SSM agent installed on EC2 instance must have access to instance metadata to obtain the AWS region(since SSM is a regional service and has regional endpoints) and temporary credentials ( from IAM role) to then initiate a communication to the AWS Systems Manage service in AWS Cloud. In the case of hybrid activation process is different and has no relevance to instance metadata. The agent obtains the necessary info from registration file that is created on the source machine.

@@unmaskITnow Thank you very much for the answer. And one last question. When you launch an Amazon EC2 instance with public IP and needed SSM Agent IAM Role, is it also registered somehow with ID and Activation code as the hybrid activation or the process is different ?

For an EC2 instance running SSM agent in public subnet, it will use the permissions from IAM role attached to the instance and there is no hybrid activation process as it applies in the case of non EC2 nodes