It turns out that adding the forwarder as described in the link above worked. The part I was missing was joedaws comment, "I would also remove the existing 169.254.169.253 entry so that only the 10.201.0.2 ip address is in the list".
Of course, my IPs are different, but once I removed the preexisting forward so that my x.x.x.2 IP was the only one in the list (I did this for both of the AD DNS servers) the instance was discoverable by SSM.
So, I would make a minor change to the list that saugy wrote:
- On a domain joined windows instance, log in with AD domain Admin user
- Open DNS manager
- Connect to one of the DNS IP addresses for the AWS AD
- Select forwarders
- Add VPCs DNS IP
- Remove the existing IP (so you VPCs IP is the only one)
- Click Apply
- Repeat from step 3 with the other DNS IP address for the AWS AD
Also, as mentioned in the other post. This only has to be done once and the settings persist in the AD DNS.
How do I join a MS AD domain and still use SSM in a Private Subnet?asked 2 years ago
sts get-caller-identity doesn't work on Cloud9 instance deployed in Private SubnetAccepted Answerasked 8 months ago
Unable to use Session Manager on EC2 instances in a private subnet with SSM VPC endpointAccepted Answerasked 3 years ago
How can Ec2 Instance in private subnet access internet via vpc endpoint?Accepted Answerasked 2 months ago
Does Image Builder support build and test an image in a private VPC subnet without internet access?Accepted Answerasked 5 months ago
Placing a Bastion in a Private Isolated Subnetasked 6 months ago
VPC - Public/Private Subnets - Unable to access from internetasked 3 years ago
EC2 instance in private subnet shows IPv4 address of NAT instanceasked 3 years ago
Connect Lightsail instance to AWS instance in a private subnetasked 4 months ago
Easiest / Best way to setup private VPCAccepted Answerasked 2 years ago