Raspberry Pi update on boot using the AWS SSM service

Question

Following this announcement of Raspbian OS Raspberry Pi support in the AWS Simple Systems Manager (SSM) service, I've been looking into using it to manage a fleet of Raspberry Pi devices. There's one scenario in particular I'm not sure how to handle, or if it is even possible to handle with SSM.

For my particular situation, I want to send someone an IoT device built on a Raspberry Pi board. The first time the device is powered up I want it to automatically download the latest updates. Let's say for this example I've used the SSM service to push two updates to the device fleet while this newest device was being shipped to the end user. How can I configure the SSM service to automatically detect and install those two pending updates as soon as the new device is powered up?

Is this possible using the SSM service? Would it be a function of the Patch Management feature, or the State Management feature?

Answer 1

SSM Patch Manager does not support patching of Raspbian today. However, you can still remotely patch your device using State Manager.

There are three steps to doing this: 1) Once you register your Raspberry Pi device as an SSM on-premises server, you can tag it using the add-tags-to-resource API.

2) Create or use an existing SSM Document to script your patching process.

3) Create a State Manager Association against that tag, and when a new device is added to that tag the Association is applied automatically to bootstrap the device.

Hope this helps!

Answer 2

S1, S2 defines the state of the Instance

P1,...,P5 defines the patches for that Instance

If you release patches and machine is in still in State S1, You can apply P1,P2,P3,P4.

If your machine is still on State S1 and did not apply any patches until P5 is updated as a patch, it will not apply P1,P2,P3,P4. Instead It will apply P5 (Cumulative Patches)

I have not personally tested Raspbian Patch Management yet. This is based my observation on how patch management system works.

Choose the patches applied to a given instance and define the state by a set of patches.

In the above case defined, If P1,P2,P3,P4 is applied to instance then change the state of the machine to S2.

If P1 is not applied, then P5 is available, apply P5 to get to state S2.

State Manager helps to you create States, https://us-west-2.console.aws.amazon.com/ec2/v2/home?region=us-west-2#Associations:sort=AssociationId

by associating Patches.

Hope it helps.

Answer 3

I had a similar interest in patch management for my pi's using SSM, however, currently there isn't a Patch Baseline for the raspbian targets yet.

I also brought this up to AWS support with the reply:

Hello,

Thank you for contacting AWS Support and for your interest in Patch Manager. My name is Dan and I will be assisting you today. While the SSM Agent is supported on Raspbian and some components of the software are available, at this time the Patch Manager does not work with Raspberry Pi for this reason. There have been other requests for this, so our internal development teams are aware of this as a feature request. We continue to expand the functionality of SSM and its reach, so hopefully this is something we can provide in the future. Unfortunately, I do not have any ETA that I can share for this.

I recommend keeping an eye out though on our public blogs as we tend to announce these sort of features when they are available. You can find those links here:

-- AWS blogs: https://aws.amazon.com/blogs/aws/ -- Whats New: http://aws.amazon.com/new/

Both of them have RSS feeds that make them a bit easier to follow.

Please let us know if there are any other questions we can answer for you. We're happy to help however we can.

Best regards,

Dan H. Amazon Web Services

So, for now, I'm not sure there's a way.