SSM Update

SSM Package Update

By registering AWS authentication information in FutureVuls, you can update EC2 packages via SSM (AWS Systems Manager). You can update them from the FutureVuls screen on a task-by-task basis. The results of commands issued via SSM can be confirmed in the SSM Command History.

Target OS (Limited to AWS instances)

  • Amazon Linux
  • Amazon Linux 2
  • Red Hat
  • Debian
  • Ubuntu

Setting Up SSM-Integrated Package Updates

Complete the AWS authentication information settings beforehand.

AWS Environment Settings

  • Create an AWS instance
    • Create an AWS instance from the AWS Management Console (refer to Target OS for OS)
    • Create a role with the AmazonSSMManagedInstanceCore policy (AWS Documentation)
    • Grant the created role to the instance as an IAM role.
  • Register SSM on the AWS instance (AWS Documentation)
    • sudo yum -y install amazon-ssm-agent (For Amazon Linux; refer to the above documentation for other OSes)
    • sudo systemctl start amazon-ssm-agent (For Amazon Linux; refer to the above documentation for other OSes)
  • Check registration of SSM
    • Check that the instance is registered in Managed Instances in AWS System Manager.

FutureVuls Settings

  • Click the Set Up button on the AWS integration page in the Group settings. image

  • Install awscli

    • Confirmed to work with version 1.16.80 or higher.
  • Run the command (AWS CLI) that appears (FutureVulsSSMPkgSetting.sh) in an environment where AWS CLI is installed and configured (requires the permissions ssm.CreateDocument and ssm.DeleteDocument) and click Next. image

  • If SSM-Integrated Package Update is set to Configured, it is complete. image

Automatic Integration with SSM

After the above SSM settings, the information on whether each server can be integrated with SSM or not will be imported into FutureVuls at the timing of the scan. If the SSM integration column in the server list is set to , the setup is complete. ![image](https://user-images.githubusercontent.com/899733