π Install SSM Agent on Ubuntu Server instances
To install SSM Agent on Ubuntu Server 20.10 STR & 20.04, 18.04, and 16.04 LTS 64-bit ...
For further actions, you may consider blocking this person and/or reporting abuse
Hmm, I have exactly this problem, but I don't understand where I should attach the instance profile. My EC2 instance already has AmazonSSMRoleForInstanceQuickSetup role attached, which has the AmazonSSMManagedInstanceCore policy, which should have all of the listed permissions. But I still get the error mentioned above.
Attache instance profile which provide
ssm:*permisson to the EC2 instance which you got the ssm-agent errorI have that. But I still get the error.
Can you show you policy and the log
Sure. The role in the instance profile is AmazonSSMRoleForInstancesQuickSetup, the associated policy is arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:DescribeAssociation",
"ssm:GetDeployablePatchSnapshotForInstance",
"ssm:GetDocument",
"ssm:DescribeDocument",
"ssm:GetManifest",
"ssm:GetParameter",
"ssm:GetParameters",
"ssm:ListAssociations",
"ssm:ListInstanceAssociations",
"ssm:PutInventory",
"ssm:PutComplianceItems",
"ssm:PutConfigurePackageResult",
"ssm:UpdateAssociationStatus",
"ssm:UpdateInstanceAssociationStatus",
"ssm:UpdateInstanceInformation"
],
"Resource": ""
},
{
"Effect": "Allow",
"Action": [
"ssmmessages:CreateControlChannel",
"ssmmessages:CreateDataChannel",
"ssmmessages:OpenControlChannel",
"ssmmessages:OpenDataChannel"
],
"Resource": ""
},
{
"Effect": "Allow",
"Action": [
"ec2messages:AcknowledgeMessage",
"ec2messages:DeleteMessage",
"ec2messages:FailMessage",
"ec2messages:GetEndpoint",
"ec2messages:GetMessages",
"ec2messages:SendReply"
],
"Resource": "*"
}
]
}
and the error is:
Entering SSM Agent hibernate - AccessDeniedException: User: arn:aws:sts::111111111111:assumed-role/AmazonSSMRoleForInstancesQuickSetup/i-instance-id
is not authorized to perform: ssm:UpdateInstanceInformation on resource: arn:aws:ec2:eu-central-1:111111111111:instance/i-instance-id
status code: 400, request id:
Why the resource is "" for ssm action?
It's just the text box interpreted the asterisk as italic formatting. The asterisk is there in the policy itself.
Best SMM, is one of the best smm panel provider in the world. You should this panel also they have chepaest rate for all the smm service from any other panel. Also they have 24/7 customer service so if you face any problem you can solve the problem instantly. Just serach Best SMM in the google you will find this panel on the top. So go and visit this panel atleast on time i am sure you will love it**
Thanks for sharing
It solved my problem with SSM agent :)
Glad to hear that