Last updated on April 10, 2023
AWS Systems Manager’s Fleet Manager is a useful tool for managing Amazon EC2 instances on your account. It allows you to establish a private session to your instances, view detailed information about the instance, run automation such as patch installations, or execute specific Run commands to the instance’s operating system. It can also be used to manage on-premises servers or virtual machines.
Using AWS Systems Manager tools requires that an IAM role is created and attached as an instance profile to your EC2 instances. It also requires that the Systems Manager Agent is installed on the instances.
The Systems Manager agent comes pre-installed on popular AMIs such as Amazon Linux, Ubuntu, SUSE Linux Enterprise, Ubuntu, and Windows Server. The installation of SSM Agent on other operating systems is fairly easy and straightforward. However, attaching an appropriate IAM instance profile on each of the instances in your account must be done manually and if not done properly, can risk your instances being inaccessible, becoming less secure, or may fall out of your defined security compliances. To solve this problem, AWS introduced the Default Host Management Configuration setting in AWS Systems Manager.
What is Default Host Management Configuration?
When enabled, the Default Host Management Configuration on AWS Systems Manager allows the automatic enrollment and management of Amazon EC2 instances to the Systems Manager even without attaching an instance profile to them. The only requirement is to have the AWS Systems Manager Agent (SSM Agent) version 3.2.532.0 or later installed on the instance.
It is recommended to enable the Default Host Management Configuration setting to ensure all instances on your AWS account are managed by AWS Systems Manager Fleet Manager.
Follow the proceeding steps to enable this setting on your account.
- Navigate to the Systems Manager console > Fleet Manager.
- Under Account Management, click Default Host Management Configuration.
- Click Enable Default Host Management Configuration, and select the IAM role to be used.
- It is recommended to allow AWS to create the role with the default permissions. However, if you created your own IAM role, you can select it on the drop-down options, or if you need to customize the policies on the IAM role, you can do it later after the IAM role creation.
- Click Configure to apply the changes.
Once enabled, all Amazon EC2 instances become managed instances, and you should be able to see the instances in the Systems Manager Fleet Manager section.
The benefits of managed instances include the following:
- Securely connect to your instances using Session Manager.
- Perform automated daily patch scans using Patch Manager.
- Get a complete view of your instances using Inventory.
- Track your instances using Fleet Manager.
- Automatically update the SSM Agent.
Additionally, any new Amazon EC2 instances created on your account will be automatically managed on Fleet Manager as long as the SSM Agent is installed on the instance.
Resources:
https://docs.aws.amazon.com/systems-manager/latest/userguide/quick-setup-host-management.html