> For the complete documentation index, see [llms.txt](https://docs.apono.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.apono.io/docs/aws-environment/aws-integrations/ec2-via-systems-manager-agent-ssm.md). # EC2 via Systems Manager Agent (SSM) ## EC2 via Systems Manager Agent (SSM) {% hint style="info" %} Have you connected an AWS account? Make sure you integrated your AWS account to Apono. Follow this [AWS Integration](/docs/aws-environment/aws-integrations/integrate-with-aws.md) step-by-step guide. {% endhint %} ## Intro This integration provides the ability to grant users permissions to connect to the EC2 with a secure connection through SSM. ## Prerequisites * An integration between Apono and the AWS Organization or Account where the EC2 is. * EC2 machine with SSM agent installed. *Installed by default in most EC2s*\ [docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent.html) * End users will need to install the session manager plugin for AWS CLI *on the local user's computer*.\ [docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html) ## Step-by-step guide ### The EC2 instance role Follow the steps below to create an EC2 instance role with the `AmazonSSMManagedInstanceCore` managed policy. Read more [here](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-instance-profile.html). 1. In the AWS IAM, Click **Create new IAM Role** 1. Click Create Role 2. Choose the AWS Service option 3. From the dropdown list, choose EC2 4. Choose EC2 Role for AWS System Manager. Click Next. 5. Verify that the `AmazonSSMManagerInstanceCore` policy is added. Click Next 6. Fill the Role name box (for example, ec2-ssm) 7. Click **Create role** 2. Go back to the Modify IAM Role page 1. From the dropdown list, choose the new IAM role we created (ec2-ssm) 2. Click **Update IAM role** 3. Pleas note: it takes about 30 minutes for the AWS sync to finish. ### Integrating Apono with the EC2 instances 1. In the Apono UI, edit an existing AWS Org or AWS Account integration or create a new one. 2. Add the EC2 Connect resource type. 3. Complete the integration and click **Integrate**. ## Results Apono should now discover EC2 machines! You can now [create access flows](/docs/access-flows/access-flows.md) to EC2 instances. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.apono.io/docs/aws-environment/aws-integrations/ec2-via-systems-manager-agent-ssm.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.