Search code examples
amazon-web-servicesamazon-ec2

Can't connect via AWS Session Manager despite open ports and VPC Endpoint

I have two EC2s installed - one with public IP [EC2-A], the other without [EC2-B].

On both, I have the instance roles required for SSM. Moreover since I do not have a public IP on EC2-B, I created a VPC endpoint (configured correctly, as prior to the creation of the EC2-B endpoint it was not visible in the fleet manager). Both EC2s are visible in System Manager -> Fleet Manager -> Managed Nodes .

However, I am unable to connect to EC2-B Using AWS System Manager (aws ssm start-session)

➜  Downloads aws ssm start-session --target i-06d10s2296494c8788


An error occurred (TargetNotConnected) when calling the StartSession operation: i-06d348796494c8788 is not connected.

but when I add the public IP to EC2-B I can do so.

I have the same roles and security group on both EC2s (everything opened for testing). EC2-A works as expected.

View from EC2 -> Connect

enter image description here

Same IAM on EC2-A and on EC2-A there is no error.

Any help guys?

Solution

  • Ok guys for future viewers.

    It was not enough to create just one endpoint.

    You need 3:

    enter image description here

    https://aws.amazon.com/blogs/mt/automated-configuration-of-session-manager-without-an-internet-gateway/