AWS System Manager (SSM) get-command-invocation results in InvalidPluginName

1
votes

I've been able to successfully send a SSM command to an EC2 instance.

Here is the Python Lambda code I'm using:

            # System Manager send_command
            response = ssm_client.send_command(
                        InstanceIds=[instanceID],
                        DocumentName=document,
                        Parameters={'action': ['Install'],'licenseKey': [licenseKeyValue],})
                        
            command_id = response['Command']['CommandId']
            print("Command ID: " + command_id)

The document is: arn:aws:ssm:us-east-2:539736333151:document/New-Relic_Infrastructure

[UPDATE: The issue is with a document having MULTIPLE plugins (action) which does this document does. Must use --plugin-name correctName to get status.]

I know the send_command is working with this document. I also know the commandID.

I've seen the results both on the instance as well as in the AWS CLI for Systems Manager -> Run Command interface.

Now, I'm trying to retrieve the commands status via get-command-invocation. My AWS CLI command:

aws ssm get-command-invocation --command-id 28XXXa35-dXX1-4XX1-9XX0-9ecfXXXX29ae --instance-id i-0c038XXXXc4e9c66e

I'm receiving this response:

An error occurred (InvalidPluginName) when calling the GetCommandInvocation operation:

I've also tried:

aws ssm get-command-invocation --command-id 28XXXa35-dXX1-4XX1-9XX0-9ecfXXXX29ae --instance-id i-0c038XXXXc4e9c66e --plugin-name runShellScript

With the same exact response.

Any thoughts on why I'm receiving an error for an invalid plugin when it's optional?

From: aws ssm get-command-invocation help

SYNOPSIS

        get-command-invocation
      --command-id <value>
      --instance-id <value>
      [--plugin-name <value>]
      [--cli-input-json | --cli-input-yaml]
      [--generate-cli-skeleton <value>]
      [--cli-auto-prompt <value>]

OPTIONS

   --command-id (string)
      (Required) The parent command ID of the invocation plugin.

   --instance-id (string)
      (Required) The ID of the managed instance targeted by the command. A
      managed  instance  can  be  an Amazon EC2 instance or an instance in
      your hybrid environment that is configured for Systems Manager.

   --plugin-name (string)
      (Optional) The name of  the  plugin  for  which  you  want  detailed
      results.  If  the document contains only one plugin, the name can be
      omitted and the details will be returned.

Thanks in advance.

1
amazon-web-servicesssm
Can you provide actual command which you use?Marcin
For the command-id you need "The parent command ID of the invocation plugin."Sully
@Marcin That is included above (minus the actual commandID and instanceID). I know both IDs are correct as I receive the commandID from my Python Lambda code and have confirmed it against the list of SSM run command. The instanceID has been confirmed from the running instance.kupsand
@HithamS.AlQadheeb I'm not sure what the 'parent command ID' is. I only know the commandID from the Python Lambda response using: command_id = response['Command']['CommandId']kupsand
You have to be more specific. I'm sorry, its not clear what are you doing. ` --command-id` is for run command id, not for ssm automation execution id. Can you provide an example of what are you doing, where is execution id, where is run command id, with exemples of values?Marcin

1 Answers

3
votes

had the same problem with running AWS-RunPatchBaseline

If you look at the content of New-Relic_Infrastructure document you will notice that there are two actions that the document can run: aws:runPowerShellScript ("name": "WindowsInstallNewRelicInfrastructureAgent") and aws:runShellScript ("name": "LinuxInstallNewRelicInfrastructureAgent")

so in order to get a result of ssm_client.get_command_invocation you will also have to send the PluginName="WindowsInstallNewRelicInfrastructureAgent" or "LinuxInstallNewRelicInfrastructureAgent"

The problem is that right after you call ssm_client.send_command, calling get_command_invocation will fail with the error

An error occurred (InvalidPluginName) when calling the GetCommandInvocation operation

You have to wait till the command finishes running and you can check it by running

# we must wait for command to finish before we query the get_command_invocation on the instance, or else the Plugins list will be empty and we will crash
keepWaiting = None
while keepWaiting is None: 
    commandResp = ssm_client.list_commands(
        CommandId=command['Command']['CommandId'] #this way we will get only this command without it crashing because it is mising the Plugin name 
    )
    if commandResp['Commands'][0]['Status'] == "InProgress" or commandResp['Commands'][0]['Status'] == "Pending":            
        time.sleep(30)
    else:
        keepWaiting = 1
    )

Funny thing is that if you run in powershell:

Get-SSMCommandInvocation -CommandId 'theCommandIdYouJustGot' -Detail $true

you will see the command and it's status, and you can see that the CommandPlugins are empty while the status is InProgress, and when status changes to Success the CommandPlugins will contain both values