I followed here to manage my Linux michines(it is executed on WSL, not EC2 instance) on AWS Systems Manager.
But I could not find out my VM on SSM console after I finished following code.
mkdir /tmp/ssm
curl https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb -o /tmp/ssm/amazon-ssm-agent.deb
sudo dpkg -i /tmp/ssm/amazon-ssm-agent.deb
sudo service amazon-ssm-agent stop
sudo -E amazon-ssm-agent -register -code "activation-code" -id "activation-id" -region "region"
sudo service amazon-ssm-agent start
The status of ssm-agent on my VM chenges between active(running) from activating (auto-restart).
So I checked error log(/var/log/amazon/ssm/errors.log) and got the log like this:
caused by: Get "http://169.254.169.254/latest/meta-data/instance-id": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2023-04-26 09:49:00 ERROR [newAgentIdentityInner @ identity_selector.go.99] Agent failed to assume any identity
2023-04-26 09:49:00 ERROR [NewAgentIdentity @ identity_selector.go.112] failed to find identity, retrying: failed to find agent identity
2023-04-26 09:49:07 ERROR [NewEC2Identity @ ec2_identity.go.281] [EC2Identity] failed to get identity instance id. Error: RequestError: send request failed
caused by: Get "http://169.254.169.254/latest/meta-data/instance-id": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2023-04-26 09:49:07 ERROR [newAgentIdentityInner @ identity_selector.go.99] Agent failed to assume any identity
2023-04-26 09:49:07 ERROR [Init @ bootstrap.go.75] failed to get identity: failed to find agent identity
2023-04-26 09:49:07 ERROR [run @ agent.go.153] Error occurred when starting amazon-ssm-agent: failed to get identity: failed to find agent identity
I’m fed up with handling this error.
please help me.
Chat GPT4 told me that ssm-agent seems to try to get meta data from http://169.254.169.254/latest/meta-data/instance-id and /etc/amazon/ssm/amazon-ssm-agent.json would be required to change like following(I fulfilled Region and ManagedInstance).
{
"Profile":{
"ShareCreds" : true,
"ShareProfile" : "",
"ForceUpdateCreds" : false,
"KeyAutoRotateDays": 0
},
"Mds": {
"CommandWorkersLimit" : 5,
"StopTimeoutMillis" : 20000,
"Endpoint": "",
"CommandRetryLimit": 15
},
"Ssm": {
"Endpoint": "",
"HealthFrequencyMinutes": 5,
"CustomInventoryDefaultLocation" : "",
"AssociationLogsRetentionDurationHours" : 24,
"RunCommandLogsRetentionDurationHours" : 336,
"SessionLogsRetentionDurationHours" : 336,
"PluginLocalOutputCleanup": "",
"OrchestrationDirectoryCleanup": ""
},
"Mgs": {
"Region": **"ap-northeast-1"**,
"Endpoint": "",
"StopTimeoutMillis" : 20000,
"SessionWorkersLimit" : 1000,
"DeniedPortForwardingRemoteIPs" : [
"169.254.169.254",
"fd00:ec2::254",
"169.254.169.253",
"fd00:ec2::253",
"169.254.169.123",
"169.254.169.250"
]
},
"Agent": {
"Region": **"ap-northeast-1"**,
"OrchestrationRootDir": "",
"SelfUpdate": false,
"TelemetryMetricsToCloudWatch": false,
"TelemetryMetricsToSSM": true,
"AuditExpirationDay" : 7,
"LongRunningWorkerMonitorIntervalSeconds": 60
},
"Os": {
"Lang": "en-US",
"Name": "",
"Version": "1"
},
"S3": {
"Endpoint": "",
"Region": **"ap-northeast-1"**,
"LogBucket":"",
"LogKey":""
},
"Kms": {
"Endpoint": ""
},
**"ManagedInstance": {
"OnPrem": {
"Enabled": true,
"ActivationCode": "MyActivationCode",
"ActivationId": "MyActivationId"
}
}**
}
It also doesn’t work at all.
The roles attached to activation are:
- AmazonSSMManagedInstanceCore
- CloudWatchAgentServerPolicy
2
Answers
I managed to resolve the issue by executing the commands below.
It appears that I had forgotten to enclose the values in quotation marks. Thank you all for your guidance and support.
The error:
means that you did not create and/or attach (or did it incorrectly) and IAM instance role for SSM agent to use. Please check Configure instance permissions for Systems Manager AWS documentation what the role should be.