Configure SSM Agent to use a proxy (Linux)
You can configure SSM Agent to communicate through an HTTP proxy by creating an
override configuration file and adding http_proxy, https_proxy, and no_proxy
settings to the file. An override file also preserves the proxy settings if you
install newer or older versions of SSM Agent. This section includes procedures
for
creating an override file in both upstart and
systemd environments.
Instances created from an Amazon Linux AMI that are using a proxy must be running a current
version of the Python
requests module in order to support Patch Manager operations. For more
information, see Upgrade the
Python requests module on Amazon Linux instances that use a proxy server.
Topics
Configure SSM Agent to use a proxy (upstart)
Use the following procedure to create an override configuration file for an
upstart environment.
To configure SSM Agent to use a proxy (upstart)
-
Connect to the instance where you installed SSM Agent.
-
Open a simple editor like VIM, and depending on whether you're using an HTTP proxy server or HTTPS proxy server, add one of the following configurations.
For an HTTP proxy server:
env http_proxy=http://hostname:portenv https_proxy=http://hostname:portenv no_proxy=169.254.169.254For an HTTPS proxy server:
env http_proxy=http://hostname:portenv https_proxy=https://hostname:portenv no_proxy=169.254.169.254Note You must add the
no_proxysetting to the file and specify the IP address listed here. It is the instance metadata endpoint for Systems Manager. Without this IP address, calls to Systems Manager fail. -
Save the file with the name
amazon-ssm-agent.overridein the following location:/etc/init/ -
Stop and restart SSM Agent using the following commands:
sudo stop amazon-ssm-agent sudo start amazon-ssm-agent
For more information about working with .override
files in Upstart environments, see init: Upstart
init daemon job configuration
Configure SSM Agent to use a proxy (systemd)
Use the following procedure to configure SSM Agent to use a proxy in a
systemd environment.
Some of the steps in this procedure contain explicit instructions for Ubuntu Server instances where SSM Agent was installed using Snap.
-
Connect to the instance where you installed SSM Agent.
-
Run one of the follow commands, depending on the operating system type.
-
On Ubuntu Server instances where SSM Agent is installed by using a snap:
sudo systemctl edit snap.amazon-ssm-agent.amazon-ssm-agentOn other operating systems:
sudo systemctl edit amazon-ssm-agent
-
-
Open a simple editor like VIM, and depending on whether you're using an HTTP proxy server or HTTPS proxy server, add one of the following configurations.
For an HTTP proxy server:
[Service] Environment="http_proxy=http://hostname:port" Environment="https_proxy=http://hostname:port" Environment="no_proxy=169.254.169.254"For an HTTPS proxy server:
[Service] Environment="http_proxy=http://hostname:port" Environment="https_proxy=https://hostname:port" Environment="no_proxy=169.254.169.254"Note You must add the
no_proxysetting to the file and specify the IP address listed here. It is the instance metadata endpoint for Systems Manager. Without this IP address, calls to Systems Manager fail. -
Save your changes. The system automatically creates one of the following files, depending on the operating system type.
-
On Ubuntu Server instances where SSM Agent is installed by using a snap:
/etc/systemd/system/snap.amazon-ssm-agent.amazon-ssm-agent.service.d/override.conf -
On Amazon Linux 2 instances:
/etc/systemd/system/amazon-ssm-agent.service.d/override.conf -
On other operating systems:
/etc/systemd/system/amazon-ssm-agent.service.d/amazon-ssm-agent.override
-
-
Restart SSM Agent by using one of the following commands, depending on the operating system type.
-
On Ubuntu Server instances installed by using a snap:
sudo systemctl daemon-reload && sudo systemctl restart snap.amazon-ssm-agent.amazon-ssm-agent -
On other operating systems:
sudo systemctl daemon-reload && sudo systemctl restart amazon-ssm-agent
-
For more information about working with .override
files in systemd environments, see Modifying Existing Unit Files
