- Newest
- Most votes
- Most comments
Have you created an ssm related vpc endpoints:
- ssm.region.amazonaws.com
- ssmmessages.region.amazonaws.com
- ec2messages.region.amazonaws.com
and allowed security groups fir inbound/outbound?
Looks ok to me. Can you confirm that the SG on the VPC endpoints allow inbound TCP 443?
As a backup option, you may want to consider installing EC2 Instance connect for your private VPC
cd /tmp
curl -s -L -O https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_amd64/ec2-instance-connect.rpm
curl -s -L -O https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_amd64/ec2-instance-connect-selinux.noarch.rpm
dnf install -y ./ec2-instance-connect.rpm ./ec2-instance-connect-selinux.noarch.rpm
You will need to create EC2 instance connect endpoint and ensure SG on your EC2 allows incoming SSH (TCP 22)
The article "Troubleshooting managed node issues in Systems Manager with SAW" could be a helpful resource for your issue. It covers a very similar problem of an EC2 instance not registering as a managed node in AWS Systems Manager.
The article walks through using the AWS Support Automation Workflow (SAW) runbook "AWSSupport-TroubleshootManagedInstance" to diagnose the root cause of the connectivity problem. This includes verifying IAM permissions, security group configurations, and network settings - all of which seem relevant to the issues you're experiencing with your RHEL 9.0 instance.
Beyond just the troubleshooting steps, the article also presents an architectural approach for automatically triggering this SAW-based analysis whenever new EC2 instances are launched. This proactive monitoring could be beneficial for preventing these types of Systems Manager issues from going unnoticed in the future.
The article provides sample code and a detailed walkthrough, so it could serve as a helpful reference if you wanted to implement a similar automated troubleshooting solution in your own environment. I'd recommend reviewing the information in this article, as it seems directly applicable to the problem you're facing with your RHEL 9.0 EC2 instance not registering as a managed node. The troubleshooting guidance and automated monitoring approach covered could provide valuable insights and a potential path forward.
Relevant content
- asked 5 years ago
- asked 7 years ago
- asked 3 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
Thanks for your help. As showing a picture on my question, I have already created an ssm related vpc endpoint.
I permitted vpc endpoint below com.amazonaws.ap-northeast-1.ssm com.amazonaws.ap-northeast-1.ec2messages com.amazonaws.ap-northeast-1.ssmmessages com.amazonaws.ap-northeast-1.s3(Gateway) com.amazonaws.ap-northeast-1.s3(IF)
And, I have already permitted SG for all in-bound request and out-bound request.(0.0.0.0/0) I also set another EC2(AmazonLinux) by this SG and this VPC endpoint, and I can connect another EC2. But, I cant connect redhat EC2 by same configure. ;;