Fix for Amazon SSM Login on rootfs (no disk space left)

amazon
ssm

| Created December 4, 2025 | Modified December 9, 2025

Sometimes AWS’s SSM StartInteractiveCommand doesn’t work once an EC2 instance’s root fs has run out of disk space.

aws ssm start-session \
  --target i-0ab4e6dce100a0f58 \
  --document-name AWS-StartInteractiveCommand

/etc/systemd/system/var-lib-amazon-ssm.mount

# SSM agent won't be able to login when disk is full
# so we reserve some space in-memory

[Unit]
Description=Mount /var/lib/amazon/ssm as tmpfs for SSM Agent
Documentation=man:systemd.mount(5)
Before=amazon-ssm-agent.service

[Mount]
What=tmpfs
Where=/var/lib/amazon/ssm
Type=tmpfs
# Mount options:
#   defaults: Standard options
#   noatime: Do not update inode access times for performance
#   nosuid: Do not allow set-user-identifier or set-group-identifier bits to take effect
#   nodev: Do not interpret character or block special devices
#   noexec: Do not allow execution of binaries
#   mode=1777: Set directory permissions to rwxrwxrwt (sticky bit, world-writable)
#   size=64M: Limit the size of the tmpfs to 64 megabytes
Options=defaults,noatime,nosuid,nodev,exec,mode=1777,size=64M

[Install]
WantedBy=multi-user.target

Enable it with:

systemctl enable var-lib-amazon-ssm.mount
systemctl start var-lib-amazon-ssm.mount