I've attempted to use the "AWSEC2-CloneInstanceAndUpgradeWindows" automation runbook to carry out the upgrade.
I had never used Systems Manager before, so I followed the steps in the documentation I had to run Quick Setup. This worked in most areas, although the association for "AWS-QuickSetup-SSMHostMgmt-ScanForPatches-kvszx" failed. (I don't know if this is relevant).
This created the role "AWSSystemsManagerDefaultEC2InstanceManagementRole" with the policy "AmazonSSMManagedEC2InstanceDefaultPolicy".
I have the following AWS Services on the server:
AWS PV Drivers: v8.4.3
SSM Agent: v3.2.1705
EC2ConfigService: 4.9.5554.0
When I run the automation, I have specified the:
Instance-id (selected from list)
IAMInstanceProfile. = AWSSystemsManagerDefaultEC2InstanceManagementRole
TargetWindowsVersion = 2022
SubnetID = value assigned to instance (The server can access Windows & Amazon website downloads normally)
Each time it runs, it fails during "serverUpgradeInstanceWithOriginalKeyPair" (Step 8 of "AWSEC2-CloneInstanceAndUpgradeWindows2019")
with the error.
"Value (AWSSystemsManagerDefaultEC2InstanceManagementRole) for parameter iamInstanceProfile.name is invalid. Invalid IAM Instance Profile name (Service: AmazonEC2; Status Code: 400; Error Code: InvalidParameterValue; Request ID: 630736c3-9605-446c-94d6-5e6205f985cd; Proxy: null)"
Should I be entering a different value for IAMInstanceProfile, or do I need to give it more permissions?
On one occasion, I attempted to run automation while leaving "IAMInstanceProfile" blank. On that occasion, it timed out on "checkAfterWindowsUpgrade2019" (step 29 of "AWSEC2-CloneInstanceAndUpgradeWindows2019" ) which followed on from a success for "sleepForWindowUpgradeAndStart2022".
I'm guessing that I have missed a step somewhere, and need to add an extra permission or additional drivers.
Any help or suggestions gratefully received?
AWS 官方已更新 3 年前