Open SEAFork1 opened 8 months ago
Ray-PHSA
commented
8 months ago Hi, any temporary fix or workaround for this? We are also seeing the same issue. For now, we're having to manually add the IAM role 'EC2-Default-SSM-AD-Role' to the VMs after creation. Thanks!
vic614
commented
8 months ago Hi, any temporary fix or workaround for this? We are also seeing the same issue. For now, we're having to manually add the IAM role 'EC2-Default-SSM-AD-Role' to the VMs after creation. Thanks!
You can copy the zip files from this PR to the proper folder in ASEA config bucket. https://github.com/aws-samples/aws-secure-environment-accelerator/pull/1207
Bug reports which fail to provide the required information will be closed without action.
Required Basic Info
Describe the bug The Instance Profile custom config rule bundled with ASEA fails to evaluate, on closer inspection the backend Lambda function has the following error:
{ "errorType": "Runtime.ImportModuleError", "errorMessage": "Error: Cannot find module 'aws-sdk'\nRequire stack:\n- /var/task/index.js\n- /var/runtime/index.mjs", "trace": [ "Runtime.ImportModuleError: Error: Cannot find module 'aws-sdk'", "Require stack:", "- /var/task/index.js", "- /var/runtime/index.mjs", " at _loadUserApp (file:///var/runtime/index.mjs:1087:17)", " at async UserFunction.js.module.exports.load (file:///var/runtime/index.mjs:1119:21)", " at async start (file:///var/runtime/index.mjs:1282:23)", " at async file:///var/runtime/index.mjs:1288:1" ] }
The result of this is the instance profile config rule fails to evaluate and does not attach an instance profile to an EC2 instance.
Steps To Reproduce
Expected behavior The config rule should evaluate the EC2 instance as non-compliant and then kick off auto-remediation,