What should a SysOps administrator do to resolve this issue?

By:
On:
In: SOA-C02
Tagged:
With: 0 Comments
A company’s security policy states that connecting to Amazon EC2 instances is not permitted through SSH and ROP.If access is required, authorized staff can connect to instances by using AWS Systems Manager Session Manager.Users report that they are unable to connect to one specific Amazon EC2 instance that is running Ubuntu and has AWS Systems Manager Agent (SSM Agent) pre-installed.These users are able to use Session Manager to connect to other instances in the same subnet, and they are in an IAM group that has Session Manager permission for all instances.

What should a SysOps administrator do to resolve this issue?

Add an inbound rule for port 22 in the security group associated with the Ubuntu instance.

Assign the AmazonSSMManagedInstanceCore managed policy to the EC2 instance profile for the Ubuntu instance.

Configure the SSM Agent to log in with a user name of “ubuntu”.

Generate a new key pair, configure Session Manager to use this new key pair, and provide the private key to the users.

Explanations:

Adding an inbound rule for port 22 is irrelevant since the issue is related to AWS Systems Manager, not SSH. The security policy prohibits SSH access.

The AmazonSSMManagedInstanceCore managed policy is required for EC2 instances to be fully managed by Systems Manager. It provides necessary permissions to the instance to communicate with Systems Manager.

The SSM Agent does not require a specific username like “ubuntu” to function. The issue is likely related to permissions or misconfiguration of the instance, not the user name.

Generating a new key pair is unnecessary because Session Manager does not require SSH key pairs. The issue is likely related to permissions or the instance not having proper SSM configuration.

Leave a Reply

Your email address will not be published. Required fields are marked *

five × 5 =