时间戳

首页 > 解决方案 > AWS Systems Manager (SSM) 无法更新 SageMaker 实例上的InstanceInformation

amazon-web-services - AWS Systems Manager (SSM) 无法更新 SageMaker 实例上的InstanceInformation

问题描述

我经常收到 Cloudwatch 授权警报,因为附加到我的SageMaker实例的角色似乎没有足够的 SSM(系统管理员)权限来更新实例信息。我的理解是代理amazon-ssm-agent想要访问 AWS API,但没有这样做。

我的角色拥有完整的 SSM 权限:

{
        "Action": [
            "ssm:*",
            "ssmmessages:*"
        ],
        "Resource": "*",
        "Effect": "Allow"
}

但错误仍然存​​在:

 {
   "eventVersion": "1.05",
   "userIdentity": {
      "type": "AssumedRole",
      "principalId": "XXXXXXXXXXXXX:SageMaker",
      "arn": "arn:aws:sts::XXXXXXXXXXXXX:assumed-role/sagemaker_prod_Notebook_Instance_Role/SageMaker",
      "sessionContext": {
          "sessionIssuer": {
              "type": "Role",
              "principalId": "XXXXXXXXXXXXX",
              "arn": "arn:aws:iam::XXXXXXXXXXXXX:role/sagemaker_prod_Notebook_Instance_Role",
              "accountId": "XXXXXXXXXXXXX",
              "userName": "sagemaker_prod_Notebook_Instance_Role"
          }
      },
      "invokedBy": "im.amazonaws.com"
   },
   "eventSource": "ssm.amazonaws.com",
   "eventName": "UpdateInstanceInformation",
   "sourceIPAddress": "im.amazonaws.com",
   "userAgent": "im.amazonaws.com",
   "errorCode": "AccessDenied",
   "errorMessage": "An unknown error occurred",
   "requestParameters": {
       "instanceId": "i-045f627a2d2e469b1",
       "agentVersion": "2.3.714.0",
       "platformType": "Linux",
       "agentName": "amazon-ssm-agent"
   },
   "eventType": "AwsApiCall"
}

有没有人见过这个 ?

标签: amazon-web-servicesamazon-iamamazon-sagemaker

解决方案

这有点晚了,但我遇到了类似的问题,所以我联系了 AWS Support,这似乎是一个错误。

我被告知 AWS Sagemaker 团队默认安装了 ssm。Sagemaker 笔记本在 aws 服务账户中运行,尽管当客户在他们自己的账户中分配 Sagemaker 角色时,该角色无法通过客户分配的角色执行 UpdateInstance 信息。

支持建议我创建一个生命周期配置并利用以下代码示例来修复它: https ://docs.aws.amazon.com/sagemaker/latest/dg/notebook-lifecycle-config.html https://github.com/ aws-samples/amazon-sagemaker-notebook-instance-lifecycle-config-samples/blob/master/scripts/disable-uninstall-ssm-agent/on-start.sh

推荐阅读