We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Getting the following errors in /var/log/amazon/ssm/error.log:
/var/log/amazon/ssm/error.log
2018-05-31 17:57:41 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [MessagingDeliveryService] error when calling AWS APIs. error details - GetMessages Error: AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ec2messages:GetMessages on resource: * status code: 400, request id: 1d0c1fbb-64fc-11e8-9d96-95f629114d32 2018-05-31 17:57:41 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [HealthCheck] error when calling AWS APIs. error details - AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ssm:UpdateInstanceInformation on resource: arn:aws:ec2:us-east-2:758011127832:instance/i-05939a0faa0bbb4d3 status code: 400, request id: 6681f3a3-7c19-4982-9816-52498e9ddb32 2018-05-31 17:57:41 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [HealthCheck] error when calling AWS APIs. error details - AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ssm:UpdateInstanceInformation on resource: arn:aws:ec2:us-east-2:758011127832:instance/i-05939a0faa0bbb4d3 status code: 400, request id: 6681f3a3-7c19-4982-9816-52498e9ddb32 2018-05-31 17:57:43 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [MessagingDeliveryService] error when calling AWS APIs. error details - GetMessages Error: AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ec2messages:GetMessages on resource: * status code: 400, request id: 1e40ceee-64fc-11e8-9d96-95f629114d32 2018-05-31 17:57:45 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [MessagingDeliveryService] error when calling AWS APIs. error details - GetMessages Error: AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ec2messages:GetMessages on resource: * status code: 400, request id: 1f61f67b-64fc-11e8-9d96-95f629114d32 2018-05-31 17:57:47 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [MessagingDeliveryService] error when calling AWS APIs. error details - GetMessages Error: AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ec2messages:GetMessages on resource: * status code: 400, request id: 20b8d43d-64fc-11e8-9d96-95f629114d32 2018-05-31 17:57:50 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [MessagingDeliveryService] error when calling AWS APIs. error details - GetMessages Error: AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ec2messages:GetMessages on resource: * status code: 400, request id: 2223ae5c-64fc-11e8-9d96-95f629114d32 2018-05-31 17:57:52 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [MessagingDeliveryService] error when calling AWS APIs. error details - GetMessages Error: AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ec2messages:GetMessages on resource: * status code: 400, request id: 235e2a1d-64fc-11e8-9d96-95f629114d32 2018-05-31 17:57:54 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [MessagingDeliveryService] error when calling AWS APIs. error details - GetMessages Error: AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ec2messages:GetMessages on resource: * status code: 400, request id: 24dc3ea2-64fc-11e8-9d96-95f629114d32 2018-05-31 17:57:57 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [MessagingDeliveryService] error when calling AWS APIs. error details - GetMessages Error: AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ec2messages:GetMessages on resource: * status code: 400, request id: 264d5ad6-64fc-11e8-9d96-95f629114d32 2018-05-31 17:57:57 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [MessagingDeliveryService] [Association] error when calling AWS APIs. error details - AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ssm:ListInstanceAssociations on resource: arn:aws:ec2:us-east-2:758011127832:instance/i-05939a0faa0bbb4d3 status code: 400, request id: 59f7a442-a381-4007-beb6-12c6a431cee9 2018-05-31 17:57:57 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [MessagingDeliveryService] [Association] error when calling AWS APIs. error details - AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ssm:ListAssociations on resource: arn:aws:ssm:us-east-2:758011127832:* status code: 400, request id: 507f7991-6804-479f-b274-140fe0c6db18 2018-05-31 17:57:57 ERROR [ProcessAssociation @ processor.go.157] [instanceID=i-05939a0faa0bbb4d3] [MessagingDeliveryService] [Association] Unable to load instance associations, unable to retrieve associations unable to retrieve associations AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ssm:ListAssociations on resource: arn:aws:ssm:us-east-2:758011127832:* status code: 400, request id: 507f7991-6804-479f-b274-140fe0c6db18 2018-05-31 17:57:59 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [MessagingDeliveryService] error when calling AWS APIs. error details - GetMessages Error: AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ec2messages:GetMessages on resource: * status code: 400, request id: 27af832a-64fc-11e8-9d96-95f629114d32 2018-05-31 17:58:01 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [MessagingDeliveryService] error when calling AWS APIs. error details - GetMessages Error: AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ec2messages:GetMessages on resource: * status code: 400, request id: 2929a047-64fc-11e8-9d96-95f629114d32 2018-05-31 17:58:04 ERROR [loop @ scheduler.go.56] [instanceID=i-05939a0faa0bbb4d3] [MessagingDeliveryService] MessagingDeliveryService stopped temporarily due to internal failure. We will retry automatically after 15 minutes 2018-05-31 18:00:17 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [HealthCheck] error when calling AWS APIs. error details - AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ssm:UpdateInstanceInformation on resource: arn:aws:ec2:us-east-2:758011127832:instance/i-05939a0faa0bbb4d3 status code: 400, request id: e70201bf-2b67-44f2-818a-4663ee5ff5c3 2018-05-31 18:00:17 ERROR [HandleAwsError @ awserr.go.48] [instanceID=i-05939a0faa0bbb4d3] [HealthCheck] error when calling AWS APIs. error details - AccessDeniedException: User: arn:aws:sts::758011127832:assumed-role/stag0-explorer-role/i-05939a0faa0bbb4d3 is not authorized to perform: ssm:UpdateInstanceInformation on resource: arn:aws:ec2:us-east-2:758011127832:instance/i-05939a0faa0bbb4d3 status code: 400, request id: e70201bf-2b67-44f2-818a-4663ee5ff5c3
This is the policy that worked for me eventually:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Action": "ssm:DescribeParameters", "Resource": "*" }, { "Sid": "", "Effect": "Allow", "Action": [ "ssm:GetParametersByPath", "ssm:GetParameters", "ssm:GetParameter" ], "Resource": [ "arn:aws:ssm:*:*:parameter/$PREFIX/*/*", "arn:aws:ssm:*:*:parameter/$PREFIX/*" ] }, { "Sid": "", "Effect": "Allow", "Action": "ec2:DescribeTags", "Resource": "*" }, { "Sid": "", "Effect": "Allow", "Action": "ec2messages:GetMessages", "Resource": "*" }, { "Sid": "", "Effect": "Allow", "Action": [ "ssm:UpdateInstanceInformation", "ssm:ListInstanceAssociations" ], "Resource": "arn:aws:ec2:*" }, { "Sid": "", "Effect": "Allow", "Action": "ssm:ListAssociations", "Resource": "arn:aws:ssm:*" }, { "Sid": "", "Effect": "Allow", "Action": "s3:*", "Resource": [ "arn:aws:s3:::aws-codedeploy-us-west-2/*", "arn:aws:s3:::aws-codedeploy-us-west-1/*", "arn:aws:s3:::aws-codedeploy-us-east-2/*", "arn:aws:s3:::aws-codedeploy-us-east-1/*", "arn:aws:s3:::aws-codedeploy-sa-east-1/*", "arn:aws:s3:::aws-codedeploy-eu-west-1/*", "arn:aws:s3:::aws-codedeploy-eu-central-1/*", "arn:aws:s3:::aws-codedeploy-ap-southeast-2/*", "arn:aws:s3:::aws-codedeploy-ap-southeast-1/*", "arn:aws:s3:::aws-codedeploy-ap-south-1/*", "arn:aws:s3:::aws-codedeploy-ap-northeast-2/*", "arn:aws:s3:::aws-codedeploy-ap-northeast-1/*" ] } ] }
The text was updated successfully, but these errors were encountered:
Fixed in master
Sorry, something went wrong.
No branches or pull requests
Getting the following errors in
/var/log/amazon/ssm/error.log
:This is the policy that worked for me eventually:
The text was updated successfully, but these errors were encountered: