SSM Agent is not online. The SSM Agent was unable to connect to a Systems Manager endpoint to register itself with the service.
Hi, all. My ssm agent keep ofline still after activating EC2(Redhat 9.0). Another EC2(amazon Linux) set on same VPC, subnet, SG. This machine can set up ssm agent and keep online after activating machine. My Redhat image is RHEL-9.3.0_HVM-20240117-x86_64-49-Hourly2-GP3.
The error massage is below
SSM Agent is not online The SSM Agent was unable to connect to a Systems Manager endpoint to register itself with the service.
Verify that the IAM instance profile has the correct permissions. Verify that your instance's security group and VPC allow HTTPS (port 443) outbound traffic to the following Systems Manager endpoints: ssm.ap-northeast-1.amazonaws.com ec2messages.ap-northeast-1.amazonaws.com ssmmessages.ap-northeast-1.amazonaws.com If your VPC does not have internet access, you can use VPC endpoints to allow outbound traffic from your instance.
If you still can't connect to your instance, or if you receive an error, including an error about SSM Agent, see:
- 最新
- 投票最多
- 评论最多
Have you created an ssm related vpc endpoints:
- ssm.region.amazonaws.com
- ssmmessages.region.amazonaws.com
- ec2messages.region.amazonaws.com
and allowed security groups fir inbound/outbound?
Looks ok to me. Can you confirm that the SG on the VPC endpoints allow inbound TCP 443?
As a backup option, you may want to consider installing EC2 Instance connect for your private VPC
cd /tmp
curl -s -L -O https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_amd64/ec2-instance-connect.rpm
curl -s -L -O https://amazon-ec2-instance-connect-us-west-2.s3.us-west-2.amazonaws.com/latest/linux_amd64/ec2-instance-connect-selinux.noarch.rpm
dnf install -y ./ec2-instance-connect.rpm ./ec2-instance-connect-selinux.noarch.rpm
You will need to create EC2 instance connect endpoint and ensure SG on your EC2 allows incoming SSH (TCP 22)
相关内容
AWS 官方已更新 1 年前- AWS 官方已更新 3 年前
- AWS 官方已更新 7 个月前
Thanks for your help. As showing a picture on my question, I have already created an ssm related vpc endpoint.
I permitted vpc endpoint below com.amazonaws.ap-northeast-1.ssm com.amazonaws.ap-northeast-1.ec2messages com.amazonaws.ap-northeast-1.ssmmessages com.amazonaws.ap-northeast-1.s3(Gateway) com.amazonaws.ap-northeast-1.s3(IF)
And, I have already permitted SG for all in-bound request and out-bound request.(0.0.0.0/0) I also set another EC2(AmazonLinux) by this SG and this VPC endpoint, and I can connect another EC2. But, I cant connect redhat EC2 by same configure. ;;