CloudWatch Agent using SSM where instances are not showing in Managed Instances

Question

I was trying to install SSM agent in Ec2 instances for which i have attached instance role with SSM full access,CloudwatchagentAdmin role,SSM managed Instance core.But i could see my instances in SSM console of Managed Instances.

Anyone help ? Thanks in Advance

Answer 1

SSM agent is installed by default on:

• Amazon Linux 1 and 2
• Ubuntu Server 16.04 and 18.04
• Amazon ECS-Optimized

Thus, there is no need to manually install it, if you use any of these system. Nevertheless, general things to check/consider for the lack of recognition as managed instance are:

1. Check your instance role. Good start for the role is one which includes arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore managed policy.

2. Verify internet connectivity of your instance. The instance must be able to communicate with the SSM service. This is especially important if the instance is in a custom VPC. If this is the case, then:

   • Check if the instance is in private subnet or a public subnet.
   • If private, then have to correctly setup NAT gateway/instance or SSM VPC Interface endpoint to be able to communicate with the SSM service.

Answer 2

It's possible that the SSM Agent is not started.

• Run the following command to determine if SSM Agent is running:

  sudo snap list amazon-ssm-agent

• Run the following command to start the service if the previous command returned amazon-ssm-agent is stopped, inactive, or disabled:

  sudo snap start amazon-ssm-agent

• Check the status of the agent:

  sudo snap services amazon-ssm-agent

See AWS Systems Manager docs for more details.