Systems Manager prerequisites - Amazon Systems Manager
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Systems Manager prerequisites

The prerequisites for using Amazon Systems Manager to manage your Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and virtual machines (VMs) are covered step by step in the Setting Up chapters of this user guide:

This topic provides an overview of these prerequisites.

To complete prerequisites for using Systems Manager

  1. Create an Amazon Web Services account and configure the required Amazon Identity and Access Management (IAM) roles.

  2. Verify that Systems Manager is supported in the Amazon Web Services Regions where you want to use the service.

  3. Verify that your machines run a supported operating system.

  4. For edge devices, verify that your devices are configured to run the Amazon IoT Greengrass Core software. For edge devices that don't run Amazon IoT Greengrass Core software, the machines must be configured as on-premises machines for Systems Manager.

  5. For Amazon EC2 instances, create an IAM instance profile and attach it to your machines.

  6. For on-premises servers, edge devices, and VMs, create an IAM service role.

  7. (Recommended) Create a VPC endpoint in Amazon Virtual Private Cloud (Amazon VPC) to use with Systems Manager.

    If you don't use a VPC endpoint, configure your managed instances to allow HTTPS (port 443) outbound traffic to the Systems Manager endpoints. For information, see (Optional) Create a Virtual Private Cloud endpoint.

  8. For on-premises servers, edge devices, VMs, and Amazon EC2 instances created from Amazon Machine Images (AMIs) that aren't supplied by Amazon, ensure that a Transport Layer Security (TLS) certificate is installed.

  9. For on-premises servers and VMs, register the machines with Systems Manager through the managed instance activation process.

  10. Install or verify installation of the SSM Agent on each of your managed nodes.

Note

SSM Agent initiates all connections to the Systems Manager service in cloud. For this reason, you don't need to configure your firewall to allow inbound traffic to your managed nodes for Systems Manager.

If your managed nodes don't display in Systems Manager after you've follow these steps, see Troubleshooting managed node availability.

Integration with IAM and Amazon EC2

User access to Systems Manager, its capabilities, and its resources are controlled through policies that you use or create in Amazon Identity and Access Management. If you plan to use computing resources provided by Amazon and on-premises servers and virtual machines (VMs), you also need to understand Amazon Elastic Compute Cloud before you set up Systems Manager for your organization. Understanding how these services work is essential to successfully set up Systems Manager.

For more information about Amazon EC2, see the following:

For more information about IAM, see the following: