What do you need to login into a EC2 instance via SSM?
November 24, 2023 · 1 min · Moritz Gnisia
Make sure you have an AMI where the SSM Agent is installed. If this is not the case update the user-data to install the agent
VPC:
Instance is running in a private subnet -> Ensure you have a NAT Gateway
Instance is running in a public subnet -> Internet Access must be given / Ensure you have a Internet Gateway
In both cases you need to allow HTTPS outgoing traffic (this means 443 with 0.0.0.0/0)
If you don’t want to use a outgoing security group rule with 0.0.0.0/0, setup a VPC Endpoint. In this case make sure that DNS Queries via TCP/UDP are allowed on Port 53. Otherwise the DNS Queries won’t work.