On-premise机器设置SSM

AWS Systems Manager除了管理EC2外,还可以管理on-premise机器、其他云上的机器。和上一节EC2使用role不一样,on-premise的机器需要使用激活码注册到Systems Manager

创建on-premise机器

启动一台RedHat机器模拟on-premise

image-20221019082350618

操作系统选择RedHat。选择keypair,其他选项保持默认,然后创建机器:

image-20221019082412295

创建Hybrid activation

这一步是为了生成激活码,让on-premise机器能够注册到SSM

进入SSM的Hybrid Activations页面,创建一个Activation:

image-20221019143827901

一个Activation默认可以支持最多1000台实例注册,这里limit设置为10台:

image-20221019144848522

其他选项保持默认,点击创建。创建完成后,记下来activation code和ID:

image-20221019144942892

注册机器

登录到RedHat,在上面执行:

#!/bin/bash

mkdir /tmp/ssm
curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/linux_amd64/amazon-ssm-agent.rpm -o /tmp/ssm/amazon-ssm-agent.rpm
sudo yum install -y /tmp/ssm/amazon-ssm-agent.rpm
sudo systemctl stop amazon-ssm-agent
# edit the code, id and region in the command below
sudo amazon-ssm-agent -register -code "activation-code" -id "activation-id" -region "region"
sudo systemctl start amazon-ssm-agent

activation-codeactivation-id进行替换,这样on-premise机器就会注册到SSM:

image-20221019145212795

Hybrid Activations界面,可以看到注册机器数量为1:

image-20221019145252101

Fleet Manager页面,查看到新注册的机器:

image-20221019145823874