- Fail windows update when installed version does not match
- Reduced length of IMDS errors to shorter format
- Increase the RunCommand timeout during the registration process for the on-prem instances
- Add nil check when calling GetRepository content in aws:downloadContent
- Worker process to exit if they are not successfully started and became idle
- Fix bug where unforeseen failures cause time to be incorrectly displayed in RunCommand
- Update GreenGrass component minor version to 1.3.0
- Ensure agent thread always exit after the corresponding worker process exits
- Fix IPC file filtering bug where usernames or session names containing tmp causes agent worker to not correctly receive IPC
- Load directly from appconfig file when calling UpdateInstanceInformation during credential refresher
- Use a single syscall for route table for health check IP
- Update default session logging destination to none
- Specify a minimum of TLS v1.2 in http client calls
- Add web-socket heartbeat to detect connection drops in the web-socket for control and data channels sooner
- Use exponential retry for document worker, increase retry interval and attempt count when reading IPC files
- Add wait for cloud-init in the agent updater
- Fix timeouts for update without yum endpoint connectivity
- Change in orchestration directory removal process to reduce disk space usage
- Fix Inventory detailed information invalid value check
- Fix parsing issue with DomainJoin Plugin
- Modify DomainJoin Plugin to use Kerberos REALM in username for RHEL and variants
- Change the SUSE linux zypper commands to quiet mode for the DomainJoin Plugin
- Move high volume info logs to debug level
- Remove deprecated go coverage library (golang.org/x/tools/cmd/cover)
- Add lock on session orchestration cleanup to prevent quadratic file system lookup for large volume session users
- Upgrade GoLang to version 1.22.7
- Updated snapcraft.yml specification
- Add enhancements related to KMS sessions
- Add support for RHEL 8.10 & 9.4
- Allow in-place upgrade for hybrid distributor packages
- Fix idempotency not found error during agent startup
- Fix bug that could cause unexpected behavior during parameter replacement in document
- Gather metrics during agent version validation in Windows agent update
- Make long sleep for onprem same as long sleep for EC2, and cap sleep time at 30 minutes for OnPrem instances
- Migrated snap package builder from core18 to core22
- Parse version from OS release file correctly when contains special chars
- Suppress logs from the go-routine that checks the session manager's orchestration directory
- Update go git dependency to v5.12.0
- Update seelog config to have default time format with Milliseconds
- Update TMP/TEMP env variable during windows installer launch in Updater
- Upgrade GoLang to version 1.21.12
- Agent updater attempts yum install/uninstall before falling back to attempt with rpm
- Updated golang.org/x/net from v0.19.0 to v0.26.0
- Upgrade GoLang to version 1.21.11
- Add IPv6 addresses for NTP and EC2Config to default DenyList
- Update Distributor to only use Systems Manager APIs to fetch package contents
- Update SSM-Setup-CLI logs related to checksum validation of latest version
- Upgrade go-github version from v8 to v61
- Increase timeouts in SSM-Setup-CLI
- Fix darwin build issue in SSM-Setup-CLI
- Fix the command builder bug to handle space char in input value
- Fix an inaccurate log when validating allowDowngrade parameter during Agent update
- Signing SSM Agent vended Windows executables
- Update AWS GO SDK to v1.51.20
- Remove yum as package manager in linux install/uninstall script
- Verify TrustedInstaller status before posting WindowsUpdate information in aws:softwareInventory plugin
- Add alternative outputs for agent package generation scripts
- Add support for Oracle 8.8 & 8.9, Rocky 8.8 & 8.9, AlmaLinux 8.8 & 8.9, and RHEL 8.9 & 9.3
- Fix flaky integration test
- Fix setup-cli Darwin build issue
- Fix setup-cli error code for non English systems
- Set IPR creds expiry to 30 mins for ssm agent worker
- Switch installer package manager from rpm to yum on OSes that support yum
- Upgrade GoLang to version 1.21.8
- Add integration tests for control channel and data channel module
- Remove data channel and control channel acknowledgement functionality in MGS Interactor
- Fix issue to execute aws:updateSSMAgent plugin through aws:rundocument plugin
- Update Messaging module to switch off ec2messages when ssmmessages connected successfully
- Update SSM Agent Minor version from 3.2 to 3.3
- Upgrade minimum go version in go.mod file to go 1.19
- Upgrade go-git package to v5.11.0
- Fix for bad default manifest url when updating EC2Config
- Fixed plugin path traversal logic
- Updated aws:application plugin default param
- Fixed default param in psmodule
- Upgraded GoLang to version 1.21.5
- Added Agent config to configure session logs destination
- Added data channel acknowledgement functionalities
- Added redirect handler and timeout for HTTP client
- Added steps to verify aws-cli installation for domainJoin plugin
- Added support for Ubuntu 23.04, Debian 11.7 & 12, and SUSE 15.5
- Adjusted random number generator logic used to get filename in downloadContent plugin
- Fixed Agent to gather application inventory from both rpm and dpkg package managers if present in Unix instances
- Bump golang.org/x/crypto/ssh from 0.14.0 to 0.17.0
- Added telemetry for agent core in-proc executor usage
- Added retries for Agent installation with snap on Greengrass
- Added code to update Agent config to use only Onprem Identity in Greengrass
- Added support for macOS 14 (Sonoma)
- Added Onprem registration support using ssm-setup-cli
- Fixed docker installation issues in aws:configureDocker plugin
- Fix for document worker and session worker not logging when custom seelog configuration missing parameters
- Updated allowed regex pattern in S3 URI
- Update Agent IoT Greengrass component minor version
- Updated SUSE version in Seamless Domain Join script
- Updated Greengrass component workflow to get installed Agent version and update Agent only when the installed Agent version doesn't match with Greengrass component Agent version
- Upgraded GoLang version that builds agent binaries with to 1.20.11
- Bump golang.org/x/net from 0.15.0 to 0.17.0
- Upgraded GoLang to version 1.20.10
- Fixing race condition in session datachannel unit test
- Updated MGS Interactor to send 'Failed' status on agentJob parsing error
- Added error handling for Linux DomainJoin when service account credentials empty
- Fix for panic scenario in when running aws:configureDocker plugin
- Upgraded GoLang to version 1.20.8
- Upgraded golang.org/x/net to v0.15.0
- Added support for macOS 13 (Ventura)
- Fix credential retrieval retry logic in credential refresher
- Reducing retrieval log level to debug in the credential refresher after more than 3 retrieval retries
- Fix for EC2 credential retrieval errors not being propagated to the credential refresher
- Fixing agent version input format validation
- Fix downloadPlatformOverride for AlmaLinux
- Fixed issue where removing seelog.xml file doesn't revert minimum log level back to INFO
- Ignore non-audit files in audit folder
- Add aws:updateSSMAgent plugin support for Flatcar Linux
- Add fix to resolve manifest url during agent update when using stable keyword
- Fix multiple issues causing tight loops during IPC connection scenarios
- Sign deb and rpm installer packages for Linux instances using new key
- Use file based IPC by default for amazon-ssm-agent and ssm-agent-worker communication in Darwin
- Added fix to propagate exit code properly when command fails to start
- Added control channel acknowledgement functionalities
- Added flag to specify go version used for gosec and govulncheck in static analysis script
- Added support for RHEL 8.7, 8.8, 9.1, 9.2
- Added support for Rocky Linux 8.7, 9.0, 9.1, 9.2
- Added support for Oracle Linux 8.7, 9.1, 9.2
- Update go version to 1.20.7
- Stopped saving instance profile credentials to disk
- Added static agent security scans to makefile
- Updated Greengrass component minor version
- Added retries to snap uninstall call in setupcli
- Fix for windows shutdown executable not found when compiled with golang1.19+
- Fix to return correct Agent Job ID for ack after AgentJobParseError
- Pass golang contexts for network calls in agent core to terminate cleanly
- Remove credential file dependency in agent workers implemented in 3.2.x.x versions
- Report MGS Connection Channel status to Health table
- Update Dockerfile to use Golang image from ECR repository
- Get bucket region using signed HeadBucket request
- Updated golang.org/x/net version to 0.10.0 and golang.org/x/crypto version to 0.9.0
- Add retry to handle stream data acknowledge messages
- Support latest as a version in configurePackage plugin
- Updated AWS GO SDK to v1.44.261 and disabled IMDSv1 fallback logic
- Use IP address to connect to destination server in port session
- Add Domain Join support for RHEL 8.7 and AL2022
- Add Support to send aws:updateSSMAgent replies through MGS
- Retrieve and set interface name dynamically in aws:domainJoin plugin for Ubuntu
- Update Dockerfile Go version to 1.19
- Add reporting of MGS connection status
- Add support for updating to agent version marked stable
- Add status code to MGS ack and send on message process failure
- Update golangci-lint configuration
- Add e2e tag to session shell tests
- Add EC2 credential fallback for AssumeRoleUnauthorizedAccess error
- Add CloudWatch log upload support for document and session worker
- Add set-hostname support in domainjoin plugin for windows
- Add wait time in Agent updater to avoid installation issues caused during reboots initiated by domainjoin plugin
- Add support for AlmaLinux
- Fix KeepHostName parameter without DNS IP address parameter in domainJoin plugin
- Fix issue where carriage returns cause json conversion to fail in aws:softwareInventory plugin
- Remove IMDS calls in Onprem during health check
- Remove S3 global endpoint fallback logic
- Update cli descriptions for registration parameters
- Update go version to 1.19.6
- Modified EC2 credential fallback logic
- Fixed go-vet issues by passing mocks by value
- Updated domainjoin and cloudwatch executables for windows
- Removed explicit setting of EC2 aws credential profile
- Added public key to registration info
- Sends non-interactive command errors that occur before command execution to data channel
- Added instance id verification to registration process
- Added minimum retry sleep for Registrar RegisterManagedInstance calls
- Explicitly skip AZ info check for on-prem and ECS targets
- Fix for SSM-Agent that is unable to start on Apple Mac M1's (mac2.metal instances)
- Ensuring powershell path is set to system directory on Windows
- Load DLLs with using system/absolute paths on Windows
- Added workaround for Samba limit when loading Active Directory ids
- Dynamically get network interface name for SeamlessDomainJoin
- Added install-yum-rpm to makefile to install agent on host from source code
- Added logging for specifying credential source
- Refactored tests to remove mocks from production binaries
- Updated Windows DomainJoin plugin SharpZipLib and Newtonsoft.json dependencies
- Updated yaml.v3 dependency
- Separated EC2 identity vault manifest from OnPrem identity vault manifest
- Fix for credential retrieval blocking os termination signals
- Fix for agent updater using shared credentials on EC2
- Added guards against panic for agent identity health checks
- Added logging around agent module start/stop
- Added logging when assuming identity
- Increased retries to ECS metadata endpoint
- Added linux debug build to makefile
- Implemented aws sdk logging interface
- Updated agent minor version to 3.2
- Added functionality to retrieve agent credentials from Systems Manager on EC2
- Update shell for Session Manager on MacOS
- Lower message length threshold for cloudwatch log streaming
- Ran gofmt and goimports with golang version 1.19
- Report AvailabilityZone and AvailabilityZoneId in health pings
- Update AWS Go SDK to v1.44.78
- Fix samba configuration for sub-domains
- Add code in document/session worker to fallback to default identity selector when runtime config not present
- Fix to handle command-line-arguments in document/session worker when launched by old agent workers
- Fallback to file based IPC if named pipe creation times out
- Increase tls handshake timeout in http download client
- Log mds client timeout errors as WARN
- Added separate metric for snapd running apps failure during update
- Fixed idle session timeout with smux keep alive configuration based on CLI version
- Updated AgentTaskComplete message retry
- Updated go version to 1.18.3
- Collect kernel version in InstanceDetailedInformation
- Support separate output stream for non-interactive session
- Cleanup default log group name for runcommands
- Updated rpm spec file to include build id
- Fix port session premature close when local server is not connected before timeout
- Add created date to AgentJobAck message
- Disable smux keep alive to use idle session timeout feature
- Fix unit-tests running on windows
- Added timeout for s3 HEAD requests
- Added vpc address deny to port forwarding
- Fixed for reboot scenario in configure package plugin
- Fixed goroutine leak in seelog library
- Fixed nullpointer segmentation fault in configure package plugin
- Improved error handling in manifest download in updater
- Improved worker initialization to improve startup failure logging
- Added missing check for invalid S3 path parameter
- Added support for domain join using a non-local username
- Fixed broken links in README.md
- Fixed ECS Exec issue where agent was using environment variables for credentials
- Updated Ec2Detector test to query smbios directly for system information
- Updated ec2detector module to use Get-CmiInstance instead of wmic.exe
- Fixed file creation mode of ssm-agent-users sudoer file
- Added new ec2detector module to determine if agent is on EC2
- Added support for port forwarding to remote host
- Added quotes around inventory parameter ValueName on Windows
- Fix for domain join DNS IP assignments in shared directories
- Replaced namedpipe updater test with ec2detector test
- Add application inventory by file for Bottlerocket
- Fix infinite retry logic to send failed replies in MGSInteractor
- Remove usage of io/fs package
- (windows only) Remove symlink scan during update
- Fixed sourceHash validation for aws:application document plugin
- Added document parameter validation for values passed to target document of aws:runDocument plugin
- (windows only) Fix process leak when legacy cloudwatch plugin is enabled
- (windows only) Fail installation if C:\ProgramData\Amazon\SSM\ has symlinks
- Added platform detection for Bottlerocket OS
- Consolidated regional endpoint generation to common endpoint module
- Added support for Rocky linux
- Fixed sharefile/shareprofile not being propagated to updateutil
- Fixed incorrect darwin platform detection post BigSur
- Fixed log flush issue in updater
- Updated .NET dependencies for domainjoin and cloudwatch (windows only)
- Updated go version to 1.17.6
- Implement new core module named MessageService to start processing commands from both MGS and MDS
- Merge functionalities from RunCommandService core module and Session core module.
- Receive run command documents through MGS if connected and fallback to MDS otherwise. This functionality requires appropriate permissions for both endpoints and will be rolled out gradually to end users.
- Provide filesystem based idempotency check to avoid duplicate run command document execution.
- Increase default run command pool buffer size from 1 to 5 to load additional documents before-hand for processing.
- Fix nil pointer deference panic produced in named pipe test case during agent update
- Remove StopType concept in ssm-agent-worker and add different waits for reboot and shutdown stop
- Add support for upstart when running get-diagnostic command using ssm-cli
- Fix systemctl service name to support older versions of systemctl
- Include changes to facilitate testing
- Update DNS server selection logic for seamless domain join on linux and darwin
- Update go version to go1.17.5
- Update golang sys package dependency
- Derive default directories from appconfig on Darwin
- Set x-bit on newly-created directories
- Fix for ssm-setup-cli to be able to select service manager without the agent being installed
- Added greengrass component recipe for the new SystemsManagerAgent component
- Added support for registering agent on a greengrass device
- Added support for downloading more than 1000 objects in downloadContent
- Fixed retry logic for onprem and s3 upload
- Fixed unit tests when running on Mac
- Update AWS SDK to v1.41.4
- Update logic to retrieve platform details for Rocky Linux
- Add diagnostics command to ssm-cli
- Fix caching for onprem credentials
- Additional configuration options for Seamless Domain Join
- Gracefully exit session if group of runas user is modified
- Skip retries for cert validation errors in S3 HEAD requests
- Fix DNS failures on CentOS 8.2
- Update several dependencies
- Fixed a bug with powershell command for Inventory
- Fixed cpu spike issue manifesting on snap
- Fixed issue with version comparison in EC2Config update plugin
- Fixed panic when command output was being truncated
- Updated build to use go1.16.8
- Removed Profile from inventory powershell commands on Windows
- Fix to eliminate WaitGroup reuse panic triggered during agent reboot
- Fix to include applications without UninstallString in Inventory for Windows
- Fixed a bug where multi-plugin documents with large outputs would timeout RunCommand
- Fixed a bug where RunCommand could delay executions for up to 15 minutes
- Add serial port logging of AwsNitroEnclaves package version on windows during startup
- Allow usage of existing loggroup/logstream when the user does not have create permission
- Change service interrogate request log to debug
- Cleanup old surveyor channel files on startup
- Fix filehandle leak in windows leading to agent going offline
- Fix to schedule correct next run time during orchestration directories cleanup
- Fix to sequentially update correct runcount value in the document bookkeeping file
- Fix a bug with version parsing EC2Config updater
- Updated rpm packaging for fips compliance
- Added darwin arm64 to makefile
- Added logic to limit orchestration directory cleanup
- Added packaging for public SSM Agent container image
- Fixed cloudwatch endpoint for telemetry metrics requests
- Fixed handling of Windows filepaths and mutex locks
- Fixed agent worker handling of OS signals and termination channel requests
- Updated datachannel retry strategy to not retry for a specific error scenario
- Updated default gomaxproc value for Windows
- Update build to use go1.16.6
- Added a workaround for windows random halts
- Fixed race condition during reboot document execution
- Updated to version 3.1
- Updated build to build statically linked binaries for linux 64bit
- Minimum supported linux kernel version for linux 64bit is 3.2+
- Fixed permissions for docker config file
- Fixed issue with ubuntu prerm and postinst scripts
- Fixed issue where processor stop was being called twice
- Added config option to delete orchestration folder
- Added snapcraft packaging config
- Added workaround for aws:runDocument status bug
- Added improved handling of file closure
- Added support for go mod and updated build to use go 1.16.4
- Fixed bug parsing vpce s3 urls
- Refactored use of agent identity in agent cli
- Updated check if agent is running as windows service
- Updated handling of session cancellation to still send output to client side
- Updated interactive session exit code logic to match non-interactive mode
- Updated vendor dependencies
- Added configurable custom identity and identity consumption order
- Added cross-account domain join
- Added cleanup for older versions of updater artifacts
- Added a workaround for MacOS kernel bug that sometimes kept RunCommand from launching
- Added a workaround for log file contention on Windows
- Added synchronization to RunCommand service stop
- Changed hibernation log level
- MacOS executables are now signed
- Removed delay in non-interactive session type
- Fixed issue where registration file is not removed when registration is cleared
- Removed unnecessary CloudWatch Log api calls
- Added support for IMDSv2 in Windows AD domain join plugin
- Added support for digest authorization in downloadContent plugin
- Added missing defer close for windows service in updater
- Added support to disable onprem hardware similarity check
- Fixed windows random halts issue
- Refactored windows startup
- Refactored task pool to dynamically dispatch goroutines
- Added a check for broken symlink after update
- Added support for NonInteractiveCommands session type on Linux and Windows platforms
- Added lint-all flag to makefile
- Changed Inventory plugin billinginfo to use IMDSv2
- Fixed indefinite retries for ResourceError during CWLogging
- Fixed go vet call in checkstyle.sh
- Fixed inter process communication log line
- Fixed a bug where CloudWatch logs were not being uploaded
- Fixed timer and goroutine leaks
- Fixed an issue where document workers on Windows were not exiting
- Added test-all flag to the makefile
- Added support for onprem private key auto rotation
- Added config to remove plugin output files after upload to s3
- Added update precondition for upcoming 3.1 release
- Fixed cloudwatch windows where TLS 1.0 is disabled
- Fixed document cloudwatch upload when CreateLogStream permissions were missing left instances stuck in terminating
- Fixed domain join windows EC2 instances where TLS 1.0 is disabled
- Fixed domain join script for .local domain names
- Fixed domain join script to exit when domain is already joined
- Fixed panic issue in windows startup script when executing powershell command
- Fixed session manager issue on MacOS for root and home path
- Removed IMDS call in domain join script
- Refactored update plugin and updater interaction
- Added jitter to first control channel call
- Added dedicated folder for plugins
- Added option to overwrite corrupt shared credentials
- Added $HOME env variable for root user when runAsElevated is true in session
- Added CREAD flag in serial port control flags on linux
- Added PlatformName and PlatformVersion as env variables for aws:runShellScript
- Added support for macOS updater
- Added v2.2 document support in updater
- Added defer recover statements
- Fixed inventory error log when dpkg is not available
- Fixed ssm-cli logging to stdout
- Removed consideration of unimportant error codes in service side
- Updated ec2 credential caching time to ~1 hour
- Updated service query logic for Windows
- Updated golang sys package dependency
- Fix fallback logic for MGS endpoint generation
- Fix regional endpoint generation
- Fix bug in document parameter expansion
- Fix datachannel to wait for empty message buffer before closing
- Fix for hung Session Manager sessions
- Fix for folder permission issue in domain join
- Refactor identity handling
- Update session plugin to pause reading when datachannel not actively sending data
- Update ssm-user creation details in README.md
- Add feature to retain hostname during domain join
- Add delay to pty start failure for session-worker
- Add nil pointer check on shell command for session-worker
- Add shlex to vendor which is used to parse session interactive command input for session-worker
- Change log level for IPC not readable message
- Change v2 agent to use v3 agent executor
- Fix network connectivity issues on RHEL8
- Fix race condition where first message is dropped when session plugin's message handler is not ready
- Fix file channel protocol test cases
- Fix blocking http call when certificates are not available
- Move aws cli installation out of /tmp for domain join plugin
- Update boolean attributes in Session Document to accept both string and bool values
- Upgrade vendor dependencies and build to use go1.15.7
- Added instruction to README.md for getting the latest version of SSM Agent in a specific region
- Fix for PowerShell stream data being executed in reverse order
- Fix to create update lock folder before creating update locks
- Fix to reset ipcTempFile properties at the end of session
- Fix for encrypted s3 bucket upload
- Add agent version flag to retrieve agent version
- Add onFailure/onSuccess/finallyStep support for plugins
- Add SSE header for S3 Upload
- Add SSM Agent support in MacOS
- Extend use of default http transport
- Fix for Agent not aquiring new instance role credentials after EC2 hibernation
- Fix for shell profile powershell commands not being executed in the expected order
- Fix to delete undeleted channel while using reboot document
- Fix to consider status of all plugin steps in document after system restart
- Fix bug capturing rpm install exit code
- Handle sourceInfo json sent from CLI in downloadContent plugin
- Optimize agent startup time by removing additional wait times
- Refactor makefile
- Replace master branch with mainline branch
- Upgrade aws-sdk-go to latest version(v1.35.23)
- Use DefaultTransport as underlying RoundTripper for S3 access
- Add additional checks and logs to install scripts
- Add retry logic to handle ssm document during reboot
- Add dockerfile to build agent
- Add script to package binaries to tar
- Change default download directory on Linux to /var/lib/amazon/ssm
- Extend SSM Agent ability to execute from relative path and use custom certificates
- Fix IP address parsing in domain join plugin
- Fix self update logging
- Log fingerprint similarity check failures as ERROR and each changed machine property as WARN
- Prefix ecs target id with 'ecs:'
- Prefer non-link-local addresses to show in Console
- Use IMDSv1 after IMDSv2
- Fail update document if updater fails to execute
- Fallback to file-based IPC if named pipes are not available
- Add support for streaming of logs to CloudWatch for Session Manager
- Add support for following cross-region redirects from S3
- Refactor .deb and .rpm packaging scripts
- Fix intermittent test failures
- Search full path for valid sc.exe
- Log PV driver version on Windows instances
- Add -trimpath to build flags
- Added steps to the updater to validate IPC functionality
- Added SSM_COMMAND_ID environment variable to runShellScript plugin
- Improved retry for S3 and http(s) downloads
- Fix to clean up terminated worker processes
- Fix for DomainJoin when using domain-ou
- Added agent and worker version logging
- Added new config parameters to README.md
- Added support for TCP multiplexing in port plugin
- Fix for s3Upload to retry with an exponential backoff when uploading logs
- Fix for startup modules to handle panic
- Fix for systemd configuration to always restart the agent when it exits for any reason
- Add support for document parameters in document plugin’s preconditions
- Add support for new source types in aws:downloadContent plugin: HTTP(S) endpoints and private Git repositories
- Add support for Session Manager configurable shell profile
- Fix parsing of irregular inventory version strings
- Fix error handling for windows wmi service
- Fix to stop BillingInfo call for OnPremise systems
- Fix to correct OS parsing map for openSUSE leap platform in configurePackage plugin
- Fix to treat timed out docs in SuccessAndReboot state as failed
- Fix install scripts to report errors from package manager and enable retries
- First release of SSM Agent v3
- Moved v2 amazon-ssm-agent to new ssm-agent-worker binary
- New amazon-ssm-agent binary:
- Opt-in self update feature to upgrade if agent is running a deprecated version
- Telemetry feature to send important audit events to AWS. Opt-in send to customer CloudWatch
- Monitor and keep the ssm-agent-worker process running
- Upgrade vendor dependencies and build to use go1.13
- Enable aws:domainJoin SSM API for Linux
- Sanitize platform name
- Adjust retry settings for update operations
- Fix Session manager initialization issue
- Fix deserialization issue in configurePackage plugin
- Add code to cleanup interim documents if unable to parse
- Bug fix for executing StartProcess module in a goroutine to avoid blocking the main thread
- Add retry to install/uninstall during update
- Bug fix in updater logging
- Bug fix for object downloads from s3
- Support passing additional arguments to Distributor script execution
- Add retry to s3 downloads during update
- Add support for large inventory items
- Add update lock so only one update can execute at a time
- Bug fix for cross region s3 upload
- Bug fix for github build
- Bug fixes for CloudWatch logs
- Updated packaging dependencies
- Updated README.md to include amazon-ssm-agent.json config definitions
- Bug fix for reporting ConfigurePackage metrics for document archive
- Added backoff for CloudWatch retries
- Cleaned up error codes and handling dependency errors
- Bug fix for logging http response status when dialing of websocket connection fails
- Updated the SSM Agent Snap to core18
- Bug fix for expired in-progress documents being resumed
- Bug fix for update specific files not being deleted after agent update is finished
- Bug fix for cached manifest files not being deleted in the configurepackage plugin
- Stop pty on receiving TerminateSession request
- Add support for Debian arm64 architecture
- Refactoring session log generation logic
- Bug fix for CloudWatch agent version showing twice in Inventory console
- Bug fix for retrieving minor version for CentOS7
- Add snap appData collection for inventory in ubuntu 18
- Add validation for contents of os release files
- Add retry for fingerprint generation
- Various bug fix for SSM Agent
- Bug fix for updating document state file prior agent reboot
- Add support to restart agent after SIGPIPE exit status
- Bug fix for metadata service V2
- Update Golang version 1.12 for travis
- Optimize session manager retry logic
- Add support for Oracle Linux v7.5 and v7.7
- Bug fix for Inventory data provider to support special characters
- Bug fix for SSM MDS service name
- Upgrade AWS SDK
- Add logging for fingerprint generation
- Session manager supports handling of Task metadata
- Add support to update SSM Distributor packages in place
- Terminate port forwarding session on receiving TerminateSession flag
- Bug fix to reload SSM client if region has not been initialize correctly
- Bug fix for retrieval of user groups on Linux
- Bug fix for the delay when registering non-EC2 on-prem instances
- Bug fix for missing ACL when uploading logs to S3 buckets
- Upgrade GoLang version from 1.9 to 1.12
- For port forwarding session, close server connection when client drops it's connection
- Bug fix for missing condition of rules from inventory registry
- Update service domain information fetch logic from EC2 Metadata
- Bug fix for characters dropping from session manager shell output
- Bug fix for session manager freezing caused by non utf8 character
- Switch the request protocol order for getting S3 Header
- Keep port forwarding session open until session is terminated
- Send platform type information in controlChannel input
- Bug fix for runPowershellScript plugin on linux platform
- Add support for document 2.x version to ssm-cli
- Added a new Inventory gatherer AWS:BillingInfo which will gather the billing product ids for LicenseIncluded and Marketplace instance
- Add Port plugin for SSH/SCP
- Add support for Session Manager RunAs functionality on Linux platform
- Add Session Manager InteractiveCommands plugin
- Bug fix for log formatting issue for session manager
- Bug fix for Session Manager when handling line endings on Windows platform
- Bug fix for token validation for aws:downloadContent plugin
- Check if log group exists before uploading Session Manager logs to CloudWatch
- Bug fix for broken S3 urls when using custom documents
- Disable appconfig to load credential from specific profile path, add EC2 credentials as the default fallback
- Remove sudoers file creation logic if ssm-user already exists
- Enable supplementary groups for ssm-user on Linux
- Bug fix for UTF-8 encoded issue caused by locale activation on Ubuntu 16.04 instance
- Refactor ssm-user creation logic
- Bug fix for reporting IP address with wrong network interface
- Update configure package document arn pattern
- Bug fix for on-premises instance registration in CN region
- Add support for further encryption of session data using AWS KMS
- Bug fix for excessive instance-id fetching by document workers
- Bug fix for downloading content failure caused by wrong S3 endpoint
- Bug fix for reboot failure caused by session manager panic
- Bug fix for session manager shell output dropping character
- Bug fix for mgs endpoint configuration consistency
- Updates to UpdateInstanceInformation call, Windows initialization
- Bug fix addressing issues in Distributor package upgrade
- Bug fix to allow installation of Distributor packages that do not have a version name.
- Bug fix for agent crash with message "WaitGroup is reused before previous Wait has returned".
- Add frequent collector to detect changed inventory types and upload it to SSM service between two scheduled collections.
- Change AWS Systems Manager Distributor to reduce calls to GetDocument by calling DescribeDocument.
- Add exit code when ssm-cli execution fails.
- Create ssm-user only after the control channel has been successfully created.
- Enabled AWS Systems Manager Distributor that lets you securely distribute and install software packages.
- Add support for the arm64 architecture on Amazon Linux 2, Ubuntu 16.04/18.04, and RHEL 7.6 to support EC2 A1 instances.
- Bug fix for session manager logging on Windows
- Bug fix for ConfigureCloudWatch plugin
- Bug fix for update SSM agent occasionally failing due to SSM agent service stuck in starting state
- Bug fix for past sessions occasionally stuck in terminating state
- Darwin masquerades as Linux to bypass OS validation on the backend until official support can be added
- Update managed instance role token more frequently
- Bug fix for issue that GatherInventory throw out error when there is no Windows Update in instance
- Add more filters when getting the Windows event logs at startup to improve performance
- Add random jitter before call PutInventory in inventory datauploader
- Bug fix for issues during process termination on instances where IAM policy does not grant ssmmessages permissions.
- Bug fix to prevent defunct processes when creating the local user ssm-user.
- Bug fix for sudoersFile permission to avoid "sudo" command warnings in Session Manager.
- Disable hibernation on Windows platform if Cloudwatch configuration is present.
- Enables the Session Manager capability that lets you manage your Amazon EC2 instance through an interactive one-click browser-based shell or through the AWS CLI.
- Beginning this agent version, SSM Agent will create a local user "ssm-user" and either add it to /etc/sudoers (Linux) or to the Administrators group (Windows) every time the agent starts. The ssm-user is the default OS user when a Session Manager session is started, and the password for this user is reset on every session. You can change the permissions by moving the ssm-user to a less-privileged group or by changing the sudoers file. The ssm-user is not removed from the system when SSM Agent is uninstalled.
- Bug fix for the SSM Agent service remaining in "Starting" state on Windows when unable to authenticate to the Systems Manager service.
NOTE: This build should not be installed for Windows since the SSM Agent service may remain in starting status if unable to authenticate to the Systems Manager service, which is fixed in the latest release.
- Bug fix for missing cloudwatch.exe seen in SSM Agent version 2.2.902.0
NOTE: This build should not be installed for Windows since you might see the error - "Encountered error while starting the plugin: Unable to locate cloudwatch.exe" for Cloudwatch plugin. This bug has been fixed in SSM Agent version 2.2.916.0. Also SSM Agent service may remain in starting status if unable to authenticate to the Systems Manager service, which is fixed in the latest release.
- Initial support for developer builds on macOS
- Retry sending Run Command execution results for up to 2 hours
- More detailed error messages are returned for inventory plugin failures during State Manager association executions
- Bug fix to clean the orchestration directory
- Streaming AWS Systems Manager Run Command output to CloudWatch Logs
- Reducing number of retries for serial port opening
- Add retry logic to installation verification
- Various bug fixes
- Various bug fixes
- Bug fix to retry sending document results if they couldn't reach the service
NOTE: Downgrade to this version using AWS-UpdateSSMAgent is not permitted for agent installed using snap
- Added support for Ubuntu Snap packaging
- Bug fix so that aws:downloadContent does not change permissions of directories
- Bug fix to Cloudwatch plugin where StartType has duplicated Enabled value
- Added support for agent hibernation so that Agent backs off or enters hibernation mode if it does not have access to the service
- Various bug fixes
- Fix S3Download to download from cross regions.
- Various bug fixes
- Bug fix to change sourceHashType to be default sha256 on psmodule.
- Various bug fixes
- Bug fix to address an issue that can prevent the agent from processing associations after a restart
- Various bug fixes.
- Fix bug on windows agent (v2.2.103, v2.2.120.0) running into hung state with high volume of associations/runcommands
- Execute "pwsh" on linux when using runPowershellScript plugin
NOTE: There is a known issue in this build that can cause Windows instances to stop processing commands and associations. The issue is resolved in build versions>2.2.136.0
- Various bug fixes.
NOTE: There is a known issue in this build that can cause Windows instances to stop processing commands and associations. The issue is resolved in build versions>2.2.136.0
- Various bug fixes.
NOTE: There is a known issue in this build that can cause Windows instances to stop processing commands and associations. The issue is resolved in build versions>2.2.136.0
- Various bug fixes.
- Update to latest AWS SDK.
- Various bug fixes.
- Bug fix for proxy environment variables in Windows.
- Various bug fixes.
- Switching to use Birdwatcher distribution service for AWS packages.
- Various bug fixes.
- Adding versioning support for Parameter Store.
- Added additional gatherers for inventory, including windows service gatherer, windows registry gatherer, file metadata gatherer, windows role gatherer.
- Added support for aws:downloadContent plugin to download content from GitHub, S3 and documents from SSM documents.
- Added support for aws:runDocument plugin to execute SSM documents.
- Improved speed of initial association application on boot
- Various aws:configurePackage service integration changes
- Improved home directory detection in non-x64 linux platforms to address cases where shared AWS SDK credentials were not available in on-prem instances
- Added exponential backoff in bucket region check for s3 upload
- Fixed an issue with orchestration directory cleanup for RunCommand
- Important Reminder: In an upcoming release, the RPM installer won't start the service by default after initial RPM installation. All customers should update any automation for RPM-based installs to start the agent after install if desired.
- Increment major/minor version to 2.2
- Bug fix on update to v2.1.10.0
- Advance Notice: In an upcoming release, to align with the guidelines for RPM-based distros, the RPM installer won't start the service by default after initial RPM installation. It will start automatically after RPM update only if the service was running previously. The behavior of the Debian and MSI installer is unchanged.
- Including SSM-CLI in Debian 386 packages
- Bug fix for multi-step document output
- Various bug fixes
- Support for command execution out-of-process
- Various bug fixes
- Added Raspbian support for armv6 to support Raspberry Pi
- Various bug fixes
- Updated golang/sys dependency to the latest
- Increased run command document maximum execution timeout to 48 hours
- Various bug fixes
- Added support for uploading agent logs to CloudWatch for SSM Agent diagnostics
- Added additional gatherers for inventory
- Added configuration compliance support for association
- Various bug fixes
- Add capability to configure custom s3 endpoint for the agent
- Various bug fixes
- Various bug fixes
- Added rollback support in aws:configurePackage
- Various bug fixes
- Various bug fixes
- [Bug] This version is not a valid update target from version 2.0.761.0.
- Added support for using the OS proxy settings by default in Windows
- Fixed issue preventing CloudWatch proxy settings from being retained on update
- Various bug fixes
- Added support for SLES (SuSE) (64-bit, v12 and above)
- Various bug fixes
- Linux platform version now based on os-release when available
- Various bug fixes
- Added support for step-level preconditions
- Added support for rate/interval based schedule expressions for associations
- Added Summary and PackageID fields to inventory's aws:application gatherer
- Changed inventory's aws:application gatherer to use win32_processor: addressWidth to detect OS architecture to avoid localization based errors
- Fixed CloudWatch issue with large configuration
- Fixed S3 upload when instance and bucket are not in the same region
- Fixed bug that prevented native language AMIs (Japanese AMI) from launching Cloudwatch
- Various bug fixes
- Returning longer StandardOutput and StandardError from RunShellScript and RunPowerShellScript which show up in the results of GetCommandInvocation and the detailed output of ListCommandInvocation
- Added Document v2.0 support for Run Command, which includes support for multiple actions of same plugin type
- Various bug fixes
- Amazon-ssm-agent service automatically started after reboot on systemd platforms
- Added Release notes to be available on linux packages
- Various bug fixes
- Fixed bugs that prevented CloudWatch from launching and allowed multiple instances of CloudWatch to launch on Windows
- Various bug fixes
- Fixed issues with agent starting before network is ready on systemd systems.
- Pass proxy settings to domain join and CloudWatch
- Various bug fixes
- Various bug fixes
- Added support for installing Docker on Linux
- Removed the upper limit for the maximum number of parallel executing documents on the agent (previously the max was 10) You can configure this number by setting the “CommandWorkerLimit” attribute in amazon-ssm-agent.json file
- Added bucket-owner-full-control ACL to S3 outputs to support cross-account upload
- Various bug fixes
- Various bug fixes
- Standardized S3 result paths across plugins; commands append command-id/instance-id/plugin-name/step-id
associations append instance-id/association-id/execution-date/plugin-name/step-id
- step-id is the id field in plugin input if present and supported, otherwise the step name (in 2.0 schema documents), otherwise the plugin-name again
- plugin-name and step-id have : characters removed
- FreeBSD patches from external contributor
- Added support for aws:softwareInventory plugin to upload inventory related log messages to S3
- Fixed CloudWatch crash issue
- Various bug fixes
- Fixed Domain Join to support customized OU
- Added support for running Powershell on Linux
- Fixed CloudWatch doesn't work with creating association from Console
- Various bug fixes
- Various bug fixes
- Fixed SSM Agent not able to start on Windows Server 2003
- Various bug fixes
- Various bug fixes
- Added support for State Manager that automates the process of keeping your Amazon EC2 and hybrid infrastructure in a state that you define You can use State Manager to ensure that your instances are bootstrapped with specific software at startup, configured according to your security policy, joined to a Windows domain, or patched with specific software updates throughout their lifecycle
- Added support for Systems Manager Inventory that allows you to specify the type of metadata to collect, the instances from where the metadata should be collected, and a schedule for metadata collection
- Added support for installing, uninstalling, and updating AWS packages published by AWS
- Added support for installing Docker on Windows and running Docker actions
- Added support for Amazon EC2 Simple Systems Manager (SSM) Config feature to manage the configuration of your instances while they are running. You create an SSM document, which describes configuration tasks (for example, installing software), and then associate the SSM document with one or more running instances
- Added support for Windows Server 2016
- Added support for Windows Server Nano
- Various bug fixes
- Added support for Ubuntu Xenial (16.04 LTS)
- Added support for region cn-north-1
- Added support for allowing Amazon EC2 Run Command to work on any instance or virtual machine outside of AWS, including your own data centers or other clouds You now have a consistent experience to extend your scripts across locations and automate administrative tasks across instances, irrespective of location
- Added addition platform (CentOS, Ubuntu) support
- Added 32bits support
- Initial SSM Agent release