Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

An error occurred (ValidationException) when calling the CreateActivation

0

$ sudo aws ssm create-activation --default-instance-name MyServer --iam-role SSMRole --registration-limit 10 --region eu-north-1 --profile AmazonCloudWatchAgent

An error occurred (ValidationException) when calling the CreateActivation operation: Not existing role: arn:aws:iam::<accountid>:role/SSMRole

What does it mean?

AWS error messages are bad as always.

Argomenti
Gestione e amministrazione
Tag
Gestore dei sistemi AWS
Lingua
English
zyles
posta 4 anni fa2789 visualizzazioni
5 Risposte
0

Hi zyles,

Thanks for your interest about Amazon SSM.

According to the public doc https://docs.aws.amazon.com/cli/latest/reference/ssm/create-activation.html

--iam-role (string)
The Amazon Identity and Access Management (IAM) role that you want to assign to the managed instance.

You need to create an IAM role in your account and use it for the --iam-role. I hope this would help you.

Regards,
Josh

AWS-User-7548355
con risposta 4 anni fa
0

Hi,

Thanks for the reply. I did not help.

The solution is to add "ssm.amazonaws.com" to trusted relationships on the role. Which your piss poor docs did not include. So I had to Google for 2 hours and end up on stack overflow.

When you make step by step instructions, make sure you don't skip steps.

Then I ran the activation and got the codes.

But guess what? There is no documentation on how to register this instance with these codes.

$ sudo amazon-ssm-agent -register -code "activation-code" -id "activation-id" -region "region"

Does not work, when installing using snap on Ubuntu 18.04.

Every step is 3 hours of guesswork.

The question is very simple.

How do I make my instance show up in SSM?

zyles
con risposta 4 anni fa
0

"Failed to load instance info from vault. RegistrationKey does not exist."

WHAT DOES IT MEAN?

https://docs.aws.amazon.com/search/doc-search.html?searchPath=documentation-guide&searchQuery=RegistrationKey

No search results
Your search for "RegistrationKey" did not match any documentation guides. Try a different term.

WHY are you making these USELESS error messages?

zyles
con risposta 4 anni fa
0

Hi zyles,

Sorry to hear you spend so much efforts on this. We will improve the documentation as it's very important for our customers.

If you installed the agent via snap, the binary is under a different folder.
sudo /snap/amazon-ssm-agent/current/amazon-ssm-agent -register -code "activation-code" -id "activation-id" -region "region"

you need to restart the amazon-ssm-agent after registration.

sudo systemctl start snap.amazon-ssm-agent.amazon-ssm-agent.service
sudo systemctl stop snap.amazon-ssm-agent.amazon-ssm-agent.service

Edited by: Shihua-AWS on Dec 20, 2019 8:03 PM

AWS-User-7548355
con risposta 4 anni fa
0

Thank you, finally.

zyles
con risposta 4 anni fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente