AWS Systems Manager - Session Manager and Run Command "document process failed unexpectedly"
Asked Answered
B

1

8

I'm using sessions Manager/Run Command to access some of my instances and it works for some instances and not for others.

I have the same configuration for a few instances, same security groups, IAM role, agents installed with the same agent version, and I've verified the instances are reachable through the AWS CLI with the following:

aws ssm describe-instance-information \
--instance-information-filter-list key=InstanceIds,valueSet=instance-id

I can start the session and it opens the terminal view and after a delay sends me this error or a black screen,

Your session has been terminated for the following reasons: 
document process failed unexpectedly: document worker timed out, 
check [ssm-document-worker]/[ssm-session-worker] log for the crash reason

I've tried updating the agent version, verifying the agent is installed and active through the CLI, triple-checked security groups, the IAM role, and differences, and have hit a wall.

Is this an AWS bug that other people have seen or am I missing something in my configuration? I might be missing something but everything I've seen shows two instances with the same properties where one works with the SSM session manager and the other one doesn't.

Bellay answered 13/9, 2019 at 21:11 Comment(0)
H
3

Possible Solutions: 2

  1. Upgrade the SSM agent on the AWS EC2 instance.

Sometimes you are not able to connect to the AWS EC2 instance via AWS SSM Session Manager because of the older or outdate SSM agent. So, you have to upgrade it. So, to do so, run the commands based on your AWS EC2 instance OS. As I was using Amazon Linux 2, I ran the following commands:

sudo yum info amazon-ssm-agent
sudo yum install -y https://s3.us-east-1.amazonaws.com/amazon-ssm-us-east-1/latest/linux_amd64/amazon-ssm-agent.rpm
sudo yum info amazon-ssm-agent
sudo systemctl enable amazon-ssm-agent
sudo systemctl start amazon-ssm-agent
sudo systemctl status amazon-ssm-agent
  1. Enable instance metadata options on the AWS EC2 instance.

If this is disabled for some reason, you will get the same error and you won't be able to connect to the AWS EC2 instance via AWS SSM Session Manager. So, you have to enable it. To do so, run the following command: aws ec2 modify-instance-metadata-options --instance-id i-012abc123456789 --http-endpoint enabled

References:

Hass answered 22/12, 2021 at 14:12 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.