Session Manager to connect ec2 instance cannot be enabled

0

I met a weird problem, I use a same AMI to launch a ec2 linux instance. If I launch the instance from aws console, and use the default vpc and subnet. this instance can be access through "Session Manager Connect". The Session Manager "Connect" button is enabled. If I launch a instance through a cloudformation, and the instance is in a created vpc and subnet. This instance's role already have AmazonSSMManagedInstanceCore policy. But this instance cannot be accessed through "Session Manager Connect". The Session Manager "Connect" button is disabled. The security group is as below: Enter image description here

I ssh to above two instances, check the ssm-agent status. Both instances ssm-agent status is Active: active (running) since xxxxxxxxxxxx

I don't know what's the reason? Could you help me? What should I check or configure?

AWS
질문됨 2년 전3232회 조회
2개 답변
0

I suspect that the new instance is being launched in a private subnet and therefore the SSM agent on the instance can not reach the SSM service endpoint. You can solve this by using a VPC Endpoint. See: Creating VPC endpoints for Systems Manager.

If the instance is being deployed into a public subnet (the route table attached to the subnet has a route to an internet gateway), check that the instance has a public IP address. Also, if you are using NACLs, make sure the inbound/outbound rules allow this traffic.

profile pictureAWS
전문가
kentrad
답변함 2년 전
0

Got the reason, I set the PermissionsBoundary which did not contain ssmmessages and ec2messages permission. This make session manager not working.

Add following:

          - Effect: Allow
            Action:
              - 'ssm:*'
            Resource: '*'
          - Effect: Allow
            Action:
              - 'ssmmessages:*'
            Resource: '*'
          - Effect: Allow
            Action:
              - 'ec2messages:*'
            Resource: '*'
AWS
답변함 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠