aws session manager to instances without public IP or EIP

Question

I am trying to set up session manager to connect to my instances, and I am facing an issue with instances that do not have public IP or EIP.

What I have done is created a role and attach the AmazonSSMManagedInstanceCore Policy.

When I launch an instance (Amazon 2 or Ubuntu) with public IP or EIP everything is ok, as soon as I attach the role it works.

But when I do not have Public IP or EIP I am not able to connect.

Any idea? Am I missing something?

score 4 · Answer 1 · answered Mar 06 '20 at 20:23

The instances must be able to connect to SSM service endpoint. If they don’t have a Public IP then they must be in a subnet with default route through a NAT gateway. Otherwise they can’t talk to the internet and in turn can’t connect to the SSM service

See NAT Gateway for EC2 instances for more details.

Hope that helps :)

score 0 · Answer 2 · answered Mar 09 '20 at 10:17

0

Thanks, yes indeed it helps. I was using public subnet with IGW, shouldn't that work as well since my instances they do have internet access , but via the IGW instead.

answered Mar 09 '20 at 10:17

adagio

31

2

Hi Adagio! If you have a comment, please use the "add a comment" button rather than posting it as an answer. Thanks! – enharmonic Mar 11 '20 at 15:23

aws session manager to instances without public IP or EIP

2 Answers2