Contact MP Customers who don't have SSM Agents installed on their instances

richgreen-moj commented 1 month ago

User Story

As a MP engineer I want to identify and make contact with MP customers who are not running SSM agent on their instances So that I can ensure that all instances on MP that can possibly host the agent have it installed

Value / Purpose

Following on from https://github.com/ministryofjustice/modernisation-platform/issues/2415 this issue would be to run the script that has been generated in the MP Security repo and get a list of the instances without the SSM agent installed and then contact the customers who we think should be able to get the agent installed based on the platform information. If there is no platform info available we would need to make contact to find out the possibility of installing the SSM agent.

Useful Contacts

@richgreen-moj @davidkelliott

Additional Information

No response

Proposal / Unknowns

Hypothesis If we... [do a thing] Then... [this will happ]

Proposal A proposal that is something testable, don't worry whether it works or not, it's a place for ideas.

Unknowns Potential pitfalls that could cause the story to expand beyond its original scope. Ideally this section will remain blank.

Definition of Done

[x] SSM monitoring script has been run to get results
[x] Customers on list with instances that should be able to host SSM agent are contacted to ask them to install/activate it or attach the relevant IAM policy (where it is already pre-baked)
[ ] Where no platform details are available contact customers to establish whether the SSM agent could be installed/activated
[ ] Another team member has reviewed

ASTRobinson commented 1 week ago

script run: https://github.com/ministryofjustice/modernisation-platform-security/actions/runs/9662776177/job/26653397191

ASTRobinson commented 1 week ago

I have sent the below email to all teams/users with instances without the SSM agent...

_Hello XXXX team,

I hope this message finds you well.

As part of our ongoing efforts to enhance our operational capabilities and in line with our Production Ready Checklist, we need to ensure that the AWS Systems Manager Agent (SSM Agent) is installed on all EC2 instances across the Modernisation Platform.

To achieve this, I kindly request that you install the SSM Agent on your EC2 instances. Below is a list of identified instances without the SSM Agent. The installation process is straightforward, and many AMIs come with the SSM Agent pre-installed.

If you encounter any issues or have any questions during the installation process, please do not hesitate to reach out for assistance via the #ask-modernisation-platform channel.

Thank you for your cooperation in this important initiative.

Best regards,

Aaron Robinson_

Account ID	Account Name	Instance ID	Instance Name	SSM Status
1234567890	xxxx-development	i-1234567890	instance-name	Not Managed

ministryofjustice / modernisation-platform