error while connecting to EC2 via Session Manager

0

Hi team,

I have a bastion host in my private VPC, I used to connect to it via session manager (second tab => Session Manager => click Connect button)

now I have this error when I click on the Connect button :

Your session has been terminated for the following reasons:  ----------ERROR------- Encountered error while initiating handshake. Fetching data key failed:
 
Unable to retrieve data key, Error when decrypting data key AccessDeniedException: The ciphertext refers to a customer master key that does not exist, 

does not exist in this region, or you are not allowed to access. status code: 400, request id:xxxxxxxxxx

Not sure what happened to not being able to connect to the EC2 instance

this instance was created without key pair

I see my ec2 instance in the Fleet Manager on the running state

已提问 1 年前536 查看次数
1 回答
0
已接受的回答

Are the permissions to manipulate the KMS key set for EC2?
Make sure that the EC2 IAM role has an IAM policy that allows "kms:Decrypt".
Make sure that the IAM role is set to "AmazonSSMMManagedInstanceCore".
Also, if you are using a private subnet, check to see if there is a pathway to communicate with the KMS endpoints.
Is there a route set up, for example, a NAT Gateway?
If you do not use a NAT Gateway, you can also set up a VPC endpoint for communication to KMS.
https://repost.aws/knowledge-center/ssm-session-manager-failures

You probably have KMS encryption enabled in SSM in your environment.
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-preferences-enable-encryption.html

profile picture
专家
已回答 1 年前
profile picture
专家
已审核 1 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则