1 Answer
- Newest
- Most votes
- Most comments
0
The EC2 Instance doesn't need to have outbound internet access (NAT or IGW).
I've had similar issues in the past, ensure you have all three service endpoints setup (Security Group & Subnet mappings):
- com.amazonaws.[region].ssm
- com.amazonaws.[region].ssmmessages
- com.amazonaws.[region].ec2messages
Security Group for the Endpoints should allow HTTPS access from your VPC range (or narrowed down), and if you've modified the outbound rules on your Instance's Security Group - verify that too.
For completeness: issue was missing of Private DNS for Endpoints.
PrivateDnsEnabled: True
Relevant content
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago