Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Missing PSWSman module in the custom runtime #22

Open
alagappan-al opened this issue Jul 26, 2023 · 9 comments · May be fixed by #32
Open

Missing PSWSman module in the custom runtime #22

alagappan-al opened this issue Jul 26, 2023 · 9 comments · May be fixed by #32

Comments

@alagappan-al
Copy link

I tied using the sample code and modified it to run some commands in the remote computer using invoke-web request. Test Inoke throws the following error
{
"errorType": "PSRemotingTransportException",
"errorMessage": "This parameter set requires WSMan, and no supported WSMan client library was found. WSMan is either not installed or unavailable for this system."
}

I tried a workaround following this post https://blueleader07.medium.com/lambda-powershell-layer-15c0ec6f6d4a to replace the PSWSMan library libmi.so. I still get the same error. Does the custom runtime have all commands available like the regular Powershell version?

@julianwood @austoonz

Thanks for looking into the issue.

@austoonz
Copy link
Contributor

To confirm, you say you were trying to use Invoke-WebRequest, did you mean Invoke-Command?

Are you able to post a sample of your code so we can see and aim to reproduce what you were trying to do?

@alagappan-al
Copy link
Author

alagappan-al commented Jul 27, 2023 via email

@alagappan-al
Copy link
Author

@austoonz, did you get a chance to look at the sample code?

@alagappan-al
Copy link
Author

@hyandell @Julian @austoonz Hi Austoon, Any updates on this issue?

@austoonz
Copy link
Contributor

I haven't had time to deep dive into this recently, however the previous guidance I've given is to focus on using Systems Manager Run Command (ie ssm:SendCommand) rather than trying to use Invoke-Command.

In previous testing (a few years back), no matter what I tried I was unable to make this work as I'd expect it to, or want it do.

@julianwood
Copy link
Contributor

@austoonz is correct to use Systems Manager Run Command (ie ssm:SendCommand) rather than trying to use Invoke-Command.
However, if you want to test and try get Invoke-Command working, use an Amazon Linux 2 instance, or WSL. This doesn't seem a Lambda specific problem, but rather how Invoke-Command works on Linux.

@briantist
Copy link

briantist commented Feb 27, 2024

SSM is not sufficient for everything because it does not provide a way to have fine-grained control in the OS in a way that allows for delegation of permission. You can set the SSM agent to run as a specific user in the OS, but it does not offer the level of control that you could get with JEA, which is my use case.

FWIW I have gotten PowerShell remoting and JEA working from Lambda to Windows, using this runtime as a base.

It requires more than just PSWSMan (though it requires that too), so it was a bit of work to get going, and it does balloon the image size by quite a bit. it turns out just that module is enough, for Kerberos. I was trying to get NTLM working, with gss-ntlmssp (which is the thing that balloons the image size) but not quite there. More details in the PR.

Since it requires system components, I am using it as a container-based Lambda only; I'm not sure if it's feasible to do it with layers and ZIP-based.

@austoonz
Copy link
Contributor

@briantist very cool!
Would be happy to include an example, or some flags to help deploy a function that supports PS remoting if you're able to share the details.

@austoonz austoonz reopened this Feb 28, 2024
@briantist briantist linked a pull request Mar 3, 2024 that will close this issue
1 task
@briantist
Copy link

@austoonz sure, I've put up a PR with more information :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
4 participants