authrole=aws.iam.Role( "authrole" , name="rolelist", assume_role_policy=json.dumps({ "Version": "2012-10-17", "Statement":[{ "Effect": "Allow", "Action": "sts:AssumeRole", "Principal":{ "Service":"ec2.amazonaws.com" } }] }) ) policyrole=aws.iam.RolePolicyAttachment( "policyrole", role=authrole.name , policy_arn=aws.iam.ManagedPolicy.AMAZON_SSM_MANAGED_INSTANCE_CORE ) myprofile=aws.iam.InstanceProfile( "myprofile" , name="profilelist", role=authrole.name ) mytp=aws.ec2.LaunchTemplate( "mytp" , instance_type="t2.micro", image_id="ami-09d3b3274b6c5d4aa", vpc_security_group_ids=[securewb.id], iam_instance_profile=aws.ec2.LaunchTemplateIamInstanceProfileArgs( name=myprofile.name, arn=myprofile.arn), block_device_mappings=[ aws.ec2.LaunchTemplateBlockDeviceMappingArgs( device_name="/dev/sdo" , ebs=aws.ec2.LaunchTemplateBlockDeviceMappingEbsArgs( volume_size=8 , volume_type="gp2" , encrypted=False ) ) ]) mygps=aws.autoscaling.Group( "mygps", name="gps2" , vpc_zone_identifiers=[ websbts1.id , websbts2.id , websbts3.id ], min_size=1, max_size=9, desired_capacity=3, health_check_grace_period=300, health_check_type="ELB" , default_cooldown=300 , launch_template=aws.autoscaling.GroupLaunchTemplateArgs( id=mytp.id , version="$Latest" ) ) myattachment= aws.autoscaling.Attachment( "myattachment", autoscaling_group_name=mygps.name , lb_target_group_arn=mytargets.arn ) myssmdocs7= aws.ssm.Document( "myssmdocs7", name="docroles67" , document_format="YAML", content="""schemaVersion: '1.2' description: Check ip configuration of a Linux instance. parameters: {} runtimeConfig: 'aws:runShellScript': properties: - id: '0.aws:runShellScript' runCommand: - sudo yum update -y - sudo yum upgrade -y - sudo yum install httpd -y - sudo yum install -y https://s3.us-east-1.amazonaws.com/amazon-ssm-us-east-1/latest/linux_amd64/amazon-ssm-agent.rpm - sudo systemctl start amazon-ssm-agent - sudo systemctl enable amazon-ssm-agent - sudo systemctl start httpd - sudo systemctl enable httpd - sudo echo "welcome to site" > /var/www/http/index.html """ , document_type="Command" , target_type="/AWS::EC2::Instance" ) ssmlinks6=aws.ssm.Association( "ssmlinks5", name=myssmdocs7.name , document_version=myssmdocs7.document_version , association_name="myassociationlinks7" , targets=[ aws.ssm.AssociationTargetArgs( key="InstanceIds", values=["*"], ) ])

Can you put this in a text snippet, and maybe in a thread?

here code of my lab

Which error? I see only code.

What's the error?

i create iam role and attached with policy fo aws ssm , when i create ssm document as YAML and associate with all instance , by using autoscalling group and launch template that has attached iam instance profile of iam role , still is not enable me to session manager even i dentify command type in ssm document

What about the error message makes you think it's to do with IAM? Why isn't it an SSM problem?

when i deploy ssm is all fine but its not enabled in instance even i identified iam role with policy attachement

There isn't enough information to help. You'd needed error messages, line numbers etc. Do you think it's a Pulumi issue?

yeah

I don't see any particular problems. The script doesn't do anything useful, since all that is already done on any Amazon Linux2 instance, but it's a fair test of what's possible. Have you looked in the SSM Run Command page, Command History tab, to find errors?