Unable to Validate Encryption on Amazon S3 Bucket
When attempting to start a Systems Manager session to an EC2 instance within an AWS account managed by Stax, you may receive an error message similar to the below:
Starting session with Sessionzd_id: my-account-04e3abb2988da4862
Sessionzd_id: my-account-04e3abb2988da4862 : Couldn't start the session because we are unable to validate encryption on Amazon S3 bucket. Error: AccessDenied: Access Denied
status code: 403, request zd_id: F51F5BFDC9981FFF, host zd_id: <your-host-id>
This error occurs because Stax updates the Systems Manager configuration to output logs to an encrypted bucket in your logging account. You need to grant your EC2 instances permission to write to this bucket.
To resolve this error, follow the steps at Use Systems Manager Session Manager with Stax Networks VPCs. If you're not using Stax Networks, you can skip directly to the Configure the IAM Instance Profile.