DEV Community

Raju Nandi
Raju Nandi

Posted on

How AWS SSM agent communicates with ๐’๐ฒ๐ฌ๐ญ๐ž๐ฆ ๐Œ๐š๐ง๐š๐ ๐ž๐ซ ๐’๐ž๐ซ๐ฏ๐ข๐œ๐ž using ๐•๐๐‚ ๐ˆ๐ง๐ญ๐ž๐ซ๐Ÿ๐š๐œ๐ž ๐ž๐ง๐๐ฉ๐จ๐ข๐ง๐ญ๐ฌ.

#aws #cloud #devops #networking

If you are reading this blog then you are interested to know how the SSM agent running on the EC2 instance is communicating with the AWS System Manager Service.

Basically the SSM agent needs internet access to reach to the System Manager Service but what if your instances are in a restricted environment where they are not allowed to access the internet then how can you use AWS System Manager for managing your instances.

Curious to know how you can use all the features of AWS System Manager inspite of running your instances on a restricted environment. Watch this video
SSM on EC2 with No Internet? Here's How!

Below is how the communication happens from SSM agent running on EC2 to AWS System Manager.

Image description

1๏ธโƒฃ ๐‚๐š๐ฅ๐ฅ๐ฌ ๐ˆ๐ง๐ฌ๐ญ๐š๐ง๐œ๐ž ๐Œ๐ž๐ญ๐š๐๐š๐ญ๐š ๐’๐ž๐ซ๐ฏ๐ข๐œ๐ž: The SSM agent gets the instance metadata for example AWS region.
2๏ธโƒฃ ๐ƒ๐๐’ ๐‹๐จ๐จ๐ค๐ฎ๐ฉ ๐Ÿ๐จ๐ซ ๐€๐๐ˆ ๐„๐ง๐๐ฉ๐จ๐ข๐ง๐ญ: The SSM agent attempts to resolve the API endpoint (e.g., ssm..amazonaws.com) via the private DNS.
3๏ธโƒฃ ๐๐ซ๐ข๐ฏ๐š๐ญ๐ž ๐ƒ๐๐’ ๐‘๐ž๐ฌ๐จ๐ฅ๐ฏ๐ž๐ฌ ๐ญ๐จ ๐•๐๐‚ ๐„๐ง๐๐ฉ๐จ๐ข๐ง๐ญ: The private DNS resolves the SSM API domain to the private IP address of the VPC interface endpointโ€™s ENI.
4๏ธโƒฃ ๐“๐ซ๐š๐Ÿ๐Ÿ๐ข๐œ ๐‘๐จ๐ฎ๐ญ๐ž๐ ๐ญ๐จ ๐„๐ง๐๐ฉ๐จ๐ข๐ง๐ญ ๐„๐๐ˆ: The EC2 instance sends the API request to the private IP address of the VPC interface endpoint's ENI.
5๏ธโƒฃ ๐๐ซ๐ข๐ฏ๐š๐ญ๐ž๐‹๐ข๐ง๐ค ๐‚๐จ๐ฆ๐ฆ๐ฎ๐ง๐ข๐œ๐š๐ญ๐ข๐จ๐ง: The VPC interface endpoint forwards the request over AWS PrivateLink to the AWS SSM service.
6๏ธโƒฃ ๐’๐’๐Œ ๐’๐ž๐ซ๐ฏ๐ข๐œ๐ž ๐๐ซ๐จ๐œ๐ž๐ฌ๐ฌ๐ž๐ฌ ๐‘๐ž๐ช๐ฎ๐ž๐ฌ๐ญ: AWS Systems Manager processes the API request and Response Sent via PrivateLink to the VPC interface endpoint
7๏ธโƒฃ ๐‘๐ž๐ฌ๐ฉ๐จ๐ง๐ฌ๐ž ๐ƒ๐ž๐ฅ๐ข๐ฏ๐ž๐ซ๐ž๐ ๐ญ๐จ ๐’๐’๐Œ ๐€๐ ๐ž๐ง๐ญ: The VPC interface endpoint forwards the response to the EC2 instance, where the SSM agent receives and processes it.

For more Tech Bytes on Cloud and Devops you can view the below playlist or follow my channel NandiTechBytes.
๐Ÿ“ฝ Devops Projects & Tasks

Cheers
Keep Learning!

Top comments (1)

Collapse
 
arif_hossain_77cb3ae75144 profile image
Arif Hossain

Best SMM is one of the leading SMM panel providers in the world and also one of the cheapest SMM panels available. This panel offers complete social media marketing services including Facebook, YouTube, Instagram, and many other platforms. You can confidently try this panel for your marketing needs. Simply search โ€˜Best SMMโ€™ on Google and you will find this panel at the top.