This message was deleted.
# aws
s
This message was deleted.
l
Can you put this in a text snippet, and maybe in a thread?
m
here code of my lab
any clue for this error in code
or did i miss some step in code
l
Which error? I see only code.
And it's huuuge. Would it be possible to reproduce the error with less code, and edit these posts to be a lot smaller and more readable?
m
Copy code
authrole=aws.iam.Role(
    "authrole" , name="rolelist", path="/",
    assume_role_policy=json.dumps({
        "Version": "2012-10-17",
        "Statement":[{
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Principal":{
              "Service":"<http://ec2.amazonaws.com|ec2.amazonaws.com>"
        }
    }]
     })
)

policyrole=aws.iam.RolePolicyAttachment(
   "policyrole",
   role=authrole.name ,
   policy_arn="arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
)
myprofile=aws.iam.InstanceProfile(
 "myprofile" , 
 name="profilelist",
 role=authrole.name
)
Copy code
policyrole=aws.iam.RolePolicyAttachment(
   "policyrole",
   role=authrole.name ,
   policy_arn="arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
)
myprofile=aws.iam.InstanceProfile(
 "myprofile" , 
 name="profilelist",
 role=authrole.name
)
l
What's the error?
m
i create iam role and attached with policy fo aws ssm , when i create ssm document as YAML and associate with all instance , by using autoscalling group and launch template that has attached iam instance profile of iam role , still is not enable me to session manager even i dentify command type in ssm document
Copy code
mytemp1=aws.ec2.LaunchTemplate(
   "mytemp1",
   key_name="keys1auth",
   image_id="ami-09d3b3274b6c5d4aa" ,
   vpc_security_group_ids=[securewb.id] ,
   iam_instance_profile=aws.ec2.LaunchTemplateIamInstanceProfileArgs(arn=myprofile.arn) ,
   block_device_mappings=[
   aws.ec2.LaunchTemplateBlockDeviceMappingArgs(
   device_name="/dev/sdf",
   ebs=aws.ec2.LaunchTemplateBlockDeviceMappingEbsArgs(
            volume_size=8 , 
            volume_type="gp2" ,
            encrypted=False
        )
   )
   ],
   instance_type="t2.micro"
)

mygps4=aws.autoscaling.Group(
    "mygps4", 
     name="gps4" , 
     vpc_zone_identifiers=[  websbts1.id , websbts2.id , websbts3.id ],
     min_size=1,
     max_size=9,
     desired_capacity=3,
     health_check_grace_period=300,
     health_check_type="ELB" ,
     default_cooldown=300 ,
     launch_template=aws.autoscaling.GroupLaunchTemplateArgs(
         id=mytemp1.id , 
         version="$Latest"
        )
)  
myattachment= aws.autoscaling.Attachment(
 "myattachment",
 autoscaling_group_name=mygps4.name ,
 lb_target_group_arn=mytargets.arn
)


mydoc4=aws.ssm.Document(
   "mydoc4",
 name="doc4" ,
 content="""
schemaVersion: '1.2'
description: Check ip configuration of a Linux instance.
parameters: {}
runtimeConfig:
  'aws:runShellScript':
    properties:
      - id: '0.aws:runShellScript'
        runCommand:
         - sudo yum update -y
         - sudo yum upgrade -y
         - sudo yum install httpd -y
         - sudo yum install -y <https://s3.region.amazonaws.com/amazon-ssm-region/latest/linux_amd64/amazon-ssm-agent.rpm>
         - sudo systemctl start httpd
         - sudo systemctl enable httpd
         - sudo systemctl start amazon-ssm-agent
         - sudo systemctl enable amazon-ssm-agent
         - sudo echo " welcome to sites " > /var/www/html/index.html
   """,
   document_format="YAML" , document_type="Command"
)

myssmlink1=aws.ssm.Association(
   "myssmlink1",
   name=mydoc4.name,
   association_name="associates4ssm",
   document_version=mydoc4.document_version ,
   targets=[aws.ssm.AssociationTargetArgs(
    key="InstanceIds" ,
    values=["*"],
   )]
)
l
What about the error message makes you think it's to do with IAM? Why isn't it an SSM problem?
m
when i deploy ssm is all fine but its not enabled in instance even i identified iam role with policy attachement
i mean not initiated the command at ssm document
l
There isn't enough information to help. You'd needed error messages, line numbers etc. Do you think it's a Pulumi issue?
m
yeah
i did follow document in pulumi site related to aws ssm
step by step
l
I don't see any particular problems. The script doesn't do anything useful, since all that is already done on any Amazon Linux2 instance, but it's a fair test of what's possible. Have you looked in the SSM Run Command page, Command History tab, to find errors?
Or in the state manager page, execution history tab?