Skip to content
This repository has been archived by the owner on Oct 4, 2024. It is now read-only.

Commit

Permalink
New checks and minor enhancements.
Browse files Browse the repository at this point in the history 
New checks SSM Agent Version
New checks Session Manager plugin version
New output format (Table)
Update the screenshots and flowchart
Update README.md to reflect new checks
Add new tests for the new checks
Update the tests README.md and output
Update the ZIP file to include latest changes
Some other enhancements and minor changes
  • Loading branch information
@aaalzand
aaalzand committed Oct 1, 2021
1 parent cfcfa25 commit b701bf2
Show file tree
Hide file tree
Showing 42 changed files with 952 additions and 790 deletions.
50 changes: 22 additions & 28 deletions Systems Manager/SSMAgent-Toolkit-Windows/README.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# SSM Agent Toolkit
# SSM Agent Toolkit for Windows

The SSMAgent-Toolkit is a set of PowerShell scripts developed to run multiple checks to determined why an Windows EC2 instance does not come online. It will go through the following walkthrough
The [SSMAgent-Toolkit for Windows](https://github.com/awslabs/aws-support-tools/tree/master/Systems%20Manager/SSMAgent-Toolkit-Windows) is a set of PowerShell scripts developed to run multiple checks to determined why an Windows EC2 instance does not come online. It will go through the following workflow

![Flowchart](https://github.com/awslabs/aws-support-tools/raw/master/Systems%20Manager/SSMAgent-Toolkit-Windows/SSMAgent-Toolkit_Flowchart.png?raw=1)

Expand Down Expand Up @@ -36,24 +36,20 @@ Managed(hybrid) Instance Registration Pass
EC2 instance metadata accessible Skip This test skipped since this server configured as Managed(hybrid) Instance
IAM instance profile Skip This test skipped since this server configured as Managed(hybrid) Instance
IAM profile credential valid Skip This test skipped since this server configured as Managed(hybrid) Instance
LocalSystem account user API assume role arn:aws:sts::012345678901:assumed-role/AmazonEC2RunCommandRoleForManagedInstances/mi-abcdef01234567890 The role and the instance in the ARN should match the role in the metadata and the current
instanceID
LocalSystem account user API assume role arn:aws:sts::012345678901:assumed-role/AmazonEC2RunCommandRoleForManagedInstances/mi-abcdef01234567890 The role and the instance in the ARN should match the metadata\hybrid registration
ssm.us-east-1.amazonaws.com accessible Pass Endpoint IP address is 52.46.141.158
ec2messages.us-east-1.amazonaws.com accessible Pass Endpoint IP address is 52.94.228.178
ssmmessages.us-east-1.amazonaws.com accessible Pass Endpoint IP address is 52.46.132.109
S3.us-east-1.amazonaws.com accessible Pass Endpoint IP address is 52.217.165.48
kms.us-east-1.amazonaws.com accessible Pass Endpoint IP address is 52.46.134.194
logs.us-east-1.amazonaws.com accessible Pass Endpoint IP address is 3.236.94.199
SSM Agent Proxy Setting N/A There is no proxy setting for SSM Agent
System-wide environment variable proxy N/A There is no http_proxy, https_proxy or no_proxy configured.
LocalSystem account user environment variable proxy N/A There is no http_proxy, https_proxy or no_proxy configured.
WinHTTP system-wide proxy N/A There is no ProxyServer(s) configured for WinHTTP system-wide proxy. Note: This proxy
settings mainly used to by Windows Update service
LocalSystem account user Internet Explorer proxy N/A There is no ProxyServer configured. Note: If the instance behind a proxy and PowerShell via
run command has a command which needs access to the internet would fail if there are no
Internet Explorer proxy settings.
SSMAgent version Pass SSM Agent version: 3.1.282.0, the latest agent version in us-east-1 is 3.1.282.0.
Session Manager Plugin version Pass Session Manager Plugin version is 1.2.245.0, the latest Session Manager Plugin version is 1.2.245.0.
System-wide environment variable proxy N/A There is no http_proxy, https_proxy or no_proxy configured
LocalSystem account user environment variable proxy N/A There is no http_proxy, https_proxy or no_proxy configured
WinHTTP system-wide proxy N/A There is no ProxyServer(s) configured for WinHTTP system-wide proxy
LocalSystem account user Internet Explorer proxy N/A There is no ProxyServer configured
SSMAgent version Pass The install and the latest agent version in us-east-1 is 3.1.338.0
Session Manager Plugin version Pass The install and the latest Session Manager Plugin version is 1.2.245.0
```

### The instance register as a EC2 instance
Expand All @@ -64,10 +60,10 @@ Session Manager Plugin version Pass
PS C:\SSMAgent-Toolkit> Import-Module "$destination\SSMAgent-Toolkit\SSMAgent-Toolkit.psm1";Invoke-SSMChecks -Table
Checking for elevated permissions...
Code is running as administrator - executing the script...
[2021-09-17T20:25:41.8395772+00:00] [INFO] Logs directory exists - C:\SSMAgent-Toolkit\logs\
[2021-09-17T20:25:41.8395772+00:00] [INFO] Outputs directory exists - C:\SSMAgent-Toolkit\Outputs\
[2021-09-17T20:25:41.8395772+00:00] [INFO] Logs available at C:\SSMAgent-Toolkit\logs\SSMCheck_2021-09-17-08-25-41.log
[2021-09-17T20:25:41.8395772+00:00] [INFO] Outputs available at C:\SSMAgent-Toolkit\Outputs\SSMCheck_2021-09-17-08-25-41.txt
[2021-10-01T13:16:05.6939670+00:00] [INFO] Logs directory exists - C:\SSMAgent-Toolkit\logs\
[2021-10-01T13:16:05.7095817+00:00] [INFO] Outputs directory exists - C:\SSMAgent-Toolkit\Outputs\
[2021-10-01T13:16:05.7095817+00:00] [INFO] Logs available at C:\SSMAgent-Toolkit\logs\SSMCheck_2021-10-01-01-16-05.log
[2021-10-01T13:16:05.7095817+00:00] [INFO] Outputs available at C:\SSMAgent-Toolkit\Outputs\SSMCheck_2021-10-01-01-16-05.txt
Running all the tests can take a few minutes...
___ _ _______ _____ __ __ ___
/ | | / / ___/ / ___/__ _______/ /____ ____ ___ _____ / |/ /___ _____ ____ _____ ____ _____
Expand All @@ -84,24 +80,22 @@ Amazon SSM service account LocalSystem
Managed(hybrid) Instance Registration Skip The instance is not configured as Managed(hybrid) Instance. Metadata will be used to get the InstanceId and Region
EC2 instance metadata accessible Pass EC2 InstanceID = i-abcdef01234567890, Region = us-east-1
IAM instance profile SSMInstanceProfile IAM instance profile SSMInstanceProfile is attached to the instance
IAM profile credential valid Pass IAM instance profile`'s credential is up to date. IAM credential Expiration timestamp is 09/18/2021 01:49:12.
The Last update is 09/17/2021 19:29:32 UTC
LocalSystem account user API assume role arn:aws:sts::012345678901:assumed-role/SSMInstanceProfile/i-abcdef01234567890 The role and the instance in the ARN should match the role in the metadata and the current instanceID
IAM profile credential valid Pass IAM instance profile`'s credential is up to date. IAM credential Expiration timestamp is 10/01/2021 18:26:44.
The Last update is 10/01/2021 12:17:17 UTC
LocalSystem account user API assume role arn:aws:sts::012345678901:assumed-role/SSMInstanceProfile/i-abcdef01234567890 The role and the instance in the ARN should match the metadata\hybrid registration
ssm.us-east-1.amazonaws.com accessible Pass Endpoint IP address is 52.46.145.233
ec2messages.us-east-1.amazonaws.com accessible Pass Endpoint IP address is 52.46.138.63
ssmmessages.us-east-1.amazonaws.com accessible Pass Endpoint IP address is 52.46.132.109
S3.us-east-1.amazonaws.com accessible Pass Endpoint IP address is 52.217.98.142
kms.us-east-1.amazonaws.com accessible Pass Endpoint IP address is 52.46.136.89
logs.us-east-1.amazonaws.com accessible Pass Endpoint IP address is 3.236.94.131
SSM Agent Proxy Setting N/A There is no proxy setting for SSM Agent
System-wide environment variable proxy N/A There is no http_proxy, https_proxy or no_proxy configured.
LocalSystem account user environment variable proxy N/A There is no http_proxy, https_proxy or no_proxy configured.
WinHTTP system-wide proxy N/A There is no ProxyServer(s) configured for WinHTTP system-wide proxy. Note: This proxy settings mainly used to by Windows
Update service
LocalSystem account user Internet Explorer proxy N/A There is no ProxyServer configured. Note: If the instance behind a proxy and PowerShell via run command has a command
which needs access to the internet would fail if there are no Internet Explorer proxy settings.
SSMAgent version Pass SSM Agent version: 3.1.282.0, the latest agent version in us-east-1 is 3.1.282.0.
Session Manager Plugin version Pass Session Manager Plugin version is 1.2.245.0, the latest Session Manager Plugin version is 1.2.245.0.
System-wide environment variable proxy N/A There is no http_proxy, https_proxy or no_proxy configured
LocalSystem account user environment variable proxy N/A There is no http_proxy, https_proxy or no_proxy configured
WinHTTP system-wide proxy N/A There is no ProxyServer(s) configured for WinHTTP system-wide proxy
LocalSystem account user Internet Explorer proxy N/A There is no ProxyServer configured
SSMAgent version Pass The install and the latest agent version in us-east-1 is 3.1.338.0
Session Manager Plugin version Pass The install and the latest Session Manager Plugin version is 1.2.245.0
```

## Usage
Expand Down
Binary file modified Systems Manager/SSMAgent-Toolkit-Windows/SSMAgent-Toolkit.zip
View file
Binary file not shown.
52 changes: 52 additions & 0 deletions Systems Manager/SSMAgent-Toolkit-Windows/SSMAgent-Toolkit/Private/Get-AppVersionNumber.ps1
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
<#
.Synopsis
Get the application version number
.Description
This is a helper function to get the application version number.
.Example
Get-AppVersionNumber -Path 'SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall' -Value 'Environment'
.INPUTS
Path = The registry path
AppName = The name of the application under the DisplayName under the registry
.OUTPUTS
Return the version number under the registry
#>
function Get-AppVersionNumber {
[CmdletBinding()]
param (
[String]$RegHive = "LocalMachine",
[String]$Path = "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", #Define the variable to hold the location of Currently Installed Programs
[parameter(Mandatory = $true)]
[ValidateNotNullOrEmpty()]$AppName
)

if ((Get-WmiObject -Class Win32_ComputerSystem).SystemType -match 'x64') {
$RegView = [Microsoft.Win32.RegistryView]::Registry64
}
else {
$RegView = [Microsoft.Win32.RegistryView]::Registry32
}

#Create an instance of the Registry Object and open the HKLM base key
$reg = [microsoft.win32.registrykey]::OpenBaseKey([Microsoft.Win32.RegistryHive]::$RegHive, $RegView)

#Drill down into the Uninstall key using the OpenSubKey Method
$regkey = $reg.OpenSubKey($Path)

#Retrieve an array of string that contain all the subkey names
$subkeys = $regkey.GetSubKeyNames()

#Open each Subkey and use GetValue Method to check the match values for AppName
foreach ($key in $subkeys) {
$thisKey = $Path + "\\" + $key
$thisSubKey = $reg.OpenSubKey($thisKey)
if ($($thisSubKey.GetValue("DisplayName")) -eq $AppName) {
write-host $($thisSubKey.GetValue("DisplayVersion"))
return [System.Version]$($thisSubKey.GetValue("DisplayVersion"))
break
}
else {
continue
}
}
}
8 changes: 4 additions & 4 deletions Systems Manager/SSMAgent-Toolkit-Windows/SSMAgent-Toolkit/Private/New-ProxyOutput.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,17 +24,17 @@ function New-ProxyOutput {
)

If (-not (Test-RegistryValue -Path $Path -Value $Value)) {
$Message = "$Value = N/A."
$Note = "There is no $Value configured."
$Message = "$Value = N/A"
$Note = "There is no $Value configured"
Write-Log -Message "There is no http_proxy configured for $SettingName."
return $false, $Message, $note
}
else {
$Output = (Get-Item -Path $Path).GetValue($Value)
$Note = "$Value = $output."
$Note = "$Value = $output"
$Message = $note
Write-Log -Message "For $SettingName. $Value = $Output." -LogLevel "WARN"
return $true, $Message, $note
return $true, $Message, $Note
}

}
3 changes: 1 addition & 2 deletions Systems Manager/SSMAgent-Toolkit-Windows/SSMAgent-Toolkit/Private/Test-RegistryValue.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,5 +35,4 @@ function Test-RegistryValue {
Write-Log -Message $($PSitem) -LogLevel "ERROR"
return $false
}

}
}
5 changes: 3 additions & 2 deletions Systems Manager/SSMAgent-Toolkit-Windows/SSMAgent-Toolkit/Public/Get-IEProxySettings.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
.Example
Get-IEProxySettings
.INPUTS
Key = The path for the Internet Explorer proxy in the registry. Default value: "Registry::HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings".
Skip = Switch to skip this function if the agent is not installed.
.OUTPUTS
New-PSObjectResponse -Check "$check" -Status "$value" -Note "$note"
Expand All @@ -28,13 +29,13 @@ Function Get-IEProxySettings {
if (-not ($Skip)) {
If (((Get-Item -Path $Key).GetValue("ProxyEnable") -eq 0) -Or (-not (Test-RegistryValue -Path $Key -Value 'ProxyEnable'))) {
$value = "N/A"
$note = "There is no ProxyServer configured. Note: If the instance behind a proxy and PowerShell via run command has a command which needs access to the internet would fail if there are no Internet Explorer proxy settings."
$note = "There is no ProxyServer configured"
Write-Log -Message "There is noProxyServer configured for $check."
Write-Log -Message "Note: If the instance behind a proxy and PowerShell via run command has a command which needs access to the internet would fail if there are no Internet Explorer proxy settings"
}
else {
$value = "ProxyServer = " + (Get-Item -Path $Key).GetValue("ProxyServer") + ". ProxyOverride list = " + (Get-Item -Path $Key).GetValue("ProxyOverride")
$note = "Current IE proxy settings for LocalSystem account is " + (Get-Item -Path $Key).GetValue("ProxyServer") + " ProxyServer, and " + (Get-Item -Path $Key).GetValue("ProxyOverride") + " as ProxyOverride list. PowerShell would use these settings."
$note = "Current IE proxy settings for LocalSystem account is " + (Get-Item -Path $Key).GetValue("ProxyServer") + " ProxyServer, and " + (Get-Item -Path $Key).GetValue("ProxyOverride") + " as ProxyOverride list. PowerShell would use these settings"
Write-Log -Message $note -LogLevel "WARN"
}
}
Expand Down
2 changes: 1 addition & 1 deletion Systems Manager/SSMAgent-Toolkit-Windows/SSMAgent-Toolkit/Public/Get-InstanceID.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
.Example
Get-InstanceID -Token $token
.INPUTS
$Token = String.
$Token = String.
.OUTPUTS
Return the instance id.
#>
Expand Down
Loading

0 comments on commit b701bf2

Please sign in to comment.