By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

An error occurred (ValidationException) when calling the CreateActivation

0

$ sudo aws ssm create-activation --default-instance-name MyServer --iam-role SSMRole --registration-limit 10 --region eu-north-1 --profile AmazonCloudWatchAgent

An error occurred (ValidationException) when calling the CreateActivation operation: Not existing role: arn:aws:iam::<accountid>:role/SSMRole

What does it mean?

AWS error messages are bad as always.

Topics
Management & Governance
Tags
AWS Systems Manager
Language
English
zyles
asked 4 years ago2668 views
5 Answers
0

Hi zyles,

Thanks for your interest about Amazon SSM.

According to the public doc https://docs.aws.amazon.com/cli/latest/reference/ssm/create-activation.html

--iam-role (string)
The Amazon Identity and Access Management (IAM) role that you want to assign to the managed instance.

You need to create an IAM role in your account and use it for the --iam-role. I hope this would help you.

Regards,
Josh

AWS-User-7548355
answered 4 years ago
0

Hi,

Thanks for the reply. I did not help.

The solution is to add "ssm.amazonaws.com" to trusted relationships on the role. Which your piss poor docs did not include. So I had to Google for 2 hours and end up on stack overflow.

When you make step by step instructions, make sure you don't skip steps.

Then I ran the activation and got the codes.

But guess what? There is no documentation on how to register this instance with these codes.

$ sudo amazon-ssm-agent -register -code "activation-code" -id "activation-id" -region "region"

Does not work, when installing using snap on Ubuntu 18.04.

Every step is 3 hours of guesswork.

The question is very simple.

How do I make my instance show up in SSM?

zyles
answered 4 years ago
0

"Failed to load instance info from vault. RegistrationKey does not exist."

WHAT DOES IT MEAN?

https://docs.aws.amazon.com/search/doc-search.html?searchPath=documentation-guide&searchQuery=RegistrationKey

No search results
Your search for "RegistrationKey" did not match any documentation guides. Try a different term.

WHY are you making these USELESS error messages?

zyles
answered 4 years ago
0

Hi zyles,

Sorry to hear you spend so much efforts on this. We will improve the documentation as it's very important for our customers.

If you installed the agent via snap, the binary is under a different folder.
sudo /snap/amazon-ssm-agent/current/amazon-ssm-agent -register -code "activation-code" -id "activation-id" -region "region"

you need to restart the amazon-ssm-agent after registration.

sudo systemctl start snap.amazon-ssm-agent.amazon-ssm-agent.service
sudo systemctl stop snap.amazon-ssm-agent.amazon-ssm-agent.service

Edited by: Shihua-AWS on Dec 20, 2019 8:03 PM

AWS-User-7548355
answered 4 years ago
0

Thank you, finally.

zyles
answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content