https://pulumi.com logo
Join Slack
Powered by
This message was deleted.
# aws
s
This message was deleted.
l
Can you put this in a text snippet, and maybe in a thread?
m
here code of my lab
__main__.py
any clue for this error in code
or did i miss some step in code
l
Which error? I see only code.
And it's huuuge. Would it be possible to reproduce the error with less code, and edit these posts to be a lot smaller and more readable?
m
Copy code
authrole=aws.iam.Role(
    "authrole" , name="rolelist", path="/",
    assume_role_policy=json.dumps({
        "Version": "2012-10-17",
        "Statement":[{
            "Effect": "Allow",
            "Action": "sts:AssumeRole",
            "Principal":{
              "Service":"<http://ec2.amazonaws.com|ec2.amazonaws.com>"
        }
    }]
     })
)

policyrole=aws.iam.RolePolicyAttachment(
   "policyrole",
   role=authrole.name ,
   policy_arn="arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
)
myprofile=aws.iam.InstanceProfile(
 "myprofile" , 
 name="profilelist",
 role=authrole.name
)
Copy code
policyrole=aws.iam.RolePolicyAttachment(
   "policyrole",
   role=authrole.name ,
   policy_arn="arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
)
myprofile=aws.iam.InstanceProfile(
 "myprofile" , 
 name="profilelist",
 role=authrole.name
)
l
What's the error?
m
i create iam role and attached with policy fo aws ssm , when i create ssm document as YAML and associate with all instance , by using autoscalling group and launch template that has attached iam instance profile of iam role , still is not enable me to session manager even i dentify command type in ssm document
Copy code
mytemp1=aws.ec2.LaunchTemplate(
   "mytemp1",
   key_name="keys1auth",
   image_id="ami-09d3b3274b6c5d4aa" ,
   vpc_security_group_ids=[securewb.id] ,
   iam_instance_profile=aws.ec2.LaunchTemplateIamInstanceProfileArgs(arn=myprofile.arn) ,
   block_device_mappings=[
   aws.ec2.LaunchTemplateBlockDeviceMappingArgs(
   device_name="/dev/sdf",
   ebs=aws.ec2.LaunchTemplateBlockDeviceMappingEbsArgs(
            volume_size=8 , 
            volume_type="gp2" ,
            encrypted=False
        )
   )
   ],
   instance_type="t2.micro"
)

mygps4=aws.autoscaling.Group(
    "mygps4", 
     name="gps4" , 
     vpc_zone_identifiers=[  websbts1.id , websbts2.id , websbts3.id ],
     min_size=1,
     max_size=9,
     desired_capacity=3,
     health_check_grace_period=300,
     health_check_type="ELB" ,
     default_cooldown=300 ,
     launch_template=aws.autoscaling.GroupLaunchTemplateArgs(
         id=mytemp1.id , 
         version="$Latest"
        )
)  
myattachment= aws.autoscaling.Attachment(
 "myattachment",
 autoscaling_group_name=mygps4.name ,
 lb_target_group_arn=mytargets.arn
)


mydoc4=aws.ssm.Document(
   "mydoc4",
 name="doc4" ,
 content="""
schemaVersion: '1.2'
description: Check ip configuration of a Linux instance.
parameters: {}
runtimeConfig:
  'aws:runShellScript':
    properties:
      - id: '0.aws:runShellScript'
        runCommand:
         - sudo yum update -y
         - sudo yum upgrade -y
         - sudo yum install httpd -y
         - sudo yum install -y <https://s3.region.amazonaws.com/amazon-ssm-region/latest/linux_amd64/amazon-ssm-agent.rpm>
         - sudo systemctl start httpd
         - sudo systemctl enable httpd
         - sudo systemctl start amazon-ssm-agent
         - sudo systemctl enable amazon-ssm-agent
         - sudo echo " welcome to sites " > /var/www/html/index.html
   """,
   document_format="YAML" , document_type="Command"
)

myssmlink1=aws.ssm.Association(
   "myssmlink1",
   name=mydoc4.name,
   association_name="associates4ssm",
   document_version=mydoc4.document_version ,
   targets=[aws.ssm.AssociationTargetArgs(
    key="InstanceIds" ,
    values=["*"],
   )]
)
l
What about the error message makes you think it's to do with IAM? Why isn't it an SSM problem?
m
when i deploy ssm is all fine but its not enabled in instance even i identified iam role with policy attachement
i mean not initiated the command at ssm document
l
There isn't enough information to help. You'd needed error messages, line numbers etc. Do you think it's a Pulumi issue?
m
yeah
i did follow document in pulumi site related to aws ssm
step by step
l
I don't see any particular problems. The script doesn't do anything useful, since all that is already done on any Amazon Linux2 instance, but it's a fair test of what's possible. Have you looked in the SSM Run Command page, Command History tab, to find errors?
Or in the state manager page, execution history tab?
Open in Slack
PreviousNext
Powered by