CODEWITHSUNDEEP
amazon-web-servicesamazon-ec2
Keiros
Keiros

Reputation: 101

Create managed instance

I am trying to create a managed instance with AWS.

I followed this page to create the IAM role:https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-profile.html.

So it is AmazonSSMManagedInstanceCore

This is the code I am using to associate the IAM role with the EC2.

    # Make EC2s with AWS Ubuntu 20
    instances = subnet.create_instances(ImageId='ami-0885b1f6bd170450c',
                                        InstanceType='m1.small', 
                                        MaxCount=num,
                                        MinCount=num,
                                        Monitoring={'Enabled': True},
                                        SubnetId=subnet.subnet_id,
                                        KeyName=key_name,
                                        IamInstanceProfile={
                                            'Arn': 'arn goes here',
                                        },)

    wait_until_running(instances)

And when I check in the console the role shows up.

But when I do aws ssm describe-instance-information

I get

{
    "InstanceInformationList": []
}

The ultimate goal here is to be able to send a command to the instance.

Upvotes: 1

Views: 83

Answers (1)

Marcin
Marcin

Reputation: 238887

Based on the comments.

The instance does not have public IP address, which indicates it likely has no access to SSM service.

For SSM to work on your instance, it must be able to connect to the SSM service. This is usually enabled in one of three ways:

  1. Instance is a public subnet and has direct internet access.
  2. Instance is in a private subnet and uses NAT gateway to access internet.
  3. Your VPC uses VPC interface endpoints for SSM service to connect to the SSM service. This does not require internet access and provides private communication between instance and the SSM service.

Upvotes: 1

Related Questions