- Newest
- Most votes
- Most comments
Hey there!
Your EC2 instance is facing an access denied error while trying to connect to AWS Systems Manager. This typically happens when the IAM role, which is associated with your instance as an instance profile, lacks the necessary permissions for Systems Manager.
To fix this, ensure that the IAM role (instance profile) attached to your EC2 instance has the appropriate permissions. You can achieve this by attaching the AmazonSSMManagedInstanceCore
policy to the IAM role. This policy grants the necessary permissions for Systems Manager to manage your EC2 instance effectively.
Hi, To resolve this issue, you need to ensure that the IAM role associated with your EC2 instance has the required permissions to access Systems Manager. Here are the general steps you can follow:
1)Check IAM Role Permissions:
Verify the IAM role attached to the EC2 instance. Ensure that it has the necessary permissions to interact with Systems Manager. You may need to attach the "AmazonSSMManagedInstanceCore" managed policy to the IAM role.
2)Verify Instance Profile:
Make sure that the instance profile associated with the EC2 instance is correctly configured. The instance profile should be attached to the IAM role and include the appropriate permissions.
3)Check Instance Metadata Service (IMDS) Access:
Ensure that the EC2 instance has access to the Instance Metadata Service (IMDS). The instance needs to be able to retrieve temporary credentials to authenticate with AWS services.
4)Review Trust Relationships:
Check the trust relationship policy of the IAM role. It should allow Systems Manager to assume the role. The trust relationship should include "ssm.amazonaws.com" as a trusted entity.
5)Validate Role ARN:
Double-check that the IAM role ARN specified in the Systems Manager configuration matches the IAM role associated with the EC2 instance.
6)Review AWS Organizations Policies:
If your AWS account is part of an AWS Organization, review the policies set at the organization level to ensure they are not restricting access to Systems Manager.
8)Check for IAM Policy Conditions:
Make sure there are no explicit deny statements or policy conditions that might be preventing the instance from accessing Systems Manager.
Once you've verified and adjusted the permissions as needed, restart the EC2 instance to apply the changes, and then attempt to connect to Systems Manager again. This should resolve the "AccessDeniedException" error you're encountering.
Hello
Verify that the managed instance role exists in your AWS account and has the correct trust policy and permissions policy attached (AmazonSSMManagedInstanceRole. You can also check that the AWS account number in the error (891377358859) matches your account Also, check the following links - https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-permissions.html https://docs.aws.amazon.com/cloud9/latest/user-guide/ec2-ssm.html
Thanks
Thank you for your answers, adding an IAM AmazonSSMManagedInstanceCore role linked to my EC2 instance solved the problem!
Can you validate the answer to close this question?
Relevant content
- Accepted Answerasked 8 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
I have to mention that my instance is checked as running but not working, after I start it again it works normally