Avoid EC2 Image Builder Remove SSM Agent


We use EC2 Image Builder to build both Amazon Linux 2 and Red Hat Enterprise Linux based AMI as our SOE. The Ansible playbook that is included in the component installs SSM agent, but somehow we could not connect to the EC2 instance that is created from the RHEL AMI SOE via ssm session manager.

It turns out that EC2 Image Builder removes SSM agent if it is not part of the base AMI (e.g RHEL). To retain it, you need to remove the delete tag which is a file /tmp/imagebuilder_service/ssm_installed.

e.g Add it as step in the component

  - name: RetainSSMAgent
    action: ExecuteBash
    inputs:
      commands:
        # Remove this tag to retain ssm agent
        - sudo rm -rf /tmp/imagebuilder_service/ssm_installed

If you are interested to dig into the details, SSM automation is the place you can check. Click one of the EC2 Image Builder automation executions, then look for the ssmUninstallCommands. There is something like:

if [[ -f ${SERVICE_ROOT_WORKING_DIR}/ssm_installed ]]; then package_manager="$(cat ${SERVICE_ROOT_WORKING_DIR}/ssm_installed)" echo "Uninstalling SSM Agent installed by image builder using ${package_manager}" uninstall_ssm_agent "${package_manager}" fi else echo "Uninstall after build set to false...Skip Uninstall ssm agent" fi cleanup_image

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s