Seamless integration with Azure and GCP using AWS Systems Manager.
Configuring AWS Systems Manager for Multicloud GCP and Azure involves setting up a unified management system that can automate tasks across different cloud providers. This provides centralized control and visibility over the entire multi-cloud infrastructure, enhancing efficiency, security, and compliance management.
What is the Purpose of the System manager for multi-cloud?
Configuring AWS Systems Manager for multi-cloud environments serves several key purposes:
- Centralized Control: It provides a single control point for managing resources across different cloud providers.
- Automation: The Systems Manager automates routine tasks, reducing manual effort and the risk of errors.
- Security and Compliance: It ensures a consistent security posture and helps maintain regulation compliance.
- Cost Optimization: Organizations can identify cost-saving opportunities and make informed decisions about resource allocation.
- Operational Efficiency: It simplifies resource tracking and troubleshooting, improving overall operational efficiency.
What is SSM (Systems Manager)?
AWS Systems Manager Agent (SSM Agent) is Amazon software that runs on Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, on-premises servers, and virtual machines (VMs). SSM Agent makes it possible for the Systems Manager to update, manage, and configure these resources.
Architecture Diagram
Steps to be followed
Step 1 Create a VM on the GCP side
in my case, i have created a VM
Step 2 Create a Windows VM in Azure
Step 3 Create a Role in AWS
Select AWS service and Select Use Case System Manager
Now Select Role
- AmazonSSMDirectoryServiceAccess
- AmazonSSMManagedInstanceCore
Step 4 In System Manager and Active Hybrid Activation
Now Create activation Here we have to fill in details like
- Activation Description -Hyper-activation-gcp-azure-env
- Instance Limit -10
- IAM role -Select an existing custom IAM role that has the required permissions (Select the Role that we have created in Step3 in My case the Role is SSM-multicloud-role)
- All Default
- Create Activation
Copy this Activation Code and Activation ID we will use this later.
Step 5 Now Install the SSM agent on GCP and Azure VM
Now We will install SSM Agent this agent have the capability to Connect external source like hybrid and multi-cloud connectivity as per the Documentation link. Now paste your Activation Code and Activation ID here in this command as mentioned below
- SSH to your GCP VM and Install the package
mkdir /tmp/ssm
wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb -O /tmp/ssm/amazon-ssm-agent.deb
sudo dpkg -i /tmp/ssm/amazon-ssm-agent.deb
sudo service amazon-ssm-agent stop
sudo -E amazon-ssm-agent -register -code "activation-code" -id "activation-id" -region "region"
sudo service amazon-ssm-agent start
- SSH to your Azure Windows VM and Install this package.
$code = "activation-code"
$id = "activation-id"
$region = "region"
$dir = $env:TEMP + "\ssm"
New-Item -ItemType directory -Path $dir -Force
cd $dir
(New-Object System.Net.WebClient).DownloadFile("https://amazon-ssm-$region.s3.$region.amazonaws.com/latest/windows_amd64/AmazonSSMAgentSetup.exe", $dir + "\AmazonSSMAgentSetup.exe")
Start-Process .\AmazonSSMAgentSetup.exe -ArgumentList @("/q", "/log", "install.log", "CODE=$code", "ID=$id", "REGION=$region") -Wait
Get-Content ($env:ProgramData + "\Amazon\SSM\InstanceData\registration")
Get-Service -Name "AmazonSSMAgent"
Now paste your Activation Code and Activation ID here in this command as mentioned above Now here you will see Registered instances is 2 and Registration limit is 10 as per what I have set here.
Step 6 Connect SSM to Both VM
Now let's connect using SSM to both VMs using SSM
In SSM There is an option called Node management and in Node management select Fleet Manager.
What is Fleet Manager?
Fleet Manager, a capability of AWS Systems Manager, is a unified user interface (UI) experience that helps you remotely manage your nodes running on AWS or on-premises. With Fleet Manager, you can view the health and performance status of your entire server fleet from one console. You can also gather data from individual nodes to perform common troubleshooting and management tasks from the console. This includes connecting to Windows instances using the Remote Desktop Protocol (RDP), viewing folder and file contents, Windows registry management, operating system user management, and more.
Here You will see there are 2 VM windows and Linux the agent goes and detects the Operating System and adds to SSM using Agent.
Now go to Setting Top right corner Change instance tier settings you will see this kind of pop as mentioned below accept and Change setting
Select Windows and Connect and connect with the RDP desktop
You will be redirected to this page and ask for the credential username and password
Here you Go You will RDP to Azure Windows VM
Let’s Connect to GCP Linux In Node Action → Connect → Start terminal Session
You will be redirected to the Session Manager console and you can also access your GCP VM
Conclusion
AWS Session Manager offers a practical solution for managing multiple cloud instances efficiently. Its central management, enhanced security, and simplified access control streamline operations. By ensuring compliance, optimizing costs, and fostering innovation, businesses can achieve a secure, cost-effective, and agile multi-cloud infrastructure. Embracing Session Manager is achievable and empowers organizations to navigate diverse cloud environments with ease.
`In case of any questions regarding this article, please feel free to comment in the comments section or contact me via LinkedIn.
I want to thank my team at Guysinthecloud for all of their help.
Thank You
