search

aws / amazon-ssm-agent

An agent to enable remote management of your EC2 instances, on-premises servers, or virtual machines (VMs).
https://aws.amazon.com/systems-manager/
Apache License 2.0
1.04k stars 323 forks source link

SSM log to different buckets #329

Closed amudhanp closed 3 years ago

amudhanp commented 3 years ago

I have 3 EC2 Instances and I want each instance to write SSM logs to different S3 buckets or folders, In session manager preference it looks global applies to all SSM sessions is there a way to define?

nitikagoyal87 commented 3 years ago

Thanks for reaching out to us!

When using Session Manager console, there is only one preference that can be applied globally to all the sessions triggered from console and this preference is stored in a SSM document named SSM-SessionManagerRunShell. However different preferences can be used with Start Session requests when triggered from AWS CLI. There are two ways to achieve this.

  1. Create a session manager preference document by making properties such as s3BucketName as parameterized so desired values can be passed during Start Session requests. For example below sample preference document can be created by naming "SSM-SessionManagerRunShellCustom" with s3BucketName as parameterized. 
{
  "schemaVersion": "1.0",
  "description": "Session Document Example JSON Template",
  "sessionType": "Standard_Stream",
  "parameters": {
    "s3BucketName": {
      "type": "String",
      "description": "S3 bucket name for uploading session data"
    }
  },
  "inputs": {
    "s3BucketName": "{{s3BucketName}}",
    "s3KeyPrefix": "",
    "s3EncryptionEnabled": true, 
    "cloudWatchLogGroupName": "",
    "cloudWatchEncryptionEnabled": true,
    "kmsKeyId": ""
  }
}

Above document can be passed when using AWS CLI to make start session request along with the desired value for S3 bucket name. Below is a sample StartSession request.

aws ssm start-session --target <TARGET_ID> --document-name SSM-SessionManagerRunShellCustom --parameters "s3BucketName=<BUCKET_NAME>"
  1. Another alternative is to create as many preference documents as number of S3 buckets with each document having one S3 bucket name pre defined. Respective preference document can be passed in StartSession request depending on the S3 bucket that session log should get uploaded to when using AWS CLI.

Please follow below guide to create session manager preference document and let us know in case of further queries. https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-create-preferences-cli.html