AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

AWS SSM can't ping to my ec2 instance

0

i have 2 ec2 instance, and one of them can't remote using ssm fleet manager. i tried to reinstall the agent but it's still doesn't work. Default Host Management Configuration is already configured with the AWSSystems ManagerDefaultEC2instanceManagementRole (recommended).

here's the logs that i've gathered from the ssm

2023-11-26 20:15:58 INFO [ssm-agent-worker] [MessageService] [MDSInteractor] increasing error count by 1
2023-11-26 20:16:01 ERROR EC2RoleProvider unable to load shared credentials. Err: shared credentials are already expired, they were retrieved at 2023-11-24T19:34:38Z and expired at 2023-11-24T20:29:38Z
2023-11-26 20:16:01 ERROR [ssm-agent-worker] [MessageService] [MDSInteractor] error when calling AWS APIs. error details - GetMessages Error: unable to load shared credentials. Err: shared credentials are already expired, they were retrieved at 2023-11-24T19:34:38Z and expired at 2023-11-24T20:29:38Z
2023-11-26 20:16:01 INFO [ssm-agent-worker] [MessageService] [MDSInteractor] increasing error count by 1
2023-11-26 20:16:03 ERROR EC2RoleProvider unable to load shared credentials. Err: shared credentials are already expired, they were retrieved at 2023-11-24T19:34:38Z and expired at 2023-11-24T20:29:38Z

any idea to fix this issue?

주제
컴퓨팅관리 및 거버넌스
태그
아마존 EC2AWS 시스템 관리자
언어
English
seargex
질문됨 5달 전258회 조회
2개 답변
4

Hi seargex,

The problem you are currently experiencing seems to be caused by the expiration of the IAM Role attached to EC2.

This problem will be resolved if you modify IAM Role which is attached to the instance.

  • Modify IAM Role: EC2 > Choose EC2 Instance to modify > [Actions] > [Security] > "Modify IAM role"

You can refer to the document below for the required permissions:

[+] Create an IAM Policy with Fleet Manager permissions (AWS Documentation)

Please refer to the case in Stack Overflow which includes an answer from AWS Support Team for S3 about a similar situation: [+] stack-overflow aws credentials refreshed but still expired

FYI. You can also check the expiration of the credentials with the command below:

TOKEN=`curl -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 21600"` && curl -H "X-aws-ec2-metadata-token: $TOKEN" -v http://169.254.169.254/latest/meta-data/iam/security-credentials/<YOUR+EC2+IAM+ROLE>]

[+] Retrieve security credentials from instance metadata

If I have missed anything or answered wrong, please feel free to ask me again. Also you have any questions, comment please!

profile picture
Seongju_L
답변함 5달 전
0
수락된 답변

turns out there's a problem with the local time on the OS instances, i have to use Amazon Time Sync Service to sync up the time with it and it solves the problem.

seargex
답변함 5달 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠