Hybrid Instances using SSM VPC Endpoints

0

Hi,
I wish to configure some on-prem RHEL instances as managed, hybrid instances using SSM. But I wish these instances to communicate with SSM VPC Endpoints across a VPN, as opposed to the public SSM endpoints. The documentation suggests this is doable, but I don't understand how to configure the hybrid SSM agents to reference the DNS names of the SSM VPC Endpoints.

Can anyone point me in the right direction with this, please?

Many thanks in advance

Prys

Edited by: prys on May 13, 2020 3:30 AM

prys
asked 3 years ago71 views
1 Answer
0

Ok - I found the answer which consists of editing the /etc/amazon/ssm/amazon-ssm-agent.json file. This file has various sections where you can specify the endpoint and from what I can work out...
Mds Endpoint = ec2messages VPC endpoint
Ssm Endpoint = ssm VPC endpoint
Mgs Endpoint = ssmmessages VPC endpoint

So you just specify the route53 public VPC endpoint hostnames in this file and restart the agent.
This appears to be entirely undocumented but I have had confirmation that customising the agent in this way is a supported configuration.

prys
answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions