VPC Endpoint with SSM on EC2

 
 

How to adjust SSM Agent configuration for using your virtual private cloud endpoints: AWS provides you with a amazon-ssm-agent.json.template file. In Linux, you can find the file in /etc/amazon/ssm/. In Windows, this file is located in C:\Program Files\Amazon\SSM\.

  1. Create a copy of the .template file and name it amazon-ssm-agent.json.
  2. Open the JSON file. The Mds Endpoint and Ssm Endpoint values are blank by default.
  3. Update the Mds Endpoint with the DNS name of your EC2 Messages Endpoint.
  4. Update the Ssm Endpoint with the DNS name of your SSM Endpoint.
"Mds": {

"CommandWorkersLimit" : 5,

"StopTimeoutMillis" : 20000,

"Endpoint": "vpce-XXXXXXXX-yyyyyyyy.ec2messages.<region>.vpce.amazonaws.com",

"CommandRetryLimit": 15

},

"Ssm": {

"Endpoint": "vpce-XXXXXXXX-yyyyyyyy.ssm.<region>.vpce.amazonaws.com",

"HealthFrequencyMinutes": 5,

"CustomInventoryDefaultLocation" : "",

"AssociationLogsRetentionDurationHours" : 24,

"RunCommandLogsRetentionDurationHours" : 336,

"SessionLogsRetentionDurationHours" : 336

},
  1. Save your JSON file.
  2. Restart your SSM Agent.


      

Share your ACM Private CA cross-account

How to automate AWS RAM to share your ACM Private CA cross-account

 

Sep 3rd 2020

 

David Krohn

SCP Best Practices

How to use service control policies to secure resources and avoid unnecessary costs across accounts in your AWS Organization

 

Jul 20th 2020

 

David Krohn

AWS Landing Zone versus AWS Control Tower

What is the difference between AWS Landing Zones and AWS Control Tower? Customized Solution or Managed Service?!

 

Apr 20th 2020

 

David Krohn