sysman-patch-baseline-console.md Step 11 includes a malformed yum.conf sample.
This should read:

[main]  
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2

Is there a way to create a custom Parameter for when using this template? I am using the IAM_User_Inactive_90_days Rule in AWS config and tried out using this Remediation rule but I don't get a lot of helpful information in my Jira Ticket. It would be nice if it showed who the remediation action ran on for the account that was past 90 days of inactivity?

Hi,

there is an syntax error after

Create an association for a managed instance named "ws-0123456789012345"

aws ssm create-association --name value --targets "Key=Instance Ids,Values=ws-0123456789"} --name AWS-UpdateSSMAgent --schedule "cron(0 0 2 ? * SUN *)"

The parameter name is written twice and value of targets is not a valid JSON - opening curly bracket is missing.

Hi All,
I am running into an issue where I need to make a variable dynamic in my command document. I already have created a parameter for the same but I want to integrate this in a pipeline and hence I don't want to go in and change the name of the parameter for every run and create a new version of the document.

Any ideas as to how I can make the value of the parameter dynamic?? Or maybe append the code build id or some other param in the build spec on code build?
FYI- I have tried appending $codebuild id etc in build spec but nothing seems to work.

Any help would be appreciated. Thanks!!
Basically I am trying to find a way to make the below parameter Test3 dynamic ex. test1_blah, test2_blah1 etc. but I don't want to create new version of the document to do that. Thanks!!

"schemaVersion": "2.2",
"description": "Command Document ",
"parameters": {
"FolderName": {
"type": "String",
"description": "This folder is where Report will be stored",
"default": "Test3"
}
},

Hi there, could somebody reupload the examples for the cf?

https://github.com/awsdocs/aws-systems-manager-user-guide/blob/main/doc_source/automation-cf.md

Not sure if this is the correct repository to raise this issue in, but I'll give it a try.

Details:
I am using the AWS-managed document AWS-ConfigureAWSPackage in State Manager to handle automatic installation and updates of AWSCodeDeployAgent. Installation works fine on a fresh instance, but a non-zero exit code is returned if an instance is already running the latest version, thus leading to a failed association.

Issue:
The Run Command fails due to a non-zero exit code if an instance is running the latest version of the CodeDeploy agent.

Expected behavior:
The Run Command should only return a non-zero exit code if an actual update failed -- not if the instance is running the latest version.

Output of Run Command:

Initiating AWSCodeDeployAgent 1.2.1 install

Plugin aws:runShellScript ResultStatus Failed

install output: Running sh install.sh

Checking Yum Package Manager...

Checking Ruby install...

Checking Installed Ruby Version...

Supported Ruby Version Found

Checking if codedeploy-agent is already present...

Existing CodeDeploy Agent Detected. Checking Version...

Installed Version Same as Package Version. Skipping Install...

----------ERROR-------

install errors: failed to run commands: exit status 1

Failed to install package; install status Failed

On this doc https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-chef-inspec.html - InSpec is described as a runtime - However its a testing framework

Within step 8 for https://github.com/awsdocs/aws-systems-manager-user-guide/blob/main/doc_source/automation-document-builder.md

Currently this is shown as optional in the docs and the console. State Manager will through an error "Automation Association Parameters must have length greater than 0 and less than or equal to 200" when there is no input parameter specified.

Get-SSMCommandInvocation does not return instance ID. This is particularly problematic when a command was sent to multiple machines. How do we know what instance a given command result occurred on?

Hello!

Please make some examples on the ssm automation actions, e.g.: aws:runInstances.
The BlockDeviceMappings parameter not working at all.
https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-action-runinstance.html

I was tring to make an automation with aws:runInstances automation action with an AMZ2 ami id but changing the root volume from gp2 to gp3.
My automation document step is the following:

- name: runec2
    action: 'aws:runInstances'
    inputs:
      ImageId: ami-06c39ed6b42908a36
      BlockDeviceMappings:
        - deviceName: /dev/xvda
          ebs:
            deleteOnTermination: true
            encrypted: true
            volumeType: gp3
    description: runec2

And when I executed the automation document the console shows the following input parameters for this step:

BlockDeviceMappings
[{"deviceName":null,"virtualName":null,"ebs":null,"noDevice":null}]
ImageId
"ami-06c39ed6b42908a36"

What am i doing wrong?

Thanks in advance!

Is there any benefit or advantage for the SSM Parameter Store feature if I create a SSM VPC endpoint? Does a VPC SSM endpoint help me in accessing SSM Parameter Store faster or is the access more secure?

Related to #30

AWS-* Automation documents do not currently explain what IAM permissions are needed to run them.
This issue is to track the work to add such information to every AWS-* Automation document.

An example of how this section should look like can be found here:

https://github.com/awsdocs/aws-systems-manager-user-guide/blob/master/doc_source/automation-awssupport-troubleshootssh.md#required-iam-permissions

I am running the below command and it is reporting an error Invalid JSON:

AWS SSM Command:

 aws ssm register-task-with-maintenance-window --window-id mw-06344a0189162e0b3 --targets Key=WindowTargetIds,Values=ae5c621a-17d8-454f-977f-46298f1e6eb8 --task-arn AWS-RunPatchBaseline --service-role-arn arn:aws:iam::xxxxxxxxxxxxx:role/AmazonSSMRoleForInstancesQuickSetup --task-type RUN_COMMAND --max-concurrency 2 --max-errors 1 --priority 1 --task-invocation-parameters '{\"Operation\":{\"Values\":[\"Install\"]}}'

Error:

Error parsing parameter '--task-invocation-parameters': Invalid JSON: Expecting property name enclosed in double quotes: line 1 column 2 (char 1)
JSON received: {\"Operation\":{\"Values\":[\"Install\"]}}

I'm using the AWS Documentation reference below:
https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-patch-cliwalk.html

Now, I changed from single quotes to double quotes but no charm, it still fails now with not using, correct Operation"

AWS SSM Command

aws ssm register-task-with-maintenance-window --window-id $grpa_maint_window --targets "Key=WindowTargetIds,Values=$reg_grpa_tar_wind_id" --task-arn "AWS-RunPatchBaseline" --service-role-arn "arn:aws:iam::xxxxxxxxxxxxx:role/AmazonSSMRoleForInstancesQuickSetup" --task-type "RUN_COMMAND" --max-concurrency 2 --max-errors 1 --priority 1 --task-invocation-parameters "{\"Operation\":{\"Values\":[\"Install\"]}}"

Error:

Parameter validation failed:
Unknown parameter in TaskInvocationParameters: "Operation", must be one of: RunCommand, Automation, StepFunctions, Lambda

Can you please update the documentation with correct example please.

It seems to me that Session Manager plugin latest version and release history is not up to date.

The last version indicated in the table is 1.2.30.0 while the version installed in my place is 1.2.54.0.

$ session-manager-plugin --version
1.2.54.0

Could you complete the history ?

Since I haven't run into the issue with timeout exceeded personally, I don't know if I'm misunderstanding the state the system would be in. As such, these instructions below[1] might be perfectly valid but it would seem to me that they would leave the ssm agent not running since we start then stop then check status.

[1]

Below is the markdown text I am referring to

Note the following details about SSM Agent on Ubuntu Server 18.04 and 16.04:
Because of a known issue with Snap, you might see a Maximum timeout exceeded error with snap commands. If you get this error, run the following commands one at a time to start the agent, stop it, and check its status:

systemctl start snap.amazon-ssm-agent.amazon-ssm-agent.service

systemctl stop snap.amazon-ssm-agent.amazon-ssm-agent.service

systemctl status snap.amazon-ssm-agent.amazon-ssm-agent.service

On the AWS Systems Manager Patch Manager page:

This includes supported versions of several operating systems, as listed in Patch Manager prerequisites..

See the extra period above ^^

I know ya'll are hyper-perfectionists like me, so fix this! :)

Hello,

I am raising this issue with regard to the snippet in the document here:

Amazon Linux 2023 (AL2023) instances initially contains the updates that were available in the version of AL2023 and the chosen AMI. By default, your AL2023 instance doesn't automatically receive additional critical and important security updates at launch. Instead, with the deterministic upgrades through versioned repositories feature in AL2023, which is turned on by default, you can apply updates based on a schedule that meets your specific needs. For more information, see Deterministic upgrades through versioned repositories in the Amazon Linux 2023 User Guide.

On Amazon Linux 2022, the preconfigured repositories are tied to locked versions of package updates. When new Amazon Machine Images (AMIs) for Amazon Linux 2022 are released, they are locked to a specific version. For patch updates, Patch Manager retrieves the latest locked version of the patch update repository and then updates packages on the managed node based on the content of that locked version.

On AL2023, the preconfigured repository is the following:

Repo ID: amazonlinux

Repo name: Amazon Linux 2023 repository

On Amazon Linux 2022 (preview release), the preconfigured repositories are tied to locked versions of package updates. When new Amazon Machine Images (AMIs) for Amazon Linux 2022 are released, they are locked to a specific version. For patch updates, Patch Manager retrieves the latest locked version of the patch update repository and then updates packages on the managed node based on the content of that locked version.

On Amazon Linux 2022, the preconfigured repository is the following:

Repo ID: amazonlinux

Repo name: Amazon Linux 2022 repository

I believe that the order is incorrect. Also, the information with regard to AL2022 and AL2022 (preview release) is same but has their own paragraph. I believe that the documentation should be as below. Please feel free to correct me if I have misunderstood this:

suggested corrections

Amazon Linux 2023 (AL2023) instances initially contains the updates that were available in the version of AL2023 and the chosen AMI. By default, your AL2023 instance doesn't automatically receive additional critical and important security updates at launch. Instead, with the deterministic upgrades through versioned repositories feature in AL2023, which is turned on by default, you can apply updates based on a schedule that meets your specific needs. For more information, see Deterministic upgrades through versioned repositories in the Amazon Linux 2023 User Guide.

On AL2023, the preconfigured repository is the following:

Repo ID: amazonlinux

Repo name: Amazon Linux 2023 repository

On Amazon Linux 2022 and Amazon Linux 2022 Preview Release, the preconfigured repositories are tied to locked versions of package updates. When new Amazon Machine Images (AMIs) for Amazon Linux 2022 are released, they are locked to a specific version. For patch updates, Patch Manager retrieves the latest locked version of the patch update repository and then updates packages on the managed node based on the content of that locked version.

On Amazon Linux 2022, the preconfigured repository is the following:

Repo ID: amazonlinux

Repo name: Amazon Linux 2022 repository

Hi,
I can't make it work - I'm trying to use a secure string parameter from the Parameter Store.
{ "schemaVersion": "2.2", "description": " .", "parameters": { "securestring": { "type": "String", "description": "Path to the ssh key in ssm parameter store - ssm:path", "default": "{{ssm:/test/test}}" } }, "mainSteps": [ { "action": "aws:runShellScript", "name": "runShellScript", "inputs": { "runCommand": [ "#!/bin/bash", "securestring='{{securestring}}'", "echo $securestring" ] } } ] }
This code works with String but not with SecureString parameter(default ssm KMS key). Could you please point me what I need to change to make it work? The error message said nothing.

https://docs.aws.amazon.com/systems-manager/latest/userguide/appconfig-retrieving-the-configuration.html refers to a clientid property, that should be client-id.

HI there seems to be an issue with the following SSM document .
AWSEC2-CloneInstanceAndUpgradeWindows

The code references ,a variable which has never been declared (set)
the variable is $tmpLocation .

the error resulting from this is :

Step fails when it is verifying the command has completed. Command 0ef6ed00-4fcb-4211-b836-f92a8151af89 returns unexpected invocation result: {Status=[Failed], ResponseCode=[1], Output=[All disk(s) are online! Current drives are C:,D:,E:\ olddrives C:,D:\ , Currentdrives C:,D:,E:, Newdrive E:, setup location is E:\\setup.exe 2019-06-25 10:43:05.754 About to download answer file to $tmpLocation Exception calling "DownloadFile" with "2" argument(s): "The underlying connection was closed: An unexpected error occurred on a receive." ----------ERROR------- failed to run commands: exit status 1], CommandId=[0ef6ed00-4fcb-4211-b836-f92a8151af89]}. Please refer to Automation Service Troubleshooting Guide for more diagnosis details.

My workaround entails creating a new copy of the document with the following line included.

        "function ReplaceCulture-AutoattendFile\n",
        "$tmpLocation = $env:TEMP\n",

Documentation it's not updated.
The following documents are missing from the list:

AWSConfigRemediation-ConfigureLambdaFunctionXRayTracing
AWSConfigRemediation-ConfigureS3PublicAccessBlock
AWSConfigRemediation-CreateGuardDutyDetector
AWSConfigRemediation-DeleteUnusedSecurityGroup
AWSConfigRemediation-DeleteUnusedVPCNetworkACL
AWSConfigRemediation-EnableEbsEncryptionByDefault
AWSConfigRemediation-EnableEncryptionOnDynamoDbTable
AWSConfigRemediation-EnableMultiAZOnRDSInstance
AWSConfigRemediation-EnableRDSInstanceDeletionProtection

md source: aws-systems-manager-user-guide/doc_source/automation-documents-reference-details.md

I hope I was helpful.

Related to #30

AWS-* Automation documents do not currently have a step-level description.
This issue is to track the work to add such information to every AWS-* Automation document.

An example of how this section should look like can be found here:

https://github.com/awsdocs/aws-systems-manager-user-guide/blob/master/doc_source/automation-awssupport-troubleshootssh.md#document-version

ec2windows is listed as a service for the public parameters in the documentation. However, when running the command below, ec2windows is not present. Suggest updating the documentation to reflect the available options.

aws ssm get-parameters-by-path --path /aws/service/list

Hello AWS Docs team,

Just filing an issue, as there is no guidance on date formatting for the "aws ssm --expiration-date" cli action.
Looks like it uses epoch timestamps. Would you mind adding that to your documentation?

Thanks for your time!

When using the following AMI ami-ba602bc2 and following the steps to install the agent as follows...

wget https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/debian_amd64/amazon-ssm-agent.deb
sudo dpkg -i amazon-ssm-agent.deb

Installation fails with (log snippet from a Packer run)...

amazon-ebs: Preparing for install
amazon-ebs: -> Systemd detected
amazon-ebs: active
amazon-ebs: amazon-ssm-agent  2.2.619.0  295   stable/…  aws        classic
amazon-ebs: -> Amazon-ssm-agent is installed in this instance by snap, please use snap to update or uninstall.

To try to address this I attempted to use snap even though I am running 16.04 and the following is returned...

snap "amazon-ssm-agent" is already installed, see 'snap help refresh'

So this is leading to a little confusion. It would seem as though the snap package for amazon-ssm-agent is already installed on my AMI.

Can you shed some light on the issue, please.

Cheers.

Hi All,

The Systems Manager documentation team is seeking help in drafting walkthroughs that help customers use Systems Manager Automation in different ways. Specifically, we are looking for help in drafting the following list of topics. If you have experience with Automation, and would be interested in drafting one or more of the following walkthroughs, please submit a pull request as explained in these directions: https://github.com/awsdocs/amazon-s3-developer-guide/blob/master/CONTRIBUTING.md . You don’t have to be an exceptional writer. We simply need help creating real-world content. I will rewrite your content to make it conform to our writing style and guidelines. Thanks in advance for your help!! -Jim

Getting started with Automation
Executing runbooks step-by-step
Executing an Automation that uses approvals
Executing Automations based on triggers
Invoking an Automation from a CloudWatch trigger
Invoking an Automation from a Maintenance Window target
Authoring Automation documents
Best practices for authoring Automation documents
Authoring a simple “Hello World” Automation
Authoring complex Automations using actions
Authoring rollbacks and cleanup in your SSM documents from OnFailure conditions
Authoring Automation documents that call other Automation documents (nested)
Authoring Automation documents via GitHub
Best practices and methodology for testing Automations
How to share Automations across AWS accounts
Patching instances by using Automation
Automation walkthroughs for common uses cases on AWS resources
Automations for managing EC2 instances (Linux and Windows)
Automations for managing snapshots
Automations for working with RDS
Other (the sky is the limit here!)

Jim Brotherton
Amazon Web Services
Senior Technical Writer
AWS Systems Manager

Please update the documentation. The amazon-ssm-agent is installed by default on new AMIs published by SUSE. SUSE pulls the latest agent and has added it to the Public Cloud Module for SLE 12 and 15. This can be validated by launching an instance and testing and running zypper info amazon-ssm-agent.

SUSE made this change to support the ECS Anywhere launch that requires amazon-ssm-agent.

In all the aws docs present for creating SSM document , there is only mention of using powershell.json or shellscript.json . What is the recommended way converting our normal powershell/shell scripts to json format so that we can use it in
aws ssm create-document --content file:///home/ec2-user/RunShellScript.json --name "RunShellScript" --document-type "Command"

Moto:- To install the java by creating the document in system manager.

I have create the following json script to full fill the requirement of mine:-

{
"schemaVersion": "2.0",
"description": "Configure an instance to work with containers and Docker",
"parameters": {
"action": {
"type": "String",
"description": "The type of action to perform.",
"allowedValues": [
"Install",
"Uninstall"
]
}
},
"mainSteps": [
{
"action": "aws:configureJava",
"name": "JavaConfiguration",
"inputs": {
"action": "{{ action }}"
}
}
]
}
So following error is coming:- invalid plugin

please tell how to create the document for installing the java....

document will try to patch an AMI or Volume if it has the same values on tags need to filter,run only on AWS::EC2::Instance

{
"AutomationExecution": {
"AutomationExecutionId": "ab73c8e0-dd32-4298-b2b6-099b89685da0",
"DocumentName": "parent",
"DocumentVersion": "1",
"ExecutionStartTime": "2022-06-10T15:06:19.052000-03:00",
"ExecutionEndTime": "2022-06-10T15:06:50.626000-03:00",
"AutomationExecutionStatus": "Failed",
"StepExecutions": [
{
"StepName": "patchPrimaryTargets",
"Action": "aws:executeAutomation",
"TimeoutSeconds": 7200,
"OnFailure": "Abort",
"ExecutionStartTime": "2022-06-10T15:06:19.456000-03:00",
"ExecutionEndTime": "2022-06-10T15:06:50.554000-03:00",
"StepStatus": "Failed",
"Inputs": {
"DocumentName": ""RunbookTutorialChildAutomation"",
"TargetParameterName": ""InstanceId"",
"Targets": "[{"key":"tag:Name","values":["nada"]}]"
},
"Outputs": {
"ClientToken": [
"f5babd10-dff1-447c-a724-74c984ee69a6"
],
"ExecutionId": [
"f5babd10-dff1-447c-a724-74c984ee69a6"
],
"Status": [
"Failed"
]
},
"FailureMessage": "Step fails when it is Execution complete: verified. Failed to run automation with executionId: f5babd10-dff1-447c-a724-74c984ee69a6 Failed : \n{Status=[Failed], ExecutionId=[f5babd10-dff1-447c-a724-74c984ee69a6]}. Please refer to Automation Service Troubleshooting Guide for more diagnosis details.",
"FailureDetails": {
"FailureStage": "PostVerification",
"FailureType": "Verification",
"Details": {
"VerificationErrorMessage": [
"Failed to run automation with executionId: f5babd10-dff1-447c-a724-74c984ee69a6 Failed : \n{Status=[Failed], ExecutionId=[f5babd10-dff1-447c-a724-74c984ee69a6]}"
]
}
},
"StepExecutionId": "a4848ee5-efda-402c-ac65-318681bbd132",
"OverriddenParameters": {}
},
{
"StepName": "patchSecondaryTargets",
"Action": "aws:executeAutomation",
"TimeoutSeconds": 7200,
"OnFailure": "Abort",
"StepStatus": "Pending",
"Inputs": {},
"StepExecutionId": "4fa838e1-71bc-40f9-ac96-ea29803d403c",
"OverriddenParameters": {}
}
],
"StepExecutionsTruncated": false,
"Parameters": {
"AutomationAssumeRole": [
""
],
"PatchGroupPrimaryKey": [
"Name"
],
"PatchGroupPrimaryValue": [
"nada"
],
"PatchGroupSecondaryKey": [
"Name"
],
"PatchGroupSecondaryValue": [
"nada2"
]
},
"Outputs": {},
"FailureMessage": "Step fails when it is Execution complete: verified. Failed to run automation with executionId: f5babd10-dff1-447c-a724-74c984ee69a6 Failed : \n{Status=[Failed], ExecutionId=[f5babd10-dff1-447c-a724-74c984ee69a6]}. Please refer to Automation Service Troubleshooting Guide for more diagnosis details.",
"Mode": "Auto",
"ExecutedBy": "arn:aws:iam::123456789:user/mack",
"Targets": [],
"ResolvedTargets": {
"ParameterValues": [],
"Truncated": false
}
}
}
(END)

{
"AutomationExecution": {
"AutomationExecutionId": "f5babd10-dff1-447c-a724-74c984ee69a6",
"DocumentName": "RunbookTutorialChildAutomation",
"DocumentVersion": "1",
"ExecutionStartTime": "2022-06-10T15:06:19.731000-03:00",
"ExecutionEndTime": "2022-06-10T15:06:50.106000-03:00",
"AutomationExecutionStatus": "Failed",
"StepExecutions": [
{
"StepName": "ami-0287a96845f798794",
"Action": "aws:executeAutomation",
"ExecutionStartTime": "2022-06-10T15:06:20.241000-03:00",
"ExecutionEndTime": "2022-06-10T15:06:21.306000-03:00",
"StepStatus": "Failed",
"Inputs": {
"InstanceId": "ami-0287a96845f798794"
},
"Outputs": {},
"FailureMessage": "Step fails when it is Execute/Cancelling action. An error occurred (InvalidInstanceID.Malformed) when calling the DescribeInstances operation: Invalid id: "ami-0287a96845f798794". Please refer to Automation Service Troubleshooting Guide for more diagnosis details.",
"StepExecutionId": "2c43f965-e81b-4c40-a934-eeea10abab63"
},
{
"StepName": "i-0004dd6379ac82505",
"Action": "aws:executeAutomation",
"ExecutionStartTime": "2022-06-10T15:06:20.481000-03:00",
"ExecutionEndTime": "2022-06-10T15:06:49.627000-03:00",
"StepStatus": "Success",
"Inputs": {
"InstanceId": "i-0004dd6379ac82505"
},
"Outputs": {},
"StepExecutionId": "e010c4ab-5a91-4d9e-83c2-ff6d88296d8b"
}
],
"StepExecutionsTruncated": false,
"Parameters": {},
"Outputs": {},
"FailureMessage": "Step fails when it is Execute/Cancelling action. An error occurred (InvalidInstanceID.Malformed) when calling the DescribeInstances operation: Invalid id: "ami-0287a96845f798794". Please refer to Automation Service Troubleshooting Guide for more diagnosis details.",
"Mode": "Auto",
"ParentAutomationExecutionId": "ab73c8e0-dd32-4298-b2b6-099b89685da0",
"ExecutedBy": "arn:aws:iam::123456789:user/mack",
"TargetParameterName": "InstanceId",
"Targets": [
{
"Key": "tag:Name",
"Values": [
"nada"
]
}
],
"ResolvedTargets": {
"ParameterValues": [
"ami-0287a96845f798794",
"i-0004dd6379ac82505"
],
"Truncated": false
},
"MaxConcurrency": "10",
"MaxErrors": "100%"
}
}
(END)

Related to #30

AWS-* Automation documents do not currently show execution examples.
This issue is to track the work to add such information to every AWS-* Automation document.

An example of how this section should look like can be found here:

https://github.com/awsdocs/aws-systems-manager-user-guide/blob/master/doc_source/automation-awssupport-troubleshootssh.md#examples

This sentence at the end of line 20 confuses me since it, to me does not correlate with the previous information in the same paragraph:

"You can't establish access control policies for these operations when you use the customer managed keys."

Is this actually referring to AWS managed keys?

In step 13 of https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-console.html
Is it possible to reference a SecureString in here?

Steps are going fine until:

In https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_ListDocuments.html, it lists two different filter parameters with identical descriptions, called DocumentFilterList and Filters. The two seem to do similar things with subtle differences, and it would be good to explain in the API documentation when a user might want to use one or the other.

I created an automation using AWSSupport-SetupIPMonitoringFromVPC document and it executed upto step 28 (createCloudWatchDashboard). Now as I am done with the troubleshooting, how do I delete the resources created using this? I tried "aws ssm stop-automation-execution", but I see the instance still running. Thanks.

In the SSM docs, only the addresses for x86_64 packages are provided - arm64 versions are missing.

Getting error when running the window script

Get-Content : Access to the path 'C:\ProgramData\Amazon\SSM\InstanceData\registration' is denied.

But when i run it like this, everything works:

Invoke-WebRequest `
    https://s3.amazonaws.com/ec2-downloads-windows/SSMAgent/latest/windows_amd64/AmazonSSMAgentSetup.exe `
    -OutFile $env:USERPROFILE\Desktop\SSMAgent_latest.exe

Start-Process `
    -FilePath $env:USERPROFILE\Desktop\SSMAgent_latest.exe `
    -ArgumentList "/S"

rm -Force $env:USERPROFILE\Desktop\SSMAgent_latest.exe
Restart-Service AmazonSSMAgent

$code = "code"
$id = "id"
$region = "region"
$dir = $env:TEMP + "\ssm"
New-Item -ItemType directory -Path $dir -Force
cd $dir
(New-Object System.Net.WebClient).DownloadFile("https://amazon-ssm-$region.s3.$region.amazonaws.com/latest/windows_amd64/AmazonSSMAgentSetup.exe", $dir + "\AmazonSSMAgentSetup.exe")
Start-Process .\AmazonSSMAgentSetup.exe -ArgumentList @("/q", "/log", "install.log", "CODE=$code", "ID=$id", "REGION=$region") -Wait
Get-childitem ($env:ProgramData + "\Amazon\SSM\InstanceData\registration")
Get-Service -Name "AmazonSSMAgent"

A diagram to show the relationships between different SSM features could be valuable. This isn't perfect, but could be a starting point.

Details:
I am using the AWS-managed document AWS-ConfigureDocker in State Manager to automatically install and update Docker.

Issue:
The Run Command fails when targeting a RHEL 7.5 instance that has Docker installed. Standard output and error is not very descriptive, and it's hard to tell what the issue really is.

Expected behavior:
The Run Command should succeed even though Docker is installed, or output a more descriptive error. If RHEL 7.5 is not supported by the document, the documentation should reflect that.

Output of Run Command:

Installing yum-utilsAdd docker repo

----------ERROR-------

Error running yum-config-manager: exit status 1

Any doc planned for the SSM document type ApplicationConfiguration and ...Schema.

I noticed that there is a mismatch between the following two pages with regards to the commands for checking the SSM agent status and starting it.

In my case, the second row of the table contained the correct command for checking the status of the agent. My understanding is that Amazon Linux 1 does not support systemd. Therefore the first page should be updated to match the second page.

No Guidelines on how to edit the "amazon-ssm-agent.json" file
Can you include information on how to edit this file ? and what each option means