Questions tagged with AWS Systems Manager

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Error loading patching payloadfailed to run commands: exit status 156

I'm trying to automate Patching on Ubuntu EC2 instances with Patch Manager and I'm getting this error while trying to execute the command document "AWS-RunPatchBaseline": Error loading patching payloadfailed to run commands: exit status 156 Error log: ``` /usr/bin/python3 /usr/bin/python /usr/bin/apt-get Reading package lists... Building dependency tree... Reading state information... python3-apt is already the newest version (2.3.0ubuntu2.1). 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. Using python binary: 'python' Using Python Version: Python 3.10.4 /usr/bin/curl /usr/bin/wget 08/02/2022 04:25:05 root [INFO]: Downloading payload from https://s3.dualstack.ap-southeast-2.amazonaws.com/aws-ssm-ap-southeast-2/patchbaselineoperations/linux/payloads/patch-baseline-operations-1.90.tar.gz 08/02/2022 04:25:06 root [INFO]: Attempting to import entrance file os_selector 08/02/2022 04:25:06 root [ERROR]: Error loading entrance module. Traceback (most recent call last): File "/var/log/amazon/ssm/patch-baseline-operations/common_startup_entrance.py", line 164, in execute entrance_module = __import__(module_name) File "/var/log/amazon/ssm/patch-baseline-operations/os_selector.py", line 11, in <module> import common_os_selector_methods File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 11, in <module> from patch_common.baseline_override import load_baseline_override File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/baseline_override.py", line 6, in <module> from patch_common.downloader import download_file, load_json_file, is_access_denied File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/downloader.py", line 1, in <module> import boto3 File "/var/log/amazon/ssm/patch-baseline-operations/boto3/__init__.py", line 16, in <module> from boto3.session import Session File "/var/log/amazon/ssm/patch-baseline-operations/boto3/session.py", line 17, in <module> import botocore.session File "/var/log/amazon/ssm/patch-baseline-operations/botocore/session.py", line 29, in <module> import botocore.configloader File "/var/log/amazon/ssm/patch-baseline-operations/botocore/configloader.py", line 19, in <module> from botocore.compat import six File "/var/log/amazon/ssm/patch-baseline-operations/botocore/compat.py", line 25, in <module> from botocore.exceptions import MD5UnavailableError File "/var/log/amazon/ssm/patch-baseline-operations/botocore/exceptions.py", line 15, in <module> from botocore.vendored import requests File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/__init__.py", line 58, in <module> from . import utils File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/utils.py", line 26, in <module> from .compat import parse_http_list as _parse_list_header File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/compat.py", line 7, in <module> from .packages import chardet File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/__init__.py", line 3, in <module> from . import urllib3 File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/__init__.py", line 10, in <module> from .connectionpool import ( File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 38, in <module> from .response import HTTPResponse File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/response.py", line 9, in <module> from ._collections import HTTPHeaderDict File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/_collections.py", line 1, in <module> from collections import Mapping, MutableMapping ImportError: cannot import name 'Mapping' from 'collections' (/usr/lib/python3.10/collections/__init__.py) 08/02/2022 04:25:06 root [ERROR]: cannot import name 'Mapping' from 'collections' (/usr/lib/python3.10/collections/__init__.py) Traceback (most recent call last): File "/var/log/amazon/ssm/patch-baseline-operations/common_startup_entrance.py", line 164, in execute entrance_module = __import__(module_name) File "/var/log/amazon/ssm/patch-baseline-operations/os_selector.py", line 11, in <module> import common_os_selector_methods File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 11, in <module> from patch_common.baseline_override import load_baseline_override File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/baseline_override.py", line 6, in <module> from patch_common.downloader import download_file, load_json_file, is_access_denied File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/downloader.py", line 1, in <module> import boto3 File "/var/log/amazon/ssm/patch-baseline-operations/boto3/__init__.py", line 16, in <module> from boto3.session import Session File "/var/log/amazon/ssm/patch-baseline-operations/boto3/session.py", line 17, in <module> import botocore.session File "/var/log/amazon/ssm/patch-baseline-operations/botocore/session.py", line 29, in <module> import botocore.configloader File "/var/log/amazon/ssm/patch-baseline-operations/botocore/configloader.py", line 19, in <module> from botocore.compat import six File "/var/log/amazon/ssm/patch-baseline-operations/botocore/compat.py", line 25, in <module> from botocore.exceptions import MD5UnavailableError File "/var/log/amazon/ssm/patch-baseline-operations/botocore/exceptions.py", line 15, in <module> from botocore.vendored import requests File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/__init__.py", line 58, in <module> from . import utils File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/utils.py", line 26, in <module> from .compat import parse_http_list as _parse_list_header File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/compat.py", line 7, in <module> from .packages import chardet File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/__init__.py", line 3, in <module> from . import urllib3 File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/__init__.py", line 10, in <module> from .connectionpool import ( File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 38, in <module> from .response import HTTPResponse File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/response.py", line 9, in <module> from ._collections import HTTPHeaderDict File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/_collections.py", line 1, in <module> from collections import Mapping, MutableMapping ImportError: cannot import name 'Mapping' from 'collections' (/usr/lib/python3.10/collections/__init__.py) ``` Could someone help me with this one? Instance Details: PRETTY_NAME="Ubuntu 22.04.1 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.1 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy
1
answers
1
votes
125
views
asked 4 months ago

Utilizing values returned from SSM Document in a Parent/Child Document

I have a SSM Automation document which as one of its steps, calls another automation document which return two values. I can see the output from the call to the child document back in the parent document, but I can't seem to find a way to reference it. ``` Outputs ClientToken 38014768-65e1-4a3a-821d-9xxxxxxxxxx ExecutionId 38014768-65e1-4a3a-821d-97acxxxxxxxxxxx Output This is a message to pass into the updatefinding step, SUPPRESSED Status Success ``` If the output was in the parent document I would have used {{ParentDocumentStepName.outputvalue}}, but when I try that as {{ParentDocStepWhichCallsSubDocument.outputvalue}} it doesnt seem to resolve. Does anyone have any suggestions for things to try? Here is my parent document: ``` description: | ### Document Name - TestParent ## What does this document do? This is the parent for a test of Parent to child testing ## Input Parameters None ## Output Parameters None schemaVersion: '0.3' assumeRole: '' mainSteps: - name: Remediation action: 'aws:executeAutomation' isEnd: false inputs: DocumentName: TestChild RuntimeParameters: AutomationAssumeRole: 'arn:{{global:AWS_PARTITION}}:iam::{{global:ACCOUNT_ID}}:role/SO0111-ConfigureS3ServerAccessLogging' outputs: - Name: remediationOutputMessage Selector: $.Payload.RemediationResultStatus Type: String - Name: remediationOutputStatus Selector: $.Payload.RemediationResultMessage Type: String - name: UpdateFinding action: 'aws:executeScript' inputs: Runtime: python3.8 Handler: script_handler Script: |- def script_handler(events, context): print(events) return {'message': 'Hello'} InputPayload: message: '{{Remediation.remediationOutputMessage}}' description: Update finding isEnd: true ``` And here is my Child Document: ``` description: | ### Document Name - TestChild ## What does this document do? returns a json object fixed for testing ## Input Parameters * AutomationAssumeRole: (Required) The ARN of the role that allows Automation to perform the actions on your behalf. ## Output Parameters * Remediation Result Status * Remediation Result Status schemaVersion: '0.3' assumeRole: '{{ AutomationAssumeRole }}' outputs: - RemediateTargetBucket.RemediationResultStatus - RemediateTargetBucket.RemediationResultMessage parameters: AutomationAssumeRole: type: String description: (Required) The ARN of the role that allows Automation to perform the actions on your behalf. allowedPattern: '^arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/[\w+=,.@-]+' mainSteps: - name: RemediateTargetBucket action: 'aws:executeScript' description: | Returns a fixed json object ``` { 'message': 'This is a message to pass into the updatefinding step', 'resourceBucketName': 'bucket1', 'LoggingBucketName': 'bucket2', 'status': 'SUPPRESSED' } ``` timeoutSeconds: 60 isCritical: true isEnd: true inputs: Runtime: python3.8 Handler: lambda_handler Script: | import json def lambda_handler(event, context): return { 'message': 'This is a message to pass into the updatefinding step', 'resourceBucketName': 'bucket1', 'LoggingBucketName': 'bucket2', 'status': 'SUPPRESSED' } outputs: - Name: RemediationResultMessage Selector: $.Payload.message Type: String - Name: RemediationResultStatus Selector: $.Payload.status Type: String ```
1
answers
1
votes
60
views
asked 4 months ago

I cannot update a State Manager Association Created By Cfn?

This is the second time I have encountered strange behavior with Cfn and State Manager Associations. Previously, I have been able to create an Association using Cfn that ran an Automation and Rate Targeted multiple tag values. Cfn was able to build this, but it's not a thing you can do, which led to a strange debugging journey. It would create, but couldn't update, and only ever threw a "General Service Error". Today, I am creating an Association using this Cloudformation template code. **Installer** is an Automation created earlier in the stack, **SsmAssociationSchedule** refers to a parameter containing a cron expression: ``` yaml StateManagerAssociation: Type: AWS::SSM::Association Properties: ApplyOnlyAtCronInterval: true AutomationTargetParameterName: InstanceId ComplianceSeverity: HIGH Name: !Ref Installer MaxConcurrency: 12 MaxErrors: 33% ScheduleExpression: !Ref SsmAssociationSchedule SyncCompliance: AUTO Targets: - Key: ResourceGroup Values: - Ref: MyResourceGroup ``` The issue is specifically with the config `ApplyOnlyAtCronInterval: true`. I can create the above Association and will work as intended. If I start from scratch, I can set `ApplyOnlyAtCronInterval: false` and it will create and work as intended. However, if I take one of the above cited examples, and attempt to update the stack, flipping this boolean, either directly in the template or through a parameter, the update on the Association fails, and once again all I have to go on is my old friend "General Service Error". > Resource handler returned message: "Error occurred during operation 'UpdateAssociation'." (RequestToken: 7e9f12f1-1181-39af-a778-85db72413723, HandlerErrorCode: GeneralServiceException) I have tried creating an Association with false and switching to true, and vice versa. I have done with hardcoded booleans and with CF template parameters. I can, of course, go into the console and check or uncheck the `ApplyOnlyAtCronInterval` box without crashing the console. Curious if anyone can explain what's going on here, and/or suggest a work-around? **EDIT: I'm finding this to be more broadly behavior with SSM Associations. I can create them with Cfn, but any attempt to update them via the Stack fails with General Service Error. As such I have tried using UpdateReplacePolicy to force it to delete, but that param is not available on Associations. *** **EDIT2: This only happens with custom Automations. It is not an issue with AWS Managed Automations. I've put together a simple CF template that recreates the issue and opened a support case. I'll report here if they shed any light ***
1
answers
0
votes
75
views
asked 5 months ago