Computer Notes/AWS/Setting up Session Manager on Ubuntu: Difference between revisions
From Cramsession
< Computer Notes | AWS
✍️ Verified Author: Mflavell • Click to view professional profile & credentials
(Created page with "== Quick Start: AWS Session Manager on Ubuntu EC2 == A minimal guide for setting up AWS Systems Manager (SSM) Session Manager on Ubuntu instances, including the standard credential fix. === 1. AWS IAM Requirements === The EC2 instance requires an IAM Instance Profile to communicate with AWS. # Create an IAM Role for '''EC2'''. # Attach the AWS-managed policy: <code>AmazonSSMManagedInstanceCore</code> # Attach this IAM role to your EC2 instance ('''EC2 Console''' -> '''...") |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 2: | Line 2: | ||
A minimal guide for setting up AWS Systems Manager (SSM) Session Manager on Ubuntu instances, including the standard credential fix. | A minimal guide for setting up AWS Systems Manager (SSM) Session Manager on Ubuntu instances, including the standard credential fix. | ||
=== 1. AWS IAM Requirements === | === 1. AWS IAM Requirements === | ||
The EC2 instance requires an IAM Instance Profile to communicate with AWS. | The EC2 instance requires an IAM Instance Profile to communicate with AWS. | ||
# Create an IAM Role for '''EC2'''. | # Create an IAM Role for '''EC2'''. | ||
# Attach the AWS-managed policy: <code>AmazonSSMManagedInstanceCore</code> | # Attach the AWS-managed policy: <code>AmazonSSMManagedInstanceCore</code> | ||
# Attach this IAM role to your EC2 instance ('''EC2 Console''' -> '''Actions''' -> '''Security''' -> '''Modify IAM role'''). | # Attach this IAM role to your EC2 instance ('''EC2 Console''' -> '''Actions''' -> '''Security''' -> '''Modify IAM role'''). | ||
=== 2. Ubuntu Agent Setup & Restart === | === 2. Ubuntu Agent Setup & Restart === | ||
Modern Ubuntu AMIs come with the agent pre-installed via Snap. If the agent fails to pick up the IAM role credentials automatically, a service restart is usually required. | Modern Ubuntu AMIs come with the agent pre-installed via Snap. If the agent fails to pick up the IAM role credentials automatically, a service restart is usually required. | ||
==== Check Status ==== | ==== Check Status ==== | ||
sudo systemctl status snap.amazon-ssm-agent.amazon-ssm-agent.service | sudo systemctl status snap.amazon-ssm-agent.amazon-ssm-agent.service | ||
==== Manual Install (If missing) ==== | ==== Manual Install (If missing) ==== | ||
sudo apt-get update | sudo apt-get update | ||
sudo snap install amazon-ssm-agent --classic | sudo snap install amazon-ssm-agent --classic | ||
==== The "Quick & Dirty" Fix (Credential Refresh) ==== | ==== The "Quick & Dirty" Fix (Credential Refresh) ==== | ||
If logs show <code>SSM Agent unable to acquire credentials</code> after attaching the IAM role, kick the service to force a fresh credential poll: | If logs show <code>SSM Agent unable to acquire credentials</code> after attaching the IAM role, kick the service to force a fresh credential poll: | ||
sudo systemctl restart snap.amazon-ssm-agent.amazon-ssm-agent.service | sudo systemctl restart snap.amazon-ssm-agent.amazon-ssm-agent.service | ||
==== View Logs ==== | ==== View Logs ==== | ||
sudo tail -n 50 -f /var/log/amazon/ssm/amazon-ssm-agent.log | sudo tail -n 50 -f /var/log/amazon/ssm/amazon-ssm-agent.log | ||
=== 3. Verification === | === 3. Verification === | ||
# Go to '''AWS EC2 Console'''. | # Go to '''AWS EC2 Console'''. | ||
# Select the instance, click '''Connect'''. | # Select the instance, click '''Connect'''. | ||
Latest revision as of 01:27, 16 June 2026
Quick Start: AWS Session Manager on Ubuntu EC2
A minimal guide for setting up AWS Systems Manager (SSM) Session Manager on Ubuntu instances, including the standard credential fix.
1. AWS IAM Requirements
The EC2 instance requires an IAM Instance Profile to communicate with AWS.
- Create an IAM Role for EC2.
- Attach the AWS-managed policy:
AmazonSSMManagedInstanceCore - Attach this IAM role to your EC2 instance (EC2 Console -> Actions -> Security -> Modify IAM role).
2. Ubuntu Agent Setup & Restart
Modern Ubuntu AMIs come with the agent pre-installed via Snap. If the agent fails to pick up the IAM role credentials automatically, a service restart is usually required.
Check Status
sudo systemctl status snap.amazon-ssm-agent.amazon-ssm-agent.service
Manual Install (If missing)
sudo apt-get update sudo snap install amazon-ssm-agent --classic
The "Quick & Dirty" Fix (Credential Refresh)
If logs show SSM Agent unable to acquire credentials after attaching the IAM role, kick the service to force a fresh credential poll:
sudo systemctl restart snap.amazon-ssm-agent.amazon-ssm-agent.service
View Logs
sudo tail -n 50 -f /var/log/amazon/ssm/amazon-ssm-agent.log
3. Verification
- Go to AWS EC2 Console.
- Select the instance, click Connect.
- Choose the Session Manager tab and click Connect.
- Note: Can take 1–2 minutes to register after a service restart. Ensure port 443 outbound is allowed in Security Groups if it stays greyed out.
