- 최신
- 최다 투표
- 가장 많은 댓글
Hello Sayali,
the first thing to check is the reachability of EC2 metadata. You can verify that by running the following command:
Invoke-RestMethod -uri http://169.254.169.254/latest/meta-data/
If it is unavailable and you are using a custom AMI, these links should help you get the metadata service working again:
https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2launch.html#ec2launch-config https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/Creating_EBSbacked_WinAMI.html#update-metadata-KMS
Second guess, maybe there is a corrupt EC2Launch installation and missing routes for it to communicate with the AWS backbone (which brings us to the commands you suggested).
First you need to update EC2Launch:
mkdir $env:USERPROFILE\Desktop\EC2Launch
$Url = "https://s3.amazonaws.com/ec2-downloads-windows/EC2Launch/latest/EC2-Windows-Launch.zip"
$DownloadZipFile = "$env:USERPROFILE\Desktop\EC2Launch\" + $(Split-Path -Path $Url -Leaf)
Invoke-WebRequest -Uri $Url -OutFile $DownloadZipFile
$Url = "https://s3.amazonaws.com/ec2-downloads-windows/EC2Launch/latest/install.ps1"
$DownloadZipFile = "$env:USERPROFILE\Desktop\EC2Launch\" + $(Split-Path -Path $Url -Leaf)
Invoke-WebRequest -Uri $Url -OutFile $DownloadZipFile
& $env:USERPROFILE\Desktop\EC2Launch\install.ps1
Then, once EC2Launch has been updated, you need to add the default routes required.
Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"
Add-Routes
Now go back to services.msc
and perform a stop and start of the SSM Agent.
Hope it helps.
Hello,
Since this is production server. I would advise just uninstalling the SSM agent and reinstalling it.(I advise you store the CloudWatch config file in SSM Parameter store as central repository.
If you dont want to do that run a CMD.exe of 'route print' and verify there are persistent routes for 169.254.169.254 (meta-data service) with a default gateway that matches the default gateway of your EC2 subnet and it should match the Gateway column which is listed in the top table under Active Routes. IF its not there you'll have to manually add it with cmd.exe route commands.
How old is the IAM Instance Profile that was created/attached to this EC2 instance? I ran into same issue before where in the old days you had to actually create an IAM instance profile instead of just creating the IAM role that is assumable by SSM. In other words, run the below AWS CLI command to actually verify that the IAM instance profile attached to the instance exists in the account: AWSCLI: aws iam list-instance-profiles AWS Tools for PowerShell: get-IAMInstanceProfileList
If its not listed you need to recreate the IAM role and attach to instance.
관련 콘텐츠
- AWS 공식업데이트됨 일 년 전