Namespace Pulumi.Aws.Ssm
Classes
Activation
Registers an on-premises server or virtual machine with Amazon EC2 so that it can be managed using Run Command.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var testRole = new Aws.Iam.Role("testRole", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @" {
""Version"": ""2012-10-17"",
""Statement"": {
""Effect"": ""Allow"",
""Principal"": {""Service"": ""ssm.amazonaws.com""},
""Action"": ""sts:AssumeRole""
}
}
",
});
var testAttach = new Aws.Iam.RolePolicyAttachment("testAttach", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
Role = testRole.Name,
});
var foo = new Aws.Ssm.Activation("foo", new Aws.Ssm.ActivationArgs
{
Description = "Test",
IamRole = testRole.Id,
RegistrationLimit = "5",
});
}
}
ActivationArgs
ActivationState
Association
Associates an SSM Document to an instance or EC2 tag.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ssm.Association("example", new Aws.Ssm.AssociationArgs
{
Targets =
{
new Aws.Ssm.Inputs.AssociationTargetArgs
{
Key = "InstanceIds",
Values =
{
aws_instance.Example.Id,
},
},
},
});
}
}
AssociationArgs
AssociationState
Document
Provides an SSM Document resource
NOTE on updating SSM documents: Only documents with a schema version of 2.0 or greater can update their content once created, see SSM Schema Features. To update a document with an older schema version you must recreate the resource.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var foo = new Aws.Ssm.Document("foo", new Aws.Ssm.DocumentArgs
{
Content = @" {
""schemaVersion"": ""1.2"",
""description"": ""Check ip configuration of a Linux instance."",
""parameters"": {
},
""runtimeConfig"": {
""aws:runShellScript"": {
""properties"": [
{
""id"": ""0.aws:runShellScript"",
""runCommand"": [""ifconfig""]
}
]
}
}
}
",
DocumentType = "Command",
});
}
}
Permissions
The permissions attribute specifies how you want to share the document. If you share a document privately, you must specify the AWS user account IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.
The permissions mapping supports the following:
type- The permission type for the document. The permission type can beShare.account_ids- The AWS user accounts that should have access to the document. The account IDs can either be a group of account IDs orAll.
DocumentArgs
DocumentState
GetDocument
GetDocumentArgs
GetDocumentResult
GetParameter
GetParameterArgs
GetParameterResult
GetPatchBaseline
GetPatchBaselineArgs
GetPatchBaselineResult
MaintenanceWindow
Provides an SSM Maintenance Window resource
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var production = new Aws.Ssm.MaintenanceWindow("production", new Aws.Ssm.MaintenanceWindowArgs
{
Cutoff = 1,
Duration = 3,
Schedule = "cron(0 16 ? * TUE *)",
});
}
}
MaintenanceWindowArgs
MaintenanceWindowState
MaintenanceWindowTarget
Provides an SSM Maintenance Window Target resource
Instance Target Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var window = new Aws.Ssm.MaintenanceWindow("window", new Aws.Ssm.MaintenanceWindowArgs
{
Cutoff = 1,
Duration = 3,
Schedule = "cron(0 16 ? * TUE *)",
});
var target1 = new Aws.Ssm.MaintenanceWindowTarget("target1", new Aws.Ssm.MaintenanceWindowTargetArgs
{
Description = "This is a maintenance window target",
ResourceType = "INSTANCE",
Targets =
{
new Aws.Ssm.Inputs.MaintenanceWindowTargetTargetArgs
{
Key = "tag:Name",
Values =
{
"acceptance_test",
},
},
},
WindowId = window.Id,
});
}
}
Resource Group Target Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var window = new Aws.Ssm.MaintenanceWindow("window", new Aws.Ssm.MaintenanceWindowArgs
{
Cutoff = 1,
Duration = 3,
Schedule = "cron(0 16 ? * TUE *)",
});
var target1 = new Aws.Ssm.MaintenanceWindowTarget("target1", new Aws.Ssm.MaintenanceWindowTargetArgs
{
Description = "This is a maintenance window target",
ResourceType = "RESOURCE_GROUP",
Targets =
{
new Aws.Ssm.Inputs.MaintenanceWindowTargetTargetArgs
{
Key = "resource-groups:ResourceTypeFilters",
Values =
{
"AWS::EC2::INSTANCE",
"AWS::EC2::VPC",
},
},
},
WindowId = window.Id,
});
}
}
MaintenanceWindowTargetArgs
MaintenanceWindowTargetState
MaintenanceWindowTask
Provides an SSM Maintenance Window Task resource
Example Usage
Automation Tasks
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ssm.MaintenanceWindowTask("example", new Aws.Ssm.MaintenanceWindowTaskArgs
{
MaxConcurrency = 2,
MaxErrors = 1,
Priority = 1,
ServiceRoleArn = aws_iam_role.Example.Arn,
Targets =
{
new Aws.Ssm.Inputs.MaintenanceWindowTaskTargetArgs
{
Key = "InstanceIds",
Values =
{
aws_instance.Example.Id,
},
},
},
TaskArn = "AWS-RestartEC2Instance",
TaskInvocationParameters = new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersArgs
{
AutomationParameters = new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersAutomationParametersArgs
{
DocumentVersion = "$$LATEST",
Parameter =
{
{
{ "name", "InstanceId" },
{ "values",
{
aws_instance.Example.Id,
} },
},
},
},
},
TaskType = "AUTOMATION",
WindowId = aws_ssm_maintenance_window.Example.Id,
});
}
}
Run Command Tasks
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ssm.MaintenanceWindowTask("example", new Aws.Ssm.MaintenanceWindowTaskArgs
{
MaxConcurrency = 2,
MaxErrors = 1,
Priority = 1,
ServiceRoleArn = aws_iam_role.Example.Arn,
Targets =
{
new Aws.Ssm.Inputs.MaintenanceWindowTaskTargetArgs
{
Key = "InstanceIds",
Values =
{
aws_instance.Example.Id,
},
},
},
TaskArn = "AWS-RunShellScript",
TaskInvocationParameters = new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersArgs
{
RunCommandParameters = new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersArgs
{
NotificationConfig = new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersRunCommandParametersNotificationConfigArgs
{
NotificationArn = aws_sns_topic.Example.Arn,
NotificationEvents =
{
"All",
},
NotificationType = "Command",
},
OutputS3Bucket = aws_s3_bucket.Example.Bucket,
OutputS3KeyPrefix = "output",
Parameter =
{
{
{ "name", "commands" },
{ "values",
{
"date",
} },
},
},
ServiceRoleArn = aws_iam_role.Example.Arn,
TimeoutSeconds = 600,
},
},
TaskType = "RUN_COMMAND",
WindowId = aws_ssm_maintenance_window.Example.Id,
});
}
}
Step Function Tasks
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Ssm.MaintenanceWindowTask("example", new Aws.Ssm.MaintenanceWindowTaskArgs
{
MaxConcurrency = 2,
MaxErrors = 1,
Priority = 1,
ServiceRoleArn = aws_iam_role.Example.Arn,
Targets =
{
new Aws.Ssm.Inputs.MaintenanceWindowTaskTargetArgs
{
Key = "InstanceIds",
Values =
{
aws_instance.Example.Id,
},
},
},
TaskArn = aws_sfn_activity.Example.Id,
TaskInvocationParameters = new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersArgs
{
StepFunctionsParameters = new Aws.Ssm.Inputs.MaintenanceWindowTaskTaskInvocationParametersStepFunctionsParametersArgs
{
Input = "{\"key1\":\"value1\"}",
Name = "example",
},
},
TaskType = "STEP_FUNCTIONS",
WindowId = aws_ssm_maintenance_window.Example.Id,
});
}
}
MaintenanceWindowTaskArgs
MaintenanceWindowTaskState
Parameter
Provides an SSM Parameter resource.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var foo = new Aws.Ssm.Parameter("foo", new Aws.Ssm.ParameterArgs
{
Type = "String",
Value = "bar",
});
}
}
ParameterArgs
ParameterState
PatchBaseline
Provides an SSM Patch Baseline resource
NOTE on Patch Baselines: The
approved_patchesandapproval_ruleare both marked as optional fields, but the Patch Baseline requires that at least one of them is specified.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var production = new Aws.Ssm.PatchBaseline("production", new Aws.Ssm.PatchBaselineArgs
{
ApprovedPatches =
{
"KB123456",
},
});
}
}
PatchBaselineArgs
PatchBaselineState
PatchGroup
Provides an SSM Patch Group resource
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var production = new Aws.Ssm.PatchBaseline("production", new Aws.Ssm.PatchBaselineArgs
{
ApprovedPatches =
{
"KB123456",
},
});
var patchgroup = new Aws.Ssm.PatchGroup("patchgroup", new Aws.Ssm.PatchGroupArgs
{
BaselineId = production.Id,
PatchGroup = "patch-group-name",
});
}
}
PatchGroupArgs
PatchGroupState
ResourceDataSync
Provides a SSM resource data sync.
Example Usage
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var hogeBucket = new Aws.S3.Bucket("hogeBucket", new Aws.S3.BucketArgs
{
Region = "us-east-1",
});
var hogeBucketPolicy = new Aws.S3.BucketPolicy("hogeBucketPolicy", new Aws.S3.BucketPolicyArgs
{
Bucket = hogeBucket.BucketName,
Policy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Sid"": ""SSMBucketPermissionsCheck"",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""ssm.amazonaws.com""
},
""Action"": ""s3:GetBucketAcl"",
""Resource"": ""arn:aws:s3:::tf-test-bucket-1234""
},
{
""Sid"": "" SSMBucketDelivery"",
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""ssm.amazonaws.com""
},
""Action"": ""s3:PutObject"",
""Resource"": [""arn:aws:s3:::tf-test-bucket-1234/*""],
""Condition"": {
""StringEquals"": {
""s3:x-amz-acl"": ""bucket-owner-full-control""
}
}
}
]
}
",
});
var foo = new Aws.Ssm.ResourceDataSync("foo", new Aws.Ssm.ResourceDataSyncArgs
{
S3Destination = new Aws.Ssm.Inputs.ResourceDataSyncS3DestinationArgs
{
BucketName = hogeBucket.BucketName,
Region = hogeBucket.Region,
},
});
}
}