aws patch manager

Question

root [ERROR]: An error occurred (AccessDeniedException) when calling the GetDeployablePatchSnapshotForInstance operation: Instance Id i-009da1237dec531ad doesn't match the credentials
I am using aws system patch manager to update system patches, but getting above error, when I run any command they run successfully, means no issue  related  drier or connectivity

Answer

The error message you're encountering (AccessDeniedException) indicates that the IAM role or user associated with the AWS Systems Manager (SSM) doesn't have the necessary permissions to execute the GetDeployablePatchSnapshotForInstance operation.

To resolve this issue, you need to attach a policy to the IAM role or user that grants the required permissions. Here's an example of an IAM policy that allows the necessary actions for AWS Systems Manager Patch Manager:

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "ssm:DescribeInstanceInformation",
                "ssm:DescribeInstancePatches",
                "ssm:DescribeInstancePatchStates",
                "ssm:GetDeployablePatchSnapshotForInstance",
                "ssm:ListInstanceAssociations",
                "ssm:DescribeInstanceAssociationsStatus",
                "ssm:DescribeAvailablePatches",
                "ssm:GetPatchBaseline",
                "ssm:GetPatchBaselineForPatchGroup",
                "ssm:DescribePatchGroups",
                "ssm:DescribePatchGroupState",
                "ssm:DescribeOperatingSystems",
                "ssm:DescribePatchProperties",
                "ssm:DescribeMaintenanceWindowSchedule",
                "ssm:GetMaintenanceWindow",
                "ssm:GetMaintenanceWindowExecution",
                "ssm:GetMaintenanceWindowExecutionTask",
                "ssm:GetMaintenanceWindowExecutionTaskInvocation",
                "ssm:ListResourceComplianceSummaries",
                "ssm:GetComplianceSummary",
                "ssm:DescribeInstancePatchStatesForPatchGroup",
                "ssm:ListComplianceItems",
                "ssm:ListComplianceSummaries"
            ],
            "Resource": "*"
        }
    ]
}

```

To attach this policy to an IAM role or user, follow these steps:

1. Sign in to the AWS Management Console and open the IAM console at https://console.aws.amazon.com/iam/.
2. In the navigation pane, click "Roles" or "Users" depending on whether you want to attach the policy to a role or a user.
3. Find the role or user you want to attach the policy to and click on its name.
4. Click "Add inline policy" on the "Permissions" tab.
5. Click the "JSON" tab, then copy and paste the policy JSON into the editor.
6. Click "Review policy", provide a name for the policy, and click "Create policy".

After attaching the policy to the IAM role or user, you should no longer receive the "AccessDeniedException" error when using AWS Systems Manager Patch Manager.

aws patch manager

相關內容