Questions tagged with AWS Systems Manager

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Error running a module on boto3

Note: New on AWS | Post_1 | Edit the question if necessary Started practicing building a Py-based app on AWS (region = 'ap-south-1') with a publicly available tutorial by AWS. While exploring the SDK, I made a client, a resource, and this (app.py) file. When I ran app.py to fetch and list the Dragon data hosted for the demo purpose, it bounced back with some errors. The parameter bucket could be making the error but could the region be making any problems as well? if the API call is right, then what could make this problem? Inserted both code and the error: ``` import boto3 s3 = boto3.resource('s3', 'us-east-1').meta.client ssm = boto3.client('ssm', 'us-east-1') bucket_name = ssm.get_parameter(Name= 'dragon_data_bucket_name',WithDecryption=False)['Parameter']['value'] #Systems Manager file_name = ssm.get_parameter(Name= 'dragon_data_file_name',WithDecryption=False)['Parameter']['value'] #Systems Manager def listDragons(): expression = "select * from s3object s" #SQL result = s3.select_object_content( Bucket= bucket_name, key= file_name, ExpressiopnType= 'SQL', Expression=expression, InputSerialization= {'JSON': {'Type':'Document'}}, #document type OutpuSerialization= {'JSON': {}} ) for event in result ['Payload']: #Looping the events if 'Records' in event: print(event['Records']['Payload'].decode('utf-8')) listDragons() ``` Error: ``` Traceback (most recent call last): File "app.py", line 7, in <module> bucket_name= ssm.get_parameter(Name= 'dragon_data_bucket_name',WithDecryption='False')['Parmaeter']['value'] #Systems Manager File "/home/ec2-user/.local/lib/python3.7/site-packages/botocore/client.py", line 514, in _api_call return self._make_api_call(operation_name, kwargs) File "/home/ec2-user/.local/lib/python3.7/site-packages/botocore/client.py", line 902, in _make_api_call api_params, operation_model, context=request_context File "/home/ec2-user/.local/lib/python3.7/site-packages/botocore/client.py", line 963, in _convert_to_request_dict api_params, operation_model File "/home/ec2-user/.local/lib/python3.7/site-packages/botocore/validate.py", line 381, in serialize_to_request raise ParamValidationError(report=report.generate_report()) botocore.exceptions.ParamValidationError: Parameter validation failed: Invalid type for parameter WithDecryption, value: False, type: <class 'str'>, valid types: <class 'bool'> ```
2
answers
0
votes
47
views
AB_AWS
asked a month ago

Still getting Intermittent ConnectTimeoutError when accessing SSM in Docker

A few months ago, I posted about a timeout error I'm getting from the SSM service. I'm still seeing the problem. Here's [the original thread](https://repost.aws/questions/QUpGBax4uuR82ubxwKjIZz8g/intermittent-connect-timeout-error-accessing-ssm). It's intermittent, but frustratingly common (often every 30–120 min) during development when my Flask server is restarting all the time and thus hitting the SSM endpoint as often as I press Save (so maybe bursts of 5–20 hits a minute). But this is FAR below the endpoint's limit, and I'm getting a timeout error and not a throttling error. To my knowledge, I haven't seen the error when the container is running on ECS, it's only an issue in local development. But ~5 people on my team are seeing the same behvaior when using **different ISPs in multiple countries.** The SSM host is reachable from outside the container, but once the issue appears, the container will be unable to access this host (and JUST this host) for 5–10 minutes. Connections to other URLs work fine. Restarting the container doesn't help. Using VPN to change my IP doesn't help. I'm at my wit's end, and it's really impeding local development at this point. I'm at a loss for how the problem is *only* affecting SSM, it really seems like it must be something to do with either Docker or AWS. I've looked, and I see the `GetParametersByPath` events in CloudTrail when things are working normally, but nothing when the connection is failing. I really need a solution to this. Can anyone suggest other things to try? **UPDATE 2022-11-04:** I have noticed a similar issue with Cognito. One of the first things my app does upon launching and receiving a new request is to try to connect to Cognito to fetch the JWKS in order to verify the JWT. From outside the container, this succeeds in about a second: ``` $ curl https://cognito-idp.us-east-2.amazonaws.com/us-east-2_xxxxxxxx/.well-known/jwks.json {"keys":[{"alg":"RS256","e":"AQAB","kid":" […] ``` But when I open a shell into the container that's stuck waiting for Cognito, Python can't reach the host: ``` >>> import requests >>> requests.get("https://apple.com") # Returns instantly <Response [200]> >>> requests.get("https://cognito-idp.ap-southeast-1.amazonaws.com/ap-southeast-1_ie577myCv/.well-known/jwks.json") # Returns relatively quickly <Response [404]> >>> requests.get("https://cognito-idp.us-east-2.amazonaws.com/us-east-2_xxxxxxxx/.well-known/jwks.json") # Hangs for a long time ``` Eventually, the host comes back. But WHY is it reachable with no problems from outside the container?? I'm caching the JWKS, so I only need to send the request once at the time of first request. But that's enough to bring my app to a standstill…
1
answers
0
votes
14
views
nk9
asked a month ago
1
answers
0
votes
24
views
asked a month ago

Why are my EC2 instances not reporting their compliance status to SSM Patch Manager?

In SSM Patch Manager, under Compliance Reporting, our Amazon Linux 2 EC2 instances appear but in the 'Compliance status' column say 'Never reported'. The instances appear in Fleet Manager with 'SSM Agent ping status' of 'Online', and I can connect to the instances remotely using SSM `start-session`. I've checked all the troubleshooting steps in the docs at [Troubleshooting SSM Agent](https://docs.aws.amazon.com/systems-manager/latest/userguide/troubleshooting-ssm-agent.html), [this article about SSM logs](https://aws.amazon.com/premiumsupport/knowledge-center/ssm-agent-logs/) and [Troubleshooting Patch Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-troubleshooting.html#patch-manager-troubleshooting-contact-support), and everything appears to be set up properly (the instance role has the right permissions, the named servers are reachable, and the instances can reach public S3 buckets via the internet, we're not using a VPC endpoint). I've also tried restarting the SSM Agent. In the SSM Agent logs on the instance, I'm seeing: ``` 2022-10-25 00:36:48 INFO [ssm-agent-worker] [StartupProcessor] Write to serial port: Amazon SSM Agent v3.1.1732.0 is running ... 2022-10-25 01:15:00 INFO [ssm-agent-worker] [HealthCheck] HealthCheck reporting agent health. 2022-10-25 01:16:48 INFO [ssm-agent-worker] [MessageService] [MessageHandler] started idempotency deletion thread 2022-10-25 01:16:48 WARN [ssm-agent-worker] [MessageService] [MessageHandler] [Idempotency] encountered error open /var/lib/amazon/ssm/i-XXXXXXXXXXXXXXXXX/idempotency: no such file or directory while listing directories in /var/lib/amazon/ssm/i-XXXXXXXXXXXXXXXXX/idempotency 2022-10-25 01:16:48 INFO [ssm-agent-worker] [MessageService] [MessageHandler] ended idempotency deletion thread 2022-10-25 01:16:50 INFO [ssm-agent-worker] [MessageService] [MGSInteractor] send failed reply thread started 2022-10-25 01:16:50 INFO [ssm-agent-worker] [MessageService] [MGSInteractor] send failed reply thread done 2022-10-25 01:17:05 INFO [ssm-agent-worker] [MessageService] [Association] Schedule manager refreshed with 0 associations, 0 new associations associated 2022-10-25 01:20:00 INFO [ssm-agent-worker] [HealthCheck] HealthCheck reporting agent health. ``` Any clues why the instances aren't reporting their compliance status to Patch Manager? What additional steps can I use to troubleshoot this?
0
answers
0
votes
32
views
asked a month ago

Can I see EC2 Instance Monitoring Metrics in Cloudwatch by adding values in Parameter Store?

By adding a specific value in Parameter Store in AWS System Manager Is there any way to add the below EC2 basic monitoring metrics? **CPUUtilzation, StatusCheckFailed, StatusCheckFailed_Instance, StatusCheckFailed_System NetworkIn, NetworkOut, NetworkPacketsIn, NetworkPacketsOut EBSReadBytes, EBSReadOps, EBSWriteBytes, EBSWriteOps** ``` { "agent": { "metrics_collection_interval": 60, "region": "ap-northeast-2", "run_as_user": "root" }, "logs": { "logs_collected": { "files": { "collect_list": [ { "file_path": "/var/log/syslog", "log_group_name": "DevSystemLogs", "log_stream_name": "syslog" }, { "file_path": "/var/log/auth.log", "log_group_name": "DevSystemLogs", "log_stream_name": "authlog" }, { "file_path": "/var/log/cmdlog.log", "log_group_name": "DevSystemLogs", "log_stream_name": "cmdlog" } ] } } }, "metrics": { "namespace": "Dev/custom", "append_dimensions": { "ImageID": "${aws:ImageId}", "InstanceId": "${aws:InstanceId}", "InstanceType": "${aws:InstanceType}", "AutoScalingGroupName": "${aws:AutoScalingGroupName}" }, "metrics_collected": { "cpu": { "resources": [ "*" ], "measurement": [ ], "totalcpu": true, "metrics_collection_interval": 10, "append_dimensions": { "osw_test5": "osw_test5" } }, "disk": { "measurement": [ "used_percent" ], "metrics_collection_interval": 60, "resources": [ "*" ] }, "mem": { "measurement": [ "mem_used_percent" ], "metrics_collection_interval": 60 } } } } ``` I would like to see the above metrics when I clicked all metrics in Cloudwatch and clicked Custom Namespace
1
answers
0
votes
34
views
asked a month ago