Install SSM agent on my EC2 instances in order to install Inspector agent without SSH or key pairs

Question

I have an AWS environment with a few instances that has no SSM agent preinstalled and no keypairs, is there a way to install the SSM agent without logging to my instance with SSH?.

Thanks in advance for your help!.

Answer 1

Q: Is there a way to install the SSM agent without logging to my instance with SSH?
A: Yes, you can use Amazon EC2 Instance Connect.

Amazon EC2 Instance Connect provides a simple and secure way to connect to your instances using Secure Shell (SSH). With EC2 Instance Connect, you use AWS Identity and Access Management (IAM) policies and principles to control SSH access to your instances, removing the need to share and manage SSH keys.

(*) Amazon Linux 2 2.0.20190618 or later and Ubuntu 20.04 or later comes preconfigured with EC2 Instance Connect. For other supported Linux distributions, you must set up Instance Connect for every instance that will support using Instance Connect. This is a one-time requirement for each instance.

Links:
Set up EC2 Instance Connect
Connect using EC2 Instance Connect
Securing your bastion hosts with Amazon EC2 Instance Connect

(!) I worked with this python repo - you can just run from the repo’s bin directory:

./mssh <instance-ID> 

And you're connected.

Answer 2

Nope. This is a tricky one. The SSM agent must be installed manually when it is not present in the AMI. That simply means that an administrator must run the SSM install commands on the EC2 instance as root. Or Admin when the EC2 instance runs Windows.

Two references: Installing and Configuring SSM Agent on Amazon EC2 Linux Instances

Manually Install SSM Agent on Amazon EC2 Linux Instances

Once you install the agent, managing the EC2 instance is beautiful. No key-pair needed, simply execute commands with AWS System Manager Run Command.

Think fast!