The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Automatically Update SSM Agent (CLI)

The following procedure walks you through the process of creating a State Manager association using the AWS Command Line Interface (AWS CLI). The association automatically updates the SSM Agent according to a schedule that you specify. For more information about the SSM Agent, see Working with SSM Agent.

Note

To be notified about SSM Agent updates, subscribe to the SSM Agent Release Notes page on GitHub.

Before You Begin

Before you complete the following procedure, verify that you have at least one running Amazon EC2 instance (Linux or Windows) that is configured for Systems Manager. For more information, see Systems Manager Prerequisites.

Note

If you create an association by using either the AWS CLI or AWS Tools for Windows PowerShell, use the --Targets parameter to target instances, as shown in the following example. Don't use the --InstanceID parameter. The --InstanceID parameter is a legacy parameter.

To create an association for automatically updating SSM Agent

Install and configure the AWS CLI, if you have not already.

For information, see Install or Upgrade the AWS CLI.
Run the following command to create an association by targeting instances using Amazon EC2 tags. The Schedule parameter sets a schedule to run the association every Sunday morning at 2:00 a.m. (UTC).
```
aws ssm create-association --targets Key=tag:TagKey,Values=TagValue --name AWS-UpdateSSMAgent --schedule-expression "cron(0 2 ? * SUN *)"
```
Note

State Manager associations do not support all cron and rate expressions. For more information about creating cron and rate expressions for associations, see Reference: Cron and Rate Expressions for Systems Manager.

If you want, you can also target multiple instances by specifying instances IDs in a comma-separated list.
```
aws ssm create-association --targets Key=instanceids,Values=InstanceID,InstanceID,InstanceID --name your document name --schedule-expression "cron(0 2 ? * SUN *)"
```
The system returns information like the following.
```
{
    "AssociationDescription": {
        "ScheduleExpression": "cron(0 2 ? * SUN *)",
        "Name": "AWS-UpdateSSMAgent",
        "Overview": {
            "Status": "Pending",
            "DetailedStatus": "Creating"
        },
        "AssociationId": "123..............",
        "DocumentVersion": "$DEFAULT",
        "LastUpdateAssociationDate": 1504034257.98,
        "Date": 1504034257.98,
        "AssociationVersion": "1",
        "Targets": [
            {
                "Values": [
                    "TagValue"
                ],
                "Key": "tag:TagKey"
            }
        ]
    }
}
```
The system attempts to create the association on the instance(s) and immediately apply the state. The association status shows Pending.
Run the following command to view an updated status of the association you just created.
```
aws ssm  list-associations
```
Note

If your instances are currently running the most recent version of the SSM Agent, the status shows Failed. This is expected behavior. When a new version of SSM Agent is published, the association automatically installs the new agent, and the status shows Success.

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

« Previous Next »