aws-iso-b delta: Differences installing SSM Agent on managed instances

[YakDriver]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Potential Impact

This issue is to track the impact on and fixes to the Terraform AWS Provider from the following differences between the aws-iso-b partition and the public, commercial aws partition (aka "standard partition"). (This limitation may also apply to aws-iso.)

The process for installing SSM Agent on managed instances includes the following differences for aws-iso-b:

• The URLs to download the installers from are specific to aws-iso-b (see below).
• On version 2.3.714.0 and earlier versions of SSM Agent, a custom file (see below) must be created to specify the endpoint values for the agent to use. This is not necessary on later versions.
• SSM Agent must be restarted after creating the custom file.

When following the instructions to install SSM Agent on Linux and Windows operating systems, see the following table for the sources of installation files to use.

Operating System	SSM Agent Installer URL
Amazon Linux and Amazon Linux 2 Intel (x86_64) 64-bit instances	https://amazon-ssm-us-isob-east-1.s3.us-isob-east-1.sc2s.sgov.gov/latest/linux_amd64/amazon-ssm-agent.rpm
Amazon Linux and Amazon Linux 2 ARM (arm64) 64-bit instances	https://amazon-ssm-us-isob-east-1.s3.us-isob-east-1.sc2s.sgov.gov/latest/linux_arm64/amazon-ssm-agent.rpm
Amazon Linux and Amazon Linux 2 Intel (x86) 32-bit instances	https://amazon-ssm-us-isob-east-1.s3.us-isob-east-1.sc2s.sgov.gov/latest/linux_386/amazon-ssm-agent.rpm
Ubuntu Server	https://amazon-ssm-us-isob-east-1.s3.us-isob-east-1.sc2s.sgov.gov/latest/debian_amd64/amazon-ssm-agent.deb sudo dpkg -i amazon-ssm-agent.deb
Red Hat Enterprise Linux (RHEL) Intel (x86_64) 64-bit instances	https://amazon-ssm-us-isob-east-1.s3.us-isob-east-1.sc2s.sgov.gov/latest/linux_amd64/amazon-ssm-agent.rpm
RHEL ARM (arm64) 64-bit instances	https://amazon-ssm-us-isob-east-1.s3.us-isob-east-1.sc2s.sgov.gov/latest/linux_arm64/amazon-ssm-agent.rpm
RHEL Intel (x86) 32-bit instances	https://amazon-ssm-us-isob-east-1.s3.us-isob-east-1.sc2s.sgov.gov/latest/linux_386/amazon-ssm-agent.rpm
CentOS 64-bit instances	https://amazon-ssm-us-isob-east-1.s3.us-isob-east-1.sc2s.sgov.gov/latest/linux_amd64/amazon-ssm-agent.rpm
CentOS 32-bit instances	https://amazon-ssm-us-isob-east-1.s3.us-isob-east-1.sc2s.sgov.gov/latest/linux_386/amazon-ssm-agent.rpm
SUSE Linux Enterprise Server (SLES) 64-bit instances	https://amazon-ssm-us-isob-east-1.s3.us-isob-east-1.sc2s.sgov.gov/latest/linux_amd64/amazon-ssm-agent.rpm sudo rpm --install amazon-ssm agent.rpm
Raspbian	https://amazon-ssm-us-isob-east-1.s3.us-isob-east-1.sc2s.sgov.gov/latest/debian_arm/amazon-ssm-agent.deb
Windows Server	https://amazon-ssm-us-isob-east-1.s3.us-isob-east-1.sc2s.sgov.gov/latest/windows_amd64/AmazonSSMAgentSetup.exe

Customize endpoints (SSM Agent versions 2.3.714.0 and earlier)

1. Open the file amazon-ssm-agent.json.template.

   All Unix-based operating systems and Raspbian: /etc/amazon/ssm/amazon-ssm-agent.json.template

   Windows Server: C:\Program Files\Amazon\SSMmazon-ssm-agent.json.template

2. For the following elements in the file, enter the endpoints as specified in the Endpoint column.

Element	Endpoint
Mds	ec2messages.us-isob-east-1.sc2s.sgov.gov
Ssm	ssm.us-isob-east-1.sc2s.sgov.gov
Mgs	ssmmessages.us-isob-east-1.sc2s.sgov.gov
S3	s3.us-isob-east-1.sc2s.sgov.gov
Kms	kms.us-isob-east-1.sc2s.sgov.gov

3. Save the file as amazon-ssm-agent.json.
4. Restart SSM Agent.

References

• 18593

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.