0

I am creating an EC2 instance on AWS with Terraform that contains the user_data parameter to install docker and assign it to the user ssm-user.

I don't want to enable the ssh connection (22) and I have only enabled access via Session Manager in System Manager.

This is the shell script:

#!/bin/bash
set -ex
sudo yum update -y
sudo amazon-linux-extras install docker -y
sudo usermod -a -G docker ssm-user
sudo chown ssm-user:ssm-user /home/ssm-user/.docker -R
sudo chmod g+rwx "/home/ssm-user/.docker" -R
sudo chown ssm-user:docker /var/run/docker.sock
sudo systemctl enable docker
sudo systemctl start docker

However, when I access the EC2 instance via Session Manager and run the docker ps command I get the following error:

Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

Why is this happening as if nothing is being executed?

user1911
  • 680
  • 1
  • 14
  • 36

2 Answers2

3

You need to look at /var/log/cloud-init-output.log. it captures console output and probably has an error in your script. See more here.

It probably says that user 'ssm-user' does not exist

By the way - you don't need sudo in user data. The commands are run as root

Felix
  • 9,248
  • 10
  • 57
  • 89
1

I had this same problem, so I figured I'd paste in my code change to create the ssm-user via the user_data instead of waiting for an ssm session to start.

adduser -m ssm-user
tee /etc/sudoers.d/ssm-agent-users <<'EOF'
# User rules for ssm-user
ssm-user ALL=(ALL) NOPASSWD:ALL
EOF
chmod 440 /etc/sudoers.d/ssm-agent-users 
# Now adding the ssm-user works!
usermod -a -G docker ssm-user

I copied the code from ssm-agent github

Normally, the ssm-user is created the first time a ssm session is started. Reference: here

On version 2.3.612.0 and later, the ssm-user account is created the first time a session is started on an instance. This ssm-user is the default OS user when a session starts in Session Manager, a capability of AWS Systems Manager.

dschofie
  • 166
  • 1
  • 5