https://pulumi.com logo
Title
m

millions-parrot-88279

10/21/2022, 12:43 PM
authrole=aws.iam.Role( "authrole" , name="rolelist", assume_role_policy=json.dumps({ "Version": "2012-10-17", "Statement":[{ "Effect": "Allow", "Action": "sts:AssumeRole", "Principal":{ "Service":"ec2.amazonaws.com" } }] }) ) policyrole=aws.iam.RolePolicyAttachment( "policyrole", role=authrole.name , policy_arn=aws.iam.ManagedPolicy.AMAZON_SSM_MANAGED_INSTANCE_CORE ) myprofile=aws.iam.InstanceProfile( "myprofile" , name="profilelist", role=authrole.name ) mytp=aws.ec2.LaunchTemplate( "mytp" , instance_type="t2.micro", image_id="ami-09d3b3274b6c5d4aa", vpc_security_group_ids=[securewb.id], iam_instance_profile=aws.ec2.LaunchTemplateIamInstanceProfileArgs( name=myprofile.name, arn=myprofile.arn), block_device_mappings=[ aws.ec2.LaunchTemplateBlockDeviceMappingArgs( device_name="/dev/sdo" , ebs=aws.ec2.LaunchTemplateBlockDeviceMappingEbsArgs( volume_size=8 , volume_type="gp2" , encrypted=False ) ) ]) mygps=aws.autoscaling.Group( "mygps", name="gps2" , vpc_zone_identifiers=[ websbts1.id , websbts2.id , websbts3.id ], min_size=1, max_size=9, desired_capacity=3, health_check_grace_period=300, health_check_type="ELB" , default_cooldown=300 , launch_template=aws.autoscaling.GroupLaunchTemplateArgs( id=mytp.id , version="$Latest" ) ) myattachment= aws.autoscaling.Attachment( "myattachment", autoscaling_group_name=mygps.name , lb_target_group_arn=mytargets.arn ) myssmdocs7= aws.ssm.Document( "myssmdocs7", name="docroles67" , document_format="YAML", content="""schemaVersion: '1.2' description: Check ip configuration of a Linux instance. parameters: {} runtimeConfig: 'aws:runShellScript': properties: - id: '0.aws:runShellScript' runCommand: - sudo yum update -y - sudo yum upgrade -y - sudo yum install httpd -y - sudo yum install -y https://s3.us-east-1.amazonaws.com/amazon-ssm-us-east-1/latest/linux_amd64/amazon-ssm-agent.rpm - sudo systemctl start amazon-ssm-agent - sudo systemctl enable amazon-ssm-agent - sudo systemctl start httpd - sudo systemctl enable httpd - sudo echo "welcome to site" > /var/www/http/index.html """ , document_type="Command" , target_type="/AWS::EC2::Instance" ) ssmlinks6=aws.ssm.Association( "ssmlinks5", name=myssmdocs7.name , document_version=myssmdocs7.document_version , association_name="myassociationlinks7" , targets=[ aws.ssm.AssociationTargetArgs( key="InstanceIds", values=["*"], ) ])
l

little-cartoon-10569

10/21/2022, 7:11 PM
Can you put this in a text snippet, and maybe in a thread?
m

millions-parrot-88279

10/22/2022, 8:01 PM
here code of my lab
any clue for this error in code
or did i miss some step in code
l

little-cartoon-10569

11/07/2022, 11:42 PM
Which error? I see only code.
And it's huuuge. Would it be possible to reproduce the error with less code, and edit these posts to be a lot smaller and more readable?
m

millions-parrot-88279

11/07/2022, 11:51 PM
authrole=aws.iam.Role(
    "authrole" , name="rolelist", path="/",
    assume_role_policy=json.dumps({
        "Version": "2012-10-17",
        "Statement":[{
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Principal":{
              "Service":"<http://ec2.amazonaws.com|ec2.amazonaws.com>"
        }
    }]
     })
)

policyrole=aws.iam.RolePolicyAttachment(
   "policyrole",
   role=authrole.name ,
   policy_arn="arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
)
myprofile=aws.iam.InstanceProfile(
 "myprofile" , 
 name="profilelist",
 role=authrole.name
)
policyrole=aws.iam.RolePolicyAttachment(
   "policyrole",
   role=authrole.name ,
   policy_arn="arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
)
myprofile=aws.iam.InstanceProfile(
 "myprofile" , 
 name="profilelist",
 role=authrole.name
)
l

little-cartoon-10569

11/07/2022, 11:52 PM
What's the error?
m

millions-parrot-88279

11/07/2022, 11:59 PM
i create iam role and attached with policy fo aws ssm , when i create ssm document as YAML and associate with all instance , by using autoscalling group and launch template that has attached iam instance profile of iam role , still is not enable me to session manager even i dentify command type in ssm document
mytemp1=aws.ec2.LaunchTemplate(
   "mytemp1",
   key_name="keys1auth",
   image_id="ami-09d3b3274b6c5d4aa" ,
   vpc_security_group_ids=[securewb.id] ,
   iam_instance_profile=aws.ec2.LaunchTemplateIamInstanceProfileArgs(arn=myprofile.arn) ,
   block_device_mappings=[
   aws.ec2.LaunchTemplateBlockDeviceMappingArgs(
   device_name="/dev/sdf",
   ebs=aws.ec2.LaunchTemplateBlockDeviceMappingEbsArgs(
            volume_size=8 , 
            volume_type="gp2" ,
            encrypted=False
        )
   )
   ],
   instance_type="t2.micro"
)

mygps4=aws.autoscaling.Group(
    "mygps4", 
     name="gps4" , 
     vpc_zone_identifiers=[  websbts1.id , websbts2.id , websbts3.id ],
     min_size=1,
     max_size=9,
     desired_capacity=3,
     health_check_grace_period=300,
     health_check_type="ELB" ,
     default_cooldown=300 ,
     launch_template=aws.autoscaling.GroupLaunchTemplateArgs(
         id=mytemp1.id , 
         version="$Latest"
        )
)  
myattachment= aws.autoscaling.Attachment(
 "myattachment",
 autoscaling_group_name=mygps4.name ,
 lb_target_group_arn=mytargets.arn
)


mydoc4=aws.ssm.Document(
   "mydoc4",
 name="doc4" ,
 content="""
schemaVersion: '1.2'
description: Check ip configuration of a Linux instance.
parameters: {}
runtimeConfig:
  'aws:runShellScript':
    properties:
      - id: '0.aws:runShellScript'
        runCommand:
         - sudo yum update -y
         - sudo yum upgrade -y
         - sudo yum install httpd -y
         - sudo yum install -y <https://s3.region.amazonaws.com/amazon-ssm-region/latest/linux_amd64/amazon-ssm-agent.rpm>
         - sudo systemctl start httpd
         - sudo systemctl enable httpd
         - sudo systemctl start amazon-ssm-agent
         - sudo systemctl enable amazon-ssm-agent
         - sudo echo " welcome to sites " > /var/www/html/index.html
   """,
   document_format="YAML" , document_type="Command"
)

myssmlink1=aws.ssm.Association(
   "myssmlink1",
   name=mydoc4.name,
   association_name="associates4ssm",
   document_version=mydoc4.document_version ,
   targets=[aws.ssm.AssociationTargetArgs(
    key="InstanceIds" ,
    values=["*"],
   )]
)
l

little-cartoon-10569

11/08/2022, 12:00 AM
What about the error message makes you think it's to do with IAM? Why isn't it an SSM problem?
m

millions-parrot-88279

11/08/2022, 12:02 AM
when i deploy ssm is all fine but its not enabled in instance even i identified iam role with policy attachement
i mean not initiated the command at ssm document
l

little-cartoon-10569

11/08/2022, 12:04 AM
There isn't enough information to help. You'd needed error messages, line numbers etc. Do you think it's a Pulumi issue?
m

millions-parrot-88279

11/08/2022, 12:06 AM
yeah
i did follow document in pulumi site related to aws ssm
step by step
l

little-cartoon-10569

11/08/2022, 12:27 AM
I don't see any particular problems. The script doesn't do anything useful, since all that is already done on any Amazon Linux2 instance, but it's a fair test of what's possible. Have you looked in the SSM Run Command page, Command History tab, to find errors?
Or in the state manager page, execution history tab?