Remote access to GameLift Fleet instance that uses SDK5 with SSM returns error

0

First I get the instance id of the fleet :

aws gamelift --profile <my_profile> get-compute-access \
--fleet-id <fleet_id> \
--compute-name <instance_id>

get the key info and session token :

export AWS_ACCESS_KEY_ID=<AccessKeyId>
export AWS_SECRET_ACCESS_KEY=<SecretAccessKey>
export AWS_SESSION_TOKEN=<SessionToken>

then try to connect with ssm : aws ssm start-session --target <instance_id> --profile <my_profile>

Then I get this error :

An error occurred (TargetNotConnected) when calling the StartSession operation: <instance_id> is not connected.

demandé il y a un an573 vues
2 réponses
1

It seems the problem was that this does not work :

aws ssm start-session --profile <my_profile> --target <instance_id>

but this does :

aws ssm start-session --target <instance_id>

répondu il y a un an
0

It seems that the issue is related to the connectivity of the GameLift Fleet instance. Here are a few things that you can check:

  1. Make sure that the instance is in a running state and is able to communicate with the AWS SSM service. You can check the instance status in the GameLift console or by running the following command:
aws gamelift --profile <my_profile> describe-instances --fleet-id <fleet_id> --instance-ids <instance_id>
  1. Verify that the instance has the AWS SSM agent installed and running. You can check the agent status by connecting to the instance using SSH and running the following command:
sudo systemctl status amazon-ssm-agent

If the agent is not running, you can start it using the following command:

sudo systemctl start amazon-ssm-agent
  1. Check if the instance is configured to allow SSM sessions. You can verify this by checking the instance profile associated with the instance. Make sure that the instance profile has the required permissions to start an SSM session. You can check the instance profile by running the following command:
aws gamelift --profile <my_profile> describe-instance-attributes --fleet-id <fleet_id> --attribute-names instanceAccess

The output should show the instance profile name and the SSM role ARN associated with the instance.

If you still encounter issues, you may want to check the GameLift and SSM logs for any errors or warnings that could indicate the source of the problem.

hash
répondu il y a un an
  • Thank you for your answer. How may I SSH into the instance to check the SSM agent ? It seems I cannot. When I try the old way (get-instance-access) I get this error :

    An error occurred (InvalidRequestException) when calling the GetInstanceAccess operation: This API does not support fleets using builds integrated with GameLift Server SDK 5 and above. Use the GetComputeAccess operation to access this fleet resource.

    The command describe-instance-attributes does not seem to exist, I can only find describe-fleet-attributes

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions