Can I make AWS-UpdateSSMAgent use yum?

Posted on August 23, 2021

Using the AWS-UpdateSSMAgent command in AWS Systems Manager with Red Hat Enterprise Linux 7 can cause yum to show the warning “Warning: RPMDB altered outside of yum.” As noted in some AWS documentation, this message is expected and can safely be ignored. The error occurs because the SSM updater installs the SSM package using rpm directly, bypassing yum.

Although Amazon considers this to be expected behavior, it would be nice if we could eliminate the error and have SSM integrate with yum. This would provide enhanced visibility into SSM’s package management activities, which cannot be logged by yum when rpm is used directly. Unfortunately, this is not currently supported by AWS. They will have to add a RHEL-specific install script and make some changes to the updater so that it will use the correct install script. A lot of the needed infrastructure already exists, so it should be doable to make the needed changes, though Amazon does not support customized agents. Perhaps they will add support for this in the future.