Code Monkey home page Code Monkey logo

Comments (1)

ivan-khvostishkov avatar ivan-khvostishkov commented on May 23, 2024

Hi, @airlangga-gunawan-faculty , thanks for reporting the issue and apologies for the delayed response due to my PTO.

You are right that IMDS access is blocked, but SSM Agent should never reach this stage.
Basically, the successful initialization inside SageMaker Studio looks like this:

sm-ssh-ide: Starting SSM agent
--
Initializing new seelog logger
New Seelog Logger Creation Complete
2023/10/12 11:13:48 Found config file at /etc/amazon/ssm/amazon-ssm-agent.json.
Applying config override from /etc/amazon/ssm/amazon-ssm-agent.json.
2023/10/12 11:13:48 processing appconfig overrides
2023/10/12 11:13:48 Found config file at /etc/amazon/ssm/amazon-ssm-agent.json.
Applying config override from /etc/amazon/ssm/amazon-ssm-agent.json.
2023/10/12 11:13:48 processing appconfig overrides
2023-10-12 11:13:48 INFO Proxy environment variables:
2023-10-12 11:13:48 INFO https_proxy:
2023-10-12 11:13:48 INFO http_proxy:
2023-10-12 11:13:48 INFO no_proxy:
2023-10-12 11:13:48 INFO Checking if agent identity type OnPrem can be assumed
2023-10-12 11:13:48 INFO Agent will take identity from OnPrem
2023-10-12 11:13:48 INFO [amazon-ssm-agent] using named pipe channel for IPC
2023-10-12 11:13:48 INFO [amazon-ssm-agent] using named pipe channel for IPC
2023-10-12 11:13:48 INFO [amazon-ssm-agent] using named pipe channel for IPC
2023-10-12 11:13:48 INFO [amazon-ssm-agent] amazon-ssm-agent - v3.2.1705.0
2023-10-12 11:13:48 INFO [amazon-ssm-agent] OS: linux, Arch: amd64
2023-10-12 11:13:48 INFO [amazon-ssm-agent] Starting Core Agent
2023-10-12 11:13:48 INFO [CredentialRefresher] credentialRefresher has started
2023-10-12 11:13:48 INFO [CredentialRefresher] Starting credentials refresher loop
2023-10-12 11:13:48 INFO [CredentialRefresher] Credentials ready
2023-10-12 11:13:48 INFO [CredentialRefresher] Next credential rotation will be in 29.99631267835 minutes
2023-10-12 11:13:49 INFO [amazon-ssm-agent] [LongRunningWorkerContainer] [WorkerProvider] Worker ssm-agent-worker is not running, starting worker process
2023-10-12 11:13:49 INFO [amazon-ssm-agent] [LongRunningWorkerContainer] [WorkerProvider] Worker ssm-agent-worker (pid:14716) started
2023-10-12 11:13:49 INFO [amazon-ssm-agent] [LongRunningWorkerContainer] Monitor long running worker health every 60 seconds

As you can see, it should be taking the OnPrem identity, not the EC2. This behaviour is verified by unit tests that are reproducible, e.g. take a look at the IDE test for version 2.1.0.

So you should be looking for the difference between the test environment and your environment. Few things to check inside SageMaker Studio Kernel, e.g. from the image terminal:

1/ That /etc/amazon/ssm/amazon-ssm-agent.json file exists and corresponds to sm-setup-ssh .

2/ The AWS_CONTAINER_CREDENTIALS_RELATIVE_URI variable exists inside kernel gateway app and you don't accidentally reset it inside your lifecycle configuration script.

Check the LifecycleConfigOnStart log in CloudWatch, it should contain the following lines

sm-save-env: Dumping environment
...
AWS_CONTAINER_CREDENTIALS_RELATIVE_URI='/_sagemaker-instance-credentials/abcdef0123456789example'

This env var belongs to Container credential provider (https://docs.aws.amazon.com/sdkref/latest/guide/feature-container-credentials.html), in contrast to the IMDS provider.

3/ Try the iPython notebook instead of the lifecycle config to check if it makes any difference.

If the above steps won't help, please, create a technical support case and refer them to this issue, so that I can take a look closer together with the support team.

from sagemaker-ssh-helper.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.