For an EC2 instance to appear as a managed instance in AWS Systems Manager, several prerequisites must be met. Two of the most fundamental requirements are that the Systems Manager Agent (SSM Agent) is installed and running on the instance, and that the instance has an IAM role attached that grants the necessary permissions for Systems Manager to communicate with the service.
When importing a VM from an on-premises environment, the resulting AMI might not include the SSM Agent by default, or the agent might not be enabled to start automatically. If the agent is missing or not running, the instance cannot register with Systems Manager, and it will not appear in the Systems Manager console as a managed instance. Therefore, verifying that the SSM Agent is installed and running is a primary troubleshooting step.
Additionally, the EC2 instance must have an IAM instance profile (role) attached that includes the permissions required by Systems Manager. Typically, this is achieved by attaching a role that includes the AmazonSSMManagedInstanceCore managed policy. Without the appropriate IAM role, even a correctly installed and running agent will not be able to register the instance or perform Systems Manager operations.
Option C (VPC endpoint existence) is not required in this scenario because the instance is in a public subnet and has a public IP address. In this case, the instance can communicate with the Systems Manager endpoints over the internet. VPC endpoints are required when instances do not have internet access (for example, in private subnets without NAT or public IPs), which is not the case here.
Option D (Application Discovery Agent) is unrelated. The AWS Application Discovery Agent is used for migration assessment and discovery of on-premises workloads, not for Systems Manager managed instance registration.
Option E (service-linked roles) is generally not a common cause for a single instance failing to appear as managed, especially when other Systems Manager functionality is working in the account. Service-linked roles for Systems Manager are usually created automatically when needed and do not typically prevent an individual instance from registering if the agent and instance role are correctly configured.
Therefore, the correct troubleshooting steps are to verify the presence and operation of the Systems Manager Agent and to ensure the EC2 instance has the correct IAM role attached.
[References:AWS documentation on prerequisites for AWS Systems Manager managed instances, including the requirement for the SSM Agent to be installed and running.AWS documentation on IAM instance profiles and required permissions (such as AmazonSSMManagedInstanceCore) for EC2 instances to be managed by Systems Manager., , ]
Submit