1. Make sure you have an AMI where the SSM Agent is installed. If this is not the case update the user-data to install the agent
  2. VPC:
    1. Instance is running in a private subnet -> Ensure you have a NAT Gateway
    2. Instance is running in a public subnet -> Internet Access must be given / Ensure you have a Internet Gateway
    3. In both cases you need to allow HTTPS outgoing traffic (this means 443 with
    4. If you don’t want to use a outgoing security group rule with, setup a VPC Endpoint