2 Answers
- Newest
- Most votes
- Most comments
0
I suspect that the new instance is being launched in a private subnet and therefore the SSM agent on the instance can not reach the SSM service endpoint. You can solve this by using a VPC Endpoint. See: Creating VPC endpoints for Systems Manager.
If the instance is being deployed into a public subnet (the route table attached to the subnet has a route to an internet gateway), check that the instance has a public IP address. Also, if you are using NACLs, make sure the inbound/outbound rules allow this traffic.
0
Got the reason, I set the PermissionsBoundary which did not contain ssmmessages and ec2messages permission. This make session manager not working.
Add following:
- Effect: Allow
Action:
- 'ssm:*'
Resource: '*'
- Effect: Allow
Action:
- 'ssmmessages:*'
Resource: '*'
- Effect: Allow
Action:
- 'ec2messages:*'
Resource: '*'
answered 2 years ago
Relevant content
- Accepted Answerasked 8 months ago
- Accepted Answerasked 5 years ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 6 months ago
- AWS OFFICIALUpdated 6 months ago