Skip to content

Get Hands-on with Amazon EKS - Workshop Event Series

Whether you're taking your first steps with Kubernetes or you're an experienced practitioner looking to sharpen your skills, our Amazon EKS workshop series delivers practical, real-world experience that moves you forward. Learn directly from AWS solutions architects and EKS specialists through hands-on sessions designed to build your confidence with Kubernetes. Register now and start building with Amazon EKS!

I am getting this status "Unable to assume the provided role" when I try to run patch baseline using maintenance window

0

I am trying to setup patching activities on ec2 instances. I referred this link https://docs.aws.amazon.com/systems-manager/latest/userguide/troubleshooting-maintenance-windows.html#incorrect-ssm-permissions . I am currently using the default patching baselines. Could you please help me understand what additional policies/permissions I need to add, apart from AmazonSSMManagedInstanceCore, for patching activities?

Topics: Security, Identity, & Compliance
Tags: AWS Identity and Access Management
Language: English

asked 2 years ago757 views

1 Answer

Newest
Most votes
Most comments

3

Accepted Answer

Hello.

What you need is the IAM role used by the maintenance window, not the EC2 IAM role.
Please create the IAM role used by the maintenance window by following the steps described in the document below.
https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-perm-console.html#sysman-maintenance-role-policy
https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html

EXPERT

answered 2 years ago

EXPERT

reviewed 2 years ago

EXPERT

reviewed 2 years ago

EXPERT

reviewed 2 years ago

Relevant content

I am working on to Automate Windows EC2 servers Patching(Scan and install) but unfortunately Patching was failed with the error as given in description. Attached Screen capture as well. Kindly suggest
Manoj
asked 2 years ago
Unable to use patch policy for EC2 Windows Server 2019 Instance
rePost-User-1311682
asked 3 years ago
Unable to perform patch scan on Ubuntu instances
Skyrail
asked 3 years ago
Trouble Installing Patch (KB5056579) on Windows EC2 Instance
Usama
asked 6 months ago
How do I resolve Quick Setup patch policy errors in Systems Manager?
AWS OFFICIALUpdated a year ago
How do I configure maintenance windows for patching Amazon EC2 and hybrid nodes in multiple environments using Systems Manager?
AWS OFFICIALUpdated 3 years ago
How do I troubleshoot patching issues related to Amazon EC2 Windows instance when I use the Patch Manager AWS-RunPatchBaseline document?
AWS OFFICIALUpdated 3 years ago
How do I troubleshoot a missing KB patch after a successful patching operation on EC2 Windows instances through Patch Manager?
AWS OFFICIALUpdated 3 years ago
How do I troubleshoot and deep dive windows patching / updates installation failures on EC2 Windows Instances?
EXPERT
Phanindra V
published a year ago
SSM Patch Manager scan fails on Ubuntu due to APT repository GPG key and Signed-By conflicts
EXPERT
jonthomascampbell
published a month ago