Hybrid activation "Instance name"

[mthoretton]

Hello :)

Is it possible to set instance tags or at least to set the instance name with the register command on "Hybrid" instances?

We are using the agent on dedicated servers (=> Hybrid activation). Everything works perfectly fine BUT: Registered servers come with an empty "Instance name" which is not very handy. It is possible to tag those new registered instances afterwards but it adds quite some complexity to our provisioning.

I checked the doc and the issues but I did not find anything related, I hope I didn't miss something. Also we may run some old linux distibutions, could it be the instance name would automatically be gathered (form hostname or so) one more modern systems? 🤔

Thanks!

[tautzie]

You can enable the column "Computer Name" in the Fleetmanager list, to display the systems hostname:

[caimeq]

This does give you one way of trying to find the source instance. It does not work well if the machine / host names are not 'controlled' ex: ip-10-24-34-0.us-west-2.compute.internal vs "Major DNS Machine". And option for propagating tags would be great where you are centrally managing cross-account instances for SSM Patching and other services.

[nikhilm-in]

We too use hybrid managed instances to access and managed VMs across different cloud. As part of my script that installs the agent and activates it, I also have it callback one of my endpoint which then goes and retags the Name tag with the value from computer name.

[anden-dev]

Hi

I encountered the same problem, found this: https://aws.amazon.com/blogs/desktop-and-application-streaming/automating-aws-systems-manager-activation-for-amazon-workspaces

and changed

compname=$(hostname) 

to something more helpful.

Interstingly the agent has a tag flag, but I could not make it work.

amazon-ssm-agent --help
Usage of amazon-ssm-agent:
  -allowLinkDeletions string
        Must be used in combination with tools and winOnFirstInstallChecks flag
  -clear

  -code string

  -disableSimilarityCheck

  -fingerprint

  -id string

  -region string

  -register

  -role string

  -similarityThreshold int
         (default 40)
  -tags string

  -tools
        Tools flag should not be used by anybody manually, commands might be removed without notice and we don't guarantee backwards compatibility
  -version

  -winOnFirstInstallChecks
        Must be used in combination with tools flag
  -y    

so this become -tags "key1=value1,key2=value2" but it does not show up.

The other way people seem to suggest is tagging an existing ssm resource, which they usually demonstrate by click-ops.

Would love to have a better solution but for now I'll code the needed info in compname/id which I then can painfully select via node-name in the detested WebConsole or my preferred way with fzf in a helper script.

[strophy]

I'm also unable to get this working. The docs state You can add tags to on-premises servers and virtual machines (VMs) at the time you activate them. but this doesn't seem to work. I tried two methods:

1. Using the -tags flag during activation with amazon-ssm-agent -register .... The docs specify that a string is expected here, but give no examples of the string formatting, and the docs do not describe how to use this tool or provide examples.
2. Using the --tags flag when creating the hybrid activation with aws ssm create-activation .... The docs do describe how to use this, but the resulting tags only appear in the "Tags" section of the Managed Instance in the AWS Console, and do not actually create a "Name" that appears in the overview table.

I found other issues with confused/incorrect/off-topic answers from what seems to be AWS staff that had been aggressively closed without having taken the time to actually understand the issue, doing any testing or waiting for confirmation that the issue was resolved from the actual users reporting the bug. Please don't do this, it's really rude!

For now, it is possible to read the output of the amazon-ssm-agent -register command and use it with aws ssm add-tags-to-resource to properly tag the resource with a "Name". Example Ansible code:

- name: Create SSM Hybrid Activation
  delegate_to: localhost
  become: false
  ansible.builtin.command:
    cmd: >
      aws ssm create-activation
      --iam-role 'service-role/AmazonEC2RunCommandRoleForManagedInstances'
      --registration-limit 1
      # --tags Key=Name,Value={{ infra | upper }}-{{ instance_hostname }}-iac # This doesn't work
      --description 'Hybrid Activation for {{ instance_hostname }}'
      --region '{{ ansible_aws_ssm_region }}'
  register: ssm_activation
  changed_when: ssm_activation.rc == 0

- name: Stop SSM Agent
  ansible.builtin.systemd_service:
    name: amazon-ssm-agent
    state: stopped

- name: Register SSM Agent
  ansible.builtin.command:
    cmd: >
      amazon-ssm-agent -register -y
      -clear
      -code '{{ ssm_activation.stdout | from_json | json_query('ActivationCode') }}'
      # -tags Key=Name,Value={{ infra | upper }}-{{ instance_hostname }}-iac # This doesn't work
      -id '{{ ssm_activation.stdout | from_json | json_query('ActivationId') }}'
      -region '{{ ansible_aws_ssm_region }}'
  register: ssm_registration
  changed_when: ssm_registration.rc == 0

- name: Start SSM Agent
  ansible.builtin.systemd_service:
    name: amazon-ssm-agent
    state: started
    enabled: true

# These last two steps shouldn't be necessary if it was possible to tag the instance during activation
- name: Extract Managed Instance ID
  ansible.builtin.set_fact:
    managed_instance_id: "{{ ssm_registration.stdout | regex_search('Managed instance-id: (mi-\\w+)', '\\1') | first }}"

- name: Add Name tag
  delegate_to: localhost
  become: false
  ansible.builtin.command:
    cmd: >
      aws ssm add-tags-to-resource
      --resource-id {{ managed_instance_id }}
      --resource-type "ManagedInstance"
      --tags Key=Name,Value={{ infra | upper }}-{{ instance_hostname }}-iac