Dieser Inhalt ist in der ausgewählten Sprache nicht verfügbar
Wir arbeiten ständig daran, Inhalte in der ausgewählten Sprache bereitzustellen. Vielen Dank für deine Geduld.
How do I troubleshoot a failed Patch Manager command on my Amazon EC2 Linux instance?
Lesedauer: 3 Minute
0
I want to use the AWSSupport-TroubleshootPatchManagerLinux runbook to troubleshoot a failed Patch Manager command on an Amazon Elastic Compute Cloud (Amazon EC2) Linux instance.
Short description
Use the AWSSupport-TroubleshootPatchManagerLinuxAWS Systems Manager automation runbook to analyze Patch Manager issues on your Amazon EC2 Linux instance. The runbook analyzes patching logs to detect the root cause of failed commands. Then, it suggests remediation steps.
Before you start the AWSSupport-TroubleshootPatchManagerLinux runbook, make sure that your environment meets the following requirements:
The operating system is one of the following:
Amazon Linux 2 or 2023
Red Hat Enterprise Linux 8 or 9
CentOS 8 or 9
Ubuntu 18.04, 20.04, or 22.04
SUSE Linux Enterprise Server 15
AWS Systems Manager Agent (SSM Agent) manages the EC2 Linux instance.
One of the following packages must be available on the instance: Python 3.7.0 or later, GNU Wget, curl, or unzip.
The instance connects to Amazon Simple Storage Service (Amazon S3) endpoints to download code from the AWS owned bucket with the following ARN: arn:aws:s3:::aws-ssm-document-attachments-region/*.
The AWS Identity and Access Management (IAM) user or role must have the permissions listed in the Required IAM permissions section of AWSSupport-TroubleshootPatchManagerLinux.
Resolution
To launch the runbook, complete the following steps:
Enter the following values for the input parameters: InstanceId (required): The EC2 instance ID that the patch command failed against. Use the interactive instance picker or manually enter the EC2 Linux instance ID. AutomationAssumeRole (optional): The ARN of the IAM role that allows Automation to perform actions. If you don't specify a role, then the automation uses the permissions of the user that starts the runbook. RunCommandId (optional): The failed run command ID for the AWS-RunPatchBaseline document. If you don't provide the command ID, then the runbook reviews the instance for the latest failed patch commands from the last 30 days.
Choose Execute.
After the automation completes, review the detailed results in the Outputs section. This section displays identified issues with additional details, and suggests actionable solutions. To address your patch issues, implement the recommendations and rerun the Patch Manager command.