My Linux machines doesn't appear in AWS Systems Manager console

Question

I followed here to manage my Linux michines(it is executed on WSL, not EC2 instance) on AWS Systems Manager.

But I could not find out my VM on SSM console after I finished following code.

mkdir /tmp/ssm
curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb -o /tmp/ssm/amazon-ssm-agent.deb
sudo dpkg -i /tmp/ssm/amazon-ssm-agent.deb
sudo service amazon-ssm-agent stop
sudo -E amazon-ssm-agent -register -code "activation-code" -id "activation-id" -region "region" 
sudo service amazon-ssm-agent start

The status of ssm-agent on my VM chenges between active(running) from activating (auto-restart). So I checked error log(/var/log/amazon/ssm/errors.log) and got the log like this:

caused by: Get "http://169.254.169.254/latest/meta-data/instance-id": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2023-04-26 09:49:00 ERROR [newAgentIdentityInner @ identity_selector.go.99] Agent failed to assume any identity
2023-04-26 09:49:00 ERROR [NewAgentIdentity @ identity_selector.go.112] failed to find identity, retrying: failed to find agent identity
2023-04-26 09:49:07 ERROR [NewEC2Identity @ ec2_identity.go.281] [EC2Identity] failed to get identity instance id. Error: RequestError: send request failed
caused by: Get "http://169.254.169.254/latest/meta-data/instance-id": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2023-04-26 09:49:07 ERROR [newAgentIdentityInner @ identity_selector.go.99] Agent failed to assume any identity
2023-04-26 09:49:07 ERROR [Init @ bootstrap.go.75] failed to get identity: failed to find agent identity
2023-04-26 09:49:07 ERROR [run @ agent.go.153] Error occurred when starting amazon-ssm-agent: failed to get identity: failed to find agent identity

I'm fed up with handling this error. please help me.

Chat GPT4 told me that ssm-agent seems to try to get meta data from http://169.254.169.254/latest/meta-data/instance-id and /etc/amazon/ssm/amazon-ssm-agent.json would be required to change like following(I fulfilled Region and ManagedInstance).

{
    "Profile":{
        "ShareCreds" : true,
        "ShareProfile" : "",
        "ForceUpdateCreds" : false,
        "KeyAutoRotateDays": 0
    },
    "Mds": {
        "CommandWorkersLimit" : 5,
        "StopTimeoutMillis" : 20000,
        "Endpoint": "",
        "CommandRetryLimit": 15
    },
    "Ssm": {
        "Endpoint": "",
        "HealthFrequencyMinutes": 5,
        "CustomInventoryDefaultLocation" : "",
        "AssociationLogsRetentionDurationHours" : 24,
        "RunCommandLogsRetentionDurationHours" : 336,
        "SessionLogsRetentionDurationHours" : 336,
        "PluginLocalOutputCleanup": "",
        "OrchestrationDirectoryCleanup": ""
    },
    "Mgs": {
        "Region": **"ap-northeast-1"**,
        "Endpoint": "",
        "StopTimeoutMillis" : 20000,
        "SessionWorkersLimit" : 1000,
        "DeniedPortForwardingRemoteIPs" : [
            "169.254.169.254",
            "fd00:ec2::254",
            "169.254.169.253",
            "fd00:ec2::253",
            "169.254.169.123",
            "169.254.169.250"
        ]
    },
    "Agent": {
        "Region": **"ap-northeast-1"**,
        "OrchestrationRootDir": "",
        "SelfUpdate": false,
        "TelemetryMetricsToCloudWatch": false,
        "TelemetryMetricsToSSM": true,
        "AuditExpirationDay" : 7,
        "LongRunningWorkerMonitorIntervalSeconds": 60
    },
    "Os": {
        "Lang": "en-US",
        "Name": "",
        "Version": "1"
    },
    "S3": {
        "Endpoint": "",
        "Region": **"ap-northeast-1"**,
        "LogBucket":"",
        "LogKey":""
    },
    "Kms": {
        "Endpoint": ""
    },
    **"ManagedInstance": {
    "OnPrem": {
      "Enabled": true,
      "ActivationCode": "MyActivationCode",
      "ActivationId": "MyActivationId"
    }
  }**
}

It also doesn't work at all.

The roles attached to activation are:

• AmazonSSMManagedInstanceCore
• CloudWatchAgentServerPolicy

Answer 1

I managed to resolve the issue by executing the commands below.

sudo rm -f /var/lib/amazon/ssm/registration
sudo -E amazon-ssm-agent -register -code "activation-code" -id "activation-id" -region "region" 

It appears that I had forgotten to enclose the values in quotation marks. Thank you all for your guidance and support.

Answer 2

The error:

Agent failed to assume any identity

means that you did not create and/or attach (or did it incorrectly) and IAM instance role for SSM agent to use. Please check Configure instance permissions for Systems Manager AWS documentation what the role should be.