Error No IMDS credentials found on instance.failed to run commands: exit status 156

0

I'm trying to automate Patching on Ubuntu 20.04 EC2 instances with Patch Manager and I'm getting this error while trying to execute AWS-QuickSetup-PatchPolicy-ScanForPatches: No IMDS credentials found on instance.failed to run commands: exit status 156

Output log:

/usr/bin/python3

/usr/bin/apt-get

Reading package lists...

Building dependency tree...

Reading state information...

Suggested packages:

python3-apt-dbg python-apt-doc

The following packages will be upgraded:

python3-apt

1 upgraded, 0 newly installed, 0 to remove and 98 not upgraded.

Need to get 154 kB of archives.

After this operation, 0 B of additional disk space will be used.

Get:1 http://eu-central-1.ec2.archive.ubuntu.com/ubuntu focal-updates/main amd64 python3-apt amd64 2.0.1ubuntu0.20.04.1 [154 kB]

Fetched 154 kB in 0s (7140 kB/s)

(Reading database ... (Reading database ... 5% (Reading database ... 10% (Reading database ... 15% (Reading database ... 20% (Reading database ... 25% (Reading database ... 30% (Reading database ... 35% (Reading database ... 40% (Reading database ... 45% (Reading database ... 50% (Reading database ... 55% (Reading database ... 60% (Reading database ... 65% (Reading database ... 70% (Reading database ... 75% (Reading database ... 80% (Reading database ... 85% (Reading database ... 90% (Reading database ... 95% (Reading database ... 100% (Reading database ... 66481 files and directories currently installed.)

Preparing to unpack .../python3-apt_2.0.1ubuntu0.20.04.1_amd64.deb ...

Unpacking python3-apt (2.0.1ubuntu0.20.04.1) over (2.0.0ubuntu0.20.04.8) ...

Setting up python3-apt (2.0.1ubuntu0.20.04.1) ...

Using python binary: 'python3'

Using Python Version: Python 3.8.10

05/24/2023 10:25:31 root [INFO]: Downloading payload from https://s3.dualstack.eu-central-1.amazonaws.com/aws-ssm-eu-central-1/patchbaselineoperations/linux/payloads/patch-baseline-operations-1.108.tar.gz

05/24/2023 10:25:31 root [INFO]: Attempting to import entrance file os_selector

05/24/2023 10:25:32 root [INFO]: Running with snapshot id = and operation = Scan

05/24/2023 10:25:32 root [INFO]: Downloading Baseline Override from s3://aws-quicksetup-patchpolicy-012881927014-b0p5g/baseline_overrides.json

05/24/2023 10:25:32 root [ERROR]: Unable to download file from S3: s3://aws-quicksetup-patchpolicy-012881927014-b0p5g/baseline_overrides.json.

05/24/2023 10:25:32 root [ERROR]: Error loading entrance module.

Traceback (most recent call last):

File "/var/log/amazon/ssm/patch-baseline-operations/common_startup_entrance.py", line 203, in execute

exit( entrance_module.execute(*argv))

File "/var/log/amazon/ssm/patch-baseline-operations/os_selector.py", line 54, in execute

common_os_selector_methods.fetch_snapshot(operation_type, instance_id, region, reboot_option, document_step,

File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 279, in fetch_snapshot

baseline_override_dict = load_baseline_override(instance_id, baseline_override, document_step, region)

File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/baseline_override.py", line 29, in load_baseline_override

baseline_overrides = _download_baseline_override_content(instance_id, baseline_override_path, region)

File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/baseline_override.py", line 97, in _download_baseline_override_content

if download_file(instance_id, baseline_override_path, file_name, region):

File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/downloader.py", line 56, in download_file

downloaded = download_from_s3(instance_id, remote_path, local_file_path, region)

File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/downloader.py", line 35, in download_from_s3

s3_client.download_file(result.group(1), result.group(2), file_path)

File "/var/log/amazon/ssm/patch-baseline-operations/boto3/s3/inject.py", line 170, in download_file

return transfer.download_file(

File "/var/log/amazon/ssm/patch-baseline-operations/boto3/s3/transfer.py", line 307, in download_file

future.result()

File "/var/log/amazon/ssm/patch-baseline-operations/s3transfer/futures.py", line 106, in result

return self._coordinator.result()

File "/var/log/amazon/ssm/patch-baseline-operations/s3transfer/futures.py", line 265, in result

raise self._exception

File "/var/log/amazon/ssm/patch-baseline-operations/s3transfer/tasks.py", line 255, in _main

self._submit(transfer_future=transfer_future, **kwargs)

File "/var/log/amazon/ssm/patch-baseline-operations/s3transfer/download.py", line 342, in _submit

response = client.head_object(

File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 276, in _api_call

return self._make_api_call(operation_name, kwargs)

File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 586, in _make_api_call

raise error_class(parsed_response, operation_name)

botocore.exceptions.ClientError: An error occurred (404) when calling the HeadObject operation: Not Found

05/24/2023 10:25:32 root [ERROR]: An error occurred (404) when calling the HeadObject operation: Not Found

Traceback (most recent call last):

File "/var/log/amazon/ssm/patch-baseline-operations/common_startup_entrance.py", line 203, in execute

exit( entrance_module.execute(*argv))

File "/var/log/amazon/ssm/patch-baseline-operations/os_selector.py", line 54, in execute

common_os_selector_methods.fetch_snapshot(operation_type, instance_id, region, reboot_option, document_step,

File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 279, in fetch_snapshot

baseline_override_dict = load_baseline_override(instance_id, baseline_override, document_step, region)

File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/baseline_override.py", line 29, in load_baseline_override

baseline_overrides = _download_baseline_override_content(instance_id, baseline_override_path, region)

File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/baseline_override.py", line 97, in _download_baseline_override_content

if download_file(instance_id, baseline_override_path, file_name, region):

File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/downloader.py", line 56, in download_file

downloaded = download_from_s3(instance_id, remote_path, local_file_path, region)

File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/downloader.py", line 35, in download_from_s3

s3_client.download_file(result.group(1), result.group(2), file_path)

File "/var/log/amazon/ssm/patch-baseline-operations/boto3/s3/inject.py", line 170, in download_file

return transfer.download_file(

File "/var/log/amazon/ssm/patch-baseline-operations/boto3/s3/transfer.py", line 307, in download_file

future.result()

File "/var/log/amazon/ssm/patch-baseline-operations/s3transfer/futures.py", line 106, in result

return self._coordinator.result()

File "/var/log/amazon/ssm/patch-baseline-operations/s3transfer/futures.py", line 265, in result

raise self._exception

File "/var/log/amazon/ssm/patch-baseline-operations/s3transfer/tasks.py", line 255, in _main

self._submit(transfer_future=transfer_future, **kwargs)

File "/var/log/amazon/ssm/patch-baseline-operations/s3transfer/download.py", line 342, in _submit

response = client.head_object(

File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 276, in _api_call

return self._make_api_call(operation_name, kwargs)

File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 586, in _make_api_call

raise error_class(parsed_response, operation_name)

botocore.exceptions.ClientError: An error occurred (404) when calling the HeadObject operation: Not Found

Errror log:

debconf: unable to initialize frontend: Dialog

debconf: (TERM is not set, so the dialog frontend is not usable.)

debconf: falling back to frontend: Readline

debconf: unable to initialize frontend: Readline

debconf: (This frontend requires a controlling tty.)

debconf: falling back to frontend: Teletype

dpkg-preconfigure: unable to re-open stdin:

/var/log/amazon/ssm/patch-baseline-operations/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="?

if x is 0 or x is 1:

/var/log/amazon/ssm/patch-baseline-operations/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="?

if x is 0 or x is 1:

/var/log/amazon/ssm/patch-baseline-operations/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="?

elif y is 0 or y is 1:

/var/log/amazon/ssm/patch-baseline-operations/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="?

elif y is 0 or y is 1:

/var/log/amazon/ssm/patch-baseline-operations/jmespath/visitor.py:260: SyntaxWarning: "is" with a literal. Did you mean "=="?

if original_result is 0:

No IMDS credentials found on instance.failed to run commands: exit status 156

Could someone help me with this one?

Instance Details:

NAME="Ubuntu"
VERSION="20.04.5 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.5 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
1 réponse
0

Hi, this is very probably due to the fact that your EC2 instance doesn't have the right permissions for Patch Manager in its execution role. You'll find all details about the policies to include in this role here: https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-permissions.html

You should probably validate proper IMDS access to the metadata from a connected terminal first: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html

profile pictureAWS
EXPERT
répondu il y a 10 mois
  • Thank you for your answer But I forgot to say that I already attach to EC2 a instance profile with 2 policy:

    • AmazonSSMManagedInstanceCore (AWS managed)
    • aws-quicksetup-patchpolicy-baselineoverrides-s3 (created when launch patch policy)
  • Ok, then look at this one: very similar to your use case

    https://github.com/boto/boto3/issues/2710

  • I don't really undestand why this is similar to my case ... Could you tell me more specific?

  • The same issue for me as well, I guess when we run curl http://169.254.169.254/latest/meta-data/ The "System" parameter is not getting displayed, any configuration do we needed to add?

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions