SSM Update
SSM Package Update
By registering AWS authentication information in FutureVuls, you can update EC2 packages via SSM (AWS Systems Manager). You can update them from the FutureVuls screen on a task-by-task basis. The results of commands issued via SSM can be confirmed in the SSM Command History.
Target OS (Limited to AWS instances)
- Amazon Linux
- Amazon Linux 2
- Red Hat
- CentOS
- Debian
- Ubuntu
Setting Up SSM-Integrated Package Updates
Complete the AWS authentication information settings beforehand.
AWS Environment Settings
- Create an AWS instance
- Create an AWS instance from the AWS Management Console (refer to Target OS for OS)
- Create a role with the
AmazonSSMManagedInstanceCorepolicy (AWS Documentation) - Grant the created role to the instance as an IAM role.
- Register SSM on the AWS instance (AWS Documentation)
sudo yum -y install amazon-ssm-agent(For Amazon Linux; refer to the above documentation for other OSes)sudo systemctl start amazon-ssm-agent(For Amazon Linux; refer to the above documentation for other OSes)
- Check registration of SSM
- Check that the instance is registered in
Managed Instancesin AWS System Manager.
- Check that the instance is registered in
FutureVuls Settings
-
Click the
Set Upbutton on the AWS integration page in the Group settings.
-
- Confirmed to work with version 1.16.80 or higher.
-
Run the command (AWS CLI) that appears (FutureVulsSSMPkgSetting.sh) in an environment where AWS CLI is installed and configured (requires the permissions
ssm.CreateDocumentandssm.DeleteDocument) and click Next.
-
If
SSM-Integrated Package Updateis set toConfigured, it is complete.
Automatic Integration with SSM
After the above SSM settings, the information on whether each server can be integrated with SSM or not will be imported into FutureVuls at the timing of the scan. If the SSM integration column in the server list is set to ○, the setup is complete.
![image](https://user-images.githubusercontent.com/899733