We've observed that when running SSM by tag in large-scale environments, the experiment sometimes reports IAM permission issues even though both the EC2 and litmus service accounts have full SSM permissions.

Background:

The current implementation calls DescribeInstanceInformation function to fetch a list of EC2 instances managed by SSM.
However, the API returns paginated results. If the target instance is located on a later page, the code may not find it in the initial response.
ref: check max result here and here
When an instance isn’t found, the error message reports a permission issue, which is misleading given that the necessary SSM:* permissions are correctly set.

Proposed Solution:

Modify the code to handle pagination properly by using the provided DescribeInstanceInformationPages.
Adjust the error message so that if an EC2 instance is not found after checking all pages, it reports that the instance could not be located (possibly due to missing tags or other filtering issues), rather than incorrectly indicating an IAM permission error.

Impact:
Implementing this fix will prevent false-positive permission errors, especially in environments with a large number of instances, and will provide clearer, more accurate error messaging for users.