AWS-RunPatchBaseline failed to run commands: exit status 247

personally I found the culprit.
Exit status 247 can be a bit misleading and even more so when trying to analyze the log files, but in the end it seems to be caused by the lack of available memory space (RAM) to run the patch agent.

My situation: I'm using t3.nano instance to host a MariaDB database which consumes ~50% of its available memory (0.5GB).
That's not enough to run the SSM patch agent and stopping the DB service just before the script is run, clears this issue. To work around this lack of memory space, I simply created a cron script which stop my service when the SSM patch baseline document is executed and all is well now.

For Amazon Linux 2 Arch x86_64 (which is most likely your case), exit code 247 corresponds to SYS_WAITID during system call, an error code returned by the SSM Agent. We need more detailed log to determine what happened, but it is worth noting that instances of type t3.nano or t3.micro do have limited performance compared to the baseline instances.

Edited by: ziyelinaws on Mar 27, 2021 12:23 PM

Hey Tomasz,

This error message is from the ssm agent itself. In order to try to replicate it, we need a little more information. Can you help us out by providing an AMI ID or operating system that you're using?

Hello.

We are using ami-0a3ac333a3fe69a57 which is based on

[ec2-user@ip-172-31-8-156 ~]$ cat /etc/os-release
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
[ec2-user@ip-172-31-8-156 ~]$

Custom OS contains installed already a NoSQL database, cloudwatch agent etc.

Any solution for this?
We also encountering same error "failed to run commands: exit status 247"

AMI: ami-02354e95b39ca8dec
instance type: t3.nano
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"

To add some information to this issue, in my case I'm also running a standard AMAZON LINUX version 2 AMI

NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"

I have 3 different instances running the exact same standard Amazon Linux version 2 AMI, and experiencing the same exact issue on all 3 (see logs below)

2021-03-24 17:45:51 ERROR [ssm-document-worker] [] [DataBackend] [pluginName=aws:softwareInventory] [aws:softwareInventory] Failed to execute command : dpkg-query [-W -f={"Name":"<startd2d9122d>${Package}<end5fa1ab4a>","Publisher":"<startd2d9122d>${Maintainer}<end5fa1ab4a>","Version":"<startd2d9122d>${Version}<end5fa1ab4a>","ApplicationType":"<startd2d9122d>${Section}<end5fa1ab4a>","Architecture":"<startd2d9122d>${Architecture}<end5fa1ab4a>","Url":"<startd2d9122d>${Homepage}<end5fa1ab4a>","Summary":"<startd2d9122d>${Description}<end5fa1ab4a>","PackageId":"<startd2d9122d>${Package}${Version}${Architecture}.deb<end5fa1ab4a>"},] with error - exec: "dpkg-query": executable file not found in $PATH

It clearly indicates that the SSM document searches for a command (dpkg-query) that does not exist on this version of Linux.

Note that I'm also running AWS-RunPatchBaseline on a standard Ubuntu 18.04 base AMI with absolutely no issue. It runs 100% fine on it