How to Use an AWS SSM Agent with VSS on Windows SQL

Ah, the humble backup—every IT pro’s secret weapon and, unfortunately, also the bane of many a late night. Whether it’s data corruption, botched updates, or the ever-terrifying ransomware attack, you need more than just hope and crossed fingers. You need backups that are consistent, reliable, and application-aware.

Let me introduce you to a tool that takes your backup game from “meh” to marvelous: the AWS SSM Agent, expertly paired with VSS snapshots.

The Permission Slip

Before you can flex your backup muscles, AWS wants to make sure you’ve got the right permission slip. (No one likes being stopped by the bouncer at the backup club!) Your first step is to ensure your backup target—yes, the very instance you’re going to protect—has the right IAM permissions. Specifically, you need:

  • Amazon SSM Full Access
  • AWS EC2 VSS Snapshot Policy

If your instance already has a role, sprinkle these permissions right in. If not, whip up a brand-new role and make sure it gets those two golden tickets. Oh, and don’t forget: the N2W instance also needs the VSS snapshot policy. Forget a policy, and your backups might miss the whole show.

Installation Station: Getting the SSM Agent Up and Running

Next up, let’s install the AWS SSM Agent on your backup target. Sure, there are a few ways to do this, but sometimes direct is best. Download the installer, run it, and make sure the service is not just installed but running on automatic.

Once that’s done, it’s time to make sure the SSM Agent is standing by, ready for commands like a loyal valet waiting for your server’s next move.

Policies with Purpose: Charting Your Backup Plan

Now, with all the right components in place, it’s policy time. Create a new AWS backup policy and assign it to your freshly equipped server. Here’s where the magic happens: you explicitly tell the backup service to use the SSM Agent for application-consistent backups, select AWS Systems Manager as the remote agent, and—important!—turn on VSS (Volume Shadow Copy Service) support.

Why all the fuss about application consistency? Because it means you’re not just taking a snapshot of the filesystem; you’re catching the database in a happy, stable state, right down to each transaction. No more crossed fingers, no more “hopes and prayers” recovery attempts.

VSS Tools: The Secret Sauce for SQL Server Smarts

To really unlock those sweet, application-aware backups, you’ll need the AWS VSS components installed on your server too. With Systems Manager, installation is a breeze—just run the AWS “configure AWS package” command, set the action to “install,” and specify AWSVSSComponents as your magic keyword. When it’s done, you can check your Program Files directory for the proof, complete with a digital signature to show it’s the real McCoy.

Let’s Get Backing Up: Seamless Snapshots in Action

Now the stage is set. Head back to your backup console, hit “run ASAP,” and keep one eye on the backup monitor while the other soaks in the run command output. The Systems Manager does its thing, executing N2W commands to kick off the VSS snapshot. Yes, this takes a few minutes—but what’s a little patience when it means sleeping soundly, knowing your SQL Server backup won’t let you down?

Once it’s done, you’ll see not just success notifications but—if you really want to geek out—proof in your event viewer that your MSSQL instance was captured in all its consistent glory.

So there you have it. With AWS SSM Agent, VSS support, and a sprinkle of N2W wisdom, your SQL Server backups are as resilient as your caffeine intake on a Monday.

N2W icon in white

Get the monthly TL;DR newsletter