AWS re:Post Knowledge Center Feedback Survey

Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.

How do I install SSM Agent on an Amazon EC2 Windows instance at launch?

3 minute read

I want to know how to install and update AWS Systems Manager Agent (SSM Agent) on an Amazon Elastic Compute Cloud (Amazon EC2) Windows instance at launch.

Short description

SSM Agent is preinstalled on instances that you create from Amazon Machine Images (AMIs) with the following Windows Server operating systems:

Windows Server 2012 R2 AMIs published in November 2016 or later
Windows Server 2016, 2019, 2022 (excluding Nano versions), and 2025

For more information, see Find AMIs with the SSM Agent preinstalled.

You must manually install SSM Agent on instances that you create from other versions of Windows AMIs, including images imported to AWS.

You can install SSM Agent on multiple existing Amazon EC2 instances. To install SSM Agent on a single node, add user data to an Amazon EC2 Windows instance before you launch the instance. To automatically update SSM Agent, activate SSM Agent auto update in the settings for Fleet Manager, a capability of AWS Systems Manager.

Resolution

Prerequisite: Before you install SSM Agent, verify that your operating system (OS) supports Systems Manager and that you set up Systems Manager correctly.

It’s a best practice to check the status of SSM Agent before you use Systems Manager on an instance for the first time. For instructions, see Verify the status of SSM Agent.

Install SSM Agent on multiple instances

You can automatically update SSM Agent on more than one instance after you launch those instances. For instructions, see Automate installing AWS Systems Manager agent on unmanaged Amazon EC2 nodes.

Add user data to Install SSM Agent to a new instance

For Windows, complete the following steps:

Create an AWS Identity and Access Management (IAM) instance profile to use with SSM Agent.
Launch a new EC2 instance and then configure your instance parameters, such as application and operating system (OS) images, instance type, key pair, network settings, and storage.
Expand the Advanced details section, and then select the instance profile that you created in step 1 from the IAM instance profile dropdown list.

In the User data box, enter the following PowerShell script:

<powershell>$dir = $env:TEMP + "\ssm"  
New-Item -ItemType directory -Path $dir -Force  
cd $dir  
(New-Object System.Net.WebClient).DownloadFile("https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe", $dir + "\AmazonSSMAgentSetup.exe")  
Start-Process .\AmazonSSMAgentSetup.exe -ArgumentList @("/q", "/log", "install.log") -Wait  
</powershell>

For more information about user data, see User data in the AWS Management Console.

Under Summary, enter the number of instances that you want to launch.
Choose Launch instance.

For Linux, see How do I install SSM Agent on an Amazon EC2 Linux instance at launch?

Activate and schedule SSM Agent auto updates

For instructions on how to automatically update SSM Agent, see Automatically updating SSM Agent.

By default, Systems Manager checks for automatic SSM Agent updates every 14 days. To configure a different time frame, navigate to the Agent auto update area and choose Auto update SSM Agent. Then, under Specify schedule, use the On Schedule option to specify your updated schedule.

Note: You can specify a schedule as either a time-based entry, called a cron expression, or a frequency-based entry, called a rate expression. For more information, see Cron and rate expressions for associations.