SSM document

[muhammadbader]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform verion: v0.14.11
provider registry.terraform.io/hashicorp/aws v3.61.0

Affected Resource(s)

• aws_ssm_document
• aws_ssm_association

Terraform Configuration Files

Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.

resource "aws_ssm_document" "SSM-test-DOC1" {
   name          = "SSM-DOC-test1"
   document_type = "Command"
   target_type = "/AWS::EC2::Instance"
   content       = <<DOC
   {
     "schemaVersion": "2.2",
     "description": "Execute scripts stored in a remote location. The following remote locations are currently supported: GitHub (public and private) and Amazon S3 (S3). The following script types are currently supported: #! support on Linux and file associations on Windows.",
     "parameters": {
       "sourceType": {
         "description": "(Required) Specify the source type.",
         "type": "String",
         "default": "S3"
       },
       "sourceinf": {
           "description": "(Required) The information required to retrieve the content from the required source.",
           "type": "StringMap",
           "displayType": "textarea",
           "default":  {
             "path": "<s3 bucket path>"
           }
       },
       "commandLine": {
         "description": "(Required) Specify the command line to be executed. The following formats of commands can be run: 'pythonMainFile.py argument1 argument2', 'ansible-playbook -i \"localhost,\" -c local example.yml'",
         "type": "String",
         "default": "./getting.sh" # this is the file I want ot download from S3 and run on the instance specified at 'aws_ssm_association'
       },

       "workingDirectory": {
         "type": "String",
         "default": "home/ec2-user",
         "description": "(Optional) The path where the content will be downloaded and executed from on your instance.",
         "maxChars": 4096
       }

     },
     "mainSteps": [
       {
         "action": "aws:downloadContent",
         "name": "downloadContent",
         "inputs": {
           "sourceType": "{{ sourceType }}",
           "sourceInfo": "{{ sourceinf }}",
           "destinationPath": "{{ workingDirectory }}"
         }
       },
       {
         "action": "aws:runShellScript",
         "name": "runShellScript",
         "inputs": {
           "runCommand": [
             "directory=$(pwd)",
             "export PATH=$PATH:$directory",
             "{{commandLine}}",
             "touch fff.txt",
             "cp getting.sh getting3.sh",
             "echo howqahe"
           ],
           "workingDirectory": "{{ workingDirectory }}"

         }
       }
     ]
   }
 DOC
 }

 resource "aws_ssm_association" "ec2ssm1" {
   name = aws_ssm_document.SSM-test-DOC1.name

   targets {
     key    = "InstanceIds"
     values = [
       "<ec2-id>",
       ]
   }
 }

Debug Output

after running terraform apply I got:

 aws_ssm_document.SSM-test-DOC1: Refreshing state... [id=SSM-DOC-test1]
 aws_ssm_association.ec2ssm1: Refreshing state... [id=6c19c445-e829-41b1-afa1-0fea2c219582]
 aws_ssm_document.SSM-test-DOC1: Modifying... [id=SSM-DOC-test1]
 aws_ssm_document.SSM-test-DOC1: Modifications complete after 5s [id=SSM-DOC-test1]

 Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
 -----------

BUT:

into the SSM -> Run Command -> command History the command failed due to failure in downloading the s3 bucket file specified in the 'sourceinf' block although it exists there!

Expected Behavior

A status of Success in the SSM -> Run Command -> command History (which I get when running the command manually in the console using the Run Commnad option)

Actual Behavior

downloading the S3 script file failed -> running the command failed, and got the following error:

invalid format in plugin properties map[destinationPath:home/ec2-user sourceInfo:map[path:https://test-ssm-document-2.s3.amazonaws.com/getting.sh] sourceType:S3];

 error json: cannot unmarshal object into Go struct field DownloadContentPlugin.sourceInfo of type string

Steps to Reproduce

1. create a script file and upload it to S3 bucket
2. create an EC2 instance in the same region of the S3 bucket with SSM role to run SSM command on it
3. update the ec2 id and s3 file path in the .tf file
4. terraform apply
5. in the terminal everything should work fine
6. log into the aws console -> SSM -> Run Command -> Command History
7. Status of the last Command will be "failed"

Important Factoids

I created an SSM document, using aws_ssm_document, and then tried to run it using aws_ssm_association and I got the following error:

invalid format in plugin properties map[destinationPath:"/home/ec2-user" sourceInfo:map[path:https://test-ssm-document-2.s3.amazonaws.com/getting.sh] sourceType:S3];

error json: cannot unmarshal object into Go struct field DownloadContentPlugin.sourceInfo of type string

Details:

I am trying to run a script from S3 bucket into EC2 instance using SSM, and so I created an SSM document and then used the "AWS-RunRemoteScript" template as the content of "aws_ssm_document", I tested the template itself by manually running ssm command through the aws console and it is working.

Then I used aws_ssm_association, and the terraform run succeded but but the "run command" it provoked failed with the following error:

error json: cannot unmarshal object into Go struct field DownloadContentPlugin.sourceInfo of type string.
although I double checked the sourceInfo type (StringMap) which contains the url of the S3 bucket.

[justinretzolk]

Hey @muhammadbader 👋 Thank you for taking the time to file this issue. So that we have all of the information necessary to reproduce and investigate, can you update the issue with the information found in the template?

[muhammadbader]

I opened a pull request

[justinretzolk]

Hey @muhammadbader 👋 Apologies if I was unclear - I was looking to have you update this issue with the information from the issue template. No worries; I copied over the information from the PR you submitted and updated the issue here. We'll look into this as time permits to try to determine if this is a bug.

[github-actions[bot]]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.