1 個回答
- 最新
- 最多得票
- 最多評論
0
Are the permissions to manipulate the KMS key set for EC2?
Make sure that the EC2 IAM role has an IAM policy that allows "kms:Decrypt".
Make sure that the IAM role is set to "AmazonSSMMManagedInstanceCore".
Also, if you are using a private subnet, check to see if there is a pathway to communicate with the KMS endpoints.
Is there a route set up, for example, a NAT Gateway?
If you do not use a NAT Gateway, you can also set up a VPC endpoint for communication to KMS.
https://repost.aws/knowledge-center/ssm-session-manager-failures
You probably have KMS encryption enabled in SSM in your environment.
https://docs.aws.amazon.com/systems-manager/latest/userguide/session-preferences-enable-encryption.html
相關內容
- 已提問 21 天前
- 已提問 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 年前
- AWS 官方已更新 1 個月前
- AWS 官方已更新 4 年前
Thank you for your answer, I added KMS permission and it works now, but not sure why now it requires KMS permission? working before without KMS permission
I believe someone may have enabled KMS encryption in Session Manager. If this is enabled, it will be necessary to attach a policy to the EC2 that allows KMS operations. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-preferences-enable-encryption.html