Error: "Unable to gain necessary access for possible kernel updates" when running AWS-RunPatchBaseline document via Systems Manager

It may related to Kernel Headers or Tools missing, SSM agent permissions and agent version.

The Unable to gain necessary access for possible kernel updates, code: 1. seems to be just a warning and could be ignored. It should not cause any issue to the patching operation.

This issue has been discussed in the GitHub issues for the aws/amazon-ssm-agent repository:

• Unable to gain necessary access for possible kernel updates, code: 1. · Issue #185 · aws/amazon-ssm-agent

The behavior of the AWS-RunPatchBaseline document is similar to running "yum update-minimal --security --bugfix" (for RHEL / Amazon Linux). During the execution, one of the helper scripts attempts to set the SELinux context of another main script to that of the yum binary. If SELinux is disabled and there are no contexts set for yum, the chcon (command to change SELinux context) command will fail, resulting in the above warning message in the Run Command output.

Recommendation:

The warning message can be safely ignored, as it does not affect the patching operation itself. If you would like to investigate further, you could provide the complete output of the AWS-RunPatchBaseline document, which may help to troubleshoot the issue in more detail.