Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

I want to enable Amazon Guard Duty on my EC2 but GaurdDuty says "No Agent Reporting : Waiting for SSM notification"

0

I want to enable virus scanning on my linux ec2 as I am running a project there but I am not able to setup GuardDuty on my amazon ec2. When I go to GuardDuty dashboard it says "No Agent Reporting : Waiting for SSM notification" in ec2 section. I am not able to understand the error message. I want to setup guard duty on my EC2. Please tell me a way to setup

Topics
ComputeSecurity, Identity, & Compliance
Tags
LinuxAmazon EC2Amazon GuardDuty
Language
English
asked a year ago304 views
2 Answers
1

Hello.

To use GuardDuty with EC2, you need to register EC2 with Systems Manager.
https://docs.aws.amazon.com/guardduty/latest/ug/gdu-assess-coverage-ec2.html#ec2-runtime-monitoring-coverage-issues-troubleshoot

Receiving the SSM notification may take a few minutes.

Make sure that the Amazon EC2 instance is SSM managed. For more information, see the steps under Method 1 - By using AWS Systems Manager in Installing the security agent manually.

You will also need to install the GuardDuty agent using the steps in the documentation below.
https://docs.aws.amazon.com/guardduty/latest/ug/managing-gdu-agent-ec2-manually.html

Therefore, first, please configure the settings according to the steps in the document below so that you can register EC2 as a managed instance of Systems Manager.
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-setting-up-ec2.html

EXPERT
answered a year ago
EXPERT
reviewed a year ago
0

Hello,

If possible, is there a way to upload any screenshots regarding the issue as well as any logs?

I believe this should help you:

Unable to connect to SSM endpoints

SSM Agent must allow HTTPS (port 443) outbound traffic to the following endpoints: ssm.region.amazonaws.com ssmmessages.region.amazonaws.com

region represents the identifier for an AWS Region supported by AWS Systems Manager, such as us-east-2 for the US East (Ohio) Region. For a list of supported region values, see the Region column in Systems Manager service endpoints in the Amazon Web Services General Reference.

Note Prior to 2024, ec2messages.region.amazonaws.com was also required. For AWS Regions launched before 2024, allowing traffic to ssmmessages.region.amazonaws.com is still required but optional to ec2messages.region.amazonaws.com.

For Regions launched in 2024 and later, allowing traffic to ssmmessages.region.amazonaws.com is required, but ec2messages.region.amazonaws.com endpoints are not supported for these Regions.

SSM Agent won't work if it can't communicate with the preceding endpoints, as described, even if you use AWS provided Amazon Machine Images (AMIs) such as Amazon Linux 2 or Amazon Linux 2023. Your network configuration must have open internet access or you must have custom virtual private cloud (VPC) endpoints configured. If you don't plan on creating a custom VPC endpoint, check your internet gateways or NAT gateways. For more information about how to manage VPC endpoints, see Improve the security of EC2 instances by using VPC endpoints for Systems Manager.

Source: https://docs.aws.amazon.com/systems-manager/latest/userguide/troubleshooting-ssm-agent.html

Troubleshoot issues using SSM Agent log files

Source: https://docs.aws.amazon.com/systems-manager/latest/userguide/troubleshooting-ssm-agent.html#systems-manager-ssm-agent-log-files

Allowing SSM Agent debug logging

Source: https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-logs.html#ssm-agent-debug-log-files

Viewing SSM Agent logs

Enter image description here Source: https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-agent-logs.html

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content