Questions tagged with AWS Systems Manager
Content language: English
Sort by most recent
I have a Maintenance Window which runs a Lambda as one of the Tasks.
Within the Task i have specified the Payload as "{{RESOURCE_ID}}".
This is so that the Lambda can execute against the instance list within a defined Resource Group.
This Resource Group is defined within the Maintenance Window Targets page.
This all works fine....
I'm now trying to build this using a cloudformation template with the Lambda task details within "AWS::SSM::MaintenanceWindowTask".
The problem i'm having is that i've tried various formats of entering the Payload information under...
"TaskInvocationParameters:
"MaintenanceWindowLambdaParameters:"
... but i'm not able to successfully load the template. It keeps failing with "The Payload parameter for Lambda must be valid JSON"
The AWS docs specify that the Payload data needs to be converetd to Base64. I've tried the following formats which have all failed with the same message....
Payload: !Base64 '{"instanceId": ["{{RESOURCE_ID}}"]}'
Payload: !Base64 {"instanceId": ["{{RESOURCE_ID}}"]}
Payload: !Base64 '{{RESOURCE_ID}}'
Payload: {"Fn::Base64" : "{{RESOURCE_ID}}"}
Payload: "{{RESOURCE_ID}}"
Payload: !Base64 '{"instanceId": "{{RESOURCE_ID}}"}'
Any ideas where i'm going wrong?
Hello!
I am trying to remove some EC2 instances off the fleet manager. I found some documentation stating the way to remove it is to deregister from the portal. However, when I follow these instructions, the "Deregister This Managed Node" is grayed out and I unable to click on it. I am not sure on next steps to troubleshoot this. If anyone has idea, I appreciate it!
Thanks!
When using the RDP session of fleet manager, I get strange errors when trying to type into certain windows. For example, I can type into the search bar and notepad, but when I open a PowerShell window, it doesn't respond to key inputs. The Command window works but the PowerShell window is what I use for a lot of admin tasks. Its making fleet manager almost unusable now. Is there a way to fix this?
I created a SecureString parameter in AWS Systems Manager Parameter Store. It uses the default KMS key for encryption/decryption. I also created an association in State Manager to run "AWS-RunPowerShellScript" using the command "Net.exe user administrator {{ssh:<name of my parameter>}}" to have State Manager update the password across all of my associated Windows EC2 instances. However, the update only works when I reference a String parameter but does NOT work when I reference a SecureString parameter.
Any ideas why I can't reference a SecureString parameter? How do I reference a SecureString parameter in this State Manager association?
Hi,
I am new to use SSM alternative of SSH connection.
So, I am trying to create a permissions for users to be used when using SSM.
For example: I don't need all users to act as an (ec2-user), I need user to check the specific file only, or had a user without ability to reboot the services at instances.
What security group inbound rule do I need to add that will allow AWS Systems Manager State Manager to run the AWS-RunPowerShellScript document on an association of EC2 Windows instances?
Hi Team,
I'm trying to use AWS Batch service with ECS Fargate. It's basically a python script to fetch the db password stored as secret from AWS SSM Parameter and run an ETL function.
I have ensured networking(internet access with NAT Gateway) and the required iam permission(Full Access) to fetch the secrets or ecr image. It is scheduled to run on an hourly basis. Sometimes, it is working fine but some other time it is failing with the below message.
> "Resourceinitializationerror: unable to pull secrets or registry auth: execution resource retrieval failed: unable to retrieve secrets from ssm: service call has been retried 5 time(s): RequestCanceled: request context canceled caused by: context deadline exceeded"
This seems to be a strange issue. I'm happy to fix if any changes to be done from my side but i'm little worried on why it is unstable. Can some clarify on this issue please?
Hi everyone,
I have been following the documentation for setting up the AWS SDK, however after having the packages installed I am getting error messages when trying to compile and run a cpp file which just prints "hello", and has the headers for aws/core and aws/s3 included. I am just trying to verify everything is linked correctly. Actually connecting to S3 can be a separate task.
Can someone provide **exact step by step solution for setting up the AWS SDK on a Ubuntu EC2 instance?** Starting from cloning the repo, to compiling the cpp file and running the executable. Thank you very much.
I am relatively new to CPP so I'm using this as a side project to gain some experience, sorry if my question seems nooby.
Was trying to start a session[terminal] via ssm on an instance in another account.
using command "aws ssm start-session --target i-yyyaf4692d801d1xx --region ap-south-1"
but it was failing with response as Target is not connected.
- we get this response when the instance is usually not found in the inventory of Systems Manager. which i can't add, as the instance is in another account
Also
- my user has appropriate permissions have verified it through IAM Simulator
- it seems instance IDs are unique and associated to one account only.
- the instance is accessible by local users in that account.
END Goal: I wish to use users created in Account A to be able to start sessions on instances on Account B. both part of same organization.
I discovered archives must be deleted before vaults can be deleted. Looks like I first have to download vault inventory, then write code to delete archives since they can't be deleted in the console. I can't figure out how to create/download the inventory and I don't code, so I'm at a loss. I'm just a simple home user (fairly technical IT guy, but don't code) who uses Arq for backups and I just want to close my account. Any help is appreciated.
We have a big fleet of EC2 instances in our production account and we would like to know if we should be worried about any performance issues should we go ahead and enable inspector, since we can't exclude instances and once enabled will cover all instances, running the SSM agent. Is there any documentation that explains how the scanning and reporting mechanism works ?
For example, using the Guardduty malware scanning it will take a snapshot and do an offline scanning rather on the EC2 itself. So, knowing that the inspector scanning leverages the SSM agent running on the EC2, should there be any concerns at all, when we decide to go ahead and enable inspector in a production environment ?
Hi. I have recently been using AWS Systems Manager (SSM) with a Greengrass core device to execute shell commands remotely from the AWS console. I was successful in executing the shell commands and proceeded with de-registering the managed node due to the fact that the SSM documentation clearly states that "You can reregister an on-premises server, edge device, or VM again at any time. Systems Manager stores the command history for a deregistered managed node for 30 days". I wanted to re-register the same managed node but am unsure how to go about doing this. I tried navigating around the SSM console and even looked in the API reference to see if there was an AWS CLI command to execute to re-register a node. I also tried redeploying the Greengrass components but all these attempts were unsuccessful. Am I missing something here? Any assistance or at least a nudge in the right direction would be greatly appreciated.