0

I want to start an AWS SSM session to an EC2 Amazon linux machine. In my AWS Systems Manager preferences I have set RunAs user as ubuntu so basically I am looking for a command which would let me start a session with a different RunAs user.

Something like this:

aws ssm start-session --target i-id --RunAs ec2-user

Current error message which I get on executing:

aws ssm start-session --target i-id

----------ERROR-------
Unable to start command: failed to start pty since RunAs user ubuntu does not exist
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Srinjoy Choudhury
  • 622
  • 1
  • 4
  • 19
  • is this a ubuntu machine or amazon Linux or some other distribution? – Amith Jayasekara Aug 08 '21 at 13:53
  • @AmithJayasekara Amazon Linux Machine – Srinjoy Choudhury Aug 08 '21 at 14:24
  • Does the instance appear in the Session Manager management console? Can you connect via that console? – John Rotenstein Aug 08 '21 at 23:42
  • The awscli command uses the "default user on the instance" and that default user is determined by the AMI. It looks like you claim to have an Amazon Linux instance whose default user is typically ec2-user but SSM thinks it is ubuntu and that user doesn't actually exist. I'm not sure how that would happen. Is this a standard Amazon Linux AMI launch or do you have a custom AMI? – jarmod Aug 08 '21 at 23:51
  • `which would let me start a session with a different RunAs user.` why? By default the ssm runs under the `ssm-user` system user – gusto2 Aug 09 '21 at 01:17

1 Answers1

2

Found this on the AWS Knowledge center article, this might help you.

https://aws.amazon.com/premiumsupport/knowledge-center/ssm-session-manager-connect-fail/

RunAs user name is not valid Error: "Invalid RunAs username"

-or-

Error: "Unable to start shell: failed to start pty since RunAs user xyz does not exist"

Session Manager fails if Enable Run As support for Linux instances is blank or specifies an operating system user name that isn't valid.

To fix this issue, you can provide a valid operating system user name (for example, ubuntu, ec2-user, or centos). Then, verify that the IAM user or role that starts the session is tagged with SSMSessionRunAs = os-user-account-name. The user account must also exist on the operating system. For more information, see Enable run as support for Linux and macOS instances.

Or, you can clear Enable Run As support for Linux instances.

Amith Jayasekara
  • 421
  • 1
  • 4
  • 11