error while connecting to EC2 via Session Manager

0

Hi team,

I have a bastion host in my private VPC, I used to connect to it via session manager (second tab => Session Manager => click Connect button)

now I have this error when I click on the Connect button :

Your session has been terminated for the following reasons:  ----------ERROR------- Encountered error while initiating handshake. Fetching data key failed:
 
Unable to retrieve data key, Error when decrypting data key AccessDeniedException: The ciphertext refers to a customer master key that does not exist, 

does not exist in this region, or you are not allowed to access. status code: 400, request id:xxxxxxxxxx

Not sure what happened to not being able to connect to the EC2 instance

this instance was created without key pair

I see my ec2 instance in the Fleet Manager on the running state

已提問 1 年前檢視次數 540 次
1 個回答
0
已接受的答案

Are the permissions to manipulate the KMS key set for EC2?
Make sure that the EC2 IAM role has an IAM policy that allows "kms:Decrypt".
Make sure that the IAM role is set to "AmazonSSMMManagedInstanceCore".
Also, if you are using a private subnet, check to see if there is a pathway to communicate with the KMS endpoints.
Is there a route set up, for example, a NAT Gateway?
If you do not use a NAT Gateway, you can also set up a VPC endpoint for communication to KMS.
https://repost.aws/knowledge-center/ssm-session-manager-failures

You probably have KMS encryption enabled in SSM in your environment.
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-preferences-enable-encryption.html

profile picture
專家
已回答 1 年前
profile picture
專家
已審閱 1 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南