By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Automate EC2 into System Manager

0

Besides setting up DHMC, is there a way to setup either a config rule or event bridge rule, that will check if an ec2 is managed by SM. If not, then either add the correct IAM role, or add device into SM?

Topics
Management & GovernanceComputeServerlessApplication Integration
Tags
AWS ConfigAmazon EC2Amazon EventBridgeAWS Systems Manager
Language
English
rePost-User-4136916
asked 3 months ago196 views
1 Answer
1

Hello.

The AWS Config rule "ec2-instance-managed-by-systems-manager" may be helpful.
https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-managed-by-systems-manager.html

After creating a Config rule using this rule, I think it is possible to have EventBridge detect "complianceType" of "NON_COMPLIANT".
If you refer to the events in the document below, the event pattern will be as follows.
https://repost.aws/knowledge-center/config-resource-non-compliant

{
  "source": ["aws.config"],
  "detail-type": ["Config Rules Compliance Change"],
  "detail": {
    "messageType": ["ComplianceChangeNotification"],
    "configRuleName": ["ec2-instance-managed-by-systems-manager"],
    "newEvaluationResult": {
      "complianceType": ["NON_COMPLIANT"]
    }
  }
}
profile picture
EXPERT
Riku_Kobayashi
answered 3 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed 24 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content