emr-tls-ssm-0.2.jar does not work

Question

emr-tls-ssm-0.2.jar does not work

JituS opened this issue 5 years ago · 2 comments

I followed this blog, with the latest version on emr, I am facing issue.
Error is Terminated with errorsOn the master instance (i-041b4c6a66c19e01d), Certificate installation failed due to internal error.
This occurring on emr > 5.21.1 with emr-tls-ssm-0.2.jar . I was able to install certificates with emr-5.21.1 using emr-tls-ssm-0.2.jar.
I looked into the emr logs, but no luck.

Answer 1 · 2019-10-10T08:38:28.000Z

I think I found the problem. The issue is, in emr-tls-ssm-0.2, we have stopped using lambda function to get SSM parameter and directly querying for that from java code using GetParameterRequest class. for that to work, instance role must have ssn:GetParameter permission. This information can be added to the blog.

Answer 2 · 2019-10-10T14:01:07.000Z

CloudFormation template in folder 5.22+ that creates IAM EC2 Role from EMR, has included permission for SSM