Hacker News new | past | comments | ask | show | jobs | submit login


By default, SSM Agent is preinstalled on instances created from the following Amazon Machine Images (AMIs):

Amazon Linux

Amazon Linux 2

Amazon Linux 2 ECS-Optimized Base AMIs

macOS 10.14.x (Mojave) and 10.15.x (Catalina)

Ubuntu Server 16.04, 18.04, and 20.04

Windows Server 2008-2012 R2 AMIs published in November 2016 or later

Windows Server 2016 and 2019

But the AWS SSM agent doesn't listen on the network [0]. The connection is initiated by the agent towards the cloud API, so any commands that come in aren't new connections established over a possibly insecure network.

Of course, if the agent's verification of who it's talking to is as good as in the case of Azure, all bets are off.


[0] I've just checked this on an Ubuntu EC2 instance. The SSM agent is running, but it doesn't listen on any interface. No custom configuration was done it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact