Ensure that all Amazon EC2 instances are managed by AWS Systems Manager (SSM). Systems Manager simplifies AWS cloud resource management, shortens the time to detect and resolve operational problems, and makes it easy to operate and manage your instances securely at scale. For Amazon EC2 instances to be monitored and managed with AWS Systems Manager service, they must be configured as managed instances. In order for EC2 instances to be managed by the Systems Manager and be available in the list of managed instances, your instances have to meet 3 primary requirements:

1. The SSM Agent must be installed on an instance with a supported Operating System (OS).

2. An AWS Identity and Access Management (IAM) instance profile that supplies the required permissions for the instance to communicate with the Systems Manager service must be attached to the EC2 instance.

3. The SSM Agent must be able to connect to a Systems Manager endpoint in order to register itself with the service. Then, the instance must be available to the SSM service, which is confirmed by the service sending a signal every five minutes to check the instance's health.


AWS Systems Manager through Fleet Manager feature offers multiple benefits for managed Amazon EC2 instances. Some of these benefits are:

1. Perform a variety of common systems administration tasks without having to manually connect to your EC2 instances.

2. Manage EC2 instances running on multiple platforms from a single unified console.

3. Manage EC2 instances running different Operating Systems from a single unified console.

4. Improve the efficiency of your systems administration.


From a security standpoint, when you're not using Systems Manager (SSM) to manage your EC2 instance fleet, you have to manually patch each instance and this may cause a risk factor of missing patches in some of your instances, exposing system vulnerabilities which potential attackers could take advantage of. With Patch Manager, a feature of System Manager service, you can automate the process of patching Linux and Windows managed instances at scale. Systems Manager (SSM) also lets you collect software inventory and execute scripts without logging into your instances' system.

Default Value: 

SSM Agent is installed, by default.


This Implementation requires a managed instance, which is an EC2 instance or on-premises instance that has AWS Systems Manager Agent (also called SSM Agent) installed and has an IAM role with AmazonEC2RoleforSSM policy attached to it.


Test Plan :

1. Sign in to the AWS Management Console.

2. Navigate to EC2 console at

3. In the left navigation panel, under INSTANCES, choose Instances.

4. Select the running Amazon EC2 instance that you want to examine.

5. Select the Details tab from the console bottom panel.

6. In the left column, identify the Instance ID configuration attribute and copy its value.

7. Navigate to the Systems Manager console at

8. In the navigation panel, under Node Management, select Managed Instances to access your SSM managed instances. A managed instance is an Amazon EC2 instance that has been configured for Systems Manager.

9. On the Managed Instances page, click inside the search box, select Instance ID, choose Equal, paste the ID of the instance copied at step no. 6, and press Enter.

Using AWS CLI:

To know the description of the instance 

aws ssm describe-association
[--name <value>]
[--instance-id <value>]

Implementation Steps:

Step1. Sign into AWS Management Console.

Step2.Click on the Amazon Systems Manager console at 

Step3. In the navigation panel, under AWS Systems Manager, select Quick Setup.

Step4.  On the Quick Setup page, perform the following operations: 

  1. For Configuration types, select Host Management. This configuration type is used to set up IAM roles and enables commonly used Systems Manager capabilities to securely manage your EC2 instances.

  2.  For Configuration options, ensure that the following options are selected under Systems Manager. Quick Setup configures these components based on best practices:

    1. Update Systems Manager (SSM) Agent every two weeks.

    2. Collect inventory from your instances every 30 minutes.

    3.  Scan instances for missing patches daily.

  3. For Targets, perform the following actions:
    1. Choose Current Region for Choose between deploying to the current region or a custom set of regions.

        2. Select Manual for Choose how you want to target instances and choose the running Amazon EC2 instance(s)

4.  Choose to Create to deploy the new SSM configuration for the selected instance(s).

5.Once the SSM configuration is implemented, the target EC2 instance will be registered with AWS Systems Manager, and you will be able to manage them using Systems Manager.

  1. We can also change the AWS region from the navigation bar and repeat the process for other cloud regions as well.



Using AWS CLI:

  1. To describe the instance

aws ec2 describe-instances
  --region us-east-1
  --filters "Name=instance-state-name,Values=running"
  --output table
  --query 'Reservations[*].Instances[*].InstanceId'

aws ssm describe-instance-information
  --region us-east-1
  --instance-information-filter-list key=InstanceIds,valueSet=i-01234abcd1234abcd
  --query "InstanceInformationList"

Backout Plan:

if you want to change or Remove your instance id then Follow the below the steps

  1. Open the AWS Systems Manager console at

  2. In the navigation pane, choose Quick Setup 

  3. Choose the Configuration 

  4. Click on the host management which you want to deregister.

  5. Under System Manager Configuration, select Actions.

  6. Click on Delete Configuration.  

    CLI Commands

    To delete the instance from the quick setup

aws ssm delete-association \
    --instance-id "<value>" \
    --name "<value>"


  1.   What is AWS Systems Manager? - AWS Systems Manager 

  2.  Working with SSM Agent - AWS Systems Manager