I'm working on using hybrid activation for an Appstream image builder to automate the image building process. I've successfully registered the image builder instance, but I'm not seeing it listed as a managed instance in the console. I've checked the logs and encountered this error: 'Retrieve credentials produced error: RequestError: send request failed; caused by: Post "https://ssm.us-east-1.amazonaws.com/": Forbidden'. I also see retry attempts for credential retrieval. Any ideas on what might be wrong?
3 Answers
Just a heads up—when you finally get it to work, I found that it can mess with the snapshot process, which prevents you from creating an image from it. Keep us posted on how it goes!
Have you made sure that your instance has the AmazonSSMManagedInstanceCore policy attached? That’s a common requirement for it to show up in the SSM fleet manager.
I've looked into this issue too. Here’s what I checked:
1. Local firewall policies are correctly set.
2. The instance has access to the internet or an SSM endpoint.
3. I restarted the AmazonSSMAgent service. Let me know if that helps!
I tried getting it to work, but when the SSM agent was installed and I attempted to take a snapshot, it was successful! Just be careful; it might not work after your registration succeeds.