Unable to connect to SSM

0

Hi Everyone,

I have deployed a new EC2 instance but I am unable to connect to SSM. When checked in fleet manager, the instance is visible there but ssm agent ping status is showing connection lost. Enter image description here

2 Answers
0

Hi,

This error can be due to different causes (SSM agent status, network connectivity issues, IAM Role permissions...), so I recommend that you take a look at the following Knowledge Center post, which details the requirements to be a managed instance in Online status, as well as the steps to verify it and solve it if necessary.

profile picture
EXPERT
answered 10 months ago
0

Hi, most frequent issue is not having the required AWS-managed IAM policy named AmazonEC2RoleforSSM in place in the execution rolee of your EC2 instance. See example below in my own CFN template:

BaaRole:
    Type: AWS::IAM::Role
    DeletionPolicy: Delete
    Properties:
      RoleName: !Join
        - '-'
        - - 'role'
          - !GetAtt Name.Value
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: 'Allow'
            Principal:
              Service:
                - 'ec2.amazonaws.com'
            Action: 'sts:AssumeRole'
      Path: /
      ManagedPolicyArns:
        - 'arn:aws:iam::aws:policy/service-role/AmazonEC2RoleforSSM'
      Policies:
        - PolicyName: !Join
            - '-'
            - - 'role-policy'
              - !GetAtt Name.Value
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: 'Allow'
                Action:
                  - 's3:*'
                Resource:
                  - '*'
profile pictureAWS
EXPERT
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions