Remote access to GameLift Fleet instance that uses SDK5 with SSM returns error

0

First I get the instance id of the fleet :

aws gamelift --profile <my_profile> get-compute-access \
--fleet-id <fleet_id> \
--compute-name <instance_id>

get the key info and session token :

export AWS_ACCESS_KEY_ID=<AccessKeyId>
export AWS_SECRET_ACCESS_KEY=<SecretAccessKey>
export AWS_SESSION_TOKEN=<SessionToken>

then try to connect with ssm : aws ssm start-session --target <instance_id> --profile <my_profile>

Then I get this error :

An error occurred (TargetNotConnected) when calling the StartSession operation: <instance_id> is not connected.

posta un anno fa570 visualizzazioni
2 Risposte
1

It seems the problem was that this does not work :

aws ssm start-session --profile <my_profile> --target <instance_id>

but this does :

aws ssm start-session --target <instance_id>

con risposta un anno fa
0

It seems that the issue is related to the connectivity of the GameLift Fleet instance. Here are a few things that you can check:

  1. Make sure that the instance is in a running state and is able to communicate with the AWS SSM service. You can check the instance status in the GameLift console or by running the following command:
aws gamelift --profile <my_profile> describe-instances --fleet-id <fleet_id> --instance-ids <instance_id>
  1. Verify that the instance has the AWS SSM agent installed and running. You can check the agent status by connecting to the instance using SSH and running the following command:
sudo systemctl status amazon-ssm-agent

If the agent is not running, you can start it using the following command:

sudo systemctl start amazon-ssm-agent
  1. Check if the instance is configured to allow SSM sessions. You can verify this by checking the instance profile associated with the instance. Make sure that the instance profile has the required permissions to start an SSM session. You can check the instance profile by running the following command:
aws gamelift --profile <my_profile> describe-instance-attributes --fleet-id <fleet_id> --attribute-names instanceAccess

The output should show the instance profile name and the SSM role ARN associated with the instance.

If you still encounter issues, you may want to check the GameLift and SSM logs for any errors or warnings that could indicate the source of the problem.

hash
con risposta un anno fa
  • Thank you for your answer. How may I SSH into the instance to check the SSM agent ? It seems I cannot. When I try the old way (get-instance-access) I get this error :

    An error occurred (InvalidRequestException) when calling the GetInstanceAccess operation: This API does not support fleets using builds integrated with GameLift Server SDK 5 and above. Use the GetComputeAccess operation to access this fleet resource.

    The command describe-instance-attributes does not seem to exist, I can only find describe-fleet-attributes

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande