AWS Management Tools

Managing Non-EC2 Servers using AWS Systems Manager

3 min read
Updated June 23, 2025
3,456 characters

--

Step-by-Step Guide to Registering a Non-EC2 Server

This example uses a generic Linux server as the target. The commands for installing the SSM Agent may vary slightly based on your specific operating system.

Step 1: Create an IAM Role for Hybrid Instances

Before creating an activation, you need an IAM role that your on-premises servers can assume.

  1. Go to the IAM service in the AWS Console.

  2. Create a new role. For the trusted entity, select "AWS service" and choose "EC2" for now (you will modify this).

  3. Attach the AWS managed policy AmazonSSMManagedInstanceCore. This policy grants the permissions needed for the SSM Agent to function.

  4. After the role is created, open it, go to the "Trust relationships" tab, and click "Edit trust policy".

  5. Replace the existing policy with the following, which allows the SSM service to assume the role for your hybrid instances. Click "Update policy".

    
{

  "Version": "2012-10-17",

  "Statement": [

    {

      "Effect": "Allow",

      "Principal": {

        "Service": "ssm.amazonaws.com"

      },

      "Action": "sts:AssumeRole"

    }

  ]

}

  6. Take note of the Role Name.

Step 2: Generate a Hybrid Activation

  1. Navigate to AWS Systems Manager > Node Management > Hybrid Activations.

  2. Click Create activation.

  3. Provide a description (e.g., "Activation for data-center-web-servers").

  4. Set an Instance limit. This is the number of servers that can register using this activation (e.g., 1).

  5. Select the IAM role you created in Step 1 from the dropdown list.

  6. You can set an expiration date for the activation for added security.

  7. Click Create activation.

  8. Immediately copy the Activation Code and Activation ID. You will only see the code once.

Step 3: Install the SSM Agent on Your Server

Log in to your on-premises server or non-EC2 VM and run the appropriate commands to install the SSM Agent. For a 64-bit Linux server, the commands would be:


# Create a directory for the installation files

mkdir /tmp/ssm



# Download the SSM Agent installer

curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb -o /tmp/ssm/amazon-ssm-agent.deb



# Run the installer

sudo dpkg -i /tmp/ssm/amazon-ssm-agent.deb

(Note: For other operating systems like CentOS, RHEL, or Windows, refer to the official AWS documentation for the correct installer and commands.)

Step 4: Register and Start the Agent

Now, use the credentials from Step 2 to register the agent. Replace the placeholders with your actual values.


# Register the agent with Systems Manager

sudo amazon-ssm-agent -register -code "ACTIVATION_CODE" -id "ACTIVATION_ID" -region "us-east-1"



# Start the agent service

sudo systemctl enable amazon-ssm-agent

sudo systemctl start amazon-ssm-agent

Step 5: Verify in Fleet Manager

Navigate back to the AWS Systems Manager console and click on Fleet Manager. After a few minutes, your non-EC2 server should appear in the list of managed nodes with an ID starting with mi-.

You can now manage this server just like any other EC2 instance, using tools like Session Manager for secure access, Patch Manager for updates, and Run Command for remote execution.

📚 Recommended AWS Resources

AWS Certified Solutions Architect Study Guide
Complete preparation for AWS certification exams
AWS Cookbook
Practical recipes for AWS cloud solutions
As an Amazon Associate, we earn from qualifying purchases.
Back to All