Creating an IAM Role and Configuring an EC2 Instance for AWS Systems Manager via the AWS Management Console

30 minutes
  • 3 Learning Objectives

About this Hands-on Lab

In this hands-on lab, you will learn about the IAM role necessary for configuring an EC2 instance with AWS Systems Manager service. We’ll create and attach a role to an EC2 instance via the AWS Management Console (GUI) and confirm that it is configured with SSM service by checking in the Systems Manager console as a managed instance.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create an EC2 IAM Role with SSM Policy for EC2
  1. Access the IAM console and create a role.
  2. Attach the AmazonEC2RoleforSSM policy to the role during creation.
  3. Give your role a name such as MyEC2SSMRole.
  4. Know that when working via GUI, AWS auto-creates an IAM instance profile when you create a role for EC2; whereas working on the CLI, one has to create and attach an IAM instance profile to the IAM role themselves.
Launch an EC2 Instance
  1. Select the latest Amazon Linux 2 AMI once you’re on the AMI selection screen (it has SSM Agent installed).
  2. On instance configuration details page, select the IAM role we created earlier. Leave all configuration details of the instance as default.
  3. Select an existing security group for this instance — it should already be created and named "SG".
  4. Next, add a tag key : Name and with a value MyEC2. You can tag it with whatever value you prefer. We’ll be using the instance tag to identify that SSM can see/communicate with the instance later on.
  5. You don’t need to generate a key pair for this EC2 instance since we won’t be logging into it, so you can "Proceed without a keypair" and finally launch the instance.
Verify the EC2 Instance Is Configured with SSM Service Properly
  1. After creating the EC2 instance, you’ll see the EC2 instance in SSM under Fleet Manager.

Additional Resources

Log in to the live AWS environment using the credentials provided. Make sure you're in the N. Virginia (us-east-1) region throughout the lab.

A subnet (SubnetA) and security group (SG) has already been provisioned as part of this lab to use when running/creating an EC2 instance.

Note: After creating the EC2 instance, you won't find "Managed Instances under Instances & Nodes. You'll see the EC2 instance under Fleet Manager.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?