
| CreateActivation |
+-----------------------+----------------------------------------+
| ActivationCode | ActivationId |
+-----------------------+----------------------------------------+
| YourActivationCode | YourActivationID |
+-----------------------+----------------------------------------+
ssh to your on-premise vm/machine
get ssm agent package and install it
must change Region to your region
wget https://s3.Region.amazonaws.com/amazon-ssm-Region/latest/debian_amd64/amazon-ssm-agent.deb
sudo dpkg -i amazon-ssm-agent-deb
after installed, stop service and register vm to system manager
service amazon-ssm-agent stop
amazon-ssm-agent -register -code "YourActivationCode" -id "YourActivationID" -region Region
go back to aws ssm console
in hybrid activations
in session manager console
using aws cli
aws ssm describe-instance-information --region YourRegion
----------------------------------------------------------------
| DescribeInstanceInformation |
+--------------------------------------------------------------+
|| InstanceInformationList ||
|+-------------------+----------------------------------------+|
|| ActivationId | YourActivationID ||
|| AgentVersion | 2.3.1319.0 ||
|| ComputerName | YourOnPremiseVMName ||
|| IPAddress | YourPrivateIP ||
|| IamRole | SSMForOnPremise ||
|| InstanceId | YourInstanceID ||
|| IsLatestVersion | True ||
|| LastPingDateTime | 1593409185.939 ||
|| Name | gordon-server ||
|| PingStatus | Online ||
|| PlatformName | Ubuntu ||
|| PlatformType | Linux ||
|| PlatformVersion | 18.04 ||
|| RegistrationDate | 1593403332.991 ||
|| ResourceType | ManagedInstance ||
|+-------------------+----------------------------------------+|
then use aws ssm start-session to connect
aws ssm start-session --target YourInstanceID --region Yourregion