In this hands-on lab, you will learn about the IAM role necessary for configuring an EC2 instance with AWS Systems Manager service. We’ll create and attach a role to an EC2 instance via the AWS Management Console (GUI) and confirm that it is configured with SSM service by checking in the Systems Manager console as a managed instance.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create an EC2 IAM Role with SSM Policy for EC2
- Access the IAM console and create a role.
- Attach the
AmazonEC2RoleforSSM
policy to the role during creation. - Give your role a name such as
MyEC2SSMRole
. - Know that when working via GUI, AWS auto-creates an IAM instance profile when you create a role for EC2; whereas working on the CLI, one has to create and attach an IAM instance profile to the IAM role themselves.
- Launch an EC2 Instance
- Select the latest Amazon Linux 2 AMI once you’re on the AMI selection screen (it has SSM Agent installed).
- On instance configuration details page, select the IAM role we created earlier. Leave all configuration details of the instance as default.
- Select an existing security group for this instance — it should already be created and named "SG".
- Next, add a tag key :
Name
and with a valueMyEC2
. You can tag it with whatever value you prefer. We’ll be using the instance tag to identify that SSM can see/communicate with the instance later on. - You don’t need to generate a key pair for this EC2 instance since we won’t be logging into it, so you can "Proceed without a keypair" and finally launch the instance.
- Verify the EC2 Instance Is Configured with SSM Service Properly
- In the Systems Manager console, on the options pane to the left of the page, select Managed Instances.
- The instance you created with the SSM role should be visible here confirming you chose the correct AMI and set up the SSM IAM role properly.