Install SSM Agent on Linux and Mac

Opportunity Name:

Install SSM Agent on Linux and Mac

AWS Resource Type:

Amazon EC2

Opportunity Description:

Correctly rightsizing or retyping an EC2 instance requires knowing how the instance is used. By default, AWS provides metrics on CPU utilization but not on memory and disk utilization.  To capture these metrics, we need the CW agent installed on the instance.  The right way to install CW agents is via SSM state associations, for which we need the SSM agent installed first.

Criteria for identifying the opportunity:

EC2 instances meeting ALL of the following criteria are identified as opportunities:

  • Instance is online
  • Running on a Linux-based operating system (i.e., not Windows)
  • Not attached to an auto-scaling group
  • Has SSM agent installed, but the agent is not running, OR the instance does not have the SSM agent installed

Potential savings (range in % on annual basis):

This does not directly result in cost savings, however, once installed, the SSM agent (in conjunction with a separate Fixer that will install the CW agent) allows CloudFix to perform additional analysis that should result in cost savings.

What happens when the Fixer is executed?

The Fixer creates a snapshot of the instance for backup purposes.  Then the Fixer creates a specialized Lambda function in the same VPC as the instance.  The Lambda connects to the target EC2 instance (using a temporary SSH keypair generated by Instance Connect). It will execute a series of OS-level commands to start the SSM agent if present and not running, or install and start the SSM agent if not already present.  Once complete, the Fixer will delete the Lambda function (the keypair expires after 60 seconds). 

Is it possible to rollback once CloudFix implements the fixer?

There is no automated rollback for this Fixer, as any failure will leave the instance in its previous state related to the SSM agent.  The Fixer does create a snapshot of the instance, and if the user chooses, they can manually restore the instance from this snapshot as needed.  This snapshot will be removed by CloudFix 7 days after the successful Fixer execution.

Can CloudFix implement the fix automatically once I accept the recommendation?


Does this fix require downtime?



Additional Resources:



Article is closed for comments.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request