AWS Systems Manager (SSM) Hybrid Activations With On Premises Virtual Machines

AWS Systems Manager (SSM) Hybrid Activations With On Premises Virtual Machines

AWS Systems Manager is an infrastructure management platform offered by Amazon Web Services, it’s not limited to the AWS managed EC2 instances and you can now use it to manage your on-prem Virtual Machines using Systems Manager (SSM) Hybrid Activations feature. One of the important feature, which I personally like is SSM Session Manager. It provides you an one-click accessibility to your instance through a web based browser session. Session Manager allows users a secure and auditable session to the instances without opening any ports of your firewall. I wanted to try out the “Hybrid Activations” feature to access one of my running virtual machine on my laptop.

Install SSM Agent On On Premises Ubuntu Server

First of all SSM agent should be installed on your on premises virtual machine. I used ubuntu server 19.10 for this, and I created a virtual machine on my laptop. You can find the steps for the agent installations, in this link for your operating system, this is. specifically for the hybrid activation.

Read More:

I installed agents using snap packaging with the below command.

sudo snap install amazon-ssm-agent –classic

Systems Manager (SSM) Hybrid Activations agent install

Below commands used to list, start and check the status of the agents

To list the installed agents :

sudo snap list amazon-ssm-agent

To start the SSM Agent:

sudo snap start amazon-ssm-agent

To view the status of the service:

sudo snap services amazon-ssm-agent

Systems Manager (SSM) Hybrid Activations status

Create A Hybrid Activations In SSM

Open the Systems Manager and select the Hybrid Activations, and start creating an Activation with “Create an Activation” button

Systems Manager (SSM) Hybrid Activations console

Provide an Activation description, instance limit and select an existing role with relevant permissions or create a new role, and a default instance name for the instance. I have selected, to create a new role in this scenario.

Systems Manager (SSM) Hybrid Activations role

I got an un expected error when, I was creating the new role as below.

Systems Manager (SSM) Hybrid Activations role error

After refreshing the web interface it was picked up the role and, I was able create the activation successfully.

Systems Manager (SSM) Hybrid Activations role created

You can see the “Activation Code” and “Activation ID” at the top of the page and, created Activation will be listed.

Systems Manager (SSM) Hybrid Activations activation id

Register On Premises Virtual Machine With AWS Hybrid Activations

After creating the Hybrid Activations, on premises virtual machine should be registered. To do that below command should be used, I verified the ssh agent in the below screenshot.

sudo /snap/amazon-ssm-agent/current/amazon-ssm-agent -register -code “[activation-code]” -id “[activation-id]” -region “[region]”

Unfortunately, I encountered with the below error:

Failed to load instance info from vault. Registry key does not exist.
Error occurred fetching the seelog config file path: open /etc/amazon/ssm/seelog.xml: no such file or directory
Initializing new seelog logger New Seelog Logger Creation Complete
2020-02-22 04:26:31 ERROR adding the. directory to watcher: no such file. or directory

This is basically due to the seelog.xml file and it was not on the directory

Systems Manager (SSM) Hybrid Activations agent error

Usually, this file is in can be created using the template file located in the “/etc/amazon/ssm/seelog.xml.template” and, I tried to copy this in to the “/etc/amazon/ssm/” location. File even not existed in that location so I searched the file in the file system. I was able to find the template file.

Systems Manager (SSM) Hybrid Activations file location

I created the folder and and coped the template file as a “xml” file removing the template extension. Then ran the command to register the instance and it was successful at this time. It gave me an instance ID which I can referred in the AWS console. Instance ID usually starts with “mi

Systems Manager (SSM) Hybrid Activations copy file

I haven’t started the agent yet, and I checked the console. Instance was successfully listed and ping status was in the “Connection Lost” status.

Systems Manager (SSM) Hybrid Activations connection lost

I started the service and checked the status, it was perfectly running

Systems Manager (SSM) Hybrid Activations service status

Status came online

Systems Manager (SSM) Hybrid Activations online

Connect To The On Premises Instance With Session Manager

Open the session manager, and select the instance. Agent was out of date and update agent command can be executed remotely from the console.

Systems Manager (SSM) Hybrid Activations agent update

Command status can be monitored in the console, waited for couple of minutes until it completed the execution.

Systems Manager (SSM) Hybrid Activations success connection

Go to the Session Manager and select the Instance, start the session

Systems Manager (SSM) Hybrid Activations start session

Clicked On the “Start Session” in the instance window and pop-up window will appear, in my case I had to open the pop-up window manually.

Systems Manager (SSM) Hybrid Activations open popup

Console opened as below and, my on premisses virtual machine was able to access in AWS Session Manager.

Systems Manager (SSM) Hybrid Activations ssm console
Click to rate this post!
[Total: 6 Average: 4.3]

Leave a Reply

Your email address will not be published. Required fields are marked *