How do I troubleshoot connection issues with Amazon EC2 Instance Connect on my EC2 Linux instance?

2 minute read

I want to use the AWSSupport-TroubleshootEC2InstanceConnect runbook to troubleshoot issues with Amazon Elastic Compute Cloud (Amazon EC2) Instance Connect on my EC2 Linux instance.

Short description

Use the AWSSupport-TroubleshootEC2InstanceConnect AWS Systems Manager automation runbook to find the issues that cause connection failures with Amazon EC2 Instance Connect. The runbook detects unsupported Amazon Machine Images (AMIs), missing operating system package installations and configurations, missing AWS Identity and Access Management (IAM) permissions, network misconfigurations, and more.

Before you start the AWSSupport-TroubleshootEC2InstanceConnect runbook, make sure that your IAM user or role has the required permissions. For more information, see the Required IAM permissions section of AWSSupport-TroubleshootEC2InstanceConnect.


To launch the runbook, complete the following steps:

  1. In the Systems Manager console, open the AWSSupport-TroubleshootEC2InstanceConnect document.
  2. Choose Execute automation.
    Note: For more information about the runbook's steps, see the Document Steps section of AWSSupport-TroubleshootEC2InstanceConnect.
  3. Enter the following values for the input parameters:
    InstanceId (required): The ID of the target instance that you can't connect to with EC2 Instance Connect.
    AutomationAssumeRole (optional): The ARN of the IAM role that allows Systems Manager Automation to perform the actions on your behalf. If no role is specified, then Systems Manager Automation uses the permissions of the user that starts the runbook.
    Username (required): The username that's used to connect to the instance with EC2 Instance Connect. This parameter is used to evaluate whether IAM access is granted for this user.
    EC2InstanceConnectRoleOrUser (required): The ARN of the IAM identity that's used for EC2 Instance Connect to push keys to the instance.
    SSHPort (optional): The SSH port that's configured on the instance. The default value is 22, and the port number must be between 1–65535.
    SourceNetworkType (optional): The network access method that you use to connect to the instance.
    SourceIpCIDR (optional): The Classless Inter-Domain Routing (CIDR) range that includes the IP address of the device you use to connect to EC2 Instance Connect. If you keep this field empty, then the runbook doesn't evaluate whether the instance's security group and network access control list (ACL) rules allow Secure Shell (SSH) traffic. The runbook displays SSH rules instead.
  4. Choose Execute.
  5. Review the detailed results in the Outputs section.

Related information

AWS Support Automation Workflows (SAW)

Setting up Automation

Running automations

AWS OFFICIALUpdated 2 months ago
1 Comment

Searching for the document or automation "AWSSupport-TroubleshootEC2InstanceConnect" in Systems Manager console results in the following error:

An error occurred fetching data: Your query term "AWSSupport-TroubleshootEC2InstanceConnect has a length greater than the maximum allowed size for free text search queries (the maximum size is 40 ).

This likely results in less people using such automation. The character limit should be increased for document searches especially if the document names are longer (or equal) to than said limit.

profile pictureAWS
replied 8 days ago