Step-by-Step Guide to AWS Systems Manager (EC2 Instances) – Part 1


In this blog post I’ll show you how to configure the relevant components to enable your Amazon EC2 instances to have the ability to be managed via AWS Systems Manager.  In a follow up post, I’ll then show you how to configure the relevant components to allow you to also manage existing on-premises infrastructure via AWS Systems Manager.

There are 2 different types of instances that can be registered with AWS Systems Manager:

  1. Amazon EC2 Instances that are within the Amazon Platform.
  2. On-Premises Instances which are either Physical or Virtual.

In this blog post, I’ll walk through how to get either an Amazon EC2 instance to report into AWS Systems Manager.

Create the IAM Role to enable access for EC2 instances

  • Login to the AWS Management Console.
  • Navigate to Identity and Access Management (IAM).
  • Click Roles.
  • Click Create Role.
  • Select AWS Service and Click EC2.
  • Click Next:Permissions.
  • Filter on ‘SSM’ to make finding the correct policy easier.
  • Select ‘AmazonEC2RoleforSSM’


  • Click Next:Review.
  • Give the IAM Role a name such as ‘ManagedInstanceRoleforSSM’.
  • Click Create Role.

Installing the SSM Agent

The SSM Agent should be pre-installed on an Amazon EC2 instances when it’s launched or at least it was for myself when I deployed the Amazon Linux AMI.  Alternatively, if the SSM Agent isn’t installed on the Amazon EC2 instance then depending upon the operating system you can do the following:

Existing Amazon Linux EC2 instances

  • Create a temporary directory on the instance.


  • Change to the temporary directory.


  • Use one of the following commands to download and run the SSM installer.
  • 64-bit instances:


  • 32-bit instances:


  • Run the following command to determine if SSM Agent is running. The command should return the message “amazon-ssm-agent is running.”

Amazon Linux


Amazon Linux 2

  • Run the following commands if the previous command returns the message “amazon-ssm-agent is stopped.”
    • Start the service.


Amazon Linux


Amazon Linux 2



  • Check the status of the agent.

Amazon Linux


Amazon Linux 2


For detailed instructions on alternative distribution of Linux such as RHEL, CentOS, Ubuntu then go to Manually Install SSM Agent on Amazon EC2 Linux Instances.

Existing Microsoft Windows EC2 instances

  • Log in to your instance by using, for example, Remote Desktop or Windows PowerShell.
  • Download the latest version of SSM Agent to your instance:

  • Start or restart SSM Agent (AmazonSSMAgent.exe) using the Windows Services Control Panel or by sending the following command in PowerShell:


Assign the IAM Role to the EC2 instance

  • Login to the Amazon Console
  • Navigate to EC2
  • Navigate to Instances and Click Instances
  • Tick the EC2 instance that you wish to assign the IAM Role to
  • Click Actions
  • Select Instance Settings and then Select Attach/Replace IAM Role
  • Select the IAM Role that was created specifically for allowing EC2 access to SSM
  • Click Apply

Review within AWS Systems Manager

  • Login to the AWS Management Console
  • Navigate to Systems Manager
  • Click Managed Instances

If the EC2 instance has registered successfully you should see it listed similarly as below:


One thought on “Step-by-Step Guide to AWS Systems Manager (EC2 Instances) – Part 1

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s