In SSM Patch Manager, under Compliance Reporting, our Amazon Linux 2 EC2 instances appear but in the 'Compliance status' column say 'Never reported'. The instances appear in Fleet Manager with 'SSM Agent ping status' of 'Online', and I can connect to the instances remotely using SSM start-session
.
I've checked all the troubleshooting steps in the docs at Troubleshooting SSM Agent, this article about SSM logs and Troubleshooting Patch Manager, and everything appears to be set up properly (the instance role has the right permissions, the named servers are reachable, and the instances can reach public S3 buckets via the internet, we're not using a VPC endpoint).
I've also tried restarting the SSM Agent.
In the SSM Agent logs on the instance, I'm seeing:
2022-10-25 00:36:48 INFO [ssm-agent-worker] [StartupProcessor] Write to serial port: Amazon SSM Agent v3.1.1732.0 is running
...
2022-10-25 01:15:00 INFO [ssm-agent-worker] [HealthCheck] HealthCheck reporting agent health.
2022-10-25 01:16:48 INFO [ssm-agent-worker] [MessageService] [MessageHandler] started idempotency deletion thread
2022-10-25 01:16:48 WARN [ssm-agent-worker] [MessageService] [MessageHandler] [Idempotency] encountered error open /var/lib/amazon/ssm/i-XXXXXXXXXXXXXXXXX/idempotency: no such file or directory while listing directories in /var/lib/amazon/ssm/i-XXXXXXXXXXXXXXXXX/idempotency
2022-10-25 01:16:48 INFO [ssm-agent-worker] [MessageService] [MessageHandler] ended idempotency deletion thread
2022-10-25 01:16:50 INFO [ssm-agent-worker] [MessageService] [MGSInteractor] send failed reply thread started
2022-10-25 01:16:50 INFO [ssm-agent-worker] [MessageService] [MGSInteractor] send failed reply thread done
2022-10-25 01:17:05 INFO [ssm-agent-worker] [MessageService] [Association] Schedule manager refreshed with 0 associations, 0 new associations associated
2022-10-25 01:20:00 INFO [ssm-agent-worker] [HealthCheck] HealthCheck reporting agent health.
Any clues why the instances aren't reporting their compliance status to Patch Manager?
What additional steps can I use to troubleshoot this?