Amazon Inspector - Unmanaged EC2 instance

Question

Hi, we are having issues with AWS Inspector because all new EC2 instances are shown as "Unmanaged EC2 instance" despite of having the SSM agent installed, having the right role with "AmazonSSMManagedInstanceCore" permissions attached, and being listed in the Managed Nodes within the SSM.

When we try to run the "AWSSupport-TroubleshootManagedInstance" automation, it gets stuck in step 4 "GetEC2InstanceProperties" in Pending state. Any idea about how to fix this? Thanks.

Answer

Have you made sure the EC2 can reach to Systems Manager service on port 443 via IGW; NAT gateway or SSM VPC endpoint?? EC2 needs the Systems manager prerequisites as following (IAM role; OS supports; connectivity; etc.)
https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-prereqs.html

Answer

If you have the agent installed and correct IAM role assigned, please create an endpoint to enable connectivity between ec2 and systems manager.
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html

Amazon Inspector - Unmanaged EC2 instance

相關內容