Allow ssm-user to be created prior to first session.

[mishawakerman]

The README of this repo currently reads...

When the agent starts, it will create a user called "ssm-user" with sudo or administrator privilege.

... and the AWS docs say

the ssm-user account is created the first time a session is started on an instance

In my experience, I've found the latter to be true. Can someone with deeper knowledge of the project confirm which is true?

In our configuration, we proxy ansible through ssm but this fails on hosts that don't have the ssm-user. Our workaround is to manually create a session with all new instances which triggers the ssm-agent to create the ssm-user and then our ansible playbooks work. We'd love to remove this manual step by having a way to trigger the ssm-user to be created prior to our first AWS-RunShellScript command.

[nitikagoyal87]

Thanks for reaching out to us! Apologies for the confusion. Details about ssm-user provided in AWS docs is correct. README in latest version of SSM Agent has been updated to reflect the same.

ssm-user is created by SSM Agent to be used for Session Manager feature specifically. This is the reason it gets created on starting a Session Manager session for the first time. On reading your use case it seems you are using Run Command feature and hence unable to see ssm-user getting created on its own. This is by design. Please let us know in case of further queries.

[jhirn]

I am trying to SSH into boxes with ProxyCommand as the docs describe. This requires a key being present on the server which I'm uploading via AWS-RunShellScript. This works perfectly as long as somebody has connected to the box via aws ssm start-session in at some point, but without someone doing a start-session to create the ssm-user, publishing the key fails causing start-session to fail. How can I create the ssm-user in the context of a SSH ProxyCommand so I may upload the key and successfully start the session?

Thank you.