Default Host Management for an organization - Amazon Systems Manager
Enable automatic updates of SSM Agent every two weeks
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Default Host Management for an organization

With Quick Setup, a capability of Amazon Systems Manager, you can activate Default Host Management Configuration for all accounts and Regions that have been added to your organization in Amazon Organizations. This ensures that SSM Agent is kept up to date on all Amazon Elastic Compute Cloud (EC2) instances in the organization, and that they can connect to Systems Manager.

Before you begin

Ensure that the following requirements are met before enabling this setting.

  • The home Region for Quick Setup must already be specified before you complete the follow tasks. For information, see Configure the home Amazon Web Services Region.

  • The latest version of SSM Agent is already installed on all EC2 instances to be managed in your organization.

  • Your EC2 instances to be managed are using Instance Metadata Service Version 2 (IMDSv2).

  • You are signed in to the management account for your organization, as specified in Amazon Organizations, using an Amazon Identity and Access Management (IAM) identity (user, role, or group) with administrator permissions.

Using the default EC2 instance management role

Default Host Management Configuration makes use of the default-ec2-instance-management-role service setting for Systems Manager. This is a role with permissions that you want made available to all accounts in your organization to allow communication between SSM Agent on the instance and the Systems Manager service in the cloud.

If you have already set this role using the update-service-setting CLI command, Default Host Management Configuration uses that role. If you have not set this role yet, Quick Setup will create and apply the role for you.

To check whether this role has already been specified for your organization, use the get-service-setting command.

Enable automatic updates of SSM Agent every two weeks

Use the following procedure to enable the Default Host Management Configuration option for your entire Amazon Organizations organization.

To enable automatic updates of SSM Agent every two weeks

  1. Open the Amazon Systems Manager console at https://console.amazonaws.cn/systems-manager/.

  2. In the navigation pane, choose Quick Setup.

    -or-

    If the Amazon Systems Manager home page opens first, choose the menu icon ( The menu icon ) to open the navigation pane, and then choose Quick Setup in the navigation pane.

  3. On the Default Host Management Configuration card, choose Create.

    Tip

    If you already have one or more configurations in your account, first choose the Library tab or the Create button in the Configurations section to view the cards.

  4. In the Configuration options section, select Enable automatic updates of SSM Agent every two weeks.

  5. Choose Create