SSM agent

Make sure the SSM agent is installed

Warning

This documentation if for Ohlala Operations for Amazon EC2 beta. This version is not suitable for production environments.

Ohlala Operations for Amazon EC2 relies on the AWS Systems Manager (SSM) Agent to manage Windows EC2 instances effectively. The SSM Agent enables Systems Manager to update, manage, and configure these resources.

Inclusion in AWS AMIs

The SSM Agent is preinstalled on several Amazon Machine Images (AMIs) provided by AWS. Notably, it is included in:

Windows Server 2012 R2: AMIs published in November 2016 or later.
Windows Server 2016, 2019, 2022, and 2025: All standard versions (excluding Nano versions).

For a comprehensive list of AMIs with the SSM Agent preinstalled, refer to the AWS documentation.

Network Prerequisites

To ensure proper communication between the SSM Agent and AWS Systems Manager, consider the following network requirements:

Outbound Internet Access: The SSM Agent requires outbound access to the internet to communicate with the Systems Manager service. If your instances do not have direct internet access, you can set up VPC endpoints to facilitate this communication.
Instance Metadata Service (IMDS): The SSM Agent utilizes the Instance Metadata Service. Ensure that your instances can access the IPv4 address 169.254.169.254. Both IMDSv1 and IMDSv2 are supported.
No Inbound Ports Required: The SSM Agent initiates all communication with the Systems Manager service; therefore, no inbound ports need to be opened in your instance’s security group for Systems Manager functionality.

For detailed technical information about the SSM Agent, including installation and configuration guidance, visit the AWS Systems Manager User Guide.

IAM Instance Profiles

Typically, managing EC2 instances with AWS Systems Manager requires attaching an IAM instance profile to each instance to grant necessary permissions. However, Ohlala Operations for Amazon EC2 simplifies this process by configuring the Default Host Management Configuration (DHMC) by default. This approach eliminates the need for manual instance profile assignment, ensuring that Systems Manager has the required permissions to manage all instances in your AWS account and region. For more information, refer to the AWS documentation on DHMC.

For detailed technical information about the SSM Agent, including installation and configuration guidance, visit the AWS Systems Manager User Guide.

Default Host Management Configuration (DHMC)

Please note that AWS Systems Manager DHMC requires SSM Agent version > 3.2.582.0. This is not mandatory but will ease configuration of your EC2 instances.

✨ Ohlala Operations - Automate Windows Server Management on AWS! ✨