Technical Overview of AWS-UpdateSSMAgent command

Posted on August 23, 2021

On Linux, the AWS-UpdateSSMAgent command is implemented using a special action called aws:updateSsmAgent. Here is the step that is run on Linux targets, from the command document:

{
  "action": "aws:updateSsmAgent",
  "name": "awsupdateSsmAgent",
  "inputs": {
    "agentName": "amazon-ssm-agent",
    "source": "https://s3.{Region}.amazonaws.com/amazon-ssm-{Region}/ssm-agent-manifest.json",
    "allowDowngrade": "{{ allowDowngrade }}",
    "targetVersion": "{{ version }}"
  }
}

The aws:updateSsmAgent action is implemented in the SSM Agent as a plugin. This plugin downloads a manifest that contains information about all of the updaters that are available. Based on the targetVersion specified by the AWS-UpdateSSMAgent command, the plugin chooses an updater and downloads it.

Then, it runs the updater. The updater downloads the appropriate install script based on the current platform.

The updater attempts to execute the install script (see the generic Linux install script for an example). Currently, the install scripts for Linux platforms use either rpm, dkpg, or snap.