Session Manager to connect ec2 instance cannot be enabled

0

I met a weird problem, I use a same AMI to launch a ec2 linux instance. If I launch the instance from aws console, and use the default vpc and subnet. this instance can be access through "Session Manager Connect". The Session Manager "Connect" button is enabled. If I launch a instance through a cloudformation, and the instance is in a created vpc and subnet. This instance's role already have AmazonSSMManagedInstanceCore policy. But this instance cannot be accessed through "Session Manager Connect". The Session Manager "Connect" button is disabled. The security group is as below: Enter image description here

I ssh to above two instances, check the ssm-agent status. Both instances ssm-agent status is Active: active (running) since xxxxxxxxxxxx

I don't know what's the reason? Could you help me? What should I check or configure?

AWS
質問済み 2年前3262ビュー
2回答
0

I suspect that the new instance is being launched in a private subnet and therefore the SSM agent on the instance can not reach the SSM service endpoint. You can solve this by using a VPC Endpoint. See: Creating VPC endpoints for Systems Manager.

If the instance is being deployed into a public subnet (the route table attached to the subnet has a route to an internet gateway), check that the instance has a public IP address. Also, if you are using NACLs, make sure the inbound/outbound rules allow this traffic.

profile pictureAWS
エキスパート
kentrad
回答済み 2年前
0

Got the reason, I set the PermissionsBoundary which did not contain ssmmessages and ec2messages permission. This make session manager not working.

Add following:

          - Effect: Allow
            Action:
              - 'ssm:*'
            Resource: '*'
          - Effect: Allow
            Action:
              - 'ssmmessages:*'
            Resource: '*'
          - Effect: Allow
            Action:
              - 'ec2messages:*'
            Resource: '*'
AWS
回答済み 2年前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ