调用 SendSerialConsoleSSHPublicKey 操作时发生错误 (SerialConsoleAccessNotEnabled):账户未启用串行控制台访问,或实例类型不支持此功能
An error occurred (SerialConsoleAccessNotEnabled) when calling the SendSerialConsoleSSHPublicKey operation: Serial console access is not enabled for the account or is not supported for the instance type
ID: aws/ec2-instance-connect-ip-not-authorized
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| EC2 API 2016-11-15 | active | — | — | — |
| AWS CLI 2.14.0 | active | — | — | — |
根因分析
EC2 串行控制台访问未在账户级别启用,或者实例类型不支持串行控制台连接(例如裸金属或较旧的实例)。
English
EC2 Serial Console access is not enabled at the account level, or the instance type does not support serial console connections (e.g., bare metal or older instances).
官方文档
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-serial-console.html解决方案
-
在 AWS 区域中为账户启用 EC2 串行控制台:'aws ec2 enable-serial-console-access --region us-east-1'(需要 ec2:EnableSerialConsoleAccess 权限)。然后重试连接。
-
如果实例类型不受支持,启动一个支持串行控制台的新 EC2 实例(例如 t3、m5、c5 系列)。查看 AWS 文档获取完整列表。
无效尝试
常见但无效的做法:
-
85% 失败
Enabling serial console access via IAM policies alone doesn't work; the account-level feature must be explicitly enabled using the EC2 console or CLI.
-
95% 失败
Trying to use serial console on unsupported instance types (e.g., t2.micro, m5.metal) will always fail, even with account-level enablement.