In this hands-on lab, you will learn about the IAM role necessary for configuring an EC2 instance with AWS Systems Manager service. We’ll create and attach a role to an EC2 instance via the AWS Management Console (GUI) and confirm that it is configured with SSM service by checking in the Systems Manager console as a managed instance.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Create an EC2 IAM Role with SSM Policy for EC2
- Access the IAM console and create a role.
- Attach the
AmazonEC2RoleforSSMpolicy to the role during creation. - Give your role a name such as
MyEC2SSMRole. - Know that when working via GUI, AWS auto-creates an IAM instance profile when you create a role for EC2; whereas working on the CLI, one has to create and attach an IAM instance profile to the IAM role themselves.
- Launch an EC2 Instance
- Select the latest Amazon Linux 2 AMI once you’re on the AMI selection screen (it has SSM Agent installed).
- On instance configuration details page, select the IAM role we created earlier. Leave all configuration details of the instance as default.
- Select an existing security group for this instance — it should already be created and named "SG".
- Next, add a tag key :
Nameand with a valueMyEC2. You can tag it with whatever value you prefer. We’ll be using the instance tag to identify that SSM can see/communicate with the instance later on. - You don’t need to generate a key pair for this EC2 instance since we won’t be logging into it, so you can "Proceed without a keypair" and finally launch the instance.
- Verify the EC2 Instance Is Configured with SSM Service Properly
- After creating the EC2 instance, you’ll see the EC2 instance in SSM under
Fleet Manager.
- After creating the EC2 instance, you’ll see the EC2 instance in SSM under
