Menu
Amazon Elastic Compute Cloud
User Guide for Windows Instances

Configuring a Windows Instance Using SSM Config

Amazon EC2 Systems Manager enables you to remotely manage the configuration of your Amazon EC2 instances, virtual machines (VMs), or servers in your on-premises environment or in an environment provided by other cloud providers using scripts, commands, or the Amazon EC2 console. Systems Manager includes a lightweight instance configuration solution called SSM Config and an on-demand solution called Amazon EC2 Run Command. For more information about Run Command, see Systems Manager Remote Management (Run Command) in the Amazon EC2 Systems Manager User Guide.

SSM Config helps you manage the configuration of your Windows instances while they're running. You create a Systems Manager document that specifies the actions the system should perform on your instances, including which applications to install, which AWS Directory Service directory to join, which Microsoft PowerShell modules to install, and so on. If an instance is missing one or more of these configurations, the system makes those changes. By default, the system checks every five minutes to see if there is a new configuration to apply. If so, the system updates the instances. In this way, you can remotely maintain a consistent configuration baseline on your instances. SSM Config is available using the AWS CLI or the AWS Tools for Windows PowerShell.

SSM Agent and EC2Config

Instances created from AMIs for Windows Server 2003 through Windows Server 2012 R2 that were published after November 2016 include the EC2Config service and SSM Agent.

Note

Windows managed instances (on-premises servers or VMs configured for Run Command) use the SSM agent to process Run Command requests, regardless of when they were registered. For more information, see Setting Up Systems Manager in Hybrid Environments in the Amazon EC2 Systems Manager User Guide.

If you have an earlier AMI and you attempt to use SSM features released after November 2016, the commands fail because these features must be processed by SSM Agent, not the EC2Config service. To avoid errors, upgrade EC2Config using Run Command. After upgrade, AMIs run the EC2Config service and SSM Agent. For more information, see Updating the EC2Config Service Using Systems Manager Run Command in the Amazon EC2 Systems Manager User Guide.

The following table describes how this change affects different components and configurations.

Item Details

EC2Config installer

If the latest EC2Config installer detects the legacy version of the EC2Config service, the installer installs the new version of the EC2Config service and SSM Agent.

SSM agent installer

If the latest version of SSM Agent installer detects the legacy version of the EC2Config service, the installation fails. You must run the latest version of the EC2Config installer to update the EC2Config service and install SSM Agent.

If the latest version of SSM Agent installer detects the new version of the EC2Config service, the installer installs the latest version of SSM Agent.

Execute the Run Command AWS-UpdateEC2Config document

When you execute this command, it runs the latest EC2Config installer, which installs the new version of the EC2Config service and SSM Agent.

Run Command AWS-UpdateSSMAgent document

When you execute this command, it runs the most recent SSM Agent installer. If Run Command detects the legacy EC2Config service, the command fails. If Run Command detects the new version of the EC2Config service, the command updates SSM Agent independently.

Amazon WorkSpaces environment

Amazon WorkSpaces AMIs are configured with the appropriate agent based on the date the AMI was created.

On this page: