AWS-runpatchbaseline on my Ec2-instances failed


I am trying to run AWS-runpatchbaseline on my Ec2-instances and i am doing scan & install on my ec2-instances for the latest instances. But it is getting failed saying that root [WARNING]: Unable to gain necessary access for possible kernel updates, code: 1.

asked a year ago654 views
2 Answers

It looks like the AWS-runpatchbaseline is running into permission issues while trying to apply the kernel updates. This can occur due to a couple of reasons. Here's how to troubleshoot it:

  • Insufficient Permissions: Your EC2 instance needs to have the necessary permissions to make changes, including updating the kernel. You can ensure this by assigning an IAM role with the necessary permissions to your EC2 instance. The IAM role should have at least AmazonEC2RoleforSSM policy attached.

  • Kernel Updates: If you are attempting to install kernel updates, the process might fail if the EC2 instance does not have the required access. The error message suggests that the process was unable to access certain resources needed for the kernel update. You might need to login to the instance as root user to apply these updates.

Try to SSH into the instance as root (if your setup allows it), and manually run the updates to see if there's an issue with the kernel update process.

It would look something like this:

sudo su
yum update kernel

Remember, directly logging in as root is generally discouraged due to security reasons. If you cannot login as root, try running the updates using sudo.

If you are still encountering the problem, the issue might be more specific to your instance configuration. I would suggest looking into the logs for more details about the failure. You can find the logs in the /var/log/amazon/ssm/amazon-ssm-agent.log file on your EC2 instance. These logs should provide more insight into what might be going wrong.

profile picture
answered a year ago
  • Tried updating kernel and also gave AmazonEC2RoleforSSM policy still not able to perform successful patching activity


Hope you configured instance profile with SSMManagedInstanceCore permission.

answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions