Issue on Systems Manager State Manager (AWS-StopEC2Instance)

0

Issue

  • Systems Manager State Manager (Document = "AWS-StopEC2Instance") fails with Detailed status = "InvalidAutomationParameters".
  • I tried to check "output" in Execution History, but the console says "Automation execution [ID] does not exist", so I have no idea how to investigate further.

Steps

  1. Go to State Manager and click "create association"
  2. Choose a document "AWS-StopEC2Instance"
  3. Choose "InstanceID" and "AutomationAssumeRole" in "Input parameters" section.
  4. Apply the association and see "InvalidAutomationParameters".

What I checked

  1. I checked the document "AWS-StopEC2Instance". It says "AutomationAssumeRole" is optional. However, if I don't input "AutomationAssumeRole" in State Manager create association page, I am told "ValidationException. This assume role is invalid".
  2. I executed the document "AWS-StopEC2Instance" as a Systems Manager Automation task. I didn't have to specify "AutomationAssumeRole" and it was executed successfully.

For these reasons, I guess there is something wrong with State Manager.

KD
已提問 2 年前檢視次數 1374 次
1 個回答
0
  1. SSM State Manager fails because you need a valid "AutomationAssumeRole" in order to invoke association. This parameter used to be optional however it no longer is and we are going to update our documentation accordingly.
  2. The reason you were able to execute the "AWS-StopEC2Instance" as a SSM Automation task is because the "AutomationAssumeRole" defaults to the SSMSLR (serviceLinkedRole) which is a role created by SSM services and has access to SSM services and operations.
AWS
已回答 2 年前
  • Hi thank you for your answer! I understand what you wrote. Do you also have any idea why "InvalidAutomationParameters" happens? If I don't solve this issue, I can't run this document via State Manager.

    Please understand that I input "AWSServiceRoleForAmazonSSM" as "AutomationAssumeRole" and then see "InvalidAutomationParameters" in State Manager. If I don't input it, I can't even save the settings (situation described in "What I checked").

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南