# Install agents on EC2 instances with SSM
<a name="CloudWatch-NetworkFlowMonitor-agents-ec2-install-ssm"></a>

Network Flow Monitor agents provide performance metrics about network flows. Follow the steps in this section to install and work with Network Flow Monitor agents on EC2 instances, by using Amazon Systems Manager. If you use Kubernetes, skip to the next sections for information about installing agents with Amazon EKS clusters or self-managed Kubernetes clusters.

Network Flow Monitor provides a Distributor package for you in Systems Manager to use to install or uninstall agents. In addition, Network Flow Monitor provides a document to activate or deactivate agents, by using the Document Type command. Use standard Systems Manager procedures to use the package and the document, or follow the steps provided here for detailed guidance.

For more information in general about using Systems Manager, see the following documentation:
+ [Amazon Systems Manager Run Command](https://docs.amazonaws.cn/systems-manager/latest/userguide/run-command.html)
+ [Amazon Systems Manager Distributor](https://docs.amazonaws.cn/systems-manager/latest/userguide/distributor.html)

Complete the steps in the following sections to configure permissions, install, and work with Network Flow Monitor agents.

**Contents**
+ [Install or uninstall agents](#CloudWatch-NetworkFlowMonitor-agents-ec2-install)
+ [Activate or deactivate agents](#CloudWatch-NetworkFlowMonitor-agents-ec2-manage)

## Install or uninstall agents by using Systems Manager
<a name="CloudWatch-NetworkFlowMonitor-agents-ec2-install"></a>

Network Flow Monitor provides a distributor package in Amazon Systems Manager for you to install Network Flow Monitor agents: **AmazonCloudWatchNetworkFlowMonitorAgent**. To access and run the package to install agents, follow the steps provided here. 

**To install agents in EC2 instances**

1. In the Amazon Web Services Management Console, in Amazon Systems Manager, under **Node Tools**, choose **Distributor**.

1. Under **Owned by Amazon**, locate the Network Flow Monitor package, **AmazonCloudWatchNetworkFlowMonitorAgent**, and select it.

1. In the **Run command** flow, choose **Install one time** or **Install on schedule**.

1. In the **Target selection** section, choose how you want to select your EC2 instances to install agents on. You can select instances based on tags, choose instances manually, or base the choice on resource groups. 

1. In the **Commmand parameters** section, under **Action**, choose **Install**.

1. Scroll down, if necessary, and then choose **Run** to start the installation.

If the installation is successful and the instances have permissions to access Network Flow Monitor endpoints, the agent will start collecting metrics and send reports to the Network Flow Monitor backend. 

Agents that are active (sending metrics data) incur billing costs. For more information about Network Flow Monitor and Amazon CloudWatch pricing, see Network Monitoring on the [Amazon CloudWatch pricing](https://www.amazonaws.cn//cloudwatch/pricing/) page. If you don't need metrics data temporarily, you can deactivate an agent. For more information, see [Activate or deactivate agents](#CloudWatch-NetworkFlowMonitor-agents-ec2-manage). If you no longer need Network Flow Monitor agents, you can uninstall them from the EC2 instances.

**To uninstall agents from EC2 instances**

1. In the Amazon Web Services Management Console, in Amazon Systems Manager, under **Node Tools**, choose **Distributor**.

1. Under **Owned by Amazon**, locate the Network Flow Monitor package, **AmazonCloudWatchNetworkFlowMonitorAgent**, and select it.

1. In the **Commmand parameters** section, under **Action**, choose **Uninstall**.

1. Select the EC2 instances to uninstall agents from. 

1. Scroll down, if necessary, and then choose **Run** to start the installation.

## Activate or deactivate agents by using Systems Manager
<a name="CloudWatch-NetworkFlowMonitor-agents-ec2-manage"></a>

After you install a Network Flow Monitor agent with SSM, you must activate it to receive network flow metrics from the instance where it's installed. Agents that are active (sending metrics data) incur billing costs. For more information about Network Flow Monitor and Amazon CloudWatch pricing, see Network Monitoring on the [Amazon CloudWatch pricing](https://www.amazonaws.cn//cloudwatch/pricing/) page. If you don't need metrics data temporarily, you can deactivate an agent to prevent ongoing billing for the agent.

Network Flow Monitor provides a document in Amazon Systems Manager that you can use activate or deactivate agents that you've installed on your EC2 instances. By running this document to manage the agents, you can activate them to begin receiving performance metrics. Or, you can deactivate them to temporarily stop metrics from being sent,without uninstalling the agents.

The document in SSM that you can use to activate or deactivate agents is called **AmazonCloudWatch-NetworkFlowMonitorManageAgent**. To access and run the document, follow the steps in the procedure. 

**To activate or deactivate Network Flow Monitor agents**

1. In the Amazon Web Services Management Console, in Amazon Systems Manager, under **Change Management Tools**, choose **Documents**.

1. Under **Owned by Amazon**, locate the Network Flow Monitor document, **AmazonCloudWatch-NetworkFlowMonitorManageAgent**, and select the document.

1. In the **Target selection** section, choose how you want to select your EC2 instances to install agents on. You can select instances based on tags, choose instances manually, or base the choice on resource groups. 

1. In the **Command parameters** section, under **Action**, choose **Activate** or **Deactivate**, depending on the action that you want to take for the agents.

1. Scroll down, if necessary, and then choose **Run** to start the installation.