For the most recent update on ongoing service disruptions affecting the AWS Middle East (UAE) Region (ME-CENTRAL-1), refer to the AWS Health Dashboard. For information on AWS Service migration, see How do I migrate my services to another region?
How do I resolve the "RequestError: send request failed caused by:" SSM Agent log error?
I want to resolve a "RequestError: send request failed caused by: Post https://ssm.RegionID.amazonaws.com/: dial tcp IP:443: i/o timeout" error message that I find in my AWS Systems Manager Agent (SSM Agent) logs.
Short description
"RequestError: send request failed caused by:" errors indicate that Systems Manager didn’t register your Amazon Elastic Compute Cloud (Amazon EC2) instance as a managed instance.
The following issues can cause your instance not to register:
- AWS Systems Manager uses an interface VPC endpoint in Amazon Virtual Private Cloud (Amazon VPC) and the instance uses a custom DNS server in a private subnet.
- The instance is in a private subnet and doesn't have access to the Systems Manager endpoints or the internet.
- Your instance is in a public subnet that doesn't allow outbound connections to Systems Manager endpoints on port 443.
- SSM Agent can't connect to the metadata server for your instance that's behind an HTTP proxy.
Resolution
Use the following location paths to verify that one of your logs contains the error message:
- For Linux and macOS:
/var/log/amazon/ssm/amazon-ssm-agent.log
/var/log/amazon/ssm/errors.log - For Windows:
%PROGRAMDATA%\Amazon\SSM\Logs\amazon-ssm-agent.log
%PROGRAMDATA%\Amazon\SSM\Logs\errors.log
If one of your logs contains the error, then complete the following resolution steps.
Troubleshoot instances in private subnets that use Systems Manager VPC endpoints and a custom DNS server
VPC endpoints support only the Amazon DNS server that uses Amazon Route 53 Resolver. Use Route 53 Resolver to resolve DNS queries between the VPC and your network.
To forward a query for the amazonaws.com domain to the default VPC DNS resolver, use the conditional forwarder in your custom DNS server.
Troubleshoot instances in a public subnet that can't connect to the Systems Manager endpoints or the internet
Use the AWSSupport-TroubleshootManagedInstance runbook, the AWS Command Line Interface (AWS CLI), or manual troubleshooting steps to resolve connectivity issues for your instance. For instructions, see Why isn't Systems Manager showing my Amazon EC2 instance as a managed instance?
Troubleshoot instances in a public subnet that doesn't allow outbound connections on port 443
Configure your Amazon VPC security group rules and network access control lists (network ACLs) to allow outbound connections to Systems Manager endpoints on port 443.
Troubleshoot instances that use a proxy
Configure your SSM Agent to work with a proxy and set no_proxy for the metadata URL. For instructions, see the following AWS documentation:
- Configuring SSM Agent to use a proxy on Linux nodes
- Configure SSM Agent to use a proxy for Windows Server instances
Related information
- Topics
- Management & Governance
- Language
- English
Relevant content
- asked 3 years ago
- AWS OFFICIALUpdated 2 years ago
