1. Answers
  2. Configuring AWS EC2 Instance with SSM Integration

How do I configure an AWS EC2 instance with SSM integration?

Configuring an AWS EC2 Instance with SSM Integration

In this guide, we will create an AWS EC2 instance and enable AWS Systems Manager (SSM) to manage it. SSM allows you to securely manage your EC2 instances without needing to open SSH/RDP ports or maintain bastion hosts.

Key Steps

  1. Create an IAM Role and Policy: This role allows the EC2 instance to communicate with SSM.
  2. Launch an EC2 Instance: We’ll launch the EC2 instance with the created IAM role.
  3. Enable SSM Agent: Ensure the SSM Agent is installed and configured on the EC2 instance.

Let’s dive into the details with the following code block.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create an IAM role for EC2 with SSM permissions
const ssmRole = new aws.iam.Role("ssm_role", {
    name: "ec2_ssm_role",
    assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": "sts:AssumeRole",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Effect": "Allow",
      "Sid": ""
    }
  ]
}
`,
});
// Attach the AmazonSSMManagedInstanceCore policy to the role
const ssmRolePolicy = new aws.iam.RolePolicyAttachment("ssm_role_policy", {
    role: ssmRole.name,
    policyArn: "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
});
// Create an IAM instance profile
const ssmInstanceProfile = new aws.iam.InstanceProfile("ssm_instance_profile", {
    name: "ec2_ssm_instance_profile",
    role: ssmRole.name,
});
// Create a security group for the instance
const ec2Sg = new aws.ec2.SecurityGroup("ec2_sg", {
    namePrefix: "ec2_sg",
    egress: [{
        fromPort: 0,
        toPort: 0,
        protocol: "-1",
        cidrBlocks: ["0.0.0.0/0"],
    }],
});
// Launch an EC2 instance
const myInstance = new aws.ec2.Instance("my_instance", {
    ami: "ami-0c55b159cbfafe1f0",
    instanceType: aws.ec2.InstanceType.T2_Micro,
    iamInstanceProfile: ssmInstanceProfile.name,
    securityGroups: [ec2Sg.name],
    tags: {
        Name: "TestInstance",
    },
});
export const instanceId = myInstance.id;
export const instanceIp = myInstance.publicIp;

Key Points

  • IAM Role and Policy: We created an IAM role with a policy to allow the EC2 instance to communicate with SSM.
  • EC2 Instance: An EC2 instance was launched with the specified AMI and instance profile.
  • Security Group: A security group allowing all outbound traffic was defined and attached to the instance.
  • Outputs: Instance ID and public IP address are exported for ease of access.

Summary

In this example, we successfully configured an AWS EC2 instance with integration into AWS SSM. This setup enhances the management by allowing secure, agent-based access and management of the instance.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up