2

Is there a way i can copy a file from my s3 bucket to an windows ec2 instance? I have tried the following way using send command.. it returns success but file is not being copied.. need help

sh """
       aws ssm send-command --instance-ids ${Instance_Id} --document-name "AWS-RunPowerShellScript" --parameters '{"commands":["Read-S3Object -BucketName s3://{bucket-name}  file.pfx -File file.pfx"]}' --timeout-seconds 600 --max-concurrency "50" --max-errors "0" --region eu-west-1
       """
Reese
  • 389
  • 2
  • 10
  • 26

2 Answers2

0

I believe the command you pasted is wrong, or you might have copy/pasted wrong:

Considering you are running awscli and sending PowerShell command to be run within the instance, below 2 documents are worth referring.

Send-command CLI: https://docs.aws.amazon.com/cli/latest/reference/ssm/send-command.html Read-S3Object CmdLet: https://docs.aws.amazon.com/powershell/latest/reference/items/Read-S3Object.html

SSM returning success would still only mean that it was able to execute the underlying plugin (in this case runpowershellscript) - regardless of the fact it was successfully executed or not. In order to investigate why it did not copy the file, you may start with checking the output of the ssm command.

Having said that, below is a working syntax of file copy from s3 object using runPowerShellScript: 

aws ssm send-command --instance-ids $instance --document-name "AWS-RunPowerShellScript" --parameters commands=["Read-S3Object -BucketName $bucket  -key get-param.reg -File c:\programdata\get-param.reg"]

SSM also provides a way to download s3 object with its own plugin aws:downloadContent

https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-plugins.html#aws-downloadContent

This would require you to create a custom document (you should find example in the above doc) and just run that document to get the s3 object into windows/linux instance.

I hope this helps.

Ketanbhut
  • 476
  • 2
  • 11
  • hello, thank you very much for your reply and yes when i actually looked deeper i found the problem was 'key' parameter was missing in the command itself. My mistake was when ssm returned the success code i didn't consider to look into the actual outcome of the ssm command execution in the aws console. When i looked there, i found the issue and solved that. Thank you – Reese May 21 '20 at 16:25
0

Here is how I would accomplish what you are attempting:

Instead of AWS-RunPowerShellScript SSM document, use the SSM document AWS-RunRemoteScript.

What this document allows you to do is run a script on the ec2 instance, and then inside of the script you can have it download the files you're looking for in the s3 bucket using the aws s3api cli.

It would look something like this:

aws ssm send-command --document-name "AWS-RunRemoteScript" --document-version "1" --instance-ids $instance --parameters "sourceType=S3, sourceInfo=path:\"[url to script that is stored in s3]", commandLine=".\[name of script]", workingDirectory=\"\", executionTimeout=3600" --timeout-seconds 600 --max-concurrency "50" --max-errors "0"

The powershell script that you upload to s3 will look something like this:

aws s3api get-object --bucket [bucket name here] --key [s3 path (not url)] [path to where you want it downloaded]

To make this work, you need to make sure that the ec2 instance has permissions to read from your s3 bucket. You can do this by attaching an s3 full access policy to your ec2 security role in IAM.

Halo
  • 1,730
  • 1
  • 8
  • 31
Fred Jack
  • 27
  • 1
  • 3