AWS Systems Manager is an infrastructure management platform offered by Amazon Web Services, it’s not limited to the AWS managed EC2 instances and you can now use it to manage your on-prem Virtual Machines using Systems Manager (SSM) Hybrid Activations feature. One of the important feature, which I personally like is SSM Session Manager. It provides you an one-click accessibility to your instance through a web based browser session. Session Manager allows users a secure and auditable session to the instances without opening any ports of your firewall. I wanted to try out the “Hybrid Activations” feature to access one of my running virtual machine on my laptop.
Install SSM Agent On On Premises Ubuntu Server
First of all SSM agent should be installed on your on premises virtual machine. I used ubuntu server 19.10 for this, and I created a virtual machine on my laptop. You can find the steps for the agent installations, in this link for your operating system, this is. specifically for the hybrid activation.
- How To Access EC2 Instances With AWS Systems Manager (SSM), Session Manager
- Start Working With VMware Fusion Project Nautilus
- VMware Hands On Labs (HOL) And Tanzu Mission Control
- Building A Kubernetes Cluster on AWS With Terraform, Ansible And GitLab CI/CD
I installed agents using snap packaging with the below command.
sudo snap install amazon-ssm-agent –classic
Below commands used to list, start and check the status of the agents
To list the installed agents :
sudo snap list amazon-ssm-agent
To start the SSM Agent:
sudo snap start amazon-ssm-agent
To view the status of the service:
sudo snap services amazon-ssm-agent
Create A Hybrid Activations In SSM
Open the Systems Manager and select the Hybrid Activations, and start creating an Activation with “Create an Activation” button
Provide an Activation description, instance limit and select an existing role with relevant permissions or create a new role, and a default instance name for the instance. I have selected, to create a new role in this scenario.
I got an un expected error when, I was creating the new role as below.
After refreshing the web interface it was picked up the role and, I was able create the activation successfully.
You can see the “Activation Code” and “Activation ID” at the top of the page and, created Activation will be listed.
Register On Premises Virtual Machine With AWS Hybrid Activations
After creating the Hybrid Activations, on premises virtual machine should be registered. To do that below command should be used, I verified the ssh agent in the below screenshot.
sudo /snap/amazon-ssm-agent/current/amazon-ssm-agent -register -code “[activation-code]” -id “[activation-id]” -region “[region]”
Unfortunately, I encountered with the below error:
Error occurred fetching the seelog config file path: open /etc/amazon/ssm/seelog.xml: no such file or directory
Initializing new seelog logger New Seelog Logger Creation Complete
2020-02-22 04:26:31 ERROR adding the. directory to watcher: no such file. or directory
This is basically due to the seelog.xml file and it was not on the directory
Usually, this file is in can be created using the template file located in the “/etc/amazon/ssm/seelog.xml.template” and, I tried to copy this in to the “/etc/amazon/ssm/” location. File even not existed in that location so I searched the file in the file system. I was able to find the template file.
I created the folder and and coped the template file as a “xml” file removing the template extension. Then ran the command to register the instance and it was successful at this time. It gave me an instance ID which I can referred in the AWS console. Instance ID usually starts with “mi“
I haven’t started the agent yet, and I checked the console. Instance was successfully listed and ping status was in the “Connection Lost” status.
I started the service and checked the status, it was perfectly running
Status came online
Connect To The On Premises Instance With Session Manager
Open the session manager, and select the instance. Agent was out of date and update agent command can be executed remotely from the console.
Command status can be monitored in the console, waited for couple of minutes until it completed the execution.
Go to the Session Manager and select the Instance, start the session
Clicked On the “Start Session” in the instance window and pop-up window will appear, in my case I had to open the pop-up window manually.
Console opened as below and, my on premisses virtual machine was able to access in AWS Session Manager.