By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

SSM Agent is not online. The SSM Agent was unable to connect to a Systems Manager endpoint to register itself with the service.

0

Hi, all. My ssm agent keep ofline still after activating EC2(Redhat 9.0). Another EC2(amazon Linux) set on same VPC, subnet, SG. This machine can set up ssm agent and keep online after activating machine. My Redhat image is RHEL-9.3.0_HVM-20240117-x86_64-49-Hourly2-GP3.

The error massage is below

SSM Agent is not online The SSM Agent was unable to connect to a Systems Manager endpoint to register itself with the service.

Verify that the IAM instance profile has the correct permissions. Verify that your instance's security group and VPC allow HTTPS (port 443) outbound traffic to the following Systems Manager endpoints: ssm.ap-northeast-1.amazonaws.com ec2messages.ap-northeast-1.amazonaws.com ssmmessages.ap-northeast-1.amazonaws.com If your VPC does not have internet access, you can use VPC endpoints to allow outbound traffic from your instance.

If you still can't connect to your instance, or if you receive an error, including an error about SSM Agent, see: ここに画像の説明を入力してください

Topics
Management & Governance
Tags
AWS Systems Manager Fleet Manager
Language
English
Tomo
asked a month ago463 views
2 Answers
0

Have you created an ssm related vpc endpoints:

  • ssm.region.amazonaws.com
  • ssmmessages.region.amazonaws.com
  • ec2messages.region.amazonaws.com

and allowed security groups fir inbound/outbound?

profile picture
EXPERT
Antonio_Lagrotteria
answered a month ago
  • Tomo
    a month ago

    Thanks for your help. As showing a picture on my question, I have already created an ssm related vpc endpoint.

    I permitted vpc endpoint below com.amazonaws.ap-northeast-1.ssm com.amazonaws.ap-northeast-1.ec2messages com.amazonaws.ap-northeast-1.ssmmessages com.amazonaws.ap-northeast-1.s3(Gateway) com.amazonaws.ap-northeast-1.s3(IF)

    And, I have already permitted SG for all in-bound request and out-bound request.(0.0.0.0/0) I also set another EC2(AmazonLinux) by this SG and this VPC endpoint, and I can connect another EC2. But, I cant connect redhat EC2 by same configure. ;;

0

Looks ok to me. Can you confirm that the SG on the VPC endpoints allow inbound TCP 443?

As a backup option, you may want to consider installing EC2 Instance connect for your private VPC

cd /tmp
curl -s -L -O https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_amd64/ec2-instance-connect.rpm
curl -s -L -O https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_amd64/ec2-instance-connect-selinux.noarch.rpm
dnf install -y ./ec2-instance-connect.rpm ./ec2-instance-connect-selinux.noarch.rpm

You will need to create EC2 instance connect endpoint and ensure SG on your EC2 allows incoming SSH (TCP 22)

AWS
EXPERT
Mike_L
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content