/aws-dhmc-enabler

AWS Default Host Management Configuration (DHMC) Enabler

Primary LanguageMakefile

💻 Default Host Management Configuration (DHMC) Enabler

🧠 Rationale

The Default Host Management Configuration (DHMC) is an AWS configuration at regional level and a best practices for managing Amazon EC2 instances using AWS Systems Manager. It helps you streamline the management of your EC2 instances and maintain security compliance across your AWS resources.

DHMC provides a standard configuration for AWS Account, making it easier to implement and maintain systems management tasks, such as patching, software installation, sessions management, and configuration management.

This project aims to simplify the implementation of DHMC, ensuring efficient and secure management by setting the default IAM Role needed by SSM to work properly.

📋 Requirements

  1. SSM Agent >= 3.2.532.0
  2. EC2 instances must have network connectivity to the public Systems Manager service endpoints or to AWS PrivateLink VPC endpoints for Systems Manager.

🛠️ How-to

To implement Default Host Management Configuration on your AWS Account, follow these steps:

Clone this repository to your local environment:

$ git clone <repository_url>

Modify the configuration files as needed to align with your organization's requirements. (Makefile)

Execute the provided command to apply DHMC settings to all available AWS Regions:

$ make deploy-role
$ make enable

Monitor the progress and verify that DHMC has been successfully applied to all AWS Regions.

$ make status

🖐️ Cleanup (rollback)

$ make desactivate
$ make delete-role

ℹ️ More Info

For more information about Default Host Management Configuration and how to enable it for your AWS Account, refer to the official AWS blog post

If you need more default security settings and alerting on your AWS Account, you can check my other initiative at: AWS Security Survival Kit

👨‍💻 Credits