Hybrid Instances using SSM VPC Endpoints

Question

Hi,  
I wish to configure some on-prem RHEL instances as managed, hybrid instances using SSM. But I wish these instances to communicate with SSM VPC Endpoints across a VPN, as opposed to the public SSM endpoints. The documentation suggests this is doable, but I don't understand how to configure the hybrid SSM agents to reference the DNS names of the SSM VPC Endpoints.  
  
Can anyone point me in the right direction with this, please?  
  
Many thanks in advance  
  
Prys  
  
Edited by: prys on May 13, 2020 3:30 AM

Answer

Ok - I found the answer which consists of editing the /etc/amazon/ssm/amazon-ssm-agent.json file. This file has various sections where you can specify the endpoint and from what I can work out...  
Mds Endpoint = ec2messages VPC endpoint  
Ssm Endpoint = ssm VPC endpoint  
Mgs Endpoint = ssmmessages VPC endpoint  
  
So you just specify the route53 public VPC endpoint hostnames in this file and restart the agent.  
This appears to be entirely undocumented but I have had confirmation that customising the agent in this way is a supported configuration.

Hybrid Instances using SSM VPC Endpoints

相關內容