I am trying to set up a AWS SSM patch policy to run a SCAN on the 1st day of every month. The time is irrelevant, but for the sake of this expression I am using 8:00am UTC.
I am new to setting up Patch Policies in AWS so please bear with me if I am doing something ignorant. While two very similar questions about this have been asked, there have been no aswers or updates to them. Patch Policies in SSM do not accept expressions with seconds, so I am using cron(0 8 1 * ? *) which it will accept. This is also the exact same expression that is given when clicking on the link given by Amazon on cron expressions that I have screen shot and hi-lighted AWS Reference Screenshot. When the policy is updated, it tries to run and then fails with the following error:
“Deployment has failed
ResourceLogicalId:SystemAssociationForScanningPatches, ResourceType:AWS::SSM::Association, ResourceStatusReason:Resource handler returned message: “Invalid request provided: Schedule expression cron(0 8 1 * ? *) is currently not accepted. Supported expressions are every half, 1, 2, 4, 8 or 12 hour(s), every specified day and time of the week, or a specific day in a specific week of the month Supported examples are: cron(0 0/30 * 1/1 * ? *), cron(0 0 0/4 1/1 * ? *), cron(0 0 10 ? * SUN *), cron(0 0 10 ? * * *), cron(0 0 ? * TUE#2 *) (Service: Ssm, Status Code: 400, Request ID: 21fe6697-b83a-442a-a067-90894c92136a)” (RequestToken: 7cf7dce9-941c-3db5-57c9-e1c6663b2f6a, HandlerErrorCode: InvalidRequest).”
Now this error shows that the accepted cron expressions all using the seconds field, which if I do, it tells me “Cron expression is invalid” and I can’t even submit it that way. Is this a bug in AWS where the examples are wrong, or that for some reason it is not accepting valid expressions (I know seconds are not required though)? Or am I doing something wrong and there is currently no way to have it run a SCAN on the 1st day of every month and I will have to have it run on something like the 1st Monday of every month (though I would prefer not to do this)? The only thing that makes me feel that it can’t be done, is the line that says “or a specific day in a specific week of the month”, meaning 1st Monday or something similar. I greatly appreciate any and all help.