Onboard your AWS servers via Automation for enterprise deployment
Print
Created by: IG Support
Modified on: Mon, 25 Jul, 2022 at 11:54 PM
Create a Role for communicating with InfraGuard
- Log on to your AWS account console
- Go to CloudFormation and create a stack with AWS-SystemManager-AutomationAdministrationRole attached to this document
- Keep the Account id of your AWS account at a safe place
- Log on to your client's AWS account console
- Go to CloudFormation and create a stack with AWS-SystemsManager-AutomationExecutionRole attached to this document
- It will prompt you to enter your AWS account id. Enter and create the stack
- Create another stack with AWS-SystemsManager-AutomationInstanceRole attached to this document
- Copy your this role ARN (you can also view this later by going to IAM -> Roles)
- Go to EC2 Management Console and select your AWS instance
- Go to Actions -> Instance Settings -> Attach/Replace IAM Role
- From the drop-down, choose "AutomationInstanceRole" & press “Apply”
Ensure SSM is installed and active
- Log on to your AWS console and click on “Run Command” under the “AWS SYSTEMS MANAGER” service
- Click on “Run a command”
- Select “AWS-RunShellScript” for Linux or "AWS-RunPowerShellScript" for Windows from the list of Command document
- Now click on the select instance button and select the instance from the instance list
- Enter
sudo status amazon-ssm-agent for Linux and Get-Service -Name "AmazonSSMAgent" for Windows instance in the commands text area and click 'Run' - Now click on command id and select 'Output' tab and then view the output
- Make sure the output is
amazon-ssm-agent start/running
Onboard your servers to InfraGuard
- First, make sure that Managed Instances listed in the AWS Systems Manager for this server is in running state
- Log onto app.infraguard.io account
- Select CLUSTER from side-menu
- Click on “Create AWS cluster”
- Add Any relevant Name, your Role ARN (IAM -> Roles -> Infraguard-aws)
- Add the IAM name and profie which is attached to instance
- Select Automation in execution type
- Enter the IAM name of your automation execution role in Execution IAM role
- Click ‘Sync’ to make your newly added server appear in the list of servers
- Wait for some time before you click on ‘Servers’ to get your list of servers for that role ARN
IG is the author of this solution article.
Did you find it helpful?
Yes
No
Send feedback Sorry we couldn't be helpful. Help us improve this article with your feedback.
