search

aws / amazon-ssm-agent

An agent to enable remote management of your EC2 instances, on-premises servers, or virtual machines (VMs).
https://aws.amazon.com/systems-manager/
Apache License 2.0
1.04k stars 323 forks source link

SSM Agent entering hibernation mode with AccessDeniedException #374

Closed shokunin-kishitsu closed 3 years ago

shokunin-kishitsu commented 3 years ago

I have AmazonSSMRoleForInstancesQuickSetup role in the instance profile with AmazonSSMManagedInstanceCore policy, so I'm not sure what else I can do from an IAM perspective.

Log:

2021-04-30 14:08:08 INFO [ssm-agent-worker] [StartupProcessor] Write to serial port: OsProductName: CentOS Linux
2021-04-30 14:08:08 INFO [ssm-agent-worker] [StartupProcessor] Write to serial port: OsVersion: 7.8.2003
2021-04-30 14:08:08 INFO [ssm-agent-worker] Entering SSM Agent hibernate - AccessDeniedException: User: arn:aws:sts::1111111111:assumed-role/AmazonSSMRoleForInstancesQuickSetup/i-11111111111 is not authorized to perform: ssm:UpdateInstanceInformation on resource: arn:aws:ec2:eu-central-1:1111111111:instance/i-111111111111
status code: 400
shokunin-kishitsu commented 3 years ago

I was able to resolve this issue by removing the unnecessary VPC endpoints from the CloudFormation template.