Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update SSM Agent version to 3.2.1630.0 for ECS exec #3952

Merged
merged 1 commit into from
Oct 9, 2023
Merged

Update SSM Agent version to 3.2.1630.0 for ECS exec #3952

merged 1 commit into from
Oct 9, 2023

Conversation

chienhanlin
Copy link
Contributor

@chienhanlin chienhanlin commented Oct 6, 2023
edited
Loading

Summary

Upgrade Amazon SSM Agent version to 3.2.1630.0, which is the latest stable version, to address security issues. Find CVE listed below, and a similar PR in amazon-ecs-ami as reference .

  1. [Important] https://alas.aws.amazon.com/ALAS-2023-1825.html
  2. [Important] https://alas.aws.amazon.com/AL2/ALAS-2023-2238.html
  3. [Important] https://alas.aws.amazon.com/AL2023/ALAS-2023-373.html
  4. [Important] https://alas.aws.amazon.com/AL2023/ALAS-2023-339.html

Implementation details

Update SSM Agent binary version to 3.2.1630.0 in scripts/ecs-anywhere-install.sh

Testing

  1. Use updated ecs-anywhere-install.sh and run e2e functional tests on following ECS Anywhere supported platforms,
  • al2generic-amd64, al2generic-arm64
  • centos7-amd64, centos7-arm64, centos7-gpu
  • centos8-amd64, centos8-arm64
  • debian10-gpu, debian10-amd64, debian10-arm64
  • sles15-amd64
  • untu18-gpu, ubuntu18-amd64, ubuntu18-arm64
  • ubuntu20-gpu, ubuntu20-amd64, ubuntu20-arm64
  1. Confirmed the version of SSM Agent version (for the ECS exec feature) and feature tests passed.
$ ssm_command_id=$(aws ssm send-command \
--region us-west-2 \
--instance-ids mi-xxx \
--document-name "AWS-RunShellScript" \
--comment "ls binary path" \
--parameters '{"executionTimeout":["30"],"commands":["sudo ls /var/lib/ecs/deps/execute-command/bin/"]}' \
--output text \
--query "Command.CommandId")

$ aws ssm get-command-invocation \
--region us-west-2 \
--command-id $ssm_command_id \
--instance-id mi-xxx
{
    "Comment": "ls binary path", 
    "ExecutionElapsedTime": "PT0.051S", 
    "ExecutionEndDateTime": "2023-10-06T22:55:16.381Z", 
    "StandardErrorContent": "", 
    "CloudWatchOutputConfig": {
        "CloudWatchLogGroupName": "", 
        "CloudWatchOutputEnabled": false
    }, 
    "InstanceId": "mi-xxx", 
    "StandardErrorUrl": "", 
    "DocumentName": "AWS-RunShellScript", 
    "DocumentVersion": "$DEFAULT", 
    "Status": "Success", 
    "StatusDetails": "Success", 
    "PluginName": "aws:runShellScript", 
    "StandardOutputContent": "3.2.1630.0\n", 
    "ResponseCode": 0, 
    "ExecutionStartDateTime": "2023-10-06T22:55:16.381Z", 
    "CommandId": "xxx", 
    "StandardOutputUrl": ""
}

New tests cover the changes: no

Description for the changelog

[Enhancement] Update SSM Agent version to 3.2.1630.0 for ECS exec.

Does this PR include breaking model changes? If so, Have you added transformation functions?
No breaking change is introduced by this PR.

Licensing

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@chienhanlin chienhanlin changed the title Update SSM Agent version to 3.2.1630.0 for ECS exec [WIP] Update SSM Agent version to 3.2.1630.0 for ECS exec Oct 6, 2023
@chienhanlin chienhanlin marked this pull request as ready for review October 7, 2023 00:39
@chienhanlin chienhanlin requested a review from a team as a code owner October 7, 2023 00:39
@chienhanlin chienhanlin changed the title [WIP] Update SSM Agent version to 3.2.1630.0 for ECS exec Update SSM Agent version to 3.2.1630.0 for ECS exec Oct 7, 2023
@chienhanlin chienhanlin merged commit aeb3ea0 into aws:dev Oct 9, 2023
38 checks passed
@chienhanlin chienhanlin deleted the SSMAgentUpgrade branch October 9, 2023 17:26
@frehov frehov mentioned this pull request Feb 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prateekchaudhry prateekchaudhry prateekchaudhry approved these changes

@mythri-garaga mythri-garaga mythri-garaga approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@chienhanlin @prateekchaudhry @mythri-garaga @amazon-ecs-bot