# AWS Registration and Cleanup In AWS environments, EC2 instances are often created and destroyed via automated processes. By following this recipe, these instances may be automatically registered and de-registered in StrongDM. ### EC2 User Data Script EC2 User Data scripts can perform EC2 instance initialization tasks. In the script below, the `sdm` binary is used to self-register via the `sdm admin ssh add` command. The `-p` argument to the `add` command will result in an SSH public key to be printed. The key is then appended to `$TARGET_USER/.ssh/authorized_keys`. {% hint style="info" %} Both the `sdm admin ssh add` and `sdm admin servers add` commands (without a `type` set) default (are aliased to) the type `ssh`, as in `sdm admin servers add ssh`. If you include any `type` as the last parameter, it will supersede that default. {% endhint %} `SDM_ADMIN_TOKEN` should be generated with only the **Datasources & Servers > List, Update, Create** and **Roles > List** permissions via the Admin Token section of the admin UI. This script is designed for Ubuntu AMIs; change update commands and `TARGET_USER` as needed for your environment. ```bash #!/bin/bash export SDM_ADMIN_TOKEN=XXX export TARGET_USER=ubuntu apt update apt install -y unzip curl -o sdm.zip -L https://app.strongdm.com/releases/cli/linux unzip sdm.zip ./sdm admin ssh add \ -p `curl http://169.254.169.254/latest/meta-data/instance-id` \ $TARGET_USER@`curl http://169.254.169.254/latest/meta-data/public-hostname` \ | tee -a "/home/$TARGET_USER/.ssh/authorized_keys" ./sdm admin roles grant `curl http://169.254.169.254/latest/meta-data/instance-id` Engineers rm sdm.zip ``` ### Cleanup Script The following script can automatically remove terminated EC2 instances from the list of available StrongDM servers. `SDM_ADMIN_TOKEN` should be generated with only the **Datasources & Servers > List, Delete** permissions via the Admin Token section of the admin UI. ```bash #!/bin/bash # ec2-gc-demo sandbox environment garbage collection demo key export AWS_ACCESS_KEY_ID=XXX export AWS_SECRET_ACCESS_KEY=XXX export SDM_ADMIN_TOKEN=XXX # garbage collect any servers by instance ID aws ec2 describe-instances --region us-west-2 --output json \ --query 'Reservations[*].Instances[*].[InstanceId]' \ --filters "Name=instance-state-name,Values=[terminated,shutting-down]" \ | jq 'add' | jq 'flatten | .[]' \ | while read -r instid; do eval sdm admin servers delete $instid; done ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/admin/deployment/scenarios/aws-user-data.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.