SSM Ping status Connection lost

Question

hi, i spunned up 2 instances and also deployed ssm agents on it at the same time. it all run fine until one day one of the ssm instances have lost connection. the instance still works fine but somehow the agent refused to connect. tried to give the instance AmazonSSMManagedInstanceCore and restart the agent, but it's still doesn't work. both of the instance use ssm agent 3.2.1705.0. i tried to hit aws ssm endpoint and it shows no error nor time out.

any idea to fix this? thanks.

Answer

In order for instances to get managed by Systems Manager (SSM), there are few prerequisites which needs to be met:
1. SSM Agent is installed and running
2. Connectivity to SSM endpoints over port 443
3. Connectivity to IMDS (instance metadata)
4. IAM role attached with sufficient permissions

If the two instances went into "ConnectionLost" state (1), then I would suggest validating above prerequisites.

If all of the above prerequisites are met, then you can run "ssm-cli" diagnostic tool (2) and review the agent logs to identify the reason for "ConnectionLost" status.

**SSM-CLI Tool:-**

(-) Windows : & 'C:\Program Files\Amazon\SSM\ssm-cli.exe' get-diagnostics --output table

(-) Linux : ssm-cli get-diagnostics --output table

**SSM Agent logs:-**

(-) Windows : %PROGRAMDATA%\Amazon\SSM\Logs\

(-) Linux : /var/log/amazon/ssm/

------

#### References:-

(1) https://repost.aws/knowledge-center/systems-manager-ec2-instance-not-appear

(2) https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-cli.html

SSM Ping status Connection lost

References:-

Contenus pertinents