[HOWTO] EC2Launch – agent failed to assume identity

The other day I stumbled upon a string of similar events logged from some of my Windows EC2 instances in regards to the SSM Agent. It simply refused to start up, and examining the log files, I could see the following:

2022-09-23 08:09:39 ERROR Agent failed to assume any identity
2022-09-23 08:09:39 ERROR failed to find identity, retrying: failed to find agent identity

After a little digging, the likely culprit was a corrupt EC2Launch installation and missing routes for it to communicate with the AWS backbone. Fixing this was quite easy once I knew what the issue was.

First we need to update EC2Launch

mkdir $env:USERPROFILE\Desktop\EC2Launch
$Url = "https://s3.amazonaws.com/ec2-downloads-windows/EC2Launch/latest/EC2-Windows-Launch.zip"
$DownloadZipFile = "$env:USERPROFILE\Desktop\EC2Launch\" + $(Split-Path -Path $Url -Leaf)
Invoke-WebRequest -Uri $Url -OutFile $DownloadZipFile
$Url = "https://s3.amazonaws.com/ec2-downloads-windows/EC2Launch/latest/install.ps1"
$DownloadZipFile = "$env:USERPROFILE\Desktop\EC2Launch\" + $(Split-Path -Path $Url -Leaf)
Invoke-WebRequest -Uri $Url -OutFile $DownloadZipFile
& $env:USERPROFILE\Desktop\EC2Launch\install.ps1

Then once EC2Launch has been updated, we need to add the default routes required.

Import-Module "C:\ProgramData\Amazon\EC2-Windows\Launch\Module\Ec2Launch.psd1"
Add-Routes

Now go back to services.msc and perform a stop and start of the SSM Agent. It should now be able to start up again without any issues.