By using AWS re:Post, you agree to the Terms of Use

Questions tagged with AWS Systems Manager

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

Error loading patching payloadfailed to run commands: exit status 156

I'm trying to automate Patching on Ubuntu EC2 instances with Patch Manager and I'm getting this error while trying to execute the command document "AWS-RunPatchBaseline": Error loading patching payloadfailed to run commands: exit status 156 Error log: ``` /usr/bin/python3 /usr/bin/python /usr/bin/apt-get Reading package lists... Building dependency tree... Reading state information... python3-apt is already the newest version (2.3.0ubuntu2.1). 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. Using python binary: 'python' Using Python Version: Python 3.10.4 /usr/bin/curl /usr/bin/wget 08/02/2022 04:25:05 root [INFO]: Downloading payload from https://s3.dualstack.ap-southeast-2.amazonaws.com/aws-ssm-ap-southeast-2/patchbaselineoperations/linux/payloads/patch-baseline-operations-1.90.tar.gz 08/02/2022 04:25:06 root [INFO]: Attempting to import entrance file os_selector 08/02/2022 04:25:06 root [ERROR]: Error loading entrance module. Traceback (most recent call last): File "/var/log/amazon/ssm/patch-baseline-operations/common_startup_entrance.py", line 164, in execute entrance_module = __import__(module_name) File "/var/log/amazon/ssm/patch-baseline-operations/os_selector.py", line 11, in <module> import common_os_selector_methods File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 11, in <module> from patch_common.baseline_override import load_baseline_override File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/baseline_override.py", line 6, in <module> from patch_common.downloader import download_file, load_json_file, is_access_denied File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/downloader.py", line 1, in <module> import boto3 File "/var/log/amazon/ssm/patch-baseline-operations/boto3/__init__.py", line 16, in <module> from boto3.session import Session File "/var/log/amazon/ssm/patch-baseline-operations/boto3/session.py", line 17, in <module> import botocore.session File "/var/log/amazon/ssm/patch-baseline-operations/botocore/session.py", line 29, in <module> import botocore.configloader File "/var/log/amazon/ssm/patch-baseline-operations/botocore/configloader.py", line 19, in <module> from botocore.compat import six File "/var/log/amazon/ssm/patch-baseline-operations/botocore/compat.py", line 25, in <module> from botocore.exceptions import MD5UnavailableError File "/var/log/amazon/ssm/patch-baseline-operations/botocore/exceptions.py", line 15, in <module> from botocore.vendored import requests File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/__init__.py", line 58, in <module> from . import utils File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/utils.py", line 26, in <module> from .compat import parse_http_list as _parse_list_header File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/compat.py", line 7, in <module> from .packages import chardet File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/__init__.py", line 3, in <module> from . import urllib3 File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/__init__.py", line 10, in <module> from .connectionpool import ( File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 38, in <module> from .response import HTTPResponse File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/response.py", line 9, in <module> from ._collections import HTTPHeaderDict File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/_collections.py", line 1, in <module> from collections import Mapping, MutableMapping ImportError: cannot import name 'Mapping' from 'collections' (/usr/lib/python3.10/collections/__init__.py) 08/02/2022 04:25:06 root [ERROR]: cannot import name 'Mapping' from 'collections' (/usr/lib/python3.10/collections/__init__.py) Traceback (most recent call last): File "/var/log/amazon/ssm/patch-baseline-operations/common_startup_entrance.py", line 164, in execute entrance_module = __import__(module_name) File "/var/log/amazon/ssm/patch-baseline-operations/os_selector.py", line 11, in <module> import common_os_selector_methods File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 11, in <module> from patch_common.baseline_override import load_baseline_override File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/baseline_override.py", line 6, in <module> from patch_common.downloader import download_file, load_json_file, is_access_denied File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/downloader.py", line 1, in <module> import boto3 File "/var/log/amazon/ssm/patch-baseline-operations/boto3/__init__.py", line 16, in <module> from boto3.session import Session File "/var/log/amazon/ssm/patch-baseline-operations/boto3/session.py", line 17, in <module> import botocore.session File "/var/log/amazon/ssm/patch-baseline-operations/botocore/session.py", line 29, in <module> import botocore.configloader File "/var/log/amazon/ssm/patch-baseline-operations/botocore/configloader.py", line 19, in <module> from botocore.compat import six File "/var/log/amazon/ssm/patch-baseline-operations/botocore/compat.py", line 25, in <module> from botocore.exceptions import MD5UnavailableError File "/var/log/amazon/ssm/patch-baseline-operations/botocore/exceptions.py", line 15, in <module> from botocore.vendored import requests File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/__init__.py", line 58, in <module> from . import utils File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/utils.py", line 26, in <module> from .compat import parse_http_list as _parse_list_header File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/compat.py", line 7, in <module> from .packages import chardet File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/__init__.py", line 3, in <module> from . import urllib3 File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/__init__.py", line 10, in <module> from .connectionpool import ( File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 38, in <module> from .response import HTTPResponse File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/response.py", line 9, in <module> from ._collections import HTTPHeaderDict File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/_collections.py", line 1, in <module> from collections import Mapping, MutableMapping ImportError: cannot import name 'Mapping' from 'collections' (/usr/lib/python3.10/collections/__init__.py) ``` Could someone help me with this one? Instance Details: PRETTY_NAME="Ubuntu 22.04.1 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.1 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy
1
answers
1
votes
74
views
asked 2 months ago

Utilizing values returned from SSM Document in a Parent/Child Document

I have a SSM Automation document which as one of its steps, calls another automation document which return two values. I can see the output from the call to the child document back in the parent document, but I can't seem to find a way to reference it. ``` Outputs ClientToken 38014768-65e1-4a3a-821d-9xxxxxxxxxx ExecutionId 38014768-65e1-4a3a-821d-97acxxxxxxxxxxx Output This is a message to pass into the updatefinding step, SUPPRESSED Status Success ``` If the output was in the parent document I would have used {{ParentDocumentStepName.outputvalue}}, but when I try that as {{ParentDocStepWhichCallsSubDocument.outputvalue}} it doesnt seem to resolve. Does anyone have any suggestions for things to try? Here is my parent document: ``` description: | ### Document Name - TestParent ## What does this document do? This is the parent for a test of Parent to child testing ## Input Parameters None ## Output Parameters None schemaVersion: '0.3' assumeRole: '' mainSteps: - name: Remediation action: 'aws:executeAutomation' isEnd: false inputs: DocumentName: TestChild RuntimeParameters: AutomationAssumeRole: 'arn:{{global:AWS_PARTITION}}:iam::{{global:ACCOUNT_ID}}:role/SO0111-ConfigureS3ServerAccessLogging' outputs: - Name: remediationOutputMessage Selector: $.Payload.RemediationResultStatus Type: String - Name: remediationOutputStatus Selector: $.Payload.RemediationResultMessage Type: String - name: UpdateFinding action: 'aws:executeScript' inputs: Runtime: python3.8 Handler: script_handler Script: |- def script_handler(events, context): print(events) return {'message': 'Hello'} InputPayload: message: '{{Remediation.remediationOutputMessage}}' description: Update finding isEnd: true ``` And here is my Child Document: ``` description: | ### Document Name - TestChild ## What does this document do? returns a json object fixed for testing ## Input Parameters * AutomationAssumeRole: (Required) The ARN of the role that allows Automation to perform the actions on your behalf. ## Output Parameters * Remediation Result Status * Remediation Result Status schemaVersion: '0.3' assumeRole: '{{ AutomationAssumeRole }}' outputs: - RemediateTargetBucket.RemediationResultStatus - RemediateTargetBucket.RemediationResultMessage parameters: AutomationAssumeRole: type: String description: (Required) The ARN of the role that allows Automation to perform the actions on your behalf. allowedPattern: '^arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/[\w+=,.@-]+' mainSteps: - name: RemediateTargetBucket action: 'aws:executeScript' description: | Returns a fixed json object ``` { 'message': 'This is a message to pass into the updatefinding step', 'resourceBucketName': 'bucket1', 'LoggingBucketName': 'bucket2', 'status': 'SUPPRESSED' } ``` timeoutSeconds: 60 isCritical: true isEnd: true inputs: Runtime: python3.8 Handler: lambda_handler Script: | import json def lambda_handler(event, context): return { 'message': 'This is a message to pass into the updatefinding step', 'resourceBucketName': 'bucket1', 'LoggingBucketName': 'bucket2', 'status': 'SUPPRESSED' } outputs: - Name: RemediationResultMessage Selector: $.Payload.message Type: String - Name: RemediationResultStatus Selector: $.Payload.status Type: String ```
1
answers
0
votes
52
views
asked 2 months ago

I cannot update a State Manager Association Created By Cfn?

This is the second time I have encountered strange behavior with Cfn and State Manager Associations. Previously, I have been able to create an Association using Cfn that ran an Automation and Rate Targeted multiple tag values. Cfn was able to build this, but it's not a thing you can do, which led to a strange debugging journey. It would create, but couldn't update, and only ever threw a "General Service Error". Today, I am creating an Association using this Cloudformation template code. **Installer** is an Automation created earlier in the stack, **SsmAssociationSchedule** refers to a parameter containing a cron expression: ``` yaml StateManagerAssociation: Type: AWS::SSM::Association Properties: ApplyOnlyAtCronInterval: true AutomationTargetParameterName: InstanceId ComplianceSeverity: HIGH Name: !Ref Installer MaxConcurrency: 12 MaxErrors: 33% ScheduleExpression: !Ref SsmAssociationSchedule SyncCompliance: AUTO Targets: - Key: ResourceGroup Values: - Ref: MyResourceGroup ``` The issue is specifically with the config `ApplyOnlyAtCronInterval: true`. I can create the above Association and will work as intended. If I start from scratch, I can set `ApplyOnlyAtCronInterval: false` and it will create and work as intended. However, if I take one of the above cited examples, and attempt to update the stack, flipping this boolean, either directly in the template or through a parameter, the update on the Association fails, and once again all I have to go on is my old friend "General Service Error". > Resource handler returned message: "Error occurred during operation 'UpdateAssociation'." (RequestToken: 7e9f12f1-1181-39af-a778-85db72413723, HandlerErrorCode: GeneralServiceException) I have tried creating an Association with false and switching to true, and vice versa. I have done with hardcoded booleans and with CF template parameters. I can, of course, go into the console and check or uncheck the `ApplyOnlyAtCronInterval` box without crashing the console. Curious if anyone can explain what's going on here, and/or suggest a work-around? **EDIT: I'm finding this to be more broadly behavior with SSM Associations. I can create them with Cfn, but any attempt to update them via the Stack fails with General Service Error. As such I have tried using UpdateReplacePolicy to force it to delete, but that param is not available on Associations. *** **EDIT2: This only happens with custom Automations. It is not an issue with AWS Managed Automations. I've put together a simple CF template that recreates the issue and opened a support case. I'll report here if they shed any light ***
1
answers
0
votes
43
views
asked 2 months ago