Use Prepared SSM Documents
webern opened this issue · comments
What I'd like:
Reduce scope of SSM commands be using prepared documents.
Currently we send arbitrary commands with shell command. We can reduce the permissions required by codifying the commands in the Cloudformation stack.
From what I can tell, however, the waiter (WaitUntilCommandExecuted) is where the max attempts cut off is actually happening.
Agreed. I am not targeting that, for situation where SSM command is stuck #53 & #54 . SSM command will keep on running for 3600 seconds before it timesout. However, our waiter only waits for X attempts to declare wait timeout, but SSM command can still keep on running. To address, this I was thinking of setting
TimeoutSeconds
parameter in SendCommandInput to something like 1800 seconds > waiter timeout.Doc snippet from here:
For example, the default value of Timeout (seconds) in the Systems Manager console is 600 seconds. If you run a command by using the AWS-RunShellScript SSM document, the default value of "timeoutSeconds": "{{ executionTimeout }}" is 3600 seconds
executionTimeout needs to be added to prepared SSM documents. This was discussed in the comments of #49