I've been able to successfully send a SSM command to an EC2 instance.
Here is the Python Lambda code I'm using:
# System Manager send_command
response = ssm_client.send_command(
InstanceIds=[instanceID],
DocumentName=document,
Parameters={'action': ['Install'],'licenseKey': [licenseKeyValue],})
command_id = response['Command']['CommandId']
print("Command ID: " + command_id)
The document is: arn:aws:ssm:us-east-2:539736333151:document/New-Relic_Infrastructure
[UPDATE: The issue is with a document having MULTIPLE plugins (action) which does this document does. Must use --plugin-name correctName to get status.]
I know the send_command is working with this document. I also know the commandID.
I've seen the results both on the instance as well as in the AWS CLI for Systems Manager -> Run Command interface.
Now, I'm trying to retrieve the commands status via get-command-invocation. My AWS CLI command:
aws ssm get-command-invocation --command-id 28XXXa35-dXX1-4XX1-9XX0-9ecfXXXX29ae --instance-id i-0c038XXXXc4e9c66e
I'm receiving this response:
An error occurred (InvalidPluginName) when calling the GetCommandInvocation operation:
I've also tried:
aws ssm get-command-invocation --command-id 28XXXa35-dXX1-4XX1-9XX0-9ecfXXXX29ae --instance-id i-0c038XXXXc4e9c66e --plugin-name runShellScript
With the same exact response.
Any thoughts on why I'm receiving an error for an invalid plugin when it's optional?
From: aws ssm get-command-invocation help
SYNOPSIS
get-command-invocation --command-id <value> --instance-id <value> [--plugin-name <value>] [--cli-input-json | --cli-input-yaml] [--generate-cli-skeleton <value>] [--cli-auto-prompt <value>]OPTIONS
--command-id (string) (Required) The parent command ID of the invocation plugin. --instance-id (string) (Required) The ID of the managed instance targeted by the command. A managed instance can be an Amazon EC2 instance or an instance in your hybrid environment that is configured for Systems Manager. --plugin-name (string) (Optional) The name of the plugin for which you want detailed results. If the document contains only one plugin, the name can be omitted and the details will be returned.
Thanks in advance.
had the same problem with running AWS-RunPatchBaseline
If you look at the content of New-Relic_Infrastructure document you will notice that there are two actions that the document can run:
aws:runPowerShellScript ("name": "WindowsInstallNewRelicInfrastructureAgent") and aws:runShellScript ("name": "LinuxInstallNewRelicInfrastructureAgent")
so in order to get a result of ssm_client.get_command_invocation you will also have to send the PluginName="WindowsInstallNewRelicInfrastructureAgent" or "LinuxInstallNewRelicInfrastructureAgent"
The problem is that right after you call ssm_client.send_command, calling get_command_invocation will fail with the error
An error occurred (InvalidPluginName) when calling the GetCommandInvocation operation
You have to wait till the command finishes running and you can check it by running
# we must wait for command to finish before we query the get_command_invocation on the instance, or else the Plugins list will be empty and we will crash
keepWaiting = None
while keepWaiting is None:
commandResp = ssm_client.list_commands(
CommandId=command['Command']['CommandId'] #this way we will get only this command without it crashing because it is mising the Plugin name
)
if commandResp['Commands'][0]['Status'] == "InProgress" or commandResp['Commands'][0]['Status'] == "Pending":
time.sleep(30)
else:
keepWaiting = 1
)
Funny thing is that if you run in powershell:
Get-SSMCommandInvocation -CommandId 'theCommandIdYouJustGot' -Detail $true
you will see the command and it's status, and you can see that the CommandPlugins are empty while the status is InProgress, and when status changes to Success the CommandPlugins will contain both values