1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
Are the permissions to manipulate the KMS key set for EC2?
Make sure that the EC2 IAM role has an IAM policy that allows "kms:Decrypt".
Make sure that the IAM role is set to "AmazonSSMMManagedInstanceCore".
Also, if you are using a private subnet, check to see if there is a pathway to communicate with the KMS endpoints.
Is there a route set up, for example, a NAT Gateway?
If you do not use a NAT Gateway, you can also set up a VPC endpoint for communication to KMS.
https://repost.aws/knowledge-center/ssm-session-manager-failures
You probably have KMS encryption enabled in SSM in your environment.
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-preferences-enable-encryption.html
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata un mese fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 4 anni fa
Thank you for your answer, I added KMS permission and it works now, but not sure why now it requires KMS permission? working before without KMS permission
I believe someone may have enabled KMS encryption in Session Manager. If this is enabled, it will be necessary to attach a policy to the EC2 that allows KMS operations. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-preferences-enable-encryption.html