amazon-ec2-image-builder-samples icon indicating copy to clipboard operation
amazon-ec2-image-builder-samples copied to clipboard

Published 20 hours ago verified publisher icon aws-samples

SSM Agent verification failed with status="Failed"

Open alekhya114 opened this issue 2 years ago • 2 comments

I am using Ec2 image builder to build a custom AMI using Amazon al2 as a base image

I have attached a private subnet with a NAT gateway for internet access and have PrivateLink endpoints for Systems Manager, and Image Builder.

The following endpoint was created and able to telnet them from the build instance.

  • com.amazonaws.us-east-1.ssm
  • com.amazonaws.us-east-1.ec2
  • com.amazonaws.us-east-1.ec2messages
  • com.amazonaws.us-east-1.ssmmessages
  • com.amazonaws.us-east-1.imagebuilder

Have attached the EC2InstanceProfileForImageBuilder IAM profile for build instance with the following policies

The following ERROR was reported at the AWS console

SSM execution '8930028b-5831-4b12-XXXXX' failed with status = 'Failed' in state = 'BUILDING' and failure message = 'SSM Agent verification failed'

There is no error log created and no error messages found in the SSM log in the build instance.

Please suggest a resolution for this or any missing peace here.

alekhya114 avatar Apr 04 '22 16:04 alekhya114

For ImageBuilder(IB) to work, Build/Test instance launched by IB, should be connected to the SSM and configured for using RunCommand.

  • https://aws.amazon.com/premiumsupport/knowledge-center/systems-manager-ec2-instance-not-appear/
  • https://aws.amazon.com/premiumsupport/knowledge-center/ssm-run-command-failures/

You can configure, SSH keys in the Infrastructure Configuration and should SSH on the Build instance and use the two articles I have shared about.

Login on the instance and run the SSM cli diagnostics, it will check everything mentioned in the above articles and give you the results.

https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-cli.html

awsaud avatar Apr 04 '22 17:04 awsaud

As @awsaud noted, Image Builder relies upon Systems Manager to communicate with the instance. If the connection to Systems Manager fails, for any reason, then the associated Image Builder build (/or test) will also fail.

If all your configurations are correct, there could still have been a transient issue that caused this.

Is this issue still occurring?

austoonz avatar Jun 20 '22 16:06 austoonz

Closing due to inactivity.

EmmanuelTsouris avatar Jun 19 '24 20:06 EmmanuelTsouris