security group for session manager
I have an EC2 instance in a private subnet, I connect to it using session manager via AWS console.
actually, the outbound rule of the security Group of the private EC2 instance is : All traffic / all/ 0.0.0.0/0
when I delete that rule I cannot anymore connect to the EC2 instance :
Your session has been terminated for the following reasons: ----------ERROR------- Setting up data channel with id xxxxxxxxx-04retceff7ddr5 failed: failed to create websocket for datachannel with error: CreateDataChannel failed with no output or error: createDataChannel request failed: failed to make http client call: Post "https://ssmmessages.region1.amazonaws.com/v1/data-channel/xxxxxxxxx-04fgffgffdgefbdder": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
what is the right outbound SG rule that allows me to connect to my instance via AWS console session manager knowing that I don't have a VPC interface for SSM?
(Recommended) Create a VPC endpoint in Amazon Virtual Private Cloud (Amazon VPC) to use with Systems Manager.
If you don't use a VPC endpoint, configure your managed instances to allow HTTPS (port 443) outbound traffic to the Systems Manager endpoints. For information, see (Optional) Create a Virtual Private Cloud endpoint.
so I need to white list SSM endpoints with IPs in AWS public services JSON file? wich IP address I need to put as destination on the outbound SG rule
This instance type is not supported for the EC2 serial consoleasked a year ago
AWS SSO Access for Linux?asked 3 months ago
security group for session managerasked 2 months ago
What protocol and port # does SSM agent run on?asked 4 years ago
Session Manager for EC2 without internet accessAccepted Answerasked a year ago
Connect to RDS using SSMAccepted Answerasked 2 years ago
Can't connect to RDS database from remoteasked 3 months ago
What is the difference between EC2 Instance Connect and Session Manager SSH connections?Accepted Answerasked 3 years ago
Unable to use Session Manager on EC2 instances in a private subnet with SSM VPC endpointAccepted Answerasked 3 years ago
Rotation lambda timing out but using Secrets Manager VPC Endpointasked 2 years ago