1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
The error message you're encountering (AccessDeniedException) indicates that the IAM role or user associated with the AWS Systems Manager (SSM) doesn't have the necessary permissions to execute the GetDeployablePatchSnapshotForInstance operation.
To resolve this issue, you need to attach a policy to the IAM role or user that grants the required permissions. Here's an example of an IAM policy that allows the necessary actions for AWS Systems Manager Patch Manager:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ssm:DescribeInstanceInformation",
"ssm:DescribeInstancePatches",
"ssm:DescribeInstancePatchStates",
"ssm:GetDeployablePatchSnapshotForInstance",
"ssm:ListInstanceAssociations",
"ssm:DescribeInstanceAssociationsStatus",
"ssm:DescribeAvailablePatches",
"ssm:GetPatchBaseline",
"ssm:GetPatchBaselineForPatchGroup",
"ssm:DescribePatchGroups",
"ssm:DescribePatchGroupState",
"ssm:DescribeOperatingSystems",
"ssm:DescribePatchProperties",
"ssm:DescribeMaintenanceWindowSchedule",
"ssm:GetMaintenanceWindow",
"ssm:GetMaintenanceWindowExecution",
"ssm:GetMaintenanceWindowExecutionTask",
"ssm:GetMaintenanceWindowExecutionTaskInvocation",
"ssm:ListResourceComplianceSummaries",
"ssm:GetComplianceSummary",
"ssm:DescribeInstancePatchStatesForPatchGroup",
"ssm:ListComplianceItems",
"ssm:ListComplianceSummaries"
],
"Resource": "*"
}
]
}
To attach this policy to an IAM role or user, follow these steps:
- Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
- In the navigation pane, click "Roles" or "Users" depending on whether you want to attach the policy to a role or a user.
- Find the role or user you want to attach the policy to and click on its name.
- Click "Add inline policy" on the "Permissions" tab.
- Click the "JSON" tab, then copy and paste the policy JSON into the editor.
- Click "Review policy", provide a name for the policy, and click "Create policy".
After attaching the policy to the IAM role or user, you should no longer receive the "AccessDeniedException" error when using AWS Systems Manager Patch Manager.
Contenus pertinents
- demandé il y a 2 mois
- demandé il y a un an
- demandé il y a 6 mois
- AWS OFFICIELA mis à jour il y a 5 ans