Configuring SSM Agent to use a proxy (Linux) - AWS Systems Manager
Configure SSM Agent to use a proxy (upstart)Configure SSM Agent to use a proxy (systemd)

Configuring SSM Agent to use a proxy (Linux)

You can configure AWS Systems Manager Agent (SSM Agent) to communicate through an HTTP proxy by creating an override configuration file and adding http_proxy, https_proxy, and no_proxy settings to the file. An override file also preserves the proxy settings if you install newer or older versions of SSM Agent. This section includes procedures for creating an override file in both upstart and systemd environments.

Note

Managed nodes created from an Amazon Linux AMI that use a proxy must run a current version of the Python requests module to support Patch Manager operations. For more information, see Upgrading the Python requests module on Amazon Linux instances that use a proxy server.

Topics

Configure SSM Agent to use a proxy (upstart)

Use the following procedure to create an override configuration file for an upstart environment.

To configure SSM Agent to use a proxy (upstart)

  1. Connect to the managed instance where you installed SSM Agent.

  2. Open a simple editor like VIM, and depending on whether you're using an HTTP proxy server or HTTPS proxy server, add one of the following configurations.

    For an HTTP proxy server:

    env http_proxy=http://hostname:port
env https_proxy=http://hostname:port
env no_proxy=169.254.169.254

    For an HTTPS proxy server:

    env http_proxy=http://hostname:port
env https_proxy=https://hostname:port
env no_proxy=169.254.169.254
    Note

    Add the no_proxy setting to the file and specify the IP address listed here. It's the instance metadata endpoint for Systems Manager. Without this IP address, calls to Systems Manager fail.

  3. Save the file with the name amazon-ssm-agent.override in the following location: /etc/init/

  4. Stop and restart SSM Agent using the following commands.

    sudo stop amazon-ssm-agent
sudo start amazon-ssm-agent
Note

For more information about working with .override files in Upstart environments, see init: Upstart init daemon job configuration.

Configure SSM Agent to use a proxy (systemd)

Use the following procedure to configure SSM Agent to use a proxy in a systemd environment.

Note

Some of the steps in this procedure contain explicit instructions for Ubuntu Server instances where SSM Agent was installed using Snap.

  1. Connect to the instance where you installed SSM Agent.

  2. Run one of the follow commands, depending on the operating system type.

    • On Ubuntu Server instances where SSM Agent is installed by using a snap:

      sudo systemctl edit snap.amazon-ssm-agent.amazon-ssm-agent

      On other operating systems:

      sudo systemctl edit amazon-ssm-agent

  3. Open a simple editor like VIM, and depending on whether you're using an HTTP proxy server or HTTPS proxy server, add one of the following configurations.

    For an HTTP proxy server:

    [Service]
Environment="http_proxy=http://hostname:port"
Environment="https_proxy=http://hostname:port"
Environment="no_proxy=169.254.169.254"

    For an HTTPS proxy server:

    [Service]
Environment="http_proxy=http://hostname:port"
Environment="https_proxy=https://hostname:port"
Environment="no_proxy=169.254.169.254"
    Note

    Add the no_proxy setting to the file and specify the IP address listed here. It's the instance metadata endpoint for Systems Manager. Without this IP address, calls to Systems Manager fail.

  4. Save your changes. The system automatically creates one of the following files, depending on the operating system type.

    • On Ubuntu Server instances where SSM Agent is installed by using a snap:

      /etc/systemd/system/snap.amazon-ssm-agent.amazon-ssm-agent.service.d/override.conf

    • On Amazon Linux 2 instances:

      /etc/systemd/system/amazon-ssm-agent.service.d/override.conf

    • On other operating systems:

      /etc/systemd/system/amazon-ssm-agent.service.d/amazon-ssm-agent.override

  5. Restart SSM Agent by using one of the following commands, depending on the operating system type.

    • On Ubuntu Server instances installed by using a snap:

      sudo systemctl daemon-reload && sudo systemctl restart snap.amazon-ssm-agent.amazon-ssm-agent

    • On other operating systems:

      sudo systemctl daemon-reload && sudo systemctl restart amazon-ssm-agent
Note

For more information about working with .override files in systemd environments, see Modifying Existing Unit Files in the Red Hat Enterprise Linux 7 System Administrator's Guide.