1. Docs
  2. Reference
  3. API
  4. @pulumi/aws
  5. ssm

Module ssm

This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

Resources

Functions

Others

Resources

Resource Activation

class Activation extends CustomResource

Registers an on-premises server or virtual machine with Amazon EC2 so that it can be managed using Run Command.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const testRole = new aws.iam.Role("test_role", {
    assumeRolePolicy: `  {
    "Version": "2012-10-17",
    "Statement": {
      "Effect": "Allow",
      "Principal": {"Service": "ssm.amazonaws.com"},
      "Action": "sts:AssumeRole"
    }
  }
`,
});
const testAttach = new aws.iam.RolePolicyAttachment("test_attach", {
    policyArn: "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
    role: testRole.name,
});
const foo = new aws.ssm.Activation("foo", {
    description: "Test",
    iamRole: testRole.id,
    registrationLimit: 5,
}, { dependsOn: [testAttach] });

constructor

new Activation(name: string, args: ActivationArgs, opts?: pulumi.CustomResourceOptions)

Create a Activation resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ActivationState, opts?: pulumi.CustomResourceOptions): Activation

Get an existing Activation resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Activation

Returns true if the given object is an instance of Activation. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property activationCode

public activationCode: pulumi.Output<string>;

The code the system generates when it processes the activation.

property description

public description: pulumi.Output<string | undefined>;

The description of the resource that you want to register.

property expirationDate

public expirationDate: pulumi.Output<string>;

UTC timestamp in RFC3339 format by which this activation request should expire. The default value is 24 hours from resource creation time. This provider will only perform drift detection of its value when present in a configuration.

property expired

public expired: pulumi.Output<boolean>;

If the current activation has expired.

property iamRole

public iamRole: pulumi.Output<string>;

The IAM Role to attach to the managed instance.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The default name of the registered managed instance.

property registrationCount

public registrationCount: pulumi.Output<number>;

The number of managed instances that are currently registered using this activation.

property registrationLimit

public registrationLimit: pulumi.Output<number | undefined>;

The maximum number of managed instances you want to register. The default value is 1 instance.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the object.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Association

class Association extends CustomResource

Associates an SSM Document to an instance or EC2 tag.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ssm.Association("example", {
    targets: [{
        key: "InstanceIds",
        values: [aws_instance_example.id],
    }],
});

constructor

new Association(name: string, args?: AssociationArgs, opts?: pulumi.CustomResourceOptions)

Create a Association resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: AssociationState, opts?: pulumi.CustomResourceOptions): Association

Get an existing Association resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Association

Returns true if the given object is an instance of Association. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property associationId

public associationId: pulumi.Output<string>;

The ID of the SSM association.

property associationName

public associationName: pulumi.Output<string | undefined>;

The descriptive name for the association.

property automationTargetParameterName

public automationTargetParameterName: pulumi.Output<string | undefined>;

Specify the target for the association. This target is required for associations that use an Automation document and target resources by using rate controls.

property complianceSeverity

public complianceSeverity: pulumi.Output<string | undefined>;

The compliance severity for the association. Can be one of the following: UNSPECIFIED, LOW, MEDIUM, HIGH or CRITICAL

property documentVersion

public documentVersion: pulumi.Output<string>;

The document version you want to associate with the target(s). Can be a specific version or the default version.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property instanceId

public instanceId: pulumi.Output<string | undefined>;

The instance ID to apply an SSM document to. Use targets with key InstanceIds for document schema versions 2.0 and above.

property maxConcurrency

public maxConcurrency: pulumi.Output<string | undefined>;

The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%.

property maxErrors

public maxErrors: pulumi.Output<string | undefined>;

The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify a number, for example 10, or a percentage of the target set, for example 10%.

property name

public name: pulumi.Output<string>;

The name of the SSM document to apply.

property outputLocation

public outputLocation: pulumi.Output<AssociationOutputLocation | undefined>;

An output location block. Output Location is documented below.

property parameters

public parameters: pulumi.Output<{[key: string]: any}>;

A block of arbitrary string parameters to pass to the SSM document.

property scheduleExpression

public scheduleExpression: pulumi.Output<string | undefined>;

A cron expression when the association will be applied to the target(s).

property targets

public targets: pulumi.Output<AssociationTarget[]>;

A block containing the targets of the SSM association. Targets are documented below. AWS currently supports a maximum of 5 targets.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource Document

class Document extends CustomResource

Provides an SSM Document resource

NOTE on updating SSM documents: Only documents with a schema version of 2.0 or greater can update their content once created, see SSM Schema Features. To update a document with an older schema version you must recreate the resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const foo = new aws.ssm.Document("foo", {
    content: `  {
    "schemaVersion": "1.2",
    "description": "Check ip configuration of a Linux instance.",
    "parameters": {

    },
    "runtimeConfig": {
      "aws:runShellScript": {
        "properties": [
          {
            "id": "0.aws:runShellScript",
            "runCommand": ["ifconfig"]
          }
        ]
      }
    }
  }
`,
    documentType: "Command",
});

Permissions

The permissions attribute specifies how you want to share the document. If you share a document privately, you must specify the AWS user account IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.

The permissions mapping supports the following:

  • type - The permission type for the document. The permission type can be Share.
  • accountIds - The AWS user accounts that should have access to the document. The account IDs can either be a group of account IDs or All.

constructor

new Document(name: string, args: DocumentArgs, opts?: pulumi.CustomResourceOptions)

Create a Document resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: DocumentState, opts?: pulumi.CustomResourceOptions): Document

Get an existing Document resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Document

Returns true if the given object is an instance of Document. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property arn

public arn: pulumi.Output<string>;

property attachmentsSources

public attachmentsSources: pulumi.Output<DocumentAttachmentsSource[] | undefined>;

One or more configuration blocks describing attachments sources to a version of a document. Defined below.

property content

public content: pulumi.Output<string>;

The JSON or YAML content of the document.

property createdDate

public createdDate: pulumi.Output<string>;

The date the document was created.

property defaultVersion

public defaultVersion: pulumi.Output<string>;

The default version of the document.

property description

public description: pulumi.Output<string>;

The description of the document.

property documentFormat

public documentFormat: pulumi.Output<string | undefined>;

The format of the document. Valid document types include: JSON and YAML

property documentType

public documentType: pulumi.Output<string>;

The type of the document. Valid document types include: Automation, Command, Package, Policy, and Session

property documentVersion

public documentVersion: pulumi.Output<string>;

The document version.

property hash

public hash: pulumi.Output<string>;

The sha1 or sha256 of the document content

property hashType

public hashType: pulumi.Output<string>;

“Sha1” “Sha256”. The hashing algorithm used when hashing the content.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property latestVersion

public latestVersion: pulumi.Output<string>;

The latest version of the document.

property name

public name: pulumi.Output<string>;

The name of the document.

property owner

public owner: pulumi.Output<string>;

The AWS user account of the person who created the document.

property parameters

public parameters: pulumi.Output<DocumentParameter[]>;

The parameters that are available to this document.

property permissions

public permissions: pulumi.Output<{[key: string]: string} | undefined>;

Additional Permissions to attach to the document. See Permissions below for details.

property platformTypes

public platformTypes: pulumi.Output<string[]>;

A list of OS platforms compatible with this SSM document, either “Windows” or “Linux”.

property schemaVersion

public schemaVersion: pulumi.Output<string>;

The schema version of the document.

property status

public status: pulumi.Output<string>;

“Creating”, “Active” or “Deleting”. The current status of the document.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the object.

property targetType

public targetType: pulumi.Output<string | undefined>;

The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see AWS Resource Types Reference (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html)

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource MaintenanceWindow

class MaintenanceWindow extends CustomResource

Provides an SSM Maintenance Window resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const production = new aws.ssm.MaintenanceWindow("production", {
    cutoff: 1,
    duration: 3,
    schedule: "cron(0 16 ? * TUE *)",
});

constructor

new MaintenanceWindow(name: string, args: MaintenanceWindowArgs, opts?: pulumi.CustomResourceOptions)

Create a MaintenanceWindow resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MaintenanceWindowState, opts?: pulumi.CustomResourceOptions): MaintenanceWindow

Get an existing MaintenanceWindow resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is MaintenanceWindow

Returns true if the given object is an instance of MaintenanceWindow. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allowUnassociatedTargets

public allowUnassociatedTargets: pulumi.Output<boolean | undefined>;

Whether targets must be registered with the Maintenance Window before tasks can be defined for those targets.

property cutoff

public cutoff: pulumi.Output<number>;

The number of hours before the end of the Maintenance Window that Systems Manager stops scheduling new tasks for execution.

property description

public description: pulumi.Output<string | undefined>;

A description for the maintenance window.

property duration

public duration: pulumi.Output<number>;

The duration of the Maintenance Window in hours.

property enabled

public enabled: pulumi.Output<boolean | undefined>;

Whether the maintenance window is enabled. Default: true.

property endDate

public endDate: pulumi.Output<string | undefined>;

Timestamp in ISO-8601 extended format when to no longer run the maintenance window.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the maintenance window.

property schedule

public schedule: pulumi.Output<string>;

The schedule of the Maintenance Window in the form of a cron or rate expression.

property scheduleTimezone

public scheduleTimezone: pulumi.Output<string | undefined>;

Timezone for schedule in Internet Assigned Numbers Authority (IANA) Time Zone Database format. For example: America/Los_Angeles, etc/UTC, or Asia/Seoul.

property startDate

public startDate: pulumi.Output<string | undefined>;

Timestamp in ISO-8601 extended format when to begin the maintenance window.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource MaintenanceWindowTarget

class MaintenanceWindowTarget extends CustomResource

Provides an SSM Maintenance Window Target resource

Instance Target Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const window = new aws.ssm.MaintenanceWindow("window", {
    cutoff: 1,
    duration: 3,
    schedule: "cron(0 16 ? * TUE *)",
});
const target1 = new aws.ssm.MaintenanceWindowTarget("target1", {
    description: "This is a maintenance window target",
    resourceType: "INSTANCE",
    targets: [{
        key: "tag:Name",
        values: ["acceptance_test"],
    }],
    windowId: window.id,
});

Resource Group Target Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const window = new aws.ssm.MaintenanceWindow("window", {
    cutoff: 1,
    duration: 3,
    schedule: "cron(0 16 ? * TUE *)",
});
const target1 = new aws.ssm.MaintenanceWindowTarget("target1", {
    description: "This is a maintenance window target",
    resourceType: "RESOURCE_GROUP",
    targets: [{
        key: "resource-groups:ResourceTypeFilters",
        values: [
            "AWS::EC2::INSTANCE",
            "AWS::EC2::VPC",
        ],
    }],
    windowId: window.id,
});

constructor

new MaintenanceWindowTarget(name: string, args: MaintenanceWindowTargetArgs, opts?: pulumi.CustomResourceOptions)

Create a MaintenanceWindowTarget resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MaintenanceWindowTargetState, opts?: pulumi.CustomResourceOptions): MaintenanceWindowTarget

Get an existing MaintenanceWindowTarget resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is MaintenanceWindowTarget

Returns true if the given object is an instance of MaintenanceWindowTarget. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

The description of the maintenance window target.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the maintenance window target.

property ownerInformation

public ownerInformation: pulumi.Output<string | undefined>;

User-provided value that will be included in any CloudWatch events raised while running tasks for these targets in this Maintenance Window.

property resourceType

public resourceType: pulumi.Output<string>;

The type of target being registered with the Maintenance Window. Possible values are INSTANCE and RESOURCE_GROUP.

property targets

public targets: pulumi.Output<MaintenanceWindowTargetTarget[]>;

The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs. You can specify targets using instance IDs, resource group names, or tags that have been applied to instances. For more information about these examples formats see (https://docs.aws.amazon.com/systems-manager/latest/userguide/mw-cli-tutorial-targets-examples.html)

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property windowId

public windowId: pulumi.Output<string>;

The Id of the maintenance window to register the target with.

Resource MaintenanceWindowTask

class MaintenanceWindowTask extends CustomResource

Provides an SSM Maintenance Window Task resource

Example Usage

Automation Tasks
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ssm.MaintenanceWindowTask("example", {
    maxConcurrency: "2",
    maxErrors: "1",
    priority: 1,
    serviceRoleArn: aws_iam_role_example.arn,
    targets: [{
        key: "InstanceIds",
        values: [aws_instance_example.id],
    }],
    taskArn: "AWS-RestartEC2Instance",
    taskInvocationParameters: {
        automationParameters: {
            documentVersion: "$LATEST",
            parameters: [{
                name: "InstanceId",
                values: [aws_instance_example.id],
            }],
        },
    },
    taskType: "AUTOMATION",
    windowId: aws_ssm_maintenance_window_example.id,
});
Lambda Tasks
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ssm.MaintenanceWindowTask("example", {
    maxConcurrency: "2",
    maxErrors: "1",
    priority: 1,
    serviceRoleArn: aws_iam_role_example.arn,
    targets: [{
        key: "InstanceIds",
        values: [aws_instance_example.id],
    }],
    taskArn: aws_lambda_function_example.arn,
    taskInvocationParameters: {
        lambdaParameters: {
            clientContext: Buffer.from("{\"key1\":\"value1\"}").toString("base64"),
            payload: "{\"key1\":\"value1\"}",
        },
    },
    taskType: "LAMBDA",
    windowId: aws_ssm_maintenance_window_example.id,
});
Run Command Tasks
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ssm.MaintenanceWindowTask("example", {
    maxConcurrency: "2",
    maxErrors: "1",
    priority: 1,
    serviceRoleArn: aws_iam_role_example.arn,
    targets: [{
        key: "InstanceIds",
        values: [aws_instance_example.id],
    }],
    taskArn: "AWS-RunShellScript",
    taskInvocationParameters: {
        runCommandParameters: {
            notificationConfig: {
                notificationArn: aws_sns_topic_example.arn,
                notificationEvents: ["All"],
                notificationType: "Command",
            },
            outputS3Bucket: aws_s3_bucket_example.bucket,
            outputS3KeyPrefix: "output",
            parameters: [{
                name: "commands",
                values: ["date"],
            }],
            serviceRoleArn: aws_iam_role_example.arn,
            timeoutSeconds: 600,
        },
    },
    taskType: "RUN_COMMAND",
    windowId: aws_ssm_maintenance_window_example.id,
});
Step Function Tasks
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.ssm.MaintenanceWindowTask("example", {
    maxConcurrency: "2",
    maxErrors: "1",
    priority: 1,
    serviceRoleArn: aws_iam_role_example.arn,
    targets: [{
        key: "InstanceIds",
        values: [aws_instance_example.id],
    }],
    taskArn: aws_sfn_activity_example.id,
    taskInvocationParameters: {
        stepFunctionsParameters: {
            input: "{\"key1\":\"value1\"}",
            name: "example",
        },
    },
    taskType: "STEP_FUNCTIONS",
    windowId: aws_ssm_maintenance_window_example.id,
});

constructor

new MaintenanceWindowTask(name: string, args: MaintenanceWindowTaskArgs, opts?: pulumi.CustomResourceOptions)

Create a MaintenanceWindowTask resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: MaintenanceWindowTaskState, opts?: pulumi.CustomResourceOptions): MaintenanceWindowTask

Get an existing MaintenanceWindowTask resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is MaintenanceWindowTask

Returns true if the given object is an instance of MaintenanceWindowTask. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

The description of the maintenance window task.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property loggingInfo

DEPRECATED use 'task_invocation_parameters' argument instead
public loggingInfo: pulumi.Output<MaintenanceWindowTaskLoggingInfo | undefined>;

A structure containing information about an Amazon S3 bucket to write instance-level logs to. Use taskInvocationParameters configuration block runCommandParameters configuration block output_s3_* arguments instead. Conflicts with taskInvocationParameters. Documented below.

property maxConcurrency

public maxConcurrency: pulumi.Output<string>;

The maximum number of targets this task can be run for in parallel.

property maxErrors

public maxErrors: pulumi.Output<string>;

The maximum number of errors allowed before this task stops being scheduled.

property name

public name: pulumi.Output<string>;

The name of the maintenance window task.

property priority

public priority: pulumi.Output<number | undefined>;

The priority of the task in the Maintenance Window, the lower the number the higher the priority. Tasks in a Maintenance Window are scheduled in priority order with tasks that have the same priority scheduled in parallel.

property serviceRoleArn

public serviceRoleArn: pulumi.Output<string>;

The role that should be assumed when executing the task.

property targets

public targets: pulumi.Output<MaintenanceWindowTaskTarget[]>;

The targets (either instances or window target ids). Instances are specified using Key=InstanceIds,Values=instanceid1,instanceid2. Window target ids are specified using Key=WindowTargetIds,Values=window target id1, window target id2.

property taskArn

public taskArn: pulumi.Output<string>;

The ARN of the task to execute.

property taskInvocationParameters

public taskInvocationParameters: pulumi.Output<MaintenanceWindowTaskTaskInvocationParameters | undefined>;

The parameters for task execution. This argument is conflict with taskParameters and loggingInfo.

property taskParameters

DEPRECATED use 'task_invocation_parameters' argument instead
public taskParameters: pulumi.Output<MaintenanceWindowTaskTaskParameter[] | undefined>;

A structure containing information about parameters required by the particular taskArn. Use parameter configuration blocks under the taskInvocationParameters configuration block instead. Conflicts with taskInvocationParameters. Documented below.

property taskType

public taskType: pulumi.Output<string>;

The type of task being registered. The only allowed value is RUN_COMMAND.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property windowId

public windowId: pulumi.Output<string>;

The Id of the maintenance window to register the task with.

Resource Parameter

class Parameter extends CustomResource

Provides an SSM Parameter resource.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const foo = new aws.ssm.Parameter("foo", {
    type: "String",
    value: "bar",
});

constructor

new Parameter(name: string, args: ParameterArgs, opts?: pulumi.CustomResourceOptions)

Create a Parameter resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ParameterState, opts?: pulumi.CustomResourceOptions): Parameter

Get an existing Parameter resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Parameter

Returns true if the given object is an instance of Parameter. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property allowedPattern

public allowedPattern: pulumi.Output<string | undefined>;

A regular expression used to validate the parameter value.

property arn

public arn: pulumi.Output<string>;

The ARN of the parameter.

property description

public description: pulumi.Output<string | undefined>;

The description of the parameter.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property keyId

public keyId: pulumi.Output<string>;

The KMS key id or arn for encrypting a SecureString.

property name

public name: pulumi.Output<string>;

The name of the parameter. If the name contains a path (e.g. any forward slashes (/)), it must be fully qualified with a leading forward slash (/). For additional requirements and constraints, see the AWS SSM User Guide.

property overwrite

public overwrite: pulumi.Output<boolean | undefined>;

Overwrite an existing parameter. If not specified, will default to false if the resource has not been created by this provider to avoid overwrite of existing resource and will default to true otherwise (lifecycle rules should then be used to manage the update behavior).

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the object.

property tier

public tier: pulumi.Output<string | undefined>;

The tier of the parameter. If not specified, will default to Standard. Valid tiers are Standard and Advanced. For more information on parameter tiers, see the AWS SSM Parameter tier comparison and guide.

property type

public type: pulumi.Output<ParameterType>;

The type of the parameter. Valid types are String, StringList and SecureString.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

property value

public value: pulumi.Output<string>;

The value of the parameter.

property version

public version: pulumi.Output<number>;

The version of the parameter.

Resource PatchBaseline

class PatchBaseline extends CustomResource

Provides an SSM Patch Baseline resource

NOTE on Patch Baselines: The approvedPatches and approvalRule are both marked as optional fields, but the Patch Baseline requires that at least one of them is specified.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const production = new aws.ssm.PatchBaseline("production", {
    approvedPatches: ["KB123456"],
});

constructor

new PatchBaseline(name: string, args?: PatchBaselineArgs, opts?: pulumi.CustomResourceOptions)

Create a PatchBaseline resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PatchBaselineState, opts?: pulumi.CustomResourceOptions): PatchBaseline

Get an existing PatchBaseline resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is PatchBaseline

Returns true if the given object is an instance of PatchBaseline. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property approvalRules

public approvalRules: pulumi.Output<PatchBaselineApprovalRule[] | undefined>;

A set of rules used to include patches in the baseline. up to 10 approval rules can be specified. Each approvalRule block requires the fields documented below.

property approvedPatches

public approvedPatches: pulumi.Output<string[] | undefined>;

A list of explicitly approved patches for the baseline.

property approvedPatchesComplianceLevel

public approvedPatchesComplianceLevel: pulumi.Output<string | undefined>;

Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid compliance levels include the following: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

property description

public description: pulumi.Output<string | undefined>;

The description of the patch baseline.

property globalFilters

public globalFilters: pulumi.Output<PatchBaselineGlobalFilter[] | undefined>;

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

The name of the patch baseline.

property operatingSystem

public operatingSystem: pulumi.Output<string | undefined>;

Defines the operating system the patch baseline applies to. Supported operating systems include WINDOWS, AMAZON_LINUX, AMAZON_LINUX_2, SUSE, UBUNTU, CENTOS, and REDHAT_ENTERPRISE_LINUX. The Default value is WINDOWS.

property rejectedPatches

public rejectedPatches: pulumi.Output<string[] | undefined>;

A list of rejected patches.

property tags

public tags: pulumi.Output<{[key: string]: any} | undefined>;

A map of tags to assign to the resource.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource PatchGroup

class PatchGroup extends CustomResource

Provides an SSM Patch Group resource

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const production = new aws.ssm.PatchBaseline("production", {
    approvedPatches: ["KB123456"],
});
const patchgroup = new aws.ssm.PatchGroup("patchgroup", {
    baselineId: production.id,
    patchGroup: "patch-group-name",
});

constructor

new PatchGroup(name: string, args: PatchGroupArgs, opts?: pulumi.CustomResourceOptions)

Create a PatchGroup resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: PatchGroupState, opts?: pulumi.CustomResourceOptions): PatchGroup

Get an existing PatchGroup resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is PatchGroup

Returns true if the given object is an instance of PatchGroup. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property baselineId

public baselineId: pulumi.Output<string>;

The ID of the patch baseline to register the patch group with.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property patchGroup

public patchGroup: pulumi.Output<string>;

The name of the patch group that should be registered with the patch baseline.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource ResourceDataSync

class ResourceDataSync extends CustomResource

Provides a SSM resource data sync.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const hogeBucket = new aws.s3.Bucket("hoge", {
    region: "us-east-1",
});
const hogeBucketPolicy = new aws.s3.BucketPolicy("hoge", {
    bucket: hogeBucket.bucket,
    policy: `{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SSMBucketPermissionsCheck",
            "Effect": "Allow",
            "Principal": {
                "Service": "ssm.amazonaws.com"
            },
            "Action": "s3:GetBucketAcl",
            "Resource": "arn:aws:s3:::tf-test-bucket-1234"
        },
        {
            "Sid": " SSMBucketDelivery",
            "Effect": "Allow",
            "Principal": {
                "Service": "ssm.amazonaws.com"
            },
            "Action": "s3:PutObject",
            "Resource": ["arn:aws:s3:::tf-test-bucket-1234/*"],
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": "bucket-owner-full-control"
                }
            }
        }
    ]
}
`,
});
const foo = new aws.ssm.ResourceDataSync("foo", {
    s3Destination: {
        bucketName: hogeBucket.bucket,
        region: hogeBucket.region,
    },
});

constructor

new ResourceDataSync(name: string, args: ResourceDataSyncArgs, opts?: pulumi.CustomResourceOptions)

Create a ResourceDataSync resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ResourceDataSyncState, opts?: pulumi.CustomResourceOptions): ResourceDataSync

Get an existing ResourceDataSync resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is ResourceDataSync

Returns true if the given object is an instance of ResourceDataSync. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property name

public name: pulumi.Output<string>;

Name for the configuration.

property s3Destination

public s3Destination: pulumi.Output<ResourceDataSyncS3Destination>;

Amazon S3 configuration details for the sync.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Functions

Function getDocument

getDocument(args: GetDocumentArgs, opts?: pulumi.InvokeOptions): Promise<GetDocumentResult>

Gets the contents of the specified Systems Manager document.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const foo = pulumi.output(aws.ssm.getDocument({
    documentFormat: "YAML",
    name: "AWS-GatherSoftwareInventory",
}, { async: true }));

export const content = foo.content;

Function getParameter

getParameter(args: GetParameterArgs, opts?: pulumi.InvokeOptions): Promise<GetParameterResult>

Provides an SSM Parameter data source.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const foo = pulumi.output(aws.ssm.getParameter({
    name: "foo",
}, { async: true }));

Function getPatchBaseline

getPatchBaseline(args: GetPatchBaselineArgs, opts?: pulumi.InvokeOptions): Promise<GetPatchBaselineResult>

Provides an SSM Patch Baseline data source. Useful if you wish to reuse the default baselines provided.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const centos = pulumi.output(aws.ssm.getPatchBaseline({
    namePrefix: "AWS-",
    operatingSystem: "CENTOS",
    owner: "AWS",
}, { async: true }));

Others

interface ActivationArgs

interface ActivationArgs

The set of arguments for constructing a Activation resource.

property description

description?: pulumi.Input<string>;

The description of the resource that you want to register.

property expirationDate

expirationDate?: pulumi.Input<string>;

UTC timestamp in RFC3339 format by which this activation request should expire. The default value is 24 hours from resource creation time. This provider will only perform drift detection of its value when present in a configuration.

property iamRole

iamRole: pulumi.Input<string>;

The IAM Role to attach to the managed instance.

property name

name?: pulumi.Input<string>;

The default name of the registered managed instance.

property registrationLimit

registrationLimit?: pulumi.Input<number>;

The maximum number of managed instances you want to register. The default value is 1 instance.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the object.

interface ActivationState

interface ActivationState

Input properties used for looking up and filtering Activation resources.

property activationCode

activationCode?: pulumi.Input<string>;

The code the system generates when it processes the activation.

property description

description?: pulumi.Input<string>;

The description of the resource that you want to register.

property expirationDate

expirationDate?: pulumi.Input<string>;

UTC timestamp in RFC3339 format by which this activation request should expire. The default value is 24 hours from resource creation time. This provider will only perform drift detection of its value when present in a configuration.

property expired

expired?: pulumi.Input<boolean>;

If the current activation has expired.

property iamRole

iamRole?: pulumi.Input<string>;

The IAM Role to attach to the managed instance.

property name

name?: pulumi.Input<string>;

The default name of the registered managed instance.

property registrationCount

registrationCount?: pulumi.Input<number>;

The number of managed instances that are currently registered using this activation.

property registrationLimit

registrationLimit?: pulumi.Input<number>;

The maximum number of managed instances you want to register. The default value is 1 instance.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the object.

interface AssociationArgs

interface AssociationArgs

The set of arguments for constructing a Association resource.

property associationName

associationName?: pulumi.Input<string>;

The descriptive name for the association.

property automationTargetParameterName

automationTargetParameterName?: pulumi.Input<string>;

Specify the target for the association. This target is required for associations that use an Automation document and target resources by using rate controls.

property complianceSeverity

complianceSeverity?: pulumi.Input<string>;

The compliance severity for the association. Can be one of the following: UNSPECIFIED, LOW, MEDIUM, HIGH or CRITICAL

property documentVersion

documentVersion?: pulumi.Input<string>;

The document version you want to associate with the target(s). Can be a specific version or the default version.

property instanceId

instanceId?: pulumi.Input<string>;

The instance ID to apply an SSM document to. Use targets with key InstanceIds for document schema versions 2.0 and above.

property maxConcurrency

maxConcurrency?: pulumi.Input<string>;

The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%.

property maxErrors

maxErrors?: pulumi.Input<string>;

The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify a number, for example 10, or a percentage of the target set, for example 10%.

property name

name?: pulumi.Input<string>;

The name of the SSM document to apply.

property outputLocation

outputLocation?: pulumi.Input<AssociationOutputLocation>;

An output location block. Output Location is documented below.

property parameters

parameters?: pulumi.Input<{[key: string]: any}>;

A block of arbitrary string parameters to pass to the SSM document.

property scheduleExpression

scheduleExpression?: pulumi.Input<string>;

A cron expression when the association will be applied to the target(s).

property targets

targets?: pulumi.Input<pulumi.Input<AssociationTarget>[]>;

A block containing the targets of the SSM association. Targets are documented below. AWS currently supports a maximum of 5 targets.

interface AssociationState

interface AssociationState

Input properties used for looking up and filtering Association resources.

property associationId

associationId?: pulumi.Input<string>;

The ID of the SSM association.

property associationName

associationName?: pulumi.Input<string>;

The descriptive name for the association.

property automationTargetParameterName

automationTargetParameterName?: pulumi.Input<string>;

Specify the target for the association. This target is required for associations that use an Automation document and target resources by using rate controls.

property complianceSeverity

complianceSeverity?: pulumi.Input<string>;

The compliance severity for the association. Can be one of the following: UNSPECIFIED, LOW, MEDIUM, HIGH or CRITICAL

property documentVersion

documentVersion?: pulumi.Input<string>;

The document version you want to associate with the target(s). Can be a specific version or the default version.

property instanceId

instanceId?: pulumi.Input<string>;

The instance ID to apply an SSM document to. Use targets with key InstanceIds for document schema versions 2.0 and above.

property maxConcurrency

maxConcurrency?: pulumi.Input<string>;

The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%.

property maxErrors

maxErrors?: pulumi.Input<string>;

The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify a number, for example 10, or a percentage of the target set, for example 10%.

property name

name?: pulumi.Input<string>;

The name of the SSM document to apply.

property outputLocation

outputLocation?: pulumi.Input<AssociationOutputLocation>;

An output location block. Output Location is documented below.

property parameters

parameters?: pulumi.Input<{[key: string]: any}>;

A block of arbitrary string parameters to pass to the SSM document.

property scheduleExpression

scheduleExpression?: pulumi.Input<string>;

A cron expression when the association will be applied to the target(s).

property targets

targets?: pulumi.Input<pulumi.Input<AssociationTarget>[]>;

A block containing the targets of the SSM association. Targets are documented below. AWS currently supports a maximum of 5 targets.

interface DocumentArgs

interface DocumentArgs

The set of arguments for constructing a Document resource.

property attachmentsSources

attachmentsSources?: pulumi.Input<pulumi.Input<DocumentAttachmentsSource>[]>;

One or more configuration blocks describing attachments sources to a version of a document. Defined below.

property content

content: pulumi.Input<string>;

The JSON or YAML content of the document.

property documentFormat

documentFormat?: pulumi.Input<string>;

The format of the document. Valid document types include: JSON and YAML

property documentType

documentType: pulumi.Input<string>;

The type of the document. Valid document types include: Automation, Command, Package, Policy, and Session

property name

name?: pulumi.Input<string>;

The name of the document.

property permissions

permissions?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

Additional Permissions to attach to the document. See Permissions below for details.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the object.

property targetType

targetType?: pulumi.Input<string>;

The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see AWS Resource Types Reference (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html)

interface DocumentState

interface DocumentState

Input properties used for looking up and filtering Document resources.

property arn

arn?: pulumi.Input<string>;

property attachmentsSources

attachmentsSources?: pulumi.Input<pulumi.Input<DocumentAttachmentsSource>[]>;

One or more configuration blocks describing attachments sources to a version of a document. Defined below.

property content

content?: pulumi.Input<string>;

The JSON or YAML content of the document.

property createdDate

createdDate?: pulumi.Input<string>;

The date the document was created.

property defaultVersion

defaultVersion?: pulumi.Input<string>;

The default version of the document.

property description

description?: pulumi.Input<string>;

The description of the document.

property documentFormat

documentFormat?: pulumi.Input<string>;

The format of the document. Valid document types include: JSON and YAML

property documentType

documentType?: pulumi.Input<string>;

The type of the document. Valid document types include: Automation, Command, Package, Policy, and Session

property documentVersion

documentVersion?: pulumi.Input<string>;

The document version.

property hash

hash?: pulumi.Input<string>;

The sha1 or sha256 of the document content

property hashType

hashType?: pulumi.Input<string>;

“Sha1” “Sha256”. The hashing algorithm used when hashing the content.

property latestVersion

latestVersion?: pulumi.Input<string>;

The latest version of the document.

property name

name?: pulumi.Input<string>;

The name of the document.

property owner

owner?: pulumi.Input<string>;

The AWS user account of the person who created the document.

property parameters

parameters?: pulumi.Input<pulumi.Input<DocumentParameter>[]>;

The parameters that are available to this document.

property permissions

permissions?: pulumi.Input<{[key: string]: pulumi.Input<string>}>;

Additional Permissions to attach to the document. See Permissions below for details.

property platformTypes

platformTypes?: pulumi.Input<pulumi.Input<string>[]>;

A list of OS platforms compatible with this SSM document, either “Windows” or “Linux”.

property schemaVersion

schemaVersion?: pulumi.Input<string>;

The schema version of the document.

property status

status?: pulumi.Input<string>;

“Creating”, “Active” or “Deleting”. The current status of the document.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the object.

property targetType

targetType?: pulumi.Input<string>;

The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see AWS Resource Types Reference (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html)

interface GetDocumentArgs

interface GetDocumentArgs

A collection of arguments for invoking getDocument.

property documentFormat

documentFormat?: undefined | string;

Returns the document in the specified format. The document format can be either JSON or YAML. JSON is the default format.

property documentVersion

documentVersion?: undefined | string;

The document version for which you want information.

property name

name: string;

The name of the Systems Manager document.

interface GetDocumentResult

interface GetDocumentResult

A collection of values returned by getDocument.

property arn

arn: string;

The ARN of the document.

property content

content: string;

The contents of the document.

property documentFormat

documentFormat?: undefined | string;

property documentType

documentType: string;

The type of the document.

property documentVersion

documentVersion?: undefined | string;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name: string;

interface GetParameterArgs

interface GetParameterArgs

A collection of arguments for invoking getParameter.

property name

name: string;

The name of the parameter.

property withDecryption

withDecryption?: undefined | false | true;

Whether to return decrypted SecureString value. Defaults to true.

interface GetParameterResult

interface GetParameterResult

A collection of values returned by getParameter.

property arn

arn: string;

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name: string;

property type

type: string;

property value

value: string;

property version

version: number;

property withDecryption

withDecryption?: undefined | false | true;

interface GetPatchBaselineArgs

interface GetPatchBaselineArgs

A collection of arguments for invoking getPatchBaseline.

property defaultBaseline

defaultBaseline?: undefined | false | true;

Filters the results against the baselines defaultBaseline field.

property namePrefix

namePrefix?: undefined | string;

Filter results by the baseline name prefix.

property operatingSystem

operatingSystem?: undefined | string;

The specified OS for the baseline.

property owner

owner: string;

The owner of the baseline. Valid values: All, AWS, Self (the current account).

interface GetPatchBaselineResult

interface GetPatchBaselineResult

A collection of values returned by getPatchBaseline.

property defaultBaseline

defaultBaseline?: undefined | false | true;

property description

description: string;

The description of the baseline.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name: string;

The name of the baseline.

property namePrefix

namePrefix?: undefined | string;

property operatingSystem

operatingSystem?: undefined | string;

property owner

owner: string;

interface MaintenanceWindowArgs

interface MaintenanceWindowArgs

The set of arguments for constructing a MaintenanceWindow resource.

property allowUnassociatedTargets

allowUnassociatedTargets?: pulumi.Input<boolean>;

Whether targets must be registered with the Maintenance Window before tasks can be defined for those targets.

property cutoff

cutoff: pulumi.Input<number>;

The number of hours before the end of the Maintenance Window that Systems Manager stops scheduling new tasks for execution.

property description

description?: pulumi.Input<string>;

A description for the maintenance window.

property duration

duration: pulumi.Input<number>;

The duration of the Maintenance Window in hours.

property enabled

enabled?: pulumi.Input<boolean>;

Whether the maintenance window is enabled. Default: true.

property endDate

endDate?: pulumi.Input<string>;

Timestamp in ISO-8601 extended format when to no longer run the maintenance window.

property name

name?: pulumi.Input<string>;

The name of the maintenance window.

property schedule

schedule: pulumi.Input<string>;

The schedule of the Maintenance Window in the form of a cron or rate expression.

property scheduleTimezone

scheduleTimezone?: pulumi.Input<string>;

Timezone for schedule in Internet Assigned Numbers Authority (IANA) Time Zone Database format. For example: America/Los_Angeles, etc/UTC, or Asia/Seoul.

property startDate

startDate?: pulumi.Input<string>;

Timestamp in ISO-8601 extended format when to begin the maintenance window.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

interface MaintenanceWindowState

interface MaintenanceWindowState

Input properties used for looking up and filtering MaintenanceWindow resources.

property allowUnassociatedTargets

allowUnassociatedTargets?: pulumi.Input<boolean>;

Whether targets must be registered with the Maintenance Window before tasks can be defined for those targets.

property cutoff

cutoff?: pulumi.Input<number>;

The number of hours before the end of the Maintenance Window that Systems Manager stops scheduling new tasks for execution.

property description

description?: pulumi.Input<string>;

A description for the maintenance window.

property duration

duration?: pulumi.Input<number>;

The duration of the Maintenance Window in hours.

property enabled

enabled?: pulumi.Input<boolean>;

Whether the maintenance window is enabled. Default: true.

property endDate

endDate?: pulumi.Input<string>;

Timestamp in ISO-8601 extended format when to no longer run the maintenance window.

property name

name?: pulumi.Input<string>;

The name of the maintenance window.

property schedule

schedule?: pulumi.Input<string>;

The schedule of the Maintenance Window in the form of a cron or rate expression.

property scheduleTimezone

scheduleTimezone?: pulumi.Input<string>;

Timezone for schedule in Internet Assigned Numbers Authority (IANA) Time Zone Database format. For example: America/Los_Angeles, etc/UTC, or Asia/Seoul.

property startDate

startDate?: pulumi.Input<string>;

Timestamp in ISO-8601 extended format when to begin the maintenance window.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

interface MaintenanceWindowTargetArgs

interface MaintenanceWindowTargetArgs

The set of arguments for constructing a MaintenanceWindowTarget resource.

property description

description?: pulumi.Input<string>;

The description of the maintenance window target.

property name

name?: pulumi.Input<string>;

The name of the maintenance window target.

property ownerInformation

ownerInformation?: pulumi.Input<string>;

User-provided value that will be included in any CloudWatch events raised while running tasks for these targets in this Maintenance Window.

property resourceType

resourceType: pulumi.Input<string>;

The type of target being registered with the Maintenance Window. Possible values are INSTANCE and RESOURCE_GROUP.

property targets

targets: pulumi.Input<pulumi.Input<MaintenanceWindowTargetTarget>[]>;

The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs. You can specify targets using instance IDs, resource group names, or tags that have been applied to instances. For more information about these examples formats see (https://docs.aws.amazon.com/systems-manager/latest/userguide/mw-cli-tutorial-targets-examples.html)

property windowId

windowId: pulumi.Input<string>;

The Id of the maintenance window to register the target with.

interface MaintenanceWindowTargetState

interface MaintenanceWindowTargetState

Input properties used for looking up and filtering MaintenanceWindowTarget resources.

property description

description?: pulumi.Input<string>;

The description of the maintenance window target.

property name

name?: pulumi.Input<string>;

The name of the maintenance window target.

property ownerInformation

ownerInformation?: pulumi.Input<string>;

User-provided value that will be included in any CloudWatch events raised while running tasks for these targets in this Maintenance Window.

property resourceType

resourceType?: pulumi.Input<string>;

The type of target being registered with the Maintenance Window. Possible values are INSTANCE and RESOURCE_GROUP.

property targets

targets?: pulumi.Input<pulumi.Input<MaintenanceWindowTargetTarget>[]>;

The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs. You can specify targets using instance IDs, resource group names, or tags that have been applied to instances. For more information about these examples formats see (https://docs.aws.amazon.com/systems-manager/latest/userguide/mw-cli-tutorial-targets-examples.html)

property windowId

windowId?: pulumi.Input<string>;

The Id of the maintenance window to register the target with.

interface MaintenanceWindowTaskArgs

interface MaintenanceWindowTaskArgs

The set of arguments for constructing a MaintenanceWindowTask resource.

property description

description?: pulumi.Input<string>;

The description of the maintenance window task.

property loggingInfo

DEPRECATED use 'task_invocation_parameters' argument instead
loggingInfo?: pulumi.Input<MaintenanceWindowTaskLoggingInfo>;

A structure containing information about an Amazon S3 bucket to write instance-level logs to. Use taskInvocationParameters configuration block runCommandParameters configuration block output_s3_* arguments instead. Conflicts with taskInvocationParameters. Documented below.

property maxConcurrency

maxConcurrency: pulumi.Input<string>;

The maximum number of targets this task can be run for in parallel.

property maxErrors

maxErrors: pulumi.Input<string>;

The maximum number of errors allowed before this task stops being scheduled.

property name

name?: pulumi.Input<string>;

The name of the maintenance window task.

property priority

priority?: pulumi.Input<number>;

The priority of the task in the Maintenance Window, the lower the number the higher the priority. Tasks in a Maintenance Window are scheduled in priority order with tasks that have the same priority scheduled in parallel.

property serviceRoleArn

serviceRoleArn: pulumi.Input<string>;

The role that should be assumed when executing the task.

property targets

targets: pulumi.Input<pulumi.Input<MaintenanceWindowTaskTarget>[]>;

The targets (either instances or window target ids). Instances are specified using Key=InstanceIds,Values=instanceid1,instanceid2. Window target ids are specified using Key=WindowTargetIds,Values=window target id1, window target id2.

property taskArn

taskArn: pulumi.Input<string>;

The ARN of the task to execute.

property taskInvocationParameters

taskInvocationParameters?: pulumi.Input<MaintenanceWindowTaskTaskInvocationParameters>;

The parameters for task execution. This argument is conflict with taskParameters and loggingInfo.

property taskParameters

DEPRECATED use 'task_invocation_parameters' argument instead
taskParameters?: pulumi.Input<pulumi.Input<MaintenanceWindowTaskTaskParameter>[]>;

A structure containing information about parameters required by the particular taskArn. Use parameter configuration blocks under the taskInvocationParameters configuration block instead. Conflicts with taskInvocationParameters. Documented below.

property taskType

taskType: pulumi.Input<string>;

The type of task being registered. The only allowed value is RUN_COMMAND.

property windowId

windowId: pulumi.Input<string>;

The Id of the maintenance window to register the task with.

interface MaintenanceWindowTaskState

interface MaintenanceWindowTaskState

Input properties used for looking up and filtering MaintenanceWindowTask resources.

property description

description?: pulumi.Input<string>;

The description of the maintenance window task.

property loggingInfo

DEPRECATED use 'task_invocation_parameters' argument instead
loggingInfo?: pulumi.Input<MaintenanceWindowTaskLoggingInfo>;

A structure containing information about an Amazon S3 bucket to write instance-level logs to. Use taskInvocationParameters configuration block runCommandParameters configuration block output_s3_* arguments instead. Conflicts with taskInvocationParameters. Documented below.

property maxConcurrency

maxConcurrency?: pulumi.Input<string>;

The maximum number of targets this task can be run for in parallel.

property maxErrors

maxErrors?: pulumi.Input<string>;

The maximum number of errors allowed before this task stops being scheduled.

property name

name?: pulumi.Input<string>;

The name of the maintenance window task.

property priority

priority?: pulumi.Input<number>;

The priority of the task in the Maintenance Window, the lower the number the higher the priority. Tasks in a Maintenance Window are scheduled in priority order with tasks that have the same priority scheduled in parallel.

property serviceRoleArn

serviceRoleArn?: pulumi.Input<string>;

The role that should be assumed when executing the task.

property targets

targets?: pulumi.Input<pulumi.Input<MaintenanceWindowTaskTarget>[]>;

The targets (either instances or window target ids). Instances are specified using Key=InstanceIds,Values=instanceid1,instanceid2. Window target ids are specified using Key=WindowTargetIds,Values=window target id1, window target id2.

property taskArn

taskArn?: pulumi.Input<string>;

The ARN of the task to execute.

property taskInvocationParameters

taskInvocationParameters?: pulumi.Input<MaintenanceWindowTaskTaskInvocationParameters>;

The parameters for task execution. This argument is conflict with taskParameters and loggingInfo.

property taskParameters

DEPRECATED use 'task_invocation_parameters' argument instead
taskParameters?: pulumi.Input<pulumi.Input<MaintenanceWindowTaskTaskParameter>[]>;

A structure containing information about parameters required by the particular taskArn. Use parameter configuration blocks under the taskInvocationParameters configuration block instead. Conflicts with taskInvocationParameters. Documented below.

property taskType

taskType?: pulumi.Input<string>;

The type of task being registered. The only allowed value is RUN_COMMAND.

property windowId

windowId?: pulumi.Input<string>;

The Id of the maintenance window to register the task with.

interface ParameterArgs

interface ParameterArgs

The set of arguments for constructing a Parameter resource.

property allowedPattern

allowedPattern?: pulumi.Input<string>;

A regular expression used to validate the parameter value.

property arn

arn?: pulumi.Input<string>;

The ARN of the parameter.

property description

description?: pulumi.Input<string>;

The description of the parameter.

property keyId

keyId?: pulumi.Input<string>;

The KMS key id or arn for encrypting a SecureString.

property name

name?: pulumi.Input<string>;

The name of the parameter. If the name contains a path (e.g. any forward slashes (/)), it must be fully qualified with a leading forward slash (/). For additional requirements and constraints, see the AWS SSM User Guide.

property overwrite

overwrite?: pulumi.Input<boolean>;

Overwrite an existing parameter. If not specified, will default to false if the resource has not been created by this provider to avoid overwrite of existing resource and will default to true otherwise (lifecycle rules should then be used to manage the update behavior).

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the object.

property tier

tier?: pulumi.Input<string>;

The tier of the parameter. If not specified, will default to Standard. Valid tiers are Standard and Advanced. For more information on parameter tiers, see the AWS SSM Parameter tier comparison and guide.

property type

type: pulumi.Input<ParameterType>;

The type of the parameter. Valid types are String, StringList and SecureString.

property value

value: pulumi.Input<string>;

The value of the parameter.

interface ParameterState

interface ParameterState

Input properties used for looking up and filtering Parameter resources.

property allowedPattern

allowedPattern?: pulumi.Input<string>;

A regular expression used to validate the parameter value.

property arn

arn?: pulumi.Input<string>;

The ARN of the parameter.

property description

description?: pulumi.Input<string>;

The description of the parameter.

property keyId

keyId?: pulumi.Input<string>;

The KMS key id or arn for encrypting a SecureString.

property name

name?: pulumi.Input<string>;

The name of the parameter. If the name contains a path (e.g. any forward slashes (/)), it must be fully qualified with a leading forward slash (/). For additional requirements and constraints, see the AWS SSM User Guide.

property overwrite

overwrite?: pulumi.Input<boolean>;

Overwrite an existing parameter. If not specified, will default to false if the resource has not been created by this provider to avoid overwrite of existing resource and will default to true otherwise (lifecycle rules should then be used to manage the update behavior).

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the object.

property tier

tier?: pulumi.Input<string>;

The tier of the parameter. If not specified, will default to Standard. Valid tiers are Standard and Advanced. For more information on parameter tiers, see the AWS SSM Parameter tier comparison and guide.

property type

type?: pulumi.Input<ParameterType>;

The type of the parameter. Valid types are String, StringList and SecureString.

property value

value?: pulumi.Input<string>;

The value of the parameter.

property version

version?: pulumi.Input<number>;

The version of the parameter.

type ParameterType

type ParameterType = "String" | "StringList" | "SecureString";

interface PatchBaselineArgs

interface PatchBaselineArgs

The set of arguments for constructing a PatchBaseline resource.

property approvalRules

approvalRules?: pulumi.Input<pulumi.Input<PatchBaselineApprovalRule>[]>;

A set of rules used to include patches in the baseline. up to 10 approval rules can be specified. Each approvalRule block requires the fields documented below.

property approvedPatches

approvedPatches?: pulumi.Input<pulumi.Input<string>[]>;

A list of explicitly approved patches for the baseline.

property approvedPatchesComplianceLevel

approvedPatchesComplianceLevel?: pulumi.Input<string>;

Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid compliance levels include the following: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

property description

description?: pulumi.Input<string>;

The description of the patch baseline.

property globalFilters

globalFilters?: pulumi.Input<pulumi.Input<PatchBaselineGlobalFilter>[]>;

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID.

property name

name?: pulumi.Input<string>;

The name of the patch baseline.

property operatingSystem

operatingSystem?: pulumi.Input<string>;

Defines the operating system the patch baseline applies to. Supported operating systems include WINDOWS, AMAZON_LINUX, AMAZON_LINUX_2, SUSE, UBUNTU, CENTOS, and REDHAT_ENTERPRISE_LINUX. The Default value is WINDOWS.

property rejectedPatches

rejectedPatches?: pulumi.Input<pulumi.Input<string>[]>;

A list of rejected patches.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

interface PatchBaselineState

interface PatchBaselineState

Input properties used for looking up and filtering PatchBaseline resources.

property approvalRules

approvalRules?: pulumi.Input<pulumi.Input<PatchBaselineApprovalRule>[]>;

A set of rules used to include patches in the baseline. up to 10 approval rules can be specified. Each approvalRule block requires the fields documented below.

property approvedPatches

approvedPatches?: pulumi.Input<pulumi.Input<string>[]>;

A list of explicitly approved patches for the baseline.

property approvedPatchesComplianceLevel

approvedPatchesComplianceLevel?: pulumi.Input<string>;

Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid compliance levels include the following: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

property description

description?: pulumi.Input<string>;

The description of the patch baseline.

property globalFilters

globalFilters?: pulumi.Input<pulumi.Input<PatchBaselineGlobalFilter>[]>;

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID.

property name

name?: pulumi.Input<string>;

The name of the patch baseline.

property operatingSystem

operatingSystem?: pulumi.Input<string>;

Defines the operating system the patch baseline applies to. Supported operating systems include WINDOWS, AMAZON_LINUX, AMAZON_LINUX_2, SUSE, UBUNTU, CENTOS, and REDHAT_ENTERPRISE_LINUX. The Default value is WINDOWS.

property rejectedPatches

rejectedPatches?: pulumi.Input<pulumi.Input<string>[]>;

A list of rejected patches.

property tags

tags?: pulumi.Input<{[key: string]: any}>;

A map of tags to assign to the resource.

interface PatchGroupArgs

interface PatchGroupArgs

The set of arguments for constructing a PatchGroup resource.

property baselineId

baselineId: pulumi.Input<string>;

The ID of the patch baseline to register the patch group with.

property patchGroup

patchGroup: pulumi.Input<string>;

The name of the patch group that should be registered with the patch baseline.

interface PatchGroupState

interface PatchGroupState

Input properties used for looking up and filtering PatchGroup resources.

property baselineId

baselineId?: pulumi.Input<string>;

The ID of the patch baseline to register the patch group with.

property patchGroup

patchGroup?: pulumi.Input<string>;

The name of the patch group that should be registered with the patch baseline.

interface ResourceDataSyncArgs

interface ResourceDataSyncArgs

The set of arguments for constructing a ResourceDataSync resource.

property name

name?: pulumi.Input<string>;

Name for the configuration.

property s3Destination

s3Destination: pulumi.Input<ResourceDataSyncS3Destination>;

Amazon S3 configuration details for the sync.

interface ResourceDataSyncState

interface ResourceDataSyncState

Input properties used for looking up and filtering ResourceDataSync resources.

property name

name?: pulumi.Input<string>;

Name for the configuration.

property s3Destination

s3Destination?: pulumi.Input<ResourceDataSyncS3Destination>;

Amazon S3 configuration details for the sync.

let SecureStringParameter

let SecureStringParameter: ParameterType = "SecureString";

let StringListParameter

let StringListParameter: ParameterType = "StringList";

let StringParameter

let StringParameter: ParameterType = "String";