1 個回答
- 最新
- 最多得票
- 最多評論
1
The security groups are not bypassed, however, the SSM agent on the instance initiates the the connection to the SSM service so the outbound rules of the security group on the instance are the ones in play. Most likely, the outbound is wide open. Minimally, the outbound rule needs to allow outbound 443 to the SSM endpoints. See: Systems Manager prerequisites.
(Recommended) Create a VPC endpoint in Amazon Virtual Private Cloud (Amazon VPC) to use with Systems Manager.
If you don't use a VPC endpoint, configure your managed instances to allow HTTPS (port 443) outbound traffic to the Systems Manager endpoints. For information, see (Optional) Create a VPC endpoint.
相關內容
- 已提問 6 個月前
- AWS 官方已更新 1 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 7 個月前