Hi there,
I have created a patch policy in Systems Manager for one of my Windows server instances but it returned the following Access Denied error.
I have attempted the following but no success..
- Updated SSM agent to the latest version
- Added the required AmazonSSMManagedInstanceCore permissions
- Created IAM policy to update patch baseline
- Used custom cron expression instead of the default schedule to see if there's any difference but had the same Access Denied error.
Seems like some permission issue but just not sure which exact part to look at. Could be something within the server. Has anyone else experienced this error before?
**Invoke-PatchBaselineOperation : Access Denied
At C:\ProgramData\Amazon\SSM\InstanceData\document\orchestration\f41cf6bb-bf64-4908-8aa0-095bfe0102
b8\PatchWindows_script.ps1:219 char:13
failed to run commands: exit status 0xffffffff**
AWS 공식업데이트됨 일 년 전
Hi Damini_K, Thanks for your response! Unfortunately, I do already have that permission associated with the instance but still having the same error. These are the permissions associated currently:
AmazonEC2RoleforSSM AmazonS3FullAccess AmazonSSMManagedInstanceCore AmazonSSMFullAccess
I have also made sure the 'Configure Automatic Updates' in group policy is set to disabled in the server to allow patch manager to handle updates. Any insight on this issue is greatly appreciated