Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Diagnosing and remediating

PDF
RSS
Focus mode
Diagnosing and remediating - AWS Systems Manager

Using the unified Systems Manager console, you can identify problems across your fleet in a single diagnosis operation. For organizations, you can then attempt remediation on all or only select targets using a single Automation operation. For an organization, as a delegated account administrator, you can select targets across all accounts and Regions. If you are working in a single account, you can select targets in a single Region at a time.

Systems Manager can diagnose and help you remediate several types of deployment failures, as well as drifted configurations. Systems Manager can also identify Amazon Elastic Compute Cloud (Amazon EC2) instances in your account or organization that Systems Manager isn't able to treat as a managed node. The EC2 instance diagnosis process can identify issues related to misconfigurations for a virtual private cloud (VPC), in a Domain Name Service (DNS) setting, or in an Amazon Elastic Compute Cloud (Amazon EC2) security group.

Note

Systems Manager supports both EC2 instances and other machine types in a hybrid and multicloud environment as managed nodes. To be a managed node, AWS Systems Manager Agent (SSM Agent) must be installed on the machine, and Systems Manager must have permission to perform actions on the machine.

For EC2 instances, this permission can be provided at the account level using an AWS Identity and Access Management (IAM) role, or at the instance level using an instance profile. For more information, see Configure instance permissions required for Systems Manager.

For non-EC2 machines, this permission is provided using an IAM service role. For more information, see Create the IAM service role required for Systems Manager in hybrid and multicloud environments.

Before you begin

In order to use the Diagnose and remediate feature to detect unmanaged EC2 instances, you must first onboard your organization or account to the unified Systems Manager console. During this process, you must choose the option to create IAM roles and managed policies required for these operations. For more information, see Setting up Systems Manager unified console for an organization.

Use the following topics to help you identify and fix certain common types of failed deployments, drifted configurations, and unmanaged EC2 instances.

Topics
PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.