2

I would like to use Session Manager to connect to my instance.

I have created a role with those policies :

AmazonEC2RoleforSSM AmazonSSMFullAccess

enter image description here

And attached with my instance, from debian official AMI (I red al important "official" AMI embed SSM agent)

enter image description here

But i still have the message :

enter image description here

(I also tried with the Amazon Linux AMI but it is the same).

I saw somewhere that I have to create an AWS service endpoint for SSM. I created one (and restarted the instance) but it is the same.

enter image description here

Can someone explain to me what I'm missing?

Thanks

Improve this question
1
  • How's your Security group set up? Did you complete the setup on the Systems Manager side? Commented Sep 19, 2024 at 10:05

1 Answer 1

Reset to default
1

Firstly, dont assume the agent is installed & running :) - login to ec2 via SSH and confirm. Assuming the agent is running, there should be a log file from the agent which will give you an idea whats wrong.

If you want to use SSM with VPC endpoints(such as a private VPC), you actually need 3 endpoints, ssm, ec2messages and ssmmessages. Those endpoints have a security group which needs to allow the instance (or the VPC range) for them to be used.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

You were right! the SSM agent was not installed. I thought it was installed on all "major" ami. Thanks

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.