Issue on Systems Manager State Manager (AWS-StopEC2Instance)

0

Issue

  • Systems Manager State Manager (Document = "AWS-StopEC2Instance") fails with Detailed status = "InvalidAutomationParameters".
  • I tried to check "output" in Execution History, but the console says "Automation execution [ID] does not exist", so I have no idea how to investigate further.

Steps

  1. Go to State Manager and click "create association"
  2. Choose a document "AWS-StopEC2Instance"
  3. Choose "InstanceID" and "AutomationAssumeRole" in "Input parameters" section.
  4. Apply the association and see "InvalidAutomationParameters".

What I checked

  1. I checked the document "AWS-StopEC2Instance". It says "AutomationAssumeRole" is optional. However, if I don't input "AutomationAssumeRole" in State Manager create association page, I am told "ValidationException. This assume role is invalid".
  2. I executed the document "AWS-StopEC2Instance" as a Systems Manager Automation task. I didn't have to specify "AutomationAssumeRole" and it was executed successfully.

For these reasons, I guess there is something wrong with State Manager.

1 Answer
0
  1. SSM State Manager fails because you need a valid "AutomationAssumeRole" in order to invoke association. This parameter used to be optional however it no longer is and we are going to update our documentation accordingly.
  2. The reason you were able to execute the "AWS-StopEC2Instance" as a SSM Automation task is because the "AutomationAssumeRole" defaults to the SSMSLR (serviceLinkedRole) which is a role created by SSM services and has access to SSM services and operations.
AWS
answered 9 months ago
  • Hi thank you for your answer! I understand what you wrote. Do you also have any idea why "InvalidAutomationParameters" happens? If I don't solve this issue, I can't run this document via State Manager.

    Please understand that I input "AWSServiceRoleForAmazonSSM" as "AutomationAssumeRole" and then see "InvalidAutomationParameters" in State Manager. If I don't input it, I can't even save the settings (situation described in "What I checked").

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions