Hybrid Instances using SSM VPC Endpoints


I wish to configure some on-prem RHEL instances as managed, hybrid instances using SSM. But I wish these instances to communicate with SSM VPC Endpoints across a VPN, as opposed to the public SSM endpoints. The documentation suggests this is doable, but I don't understand how to configure the hybrid SSM agents to reference the DNS names of the SSM VPC Endpoints.

Can anyone point me in the right direction with this, please?

Many thanks in advance


Edited by: prys on May 13, 2020 3:30 AM

asked 3 years ago71 views
1 Answer

Ok - I found the answer which consists of editing the /etc/amazon/ssm/amazon-ssm-agent.json file. This file has various sections where you can specify the endpoint and from what I can work out...
Mds Endpoint = ec2messages VPC endpoint
Ssm Endpoint = ssm VPC endpoint
Mgs Endpoint = ssmmessages VPC endpoint

So you just specify the route53 public VPC endpoint hostnames in this file and restart the agent.
This appears to be entirely undocumented but I have had confirmation that customising the agent in this way is a supported configuration.

answered 3 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions