AWS SSM Inventory collection list the packages installed by package managers (yum, apt, etc) or including agent packages ?

0

In AWS SSM Inventory, does it collect the data only for packages installed by package managers? (yum, apt, etc) or it includes the packages from any 3rd party agents like Ani-malware agents/End point agents ?? Another question is , lets say I am installing Python 3.x and other versions of Python 2.x/3.x might also be installed as dependency (Child) package as part of OS or Apache Tomcat. In this case, multiple python version installed (Both original & dependency) will be reported or only the original Python 3.x version would be collected ?

asked a month ago88 views
2 Answers
1

Hi Satheesh,

  1. In Linux instances (both RHEL & Debian based systems) the SSM Inventory plugin detects applications using some core package management systems mainly 'dpkg' &'rpm' – which means all applications that have been installed by the standard package management systems like yum, apt, dpkg, rpm etc – are detected by our plugin.

In short, SSM inventory uses the main package managers according to the OS flavours to report the packages in the inventory.

  • As mentioned above, All fedora based systems uses 'rpm' and all debian based systems uses 'dpkg' or 'snap' package management system.

To conclude, SSM agent will use rpm and dpkg based commands to gather the package data. if your package does not show up in the output of 'rpm' or 'dpkg' commands then it wont show up in SSM inventory as well.

[+] You can also refer to SSM Agent github repo to see the Linux code for Inventory data gathering : https://github.com/aws/amazon-ssm-agent/blob/18ab50687adf4f9f3a7f8946f68c1f3e0a97629f/agent/plugins/inventory/gatherers/application/dataProvider_unix.go#L37-L69

  1. Coming to your second query, Mainly, It depends whether SSM will report the multiple versions of python in the SSM inventory or not.

For example : i had installed python 2.7 and 3 on my linux machine. After that, i ran dpkg-query -W query and It showed me multiple versions of the python in the output. Which means, the same will reflect in the SSM inventory as well :

python-apt-common	2.4.0ubuntu3
python-babel-localedata	2.8.0+dfsg.1-7
python2.7	2.7.18-13ubuntu1.2
python2.7-minimal	2.7.18-13ubuntu1.2
python3	3.10.6-1~22.04
python3-apport	2.20.11-0ubuntu82.6
python3-apt	2.4.0ubuntu3
python3-attr	21.2.0-1
python3-automat	20.2.0-1
python3-babel	2.8.0+dfsg.1-7
  • If dpkg-query -W doesn't show multiple versions of the Python, then multiple versions will not be reported in the SSM Inventory as well.

Thanks & Regards

Rohit S.

AWS
Rohit_S
answered a month ago
1

Hi, Further to Rohit's answer if you want to inventory 'other' stuff not present in the package manager output it is possible to create a custom inventory file that can be read in to show this information. You would have to have some process create this file though in the right format/location for it to be used.

https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-custom.html

Cheers, Rich

AWS
answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions