By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Security group inbound rules for State Manager

0

What security group inbound rule do I need to add that will allow AWS Systems Manager State Manager to run the AWS-RunPowerShellScript document on an association of EC2 Windows instances?

Topics
Networking & Content DeliveryComputeManagement & GovernanceAWS Well-Architected Framework
Tags
Amazon VPCAmazon EC2AWS Systems ManagerSecuritySecurity Group
Language
English
rePost-User-3324188
asked 2 years ago1.5K views
2 Answers
1
Accepted Answer

You don't need to define any inbound rules in the security group. The SSM agent initiates the communication with the service so you only need TCP port 443 open on the outbound as security groups are stateful. You can also use VPC Endpoints within the VPC to communicate with the SSM services. See: Step 4: Create VPC endpoints.

profile pictureAWS
EXPERT
kentrad
answered 2 years ago
profile picture
EXPERT
Antonio_Lagrotteria
reviewed 2 years ago
profile pictureAWS
EXPERT
Tushar_J
reviewed 2 years ago
1

Adding inbound rules to the security group associated with the EC2 managed by Systems Manager is not necessary.

How Moody’s uses AWS Systems Manager to patch servers across multiple cloud providers | AWS Cloud Operations & Migrations Blog

No additional inbound rules are required in the security group created for the EC2 instances in the private subnets.

profile picture
jhashimoto
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content