AWS SSM Send Command: Parameters argument not going through

1
votes

I am trying to execute a PowerShell Script on a Windows EC2 Instance. The Powershell Script works (I RDP'd and executed it) but when I try to execute it using Boto3 SSM, it does not allow me to execute it with a parameter.

I am fairly positive this is a simple lack of clarity in the documentation or I am just making a fairly dumb mistake.

I have executed other Powershell scripts into the target instance but it seems like I can't get a powershell script that requires a parameter to work.

My Powershell script starts with: 

      param(
      [string]$roleToRegister
      )

and in my Lambda I call it using: 

result = ssm.send_command(DocumentName="registerxx", InstanceIds=instances, 
Parameters={'roleToRegister': ['myRole'] })

Currently I am receiving: 

"An error occurred (InvalidParameters) when calling the SendCommand operation:

I have also tried defining the parameters dict as :

{
'$roleToRegister' : ['myRole']
}

Any ideas would be great. Thank you.

Link to documentation: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/ssm.html#SSM.Client.send_command

1
python-3.xaws-lambdaboto3
in lambda, what version of python and boto3 used? - Lamanus
Your document name should be "AWS-RunPowerShellScript" which tells the SSMClient that you wish to run a powershell script. In the parameters section pass the powershell command that you use on the windows instance like a string. - Rajesh
@Lamanus Python 3.7 and Boto 1.9.235 I believe, - Bruno
@Rajesh Passing the PowerShell script in the parameters is not something I want to do. The script is stored as a document within Systems Manager, I am just calling SSM to execute that document for me. - Bruno
Can you please provide the json of the SSM document that you have created - Rajesh

1 Answers

1
votes

Before sending the command with parameters. Ensure that the command document declares the parameters.

See schema definition: https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-plugins.html#top-level

For example:

{
  "schemaVersion": "2.2",
  "description": "Registers XX using the aws:runShellScript plugin.",
  "parameters": {
    "roleToRegister": {
      "type": "StringList",
      "description": "(Required) This is a required parameter that will be use to determine the roles to register.",
      "minItems": 1
    }
  },
  "mainSteps": [
    {
      "action": "aws:runPowerShellScript",
      "name": "RegisterXX",
      "inputs": {
        "timeoutSeconds": 60,
        "runCommand": [
          "$roles = '{{ rolesToRegister }}'",
          "Write-Host $roles"
        ]
      }
    }
  ]
}