AWS Config Rule: EC2 Instance Managed by SSM


Fernando Honig

Last Update 2 months ago

Description: Checks whether the Amazon EC2 instances in your account are managed by AWS Systems Manager. 

Trigger type: Configuration changes

AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Melbourne), Europe (Spain), Europe (Zurich) Region

How to Resolve Manually

To resolve this manually, you can run an AWS Systems Manager Automation.

Go to Systems Manager in your AWS Management Console, and select Automation in your left menu under Change Management.

Search for AWS-SetupManagedInstance and click on Execute Automation on the top right.

Indicate the Instance Id. If there are no instances available, remember you need to have AWS SSM Agent installed and the instance must have a role with the AmazonSSMManagedInstanceCore Managed Policy attached to it.

How to Resolve with StackZone

You can resolve this with StackZone by enabling the EC2 SSM Managed Remediation.

Find this under Provisioning -> Baseline Services -> AWS Config Rules Regional -> Amazon EC2 and enable EC2 Instance Managed by SSM Remediation

Once enabled, all your current and new instances created in every account in all enabled regions will be managed by SSM.  

Note: This remediation will only install and update the SSM Agent on Windows EC2 Instances. Meaning any Linux or MacOS EC2 Instances will have their remediation fail.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

1 out of 1 liked this article

Still need help? Message Us