Is there a bootstrap script to install Amazon SSM Agent into EC2 Windows instance upon launch?

Question

I was tasked to spin up Windows 2019 servers (as per AWS documentation, this has SSM agent preinstalled) and disable port 3389 for RDP because the only access they want is via Amazon Systems Manager Session Manager.

I have attached the AmazonSSMManagedInstanceCore role which gives Session Manager permissions to access this server programmatically, but I still have issues accessing this server via Session Manager. Possible errors are:

1. The agent is not installed,
2. The required IAM role is not attached etc. But I have done all this and am still unable to access this server.

So I want to be able to edit the UserData with a bootstrapping script that installs SSM agent and see if that fixes the issue.

My guess is maybe someone tampered with the server and deleted the SSM agent file.

Answer 1

This doesn't answer the question about a bootstrap script, as I am still researching on that

But I solved the issue I had with AWS Systems Manager Session Manager.

1. The SSM Agent was still installed in the servers.
2. Upon creating my VPC, I had created a private subnet and a VPC endpoint which Session Manager will use to talk to resources in that subnet, but I later on deleted the private subnet, since they (my company) wanted all servers in a public subnet.
3. Due to the VPC endpoints created, Session Manager wasn't able to locate the servers I was trying to connect to via Session Manager.
4. SOLUTION: After deleting the VPC endpoints, Session Manager now connects to all those servers with ease... Yay!!!

FYI: I still would love a bootstrap script that will install SSM Agent to Amazon EC2 Windows Servers upon launch.