error while connecting to EC2 via Session Manager

0

Hi team,

I have a bastion host in my private VPC, I used to connect to it via session manager (second tab => Session Manager => click Connect button)

now I have this error when I click on the Connect button :

Your session has been terminated for the following reasons:  ----------ERROR------- Encountered error while initiating handshake. Fetching data key failed:
 
Unable to retrieve data key, Error when decrypting data key AccessDeniedException: The ciphertext refers to a customer master key that does not exist, 

does not exist in this region, or you are not allowed to access. status code: 400, request id:xxxxxxxxxx

Not sure what happened to not being able to connect to the EC2 instance

this instance was created without key pair

I see my ec2 instance in the Fleet Manager on the running state

1 Risposta
0
Risposta accettata

Are the permissions to manipulate the KMS key set for EC2?
Make sure that the EC2 IAM role has an IAM policy that allows "kms:Decrypt".
Make sure that the IAM role is set to "AmazonSSMMManagedInstanceCore".
Also, if you are using a private subnet, check to see if there is a pathway to communicate with the KMS endpoints.
Is there a route set up, for example, a NAT Gateway?
If you do not use a NAT Gateway, you can also set up a VPC endpoint for communication to KMS.
https://repost.aws/knowledge-center/ssm-session-manager-failures

You probably have KMS encryption enabled in SSM in your environment.
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-preferences-enable-encryption.html

profile picture
ESPERTO
con risposta un anno fa
profile picture
ESPERTO
verificato un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande