SSM Command AWS-RunPatchBaseline fails on MacOS version 14.3

[tysonstewart]

We're running a Mac instance in EC2 based on amazon/amzn-ec2-macos-14.3-20240208-211058. It is running the SSM Agent version 3.3.859.0. Whenever I try to scan for patches (which runs the AWS-RunPatchBaseline command), it fails. The first warning is:

root [WARNING]: error reading default profile creds from ssm identity config: '[Errno 2] No such file or directory: '/var/lib/amazon/ssm/runtimeconfig/identity_config.json''

Looking around on the instance, it seems that this file's location has changed to /opt/aws/ssm/runtimeconfig.

Following that, an actual error appears:

root [ERROR]: An error occurred (UnsupportedOperatingSystem) when calling the GetDeployablePatchSnapshotForInstance operation: 
...
botocore.errorfactory.UnsupportedOperatingSystem: An error occurred (UnsupportedOperatingSystem) when calling the GetDeployablePatchSnapshotForInstance operation: 
...
raise PatchManagerError("Unsupported Operating System", ExitCodes.SNAPSHOT_UNSUPPORTED_OS, e)

The instance is using IMDSv2 and we have enabled Default Host Management Configuration, so it should not be a permissions issue. Further, there is no permissions error in the stack trace. It looks to me like there is a bug in the "baseline operations" script for handling MacOS.

I'm not certain this is the right place to open the issue but I tried posting in re:Post and they directed me here. 🤷

[VishnuKarthikRavindran]

Hi @tysonstewart, Thanks for reaching us. We will forward to the concerned team.