This article provides guidance to the user on how to install AWS SSM agent on a CentOS 8 & CentOS 7 EC2 Linux instances.

SSM stands for Systems Manager. It is a management service used to manage servers on AWS. Specific Use cases for System Manager are:

Suppose a user wants to configure several servers/ec2 instances with the same configuration. Instead of doing so on each instance at a time, the user can use system manager to run commands concurrently on all the servers at once.

It is also an excellent tool to automate tasks you want to do on your ec2 instances. For example, updating the operating system versions or ensuring your ec2 instances are compliant to some governance policies.

Systems Manager also allows users to connect to instances without the need of using ssh or having KeyPairs. This is good for security because now we don’t have to open up port 22 for ssh access.

SSM Agent on CentOS 8 | CentOS 7 Installation Prerequisites

The setup requirements are:

  • An AWS Account.
  • A user with permissions to create resources on AWS.
  • An IDE to write and edit your CloudFormation Template.

Step 1: Create EC2 Instance, Profile, and Role

Instead of creating the individual resources manually, I used a single CloudFormation template. The Template will create;

  • An SSM Role.
  • EC2 Instance Profile that will use the role created above.
  • The EC2 Instance Security Group
  • And finally, the EC2 Instance with SSM agent Installed.

This is my CloudFormation template:

AWSTemplateFormatVersion: "2010-09-09"
Description: "Template to create Centos ec2 instance and install SSM on it"
        Type: String
        Description: The vpc to launch the service
        Default: vpc-ID

        Type: String
        Description: The subnet where to launch the ec2
        Default: subnet-ID

        Type: 'AWS::IAM::Role'
          Description: The SSM Instance Profile
          RoleName: AWSEC2SSMtest
            Version: 2012-10-17
              - Effect: Allow
                  - 'sts:AssumeRole'
            - arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM
            - arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore
              Key: "Project"
              Value: "test-blog"
              Key: "Environment"
              Value: "test"
              Key: "createdBy"
              Value: "Maureen Barasa"
              Key: "Name"
              Value: "AWSEC2SSMtest"

        Type: AWS::IAM::InstanceProfile
            InstanceProfileName: AWSEC2SSMtest
             - !Ref IAMInstanceRole
        Type: "AWS::EC2::Instance"
            ImageId: "ami-ID"
            InstanceType: "t2.micro"
            KeyName: "test-key"
            AvailabilityZone: !Sub "${AWS::Region}a"
            Tenancy: "default"
            DisableApiTermination: true
            SubnetId: !Ref PublicSubnet1
            EbsOptimized: false
              - !Ref CentosSecurityGroup
            SourceDestCheck: true
                DeviceName: "/dev/xvda"
                    Encrypted: false
                    VolumeSize: 20
                    VolumeType: "gp2"
                    DeleteOnTermination: true
                    !Sub |
                       cd /tmp
                       sudo yum install -y
                       sudo systemctl enable amazon-ssm-agent
                       sudo systemctl start amazon-ssm-agent
            IamInstanceProfile: !Ref IAMInstanceProfile
                Key: "Project"
                Value: "test-blog"
                Key: "Environment"
                Value: "test"
                Key: "createdBy"
                Value: "Maureen Barasa"
                Key: "Name"
                Value: "Test-Centos"
        Type: "AWS::EC2::SecurityGroup"
            GroupDescription: "Security Group to control access to the test Centos server"
            GroupName: "Test-Centos-SG"
            VpcId: !Ref VPC
                FromPort: 22
                IpProtocol: "tcp"
                ToPort: 22
                FromPort: 443
                IpProtocol: "tcp"
                ToPort: 443                    
    Description: The created studio server
    Value: !Ref CentosServer
    Description: The server sg
    Value: !Ref CentosSecurityGroup   

The Parameter Section allows the user to input their own values. For our case The user should replace the VPC and subnet ID’s with their own ID’s from their AWS account.

In the resources section, The template first creates an instance role. The instance role has a trust policy that allows an ec2 instance to assume the role. Also, the role will have two policies attached to it. The AmazonEC2RoleforSSM and AmazonSSMManagedInstanceCore. The user can customize the role name and tags to their choices.

Next, the template will create an instance profile and attach the role created above to it. Here again, the user can customize the name of the role. N/B: The instance profile and role name should be the same. Otherwise, the ec2 instance will not see your role.

Finally, the template will create the ec2 instance security group and the ec2 instance. The SSM agent is installed using the user-data property of the resource. The user can customize the names and tags to suitable options for them. Also, ensure that you replace the AMI-ID with a Centos AMI associated with your AWS account.

Step 2: Execute the CloudFormation Template

One can deploy the Template using either a CodePipeline or Deploy it manually on the CloudFormation console. For this tutorial, we will use the CloudFormation Console.

On the CloudFormation Console, click on create stack.

Create Stack 1
Create Stack

Then, select create stack with new template and resources.

Create Stack with New Resources 1
Create Stack with New Resources

Next choose your template. For, our case we will upload the template we have created.

Upload CF Template 1
Upload Our Template

On the tab that opens, you will be required to give the name of your stack and input the template parameters. Enter the details of your customized values and click next.

Create TesT Centos
Input Template Parameters and Stack Name

The next tab allows the user to add tags for their stack. It also gives a user the option to configure policies and notifications for their stack. When done click next. It will provide you with a review tab where the user can have an overall view of all the configurations they made. If the user is ok with what is displayed they can then click create stack. CloudFormation will then start creating your resources for you.

Manual SSM Agent Installation

If you prefer manual installation of SSM agent after creation of the Role with CloudFormation and attachment to EC2 instance, run the commands below in your VM console.

sudo yum install -y
sudo systemctl enable amazon-ssm-agent
sudo systemctl start amazon-ssm-agent

Watch out for my next tutorial where I will explain how to use CodePipeline to deploy CloudFormation Templates.

Below are some good WS Learning materials.


Amazon Web Services in Action

 in stock
26 new from $35.00
20 used from $31.34
Free shipping
as of July 16, 2021 10:22 am

AWS: The Most Complete Guide to Amazon Web Services from Beginner to Advanced Level

$16.99  in stock
3 new from $16.35
3 used from $18.49
Free shipping
as of July 16, 2021 10:22 am

AWS Certified Solutions Architect Study Guide: Associate SAA-C01 Exam

 in stock
24 new from $13.00
40 used from $7.33
Free shipping
as of July 16, 2021 10:22 am

Video courses:

Happy Building!!

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.


Please enter your comment!
Please enter your name here