- Make sure you have an AMI where the SSM Agent is installed. If this is not the case update the user-data to install the agent
- VPC:
- Instance is running in a private subnet -> Ensure you have a NAT Gateway
- Instance is running in a public subnet -> Internet Access must be given / Ensure you have a Internet Gateway
- In both cases you need to allow HTTPS outgoing traffic (this means 443 with
0.0.0.0/0
) - If you don’t want to use a outgoing security group rule with
0.0.0.0/0
, setup a VPC Endpoint