How do I add a Lightsail instance to Systems Manager?

4 minute read

I want to add my Amazon Lightsail instance to AWS Systems Manager.

Short description

Systems Manager isn't directly available for Lightsail instances.

You can use a hybrid activation to add your Lightsail instance to Systems Manager. To troubleshoot SSH connection issues, use Session Manager to access your Lightsail instance without SSH access. Session Manager is a capability of AWS Systems Manager.

Resolution

Generate a hybrid activation code and ID for Systems Manager

Open the AWS Systems Manager console.
In the navigation pane, under Node Management, choose Hybrid Activations.
Choose Create activation. Use the following parameters:
Activation description: Enter a description.
Instance limit: Enter the number of instances that you want to register.
IAM role: Choose Create a system default command execution role that has the required permissions to automatically create a role that's named AmazonEC2RunCommandRoleForManagedInstances.
Choose Create activation.

You receive a message similar to the following:

"You have successfully created a new activation. Your activation code is listed below. Copy this code and keep it in a safe place as you will not be able to access it again.

Activation Code byjELxxxxxxD0jmSP

Activation ID 1d7103ea-xxxxxxxxxxxxxxxx52258ac0b4

You can now install amazon-ssm-agent and manage your instance using Run Command."

Important: Note the Activation Code and Activation ID from the message that you receive.

Add a running Lightsail instance to Systems Manager

Use the following procedure if you have SSH access to the instance through the browser console or through an SSH client. If you don't have SSH access, then see the section Add a Lightsail instance to Systems Manager at launch.

To add a running Lightsail instance to Systems Manager, complete the following steps:

sudo mkdir /tmp/ssm
sudo cd /tmp/ssm
wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
sudo dpkg -i amazon-ssm-agent.deb
sudo systemctl restart amazon-ssm-agent
sudo systemctl enable amazon-ssm-agent

Note: These commands install SSM Agent on a Debian Lightsail instance. Bitnami-powered Lightsail instances use the Debian OS. To install other operating systems, see How to install the SSM Agent on hybrid Linux nodes.

Run the following command to register the instance to Systems Manager. Replace code with your activation code and id with your activation ID. Replace region with your AWS Region:

sudo amazon-ssm-agent -register -y -id '1d7xxxxxxxxxxxx1a52258ac0b4' -code 'byjELGxxxxxxx0jmSP' -region 'ap-south-1'

Run the following command to restart SSM Agent:

sudo systemctl restart amazon-ssm-agent

In the AWS Systems Manager console, choose Fleet Manager. Your Lightsail Instance appears with an ID that's prefixed with mi-.
Under SSM Agent ping status, verify that the instance is online. If the instance is online, then select the instance.
Choose Instance Actions, and then choose Start Session.

Add a Lightsail instance to Systems Manager at launch

If you experience SSH connection issues, then use the following procedure.

To add a Lightsail instance to Systems Manager when the instance launches, push the activation code through a user data script:

Take snapshot of the instance.
Launch a new Lightsail instance from the snapshot.
During the instance launch, choose Add launch script.

Add the following code to the Launch script field. Include the sudo amazon-ssm-agent -register command with your activation ID, activation code, and AWS Region:

sudo mkdir /tmp/ssm
    sudo cd /tmp/ssm
    wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
    sudo dpkg -i amazon-ssm-agent.deb
    sudo systemctl enable amazon-ssm-agent
    sudo amazon-ssm-agent -register -y -id '1d7xxxxxxxxxxxx1a52258ac0b4' -code 'byjELGxxxxxxx0jmSP' -region 'ap-south-1'
    sudo systemctl restart amazon-ssm-agent

Note: These commands install the SSM Agent on a Debian Lightsail instance. Bitnami-powered Lightsail instances use the Debian OS. To install other operating systems, see How to install the SSM Agent on hybrid Linux nodes.

Complete the procedure in Add a running Lightsail instance to Systems Manager to access the instance from the AWS Systems Manager console.

Topics: Compute
Tags: Amazon Lightsail
Language: English

AWS OFFICIALUpdated 2 years ago

4 Comments

These instructions are not working in my case. And I am testing them with a new instance created from scratch, using DEBIAN 11 template from Amazon Lightsail itself (available images). I also read other posts like this one: https://repost.aws/questions/QUC6_b2TEHTcqDR5rC3ZvrSg/adding-lightsail-instance-to-aws-systems-manager-didn-t-show-in-fleet-manager and the final comments on it didn't help me. I am still testing Lightsail platform and interface, so I wanted to understand this mechanism of troubleshoot an Instance via AWS Systems Manager (just in case), before proceeding to deploy production instances in Lightsail.

By the way, this is the constant error I get after running those commands (again, brand new Debian instance, nothing installed on it, not even firewall):

> sudo -E amazon-ssm-agent -register -code 'xxxxxxx' -id 'xxxxxx' -region 'us-east-1a'  <br>
> Error occurred fetching the seelog config file path:  open /etc/amazon/ssm/seelog.xml: no such file or directory  <br>
> Initializing new seelog logger  <br>
> New Seelog Logger Creation Complete  <br><br>
> ERROR Registration failed due to error registering the instance with AWS SSM. RequestError: send request failed
caused by: Post "https://ssm.us-east-1a.amazonaws.com/": dial tcp: lookup ssm.us-east-1a.amazonaws.com on 172.xx.xx.x:53: no such host  <br><br>

Any clue?

rePost-User-9157369

replied 2 years ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

MODERATOR

AWS Official

replied 2 years ago

I found what I was doing wrong:

I was using "us-east-1a" (with the "a") as it was shown under my LIGHTSAIL Instances Dashboard. [ Virginia, Zone A (us-east-1a) ]

So, this command:

sudo amazon-ssm-agent -register -y -id xxxxxxxxxxxxxxxx -code Pxxxxxxxxxxxxxxxxxxxx -region us-east-1a

was supposed to be like this:

sudo amazon-ssm-agent -register -y -id xxxxxxxxxxxxxxxx -code Pxxxxxxxxxxxxxxxxxxxx -region us-east-1

Now it is working.

rePost-User-9157369

replied 2 years ago

us-east-1a is an availability zone, us-east-1 is a region.

scofri

replied 2 years ago

Relevant content

Adding Lightsail Instance to AWS Systems Manager didn't show in Fleet Manager
Accepted Answer
rePost-User-1572099
asked 3 years ago
Cant register lightsail instance as hybrid in Systems Manager
EddieA
asked 3 years ago
Managing AWS Lightsail instance DNS records from Namecheap
Accepted Answer
Austin
asked 2 years ago
how to add a subdomain to a LIghtsail instance
Accepted Answer
rePost-User-0008248
asked a year ago
Lightsail Instance Management Fails
jF
asked a year ago
How do I use AWS CLI commands to manage my snapshots and create backups for my Lightsail instances?
AWS OFFICIALUpdated 2 years ago
How do I manage a scheduled maintenance notification in Lightsail?
AWS OFFICIALUpdated 19 days ago
How do I use the AWS CLI to manage static IP addresses on my Lightsail instances?
AWS OFFICIALUpdated 2 years ago
How do I get an additional static IP address for my Lightsail account?
AWS OFFICIALUpdated a month ago
Access a private Amazon Redshift from a local machine via a private EC2 instance
EXPERT
Ziad
published 2 years ago