How do I add a Lightsail instance to Systems Manager?

4 minute read
0

I want to add my Amazon Lightsail instance to AWS Systems Manager.

Short description

Systems Manager isn't directly available for Lightsail instances.

You can use a hybrid activation to add your Lightsail instance to Systems Manager. To troubleshoot SSH connection issues, use Session Manager to access your Lightsail instance without SSH access. Session Manager is a capability of AWS Systems Manager.

Resolution

Generate a hybrid activation code and ID for Systems Manager

  1. Open the AWS Systems Manager console.
  2. In the navigation pane, under Node Management, choose Hybrid Activations.
  3. Choose Create activation. Use the following parameters:
    Activation description: Enter a description.
    Instance limit: Enter the number of instances that you want to register.
    AM role: Choose Create a system default command execution role that has the required permissions to automatically create a role that's named AmazonEC2RunCommandRoleForManagedInstances.
  4. Choose Create activation.

You receive a message similar to the following:

"You have successfully created a new activation. Your activation code is listed below. Copy this code and keep it in a safe place as you will not be able to access it again.

Activation Code byjELxxxxxxD0jmSP

Activation ID 1d7103ea-xxxxxxxxxxxxxxxx52258ac0b4

You can now install amazon-ssm-agent and manage your instance using Run Command."

Important: Note the Activation Code and Activation ID from the message that you receive.

Add a running Lightsail instance to Systems Manager

Use the following procedure if you have SSH access to the instance through the browser console or through an SSH client. If you don't have SSH access, then see the section Add a Lightsail instance to Systems Manager at launch.

To add a running Lightsail instance to Systems Manager, complete the following steps:

  1. Log in to the Lightsail instance. Install the AWS Systems Manager Agent (SSM Agent):

    sudo mkdir /tmp/ssm
    sudo cd /tmp/ssm
    wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
    sudo dpkg -i amazon-ssm-agent.deb
    sudo systemctl restart amazon-ssm-agent
    sudo systemctl enable amazon-ssm-agent

    Note: These commands install SSM Agent on a Debian Lightsail instance. Bitnami-powered Lightsail instances use the Debian OS. To install other operating systems, see Install SSM Agent for a hybrid and multicloud environment (Linux).

  2. Run the following command to register the instance to Systems Manager. Replace code with your activation code and id with your activation ID. Replace region with your AWS Region:

    sudo amazon-ssm-agent -register -y -id '1d7xxxxxxxxxxxx1a52258ac0b4' -code 'byjELGxxxxxxx0jmSP' -region 'ap-south-1'
    
  3. Run the following command to restart SSM Agent:

    sudo systemctl restart amazon-ssm-agent
  4. In the AWS Systems Manager console, choose Fleet Manager. Your Lightsail Instance appears with an ID that's prefixed with mi-.

  5. Under SSM Agent ping status, verify that the instance is online. If the instance is online, then select the instance.

  6. Choose Instance Actions, and then choose Start Session.

Add a Lightsail instance to Systems Manager at launch

If you experience SSH connection issues, then use the following procedure. 

To add a Lightsail instance to Systems Manager when the instance launches, push the activation code through a user data script:

  1. Take snapshot of the instance.

  2. Launch a new Lightsail instance from the snapshot.

  3. During the instance launch, choose Add launch script.

  4. Add the following code to the Launch script field.  Include the sudo amazon-ssm-agent -register command with your activation ID, activation code, and AWS Region:

    sudo mkdir /tmp/ssm
        sudo cd /tmp/ssm
        wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
        sudo dpkg -i amazon-ssm-agent.deb
        sudo systemctl enable amazon-ssm-agent
        sudo amazon-ssm-agent -register -y -id '1d7xxxxxxxxxxxx1a52258ac0b4' -code 'byjELGxxxxxxx0jmSP' -region 'ap-south-1'
        sudo systemctl restart amazon-ssm-agent

    Note: These commands install the SSM Agent on a Debian Lightsail instance. Bitnami-powered Lightsail instances use the Debian OS. To install other OSs, see Install SSM Agent for a hybrid and multicloud environment (Linux).

  5. Complete the procedure in Add a running Lightsail instance to Systems Manager to access the instance from the AWS Systems Manager console.

AWS OFFICIAL
AWS OFFICIALUpdated 4 months ago
4 Comments

These instructions are not working in my case. And I am testing them with a new instance created from scratch, using DEBIAN 11 template from Amazon Lightsail itself (available images). I also read other posts like this one: https://repost.aws/questions/QUC6_b2TEHTcqDR5rC3ZvrSg/adding-lightsail-instance-to-aws-systems-manager-didn-t-show-in-fleet-manager and the final comments on it didn't help me. I am still testing Lightsail platform and interface, so I wanted to understand this mechanism of troubleshoot an Instance via AWS Systems Manager (just in case), before proceeding to deploy production instances in Lightsail.

By the way, this is the constant error I get after running those commands (again, brand new Debian instance, nothing installed on it, not even firewall):

> sudo -E amazon-ssm-agent -register -code 'xxxxxxx' -id 'xxxxxx' -region 'us-east-1a'  <br>
> Error occurred fetching the seelog config file path:  open /etc/amazon/ssm/seelog.xml: no such file or directory  <br>
> Initializing new seelog logger  <br>
> New Seelog Logger Creation Complete  <br><br>
> ERROR Registration failed due to error registering the instance with AWS SSM. RequestError: send request failed
caused by: Post "https://ssm.us-east-1a.amazonaws.com/": dial tcp: lookup ssm.us-east-1a.amazonaws.com on 172.xx.xx.x:53: no such host  <br><br>

Any clue?

replied 6 months ago

Thank you for your comment. We'll review and update the Knowledge Center article as needed.

profile pictureAWS
MODERATOR
replied 6 months ago

I found what I was doing wrong:

I was using "us-east-1a" (with the "a") as it was shown under my LIGHTSAIL Instances Dashboard. [ Virginia, Zone A (us-east-1a) ]

So, this command:

sudo amazon-ssm-agent -register -y -id xxxxxxxxxxxxxxxx -code Pxxxxxxxxxxxxxxxxxxxx -region us-east-1a

was supposed to be like this:

sudo amazon-ssm-agent -register -y -id xxxxxxxxxxxxxxxx -code Pxxxxxxxxxxxxxxxxxxxx -region us-east-1

Now it is working.

replied 6 months ago

us-east-1a is an availability zone, us-east-1 is a region.

scofri
replied 5 months ago