Systems Manager Automation simplifies common maintenance and deployment tasks of EC2 instances and other AWS resources. At times automation execution status failed error triggers due to insufficient permission or incorrect syntax of user data script.

As a part of our AWS Support Services, we help our Customers to fix AWS related errors regularly.

Let us today discuss the possible causes and fixes for this error.

What causes automation execution status failed error?

Systems Manager Automation helps to simplify the common tasks of EC2 instances and other AWS resources.

Automation enables you to build automation workflows, create custom workflows, receive notifications about automation tasks, and monitor automation progress.

On a system manager automation, each step invokes one or more AWS service APIs. There are multiple places where an error can cause a step to fail. Failure messages indicate when and where an error occurred.

Choose the View Outputs link of the failed step to see a failure message in the EC2 console. To see a failure message from the AWS CLI, call get-automation-execution and look for the FailureMessage attribute in a failed StepExecution.

Let us now discuss the different situations when the step associated with the aws:runInstance action fails.

Missing Image

A common scenario when the automation execution fails is when the input for the image id received aws:runInstances action doesn’t exist. A typical error message looks like :

Exception Message from RunInstances API: [The image id ‘[ami id]’ does not exist (Service: AmazonEC2; Status Code: 400; Error Code: InvalidAMIID.NotFound; Request ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)]. Cause:

To resolve this problem, update the automation document or parameter values with the correct AMI ID.

Assume Role Policy Doesn’t Have Sufficient Permissions

Another reason for this error is that the assume role doesn’t have sufficient permission to invoke the RunInstances API on EC2 instances. For instance, the error message looks like:

Exception Message from RunInstances API: [You are not authorized to perform this operation. Encoded authorization failure message: xxxxxxx (Service: AmazonEC2; Status Code: 403; Error Code: UnauthorizedOperation; Request ID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)].

Thus, to resolve this problem, attach an IAM policy to the assume role that has permission to invoke the RunInstances API.

Unexpected State

An error message with the instance has entered an unexpected state that can happen due to two reasons.

This can happen due to problems with the instance or the Amazon EC2 service. It can also happen when the user data script specified for the aws:runInstances action has a problem or incorrect syntax.

The error message looks like:

Instance i-xxxxxxxxx entered unexpected state: shutting-down.

To fix the problem with the instance or Amazon EC2 service, login to the instance or review the instance system log to understand why the instance started shutting down.

For the syntax issue with the user-data script, verify the syntax of the user-data script. Also, verify that the user data scripts doesn’t shut down the instance, or invoke other scripts that shut down the instance.

[Need any further assistance in fixing AWS errors? – We’re available 24*7]

Conclusion

In short, automation execution status failed error triggers due to insufficient permission or incorrect syntax of user data script. Today, we saw how our Support Engineers fix this error.