How do I install AWS Systems Manager Agent (SSM Agent) on an Amazon EC2 Windows instance at launch?

Short description

By default, SSM Agent is installed on Windows Server 2012 R2 AMIs published in November 2016 or later. SSM Agent is also installed, by default, on Windows Server 2016, 2019 and 2022 AMIs.

You must manually install SSM Agent on Amazon EC2 instances created from other versions of Windows AMIs, including images imported to AWS. You can install SSM Agent by adding user data to an Amazon EC2 Windows instance before the launch. You can keep the SSM Agent up to date by activating SSM Agent auto update under Fleet Manager settings.

As of January 14, 2020, Windows Server 2008 is no longer supported for feature or security updates from Microsoft. Legacy AMIs for Windows Server 2008 and 2008 R2 still include version 2 of SSM Agent preinstalled. AWS Systems Manager no longer officially supports 2008 versions, and no longer updates the agent for these versions of Windows Server. SSM Agent version 3.0 might not be compatible with all operations on Windows Server 2008 and 2008 R2. The final officially supported version of SSM Agent for Windows Server 2008 versions is 2.3.1644.0.

Important: Before installing SSM Agent, make sure that the following requirements are met:

• AWS System Manager - Supported Operating Systems
• Systems Manager Prerequisites

Resolution

Install SSM Agent to a newly launched instance by adding user data

1.    Create an AWS Identity and Access Management (IAM) instance profile to use with SSM Agent.

2.    Launch a new Amazon Elastic Compute Cloud (Amazon EC2) instance. Then, configure your instance parameters, such as application and OS images, instance type, key pair, network settings, and storage.

3.    Expand the Advanced Details section, in the IAM Instance Profile dropdown list, select the instance profile that you created in step 1.

4.    In the User data box, enter the following information:

<powershell>
$dir = $env:TEMP + "\ssm"
New-Item -ItemType directory -Path $dir -Force
cd $dir
(New-Object System.Net.WebClient).DownloadFile("https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe", $dir + "\AmazonSSMAgentSetup.exe")
Start-Process .\AmazonSSMAgentSetup.exe -ArgumentList @("/q", "/log", "install.log") -Wait
</powershell>

For more information, see User data and the console.

5.    Enter the number of instances to be launched.

6.    Launch your instances.

For Linux, see How do I install AWS Systems Manager Agent (SSM Agent) on an Amazon EC2 Linux instance at launch?

Activate SSM Agent auto update

1.    Open the AWS Systems Manager console.

2.    In the navigation pane, choose Fleet Manager.

3.    Choose the Settings tab, and then choose Auto update SSM Agent under Agent auto update.

Note: The Auto update SSM Agent setting applies to all of the managed nodes in the Region where this setting is configured.

4.    Then, configure your SSM Agent fleet:

• To change the version of SSM Agent that your fleet updates to, choose Edit under Agent auto update on the Settings tab. Then, enter the version number of SSM Agent you want to update to in Version under Parameters. If not specified, the agent updates to the latest version.
• To change the defined schedule (by default it's set to run every 14 days), choose Edit under Agent auto update on the Settings tab. Then, configure your preferred schedule using the On Schedule option under Specify schedule based on Cron and rate expressions for associations.
• To stop automatically deploying updated versions of SSM Agent to managed nodes in your account, choose Delete under Agent auto update on the Settings tab. This deletes the State Manager association that automatically updates SSM Agent on your managed nodes.

Related information

Automating updates to SSM Agent

Manually installing SSM Agent on EC2 instances for Windows Server

Configure SSM Agent to use a proxy for Windows Server instances

Setting up AWS Systems Manager

Working with SSM Agent on EC2 instances for Windows Server