1 Answers
0
It turns out that adding the forwarder as described in the link above worked. The part I was missing was joedaws comment, "I would also remove the existing 169.254.169.253 entry so that only the 10.201.0.2 ip address is in the list".
Of course, my IPs are different, but once I removed the preexisting forward so that my x.x.x.2 IP was the only one in the list (I did this for both of the AD DNS servers) the instance was discoverable by SSM.
So, I would make a minor change to the list that saugy wrote:
- On a domain joined windows instance, log in with AD domain Admin user
- Open DNS manager
- Connect to one of the DNS IP addresses for the AWS AD
- Select forwarders
- Add VPCs DNS IP
- Remove the existing IP (so you VPCs IP is the only one)
- Click Apply
- Repeat from step 3 with the other DNS IP address for the AWS AD
Also, as mentioned in the other post. This only has to be done once and the settings persist in the AD DNS.
answered 2 years ago
Relevant questions
How do I join a MS AD domain and still use SSM in a Private Subnet?
asked 2 years agosts get-caller-identity doesn't work on Cloud9 instance deployed in Private Subnet
Accepted Answerasked 8 months agoUnable to use Session Manager on EC2 instances in a private subnet with SSM VPC endpoint
Accepted Answerasked 3 years agoHow can Ec2 Instance in private subnet access internet via vpc endpoint?
Accepted Answerasked 2 months agoDoes Image Builder support build and test an image in a private VPC subnet without internet access?
Accepted Answerasked 5 months agoPlacing a Bastion in a Private Isolated Subnet
asked 6 months agoVPC - Public/Private Subnets - Unable to access from internet
asked 3 years agoEC2 instance in private subnet shows IPv4 address of NAT instance
asked 3 years agoConnect Lightsail instance to AWS instance in a private subnet
asked 4 months agoEasiest / Best way to setup private VPC
Accepted Answerasked 2 years ago