[英]AWS SSM RunCommand - Issue with RunRemoteScript Document to run PowerShell script with parameters
In AWS SSM, I use RunRemoteScript document to run a PowerShell script to install some software on SSM managed instances.在 AWS SSM 中,我使用 RunRemoteScript 文档运行 PowerShell 脚本以在 SSM 托管实例上安装一些软件。 The script is hosted in a public accessible S3 bucket.
该脚本托管在可公开访问的 S3 存储桶中。
The RunCommand works fine with the script not taking any parameters. RunCommand 与不带任何参数的脚本一起正常工作。 Software was successfully deployed to managed instances.
软件已成功部署到托管实例。 But my script has a unique CID embedded in the code.
但是我的脚本在代码中嵌入了一个唯一的 CID。 For security reasons, I need to take it out and set it as a parameter for the PS script.
出于安全考虑,我需要将其取出并设置为 PS 脚本的参数。 Ever since then, the RunCommand just keeps failing.
从那时起,RunCommand 就一直在失败。
My script looks like below (with parameter CID):我的脚本如下所示(带有参数 CID):
param (
[Parameter(Position = 0, Mandatory = 1)]
[string]$CID
)
Start-Transcript -Path "$([System.Environment]::GetEnvironmentVariable('TEMP','Machine'))\app_install.log" -Append
function Install-App {
<#
Installs App
#>
[CmdletBinding()]
[OutputType([PSCustomObject])]
param (
[Parameter(Position = 0, Mandatory = 1)]
[string]$msiURL,
[Parameter(Position = 2, Mandatory = 1)]
[string]$InstallCheck,
[Parameter(Position = 3, Mandatory = 1)]
[string]$CustomerID
)
if ( -not(Test-Path $installCheck)) {
# Do stuff
...
}
else {
Write-Host ("$installCheck - Already Installed")
Return "Already Installed, Skipped $(($msiURL -split '([^\\/]+$)')[1])"
}
}
Install-App -msiURL "https://s3.amazonaws.com/app.foo.com/Windows/app.exe" -InstallCheck "C:\Program Files\App\app.exe" -CustomerID $CID
Stop-Transcript
By following AWS SSM documentation below, I run the command below to kick off the RunCommand.按照下面的 AWS SSM 文档,我运行下面的命令来启动 RunCommand。 https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-remote-scripts.html
https://docs.aws.amazon.com/systems-manager/latest/userguide/integration-remote-scripts.html
aws ssm send-command --document-name "AWS-RunRemoteScript" --targets "Key=instanceids,Values=mi-abc12345"
--parameters '{"sourceType":["S3"],"sourceInfo":["{\"path\": "https://s3.amazonaws.com/app.foo.com/Windows/app_install.ps1\"}"],"commandLine":["app_install.ps1 abcd123456"]}'
The RunCommand keeps failing with error below: RunCommand 不断失败,并出现以下错误:
----------ERROR-------
app_install.ps1 : The term 'app_install.ps1' is not recognized
as the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is
correct and try again.
At C:\ProgramData\Amazon\SSM\InstanceData\mi-abcd1234\document\orchest
ration\a6811111d-c411-411-a222-bad123456\runPowerShellScript\_script.ps1:4
char:2
+ app_install.ps1 abcd123456
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (app_install.ps1:String)
[], CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundException
failed to run commands: exit status 255
I suspect this is to do with the way how RunCommand handles the argument for the PowerShell script.我怀疑这与 RunCommand 如何处理 PowerShell 脚本的参数的方式有关。 But I cannnot find any examples other than the official document, which I followed.
但是除了我遵循的官方文档之外,我找不到任何示例。 Anyone can point out what the issue is here?
任何人都可以指出这里的问题是什么?
BTW, I already tried putting the ps1 after ".\" without luck.顺便说一句,我已经尝试将 ps1 放在“。\”之后,但没有运气。
I found out the cause of the issue.我找到了问题的原因。 The IAM role attached to the instance did not have sufficient rights to access the S3 bucket holds the script.
附加到实例的 IAM 角色没有足够的权限来访问持有脚本的 S3 存储桶。 As a result SSM wasn't able to download the script to the instance, hence the error "...ps1 is not recognized".
因此,SSM 无法将脚本下载到实例,因此出现错误“...ps1 无法识别”。
So it's not related to the code actually.所以它实际上与代码无关。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.