Hello! We are a writer team from Definer Inc. In this issue, you are wondering how to perform Amazon EC2 maintenance with Systems Manager with ease. Let's take a look at the actual screens and resources to explain in detail.  

In this article, we will use the Systems Manager technology to achieve the goal of making EC2 maintenance easier. This section provides a collection of information and practices that can be helpful when you want to perform EC2 maintenance effortlessly with Systems Manager in IT.

We will immediately apply the patch to EC2 using AWS Systems Manager. First, let's start with some preliminary work so that we can manage EC2 via SSM.   ① Attach an IAM role with SSM privileges to the EC2. Attach a managed policy named "AmazonSSMManagedInstanceCore" to the IAM role of EC2. Alternatively, you can directly describe the policy with the following JSON.   ② Confirm that the EC2 is displayed in the SSM console. If it does not appear, try restarting EC2 or SSM agent. Amazon linux 2 and Ubuntu images on AWS include SSM agent by default. Also, the EC2 must be able to go out to the Internet. If a global IP is not available, consider using a VPC endpoint or Nat Gateway.   Example policy to enable SSM

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ssm:DescribeAssociation",
                "ssm:GetDeployablePatchSnapshotForInstance",
                "ssm:GetDocument",
                "ssm:DescribeDocument",
                "ssm:GetManifest",
                "ssm:GetParameter",
                "ssm:GetParameters",
                "ssm:ListAssociations",
                "ssm:ListInstanceAssociations",
                "ssm:PutInventory",
                "ssm:PutComplianceItems",
                "ssm:PutConfigurePackageResult",
                "ssm:UpdateAssociationStatus",
                "ssm:UpdateInstanceAssociationStatus",
                "ssm:UpdateInstanceInformation"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ssmmessages:CreateControlChannel",
                "ssmmessages:CreateDataChannel",
                "ssmmessages:OpenControlChannel",
                "ssmmessages:OpenDataChannel"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "ec2messages:AcknowledgeMessage",
                "ec2messages:DeleteMessage",
                "ec2messages:FailMessage",
                "ec2messages:GetEndpoint",
                "ec2messages:GetMessages",
                "ec2messages:SendReply"
            ],
            "Resource": "*"
        }
    ]
}                

## SSM agent restart command
sudo systemctl restart amazon-ssm-agent                  

Next, we will proceed with the main task of setting up Maintenance Windows.   ① Creation of Maintenance Window Systems Manager" → "Maintenance Window" → "Create Set the date and time using cron, and click "Create.   ② Select the target EC2 instance In the maintenance window, click [Details] → [Target] → [Register Target]. In this window, select the EC2 to which the patch will be applied.   ③ Setting the task In the maintenance window, select [Detail] > [Task] > [Register Task]. This time, select "AWS-RunShellScript. Enter the command you wish to execute in the input field. This time, we used the following command.

## Execution command example

## ubuntu
sudo apt update -y
sudo apt upgrade -y

## Amazon Linux 2
sudo yum update -y
sudo yum upgrade -y                

Check the results of the command execution and you will see that the command was successfully executed.

The patch was successfully applied!

Cycle Maintenance Series 1 Road Bike Troubleshooting Cycle Maintenance Series 2MTB/Crossbike Troubleshooting ... AWS Cloud Case Studies | AWS AWS operation should be made easier by thoroughly utilizing the console | AWS Operation ... AWS Certification schedule an exam AWS Certification schedule an exam

・PrismScaler is a web service that enables the construction of multi-cloud infrastructures such as AWS, Azure, and GCP in just three steps, without requiring development and operation. ・PrismScaler is a web service that enables multi-cloud infrastructure construction such as AWS, Azure, GCP, etc. in just 3 steps without development and operation. ・The solution is designed for a wide range of usage scenarios such as cloud infrastructure construction/cloud migration, cloud maintenance and operation, and cost optimization, and can easily realize more than several hundred high-quality general-purpose cloud infrastructures by appropriately combining IaaS and PaaS.  

This article provides useful introductory information free of charge. For consultation and inquiries, please contact "Definer Inc".

・Definer Inc. provides one-stop solutions from upstream to downstream of IT. ・We are committed to providing integrated support for advanced IT technologies such as AI and cloud IT infrastructure, from consulting to requirement definition/design development/implementation, and maintenance and operation. ・We are committed to providing integrated support for advanced IT technologies such as AI and cloud IT infrastructure, from consulting to requirement definition, design development, implementation, maintenance, and operation. ・PrismScaler is a high-quality, rapid, "auto-configuration," "auto-monitoring," "problem detection," and "configuration visualization" for multi-cloud/IT infrastructure such as AWS, Azure, and GCP.