1 Answer
- Newest
- Most votes
- Most comments
0
"AccessDeniedException" exception with respect to SSM service generally relates to SSM agent on able to fully perform its tasks using the Ec2 instance profile role. This can originate from multiple causes:
- Firstly check during the issue, is SSMAgent is up and running.
- If the EC2 instance profile role has 'AmazonSSMMManagedInstanceCore' policy attached to it.
- Check if any timeout messages are showing up in SSMAgent logs.
- You can also confirm if the instance is actually getting managed by SSM or not using this command: $ aws ssm describe-instance-associations-status --instance-id <INSTANCE_ID>
- Try to restart the SSM agent as well: $ sudo systemctl stop amazon-ssm-agent $ sudo systemctl disable amazon-ssm-agent
As a last measure, if there are no tasks running on the instance, try the below steps:
- Detach the IAM role associated to the instance.
- Wait-for a minute and re-attach the IAM role back to the instance.
- Restart the SSM agent on both the instances and check if they are showing as managed instance in SSM Fleet Manager.
If nothing helps, please contact AWS Support for Systems Manager service.
Relevant content
- asked 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a month ago