使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款

Systems Manager Fleet Manager does not have SSM-SessionManagerRunShell document

1

I'm trying to use Systems Manager Fleet Manager to view "Performance counters", "Processes", etc. However, when trying to load those pages, I see the following error message in a red banner at the top of the page:

Fleet Manager is unable to start the session. InvalidDocument: Document with name SSM-SessionManagerRunShell does not exist.

Looking at the documents present in Systems Manager, I can see a document called AWS-RunShellScript, but none by the name that this page is looking for.

How can I get this document set up?

已提問 1 年前檢視次數 4172 次
2 個答案
1

Hello.

According to the documentation, "SSM-SessionManagerRunShell" is automatically set up when using a session manager.
https://docs.aws.amazon.com/systems-manager/latest/userguide/getting-started-sessiondocumentaccesscheck.html

When you configure Session Manager for your account, the system creates a Session type document SSM-SessionManagerRunShell. This document stores your session preferences, such as whether session data is saved in an Amazon Simple Storage Service (Amazon S3) bucket or Amazon CloudWatch Logs log group, whether session data is encrypted using AWS Key Management Service (AWS KMS), and whether Run As support is allowed for your sessions. The following is an example.

Also, looking at the questions below, it seems like this is a temporary issue and will be resolved over time.
https://serverfault.com/questions/1143873/aws-ssm-invaliddocument-document-with-name-ssm-sessionmanagerrunshell-does-not

profile picture
專家
已回答 1 年前
  • I found the same thread on serverfault.com, but that doesn't seem relevant here, as I haven't "switched from basic/standard to advanced tiers".

  • Is there a sane way to deal with the fact AWS doesn't provide a default SSM-SessionManagerRunShell which breaks Fleet Manager et al?

    In a multi-account organization this is a PITA as each Account AND REGION?? must be configured individually to get this document created before anything will work.

    StackSets would be my goto kludge to deal with this, but they FAIL if/when anyone has touched the Session Manager prefs and thus created this document. Documents are versioned so CF should just create a new version as default, but no that's not default behavior. Ok, so we set the UpdatePolicy to NewVersion per the documentation. That works great for updates...IF CF CREATED THE DOC...but still blows up if/when the doc already exists because someone has ClickOps it into existence.

    Frankly it boggles my mind why in the world the Session Manager team thought an SSM doc was a good place to store configuration for anything. SSM has both Parameter Store and AppConfig in the SSM product line itself and yet...it creates this ridiculous kludge for storing configs that just makes a mess.

  • Same experience as Nathan in the previous comment. I haven't switched tiers or anything. I just set up SSM today and this document doesn't exist.

0

I had the same issue today.. Before you can set a password for your new user, AWS KMS encryption must be enabled in your session preferences.

I had to enabled KMS in Session Manager Session Preferences. You will require a Customer Manged KMS key that SSM and Users can use

https://docs.aws.amazon.com/systems-manager/latest/userguide/session-preferences-enable-encryption.html

profile picture
專家
已回答 9 個月前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南