What should a SysOps administrator do to resolve this issue?
Add an inbound rule for port 22 in the security group associated with the Ubuntu instance.
Assign the AmazonSSMManagedInstanceCore managed policy to the EC2 instance profile for the Ubuntu instance.
Configure the SSM Agent to log in with a user name of ג€ubuntuג€.
Generate a new key pair, configure Session Manager to use this new key pair, and provide the private key to the users.
Explanations:
Adding an inbound rule for port 22 would allow SSH access, which contradicts the company’s security policy that forbids SSH access.
The AmazonSSMManagedInstanceCore policy grants the necessary permissions to allow the EC2 instance to communicate with Systems Manager. The instance profile might be missing this policy.
The SSM Agent does not require a specific username to be configured for Session Manager to work. This option is unrelated to the issue.
The issue does not involve SSH key pairs, as the company policy forbids SSH and RDP access. Session Manager should be used, and a new key pair is unnecessary.
I think the answer is:
Assign the AmazonSSMManagedInstanceCore managed policy to the EC2 instance profile for the Ubuntu instance.
I reckon the answer is:
Assign the AmazonSSMManagedInstanceCore managed policy to the EC2 instance profile for the Ubuntu instance.