I have some EC2 linux instances with Amazon Linux 2 and SSM agent (ie amazon-ssm-agent-3.1.1575.0-1 ) running on them. I've modified the Roles for the instances and added the AmazonSSMManagedInstanceCore policy. In the past the inspector has worked in the past and I have some scan data, but now the instances are showing up as "Unmanaged EC2 instance". So per the suggestion I ran AWSSupport-TroubleshootManagedInstance, and everything passes with flying colors if I leave out the Role to assume. If I try to set the Role to be the same as the Role used by the instance then things fails. However, it's unclear what the Role should be as most of the permissions it's failing on seem to be the caller of SSM agent would need and not the agent itself. I'm stuck as to why this suddenly not working. So why's it not working?
ssm logs:
2022-09-11 03:23:14 ERROR [UpdateAssociationStatus @ service.go.367] [ssm-agent-worker] [MessageService] [Association] unable to update association status, RequestError: send request failed
caused by: Post "https://ssm.us-east-1.amazonaws.com/": dial tcp 172.x.x.x:443: i/o timeout
2022-09-11 03:23:14 ERROR [HandleAwsError @ awserr.go.49] [ssm-agent-worker] [MessageService] [Association] error when calling AWS APIs. error details - RequestError: send request failed
caused by: Post "https://ssm.us-east-1.amazonaws.com/": dial tcp 172.x.x.x:443: i/o timeout
2022-09-11 03:23:41 ERROR [HandleAwsError @ awserr.go.49] [ssm-agent-worker] [MessageService] [Association] error when calling AWS APIs. error details - RequestError: send request failed
caused by: Post "https://ssm.us-east-1.amazonaws.com/": dial tcp 172.x.x.x:443: i/o timeout
2022-09-11 03:24:30 ERROR [replaceLogger @ ssmlog.go.153] New logger creation failed
2022-09-11 03:24:30 ERROR [replaceLogger @ ssmlog.go.154] xml has no content
AWS 공식업데이트됨 일 년 전
