Session Manager unable to connect to instance in public subnet


I can't seem to get an instance in a public subnet to connect via session manager. The subnet that the instance ends up deploying to has set to an internet gateway. The security group has no inbound rules and an outbound rule of Allow The instance profile has the AmazonSSMManagedInstanceCore managed policy, the instance is on a public subnet with an internet gateway and a security group that allows all outbound requests, and it’s running AmazonLinux 2, so the SSM agent should be installed. I even added a userData command to install the latest again, but that didn’t change anything.

From the console, I see the following error message:

We weren't able to connect to your instance. Common reasons for this include:

Here's a sample of CDK code that replicates the problem:

const region = 'us-east-2'

const myInstanceRole = new Role(this, 'MyRole', {
  assumedBy: new ServicePrincipal(''),

const myUserData = UserData.forLinux()
  `sudo yum install -y https://s3.${region}${region}/latest/linux_amd64/amazon-ssm-agent.rpm`,
  'sudo systemctl restart amazon-ssm-agent',

const myInstance = new Instance(this, 'MyInstance', {
  instanceType: InstanceType.of(InstanceClass.C6I, InstanceSize.LARGE),
  machineImage: MachineImage.latestAmazonLinux({
    generation: AmazonLinuxGeneration.AMAZON_LINUX_2,
    cpuType: AmazonLinuxCpuType.X86_64,
  vpc: Vpc.fromLookup(this, 'ControlTowerVPC', {
    vpcName: 'aws-controltower-VPC',
  vpcSubnets: {
    subnetType: SubnetType.PUBLIC,
  blockDevices: [
      deviceName: '/dev/xvda',
      volume: BlockDeviceVolume.ebs(30, {
        volumeType: EbsDeviceVolumeType.GP2,
        encrypted: true,
  userData: myUserData,
  role: myInstanceRole,
  detailedMonitoring: true,
1 Answer
Accepted Answer

Turns out the issue was that the EC2 instance didn't have a public IP address.

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions