How do I install AWS Systems Manager Agent (SSM Agent) on an Amazon EC2 Windows instance at launch?

Last updated: 2022-02-23

How do I install AWS Systems Manager Agent (SSM Agent) on an Amazon Elastic Compute Cloud (Amazon EC2) Windows instance at launch?

Short description

By default, SSM Agent is installed on Windows Server 2008-2012 R2 AMIs published in November 2016 or later. SSM Agent is also installed, by default, on Windows Server 2016 and 2019 AMIs.

You must manually install SSM Agent on Amazon EC2 instances created from other versions of Windows AMIs, including images imported to AWS. You can install SSM Agent by adding user data to an Amazon EC2 Windows instance before the launch.

Important: As of January 14, 2020, Windows Server 2008 is no longer supported for feature or security updates from Microsoft. Legacy AMIs for Windows Server 2008 and 2008 R2 still include version 2 of SSM Agent preinstalled. AWS Systems Manager no longer officially supports 2008 versions, and no longer updates the agent for these versions of Windows Server. SSM Agent version 3.0 might not be compatible with all operations on Windows Server 2008 and 2008 R2. The final officially supported version of SSM Agent for Windows Server 2008 versions is 2.3.1644.0.

Before installing SSM Agent, review the following information:

Resolution

1.    Create an AWS Identity and Access Management (IAM) instance profile to use with SSM Agent.

2.    Follow steps 1 through 5 at Launch an instance using the launch instance wizard.

3.    On the Configure Instance Details page, in the IAM role dropdown list, select the instance profile you created in step 1.

4.    On the Configure Instance Details page, expand Advanced Details.

5.    For User data, choose As text. In the User data box, enter the following information.

<powershell>
$dir = $env:TEMP + "\ssm"
New-Item -ItemType directory -Path $dir -Force
cd $dir
(New-Object System.Net.WebClient).DownloadFile("https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe", $dir + "\AmazonSSMAgentSetup.exe")
Start-Process .\AmazonSSMAgentSetup.exe -ArgumentList @("/q", "/log", "install.log") -Wait
</powershell>

For more information, see User data and the console.

6.    Finish adding other parameters, such as storage, tags, and security groups.

7.    Launch your instance.

For Linux, see How do I install AWS Systems Manager Agent (SSM Agent) on an Amazon EC2 Linux instance at launch?