Automate EC2 into System Manager

Question

Besides setting up DHMC, is there a way to setup either a config rule or event bridge rule, that will check if an ec2 is managed by SM. If not, then either add the correct IAM role, or add device into SM?

Answer

Hello.

The AWS Config rule "ec2-instance-managed-by-systems-manager" may be helpful.  
https://docs.aws.amazon.com/config/latest/developerguide/ec2-instance-managed-by-systems-manager.html

After creating a Config rule using this rule, I think it is possible to have EventBridge detect "complianceType" of "NON_COMPLIANT".  
If you refer to the events in the document below, the event pattern will be as follows.  
https://repost.aws/knowledge-center/config-resource-non-compliant  
```
{
  "source": ["aws.config"],
  "detail-type": ["Config Rules Compliance Change"],
  "detail": {
    "messageType": ["ComplianceChangeNotification"],
    "configRuleName": ["ec2-instance-managed-by-systems-manager"],
    "newEvaluationResult": {
      "complianceType": ["NON_COMPLIANT"]
    }
  }
}
```

Automate EC2 into System Manager

相关内容