Connect to Ec2 instance bastion via Session Manager

0

I created a new EC2 instance from : Amazon Linux 2 AMI (HVM) - Kernel 5.10, SSD Volume Type - ami-0bae7412735610274 (64-bit x86) / ami-0bfc5012753c8c986 (64-bit Arm)

I assigned to it the right SSM role, but I can't connect to it via SSM :

We weren't able to connect to your instance. Common reasons for this include: ...

Amazon Linux 2 AMI (HVM) - Kernel 5.10 doesn't come with SSM agent installed?

preguntada hace 2 años869 visualizaciones
3 Respuestas
1

Is the instance in an subnet with Internet access? The SSMAgent needs to be able to reach the SSM APIs. If you look at the instance in SSM Fleet Manager, you should see the instance listed and its Node State as 'Running'. If you don't then likely the instance has no path to the Internet. The SSMAgent originates connectivity outbound.

If the VPC is not meant to be public, you can deploy a VPC Endpoint to the SSM API Endpoint in the subnet where the instance is deployed. See Step 6: (Optional) Create a Virtual Private Cloud endpoint (https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html)

AWS
Scott_K
respondido hace 2 años
profile picture
EXPERTO
revisado hace 2 meses
0

Is the agent running on your instance. Do you have the bootstrap script to start the agent during launch, possibly using EC2 userdata?

respondido hace 2 años
0

By default, SSM agent is installed on Amazon Linux Base Amazon Machine Images (AMIs) dated 2017.09 and later. SSM Agent is also installed by default on Amazon Linux 2 AMIs and Amazon Linux 2 ECS-Optimized Base AMIs. The latest Amazon EKS optimized AMIs install SSM Agent automatically.

AWS has a troubleshooting guide for the SSM agent but your mileage may vary if you don't have access to the OS through other means.

The two areas to focus on

  • verify what @Scott_K mentioned. Further details in the troubleshooting guide linked above.
  • verify that an EC2 instance profile is associated with the EC2 instance and that a policy like AmazonSSMManagedInstanceCore has been attached to the role. This policy allows an instance to use AWS Systems Manager service core functionality including permissions for communication between instances and the Systems Manager API.
RoB
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas