session manager logging not working


Hi, my team currently testing session manager feature to adopt our environment and client's environment.

basic session manager feature seems to working very well, we dont have any troulbe to connect ec2 via session manager.

but after we enable the session manager logging feature on AWS UI ->AWS Systems Manager-> Session Manager-> prefereance

conencting to ec2 instance via session manager took almost 3 minutes (if we turn the logging feature disable, connecting to ec2 happen instantly) and logging seems to not working on our specified target (currently we set the target to cloudwatch log-groups)

is there some more process we should done to work this out?


so far we done

  • DNS features enabled on VPC
  • create 3 endpoints (ssm, ssmmessages and ec2messages) and put the security group allow https
  • use Amazon supplied basic AMI (Amazon linux AMI)
  • made role with two policies attaced and put this on ec2 instances
  1. AmazonSSMManagedInstanceCore
  2. custom policy to work with cloudwatch with following statesments { "Version": "2012-10-17", "Statement": [ { "Action": [ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:DescribeLogGroups", "logs:PutLogEvents" ], "Effect": "Allow", "Resource": "*" } ] }
1 回答

just found answer myself, forgot to create the endpoint for cloudwatch or s3 :)

hope this will help to future idiot like myself XD

已回答 1 年前
profile picture
已审核 7 天前

您未登录。 登录 发布回答。