1. AI Environment Standardization via AWS SSM Association


    AWS Systems Manager (SSM) is a service that allows you to automate the management and maintenance of your EC2 instances and your on-premises servers and VMs in your hybrid environment. One of the capabilities of SSM is State Manager, which helps to define and maintain consistent configuration of your environments.

    An SSM Document defines the actions that Systems Manager performs on your managed instances. An SSM Association is a configuration that applies an SSM Document to a set of instances. This association can specify parameters and a schedule that determines how the document should be applied. This is useful to enforce a standard setup for your environments.

    In the Pulumi program below, we will:

    1. Create an SSM Document that, for example, installs and starts an Apache web server on your instances.
    2. Define an SSM Association to apply this document to a target set of instances based on tags.
    3. The program will create the infrastructure and demonstrate how you can manage the configuration of your instances automatically.

    Here is a comprehensive Pulumi program that will create an SSM Document and Association:

    import pulumi import pulumi_aws as aws # Create a Managed Instance Role for SSM role = aws.iam.Role("role", assume_role_policy="""{ "Version": "2012-10-17", "Statement": [{ "Action": "sts:AssumeRole", "Effect": "Allow", "Principal": { "Service": "ssm.amazonaws.com" } }] }""") # Attach the AmazonSSMManagedInstanceCore policy to the role role_policy_attachment = aws.iam.RolePolicyAttachment("role_policy_attachment", role=role, policy_arn="arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore") # Define the content of the SSM document # This content should describe the configuration you want on your instances. # For example, the content below will ensure an Apache web server is installed and running. ssm_document_content = { "schemaVersion": "2.2", "description": "Install and run apache.", "mainSteps": [{ "action": "aws:runShellScript", "name": "installApache", "inputs": { "runCommand": [ "yum install -y httpd", "systemctl start httpd", "systemctl enable httpd" ] } }] } # Create an SSM Document that defines actions to be performed on instances ssm_document = aws.ssm.Document("ssmDocument", content=pulumi.Output.json(ssm_document_content), document_type="Command") # Define an instance to associate with the SSM Document instance = aws.ec2.Instance("instance", # Other required configuration # make sure the instance is using the role created above iam_instance_profile=role.name, tags={"Environment": "production"}) # Create the association of the SSM Document with the target instances association = aws.ssm.Association("association", name=ssm_document.name, targets=[{ "key": "tag:Environment", "values": ["production"], }], # Optionally, schedule the association to apply the document at a certain interval schedule_expression="rate(30 minutes)") # Export the URL of the instance to be able to access it later pulumi.export('instance_url', pulumi.Output.concat('http://', instance.public_dns))


    • We define an IAM role and attach the requisite policy that grants permission to manage instances with Systems Manager.

    • Next, we create an SSM Document (aws.ssm.Document) that describes the configuration that we want to apply. In this case, it's a shell script to install and start an Apache web server.

    • We create an EC2 instance and specify that it should use the role we created so it can be managed by SSM.

    • Lastly, we set up an SSM Association (aws.ssm.Association) that ties the document to targets. In this case, we target the instances with the tag key "Environment" and the value "production".

    • An optional schedule_expression is provided to specify that this association should be applied every 30 minutes. This is helpful if you want to ensure that your configuration is enforced regularly.

    • We export the public DNS of the instance to access the Apache web server once it's running.

    When this program runs, Pulumi will provision the instances and set up SSM to make sure that our configuration is applied correctly. You can adjust the ssm_document_content to apply different configurations as per your standardization requirements.