Menu
AWS Systems Manager
User Guide

Systems Manager Prerequisites

Systems Manager includes the following prerequisites.

Requirement Description

Supported Operating System (Windows)

Instances must run a supported version of Windows Server: Windows Server 2003 through Windows Server 2016, including R2 versions.

Note

The Patch Manager capability does not support all these versions of the Windows Server operating system. For information, see Operating Systems Supported by Patch Manager.

Supported Operating System (Linux)

Instances must run a supported version of Linux.

Note

The Patch Manager capability does not currently support all the following Linux operating systems. For information, see Operating Systems Supported by Patch Manager.

64-Bit and 32-Bit Systems

  • Amazon Linux base AMIs 2014.09, 2014.03 or later

  • Ubuntu Server 18.04 LTS, 16.04 LTS, 14.04 LTS, or 12.04 LTS

  • Red Hat Enterprise Linux (RHEL) 6.5

  • CentOS 6.3 or later

32-Bit Systems Only

  • Raspbian Jessie

  • Raspbian Stretch

64-Bit Systems Only

  • Amazon Linux 2015.09, 2015.03 or later

  • Amazon Linux 2

  • Red Hat Enterprise Linux (RHEL) 7.4

  • CentOS 7.1 or later

  • SUSE Linux Enterprise Server (SLES) 12 or higher

Supported Regions

Systems Manager is available in these regions.

For servers and VMs in your hybrid environment, we recommend that you choose the region closest to your data center or computing environment.

Access to Systems Manager

Systems Manager requires an IAM role for instances that will process commands and a separate role for users executing commands. Both roles require permission policies that enable them to communicate with the Systems Manager API. You can choose to use Systems Manager managed policies or you can create your own roles and specify permissions. For more information, see Configuring Access to Systems Manager.

If you are configuring on-premises servers or VMs that you want to configure using Systems Manager, you must also configure an IAM service role. For more information, see Create an IAM Service Role for a Hybrid Environment.

SSM Agent (EC2 Windows instances)

SSM Agent processes Systems Manager requests and configures your machine as specified in the request. SSM Agent is installed by default on Windows Server 2016 instances and instances created from Windows Server 2003-2012 R2 AMIs published in November 2016 or later.

Windows AMIs published before November 2016 use the EC2Config service to process requests and configure instances.

Unless you have a specific reason for using the EC2Config service or an earlier version of SSM Agent to process Systems Manager requests, we recommend that you download and install the latest version of the SSM Agent to each of your Amazon EC2 instances or managed instances (servers and VMs in a hybrid environment). For more information, see Installing and Configuring SSM Agent on Windows Instances.

SSM Agent (EC2 Linux instances)

SSM Agent processes Systems Manager requests and configures your machine as specified in the request. SSM Agent is installed, by default, on Amazon Linux and Ubuntu Server 18.04 LTS base AMIs. You must manually install SSM Agent on other versions of EC2 Linux, including non-base images like Amazon ECS-Optimized AMIs. For more information, see Installing and Configuring SSM Agent on Linux Instances.

The source code for SSM Agent is available on GitHub so that you can adapt the agent to meet your needs. We encourage you to submit pull requests for changes that you would like to have included. However, Amazon Web Services does not currently provide support for running modified copies of this software.

SSM Agent (hybrid environment)

The SSM Agent download and installation process for managed instances in a hybrid environment is different from that for Amazon EC2 instances. For more information, see Install SSM Agent on Servers and VMs in a Windows Hybrid Environment.

Windows PowerShell 3.0 or Later

SSM Agent requires Windows PowerShell 3.0 or later to execute certain SSM Documents on Windows instances (for example, the AWS-ApplyPatchBaseline document). Verify that your Windows instances are running Windows Management Framework 3.0 or later. The framework includes PowerShell. For more information, see Windows Management Framework 3.0.

Internet Access

Verify that your EC2 instances have outbound Internet access. Inbound Internet access is not required.

Configure Monitoring and Notifications (Optional)

You can configure Amazon CloudWatch Events to log status execution changes of the commands you send using Systems Manager. You can also configure Amazon Simple Notification Service (Amazon SNS) to send you notifications about specific command status changes. For more information, see Understanding Command Statuses.

Amazon S3 Bucket (Optional)

You can store Systems Manager output in an Amazon Simple Storage Service (Amazon S3) bucket. Output in the Amazon EC2 console is truncated after 2500 characters. Additionally, you might want to create an Amazon S3 key prefix (a subfolder) to help you organize output. For more information, see Create a Bucket.

For information about Systems Manager limits, see AWS Systems Manager Limits. To increase limits, go to AWS Support Center and submit a limit increase request form.