Questions tagged with AWS Systems Manager

Content language: English

Sort by most recent

Browse through the questions and answers listed below or filter and sort to narrow down your results.

connect to mysqlRDS instance from local workstation

Hi team, I'm trying to connect to my RDS MySQL aurora instance via DBeaver from my local machine via SSM following this article : https://aws.amazon.com/blogs/database/securely-connect-to-an-amazon-rds-or-amazon-ec2-database-instance-remotely-with-your-preferred-gui/?fbclid=IwAR0AYyKOfbWGixDBgyZlsJ8ikAnOgbcHPlB4XcGrov0vh63JkAQGcNslLHc when I run the command `aws ssm start-session --target ...` I have this message : ``` Starting session with SessionId: user.user@dom0d4ede5d4d251sd37c Port 3306 opened for sessionId user.user@dom-0w4cde734x221e91c. Waiting for connections... ``` in DBeaver I put the cluster endpoint, the port number, the username and the password I have this message from DBeaver : ``` The last packet sent successfully to the server was 0 milliseconds ago. The driver has not received any packets from the server. connect timed out ``` I'm not sure if it's due to ssm endpoint, I tried to create SSM endpoint following this article : https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-create-vpc.html ``` To create VPC endpoints for Systems Manager In the first step of this procedure, you create three required and one optional interface endpoints for Systems Manager. Follow the steps in Create an interface endpoint to create the following interface endpoints: 1 - com.amazonaws.region.ssm – The endpoint for the Systems Manager service. 2 - com.amazonaws.region.ec2messages – Systems Manager uses this endpoint to make calls from SSM Agent to the Systems Manager service. 3 - com.amazonaws.region.ec2 – ``` the endpoint failed to create : ``` status = Failed Status message = private-dns-enabled cannot be set because there is already a conflicting DNS domain for ec2messages.region.amazonaws.com in the VPC vpc-wee1287dvhdvvsj Status message = private-dns-enabled cannot be set because there is already a conflicting DNS domain for ssm.region.amazonaws.com in the VPC vpc-wee1287dvhdvvsj ``` >only this endpoint : com.amazonaws.ca-central-1.ec2 was created successfully I'm not sure if the timeout I get is due to the SSM endpoints. any idea would help, thank you!
2
answers
0
votes
59
views
Jess
asked 3 months ago

CloudWatch Unified Agent custom namespace not showing up on CloudWatch Metrics

We have previously succeeded in running CWUA on our Auto Scaling Group Ubuntu EC2 servers with custom configuration from SSM Parameter store. The parameter value looks like ``` { "agent": { "metrics_collection_interval": 60, "run_as_user": "root" }, "metrics": { "namespace": "cdk-sample-asg-ASG1-asg-exp", "append_dimensions": { "AutoScalingGroupName": "${aws:AutoScalingGroupName}", "InstanceId": "${aws:InstanceId}", "InstanceType": "${aws:InstanceType}" }, "aggregation_dimensions": [ [ "AutoScalingGroupName" ] ], "metrics_collected": { "mem": { "measurement": [ { "name": "mem_used_percent", "unit": "Percent" } ], "metrics_collection_interval": 60 } } } } ``` and the user data script in the launch template to pick it up looks like ``` wget https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/arm64/latest/amazon-cloudwatch-agent.deb -O /tmp/amazon-cloudwatch-agent.deb dpkg -i /tmp/amazon-cloudwatch-agent.deb /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -s -c ssm:AmazonCloudWatch-cdk-sample-asg-ASG1-asg-exp ``` All these configuration and deployment were achieved with CDK. Now we're generalising into more reusable constructs with the same setup, but the test deployment for some reason does not show the custom ASG namespace in CloudWatch Metrics. Initially I thought it might be because Detailed monitoring wasn't enabled but changing that did not improve the situation. What other obstacles can prevent the custom namespace from showing up? The system log shows CWUA successfully installed and configured. ``` [ 54.811101] cloud-init[1274]: 2022-08-12 09:59:17 (6.15 MB/s) - ‘/tmp/amazon-cloudwatch-agent.deb’ saved [57412840/57412840] [ 54.836742] cloud-init[1274]: Selecting previously unselected package amazon-cloudwatch-agent. [ 54.864478] cloud-init[1274]: (Reading database ... 65339 files and directories currently installed.) [ 54.867059] cloud-init[1274]: Preparing to unpack .../amazon-cloudwatch-agent.deb ... [ 54.896405] cloud-init[1274]: create group cwagent, result: 0 [ 54.922558] cloud-init[1274]: create user cwagent, result: 0 [ 54.940742] cloud-init[1274]: create group aoc, result: 0 [ 54.960169] cloud-init[1274]: create user aoc, result: 0 [ 54.961249] cloud-init[1274]: Unpacking amazon-cloudwatch-agent (1.247354.0b251981-1) ... [ 56.464911] cloud-init[1274]: Setting up amazon-cloudwatch-agent (1.247354.0b251981-1) ... [ 56.534388] cloud-init[1274]: ****** processing amazon-cloudwatch-agent ****** [ 56.534654] cloud-init[1274]: /opt/aws/amazon-cloudwatch-agent/bin/config-downloader --output-dir /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d --download-source ssm:AmazonCloudWatch-cdk-sample-asg-ASG1-asg-exp --mode ec2 --config /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml --multi-config default [ 56.540078] cloud-init[1274]: I! Trying to detect region from ec2 [ 56.540893] cloud-init[1274]: D! [EC2] Found active network interface [ 56.544437] cloud-init[1274]: Region: ap-southeast-1 [ 56.544580] cloud-init[1274]: credsConfig: map[] [ 56.605107] cloud-init[1274]: Successfully fetched the config and saved in /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/ssm_AmazonCloudWatch-cdk-sample-asg-ASG1-asg-exp.tmp [ 56.608867] cloud-init[1274]: Start configuration validation... [ 56.609027] cloud-init[1274]: /opt/aws/amazon-cloudwatch-agent/bin/config-translator --input /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json --input-dir /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d --output /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml --mode ec2 --config /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml --multi-config default [ 56.618549] cloud-init[1274]: 2022/08/12 09:59:19 Reading json config file path: /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/ssm_AmazonCloudWatch-cdk-sample-asg-ASG1-asg-exp.tmp ... [ 56.621567] cloud-init[1274]: 2022/08/12 09:59:19 I! Valid Json input schema. [ 56.622296] cloud-init[1274]: I! Detecting run_as_user... [ 56.622471] cloud-init[1274]: I! Trying to detect region from ec2 [ 56.622597] cloud-init[1274]: D! [EC2] Found active network interface [ 56.626058] cloud-init[1274]: No csm configuration found. [ 56.626169] cloud-init[1274]: No log configuration found. [ 56.626318] cloud-init[1274]: Configuration validation first phase succeeded [ 56.628994] cloud-init[1274]: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent -schematest -config /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml [ 56.681402] cloud-init[1274]: Configuration validation second phase succeeded [ 56.681576] cloud-init[1274]: Configuration validation succeeded [ 56.695308] cloud-init[1274]: amazon-cloudwatch-agent has already been stopped [ 56.950624] cloud-init[1274]: Created symlink /etc/systemd/system/multi-user.target.wants/amazon-cloudwatch-agent.service → /etc/systemd/system/amazon-cloudwatch-agent.service. [ OK ] Started Amazon CloudWatch Agent. ``` UPDATE Comparing to the instances that have worked, I notice some extra actions missing in the older version (circa April 2022). ``` [ 30.714094] cloud-init[851]: 2022-04-27 17:02:49 (4.98 MB/s) - ‘/tmp/amazon-cloudwatch-agent.deb’ saved [54613346/54613346] [ 32.203984] cloud-init[851]: (Reading database ... 110768 files and directories currently installed.) [ 32.208150] cloud-init[851]: Preparing to unpack .../amazon-cloudwatch-agent.deb ... [ 32.256865] cloud-init[851]: ****** processing cwagent-otel-collector ****** [ 32.261143] cloud-init[851]: cwagent-otel-collector has already been stopped [ 32.600172] cloud-init[851]: ****** processing amazon-cloudwatch-agent ****** Stopping Amazon CloudWatch Agent... [ OK ] Stopped Amazon CloudWatch Agent. [ 33.518263] cloud-init[851]: Unpacking amazon-cloudwatch-agent (1.247350.0b251780-1) over (1.247350.0b251780-1) ... [ 35.821820] cloud-init[851]: Setting up amazon-cloudwatch-agent (1.247350.0b251780-1) ... [ 35.892578] cloud-init[851]: ****** processing amazon-cloudwatch-agent ****** [ 35.893649] cloud-init[851]: /opt/aws/amazon-cloudwatch-agent/bin/config-downloader --output-dir /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d --download-source ssm:AmazonCloudWatch-Original-app-asg-dev --mode ec2 --config /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml --multi-config default [ 35.902414] cloud-init[851]: Region: ap-southeast-1 [ 35.903189] cloud-init[851]: credsConfig: map[] [ 36.010690] cloud-init[851]: Successfully fetched the config and saved in /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/ssm_AmazonCloudWatch-Original-app-asg-dev.tmp [ 36.015002] cloud-init[851]: Start configuration validation... [ 36.016156] cloud-init[851]: /opt/aws/amazon-cloudwatch-agent/bin/config-translator --input /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.json --input-dir /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d --output /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml --mode ec2 --config /opt/aws/amazon-cloudwatch-agent/etc/common-config.toml --multi-config default [ 36.022624] cloud-init[851]: 2022/04/27 17:02:54 Reading json config file path: /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/ssm_AmazonCloudWatch-Original-app-asg-dev.tmp ... [ 36.025894] cloud-init[851]: Valid Json input schema. [ 36.027002] cloud-init[851]: I! Detecting run_as_user... [ 36.030131] cloud-init[851]: No csm configuration found. [ 36.031144] cloud-init[851]: No log configuration found. [ 36.032190] cloud-init[851]: Configuration validation first phase succeeded [ 36.033524] cloud-init[851]: /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent -schematest -config /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.toml [ 36.065638] cloud-init[851]: Configuration validation second phase succeeded [ 36.066681] cloud-init[851]: Configuration validation succeeded [ 36.076898] cloud-init[851]: amazon-cloudwatch-agent has already been stopped [ OK ] Started Amazon CloudWatch Agent. ``` There are no additional users and groups created, and no final symlink created between the service files. However I am not experienced enough with Linux to properly grasp the significance of these differences and how they might cause report failure.
1
answers
0
votes
65
views
icelava
asked 3 months ago

Error loading patching payloadfailed to run commands: exit status 156

I'm trying to automate Patching on Ubuntu EC2 instances with Patch Manager and I'm getting this error while trying to execute the command document "AWS-RunPatchBaseline": Error loading patching payloadfailed to run commands: exit status 156 Error log: ``` /usr/bin/python3 /usr/bin/python /usr/bin/apt-get Reading package lists... Building dependency tree... Reading state information... python3-apt is already the newest version (2.3.0ubuntu2.1). 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded. Using python binary: 'python' Using Python Version: Python 3.10.4 /usr/bin/curl /usr/bin/wget 08/02/2022 04:25:05 root [INFO]: Downloading payload from https://s3.dualstack.ap-southeast-2.amazonaws.com/aws-ssm-ap-southeast-2/patchbaselineoperations/linux/payloads/patch-baseline-operations-1.90.tar.gz 08/02/2022 04:25:06 root [INFO]: Attempting to import entrance file os_selector 08/02/2022 04:25:06 root [ERROR]: Error loading entrance module. Traceback (most recent call last): File "/var/log/amazon/ssm/patch-baseline-operations/common_startup_entrance.py", line 164, in execute entrance_module = __import__(module_name) File "/var/log/amazon/ssm/patch-baseline-operations/os_selector.py", line 11, in <module> import common_os_selector_methods File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 11, in <module> from patch_common.baseline_override import load_baseline_override File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/baseline_override.py", line 6, in <module> from patch_common.downloader import download_file, load_json_file, is_access_denied File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/downloader.py", line 1, in <module> import boto3 File "/var/log/amazon/ssm/patch-baseline-operations/boto3/__init__.py", line 16, in <module> from boto3.session import Session File "/var/log/amazon/ssm/patch-baseline-operations/boto3/session.py", line 17, in <module> import botocore.session File "/var/log/amazon/ssm/patch-baseline-operations/botocore/session.py", line 29, in <module> import botocore.configloader File "/var/log/amazon/ssm/patch-baseline-operations/botocore/configloader.py", line 19, in <module> from botocore.compat import six File "/var/log/amazon/ssm/patch-baseline-operations/botocore/compat.py", line 25, in <module> from botocore.exceptions import MD5UnavailableError File "/var/log/amazon/ssm/patch-baseline-operations/botocore/exceptions.py", line 15, in <module> from botocore.vendored import requests File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/__init__.py", line 58, in <module> from . import utils File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/utils.py", line 26, in <module> from .compat import parse_http_list as _parse_list_header File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/compat.py", line 7, in <module> from .packages import chardet File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/__init__.py", line 3, in <module> from . import urllib3 File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/__init__.py", line 10, in <module> from .connectionpool import ( File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 38, in <module> from .response import HTTPResponse File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/response.py", line 9, in <module> from ._collections import HTTPHeaderDict File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/_collections.py", line 1, in <module> from collections import Mapping, MutableMapping ImportError: cannot import name 'Mapping' from 'collections' (/usr/lib/python3.10/collections/__init__.py) 08/02/2022 04:25:06 root [ERROR]: cannot import name 'Mapping' from 'collections' (/usr/lib/python3.10/collections/__init__.py) Traceback (most recent call last): File "/var/log/amazon/ssm/patch-baseline-operations/common_startup_entrance.py", line 164, in execute entrance_module = __import__(module_name) File "/var/log/amazon/ssm/patch-baseline-operations/os_selector.py", line 11, in <module> import common_os_selector_methods File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 11, in <module> from patch_common.baseline_override import load_baseline_override File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/baseline_override.py", line 6, in <module> from patch_common.downloader import download_file, load_json_file, is_access_denied File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/downloader.py", line 1, in <module> import boto3 File "/var/log/amazon/ssm/patch-baseline-operations/boto3/__init__.py", line 16, in <module> from boto3.session import Session File "/var/log/amazon/ssm/patch-baseline-operations/boto3/session.py", line 17, in <module> import botocore.session File "/var/log/amazon/ssm/patch-baseline-operations/botocore/session.py", line 29, in <module> import botocore.configloader File "/var/log/amazon/ssm/patch-baseline-operations/botocore/configloader.py", line 19, in <module> from botocore.compat import six File "/var/log/amazon/ssm/patch-baseline-operations/botocore/compat.py", line 25, in <module> from botocore.exceptions import MD5UnavailableError File "/var/log/amazon/ssm/patch-baseline-operations/botocore/exceptions.py", line 15, in <module> from botocore.vendored import requests File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/__init__.py", line 58, in <module> from . import utils File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/utils.py", line 26, in <module> from .compat import parse_http_list as _parse_list_header File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/compat.py", line 7, in <module> from .packages import chardet File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/__init__.py", line 3, in <module> from . import urllib3 File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/__init__.py", line 10, in <module> from .connectionpool import ( File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/connectionpool.py", line 38, in <module> from .response import HTTPResponse File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/response.py", line 9, in <module> from ._collections import HTTPHeaderDict File "/var/log/amazon/ssm/patch-baseline-operations/botocore/vendored/requests/packages/urllib3/_collections.py", line 1, in <module> from collections import Mapping, MutableMapping ImportError: cannot import name 'Mapping' from 'collections' (/usr/lib/python3.10/collections/__init__.py) ``` Could someone help me with this one? Instance Details: PRETTY_NAME="Ubuntu 22.04.1 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.1 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy
1
answers
1
votes
118
views
asked 4 months ago