security group for session manager
Hi All,
I have an EC2 instance in a private subnet, I connect to it using session manager via AWS console.
actually, the outbound rule of the security Group of the private EC2 instance is : All traffic / all/ 0.0.0.0/0
when I delete that rule I cannot anymore connect to the EC2 instance :
Your session has been terminated for the following reasons:
----------ERROR------- Setting up data channel with id xxxxxxxxx-04retceff7ddr5 failed:
failed to create websocket for datachannel with error: CreateDataChannel failed with no output or error: createDataChannel request failed:
failed to make http client call: Post "https://ssmmessages.region1.amazonaws.com/v1/data-channel/xxxxxxxxx-04fgffgffdgefbdder":
context deadline exceeded (Client.Timeout exceeded while awaiting headers)
what is the right outbound SG rule that allows me to connect to my instance via AWS console session manager knowing that I don't have a VPC interface for SSM?
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-prereqs.html
(Recommended) Create a VPC endpoint in Amazon Virtual Private Cloud (Amazon VPC) to use with Systems Manager.
If you don't use a VPC endpoint, configure your managed instances to allow HTTPS (port 443) outbound traffic to the Systems Manager endpoints. For information, see (Optional) Create a Virtual Private Cloud endpoint.
Relevant questions
This instance type is not supported for the EC2 serial console
asked a year agoAWS SSO Access for Linux?
asked 3 months agosecurity group for session manager
asked 2 months agoWhat protocol and port # does SSM agent run on?
asked 4 years agoSession Manager for EC2 without internet access
Accepted Answerasked a year agoConnect to RDS using SSM
Accepted Answerasked 2 years agoCan't connect to RDS database from remote
asked 3 months agoWhat is the difference between EC2 Instance Connect and Session Manager SSH connections?
Accepted Answerasked 3 years agoUnable to use Session Manager on EC2 instances in a private subnet with SSM VPC endpoint
Accepted Answerasked 3 years agoRotation lambda timing out but using Secrets Manager VPC Endpoint
asked 2 years ago
so I need to white list SSM endpoints with IPs in AWS public services JSON file? wich IP address I need to put as destination on the outbound SG rule