EC2 Instance doesn't become managed after installing SSM Agent

Question

I've installed SSM Agent (2.2.607.0) on Windows Server 2012 R2 Standard instance with the EC2 Config (4.9.2688.0). After installing it, i cannot see the server on the Managed Instances screen. I did the same steps on other servers (Windows and Linux) and it worked.

Tried to uninstall the EC2 Config, reinstalled it again with no luck. Tried to install a different SSM Agent version (2.2.546.0) with no luck also.

Any thoughts?

Answer 1

New SSM agent version comes with a diagnostic package.. You can run that to see which prerequisites is missing. https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-cli.html

Answer 2

I had this problem, and of the four troubleshooting steps - SSM Agent, IAM instance role, Service Endpoint connectivity, Target operating system type, it turned out that the problem was endpoint connectivity.

My VPC, Subnet, route table, and internet gateway all looked correct (and were identical to another instance which was being managed by SSM). But the instance didn't have a public IP, and without that you can't use the IGW. You can't use a VPC endpoint and an Internet Gateway. So adding a public IP allowed the instance to connect to SSM and become managed.

Extra complication : I was trying to use EC2 Image Builder, which creates an instance without a public IP. So there is no way to use Image Builder in a VPC which has an Internet Gateway.

Answer 3

The agent is installed, but the instance still needs the proper role to communicate with the systems manager. Particularly this step of Configuring Access to Systems Manager.

By default, Systems Manager doesn't have permission to perform actions on your instances. You must grant access by using an IAM instance profile. An instance profile is a container that passes IAM role information to an Amazon EC2 instance at launch.

You should review the whole configuration guide and make sure you have configured all required roles appropriately.