By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

SSM & DHMC - EC2 Credentials

0

I've been looking at DHMC which was announced a couple of months ago. I've followed the documentation at https://docs.aws.amazon.com/systems-manager/latest/userguide/managed-instances-default-host-management.html.

I've followed the steps in the document, and then created an EC2 instance running Amazon Linux 2023, with no instance profile and have updated amazon-ssm-agent which now shows

# yum info amazon-ssm-agent
Last metadata expiration check: 0:18:08 ago on Thu Apr 27 16:30:17 2023.
Installed Packages
Name         : amazon-ssm-agent
Version      : 3.2.815.0
Release      : 1
Architecture : x86_64
Size         : 100 M
Source       : amazon-ssm-agent-3.2.815.0-1.src.rpm
Repository   : @System
From repo    : @commandline
Summary      : Manage EC2 Instances using SSM APIs
URL          : http://docs.aws.amazon.com/ssm/latest/APIReference/Welcome.html
License      : Apache License, Version 2.0
Description  : This package provides Amazon SSM Agent for managing EC2 Instances using SSM APIs

Enabling DHMC, I can see the instance in fleet manager, and I can connect via Session Manager to the instance. However, if I try and run any AWS CLI commands, I get an error Unable to locate credentials. You can configure credentials by running "aws configure".

Is there anyway to assign the aws identity automatically for the DHMC EC2 instances?

Topics
ComputeManagement & Governance
Tags
Amazon EC2AWS Systems ManagerAmazon Linux
Language
English
profile picture
Simon Hanmer
asked a year ago465 views
1 Answer
0

Yes, you can use an instance profile to automatically assign an AWS Identity and Access Management (IAM) role to your DHMC EC2 instances. To do so, you can create an IAM role with the necessary permissions and then create an instance profile that is associated with that role.

Here are the high-level steps to achieve this:

  1. Create an IAM role with the necessary permissions for your EC2 instances to interact with AWS services.
  2. Create an instance profile and associate it with the IAM role.
  3. Launch your DHMC EC2 instances with the instance profile.

Once you have done this, the AWS CLI should be able to automatically retrieve credentials for your IAM role and your EC2 instances will be able to interact with AWS services without having to manually configure credentials.

You can find more detailed instructions on how to create an IAM role and instance profile in the AWS documentation: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#create-iam-role.

hash
answered a year ago
  • Harikrishna
    2 months ago

    Hi, Manually attaching the instance profile to the EC2 instance works fine but is there a way to make the DHMC role assumed by all the EC2 instances automatically?

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content