By using AWS re:Post, you agree to the AWS re:Post Terms of Use

Maintenance Window Target Count Discrepency

0

I have created a resource group containing 5 EC2 instances. Each of these instances have the same OS / IAM Role and SSM agent version. All online 24/7 and appear in Fleet Manager. When I create a new Maintenance Window Target and select this resource group. It only shows two targets - (that's if I specify EC2 Instance as the resource type. If I leave that blank it shows just one target.) if I select them manually, then it recognizes them all. What could be causing Maintenance Windows to not recognize the targets in the resource group? I've searched but been unable to find any reference to this issue.

I completed a previous patch run on these instances using the same method about 6 months ago and there was no problem.

  • I've just discovered if I select the targets manually when registering the targets, it shows the correct figure, as mentioned. However, wen I link the task to that target ID, the task only shows one target... Manually selecting the targets in the Task does work, so I guess I can use that for now...

asked 11 days ago23 views
2 Answers
0

There are a few potential reasons why your Maintenance Window is not recognizing all the targets in your resource group:

  1. Resource Group Configuration: Ensure that your resource group is correctly configured and includes all five EC2 instances. Sometimes, resource group definitions can change over time, so it's worth double-checking that all intended instances are still part of the group.

  2. Instance State: While you mentioned all instances are online 24/7, verify that all instances in the resource group are in a running state and not in any transitional state at the time of creating the Maintenance Window Target.

  3. IAM Permissions: Check that the IAM role associated with the Maintenance Window has the necessary permissions to access and manage all instances in the resource group. Insufficient permissions could lead to some instances not being recognized.

  4. Tags and Filters: If your resource group uses tags or other filters to define its members, ensure these tags or filters are still correctly applied to all instances.

  5. Systems Manager Registration: Confirm that all instances are properly registered with Systems Manager. You can check this in the Fleet Manager as you mentioned, but also verify in the Systems Manager console under "Managed Instances."

  6. Maintenance Window Configuration: When creating the Maintenance Window Target, pay attention to the "Resource type" field. If you select "EC2 instance" as the resource type, it might filter out instances that don't match certain criteria. Leaving this field blank should theoretically include all resource types in the group.

  7. AWS Region: Ensure that all instances in the resource group are in the same AWS region as the Maintenance Window you're creating.

  8. Recent Changes: Since you mentioned this worked 6 months ago, consider any changes made to your AWS environment since then, such as updates to security groups, network configurations, or Systems Manager settings.

If after checking these potential issues you're still experiencing the problem, it may be worth contacting AWS Support for further investigation, as this behavior is not typical and could indicate a more specific issue with your account or setup.
Sources
AWS Systems Manager Maintenance Windows - AWS Systems Manager
RegisterTargetWithMaintenanceWindow - AWS Systems Manager
UpdateMaintenanceWindowTarget - AWS Systems Manager

profile picture
answered 11 days ago
  • I can confirm none of these are the problem. System manager sees them all fine and confirms that each instance is identical in all but name. It just doesn't like recognize them when part of a resource group. It might be useful if there was visibility of exactly which targets the Maintenance Window did recognize, then maybe I could troubleshoot it effectively

0

To fully investigate this issue and provide a resolution, we require account and resource details that are non-public information . Please kindly open a support case with AWS using the following link

AWS
SUPPORT ENGINEER
answered 6 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions