aws/amazon-ssm-agent aws/amazon-ssm-agent

  • Stars
    star
    975
  • Rank 46,967 (Top 1.0 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created almost 9 years ago
  • Updated about 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
aws/amazon-ssm-agent
github

aws

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An agent to enable remote management of your EC2 instances, on-premises servers, or virtual machines (VMs).

ReportCard Build Status

Amazon SSM Agent

The Amazon EC2 Simple Systems Manager (SSM) Agent is software developed for the Simple Systems Manager Service. The SSM Agent is the primary component of a feature called Run Command.

Overview

The SSM Agent runs on EC2 instances and enables you to quickly and easily execute remote commands or scripts against one or more instances. The agent uses SSM documents. When you execute a command, the agent on the instance processes the document and configures the instance as specified. Currently, the agent and Run Command enable you to quickly run Shell scripts on an instance using the AWS-RunShellScript SSM document. SSM Agent also enables the Session Manager capability that lets you manage your Amazon EC2 instance through an interactive one-click browser-based shell or through the AWS CLI. The first time a Session Manager session is started on an instance, the agent will create a user called "ssm-user" with sudo or administrator privilege. Session Manager sessions will be launched in context of this user.

Verify Requirements

Setup

Executing Commands

SSM Run Command Walkthrough Using the AWS CLI

Starting Sessions

Session Manager Walkthrough Using the AWS Console and CLI

Troubleshooting

Troubleshooting SSM Run Command Troubleshooting SSM Session Manager

Feedback

Thank you for helping us to improve Systems Manager, Run Command and Session Manager. Please send your questions or comments to Systems Manager Forums

Building inside docker container (Recommended)

docker build -t ssm-agent-build-image .
  • Build the agent
docker run -it --rm --name ssm-agent-build-container -v `pwd`:/amazon-ssm-agent ssm-agent-build-image make build-release

Building on Linux

  • Install go Getting started

  • Install rpm-build and rpmdevtools

  • Cross Compile SSM Agent

  • Run make build to build the SSM Agent for Linux, Debian, Windows environment.

  • Run make build-release to build the agent and also packages it into a RPM, DEB and ZIP package.

The following folders are generated when the build completes:

bin/debian_386
bin/debian_amd64
bin/linux_386
bin/linux_amd64
bin/linux_arm
bin/linux_arm64
bin/windows_386
bin/windows_amd64
  • To enable the Agent for Session Manager scenario on Windows instances
    • Clone the repo from https://github.com/masatma/winpty.git
    • Follow instructions on https://github.com/rprichard/winpty to build winpty 64-bit binaries
    • Copy the winpty.dll and winpty-agent.exe to the bin/SessionManagerShell folder For the Windows Operating System, Session Manager is only supported on Windows Server 2008 R2 through Windows Server 2019 64-bit versions.

Please follow the user guide to copy and install the SSM Agent

Code Layout

  • Source code
    • Core functionality such as worker management is under core/
    • Agent worker code is under agent/
    • Other functionality such as IPC is under common/
  • Vendor package source code is under vendor/src
  • rpm and dpkg artifacts are under packaging
  • build scripts are under Tools/src

Linting

To lint the entire module call the lint-all target. This executes golangci-lint on all packages in the module. You can configure golangci-lint with different linters using the .golangci.yml file.

For golangci-lint installation instructions see https://golangci-lint.run/usage/install/ For more information on the golangci-lint configuration file see https://golangci-lint.run/usage/configuration/ For more information on the linters used see https://golangci-lint.run/usage/linters/

GOPATH

To use vendor dependencies, the suggested GOPATH format is :<packagesource>/vendor:<packagesource>

Make Targets

The following targets are available. Each may be run with make <target>.

Make Target Description
build (Default) build builds the agent for Linux, Debian, Darwin and Windows amd64 and 386 environment
build-release build-release checks code style and coverage, builds the agent and also packages it into a RPM, DEB and ZIP package
release release checks code style and coverage, runs tests, packages all dependencies to the bin folder.
package package packages build result into a RPM, DEB and ZIP package
pre-build pre-build goes through Tools/src folder to make sure all the script files are executable
checkstyle checkstyle runs the checkstyle script
quick-integtest quick-integtest runs all tests tagged with integration using go test
quick-test quick-test runs all the tests including integration and unit tests using go test
coverage coverage runs all tests and calculate code coverage
build-linux build-linux builds the agent for execution in the Linux amd64 environment
build-windows build-windows builds the agent for execution in the Windows amd64 environment
build-darwin build-darwin builds the agent for execution in the Darwin amd64 environment
build-linux-386 build-linux-386 builds the agent for execution in the Linux 386 environment
build-windows-386 build-windows-386 builds the agent for execution in the Windows 386 environment
build-darwin-386 build-darwin-386 builds the agent for execution in the Darwin 386 environment
build-arm build-arm builds the agent for execution in the arm environment
build-arm64 build-arm64 builds the agent for execution in the arm64 environment
lint-all lint-all runs golangci-lint on all packages. golangci-lint is configured by .golangci.yml
package-rpm package-rpm builds the agent and packages it into a RPM package for Linux amd64 based distributions
package-deb package-deb builds the agent and packages it into a DEB package Debian amd64 based distributions
package-win package-win builds the agent and packages it into a ZIP package Windows amd64 based distributions
package-rpm-386 package-rpm-386 builds the agent and packages it into a RPM package for Linux 386 based distributions
package-deb-386 package-deb-386 builds the agent and packages it into a DEB package Debian 386 based distributions
package-win-386 package-win-386 builds the agent and packages it into a ZIP package Windows 386 based distributions
package-rpm-arm64 package-rpm-arm64 builds the agent and packages it into a RPM package Linux arm64 based distributions
package-deb-arm package-deb-arm builds the agent and packages it into a DEB package Debian arm based distributions
package-deb-arm64 package-deb-arm64 builds the agent and packages it into a DEB package Debian arm64 based distributions
package-linux package-linux create update packages for Linux and Debian based distributions
package-windows package-windows create update packages for Windows based distributions
package-darwin package-darwin create update packages for Darwin based distributions
get-tools get-tools gets gocode and oracle using go get
clean clean removes build artifacts

Contributing

Contributions and feedback are welcome! Proposals and Pull Requests will be considered and responded to. Please see the CONTRIBUTING.md file for more information.

Amazon Web Services does not currently provide support for modified copies of this software.

Runtime Configuration

To set up your own custom configuration for the agent:

  • Navigate to /etc/amazon/ssm/ (or C:\Program Files\Amazon\SSM for windows)
  • Copy the contents of amazon-ssm-agent.json.template to a new file amazon-ssm-agent.json
  • Restart agent

Config Property Definitions:

  • Profile - represents configurations for aws credential profile used to get managed instance role and credentials
    • ShareCreds (boolean)
      • Default: true
    • ShareProfile (string)
    • ForceUpdateCreds (boolean) - overwrite shared credentials file if existing one cannot be parsed
      • Default: false
    • KeyAutoRotateDays (int) - defines the maximum age in days for on-prem private key, default value might change to 30 in the close future
      • Default: 0 (never rotate)
  • Mds - represents configuration for Message delivery service (MDS) where agent listens for incoming messages
    • CommandWorkersLimit (int)
      • Default: 5
    • StopTimeoutMillis (int64)
      • Default: 20000
    • Endpoint (string)
    • CommandRetryLimit (int)
      • Default: 15
  • Ssm - represents configuration for Simple Systems Manager (SSM)
    • Endpoint (string)
    • HealthFrequencyMinutes (int)
      • Default: 5
    • CustomInventoryDefaultLocation (string)
    • AssociationLogsRetentionDurationHours (int)
      • Default: 24
    • RunCommandLogsRetentionDurationHours (int)
      • Default: 336
    • SessionLogsRetentionDurationHours (int)
      • Default: 336
    • PluginLocalOutputCleanup (string) - Configure when after execution it is safe to delete local plugin output logs in orchestration folder
      • Default: "" - Don't delete logs immediately after execution. Fall back to AssociationLogsRetentionDurationHours, RunCommandLogsRetentionDurationHours, and SessionLogsRetentionDurationHours
      • OptionalValue: "after-execution" - Delete plugin output file locally after plugin execution
      • OptionalValue: "after-upload" - Delete plugin output locally after successful s3 or cloudWatch upload
    • OrchestrationDirectoryCleanup (string) - Configure only when it is safe to delete orchestration folder after document execution. This config overrides PluginLocalOutputCleanup when set.
      • Default: "" - Don't delete orchestration folder after execution
      • OptionalValue: "clean-success" - Deletes the orchestration folder only for successful document executions.
      • OptionalValue: "clean-success-failed" - Deletes the orchestration folder for successful and failed document executions.
  • Mgs - represents configuration for Message Gateway service
    • Region (string)
    • Endpoint (string)
    • StopTimeoutMillis (int64)
      • Default: 20000
    • SessionWorkersLimit (int)
      • Default: 1000
    • DeniedPortForwardingRemoteIPs ([]string)
      • Default: ["169.254.169.254", "fd00:ec2::254", "169.254.169.253", "fd00:ec2::253"]
  • Agent - represents metadata for amazon-ssm-agent
    • Region (string)
    • OrchestrationRootDir (string)
      • Default: "orchestration"
    • SelfUpdate (boolean)
      • Default: false
    • TelemetryMetricsToCloudWatch (boolean)
      • Default: false
    • TelemetryMetricsToSSM (boolean)
      • Default: true
    • AuditExpirationDay (int)
      • Default: 7
    • LongRunningWorkerMonitorIntervalSeconds (int)
      • Default: 60
    • GoMaxProcForAgentWorker (int)
      • Default: 0
  • Os - represents os related information, will be logged in reply messages
    • Lang (string)
      • Default: "en-US"
    • Name (string)
    • Version (string)
      • Default: 1
  • S3 - represents configurations related to S3 bucket and key for SSM. Endpoint and region are typically determined automatically, and should only be set if a custom endpoint is required. LogBucket and LogKey are currently unused.
    • Endpoint (string)
      • Default: ""
    • Region (string) - Ignored
    • LogBucket (string) - Ignored
    • LogKey (string) - Ignored
  • Kms - represents configuration for Key Management Service if encryption is enabled for this session (i.e. kmsKeyId is set or using "Port" plugin)
    • Endpoint (string)

Release

After the SSM Agent source code has been released to github, it can take up to 2 weeks for the install packages to propagate to all AWS regions.

The following commands can be used to pull the VERSION file and check the latest agent available in a region.

  • Regional Bucket (Non-CN) - curl https://s3.{region}.amazonaws.com/amazon-ssm-{region}/latest/VERSION
    • Replace {region} with region code like us-east-1.
  • Regional Bucket (CN) - curl https://s3.{region}.amazonaws.com.cn/amazon-ssm-{region}/latest/VERSION
    • Replace {region} with region code cn-north-1, cn-northwest-1.
  • Global Bucket - curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/VERSION

License

The Amazon SSM Agent is licensed under the Apache 2.0 License.

More Repositories

1

aws-cli

Universal Command Line Interface for Amazon Web Services
Python
14,304
star
2

chalice

Python Serverless Microframework for AWS
Python
10,654
star
3

aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
JavaScript
10,440
star
4

amazon-sagemaker-examples

Example ๐Ÿ““ Jupyter notebooks that demonstrate how to build, train, and deploy machine learning models using ๐Ÿง  Amazon SageMaker.
Jupyter Notebook
9,542
star
5

serverless-application-model

The AWS Serverless Application Model (AWS SAM) transform is a AWS CloudFormation macro that transforms SAM templates into CloudFormation templates.
Python
9,342
star
6

aws-sdk-js

AWS SDK for JavaScript in the browser and Node.js
JavaScript
7,476
star
7

aws-sam-cli

CLI tool to build, test, debug, and deploy Serverless applications using AWS SAM
Python
6,506
star
8

aws-sdk-php

Official repository of the AWS SDK for PHP (@awsforphp)
PHP
5,886
star
9

containers-roadmap

This is the public roadmap for AWS container services (ECS, ECR, Fargate, and EKS).
Shell
5,164
star
10

karpenter

Karpenter is a Kubernetes Node Autoscaler built for flexibility, performance, and simplicity.
Go
4,615
star
11

s2n-tls

An implementation of the TLS/SSL protocols
C
4,465
star
12

aws-sdk-java

The official AWS SDK for Java 1.x. The AWS SDK for Java 2.x is available here: https://github.com/aws/aws-sdk-java-v2/
Java
4,117
star
13

aws-lambda-go

Libraries, samples and tools to help Go developers develop AWS Lambda functions.
Go
3,624
star
14

aws-sdk-pandas

pandas on AWS - Easy integration with Athena, Glue, Redshift, Timestream, Neptune, OpenSearch, QuickSight, Chime, CloudWatchLogs, DynamoDB, EMR, SecretManager, PostgreSQL, MySQL, SQLServer and S3 (Parquet, CSV, JSON and EXCEL).
Python
3,537
star
15

copilot-cli

The AWS Copilot CLI is a tool for developers to build, release and operate production ready containerized applications on AWS App Runner or Amazon ECS on AWS Fargate.
Go
3,488
star
16

aws-sdk-ruby

The official AWS SDK for Ruby.
Ruby
3,462
star
17

amazon-freertos

DEPRECATED - See README.md
C
2,535
star
18

aws-sdk-go-v2

AWS SDK for the Go programming language.
Go
2,518
star
19

aws-sdk-js-v3

Modularized AWS SDK for JavaScript.
TypeScript
2,476
star
20

jsii

jsii allows code in any language to naturally interact with JavaScript classes. It is the technology that enables the AWS Cloud Development Kit to deliver polyglot libraries from a single codebase!
TypeScript
2,371
star
21

sagemaker-python-sdk

A library for training and deploying machine learning models on Amazon SageMaker
Python
2,095
star
22

amazon-vpc-cni-k8s

Networking plugin repository for pod networking in Kubernetes using Elastic Network Interfaces on AWS
Go
2,071
star
23

aws-eks-best-practices

A best practices guide for day 2 operations, including operational excellence, security, reliability, performance efficiency, and cost optimization.
Python
2,022
star
24

amazon-ecs-agent

Amazon Elastic Container Service Agent
Go
2,005
star
25

lumberyard

Amazon Lumberyard is a free AAA game engine deeply integrated with AWS and Twitch โ€“ with full source.
C++
1,965
star
26

aws-sdk-net

The official AWS SDK for .NET. For more information on the AWS SDK for .NET, see our web site:
1,945
star
27

eks-anywhere

Run Amazon EKS on your own infrastructure ๐Ÿš€
Go
1,899
star
28

aws-sdk-java-v2

The official AWS SDK for Java - Version 2
Java
1,822
star
29

aws-sdk-cpp

AWS SDK for C++
1,779
star
30

amazon-ecs-cli

The Amazon ECS CLI enables users to run their applications on ECS/Fargate using the Docker Compose file format, quickly provision resources, push/pull images in ECR, and monitor running applications on ECS/Fargate.
Go
1,725
star
31

aws-sdk-php-laravel

A Laravel 5+ (and 4) service provider for the AWS SDK for PHP
PHP
1,589
star
32

serverless-java-container

A Java wrapper to run Spring, Spring Boot, Jersey, and other apps inside AWS Lambda.
Java
1,483
star
33

aws-node-termination-handler

Gracefully handle EC2 instance shutdown within Kubernetes
Go
1,443
star
34

aws-lambda-dotnet

Libraries, samples and tools to help .NET Core developers develop AWS Lambda functions.
C#
1,430
star
35

aws-fpga

Official repository of the AWS EC2 FPGA Hardware and Software Development Kit
VHDL
1,380
star
36

eks-distro

Amazon EKS Distro (EKS-D) is a Kubernetes distribution based on and used by Amazon Elastic Kubernetes Service (EKS) to create reliable and secure Kubernetes clusters.
Shell
1,263
star
37

eks-charts

Amazon EKS Helm chart repository
Mustache
1,184
star
38

s2n-quic

An implementation of the IETF QUIC protocol
Rust
1,152
star
39

aws-toolkit-vscode

CodeWhisperer, CodeCatalyst, Local Lambda debug, SAM/CFN syntax, ECS Terminal, AWS resources
TypeScript
1,150
star
40

opsworks-cookbooks

Chef Cookbooks for the AWS OpsWorks Service
Ruby
1,058
star
41

aws-codebuild-docker-images

Official AWS CodeBuild repository for managed Docker images http://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref.html
Dockerfile
1,032
star
42

aws-iot-device-sdk-js

SDK for connecting to AWS IoT from a device using JavaScript/Node.js
JavaScript
957
star
43

aws-iot-device-sdk-embedded-C

SDK for connecting to AWS IoT from a device using embedded C.
C
926
star
44

aws-health-tools

The samples provided in AWS Health Tools can help users to build automation and customized alerting in response to AWS Health events.
Python
887
star
45

aws-graviton-getting-started

Helping developers to use AWS Graviton2, Graviton3, and Graviton4 processors which power the 6th, 7th, and 8th generation of Amazon EC2 instances (C6g[d], M6g[d], R6g[d], T4g, X2gd, C6gn, I4g, Im4gn, Is4gen, G5g, C7g[d][n], M7g[d], R7g[d], R8g).
Python
850
star
46

aws-app-mesh-examples

AWS App Mesh is a service mesh that you can use with your microservices to manage service to service communication.
Shell
844
star
47

deep-learning-containers

AWS Deep Learning Containers (DLCs) are a set of Docker images for training and serving models in TensorFlow, TensorFlow 2, PyTorch, and MXNet.
Python
800
star
48

aws-parallelcluster

AWS ParallelCluster is an AWS supported Open Source cluster management tool to deploy and manage HPC clusters in the AWS cloud.
Python
782
star
49

aws-lambda-runtime-interface-emulator

Go
771
star
50

aws-toolkit-jetbrains

AWS Toolkit for JetBrains - a plugin for interacting with AWS from JetBrains IDEs
Kotlin
735
star
51

graph-notebook

Library extending Jupyter notebooks to integrate with Apache TinkerPop, openCypher, and RDF SPARQL.
Jupyter Notebook
706
star
52

aws-iot-device-sdk-python

SDK for connecting to AWS IoT from a device using Python.
Python
670
star
53

amazon-chime-sdk-js

A JavaScript client library for integrating multi-party communications powered by the Amazon Chime service.
TypeScript
655
star
54

amazon-ec2-instance-selector

A CLI tool and go library which recommends instance types based on resource criteria like vcpus and memory
Go
642
star
55

studio-lab-examples

Example notebooks for working with SageMaker Studio Lab. Sign up for an account at the link below!
Jupyter Notebook
625
star
56

aws-secretsmanager-agent

The AWS Secrets Manager Agent is a local HTTP service that you can install and use in your compute environments to read secrets from Secrets Manager and cache them in memory.
Rust
584
star
57

event-ruler

Event Ruler is a Java library that allows matching many thousands of Events per second to any number of expressive and sophisticated rules.
Java
564
star
58

aws-sdk-rails

Official repository for the aws-sdk-rails gem, which integrates the AWS SDK for Ruby with Ruby on Rails.
Ruby
554
star
59

aws-mwaa-local-runner

This repository provides a command line interface (CLI) utility that replicates an Amazon Managed Workflows for Apache Airflow (MWAA) environment locally.
Shell
553
star
60

amazon-eks-pod-identity-webhook

Amazon EKS Pod Identity Webhook
Go
534
star
61

aws-lambda-java-libs

Official mirror for interface definitions and helper classes for Java code running on the AWS Lambda platform.
C++
518
star
62

aws-lambda-base-images

506
star
63

aws-appsync-community

The AWS AppSync community
HTML
495
star
64

sagemaker-training-toolkit

Train machine learning models within a ๐Ÿณ Docker container using ๐Ÿง  Amazon SageMaker.
Python
493
star
65

dotnet

GitHub home for .NET development on AWS
487
star
66

aws-cdk-rfcs

RFCs for the AWS CDK
JavaScript
476
star
67

aws-sam-cli-app-templates

Python
472
star
68

aws-elastic-beanstalk-cli-setup

Simplified EB CLI installation mechanism.
Python
453
star
69

amazon-cloudwatch-agent

CloudWatch Agent enables you to collect and export host-level metrics and logs on instances running Linux or Windows server.
Go
403
star
70

secrets-store-csi-driver-provider-aws

The AWS provider for the Secrets Store CSI Driver allows you to fetch secrets from AWS Secrets Manager and AWS Systems Manager Parameter Store, and mount them into Kubernetes pods.
Go
393
star
71

amazon-braket-examples

Example notebooks that show how to apply quantum computing in Amazon Braket.
Python
376
star
72

aws-for-fluent-bit

The source of the amazon/aws-for-fluent-bit container image
Shell
375
star
73

aws-pdk

The AWS PDK provides building blocks for common patterns together with development tools to manage and build your projects.
TypeScript
361
star
74

aws-extensions-for-dotnet-cli

Extensions to the dotnet CLI to simplify the process of building and publishing .NET Core applications to AWS services
C#
346
star
75

aws-sdk-php-symfony

PHP
346
star
76

aws-app-mesh-roadmap

AWS App Mesh is a service mesh that you can use with your microservices to manage service to service communication
344
star
77

aws-lambda-builders

Python library to compile, build & package AWS Lambda functions for several runtimes & framework
Python
337
star
78

aws-iot-device-sdk-python-v2

Next generation AWS IoT Client SDK for Python using the AWS Common Runtime
Python
335
star
79

constructs

Define composable configuration models through code
TypeScript
332
star
80

pg_tle

Framework for building trusted language extensions for PostgreSQL
C
329
star
81

graph-explorer

React-based web application that enables users to visualize both property graph and RDF data and explore connections between data without having to write graph queries.
TypeScript
321
star
82

aws-codedeploy-agent

Host Agent for AWS CodeDeploy
Ruby
316
star
83

aws-sdk-ruby-record

Official repository for the aws-record gem, an abstraction for Amazon DynamoDB.
Ruby
313
star
84

aws-ops-wheel

The AWS Ops Wheel is a randomizer that biases for options that havenโ€™t come up recently; you can also outright cheat and specify the next result to be generated.
JavaScript
308
star
85

aws-xray-sdk-python

AWS X-Ray SDK for the Python programming language
Python
304
star
86

sagemaker-inference-toolkit

Serve machine learning models within a ๐Ÿณ Docker container using ๐Ÿง  Amazon SageMaker.
Python
303
star
87

efs-utils

Utilities for Amazon Elastic File System (EFS)
Python
286
star
88

amazon-ivs-react-native-player

A React Native wrapper for the Amazon IVS iOS and Android player SDKs.
TypeScript
286
star
89

sagemaker-spark

A Spark library for Amazon SageMaker.
Scala
282
star
90

apprunner-roadmap

This is the public roadmap for AWS App Runner.
280
star
91

aws-xray-sdk-go

AWS X-Ray SDK for the Go programming language.
Go
274
star
92

aws-toolkit-eclipse

(End of life: May 31, 2023) AWS Toolkit for Eclipse
Java
273
star
93

elastic-beanstalk-roadmap

AWS Elastic Beanstalk roadmap
272
star
94

aws-logging-dotnet

.NET Libraries for integrating Amazon CloudWatch Logs with popular .NET logging libraries
C#
271
star
95

sagemaker-tensorflow-training-toolkit

Toolkit for running TensorFlow training scripts on SageMaker. Dockerfiles used for building SageMaker TensorFlow Containers are at https://github.com/aws/deep-learning-containers.
Python
270
star
96

aws-lc-rs

aws-lc-rs is a cryptographic library using AWS-LC for its cryptographic operations. The library strives to be API-compatible with the popular Rust library named ring.
Rust
263
star
97

elastic-load-balancing-tools

AWS Elastic Load Balancing Tools
Java
262
star
98

aws-step-functions-data-science-sdk-python

Step Functions Data Science SDK for building machine learning (ML) workflows and pipelines on AWS
Python
261
star
99

amazon-braket-sdk-python

A Python SDK for interacting with quantum devices on Amazon Braket
Python
254
star
100

aws-xray-sdk-node

The official AWS X-Ray SDK for Node.js.
JavaScript
248
star