VPC Endpoint with SSM on EC2

How to adjust SSM Agent configuration for using your virtual private cloud endpoints: AWS provides you with a amazon-ssm-agent.json.template file. In Linux, you can find the file in /etc/amazon/ssm/. In Windows, this file is located in C:\Program Files\Amazon\SSM\.

  1. Create a copy of the .template file and name it amazon-ssm-agent.json.
  2. Open the JSON file. The Mds Endpoint and Ssm Endpoint values are blank by default.
  3. Update the Mds Endpoint with the DNS name of your EC2 Messages Endpoint.
  4. Update the Ssm Endpoint with the DNS name of your SSM Endpoint.
"Mds": {

"CommandWorkersLimit" : 5,

"StopTimeoutMillis" : 20000,

"Endpoint": "vpce-XXXXXXXX-yyyyyyyy.ec2messages.<region>.vpce.amazonaws.com",

"CommandRetryLimit": 15

},

"Ssm": {

"Endpoint": "vpce-XXXXXXXX-yyyyyyyy.ssm.<region>.vpce.amazonaws.com",

"HealthFrequencyMinutes": 5,

"CustomInventoryDefaultLocation" : "",

"AssociationLogsRetentionDurationHours" : 24,

"RunCommandLogsRetentionDurationHours" : 336,

"SessionLogsRetentionDurationHours" : 336

},
  1. Save your JSON file.
  2. Restart your SSM Agent.



SSH and SCP with AWS SSM

Using AWS Session Manager with enhanced SSH and SCP capability to connect to your EC2 without using firewalls and bastion hosts

Sep 1st 2019

David Krohn

Improved Networking For AWS Lambda

Cold starts are a big problem when using AWS Lambda in VPCs, but according to an announcement from the Lambda engineering team, they won't be a problem for much longer.

Sep 1st 2019

Marc Schröter

DevOps on AWS like a Rockstar

DevOps Automation on AWS

Jun 6th 2019

Alan Kiš