Introduction.
Managing cloud infrastructure can get complex quickly, especially when you’re working with multiple EC2 instances, scattered configurations, and tight security requirements. That’s where AWS Systems Manager (SSM) steps in as a powerful, centralized solution for operating and automating tasks across your AWS environment. With SSM, you no longer need to rely on traditional SSH access or manually log into each instance. Instead, you can execute commands, patch operating systems, automate workflows, and monitor compliance—all from the comfort of the AWS Management Console. This capability not only simplifies your operational overhead but also aligns with modern security best practices by reducing open ports and eliminating the need for key-based access. Whether you’re a DevOps engineer, system administrator, or AWS enthusiast, learning how to set up Systems Manager can be a game changer for managing infrastructure at scale.
In this guide, we’ll walk through the complete process of setting up AWS Systems Manager from scratch. We’ll cover the basics of what SSM is, what it can do, and how to configure it step-by-step so that you can start using it in your environment today. You’ll learn how to assign the right IAM roles, ensure your EC2 instances are properly connected, install or verify the SSM Agent, and test your setup using Session Manager. We’ll also touch on optional but powerful features like setting up VPC endpoints for private access and using Automation Documents to streamline tasks. The best part? Once your instances are configured, you can run commands across your fleet, manage patches, enforce configuration compliance, and securely access your systems without opening up a single SSH port. Whether you’re managing five servers or five hundred, AWS Systems Manager scales with you, offering a consistent and reliable way to operate cloud resources.
By the end of this blog, you’ll not only have a working Systems Manager setup but also a deeper understanding of how to leverage its full potential. You’ll be ready to manage instances more securely, automate repetitive tasks, and gain better visibility into your infrastructure’s health and compliance. So if you’re tired of logging into individual servers and juggling SSH keys, it’s time to embrace a more modern, secure, and automated approach. Let’s dive into the setup process and unlock the full capabilities of AWS Systems Manager.
1. Set Up IAM Role for EC2
You need an IAM role that allows EC2 to communicate with Systems Manager.
Steps:
- Go to the IAM Console.
- Create a new Role:
- Trusted entity: AWS service → EC2
- Attach the following managed policies:
AmazonSSMManagedInstanceCore
- Name the role something like
EC2SSMRole. - Launch a new EC2 instance and attach this IAM role, or attach it to an existing one.
2. Ensure SSM Agent is Installed
The SSM Agent is required on your EC2 instance.
- Amazon Linux 2 / Ubuntu / Windows: SSM Agent is pre-installed on most modern AMIs.
- To verify or install manually:
- Amazon Linux:
sudo yum install -y amazon-ssm-agent
sudo systemctl enable amazon-ssm-agent
sudo systemctl start amazon-ssm-agent
Ubuntu:
sudo snap install amazon-ssm-agent --classic
sudo systemctl enable amazon-ssm-agent
sudo systemctl start amazon-ssm-agent
3. Verify Instance Appears in Systems Manager
- Go to AWS Console > Systems Manager > Fleet Manager > Managed Instances.
- Your instance should show up as “Managed” and “Online.”
4. Use Session Manager to Connect
You can now connect to your instance via the AWS Console (no SSH keys needed!):
- Go to Systems Manager > Session Manager.
- Click Start Session.
- Choose your instance and click Start session.
5. (Optional) Configure VPC Endpoints for Private Access
If your EC2 is in a private subnet (no internet), set up VPC endpoints for Systems Manager:
Go to VPC > Endpoints and create endpoints for:
com.amazonaws.<region>.ssmcom.amazonaws.<region>.ec2messagescom.amazonaws.<region>.ssmmessages
Conclusion.
Setting up AWS Systems Manager is a smart move for anyone looking to improve the way they manage and maintain their EC2 instances and cloud infrastructure. With its robust suite of tools—like Session Manager, Run Command, Patch Manager, and Automation—SSM not only simplifies day-to-day operations but also enhances security by eliminating the need for SSH and exposed ports. Once you’ve got it configured correctly, Systems Manager becomes your central control plane, enabling you to automate tasks, monitor system health, enforce compliance, and streamline management workflows across your entire AWS environment.
Whether you’re just starting out with AWS or looking to level up your cloud management game, taking the time to set up SSM properly is absolutely worth it. It’s scalable, secure, and surprisingly easy to integrate into your workflow once you get the hang of it. Now that you’ve seen how to configure the core components—from IAM roles to verifying the SSM agent and using Session Manager—you’re well on your way to managing your infrastructure more efficiently and with greater confidence.
If you haven’t already, start experimenting with some of the advanced features AWS Systems Manager offers. Dive into automation runbooks, set up patch baselines, and explore inventory and compliance tracking. The more you explore, the more you’ll realize how powerful and flexible this service can be. Thanks for reading, and happy managing!
