VPC Endpoint with SSM on EC2


How to adjust SSM Agent configuration for using your virtual private cloud endpoints: AWS provides you with a amazon-ssm-agent.json.template file. In Linux, you can find the file in /etc/amazon/ssm/. In Windows, this file is located in C:\Program Files\Amazon\SSM\.

  1. Create a copy of the .template file and name it amazon-ssm-agent.json.
  2. Open the JSON file. The Mds Endpoint and Ssm Endpoint values are blank by default.
  3. Update the Mds Endpoint with the DNS name of your EC2 Messages Endpoint.
  4. Update the Ssm Endpoint with the DNS name of your SSM Endpoint.
"Mds": {

"CommandWorkersLimit" : 5,

"StopTimeoutMillis" : 20000,

"Endpoint": "vpce-XXXXXXXX-yyyyyyyy.ec2messages.<region>.vpce.amazonaws.com",

"CommandRetryLimit": 15


"Ssm": {

"Endpoint": "vpce-XXXXXXXX-yyyyyyyy.ssm.<region>.vpce.amazonaws.com",

"HealthFrequencyMinutes": 5,

"CustomInventoryDefaultLocation" : "",

"AssociationLogsRetentionDurationHours" : 24,

"RunCommandLogsRetentionDurationHours" : 336,

"SessionLogsRetentionDurationHours" : 336

  1. Save your JSON file.
  2. Restart your SSM Agent.


AWS Marketplace Automation

Share Marketplace subscriptions with your AWS Organization


Jul 21st 2021


David Krohn

Best practices for REST API development

What to consider when designing a REST API


Jun 13th 2021


Walter Kopp

Encryption of SSM session data using KMS

Encrypting session data to handle confidential data interactions


Jun 11th 2021


David Krohn