Create a Role for communicating with InfraGuard

  • Log on to your AWS account console
  • Go to CloudFormation and create a stack with AWS-SystemManager-AutomationAdministrationRole attached to this document
  • Keep the Account id of your AWS account at a safe place
  • Log on to your client's AWS account console
  • Go to CloudFormation and create a stack with AWS-SystemsManager-AutomationExecutionRole attached to this document
  • It will prompt you to enter your AWS account id. Enter and create the stack
  • Create another stack with AWS-SystemsManager-AutomationInstanceRole attached to this document
  • Copy your this role ARN (you can also view this later by going to IAM -> Roles)
  • Go to EC2 Management Console and select your AWS instance
  • Go to Actions -> Instance Settings -> Attach/Replace IAM Role
  • From the drop-down, choose "AutomationInstanceRole" & press “Apply”

Ensure SSM is installed and active

  • Log on to your AWS console and click on “Run Command” under the “AWS SYSTEMS MANAGER” service
  • Click on “Run a command”
  • Select “AWS-RunShellScript” for Linux or "AWS-RunPowerShellScript" for Windows from the list of Command document
  • Now click on the select instance button and select the instance from the instance list
  • Enter sudo status amazon-ssm-agent for Linux and Get-Service -Name "AmazonSSMAgent" for Windows instance in the commands text area and click 'Run'
  • Now click on command id and select 'Output' tab and then view the output
  • Make sure the output is amazon-ssm-agent start/running

Onboard your servers to InfraGuard

  • First, make sure that Managed Instances listed in the AWS Systems Manager for this server is in running state
  • Log onto app.infraguard.io account
  • Select CLUSTER from side-menu
  • Click on “Create AWS cluster”
  • Add Any relevant Name, your Role ARN (IAM -> Roles -> Infraguard-aws)
  • Add the IAM name and profie which is attached to instance
  • Select Automation in execution type
  • Enter the IAM name of your automation execution role in Execution IAM role
  • Click ‘Sync’ to make your newly added server appear in the list of servers
  • Wait for some time before you click on ‘Servers’ to get your list of servers for that role ARN