Questions tagged with AWS Systems Manager
Content language: English
Sort by most recent
when I scan my ec2 machine using aws patch manager, I am getting this error
[ERROR]:**Error loading entrance module.**
Traceback (most recent call last):
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 125, in _get_snapshot_info
ssm_client = client_selector.get_default_client(instance_id, region, "ssm")
File "/var/log/amazon/ssm/patch-baseline-operations/patch_common/client_selector.py", line 61, in get_default_client
I've installed the [AWS Service Management Connector for JSM](https://marketplace.atlassian.com/apps/1221283/aws-service-management-connector-for-jsm?tab=overview&hosting=cloud) into Jira and provisioned the users using CloudFormation from the provided script on https://docs.aws.amazon.com/smc/latest/ag/jsmcloud-base-perms.html and all the connection tests passed.
However the SSM Incidents do not sync. The CloudTrail Event log shows that the sync requests fail with a `ValidationException`. I believe this is due to the `creationTime` filter.
Partial Event Redacted:
```json
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "AIXXXXXXXXXXXXXX",
"arn": "arn:aws:iam::XXXXXXXXXX:user/SCSyncUser",
"accountId": "XXXXXXXXXX",
"accessKeyId": "AKXXXXXXXXXXXXX",
"userName": "SCSyncUser"
},
"eventTime": "2023-03-22T14:41:55Z",
"eventSource": "ssm-incidents.amazonaws.com",
"eventName": "ListIncidentRecords",
"awsRegion": "us-west-2",
"sourceIPAddress": "xx.xx.xxx.xx",
"userAgent": "Forge/4.2.0 ari:cloud:ecosystem::app/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"errorCode": "ValidationException",
"requestParameters": {
"filters": [
{
"key": "status",
"condition": {
"equals": {
"stringValues": [
"OPEN",
"RESOLVED"
]
}
}
},
{
"key": "creationTime",
"condition": {}
}
]
},
"responseElements": null,
"requestID": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"eventID": "xxxxx-xxxx-xxx-xxxx-xxxxxxxxx",
"readOnly": true,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "XXXXXXXXXX",
"eventCategory": "Management"
}
```
Current CF Template: https://servicecatalogconnector.s3.amazonaws.com/SMC_ConnectorforJSMCloud-AWS_Configurations_Commercial.json
Are there additional steps that are missing from the documentation or is this just a bug?
Hi, We would like to trigger events based on when an instance (EC2 or OnPrem) is registered in Systems Manager, an example, would be to trigger an instance tagging mechanism so that tags are applied as soon as the instance is registered.
I can see PutInventory in Cloudtrail gets created on registration and then occurs every 12h thereafter, but we dont need anything that cyclical. We are considering an Association that is configured without a Schedule, but this triggers runCommand on the instance which is unnecessary data transit across the WAN. It would be good if the event could trigger eventBridge to then trigger a StepFunction, but we're looking for the best trigger.
Does anyone have any suggestions on the best trigger for this?
I'm working on my first CDK stack, and it's frustratingly not working at all. It dies when I go to run deploy with the following error:
```
Building assets failed: Error: Building Assets Failed: Error: FuseArchiver: Socket timed out without establishing a connection
```
If I run it with `cdk deploy -vv` I get these last few lines after it run synthesis:
```
[15:21:15] Retrieved account ID xxxxxxxxx from disk cache
[15:21:15] Assuming role 'arn:aws:iam::xxxxxxxxxxx:role/cdk-hnb-xxxxxx-deploy-role-xxxxxxxxxxxx-us-east-1'.
[15:21:16] Waiting for stack CDKToolkit to finish creating or updating...
[15:21:16] [AWS cloudformation 200 0.081s 0 retries] describeStacks({ StackName: 'CDKToolkit' })
[15:22:35] [AWS ssm undefined 79.686s 6 retries] getParameter({ Name: '/cdk-bootstrap/hnxxxxxds/version' })
[15:22:35] Call failed: getParameter({"Name":"/cdk-bootstrap/hnxxxxxxfds/version"}) => Socket timed out without establishing a connection (code=TimeoutError)
❌ Building assets failed: Error: Building Assets Failed: Error: FuseArchiver: Socket timed out without establishing a connection
at buildAllStackAssets (D:\Users\xxxxx\apps\nvm\v18.15.0\node_modules\aws-cdk\lib\index.js:374:115279)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async CdkToolkit.deploy (D:\Users\xxxxx\apps\nvm\v18.15.0\node_modules\aws-cdk\lib\index.js:374:143496)
at async exec4 (D:\Users\xxxxx\apps\nvm\v18.15.0\node_modules\aws-cdk\lib\index.js:429:51795)
[15:22:52] Reading cached notices from D:\Users\xxxxx\.cdk\cache\notices.json
Building Assets Failed: Error: FuseArchiver: Socket timed out without establishing a connection
[15:22:52] Error: Building Assets Failed: Error: FuseArchiver: Socket timed out without establishing a connection
at buildAllStackAssets (D:\Users\xxxxx\apps\nvm\v18.15.0\node_modules\aws-cdk\lib\index.js:374:115279)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async CdkToolkit.deploy (D:\Users\xxxxx\apps\nvm\v18.15.0\node_modules\aws-cdk\lib\index.js:374:143496)
at async exec4 (D:\Users\xxxxx\apps\nvm\v18.15.0\node_modules\aws-cdk\lib\index.js:429:51795)
```
So it looks like it dies when it goes to talk to AWS SSM with getParameter call. I'm running this from an AWS workspace inside a VPC which should be able to talk to SSM, but can't. I've had some issues with SSM reaching my boxes in the past with permissions, but I think those are resolved.
I'm using node: v18.15.0, CDK 2.69.0, and Windows 10
We have setup remote apps to be used via RDP on a Windows Server. Users have reported that they will get disconnected mid-session. They are usually logged in all day. We haven't been able to find a cause.
We have done the following:
1. Increased the server hardware based on AWS provisioning suggestion
2. Set up Domain and Local GPO to keep instances active, auto reconnect sessions, and only allow one session per user
3. Checked the Remote Desktop App settings to ensure we don't have a timeout issue there
4. Checked Event Logs both on the server and at the AD controller (No errors)
5. Checked security settings for anything potential connected to remote desktop
6. Made sure we have remote desktop licenses installed
We are running the Apps over a VPN and each server is setup to serve as a RD broker as well as host the RD App.
Any ideas?
root [ERROR]: An error occurred (AccessDeniedException) when calling the GetDeployablePatchSnapshotForInstance operation: Instance Id i-009da1237dec531ad doesn't match the credentials
I am using aws system patch manager to update system patches, but getting above error, when I run any command they run successfully, means no issue related drier or connectivity
when I apply patches I get this erros which I bold mark
/usr/bin/python3
/usr/bin/apt-get
Reading package lists...
Building dependency tree...
Reading state information...
python3-apt is already the newest version (2.0.1ubuntu0.20.04.1).
0 upgraded, 0 newly installed, 0 to remove and 41 not upgraded.
Using python binary: 'python3'
Using Python Version: Python 3.9.16
03/21/2023 06:13:45 root [INFO]: Downloading payload from https://s3.dualstack.ap-south-1.amazonaws.com/aws-ssm-ap-south-1/patchbaselineox/payloads/patch-baseline-operations-1.105.tar.gz
03/21/2023 06:13:46 root [INFO]: Attempting to import entrance file os_selector
03/21/2023 06:13:46 root [INFO]: Running with snapshot id = and operation = Scan
****03/21/2023 06:13:46 botocore.credentials [INFO]: Found credentials in shared credentials file: ~/.aws/credentials
03/21/2023 06:13:46 root [ERROR]: An error occurred (AccessDeniedException) when calling the GetDeployablePatchSnapshotForInstance operation: Instance Id i-009dab947dec531ad doesn't match the credentials**
Traceback (most recent call last):**
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 126, in _get_snapshot_info
patch_snapshot = _get_snapshot_with_client(ssm_client, instance_id, snapshot_id, baseline_override)
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 434, in _get_snapshot_with_client
return ssm_client.get_deployable_patch_snapshot_for_instance(
File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 276, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 586, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GetDeployablePatchSnapshotForInstance operation: Instance Id i-009vbhjkab94bnmad doesn't match the credentials
03/21/2023 06:13:46 root [INFO]: Unable to retrieve snapshot with default ssm client, retry with fallback ssm client
03/21/2023 06:13:46 botocore.credentials [INFO]: Found credentials in shared credentials file: ~/.aws/credentials
03/21/2023 06:13:46 root [ERROR]: Error loading entrance module.
Traceback (most recent call last):
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 126, in _get_snapshot_info
patch_snapshot = _get_snapshot_with_client(ssm_client, instance_id, snapshot_id, baseline_override)
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 434, in _get_snapshot_with_client
return ssm_client.get_deployable_patch_snapshot_for_instance(
File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 276, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 586, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GetDeployablePatchSnapshotForInstance operation: Instance Id i-009dab9ghjkl531ad doesn't match the credentials
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 102, in _get_snapshot_info_with_fallback_ssm_client
patch_snapshot = _get_snapshot_with_client(fallback_ssm_client, instance_id, snapshot_id, baseline_override)
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 434, in _get_snapshot_with_client
return ssm_client.get_deployable_patch_snapshot_for_instance(
File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 276, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 586, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GetDeployablePatchSnapshotForInstance operation: Instance Id i-009dab947dec531ad doesn't match the credentials
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/log/amazon/ssm/patch-baseline-operations/common_startup_entrance.py", line 203, in execute
exit( entrance_module.execute(*argv))
File "/var/log/amazon/ssm/patch-baseline-operations/os_selector.py", line 54, in execute
common_os_selector_methods.fetch_snapshot(operation_type, instance_id, region, reboot_option, document_step,
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 280, in fetch_snapshot
snapshot_info = _get_snapshot_info(instance_id, snapshot_id, region, baseline_override_dict)
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 136, in _get_snapshot_info
return _get_snapshot_info_with_fallback_ssm_client(instance_id, region, snapshot_id, baseline_override)
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 108, in _get_snapshot_info_with_fallback_ssm_client
raise PatchManagerError("GetDeployableSnapshotForInstance had access denied and no metadata credentials were available",
patch_common.exceptions.PatchManagerError: ('GetDeployableSnapshotForInstance had access denied and no metadata credentials were available', 145)
03/21/2023 06:13:46 root [ERROR]: ('GetDeployableSnapshotForInstance had access denied and no metadata credentials were available', 145)
Traceback (most recent call last):
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 126, in _get_snapshot_info
patch_snapshot = _get_snapshot_with_client(ssm_client, instance_id, snapshot_id, baseline_override)
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 434, in _get_snapshot_with_client
return ssm_client.get_deployable_patch_snapshot_for_instance(
File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 276, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 586, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GetDeployablePatchSnapshotForInstance operation: Instance Id i-009dab947dec531ad doesn't match the credentials
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 102, in _get_snapshot_info_with_fallback_ssm_client
patch_snapshot = _get_snapshot_with_client(fallback_ssm_client, instance_id, snapshot_id, baseline_override)
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 434, in _get_snapshot_with_client
return ssm_client.get_deployable_patch_snapshot_for_instance(
File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 276, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 586, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GetDeployablePatchSnapshotForInstance operation: Instance Id i-009dab947dec531ad doesn't match the credentials
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/log/amazon/ssm/patch-baseline-operations/common_startup_entrance.py", line 203, in execute
exit( entrance_module.execute(*argv))
File "/var/log/amazon/ssm/patch-baseline-operations/os_selector.py", line 54, in execute
common_os_selector_methods.fetch_snapshot(operation_type, instance_id, region, reboot_option, document_step,
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 280, in fetch_snapshot
snapshot_info = _get_snapshot_info(instance_id, snapshot_id, region, baseline_override_dict)
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 136, in _get_snapshot_info
return _get_snapshot_info_with_fallback_ssm_client(instance_id, region, snapshot_id, baseline_override)
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 108, in _get_snapshot_info_with_fallback_ssm_client
raise PatchManagerError("GetDeployableSnapshotForInstance had access denied and no metadata credentials were available",
patch_common.exceptions.PatchManagerError: ('GetDeployableSnapshotForInstance had access denied and no metadata credentials were available', 145)
03/21/2023 06:13:46 root [ERROR]: write() argument must be str, not None
Traceback (most recent call last):
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 126, in _get_snapshot_info
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 434, in _get_snapshot_with_client
File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 276, in _api_call
File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 586, in _make_api_call
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GetDeployablePatchSnapshotForInstance operation: Instance Id i-009dab947dec531ad doesn't match the credentials
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 102, in _get_snapshot_info_with_fallback_ssm_client
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 434, in _get_snapshot_with_client
File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 276, in _api_call
File "/var/log/amazon/ssm/patch-baseline-operations/botocore/client.py", line 586, in _make_api_call
botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the GetDeployablePatchSnapshotForInstance operation: Instance Id i-009dab947dec531ad doesn't match the credentials
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/var/log/amazon/ssm/patch-baseline-operations/common_startup_entrance.py", line 203, in execute
File "/var/log/amazon/ssm/patch-baseline-operations/os_selector.py", line 54, in execute
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 280, in fetch_snapshot
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 136, in _get_snapshot_info
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 108, in _get_snapshot_info_with_fallback_ssm_client
patch_common.exceptions.PatchManagerError: ('GetDeployableSnapshotForInstance had access denied and no metadata credentials were available', 145)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<stdin>", line 181, in <module>
File "/var/log/amazon/ssm/patch-baseline-operations/common_startup_entrance.py", line 210, in execute
File "/var/log/amazon/ssm/patch-baseline-operations/common_startup_entrance.py", line 149, in abort
TypeError: write() argument must be str, not None
I have been testing Systems Manager patching Linux servers for some days. In the beginning, I struggled with roles setup and autoscaling group with launch templates. Finally, I figure out the importance of the policies that cannot be added to roles in launch templates and also the tag of the roles. Now, I can find a working configuration.
Afterwards, I notice that AWS has just launched Default Host Management Configuration. It seems to waive the need to struggle with the IAM roles and policies. It becomes easy to use Systems Manager to connect to the instances using session manager. However, when I tried to work out how to use Patch Manager together, it seems that the role added by Quick Setup cannot enable the SSM agent to download the baseline override. The EC2 do not have a role originally. The following was logged:
```
/usr/bin/python2.7
/usr/bin/python2
/usr/bin/python
/usr/bin/yum
Using Yum version: 3.4.3
Using python binary: 'python2.7'
Using Python Version: Python 2.7.18
03/21/2023 04:05:07 root [INFO]: Downloading payload from https://s3.dualstack.us-west-2.amazonaws.com/aws-ssm-us-west-2/patchbaselineoperations/linux/payloads/patch-baseline-operations-1.105.tar.gz
03/21/2023 04:05:07 root [INFO]: Attempting to import entrance file os_selector
03/21/2023 04:05:08 root [INFO]: Running with snapshot id = and operation = Install
03/21/2023 04:05:08 root [INFO]: Downloading Baseline Override from s3://aws-quicksetup-patchpolicy-438724983186-snhqg/baseline_overrides.json
03/21/2023 04:05:08 botocore.credentials [INFO]: Found credentials in shared credentials file: /var/lib/amazon/ssm/credentials
03/21/2023 04:05:08 root [ERROR]: Unable to download file from S3: s3://aws-quicksetup-patchpolicy-xxxxxxxxxxx-snhqg/baseline_overrides.json.
03/21/2023 04:05:08 root [ERROR]: Error loading entrance module.
Traceback (most recent call last):
File "common_startup_entrance.py", line 203, in execute
exit( entrance_module.execute(*argv))
File "/var/log/amazon/ssm/patch-baseline-operations/os_selector.py", line 55, in execute
snapshot_id, override_list=override_list, baseline_override=baseline_override)
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 279, in fetch_snapshot
baseline_override_dict = load_baseline_override(instance_id, baseline_override, document_step, region)
File "patch_common/baseline_override.py", line 29, in load_baseline_override
baseline_overrides = _download_baseline_override_content(instance_id, baseline_override_path, region)
File "patch_common/baseline_override.py", line 97, in _download_baseline_override_content
if download_file(instance_id, baseline_override_path, file_name, region):
File "patch_common/downloader.py", line 56, in download_file
downloaded = download_from_s3(instance_id, remote_path, local_file_path, region)
File "patch_common/downloader.py", line 35, in download_from_s3
s3_client.download_file(result.group(1), result.group(2), file_path)
File "/var/log/amazon/ssm/patch-baseline-operations/boto3/s3/inject.py", line 172, in download_file
extra_args=ExtraArgs, callback=Callback)
File "/var/log/amazon/ssm/patch-baseline-operations/boto3/s3/transfer.py", line 307, in download_file
future.result()
File "/var/log/amazon/ssm/patch-baseline-operations/s3transfer/futures.py", line 106, in result
return self._coordinator.result()
File "/var/log/amazon/ssm/patch-baseline-operations/s3transfer/futures.py", line 265, in result
raise self._exception
ClientError: An error occurred (403) when calling the HeadObject operation: Forbidden
03/21/2023 04:05:08 root [ERROR]: An error occurred (403) when calling the HeadObject operation: Forbidden
Traceback (most recent call last):
File "common_startup_entrance.py", line 203, in execute
exit( entrance_module.execute(*argv))
File "/var/log/amazon/ssm/patch-baseline-operations/os_selector.py", line 55, in execute
snapshot_id, override_list=override_list, baseline_override=baseline_override)
File "/var/log/amazon/ssm/patch-baseline-operations/common_os_selector_methods.py", line 279, in fetch_snapshot
baseline_override_dict = load_baseline_override(instance_id, baseline_override, document_step, region)
File "patch_common/baseline_override.py", line 29, in load_baseline_override
baseline_overrides = _download_baseline_override_content(instance_id, baseline_override_path, region)
File "patch_common/baseline_override.py", line 97, in _download_baseline_override_content
if download_file(instance_id, baseline_override_path, file_name, region):
File "patch_common/downloader.py", line 56, in download_file
downloaded = download_from_s3(instance_id, remote_path, local_file_path, region)
File "patch_common/downloader.py", line 35, in download_from_s3
s3_client.download_file(result.group(1), result.group(2), file_path)
File "/var/log/amazon/ssm/patch-baseline-operations/boto3/s3/inject.py", line 172, in download_file
extra_args=ExtraArgs, callback=Callback)
File "/var/log/amazon/ssm/patch-baseline-operations/boto3/s3/transfer.py", line 307, in download_file
future.result()
File "/var/log/amazon/ssm/patch-baseline-operations/s3transfer/futures.py", line 106, in result
return self._coordinator.result()
File "/var/log/amazon/ssm/patch-baseline-operations/s3transfer/futures.py", line 265, in result
raise self._exception
ClientError: An error occurred (403) when calling the HeadObject operation: Forbidden
```
I met similar issues before when I manually created a role for the EC2 without the appropriate tagging. It seems that the SSM Agent is using the role from DHMC (ie service-role/AWSSystemsManagerDefaultEC2InstanceManagementRole) instead of the role added by Quick Setup (AmazonSSMRoleForInstancesQuickSetup)
I guess if I want to use both DHMC and Patch Policy Quick Setup, I need to make some changes to the role from DHMC. Anyone have similar experience?
PS. It take a bit time for the EC2 to make use of the newly attached role by quick setup. After that, it can download the baseline override from S3 and complete the patching task.
Hi Team,
How to export the variable when connecting via session manager connect for linux OS.
I tried adding to the bashrc, /etc/environment, and /etc/profile did not work.
I am attempting to setup Patch Manager for all my AWS instances but all my Ubuntu servers are failing on scan.
I've checked the servers to ensure the SSM agent is installed and the service is running.
Servers are running Ubuntu 22.04.2.
When I run a scan I receive the below output error:
/var/log/amazon/ssm/patch-baseline-operations/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="?
if x is 0 or x is 1:
/var/log/amazon/ssm/patch-baseline-operations/jmespath/visitor.py:32: SyntaxWarning: "is" with a literal. Did you mean "=="?
if x is 0 or x is 1:
/var/log/amazon/ssm/patch-baseline-operations/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="?
elif y is 0 or y is 1:
/var/log/amazon/ssm/patch-baseline-operations/jmespath/visitor.py:34: SyntaxWarning: "is" with a literal. Did you mean "=="?
elif y is 0 or y is 1:
/var/log/amazon/ssm/patch-baseline-operations/jmespath/visitor.py:260: SyntaxWarning: "is" with a literal. Did you mean "=="?
if original_result is 0:
No IMDS credentials found on instance.failed to run commands: exit status 156
Hello,
I'm receiving SNS notification after run command (AWS_applypatchbaseline) , but it is containing only instance ID and run command result (failed, success...).
Example below :
```
{"commandId":"a55a64ed-b532-4cf0-a9fd-redacted","documentName":"AWS-ApplyPatchBaseline","instanceId":"mi-0529853redacted","requestedDateTime":"2023-03-09T10:00:07.38Z","status":"Failed","detailedStatus":"Failed","eventTime":"2023-03-09T10:19:54.568Z"}
```
I would like to translate this to instance name + run command **output **(where I can see installed KB)
Any directions where I should look at ?
As mentioned in https://docs.aws.amazon.com/systems-manager/latest/userguide/managed-instances-default-host-management.html, SSM Agent version 3.2.582.0 or above have to be used in order to make use of Default Host Management Configuration. However, the latest version on Amazon Linux 2 is 3.1.1732.0 when I use yum update. Do we need to build from source code in order to use it at this moment? Thanks.