Systems Manager Setup
-
Create a IAM role with policy AmazonEC2RoleforSSM for ec2 machine to connect to Systems manager.
-
Create a IAM user with policy AmazonSSMFullAccess(also look into other ssm policies).
-
In the onpremise or ec2 machines ssm agent has to be installed. To install ssm agent refer
-
Only when you install ssm agent and have necessary IAM Permissions(roles/user), then the ec2 machine/virtual machine will be managed instance.
Other Capabilities
-
Sessions Manager: No need for bastion host. You can connect to machines in vpc with only private ip’s and execute your configruation.
-
Patch Manager: From Patch manager you create or manage os patchin
-
Shared Resources: Build Resuable Document (like Run-AWSShellScript) & store common parameters in Parameters store.