In this section, we are going to install and configure an SSM agent on a new Linux instance, which we shall call as a Dev instance, and then verify it's working by streaming the agent's log files to Amazon CloudWatch Logs. So let's get busy!
First, we need to create and configure IAM Roles for our EC2 Systems Manager to process and execute commands over our EC2 instances. You can either use the Systems Manager's managed policies or alternatively create your own custom roles with specific permissions. For this part, we will be creating a custom role and policy.
To get started, we first create a custom IAM policy for Systems Manager managed instances:
- Log in to your AWS account and select the
IAMoption from the main dashboard, or alternatively, open the IAM console at https://console.aws.amazon.com/iam/.
- Next, from the navigation pane, select
Policies. This will bring up a list of existing policies currently provided...