This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

ssm¶

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class pulumi_aws.ssm.Activation(resource_name, opts=None, description=None, expiration_date=None, iam_role=None, name=None, registration_limit=None, tags=None, __props__=None, __name__=None, __opts__=None)¶

Registers an on-premises server or virtual machine with Amazon EC2 so that it can be managed using Run Command.

import pulumi
import pulumi_aws as aws

test_role = aws.iam.Role("testRole", assume_role_policy="""  {
    "Version": "2012-10-17",
    "Statement": {
      "Effect": "Allow",
      "Principal": {"Service": "ssm.amazonaws.com"},
      "Action": "sts:AssumeRole"
    }
  }

""")
test_attach = aws.iam.RolePolicyAttachment("testAttach",
    policy_arn="arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
    role=test_role.name)
foo = aws.ssm.Activation("foo",
    description="Test",
    iam_role=test_role.id,
    registration_limit="5")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
description (pulumi.Input[str]) – The description of the resource that you want to register.
expiration_date (pulumi.Input[str]) – UTC timestamp in RFC3339 format by which this activation request should expire. The default value is 24 hours from resource creation time. This provider will only perform drift detection of its value when present in a configuration.
iam_role (pulumi.Input[str]) – The IAM Role to attach to the managed instance.
name (pulumi.Input[str]) – The default name of the registered managed instance.
registration_limit (pulumi.Input[float]) – The maximum number of managed instances you want to register. The default value is 1 instance.
tags (pulumi.Input[dict]) – A map of tags to assign to the object.

activation_code: pulumi.Output[str] = None¶: The code the system generates when it processes the activation.

description: pulumi.Output[str] = None¶: The description of the resource that you want to register.

expiration_date: pulumi.Output[str] = None¶: UTC timestamp in RFC3339 format by which this activation request should expire. The default value is 24 hours from resource creation time. This provider will only perform drift detection of its value when present in a configuration.

expired: pulumi.Output[bool] = None¶: If the current activation has expired.

iam_role: pulumi.Output[str] = None¶: The IAM Role to attach to the managed instance.

name: pulumi.Output[str] = None¶: The default name of the registered managed instance.

registration_count: pulumi.Output[float] = None¶: The number of managed instances that are currently registered using this activation.

registration_limit: pulumi.Output[float] = None¶: The maximum number of managed instances you want to register. The default value is 1 instance.

tags: pulumi.Output[dict] = None¶: A map of tags to assign to the object.

static get(resource_name, id, opts=None, activation_code=None, description=None, expiration_date=None, expired=None, iam_role=None, name=None, registration_count=None, registration_limit=None, tags=None)¶

Get an existing Activation resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
activation_code (pulumi.Input[str]) – The code the system generates when it processes the activation.
description (pulumi.Input[str]) – The description of the resource that you want to register.
expiration_date (pulumi.Input[str]) –
UTC timestamp in RFC3339 format by which this activation request should expire. The default value is 24 hours from resource creation time. This provider will only perform drift detection of its value when present in a configuration.
expired (pulumi.Input[bool]) – If the current activation has expired.
iam_role (pulumi.Input[str]) – The IAM Role to attach to the managed instance.
name (pulumi.Input[str]) – The default name of the registered managed instance.
registration_count (pulumi.Input[float]) – The number of managed instances that are currently registered using this activation.
registration_limit (pulumi.Input[float]) – The maximum number of managed instances you want to register. The default value is 1 instance.
tags (pulumi.Input[dict]) – A map of tags to assign to the object.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.ssm.Association(resource_name, opts=None, association_name=None, automation_target_parameter_name=None, compliance_severity=None, document_version=None, instance_id=None, max_concurrency=None, max_errors=None, name=None, output_location=None, parameters=None, schedule_expression=None, targets=None, __props__=None, __name__=None, __opts__=None)¶

Associates an SSM Document to an instance or EC2 tag.

import pulumi
import pulumi_aws as aws

example = aws.ssm.Association("example", targets=[{
    "key": "InstanceIds",
    "values": [aws_instance["example"]["id"]],
}])

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
association_name (pulumi.Input[str]) – The descriptive name for the association.
automation_target_parameter_name (pulumi.Input[str]) – Specify the target for the association. This target is required for associations that use an Automation document and target resources by using rate controls.
compliance_severity (pulumi.Input[str]) – The compliance severity for the association. Can be one of the following: UNSPECIFIED, LOW, MEDIUM, HIGH or CRITICAL
document_version (pulumi.Input[str]) – The document version you want to associate with the target(s). Can be a specific version or the default version.
instance_id (pulumi.Input[str]) – The instance ID to apply an SSM document to. Use targets with key InstanceIds for document schema versions 2.0 and above.
max_concurrency (pulumi.Input[str]) – The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%.
max_errors (pulumi.Input[str]) – The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify a number, for example 10, or a percentage of the target set, for example 10%.
name (pulumi.Input[str]) – The name of the SSM document to apply.
output_location (pulumi.Input[dict]) – An output location block. Output Location is documented below.
parameters (pulumi.Input[dict]) – A block of arbitrary string parameters to pass to the SSM document.
schedule_expression (pulumi.Input[str]) – A cron expression when the association will be applied to the target(s).
targets (pulumi.Input[list]) – A block containing the targets of the SSM association. Targets are documented below. AWS currently supports a maximum of 5 targets.

The output_location object supports the following:

s3_bucket_name (pulumi.Input[str]) - The S3 bucket name.
s3_key_prefix (pulumi.Input[str]) - The S3 bucket prefix. Results stored in the root if not configured.

The targets object supports the following:

key (pulumi.Input[str]) - Either InstanceIds or tag:Tag Name to specify an EC2 tag.
values (pulumi.Input[list]) - A list of instance IDs or tag values. AWS currently limits this list size to one value.

association_id: pulumi.Output[str] = None¶: The ID of the SSM association.

association_name: pulumi.Output[str] = None¶: The descriptive name for the association.

automation_target_parameter_name: pulumi.Output[str] = None¶: Specify the target for the association. This target is required for associations that use an Automation document and target resources by using rate controls.

compliance_severity: pulumi.Output[str] = None¶: The compliance severity for the association. Can be one of the following: UNSPECIFIED, LOW, MEDIUM, HIGH or CRITICAL

document_version: pulumi.Output[str] = None¶: The document version you want to associate with the target(s). Can be a specific version or the default version.

instance_id: pulumi.Output[str] = None¶: The instance ID to apply an SSM document to. Use targets with key InstanceIds for document schema versions 2.0 and above.

max_concurrency: pulumi.Output[str] = None¶: The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%.

max_errors: pulumi.Output[str] = None¶: The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify a number, for example 10, or a percentage of the target set, for example 10%.

name: pulumi.Output[str] = None¶: The name of the SSM document to apply.

output_location: pulumi.Output[dict] = None¶

An output location block. Output Location is documented below.

s3_bucket_name (str) - The S3 bucket name.
s3_key_prefix (str) - The S3 bucket prefix. Results stored in the root if not configured.

parameters: pulumi.Output[dict] = None¶: A block of arbitrary string parameters to pass to the SSM document.

schedule_expression: pulumi.Output[str] = None¶: A cron expression when the association will be applied to the target(s).

targets: pulumi.Output[list] = None¶

A block containing the targets of the SSM association. Targets are documented below. AWS currently supports a maximum of 5 targets.

key (str) - Either InstanceIds or tag:Tag Name to specify an EC2 tag.
values (list) - A list of instance IDs or tag values. AWS currently limits this list size to one value.

static get(resource_name, id, opts=None, association_id=None, association_name=None, automation_target_parameter_name=None, compliance_severity=None, document_version=None, instance_id=None, max_concurrency=None, max_errors=None, name=None, output_location=None, parameters=None, schedule_expression=None, targets=None)¶

Get an existing Association resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
association_id (pulumi.Input[str]) – The ID of the SSM association.
association_name (pulumi.Input[str]) – The descriptive name for the association.
automation_target_parameter_name (pulumi.Input[str]) – Specify the target for the association. This target is required for associations that use an Automation document and target resources by using rate controls.
compliance_severity (pulumi.Input[str]) – The compliance severity for the association. Can be one of the following: UNSPECIFIED, LOW, MEDIUM, HIGH or CRITICAL
document_version (pulumi.Input[str]) – The document version you want to associate with the target(s). Can be a specific version or the default version.
instance_id (pulumi.Input[str]) – The instance ID to apply an SSM document to. Use targets with key InstanceIds for document schema versions 2.0 and above.
max_concurrency (pulumi.Input[str]) – The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%.
max_errors (pulumi.Input[str]) – The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify a number, for example 10, or a percentage of the target set, for example 10%.
name (pulumi.Input[str]) – The name of the SSM document to apply.
output_location (pulumi.Input[dict]) – An output location block. Output Location is documented below.
parameters (pulumi.Input[dict]) – A block of arbitrary string parameters to pass to the SSM document.
schedule_expression (pulumi.Input[str]) – A cron expression when the association will be applied to the target(s).
targets (pulumi.Input[list]) – A block containing the targets of the SSM association. Targets are documented below. AWS currently supports a maximum of 5 targets.

The output_location object supports the following:

s3_bucket_name (pulumi.Input[str]) - The S3 bucket name.
s3_key_prefix (pulumi.Input[str]) - The S3 bucket prefix. Results stored in the root if not configured.

The targets object supports the following:

key (pulumi.Input[str]) - Either InstanceIds or tag:Tag Name to specify an EC2 tag.
values (pulumi.Input[list]) - A list of instance IDs or tag values. AWS currently limits this list size to one value.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.ssm.AwaitableGetDocumentResult(arn=None, content=None, document_format=None, document_type=None, document_version=None, id=None, name=None)¶

class pulumi_aws.ssm.AwaitableGetParameterResult(arn=None, id=None, name=None, type=None, value=None, version=None, with_decryption=None)¶

class pulumi_aws.ssm.AwaitableGetPatchBaselineResult(default_baseline=None, description=None, id=None, name=None, name_prefix=None, operating_system=None, owner=None)¶

class pulumi_aws.ssm.Document(resource_name, opts=None, attachments_sources=None, content=None, document_format=None, document_type=None, name=None, permissions=None, tags=None, target_type=None, __props__=None, __name__=None, __opts__=None)¶

Provides an SSM Document resource

NOTE on updating SSM documents: Only documents with a schema version of 2.0 or greater can update their content once created, see SSM Schema Features. To update a document with an older schema version you must recreate the resource.

import pulumi
import pulumi_aws as aws

foo = aws.ssm.Document("foo",
    content="""  {
    "schemaVersion": "1.2",
    "description": "Check ip configuration of a Linux instance.",
    "parameters": {

    },
    "runtimeConfig": {
      "aws:runShellScript": {
        "properties": [
          {
            "id": "0.aws:runShellScript",
            "runCommand": ["ifconfig"]
          }
        ]
      }
    }
  }

""",
    document_type="Command")

The permissions attribute specifies how you want to share the document. If you share a document privately, you must specify the AWS user account IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.

The permissions mapping supports the following:

type - The permission type for the document. The permission type can be Share.
account_ids - The AWS user accounts that should have access to the document. The account IDs can either be a group of account IDs or All.

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
attachments_sources (pulumi.Input[list]) – One or more configuration blocks describing attachments sources to a version of a document. Defined below.
content (pulumi.Input[str]) – The JSON or YAML content of the document.
document_format (pulumi.Input[str]) – The format of the document. Valid document types include: JSON and YAML
document_type (pulumi.Input[str]) – The type of the document. Valid document types include: Automation, Command, Package, Policy, and Session
name (pulumi.Input[str]) – The name of the document.
permissions (pulumi.Input[dict]) – Additional Permissions to attach to the document. See Permissions below for details.
tags (pulumi.Input[dict]) – A map of tags to assign to the object.
target_type (pulumi.Input[str]) – The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see AWS Resource Types Reference (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html)

The attachments_sources object supports the following:

key (pulumi.Input[str]) - The key describing the location of an attachment to a document. Valid key types include: SourceUrl and S3FileUrl
name (pulumi.Input[str]) - The name of the document attachment file
values (pulumi.Input[list]) - The value describing the location of an attachment to a document

attachments_sources: pulumi.Output[list] = None¶

One or more configuration blocks describing attachments sources to a version of a document. Defined below.

key (str) - The key describing the location of an attachment to a document. Valid key types include: SourceUrl and S3FileUrl
name (str) - The name of the document attachment file
values (list) - The value describing the location of an attachment to a document

content: pulumi.Output[str] = None¶: The JSON or YAML content of the document.

created_date: pulumi.Output[str] = None¶: The date the document was created.

default_version: pulumi.Output[str] = None¶: The default version of the document.

description: pulumi.Output[str] = None¶: The description of the document.

document_format: pulumi.Output[str] = None¶: The format of the document. Valid document types include: JSON and YAML

document_type: pulumi.Output[str] = None¶: The type of the document. Valid document types include: Automation, Command, Package, Policy, and Session

document_version: pulumi.Output[str] = None¶: The document version.

hash: pulumi.Output[str] = None¶: The sha1 or sha256 of the document content

hash_type: pulumi.Output[str] = None¶: “Sha1” “Sha256”. The hashing algorithm used when hashing the content.

latest_version: pulumi.Output[str] = None¶: The latest version of the document.

name: pulumi.Output[str] = None¶: The name of the document.

owner: pulumi.Output[str] = None¶: The AWS user account of the person who created the document.

parameters: pulumi.Output[list] = None¶

The parameters that are available to this document.

default_value (str)
description (str) - The description of the document.
name (str) - The name of the document.
type (str)

permissions: pulumi.Output[dict] = None¶: Additional Permissions to attach to the document. See Permissions below for details.

platform_types: pulumi.Output[list] = None¶: A list of OS platforms compatible with this SSM document, either “Windows” or “Linux”.

schema_version: pulumi.Output[str] = None¶: The schema version of the document.

status: pulumi.Output[str] = None¶: “Creating”, “Active” or “Deleting”. The current status of the document.

tags: pulumi.Output[dict] = None¶: A map of tags to assign to the object.

target_type: pulumi.Output[str] = None¶: The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see AWS Resource Types Reference (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html)

static get(resource_name, id, opts=None, arn=None, attachments_sources=None, content=None, created_date=None, default_version=None, description=None, document_format=None, document_type=None, document_version=None, hash=None, hash_type=None, latest_version=None, name=None, owner=None, parameters=None, permissions=None, platform_types=None, schema_version=None, status=None, tags=None, target_type=None)¶

Get an existing Document resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
attachments_sources (pulumi.Input[list]) – One or more configuration blocks describing attachments sources to a version of a document. Defined below.
content (pulumi.Input[str]) – The JSON or YAML content of the document.
created_date (pulumi.Input[str]) – The date the document was created.
default_version (pulumi.Input[str]) – The default version of the document.
description (pulumi.Input[str]) – The description of the document.
document_format (pulumi.Input[str]) – The format of the document. Valid document types include: JSON and YAML
document_type (pulumi.Input[str]) – The type of the document. Valid document types include: Automation, Command, Package, Policy, and Session
document_version (pulumi.Input[str]) – The document version.
hash (pulumi.Input[str]) – The sha1 or sha256 of the document content
hash_type (pulumi.Input[str]) – “Sha1” “Sha256”. The hashing algorithm used when hashing the content.
latest_version (pulumi.Input[str]) – The latest version of the document.
name (pulumi.Input[str]) – The name of the document.
owner (pulumi.Input[str]) – The AWS user account of the person who created the document.
parameters (pulumi.Input[list]) – The parameters that are available to this document.
permissions (pulumi.Input[dict]) – Additional Permissions to attach to the document. See Permissions below for details.
platform_types (pulumi.Input[list]) – A list of OS platforms compatible with this SSM document, either “Windows” or “Linux”.
schema_version (pulumi.Input[str]) – The schema version of the document.
status (pulumi.Input[str]) – “Creating”, “Active” or “Deleting”. The current status of the document.
tags (pulumi.Input[dict]) – A map of tags to assign to the object.
target_type (pulumi.Input[str]) – The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see AWS Resource Types Reference (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html)

The attachments_sources object supports the following:

key (pulumi.Input[str]) - The key describing the location of an attachment to a document. Valid key types include: SourceUrl and S3FileUrl
name (pulumi.Input[str]) - The name of the document attachment file
values (pulumi.Input[list]) - The value describing the location of an attachment to a document

The parameters object supports the following:

default_value (pulumi.Input[str])
description (pulumi.Input[str]) - The description of the document.
name (pulumi.Input[str]) - The name of the document.
type (pulumi.Input[str])

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.ssm.GetDocumentResult(arn=None, content=None, document_format=None, document_type=None, document_version=None, id=None, name=None)¶

A collection of values returned by getDocument.

arn = None¶: The ARN of the document.

content = None¶: The contents of the document.

document_type = None¶: The type of the document.

id = None¶: The provider-assigned unique ID for this managed resource.

class pulumi_aws.ssm.GetParameterResult(arn=None, id=None, name=None, type=None, value=None, version=None, with_decryption=None)¶

A collection of values returned by getParameter.

id = None¶: The provider-assigned unique ID for this managed resource.

class pulumi_aws.ssm.GetPatchBaselineResult(default_baseline=None, description=None, id=None, name=None, name_prefix=None, operating_system=None, owner=None)¶

A collection of values returned by getPatchBaseline.

description = None¶: The description of the baseline.

id = None¶: The provider-assigned unique ID for this managed resource.

name = None¶: The name of the baseline.

class pulumi_aws.ssm.MaintenanceWindow(resource_name, opts=None, allow_unassociated_targets=None, cutoff=None, description=None, duration=None, enabled=None, end_date=None, name=None, schedule=None, schedule_timezone=None, start_date=None, tags=None, __props__=None, __name__=None, __opts__=None)¶

Provides an SSM Maintenance Window resource

import pulumi
import pulumi_aws as aws

production = aws.ssm.MaintenanceWindow("production",
    cutoff=1,
    duration=3,
    schedule="cron(0 16 ? * TUE *)")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
allow_unassociated_targets (pulumi.Input[bool]) – Whether targets must be registered with the Maintenance Window before tasks can be defined for those targets.
cutoff (pulumi.Input[float]) – The number of hours before the end of the Maintenance Window that Systems Manager stops scheduling new tasks for execution.
description (pulumi.Input[str]) – A description for the maintenance window.
duration (pulumi.Input[float]) – The duration of the Maintenance Window in hours.
enabled (pulumi.Input[bool]) – Whether the maintenance window is enabled. Default: true.
end_date (pulumi.Input[str]) – Timestamp in ISO-8601 extended format when to no longer run the maintenance window.
name (pulumi.Input[str]) – The name of the maintenance window.
schedule (pulumi.Input[str]) – The schedule of the Maintenance Window in the form of a cron or rate expression.
schedule_timezone (pulumi.Input[str]) – Timezone for schedule in Internet Assigned Numbers Authority (IANA) Time Zone Database format. For example: America/Los_Angeles, etc/UTC, or Asia/Seoul.
start_date (pulumi.Input[str]) –
Timestamp in ISO-8601 extended format when to begin the maintenance window.
tags (pulumi.Input[dict]) – A map of tags to assign to the resource.

allow_unassociated_targets: pulumi.Output[bool] = None¶: Whether targets must be registered with the Maintenance Window before tasks can be defined for those targets.

cutoff: pulumi.Output[float] = None¶: The number of hours before the end of the Maintenance Window that Systems Manager stops scheduling new tasks for execution.

description: pulumi.Output[str] = None¶: A description for the maintenance window.

duration: pulumi.Output[float] = None¶: The duration of the Maintenance Window in hours.

enabled: pulumi.Output[bool] = None¶: Whether the maintenance window is enabled. Default: true.

end_date: pulumi.Output[str] = None¶: Timestamp in ISO-8601 extended format when to no longer run the maintenance window.

name: pulumi.Output[str] = None¶: The name of the maintenance window.

schedule: pulumi.Output[str] = None¶: The schedule of the Maintenance Window in the form of a cron or rate expression.

schedule_timezone: pulumi.Output[str] = None¶: Timezone for schedule in Internet Assigned Numbers Authority (IANA) Time Zone Database format. For example: America/Los_Angeles, etc/UTC, or Asia/Seoul.

start_date: pulumi.Output[str] = None¶: Timestamp in ISO-8601 extended format when to begin the maintenance window.

tags: pulumi.Output[dict] = None¶: A map of tags to assign to the resource.

static get(resource_name, id, opts=None, allow_unassociated_targets=None, cutoff=None, description=None, duration=None, enabled=None, end_date=None, name=None, schedule=None, schedule_timezone=None, start_date=None, tags=None)¶

Get an existing MaintenanceWindow resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
allow_unassociated_targets (pulumi.Input[bool]) – Whether targets must be registered with the Maintenance Window before tasks can be defined for those targets.
cutoff (pulumi.Input[float]) – The number of hours before the end of the Maintenance Window that Systems Manager stops scheduling new tasks for execution.
description (pulumi.Input[str]) – A description for the maintenance window.
duration (pulumi.Input[float]) – The duration of the Maintenance Window in hours.
enabled (pulumi.Input[bool]) – Whether the maintenance window is enabled. Default: true.
end_date (pulumi.Input[str]) –
Timestamp in ISO-8601 extended format when to no longer run the maintenance window.
name (pulumi.Input[str]) – The name of the maintenance window.
schedule (pulumi.Input[str]) –
The schedule of the Maintenance Window in the form of a cron or rate expression.
schedule_timezone (pulumi.Input[str]) –
Timezone for schedule in Internet Assigned Numbers Authority (IANA) Time Zone Database format. For example: America/Los_Angeles, etc/UTC, or Asia/Seoul.
start_date (pulumi.Input[str]) –
Timestamp in ISO-8601 extended format when to begin the maintenance window.
tags (pulumi.Input[dict]) – A map of tags to assign to the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.ssm.MaintenanceWindowTarget(resource_name, opts=None, description=None, name=None, owner_information=None, resource_type=None, targets=None, window_id=None, __props__=None, __name__=None, __opts__=None)¶

Provides an SSM Maintenance Window Target resource

import pulumi
import pulumi_aws as aws

window = aws.ssm.MaintenanceWindow("window",
    cutoff=1,
    duration=3,
    schedule="cron(0 16 ? * TUE *)")
target1 = aws.ssm.MaintenanceWindowTarget("target1",
    description="This is a maintenance window target",
    resource_type="INSTANCE",
    targets=[{
        "key": "tag:Name",
        "values": ["acceptance_test"],
    }],
    window_id=window.id)

import pulumi
import pulumi_aws as aws

window = aws.ssm.MaintenanceWindow("window",
    cutoff=1,
    duration=3,
    schedule="cron(0 16 ? * TUE *)")
target1 = aws.ssm.MaintenanceWindowTarget("target1",
    description="This is a maintenance window target",
    resource_type="RESOURCE_GROUP",
    targets=[{
        "key": "resource-groups:ResourceTypeFilters",
        "values": [
            "AWS::EC2::INSTANCE",
            "AWS::EC2::VPC",
        ],
    }],
    window_id=window.id)

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
description (pulumi.Input[str]) – The description of the maintenance window target.
name (pulumi.Input[str]) – The name of the maintenance window target.
owner_information (pulumi.Input[str]) – User-provided value that will be included in any CloudWatch events raised while running tasks for these targets in this Maintenance Window.
resource_type (pulumi.Input[str]) – The type of target being registered with the Maintenance Window. Possible values are INSTANCE and RESOURCE_GROUP.
targets (pulumi.Input[list]) – The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs. You can specify targets using instance IDs, resource group names, or tags that have been applied to instances. For more information about these examples formats see (https://docs.aws.amazon.com/systems-manager/latest/userguide/mw-cli-tutorial-targets-examples.html)
window_id (pulumi.Input[str]) – The Id of the maintenance window to register the target with.

The targets object supports the following:

key (pulumi.Input[str])
values (pulumi.Input[list])

description: pulumi.Output[str] = None¶: The description of the maintenance window target.

name: pulumi.Output[str] = None¶: The name of the maintenance window target.

owner_information: pulumi.Output[str] = None¶: User-provided value that will be included in any CloudWatch events raised while running tasks for these targets in this Maintenance Window.

resource_type: pulumi.Output[str] = None¶: The type of target being registered with the Maintenance Window. Possible values are INSTANCE and RESOURCE_GROUP.

targets: pulumi.Output[list] = None¶

The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs. You can specify targets using instance IDs, resource group names, or tags that have been applied to instances. For more information about these examples formats see (https://docs.aws.amazon.com/systems-manager/latest/userguide/mw-cli-tutorial-targets-examples.html)

key (str)
values (list)

window_id: pulumi.Output[str] = None¶: The Id of the maintenance window to register the target with.

static get(resource_name, id, opts=None, description=None, name=None, owner_information=None, resource_type=None, targets=None, window_id=None)¶

Get an existing MaintenanceWindowTarget resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
description (pulumi.Input[str]) – The description of the maintenance window target.
name (pulumi.Input[str]) – The name of the maintenance window target.
owner_information (pulumi.Input[str]) – User-provided value that will be included in any CloudWatch events raised while running tasks for these targets in this Maintenance Window.
resource_type (pulumi.Input[str]) – The type of target being registered with the Maintenance Window. Possible values are INSTANCE and RESOURCE_GROUP.
targets (pulumi.Input[list]) – The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs. You can specify targets using instance IDs, resource group names, or tags that have been applied to instances. For more information about these examples formats see (https://docs.aws.amazon.com/systems-manager/latest/userguide/mw-cli-tutorial-targets-examples.html)
window_id (pulumi.Input[str]) – The Id of the maintenance window to register the target with.

The targets object supports the following:

key (pulumi.Input[str])
values (pulumi.Input[list])

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.ssm.MaintenanceWindowTask(resource_name, opts=None, description=None, logging_info=None, max_concurrency=None, max_errors=None, name=None, priority=None, service_role_arn=None, targets=None, task_arn=None, task_invocation_parameters=None, task_parameters=None, task_type=None, window_id=None, __props__=None, __name__=None, __opts__=None)¶

Provides an SSM Maintenance Window Task resource

import pulumi
import pulumi_aws as aws

example = aws.ssm.MaintenanceWindowTask("example",
    max_concurrency=2,
    max_errors=1,
    priority=1,
    service_role_arn=aws_iam_role["example"]["arn"],
    targets=[{
        "key": "InstanceIds",
        "values": [aws_instance["example"]["id"]],
    }],
    task_arn="AWS-RestartEC2Instance",
    task_invocation_parameters={
        "automationParameters": {
            "document_version": "$LATEST",
            "parameter": [{
                "name": "InstanceId",
                "values": [aws_instance["example"]["id"]],
            }],
        },
    },
    task_type="AUTOMATION",
    window_id=aws_ssm_maintenance_window["example"]["id"])

import pulumi
import pulumi_aws as aws

example = aws.ssm.MaintenanceWindowTask("example",
    max_concurrency=2,
    max_errors=1,
    priority=1,
    service_role_arn=aws_iam_role["example"]["arn"],
    targets=[{
        "key": "InstanceIds",
        "values": [aws_instance["example"]["id"]],
    }],
    task_arn="AWS-RunShellScript",
    task_invocation_parameters={
        "runCommandParameters": {
            "notificationConfig": {
                "notificationArn": aws_sns_topic["example"]["arn"],
                "notificationEvents": ["All"],
                "notification_type": "Command",
            },
            "outputS3Bucket": aws_s3_bucket["example"]["bucket"],
            "outputS3KeyPrefix": "output",
            "parameter": [{
                "name": "commands",
                "values": ["date"],
            }],
            "service_role_arn": aws_iam_role["example"]["arn"],
            "timeoutSeconds": 600,
        },
    },
    task_type="RUN_COMMAND",
    window_id=aws_ssm_maintenance_window["example"]["id"])

import pulumi
import pulumi_aws as aws

example = aws.ssm.MaintenanceWindowTask("example",
    max_concurrency=2,
    max_errors=1,
    priority=1,
    service_role_arn=aws_iam_role["example"]["arn"],
    targets=[{
        "key": "InstanceIds",
        "values": [aws_instance["example"]["id"]],
    }],
    task_arn=aws_sfn_activity["example"]["id"],
    task_invocation_parameters={
        "stepFunctionsParameters": {
            "input": "{"key1":"value1"}",
            "name": "example",
        },
    },
    task_type="STEP_FUNCTIONS",
    window_id=aws_ssm_maintenance_window["example"]["id"])

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
description (pulumi.Input[str]) – The description of the maintenance window task.
logging_info (pulumi.Input[dict]) – A structure containing information about an Amazon S3 bucket to write instance-level logs to. Use task_invocation_parameters configuration block run_command_parameters configuration block output_s3_* arguments instead. Conflicts with task_invocation_parameters. Documented below.
max_concurrency (pulumi.Input[str]) – The maximum number of targets this task can be run for in parallel.
max_errors (pulumi.Input[str]) – The maximum number of errors allowed before this task stops being scheduled.
name (pulumi.Input[str]) – The name of the maintenance window task.
priority (pulumi.Input[float]) – The priority of the task in the Maintenance Window, the lower the number the higher the priority. Tasks in a Maintenance Window are scheduled in priority order with tasks that have the same priority scheduled in parallel.
service_role_arn (pulumi.Input[str]) – The role that should be assumed when executing the task.
targets (pulumi.Input[list]) – The targets (either instances or window target ids). Instances are specified using Key=InstanceIds,Values=instanceid1,instanceid2. Window target ids are specified using Key=WindowTargetIds,Values=window target id1, window target id2.
task_arn (pulumi.Input[str]) – The ARN of the task to execute.
task_invocation_parameters (pulumi.Input[dict]) – The parameters for task execution. This argument is conflict with task_parameters and logging_info.
task_parameters (pulumi.Input[list]) – A structure containing information about parameters required by the particular task_arn. Use parameter configuration blocks under the task_invocation_parameters configuration block instead. Conflicts with task_invocation_parameters. Documented below.
task_type (pulumi.Input[str]) – The type of task being registered. The only allowed value is RUN_COMMAND.
window_id (pulumi.Input[str]) – The Id of the maintenance window to register the task with.

The logging_info object supports the following:

s3_bucket_name (pulumi.Input[str])
s3BucketPrefix (pulumi.Input[str])
s3_region (pulumi.Input[str])

The targets object supports the following:

key (pulumi.Input[str])
values (pulumi.Input[list])

The task_invocation_parameters object supports the following:

automationParameters (pulumi.Input[dict]) - The parameters for an AUTOMATION task type. Documented below.
- document_version (pulumi.Input[str]) - The version of an Automation document to use during task execution.
- parameters (pulumi.Input[list]) - The parameters for the RUN_COMMAND task execution. Documented below.
  - name (pulumi.Input[str]) - The parameter name.
  - values (pulumi.Input[list]) - The array of strings.
lambdaParameters (pulumi.Input[dict]) - The parameters for a LAMBDA task type. Documented below.
- clientContext (pulumi.Input[str]) - Pass client-specific information to the Lambda function that you are invoking.
- payload (pulumi.Input[str]) - JSON to provide to your Lambda function as input.
- qualifier (pulumi.Input[str]) - Specify a Lambda function version or alias name.
runCommandParameters (pulumi.Input[dict]) - The parameters for a RUN_COMMAND task type. Documented below.
- comment (pulumi.Input[str]) - Information about the command(s) to execute.
- documentHash (pulumi.Input[str]) - The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
- documentHashType (pulumi.Input[str]) - SHA-256 or SHA-1. SHA-1 hashes have been deprecated. Valid values: Sha256 and Sha1
- notificationConfig (pulumi.Input[dict]) - Configurations for sending notifications about command status changes on a per-instance basis. Documented below.
  - notificationArn (pulumi.Input[str]) - An Amazon Resource Name (ARN) for a Simple Notification Service (SNS) topic. Run Command pushes notifications about command status changes to this topic.
  - notificationEvents (pulumi.Input[list]) - The different events for which you can receive notifications. Valid values: All, InProgress, Success, TimedOut, Cancelled, and Failed
  - notification_type (pulumi.Input[str]) - When specified with Command, receive notification when the status of a command changes. When specified with Invocation, for commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes. Valid values: Command and Invocation
- outputS3Bucket (pulumi.Input[str]) - The name of the Amazon S3 bucket.
- outputS3KeyPrefix (pulumi.Input[str]) - The Amazon S3 bucket subfolder.
- parameters (pulumi.Input[list]) - The parameters for the RUN_COMMAND task execution. Documented below.
  - name (pulumi.Input[str]) - The parameter name.
  - values (pulumi.Input[list]) - The array of strings.
- service_role_arn (pulumi.Input[str]) - The IAM service role to assume during task execution.
- timeoutSeconds (pulumi.Input[float]) - If this time is reached and the command has not already started executing, it doesn’t run.
stepFunctionsParameters (pulumi.Input[dict]) - The parameters for a STEP_FUNCTIONS task type. Documented below.
- input (pulumi.Input[str]) - The inputs for the STEP_FUNCTION task.
- name (pulumi.Input[str]) - The name of the STEP_FUNCTION task.

The task_parameters object supports the following:

name (pulumi.Input[str]) - The name of the maintenance window task.
values (pulumi.Input[list])

description: pulumi.Output[str] = None¶: The description of the maintenance window task.

logging_info: pulumi.Output[dict] = None¶

A structure containing information about an Amazon S3 bucket to write instance-level logs to. Use task_invocation_parameters configuration block run_command_parameters configuration block output_s3_* arguments instead. Conflicts with task_invocation_parameters. Documented below.

s3_bucket_name (str)
s3BucketPrefix (str)
s3_region (str)

max_concurrency: pulumi.Output[str] = None¶: The maximum number of targets this task can be run for in parallel.

max_errors: pulumi.Output[str] = None¶: The maximum number of errors allowed before this task stops being scheduled.

name: pulumi.Output[str] = None¶: The name of the maintenance window task.

priority: pulumi.Output[float] = None¶: The priority of the task in the Maintenance Window, the lower the number the higher the priority. Tasks in a Maintenance Window are scheduled in priority order with tasks that have the same priority scheduled in parallel.

service_role_arn: pulumi.Output[str] = None¶: The role that should be assumed when executing the task.

targets: pulumi.Output[list] = None¶

The targets (either instances or window target ids). Instances are specified using Key=InstanceIds,Values=instanceid1,instanceid2. Window target ids are specified using Key=WindowTargetIds,Values=window target id1, window target id2.

key (str)
values (list)

task_arn: pulumi.Output[str] = None¶: The ARN of the task to execute.

task_invocation_parameters: pulumi.Output[dict] = None¶

The parameters for task execution. This argument is conflict with task_parameters and logging_info.

automationParameters (dict) - The parameters for an AUTOMATION task type. Documented below.
- document_version (str) - The version of an Automation document to use during task execution.
- parameters (list) - The parameters for the RUN_COMMAND task execution. Documented below.
  - name (str) - The parameter name.
  - values (list) - The array of strings.
lambdaParameters (dict) - The parameters for a LAMBDA task type. Documented below.
- clientContext (str) - Pass client-specific information to the Lambda function that you are invoking.
- payload (str) - JSON to provide to your Lambda function as input.
- qualifier (str) - Specify a Lambda function version or alias name.
runCommandParameters (dict) - The parameters for a RUN_COMMAND task type. Documented below.
- comment (str) - Information about the command(s) to execute.
- documentHash (str) - The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
- documentHashType (str) - SHA-256 or SHA-1. SHA-1 hashes have been deprecated. Valid values: Sha256 and Sha1
- notificationConfig (dict) - Configurations for sending notifications about command status changes on a per-instance basis. Documented below.
  - notificationArn (str) - An Amazon Resource Name (ARN) for a Simple Notification Service (SNS) topic. Run Command pushes notifications about command status changes to this topic.
  - notificationEvents (list) - The different events for which you can receive notifications. Valid values: All, InProgress, Success, TimedOut, Cancelled, and Failed
  - notification_type (str) - When specified with Command, receive notification when the status of a command changes. When specified with Invocation, for commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes. Valid values: Command and Invocation
- outputS3Bucket (str) - The name of the Amazon S3 bucket.
- outputS3KeyPrefix (str) - The Amazon S3 bucket subfolder.
- parameters (list) - The parameters for the RUN_COMMAND task execution. Documented below.
  - name (str) - The parameter name.
  - values (list) - The array of strings.
- service_role_arn (str) - The IAM service role to assume during task execution.
- timeoutSeconds (float) - If this time is reached and the command has not already started executing, it doesn’t run.
stepFunctionsParameters (dict) - The parameters for a STEP_FUNCTIONS task type. Documented below.
- input (str) - The inputs for the STEP_FUNCTION task.
- name (str) - The name of the STEP_FUNCTION task.

task_parameters: pulumi.Output[list] = None¶

A structure containing information about parameters required by the particular task_arn. Use parameter configuration blocks under the task_invocation_parameters configuration block instead. Conflicts with task_invocation_parameters. Documented below.

name (str) - The name of the maintenance window task.
values (list)

task_type: pulumi.Output[str] = None¶: The type of task being registered. The only allowed value is RUN_COMMAND.

window_id: pulumi.Output[str] = None¶: The Id of the maintenance window to register the task with.

static get(resource_name, id, opts=None, description=None, logging_info=None, max_concurrency=None, max_errors=None, name=None, priority=None, service_role_arn=None, targets=None, task_arn=None, task_invocation_parameters=None, task_parameters=None, task_type=None, window_id=None)¶

Get an existing MaintenanceWindowTask resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
description (pulumi.Input[str]) – The description of the maintenance window task.
logging_info (pulumi.Input[dict]) – A structure containing information about an Amazon S3 bucket to write instance-level logs to. Use task_invocation_parameters configuration block run_command_parameters configuration block output_s3_* arguments instead. Conflicts with task_invocation_parameters. Documented below.
max_concurrency (pulumi.Input[str]) – The maximum number of targets this task can be run for in parallel.
max_errors (pulumi.Input[str]) – The maximum number of errors allowed before this task stops being scheduled.
name (pulumi.Input[str]) – The name of the maintenance window task.
priority (pulumi.Input[float]) – The priority of the task in the Maintenance Window, the lower the number the higher the priority. Tasks in a Maintenance Window are scheduled in priority order with tasks that have the same priority scheduled in parallel.
service_role_arn (pulumi.Input[str]) – The role that should be assumed when executing the task.
targets (pulumi.Input[list]) – The targets (either instances or window target ids). Instances are specified using Key=InstanceIds,Values=instanceid1,instanceid2. Window target ids are specified using Key=WindowTargetIds,Values=window target id1, window target id2.
task_arn (pulumi.Input[str]) – The ARN of the task to execute.
task_invocation_parameters (pulumi.Input[dict]) – The parameters for task execution. This argument is conflict with task_parameters and logging_info.
task_parameters (pulumi.Input[list]) – A structure containing information about parameters required by the particular task_arn. Use parameter configuration blocks under the task_invocation_parameters configuration block instead. Conflicts with task_invocation_parameters. Documented below.
task_type (pulumi.Input[str]) – The type of task being registered. The only allowed value is RUN_COMMAND.
window_id (pulumi.Input[str]) – The Id of the maintenance window to register the task with.

The logging_info object supports the following:

s3_bucket_name (pulumi.Input[str])
s3BucketPrefix (pulumi.Input[str])
s3_region (pulumi.Input[str])

The targets object supports the following:

key (pulumi.Input[str])
values (pulumi.Input[list])

The task_invocation_parameters object supports the following:

automationParameters (pulumi.Input[dict]) - The parameters for an AUTOMATION task type. Documented below.
- document_version (pulumi.Input[str]) - The version of an Automation document to use during task execution.
- parameters (pulumi.Input[list]) - The parameters for the RUN_COMMAND task execution. Documented below.
  - name (pulumi.Input[str]) - The parameter name.
  - values (pulumi.Input[list]) - The array of strings.
lambdaParameters (pulumi.Input[dict]) - The parameters for a LAMBDA task type. Documented below.
- clientContext (pulumi.Input[str]) - Pass client-specific information to the Lambda function that you are invoking.
- payload (pulumi.Input[str]) - JSON to provide to your Lambda function as input.
- qualifier (pulumi.Input[str]) - Specify a Lambda function version or alias name.
runCommandParameters (pulumi.Input[dict]) - The parameters for a RUN_COMMAND task type. Documented below.
- comment (pulumi.Input[str]) - Information about the command(s) to execute.
- documentHash (pulumi.Input[str]) - The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
- documentHashType (pulumi.Input[str]) - SHA-256 or SHA-1. SHA-1 hashes have been deprecated. Valid values: Sha256 and Sha1
- notificationConfig (pulumi.Input[dict]) - Configurations for sending notifications about command status changes on a per-instance basis. Documented below.
  - notificationArn (pulumi.Input[str]) - An Amazon Resource Name (ARN) for a Simple Notification Service (SNS) topic. Run Command pushes notifications about command status changes to this topic.
  - notificationEvents (pulumi.Input[list]) - The different events for which you can receive notifications. Valid values: All, InProgress, Success, TimedOut, Cancelled, and Failed
  - notification_type (pulumi.Input[str]) - When specified with Command, receive notification when the status of a command changes. When specified with Invocation, for commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes. Valid values: Command and Invocation
- outputS3Bucket (pulumi.Input[str]) - The name of the Amazon S3 bucket.
- outputS3KeyPrefix (pulumi.Input[str]) - The Amazon S3 bucket subfolder.
- parameters (pulumi.Input[list]) - The parameters for the RUN_COMMAND task execution. Documented below.
  - name (pulumi.Input[str]) - The parameter name.
  - values (pulumi.Input[list]) - The array of strings.
- service_role_arn (pulumi.Input[str]) - The IAM service role to assume during task execution.
- timeoutSeconds (pulumi.Input[float]) - If this time is reached and the command has not already started executing, it doesn’t run.
stepFunctionsParameters (pulumi.Input[dict]) - The parameters for a STEP_FUNCTIONS task type. Documented below.
- input (pulumi.Input[str]) - The inputs for the STEP_FUNCTION task.
- name (pulumi.Input[str]) - The name of the STEP_FUNCTION task.

The task_parameters object supports the following:

name (pulumi.Input[str]) - The name of the maintenance window task.
values (pulumi.Input[list])

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.ssm.Parameter(resource_name, opts=None, allowed_pattern=None, arn=None, description=None, key_id=None, name=None, overwrite=None, tags=None, tier=None, type=None, value=None, __props__=None, __name__=None, __opts__=None)¶

Provides an SSM Parameter resource.

import pulumi
import pulumi_aws as aws

foo = aws.ssm.Parameter("foo",
    type="String",
    value="bar")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
allowed_pattern (pulumi.Input[str]) – A regular expression used to validate the parameter value.
arn (pulumi.Input[str]) – The ARN of the parameter.
description (pulumi.Input[str]) – The description of the parameter.
key_id (pulumi.Input[str]) – The KMS key id or arn for encrypting a SecureString.
name (pulumi.Input[str]) – The name of the parameter. If the name contains a path (e.g. any forward slashes (/)), it must be fully qualified with a leading forward slash (/). For additional requirements and constraints, see the AWS SSM User Guide.
overwrite (pulumi.Input[bool]) – Overwrite an existing parameter. If not specified, will default to false if the resource has not been created by this provider to avoid overwrite of existing resource and will default to true otherwise (lifecycle rules should then be used to manage the update behavior).
tags (pulumi.Input[dict]) – A map of tags to assign to the object.
tier (pulumi.Input[str]) – The tier of the parameter. If not specified, will default to Standard. Valid tiers are Standard and Advanced. For more information on parameter tiers, see the AWS SSM Parameter tier comparison and guide.
type (pulumi.Input[str]) – The type of the parameter. Valid types are String, StringList and SecureString.
value (pulumi.Input[str]) – The value of the parameter.

allowed_pattern: pulumi.Output[str] = None¶: A regular expression used to validate the parameter value.

arn: pulumi.Output[str] = None¶: The ARN of the parameter.

description: pulumi.Output[str] = None¶: The description of the parameter.

key_id: pulumi.Output[str] = None¶: The KMS key id or arn for encrypting a SecureString.

name: pulumi.Output[str] = None¶: The name of the parameter. If the name contains a path (e.g. any forward slashes (/)), it must be fully qualified with a leading forward slash (/). For additional requirements and constraints, see the AWS SSM User Guide.

overwrite: pulumi.Output[bool] = None¶: Overwrite an existing parameter. If not specified, will default to false if the resource has not been created by this provider to avoid overwrite of existing resource and will default to true otherwise (lifecycle rules should then be used to manage the update behavior).

tags: pulumi.Output[dict] = None¶: A map of tags to assign to the object.

tier: pulumi.Output[str] = None¶: The tier of the parameter. If not specified, will default to Standard. Valid tiers are Standard and Advanced. For more information on parameter tiers, see the AWS SSM Parameter tier comparison and guide.

type: pulumi.Output[str] = None¶: The type of the parameter. Valid types are String, StringList and SecureString.

value: pulumi.Output[str] = None¶: The value of the parameter.

version: pulumi.Output[float] = None¶: The version of the parameter.

static get(resource_name, id, opts=None, allowed_pattern=None, arn=None, description=None, key_id=None, name=None, overwrite=None, tags=None, tier=None, type=None, value=None, version=None)¶

Get an existing Parameter resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
allowed_pattern (pulumi.Input[str]) – A regular expression used to validate the parameter value.
arn (pulumi.Input[str]) – The ARN of the parameter.
description (pulumi.Input[str]) – The description of the parameter.
key_id (pulumi.Input[str]) – The KMS key id or arn for encrypting a SecureString.
name (pulumi.Input[str]) –
The name of the parameter. If the name contains a path (e.g. any forward slashes (/)), it must be fully qualified with a leading forward slash (/). For additional requirements and constraints, see the AWS SSM User Guide.
overwrite (pulumi.Input[bool]) – Overwrite an existing parameter. If not specified, will default to false if the resource has not been created by this provider to avoid overwrite of existing resource and will default to true otherwise (lifecycle rules should then be used to manage the update behavior).
tags (pulumi.Input[dict]) – A map of tags to assign to the object.
tier (pulumi.Input[str]) –
The tier of the parameter. If not specified, will default to Standard. Valid tiers are Standard and Advanced. For more information on parameter tiers, see the AWS SSM Parameter tier comparison and guide.
type (pulumi.Input[str]) – The type of the parameter. Valid types are String, StringList and SecureString.
value (pulumi.Input[str]) – The value of the parameter.
version (pulumi.Input[float]) – The version of the parameter.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.ssm.PatchBaseline(resource_name, opts=None, approval_rules=None, approved_patches=None, approved_patches_compliance_level=None, description=None, global_filters=None, name=None, operating_system=None, rejected_patches=None, tags=None, __props__=None, __name__=None, __opts__=None)¶

Provides an SSM Patch Baseline resource

NOTE on Patch Baselines: The approved_patches and approval_rule are both marked as optional fields, but the Patch Baseline requires that at least one of them is specified.

import pulumi
import pulumi_aws as aws

production = aws.ssm.PatchBaseline("production", approved_patches=["KB123456"])

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
approval_rules (pulumi.Input[list]) – A set of rules used to include patches in the baseline. up to 10 approval rules can be specified. Each approval_rule block requires the fields documented below.
approved_patches (pulumi.Input[list]) – A list of explicitly approved patches for the baseline.
approved_patches_compliance_level (pulumi.Input[str]) – Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid compliance levels include the following: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
description (pulumi.Input[str]) – The description of the patch baseline.
global_filters (pulumi.Input[list]) – A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID.
name (pulumi.Input[str]) – The name of the patch baseline.
operating_system (pulumi.Input[str]) – Defines the operating system the patch baseline applies to. Supported operating systems include WINDOWS, AMAZON_LINUX, AMAZON_LINUX_2, SUSE, UBUNTU, CENTOS, and REDHAT_ENTERPRISE_LINUX. The Default value is WINDOWS.
rejected_patches (pulumi.Input[list]) – A list of rejected patches.
tags (pulumi.Input[dict]) – A map of tags to assign to the resource.

The approval_rules object supports the following:

approveAfterDays (pulumi.Input[float]) - The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 100.
complianceLevel (pulumi.Input[str]) - Defines the compliance level for patches approved by this rule. Valid compliance levels include the following: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
enableNonSecurity (pulumi.Input[bool]) - Boolean enabling the application of non-security updates. The default value is ‘false’. Valid for Linux instances only.
patchFilters (pulumi.Input[list]) - The patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid Keys are PATCH_SET | PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID.
- key (pulumi.Input[str])
- values (pulumi.Input[list])

The global_filters object supports the following:

key (pulumi.Input[str])
values (pulumi.Input[list])

approval_rules: pulumi.Output[list] = None¶

A set of rules used to include patches in the baseline. up to 10 approval rules can be specified. Each approval_rule block requires the fields documented below.

approveAfterDays (float) - The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 100.
complianceLevel (str) - Defines the compliance level for patches approved by this rule. Valid compliance levels include the following: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
enableNonSecurity (bool) - Boolean enabling the application of non-security updates. The default value is ‘false’. Valid for Linux instances only.
patchFilters (list) - The patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid Keys are PATCH_SET | PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID.
- key (str)
- values (list)

approved_patches: pulumi.Output[list] = None¶: A list of explicitly approved patches for the baseline.

approved_patches_compliance_level: pulumi.Output[str] = None¶: Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid compliance levels include the following: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.

description: pulumi.Output[str] = None¶: The description of the patch baseline.

global_filters: pulumi.Output[list] = None¶

A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID.

key (str)
values (list)

name: pulumi.Output[str] = None¶: The name of the patch baseline.

operating_system: pulumi.Output[str] = None¶: Defines the operating system the patch baseline applies to. Supported operating systems include WINDOWS, AMAZON_LINUX, AMAZON_LINUX_2, SUSE, UBUNTU, CENTOS, and REDHAT_ENTERPRISE_LINUX. The Default value is WINDOWS.

rejected_patches: pulumi.Output[list] = None¶: A list of rejected patches.

tags: pulumi.Output[dict] = None¶: A map of tags to assign to the resource.

static get(resource_name, id, opts=None, approval_rules=None, approved_patches=None, approved_patches_compliance_level=None, description=None, global_filters=None, name=None, operating_system=None, rejected_patches=None, tags=None)¶

Get an existing PatchBaseline resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
approval_rules (pulumi.Input[list]) – A set of rules used to include patches in the baseline. up to 10 approval rules can be specified. Each approval_rule block requires the fields documented below.
approved_patches (pulumi.Input[list]) – A list of explicitly approved patches for the baseline.
approved_patches_compliance_level (pulumi.Input[str]) – Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. Valid compliance levels include the following: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
description (pulumi.Input[str]) – The description of the patch baseline.
global_filters (pulumi.Input[list]) – A set of global filters used to exclude patches from the baseline. Up to 4 global filters can be specified using Key/Value pairs. Valid Keys are PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID.
name (pulumi.Input[str]) – The name of the patch baseline.
operating_system (pulumi.Input[str]) – Defines the operating system the patch baseline applies to. Supported operating systems include WINDOWS, AMAZON_LINUX, AMAZON_LINUX_2, SUSE, UBUNTU, CENTOS, and REDHAT_ENTERPRISE_LINUX. The Default value is WINDOWS.
rejected_patches (pulumi.Input[list]) – A list of rejected patches.
tags (pulumi.Input[dict]) – A map of tags to assign to the resource.

The approval_rules object supports the following:

approveAfterDays (pulumi.Input[float]) - The number of days after the release date of each patch matched by the rule the patch is marked as approved in the patch baseline. Valid Range: 0 to 100.
complianceLevel (pulumi.Input[str]) - Defines the compliance level for patches approved by this rule. Valid compliance levels include the following: CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED. The default value is UNSPECIFIED.
enableNonSecurity (pulumi.Input[bool]) - Boolean enabling the application of non-security updates. The default value is ‘false’. Valid for Linux instances only.
patchFilters (pulumi.Input[list]) - The patch filter group that defines the criteria for the rule. Up to 5 patch filters can be specified per approval rule using Key/Value pairs. Valid Keys are PATCH_SET | PRODUCT | CLASSIFICATION | MSRC_SEVERITY | PATCH_ID.
- key (pulumi.Input[str])
- values (pulumi.Input[list])

The global_filters object supports the following:

key (pulumi.Input[str])
values (pulumi.Input[list])

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.ssm.PatchGroup(resource_name, opts=None, baseline_id=None, patch_group=None, __props__=None, __name__=None, __opts__=None)¶

Provides an SSM Patch Group resource

import pulumi
import pulumi_aws as aws

production = aws.ssm.PatchBaseline("production", approved_patches=["KB123456"])
patchgroup = aws.ssm.PatchGroup("patchgroup",
    baseline_id=production.id,
    patch_group="patch-group-name")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
baseline_id (pulumi.Input[str]) – The ID of the patch baseline to register the patch group with.
patch_group (pulumi.Input[str]) – The name of the patch group that should be registered with the patch baseline.

baseline_id: pulumi.Output[str] = None¶: The ID of the patch baseline to register the patch group with.

patch_group: pulumi.Output[str] = None¶: The name of the patch group that should be registered with the patch baseline.

static get(resource_name, id, opts=None, baseline_id=None, patch_group=None)¶

Get an existing PatchGroup resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
baseline_id (pulumi.Input[str]) – The ID of the patch baseline to register the patch group with.
patch_group (pulumi.Input[str]) – The name of the patch group that should be registered with the patch baseline.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.ssm.ResourceDataSync(resource_name, opts=None, name=None, s3_destination=None, __props__=None, __name__=None, __opts__=None)¶

Provides a SSM resource data sync.

import pulumi
import pulumi_aws as aws

hoge_bucket = aws.s3.Bucket("hogeBucket", region="us-east-1")
hoge_bucket_policy = aws.s3.BucketPolicy("hogeBucketPolicy",
    bucket=hoge_bucket.bucket,
    policy="""{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SSMBucketPermissionsCheck",
            "Effect": "Allow",
            "Principal": {
                "Service": "ssm.amazonaws.com"
            },
            "Action": "s3:GetBucketAcl",
            "Resource": "arn:aws:s3:::tf-test-bucket-1234"
        },
        {
            "Sid": " SSMBucketDelivery",
            "Effect": "Allow",
            "Principal": {
                "Service": "ssm.amazonaws.com"
            },
            "Action": "s3:PutObject",
            "Resource": ["arn:aws:s3:::tf-test-bucket-1234/*"],
            "Condition": {
                "StringEquals": {
                    "s3:x-amz-acl": "bucket-owner-full-control"
                }
            }
        }
    ]
}

""")
foo = aws.ssm.ResourceDataSync("foo", s3_destination={
    "bucket_name": hoge_bucket.bucket,
    "region": hoge_bucket.region,
})

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
name (pulumi.Input[str]) – Name for the configuration.
s3_destination (pulumi.Input[dict]) – Amazon S3 configuration details for the sync.

The s3_destination object supports the following:

bucket_name (pulumi.Input[str]) - Name of S3 bucket where the aggregated data is stored.
kms_key_arn (pulumi.Input[str]) - ARN of an encryption key for a destination in Amazon S3.
prefix (pulumi.Input[str]) - Prefix for the bucket.
region (pulumi.Input[str]) - Region with the bucket targeted by the Resource Data Sync.
syncFormat (pulumi.Input[str]) - A supported sync format. Only JsonSerDe is currently supported. Defaults to JsonSerDe.

name: pulumi.Output[str] = None¶: Name for the configuration.

s3_destination: pulumi.Output[dict] = None¶

Amazon S3 configuration details for the sync.

bucket_name (str) - Name of S3 bucket where the aggregated data is stored.
kms_key_arn (str) - ARN of an encryption key for a destination in Amazon S3.
prefix (str) - Prefix for the bucket.
region (str) - Region with the bucket targeted by the Resource Data Sync.
syncFormat (str) - A supported sync format. Only JsonSerDe is currently supported. Defaults to JsonSerDe.

static get(resource_name, id, opts=None, name=None, s3_destination=None)¶

Get an existing ResourceDataSync resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
name (pulumi.Input[str]) – Name for the configuration.
s3_destination (pulumi.Input[dict]) – Amazon S3 configuration details for the sync.

The s3_destination object supports the following:

bucket_name (pulumi.Input[str]) - Name of S3 bucket where the aggregated data is stored.
kms_key_arn (pulumi.Input[str]) - ARN of an encryption key for a destination in Amazon S3.
prefix (pulumi.Input[str]) - Prefix for the bucket.
region (pulumi.Input[str]) - Region with the bucket targeted by the Resource Data Sync.
syncFormat (pulumi.Input[str]) - A supported sync format. Only JsonSerDe is currently supported. Defaults to JsonSerDe.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

pulumi_aws.ssm.get_document(document_format=None, document_version=None, name=None, opts=None)¶

Gets the contents of the specified Systems Manager document.

import pulumi
import pulumi_aws as aws

foo = aws.ssm.get_document(document_format="YAML",
    name="AWS-GatherSoftwareInventory")
pulumi.export("content", foo.content)

Parameters

document_format (str) – Returns the document in the specified format. The document format can be either JSON or YAML. JSON is the default format.
document_version (str) – The document version for which you want information.
name (str) – The name of the Systems Manager document.

pulumi_aws.ssm.get_parameter(name=None, with_decryption=None, opts=None)¶

Provides an SSM Parameter data source.

import pulumi
import pulumi_aws as aws

foo = aws.ssm.get_parameter(name="foo")

Parameters

name (str) – The name of the parameter.
with_decryption (bool) – Whether to return decrypted SecureString value. Defaults to true.

pulumi_aws.ssm.get_patch_baseline(default_baseline=None, name_prefix=None, operating_system=None, owner=None, opts=None)¶

Provides an SSM Patch Baseline data source. Useful if you wish to reuse the default baselines provided.

import pulumi
import pulumi_aws as aws

centos = aws.ssm.get_patch_baseline(name_prefix="AWS-",
    operating_system="CENTOS",
    owner="AWS")

Parameters

default_baseline (bool) – Filters the results against the baselines default_baseline field.
name_prefix (str) – Filter results by the baseline name prefix.
operating_system (str) – The specified OS for the baseline.
owner (str) – The owner of the baseline. Valid values: All, AWS, Self (the current account).

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

ssm¶

On This Page