By using AWS re:Post, you agree to the Terms of Use

Session Manager to connect ec2 instance cannot be enabled

0

I met a weird problem, I use a same AMI to launch a ec2 linux instance. If I launch the instance from aws console, and use the default vpc and subnet. this instance can be access through "Session Manager Connect". The Session Manager "Connect" button is enabled. If I launch a instance through a cloudformation, and the instance is in a created vpc and subnet. This instance's role already have AmazonSSMManagedInstanceCore policy. But this instance cannot be accessed through "Session Manager Connect". The Session Manager "Connect" button is disabled. The security group is as below: Enter image description here

I ssh to above two instances, check the ssm-agent status. Both instances ssm-agent status is Active: active (running) since xxxxxxxxxxxx

I don't know what's the reason? Could you help me? What should I check or configure?

2 Answers
0

I suspect that the new instance is being launched in a private subnet and therefore the SSM agent on the instance can not reach the SSM service endpoint. You can solve this by using a VPC Endpoint. See: Creating VPC endpoints for Systems Manager.

If the instance is being deployed into a public subnet (the route table attached to the subnet has a route to an internet gateway), check that the instance has a public IP address. Also, if you are using NACLs, make sure the inbound/outbound rules allow this traffic.

profile picture
EXPERT
answered a month ago
0

Got the reason, I set the PermissionsBoundary which did not contain ssmmessages and ec2messages permission. This make session manager not working.

Add following:

          - Effect: Allow
            Action:
              - 'ssm:*'
            Resource: '*'
          - Effect: Allow
            Action:
              - 'ssmmessages:*'
            Resource: '*'
          - Effect: Allow
            Action:
              - 'ec2messages:*'
            Resource: '*'
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions