search

ministryofjustice / modernisation-platform

A place for the core work of the Modernisation Platform • This repository is defined and managed in Terraform
https://user-guide.modernisation-platform.service.justice.gov.uk
MIT License
681 stars 289 forks source link

Contact MP Customers who don't have SSM Agents installed on their instances #7088

Closed richgreen-moj closed 4 months ago

richgreen-moj commented 5 months ago

User Story

As a MP engineer I want to identify and make contact with MP customers who are not running SSM agent on their instances So that I can ensure that all instances on MP that can possibly host the agent have it installed

Value / Purpose

Following on from https://github.com/ministryofjustice/modernisation-platform/issues/2415 this issue would be to run the script that has been generated in the MP Security repo and get a list of the instances without the SSM agent installed and then contact the customers who we think should be able to get the agent installed based on the platform information. If there is no platform info available we would need to make contact to find out the possibility of installing the SSM agent.

Useful Contacts

@richgreen-moj @davidkelliott

Additional Information

No response

Proposal / Unknowns

Hypothesis If we... [do a thing] Then... [this will happ]

Proposal A proposal that is something testable, don't worry whether it works or not, it's a place for ideas.

Unknowns Potential pitfalls that could cause the story to expand beyond its original scope. Ideally this section will remain blank.

Definition of Done

ASTRobinson commented 4 months ago

script run: https://github.com/ministryofjustice/modernisation-platform-security/actions/runs/9662776177/job/26653397191

ASTRobinson commented 4 months ago

I have sent the below email to all teams/users with instances without the SSM agent...

_Hello XXXX team,

I hope this message finds you well.

As part of our ongoing efforts to enhance our operational capabilities and in line with our Production Ready Checklist, we need to ensure that the AWS Systems Manager Agent (SSM Agent) is installed on all EC2 instances across the Modernisation Platform.

To achieve this, I kindly request that you install the SSM Agent on your EC2 instances. Below is a list of identified instances without the SSM Agent. The installation process is straightforward, and many AMIs come with the SSM Agent pre-installed.

If you encounter any issues or have any questions during the installation process, please do not hesitate to reach out for assistance via the #ask-modernisation-platform channel.

Thank you for your cooperation in this important initiative.

Best regards,

Aaron Robinson_

Account ID Account Name Instance ID Instance Name SSM Status
1234567890 xxxx-development i-1234567890 instance-name Not Managed
ASTRobinson commented 4 months ago

follow on ticket created and suggested actioning in 1-2 months to allow teams time to arrange for the SSM agent to be installed where possible - https://github.com/ministryofjustice/modernisation-platform/issues/7444

ASTRobinson commented 4 months ago

As previously stated all customers have been chased and requested to install / active SSM where possible. Some teams have added these actions to their backlog and will be actioned over the next couple of sprints. I have therefore also created a follow-on ticket (https://github.com/ministryofjustice/modernisation-platform/issues/7444) to re-run the script and assess how the tidy up is going in 1 - 2 months.