AWS Config Rule: EC2 Instance Managed by SSM
EC2_INSTANCE_MANAGED_BY_SSM
Fernando Honig
Last Update 2 mesi fa
Description: Checks whether the Amazon EC2 instances in your account are managed by AWS Systems Manager.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Israel (Tel Aviv), Canada West (Calgary), Europe (Spain) Region
How to Resolve Manually
To resolve this manually, you can run an AWS Systems Manager Automation.
Go to Systems Manager in your AWS Management Console, and select Automation in your left menu under Change Management.
Search for AWS-SetupManagedInstance and click on Execute Automation on the top right.
Indicate the Instance Id. If there are no instances available, remember you need to have AWS SSM Agent installed and the instance must have a role with the AmazonSSMManagedInstanceCore Managed Policy attached to it.
How to Resolve with StackZone
You can resolve this with StackZone by enabling the EC2 SSM Managed Remediation.
Find this under Provisioning -> Baseline Services -> AWS Config Rules Regional -> Amazon EC2 and enable EC2 Instance Managed by SSM Remediation
Once enabled, all your current and new instances created in every account in all enabled regions will be managed by SSM.
Note: This remediation will only install and update the SSM Agent on Windows EC2 Instances. Meaning any Linux or MacOS EC2 Instances will have their remediation fail.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
