Menu
AWS Systems Manager
User Guide

Configure SSM Agent to Use a Proxy

You can configure SSM Agent to communicate through an HTTP proxy by adding the http_proxy, https_proxy, and no_proxy settings to an amazon-ssm-agent.override configuration file. An override file also preserves the proxy settings if you install newer or older versions of SSM Agent. This section includes procedures for upstart and systemd environments.

Note

Instances created from an Amazon Linux AMI that are using a proxy must be running a current version of the Python requests module in order to support Patch Manager operations. For more information, see Upgrade the Python Requests Module on Amazon Linux Instances That Use a Proxy Server.

Configure SSM Agent to Use a Proxy (Upstart)

  1. Connect to the instance where you installed SSM Agent.

  2. Open a simple editor like VIM, and specify the following settings:

    env http_proxy=http://hostname:port env https_proxy=https://hostname:port env no_proxy=169.254.169.254

    Note

    You must add the no_proxy setting to the file and specify the IP address listed here. It is the instance metadata endpoint for Systems Manager. Without this IP address, calls to Systems Manager fail.

  3. Save the file as amazon-ssm-agent.override in the following location: /etc/init/

  4. Stop and restart SSM Agent using the following commands:

    sudo stop amazon-ssm-agent sudo start amazon-ssm-agent

Note

For more information about working with .override files in Upstart environments, see init: Upstart init daemon job configuration.

Configure SSM Agent to Use a Proxy (systemd)

  1. Connect to the instance where you installed SSM Agent.

  2. Execute the following command:

    systemctl edit amazon-ssm-agent
  3. Specify the following settings:

    [Service] Environment="http_proxy=http://hostname:port" Environment="https_proxy=https://hostname:port" Environment="no_proxy=169.254.169.254"

    Note

    You must add the no_proxy setting to the file and specify the IP address listed here. It is the instance metadata endpoint for Systems Manager. Without this IP address, calls to Systems Manager fail.

  4. Save your changes. The system creates an amazon-ssm-agent.override file in the amazon-ssm-agent.service.d folder.

  5. Restart SSM Agent using the following commands:

    sudo systemctl stop amazon-ssm-agent sudo systemctl daemon-reload

Note

For more information about working with .override files in systemd environments, see Modifying Existing Unit Files.