Configure SSM Agent to use a proxy
You can configure SSM Agent to communicate through an HTTP proxy by adding the
http_proxy, https_proxy,
and no_proxy settings to an
amazon-ssm-agent.override configuration file. An override
file also preserves the proxy settings if you install newer or older versions
of
SSM Agent. This section includes procedures for upstart and
systemd environments.
Instances created from an Amazon Linux AMI that are using a proxy must be running
a current
version of the Python
requests module in order to support Patch Manager operations. For more
information, see Upgrade the
Python requests module on Amazon Linux instances that
use a proxy server.
Topics
Configure SSM Agent to use a proxy (upstart)
-
Connect to the instance where you installed SSM Agent.
-
Open a simple editor like VIM, and depending on whether you're using an HTTP proxy server or HTTPS proxy server, specify one of the following setting options.
HTTP proxy server:
env http_proxy=http://hostname:portenv https_proxy=http://hostname:portenv no_proxy=169.254.169.254HTTPS proxy server:
env http_proxy=http://hostname:portenv https_proxy=https://hostname:portenv no_proxy=169.254.169.254Note You must add the
no_proxysetting to the file and specify the IP address listed here. It is the instance metadata endpoint for Systems Manager. Without this IP address, calls to Systems Manager fail. -
Save the file as
amazon-ssm-agent.overridein the following location:/etc/init/ -
Stop and restart SSM Agent using the following commands:
sudo stop amazon-ssm-agent sudo start amazon-ssm-agent
For more information about working with .override
files in Upstart environments, see init: Upstart
init daemon job configuration
Configure SSM Agent to use a proxy (systemd)
The steps in the following procedure describe how to configure SSM Agent to use a proxy in systemd environments. Some of the steps in this procedure contain explicit instructions for Ubuntu Server instances installed by using Snap.
-
Connect to the instance where you installed SSM Agent.
-
Run the following command:
systemctl edit amazon-ssm-agentFor Ubuntu Server instances installed by using a snap, run the following command:
systemctl edit snap.amazon-ssm-agent.amazon-ssm-agent -
Open a simple editor like VIM, and depending on whether you're using an HTTP proxy server or HTTPS proxy server, specify one of the following setting options.
HTTP proxy server:
[Service] Environment="http_proxy=http://hostname:port" Environment="http_proxy=http://hostname:port" Environment="no_proxy=169.254.169.254"HTTPS proxy server:
[Service] Environment="http_proxy=http://hostname:port" Environment="https_proxy=https://hostname:port" Environment="no_proxy=169.254.169.254"Note You must add the
no_proxysetting to the file and specify the IP address listed here. It is the instance metadata endpoint for Systems Manager. Without this IP address, calls to Systems Manager fail. -
Save your changes. The system creates a file named
amazon-ssm-agent.override(oroverride.confon Amazon Linux 2) instances in theetc/systemd/system/amazon-ssm-agent.service.dfolder. -
Restart SSM Agent by using the following commands:
sudo systemctl stop amazon-ssm-agent sudo systemctl daemon-reloadFor Ubuntu Server instances installed by using a snap, restart SSM Agent by using the following command:
systemctl start snap.amazon-ssm-agent.amazon-ssm-agent
For more information about working with .override files in systemd
environments, see Modifying Existing Unit Files
