Amazon SSM Agent

by Amazon Web Servicesv3.3.4624.0

Last updated Jun 12, 2026

An agent to enable remote management of your EC2 instances, on-premises servers, or virtual machines (VMs).

Install with winget

$ winget install --id Amazon.SSMAgent --exact --version 3.3.4624.0

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Silent install command for Amazon SSM Agent

Amazon SSM Agent uses EXE (Burn bundle). The silent install switches are /quiet /norestart.

One-line silent install (x64, machine scope)

msiexec.exe /i AmazonSSMAgentSetup.exe /quiet /norestart

See the full silent install reference for Amazon SSM Agent →

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

AWS Systems Manager Agent (SSM Agent) is Amazon software that runs on Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, on-premises servers, and virtual machines (VMs). SSM Agent makes it possible for Systems Manager to update, manage, and configure these resources. The agent processes requests from the Systems Manager service in the AWS Cloud, and then runs them as specified in the request. SSM Agent then sends status and execution information back to the Systems Manager service by using the Amazon Message Gateway Service (ssmmessages). (In AWS Regions launched before 2024, status and execution information might also be sent back by the Amazon Message Delivery Service (service prefix: ec2messages).)

If you monitor traffic, you will see that your managed nodes communicate with ssmmessages.* endpoints and possibly ec2messages.* endpoints. For more information, see Reference: ec2messages, ssmmessages, and other API operations. For information about porting SSM Agent logs to Amazon CloudWatch Logs, see Logging and monitoring in AWS Systems Manager.

Installers · v3.3.4624.0

Architecture	Type	Scope	Install	Download
x64	EXE Burn bundle	machine		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

1 known CVE via NVD

high7.0Patched in wingetCVE-2022-29527affects before 3.1.1208.0Apr 20, 2022
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition.
Patch

Source: NVD, updated 3h ago. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr.

Related apps

KiroAmazon Web Services
Amazon.Kirov0.12.333
An agentic IDE that helps you do your best work with features such as specs, steering, and hooks.
AWS Command Line InterfaceAmazon Web Services
Amazon.AWSCLIv2.35.3
Universal Command Line Interface for Amazon Web Services
AWS Copilot CLIAmazon Web Services
Amazon.CopilotCLIv1.34.1
Your toolkit for containerized applications on AWS
Session Manager PluginAmazon Web Services
Amazon.SessionManagerPluginv1.2.814.0
This plugin helps you to use the AWS Command Line Interface (AWS CLI) to start and end sessions to your managed instances.
Amazon QuickAmazon Web Services
Amazon.Quickv0.1000.1122
An AI assistant for work that turns questions into answers, answers into actions, and actions into outcomes—for you and your entire team.
L
LLRTAmazon Web Services
Amazon.LLRTv0.8.1-beta
LLRT (Low Latency Runtime) is an experimental, lightweight JavaScript runtime designed to address the growing demand for fast and efficient Serverless applications.

More from Amazon Web Services or browse aws.

Frequently asked questions

How do I install Amazon SSM Agent on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id Amazon.SSMAgent --exact --version 3.3.4624.0. winget downloads the installer from Amazon Web Services and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Amazon SSM Agent silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id Amazon.SSMAgent --exact 3.3.4624.0 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

What are the silent install switches for Amazon SSM Agent?

Amazon SSM Agent uses EXE (Burn bundle). Run the downloaded installer with: msiexec.exe /i AmazonSSMAgentSetup.exe /quiet /norestart. The silent switches are /quiet /norestart.

How do I uninstall Amazon SSM Agent via winget?

Run: winget uninstall --id Amazon.SSMAgent --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Amazon SSM Agent's Apps & Features entry.

Is Amazon SSM Agent free?

Amazon SSM Agent is distributed under Apache-2.0. Refer to the publisher (https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-windows.html) for the full license terms - Wingetly itself does not charge for installation.

Does Amazon SSM Agent work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Amazon SSM Agent directly from the publisher.

How do I keep Amazon SSM Agent up to date?

Run winget upgrade --id Amazon.SSMAgent --exact, or winget upgrade --all to update everything winget tracks. We index 10 versions of Amazon SSM Agent from microsoft/winget-pkgs.

Recent versions

3.3.4624.0latest
3.3.4515.0
3.3.4268.0
3.3.4177.0
3.3.4121.0
3.3.4108.0
3.3.3797.0
3.3.3598.0
3.3.3572.0
3.3.3270.0