TechQA.

How to create an AWS SSM Document Package using Terraform

4.1k views Asked by At

Using Terraform, I am trying to create an AWS SSM Document Package for Chrome so I can install it on various EC2 instances I have. I define these steps via terraform:

  1. Upload zip containing Chrome installer plus install and uninstall powershell scripts.
  2. Add that ZIP to an SSM package.

However, when I execute terraform apply I receive the following error...

Error updating SSM document: InvalidParameterValueException: AttachmentSource not provided in the input request. status code: 400, request id: 8d89da70-64de-4edb-95cd-b5f52207794c

The contents of my main.tf are as follows:

# 1. Add package zip to s3
resource "aws_s3_bucket_object" "windows_chrome_executable" {
  bucket = "mybucket"
  key    = "ssm_document_packages/GoogleChromeStandaloneEnterprise64.msi.zip"
  source = "./software-packages/GoogleChromeStandaloneEnterprise64.msi.zip"

  etag = md5("./software-packages/GoogleChromeStandaloneEnterprise64.msi.zip")
}

# 2. Create AWS SSM Document Package using zip.
resource "aws_ssm_document" "ssm_document_package_windows_chrome" {
  name          = "windows_chrome"
  document_type = "Package"

  attachments_source {
    key = "SourceUrl"
    values = ["/path/to/mybucket"]
  }

  content = <<DOC
  {
    "schemaVersion": "2.0",
    "version": "1.0.0",
    "packages": {
        "windows": {
            "_any": {
                "x86_64": {
                    "file": "GoogleChromeStandaloneEnterprise64.msi.zip"
                }
            }
        }
    },
    "files": {
        "GoogleChromeStandaloneEnterprise64.msi.zip": {
            "checksums": {
                "sha256": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
            }
        }
    }
  }
DOC
}

If I change the file from a zip to a vanilla msi I do not receive the error message, however, when I navigate to the package in the AWS console it tells me that the install.ps1 and uninstall.ps1 files are missing (since obviously they weren't included).

Has anyone experienced the above error and do you know how to resolve it? Or does anyone have reference to a detailed example of how to do this?

Thank you.

amazon-web-services terraform ssm
Original Q&A
3

There are 3 answers

0
platinum_pidgeon On BEST ANSWER

I realized that in the above example there was no way terraform could identify a dependency between the two resources i.e. the s3 object needs to be created before the aws_ssm_document. Thus, I added in the following explicit dependency inside the aws_ssm_document:

  depends_on = [
    aws_s3_bucket_object.windows_chrome_executable
  ]
3
Andy Plamann On

I ran into this same problem, in order to fix it I added a trailing slash to the source url value parameter:

attachments_source {
  key = "SourceUrl"
  values = ["/path/to/mybucket/"]
}

My best guess is it appends the filename from the package spec to the value provided in the attachments source value so it needs the trailing slash to build a valid path to the actual file.

0
camilhord On

This is the way it should be set up for an attachment in s3:

attachments_source {
    key    = "S3FileUrl" 
    values = ["s3://packer-bucket/packer_1.7.0_linux_amd64.zip"]
    name   = "packer_1.7.0_linux_amd64.zip"
}

Related Questions in AMAZON-WEB-SERVICES

Related Questions in TERRAFORM

Related Questions in SSM

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions