How do I resolve the "RequestError: send request failed caused by: Post https://ssm.RegionID.amazonaws.com/: dial tcp IP:443: i/o timeout" SSM Agent log error?

2 minuti di lettura
0

I'm trying to register my Amazon Elastic Compute Cloud (Amazon EC2) instance as a managed instance with AWS Systems Manager. However, the instance fails to register and I receive a TCP timeout error message.

Short description

The TCP timeout error indicates that one of the following issues is preventing the instance from registering:

  • The instance is in a private subnet and uses the Systems Manager virtual private cloud (VPC) endpoint and a custom DNS server.
  • The instance is in a private subnet and doesn't have access to the internet or to the Systems Manager endpoints.
  • The instance is in a public subnet. The VPC security groups and network access control lists (network ACLs) aren't configured to allow outbound connections to the Systems Manager endpoints on port 443.
  • The instance is behind a proxy, but SSM Agent isn't configured to communicate through an HTTP proxy and can't connect to the instance metadata server.

You can view the TCP timeout error in the SSM Agent log on your instance located at the following paths:

Linux and macOS

/var/log/amazon/ssm/amazon-ssm-agent.log

/var/log/amazon/ssm/errors.log

Windows

%PROGRAMDATA%\Amazon\SSM\Logs\amazon-ssm-agent.log

%PROGRAMDATA%\Amazon\SSM\Logs\errors.log

Resolution

Instance in private subnet using Systems Manager endpoint and a custom DNS

VPC endpoints only support Amazon-provided DNS through Amazon Route 53. To use your own DNS server, try one of the following:

Instance can't connect to the Systems Manager endpoints

-or-

VPC security groups and network ACL aren't configured to allow outbound connections on port 443

-or-

The instance is behind a proxy and can't connect to the instance metadata service

For troubleshooting steps, see Why is my EC2 instance not displaying as a managed node or showing a "Connection lost" status in Systems Manager?


Related information

Create VPC endpoints

AWS UFFICIALE
AWS UFFICIALEAggiornata 3 anni fa