Open alagappan-al opened 11 months ago
To confirm, you say you were trying to use Invoke-WebRequest
, did you mean Invoke-Command
?
Are you able to post a sample of your code so we can see and aim to reproduce what you were trying to do?
Sorry, I was using invoke-command.
PS> Invoke-Command -ScriptBlock { hostname } -ComputerName WEBSRV1 WEBSRV1
Copy
I am using something like this.
On Wed, Jul 26, 2023 at 4:56 PM Andrew Pearce @.***> wrote:
To confirm, you say you were trying to use Invoke-WebRequest, did you mean Invoke-Command?
Are you able to post a sample of your code so we can see and aim to reproduce what you were trying to do?
— Reply to this email directly, view it on GitHub https://github.com/awslabs/aws-lambda-powershell-runtime/issues/22#issuecomment-1652650818, or unsubscribe https://github.com/notifications/unsubscribe-auth/AMSZVRWZGGAELKESQSBG53DXSGOA7ANCNFSM6AAAAAA2ZEXAZI . You are receiving this because you authored the thread.Message ID: @.***>
@austoonz, did you get a chance to look at the sample code?
@hyandell @julian @austoonz Hi Austoon, Any updates on this issue?
I haven't had time to deep dive into this recently, however the previous guidance I've given is to focus on using Systems Manager Run Command (ie ssm:SendCommand
) rather than trying to use Invoke-Command.
In previous testing (a few years back), no matter what I tried I was unable to make this work as I'd expect it to, or want it do.
@austoonz is correct to use Systems Manager Run Command (ie ssm:SendCommand) rather than trying to use Invoke-Command.
However, if you want to test and try get Invoke-Command
working, use an Amazon Linux 2 instance, or WSL. This doesn't seem a Lambda specific problem, but rather how Invoke-Command
works on Linux.
SSM is not sufficient for everything because it does not provide a way to have fine-grained control in the OS in a way that allows for delegation of permission. You can set the SSM agent to run as a specific user in the OS, but it does not offer the level of control that you could get with JEA, which is my use case.
FWIW I have gotten PowerShell remoting and JEA working from Lambda to Windows, using this runtime as a base.
~It requires more than just PSWSMan
(though it requires that too), so it was a bit of work to get going, and it does balloon the image size by quite a bit.~ it turns out just that module is enough, for Kerberos. I was trying to get NTLM working, with gss-ntlmssp (which is the thing that balloons the image size) but not quite there. More details in the PR.
Since it requires system components, I am using it as a container-based Lambda only; I'm not sure if it's feasible to do it with layers and ZIP-based.
@briantist very cool! Would be happy to include an example, or some flags to help deploy a function that supports PS remoting if you're able to share the details.
@austoonz sure, I've put up a PR with more information :)
I tied using the sample code and modified it to run some commands in the remote computer using invoke-web request. Test Inoke throws the following error { "errorType": "PSRemotingTransportException", "errorMessage": "This parameter set requires WSMan, and no supported WSMan client library was found. WSMan is either not installed or unavailable for this system." }
I tried a workaround following this post https://blueleader07.medium.com/lambda-powershell-layer-15c0ec6f6d4a to replace the PSWSMan library libmi.so. I still get the same error. Does the custom runtime have all commands available like the regular Powershell version?
@julianwood @austoonz
Thanks for looking into the issue.