Hybrid Instances using SSM VPC Endpoints

0

Hi,
I wish to configure some on-prem RHEL instances as managed, hybrid instances using SSM. But I wish these instances to communicate with SSM VPC Endpoints across a VPN, as opposed to the public SSM endpoints. The documentation suggests this is doable, but I don't understand how to configure the hybrid SSM agents to reference the DNS names of the SSM VPC Endpoints.

Can anyone point me in the right direction with this, please?

Many thanks in advance

Prys

Edited by: prys on May 13, 2020 3:30 AM

Prys
demandé il y a 4 ans546 vues
1 réponse
0

Ok - I found the answer which consists of editing the /etc/amazon/ssm/amazon-ssm-agent.json file. This file has various sections where you can specify the endpoint and from what I can work out...
Mds Endpoint = ec2messages VPC endpoint
Ssm Endpoint = ssm VPC endpoint
Mgs Endpoint = ssmmessages VPC endpoint

So you just specify the route53 public VPC endpoint hostnames in this file and restart the agent.
This appears to be entirely undocumented but I have had confirmation that customising the agent in this way is a supported configuration.

Prys
répondu il y a 4 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions