baiji v0.6.7 Baiji.SSM
Amazon EC2 Systems Manager
Amazon EC2 Systems Manager is a collection of capabilities that helps you automate management tasks such as collecting system inventory, applying operating system (OS) patches, automating the creation of Amazon Machine Images (AMIs), and configuring operating systems (OSs) and applications at scale. Systems Manager lets you remotely and securely manage the configuration of your managed instances. A managed instance is any Amazon EC2 instance or on-premises machine in your hybrid environment that has been configured for Systems Manager.
This reference is intended to be used with the Amazon EC2 Systems Manager User Guide.
To get started, verify prerequisites and configure managed instances. For more information, see Systems Manager Prerequisites.
Link to this section Summary
Functions
Returns a map containing the input/output shapes for this endpoint
Outputs values common to all actions
Adds or overwrites one or more tags for the specified resource. Tags are metadata that you assign to your managed instances, Maintenance Windows, or Parameter Store parameters. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. For example, you could define a set of tags for your account’s managed instances that helps you track each instance’s owner and stack level. For example: Key=Owner and Value=DbAdmin, SysAdmin, or Dev. Or Key=Stack and Value=Production, Pre-Production, or Test
Attempts to cancel the command specified by the Command ID. There is no guarantee that the command will be terminated and the underlying process stopped
Registers your on-premises server or virtual machine with Amazon EC2 so that you can manage these resources using Run Command. An on-premises server or virtual machine that has been registered with EC2 is called a managed instance. For more information about activations, see Setting Up Systems Manager in Hybrid Environments
Associates the specified Systems Manager document with the specified instances or targets
Associates the specified Systems Manager document with the specified instances or targets
Creates a Systems Manager document
Creates a new Maintenance Window
Creates a patch baseline
Creates a resource data sync configuration to a single bucket in Amazon S3. This is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data to the Amazon S3 bucket. To check the status of the sync, use the ListResourceDataSync operation
Deletes an activation. You are not required to delete an activation. If you delete an activation, you can no longer use it to register additional managed instances. Deleting an activation does not de-register managed instances. You must manually de-register managed instances
Disassociates the specified Systems Manager document from the specified instance
Deletes the Systems Manager document and all instance associations to the document
Deletes a Maintenance Window
Delete a parameter from the system
Delete a list of parameters. This API is used to delete parameters by using the Amazon EC2 console
Deletes a patch baseline
Deletes a Resource Data Sync configuration. After the configuration is deleted, changes to inventory data on managed instances are no longer synced with the target Amazon S3 bucket. Deleting a sync configuration does not delete data in the target Amazon S3 bucket
Removes the server or virtual machine from the list of registered servers. You can reregister the instance again at any time. If you don’t plan to use Run Command on the server, we suggest uninstalling the SSM Agent first
Removes a patch group from a patch baseline
Removes a target from a Maintenance Window
Removes a task from a Maintenance Window
Details about the activation, including: the date and time the activation was created, the expiration date, the IAM role assigned to the instances in the activation, and the number of instances activated by this registration
Describes the associations for the specified Systems Manager document or instance
Provides details about all active and terminated Automation executions
Lists all patches that could possibly be included in a patch baseline
Describes the specified SSM document
Describes the permissions for a Systems Manager document. If you created the document, you are the owner. If a document is shared, it can either be shared privately (by specifying a user’s AWS account ID) or publicly (All)
All associations for the instance(s)
Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline. Note that this API applies only to Windows patch baselines
The status of the associations for the instance(s)
Describes one or more of your instances. You can use this to get information about instances like the operating system platform, the SSM Agent version (Linux), status etc. If you specify one or more instance IDs, it returns information for those instances. If you do not specify instance IDs, it returns information for all your instances. If you specify an instance ID that is not valid or an instance that you do not own, you receive an error
Retrieves the high-level patch state of one or more instances
Retrieves the high-level patch state for the instances in the specified patch group
Retrieves information about the patches on the specified instance and their state relative to the patch baseline being used for the instance
Retrieves the individual task executions (one per target) for a particular task executed as part of a Maintenance Window execution
For a given Maintenance Window execution, lists the tasks that were executed
Lists the executions of a Maintenance Window. This includes information about when the Maintenance Window was scheduled to be active, and information about tasks registered and run with the Maintenance Window
Lists the targets registered with the Maintenance Window
Lists the tasks in a Maintenance Window
Retrieves the Maintenance Windows in an AWS account
Get information about a parameter
Lists the patch baselines in your AWS account
Returns high-level aggregated patch compliance state for a patch group
Lists all patch groups that have been registered with patch baselines
Get detailed information about a particular Automation execution
Returns detailed information about command execution for an invocation or plugin
Retrieves the default patch baseline. Note that Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system
Retrieves the current snapshot for the patch baseline the instance uses. This API is primarily used by the AWS-RunPatchBaseline Systems Manager document
Gets the contents of the specified SSM document
Query inventory information
Return a list of inventory type names for the account, or return a list of attribute names for a specific Inventory item type
Retrieves a Maintenance Window
Retrieves details about a specific task executed as part of a Maintenance Window execution
Retrieves the details about a specific task executed as part of a Maintenance Window execution
Retrieves a task invocation. A task invocation is a specific task executing on a specific target. Maintenance Windows report status for all invocations
Lists the tasks in a Maintenance Window
Get information about a parameter by using the parameter name
Query a list of all parameters used by the AWS account
Get details of a parameter
Retrieve parameters in a specific hierarchy. For more information, see Working with Systems Manager Parameters
Retrieves information about a patch baseline
Retrieves the patch baseline that should be used for the specified patch group
Retrieves all versions of an association for a specific association ID
Lists the associations for the specified Systems Manager document or instance
An invocation is copy of a command sent to a specific instance. A command can apply to one or more instances. A command invocation applies to one instance. For example, if a user executes SendCommand against three instances, then a command invocation is created for each requested instance ID. ListCommandInvocations provide status about command execution
Lists the commands requested by users of the AWS account
For a specified resource ID, this API action returns a list of compliance statuses for different resource types. Currently, you can only specify one resource ID per call. List results depend on the criteria specified in the filter
Returns a summary count of compliant and non-compliant resources for a compliance type. For example, this call can return State Manager associations, patches, or custom compliance types according to the filter criteria that you specify
List all versions for a document
Describes one or more of your SSM documents
A list of inventory items returned by the request
Returns a resource-level summary count. The summary includes information about compliant and non-compliant statuses and detailed compliance-item severity counts, according to the filter criteria you specify
Lists your resource data sync configurations. Includes information about the last time a sync attempted to start, the last sync status, and the last time a sync successfully completed
Returns a list of the tags assigned to the specified resource
Shares a Systems Manager document publicly or privately. If you share a document privately, you must specify the AWS user account IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID
Registers a compliance type and other compliance details on a designated resource. This action lets you register custom compliance details with a resource. This call overwrites existing compliance information on the resource, so you must provide a full list of compliance items each time that you send the request
Bulk update custom inventory items on one more instance. The request adds an inventory item, if it doesn’t already exist, or updates an inventory item, if it does exist
Add one or more parameters to the system
Defines the default patch baseline
Registers a patch baseline for a patch group
Registers a target with a Maintenance Window
Adds a new task to a Maintenance Window
Removes all tags from the specified resource
Sends a signal to an Automation execution to change the current behavior or status of the execution
Executes commands on one or more managed instances
Initiates execution of an Automation document
Stop an Automation that is currently executing
Updates an association. You can update the association name and version, the document version, schedule, parameters, and Amazon S3 output
Updates the status of the Systems Manager document associated with the specified instance
The document you want to update
Set the default version of a document
Updates an existing Maintenance Window. Only specified parameters are modified
Modifies the target of an existing Maintenance Window. You can’t change the target type, but you can change the following
Modifies a task assigned to a Maintenance Window. You can’t change the task type, but you can change the following values
Assigns or changes an Amazon Identity and Access Management (IAM) role to the managed instance
Modifies an existing patch baseline. Fields not specified in the request are left unchanged
Link to this section Functions
Returns a map containing the input/output shapes for this endpoint
Outputs values common to all actions
Adds or overwrites one or more tags for the specified resource. Tags are metadata that you assign to your managed instances, Maintenance Windows, or Parameter Store parameters. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. For example, you could define a set of tags for your account’s managed instances that helps you track each instance’s owner and stack level. For example: Key=Owner and Value=DbAdmin, SysAdmin, or Dev. Or Key=Stack and Value=Production, Pre-Production, or Test.
Each resource can have a maximum of 10 tags.
We recommend that you devise a set of tag keys that meets your needs for each resource type. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags you add. Tags don’t have any semantic meaning to Amazon EC2 and are interpreted strictly as a string of characters.
For more information about tags, see Tagging Your Amazon EC2 Resources in the Amazon EC2 User Guide.
Attempts to cancel the command specified by the Command ID. There is no guarantee that the command will be terminated and the underlying process stopped.
Registers your on-premises server or virtual machine with Amazon EC2 so that you can manage these resources using Run Command. An on-premises server or virtual machine that has been registered with EC2 is called a managed instance. For more information about activations, see Setting Up Systems Manager in Hybrid Environments.
Associates the specified Systems Manager document with the specified instances or targets.
When you associate a document with one or more instances using instance IDs or tags, the SSM Agent running on the instance processes the document and configures the instance as specified.
If you associate a document with an instance that already has an associated document, the system throws the AssociationAlreadyExists exception.
Associates the specified Systems Manager document with the specified instances or targets.
When you associate a document with one or more instances using instance IDs or tags, the SSM Agent running on the instance processes the document and configures the instance as specified.
If you associate a document with an instance that already has an associated document, the system throws the AssociationAlreadyExists exception.
Creates a Systems Manager document.
After you create a document, you can use CreateAssociation to associate it with one or more running instances.
Creates a new Maintenance Window.
Creates a patch baseline.
Creates a resource data sync configuration to a single bucket in Amazon S3. This is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data to the Amazon S3 bucket. To check the status of the sync, use the ListResourceDataSync operation.
By default, data is not encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy. To view an example of a restrictive Amazon S3 bucket policy for Resource Data Sync, see Configuring Resource Data Sync for Inventory.
Deletes an activation. You are not required to delete an activation. If you delete an activation, you can no longer use it to register additional managed instances. Deleting an activation does not de-register managed instances. You must manually de-register managed instances.
Disassociates the specified Systems Manager document from the specified instance.
When you disassociate a document from an instance, it does not change the configuration of the instance. To change the configuration state of an instance after you disassociate a document, you must create a new document with the desired configuration and associate it with the instance.
Deletes the Systems Manager document and all instance associations to the document.
Before you delete the document, we recommend that you use
DeleteAssociation
to disassociate all instances that are associated with
the document.
Deletes a Maintenance Window.
Delete a parameter from the system.
Delete a list of parameters. This API is used to delete parameters by using the Amazon EC2 console.
Deletes a patch baseline.
Deletes a Resource Data Sync configuration. After the configuration is deleted, changes to inventory data on managed instances are no longer synced with the target Amazon S3 bucket. Deleting a sync configuration does not delete data in the target Amazon S3 bucket.
Removes the server or virtual machine from the list of registered servers. You can reregister the instance again at any time. If you don’t plan to use Run Command on the server, we suggest uninstalling the SSM Agent first.
Removes a patch group from a patch baseline.
Removes a target from a Maintenance Window.
Removes a task from a Maintenance Window.
Details about the activation, including: the date and time the activation was created, the expiration date, the IAM role assigned to the instances in the activation, and the number of instances activated by this registration.
Describes the associations for the specified Systems Manager document or instance.
Provides details about all active and terminated Automation executions.
Lists all patches that could possibly be included in a patch baseline.
Describes the specified SSM document.
Describes the permissions for a Systems Manager document. If you created the document, you are the owner. If a document is shared, it can either be shared privately (by specifying a user’s AWS account ID) or publicly (All).
All associations for the instance(s).
Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline. Note that this API applies only to Windows patch baselines.
The status of the associations for the instance(s).
Describes one or more of your instances. You can use this to get information about instances like the operating system platform, the SSM Agent version (Linux), status etc. If you specify one or more instance IDs, it returns information for those instances. If you do not specify instance IDs, it returns information for all your instances. If you specify an instance ID that is not valid or an instance that you do not own, you receive an error.
Retrieves the high-level patch state of one or more instances.
Retrieves the high-level patch state for the instances in the specified patch group.
Retrieves information about the patches on the specified instance and their state relative to the patch baseline being used for the instance.
Retrieves the individual task executions (one per target) for a particular task executed as part of a Maintenance Window execution.
For a given Maintenance Window execution, lists the tasks that were executed.
Lists the executions of a Maintenance Window. This includes information about when the Maintenance Window was scheduled to be active, and information about tasks registered and run with the Maintenance Window.
Lists the targets registered with the Maintenance Window.
Lists the tasks in a Maintenance Window.
Retrieves the Maintenance Windows in an AWS account.
Get information about a parameter.
Request results are returned on a best-effort basis. If you specify
MaxResults
in the request, the response includes information up to the
limit specified. The number of items returned, however, can be between zero
and the value of MaxResults
. If the service reaches an internal limit
while processing the results, it stops the operation and returns the
matching values up to that point and a NextToken
. You can specify the
NextToken
in a subsequent call to get the next set of results.
Lists the patch baselines in your AWS account.
Returns high-level aggregated patch compliance state for a patch group.
Lists all patch groups that have been registered with patch baselines.
Get detailed information about a particular Automation execution.
Returns detailed information about command execution for an invocation or plugin.
Retrieves the default patch baseline. Note that Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
Retrieves the current snapshot for the patch baseline the instance uses. This API is primarily used by the AWS-RunPatchBaseline Systems Manager document.
Gets the contents of the specified SSM document.
Query inventory information.
Return a list of inventory type names for the account, or return a list of attribute names for a specific Inventory item type.
Retrieves a Maintenance Window.
Retrieves details about a specific task executed as part of a Maintenance Window execution.
Retrieves the details about a specific task executed as part of a Maintenance Window execution.
Retrieves a task invocation. A task invocation is a specific task executing on a specific target. Maintenance Windows report status for all invocations.
Lists the tasks in a Maintenance Window.
Get information about a parameter by using the parameter name.
Query a list of all parameters used by the AWS account.
Get details of a parameter.
Retrieve parameters in a specific hierarchy. For more information, see Working with Systems Manager Parameters.
Request results are returned on a best-effort basis. If you specify
MaxResults
in the request, the response includes information up to the
limit specified. The number of items returned, however, can be between zero
and the value of MaxResults
. If the service reaches an internal limit
while processing the results, it stops the operation and returns the
matching values up to that point and a NextToken
. You can specify the
NextToken
in a subsequent call to get the next set of results.
Retrieves information about a patch baseline.
Retrieves the patch baseline that should be used for the specified patch group.
Retrieves all versions of an association for a specific association ID.
Lists the associations for the specified Systems Manager document or instance.
An invocation is copy of a command sent to a specific instance. A command can apply to one or more instances. A command invocation applies to one instance. For example, if a user executes SendCommand against three instances, then a command invocation is created for each requested instance ID. ListCommandInvocations provide status about command execution.
Lists the commands requested by users of the AWS account.
For a specified resource ID, this API action returns a list of compliance statuses for different resource types. Currently, you can only specify one resource ID per call. List results depend on the criteria specified in the filter.
Returns a summary count of compliant and non-compliant resources for a compliance type. For example, this call can return State Manager associations, patches, or custom compliance types according to the filter criteria that you specify.
List all versions for a document.
Describes one or more of your SSM documents.
A list of inventory items returned by the request.
Returns a resource-level summary count. The summary includes information about compliant and non-compliant statuses and detailed compliance-item severity counts, according to the filter criteria you specify.
Lists your resource data sync configurations. Includes information about the last time a sync attempted to start, the last sync status, and the last time a sync successfully completed.
The number of sync configurations might be too large to return using a
single call to ListResourceDataSync
. You can limit the number of sync
configurations returned by using the MaxResults
parameter. To determine
whether there are more sync configurations to list, check the value of
NextToken
in the output. If there are more sync configurations to list,
you can request them by specifying the NextToken
returned in the call to
the parameter of a subsequent call.
Returns a list of the tags assigned to the specified resource.
Shares a Systems Manager document publicly or privately. If you share a document privately, you must specify the AWS user account IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.
Registers a compliance type and other compliance details on a designated resource. This action lets you register custom compliance details with a resource. This call overwrites existing compliance information on the resource, so you must provide a full list of compliance items each time that you send the request.
Bulk update custom inventory items on one more instance. The request adds an inventory item, if it doesn’t already exist, or updates an inventory item, if it does exist.
Add one or more parameters to the system.
Defines the default patch baseline.
Registers a patch baseline for a patch group.
Registers a target with a Maintenance Window.
Adds a new task to a Maintenance Window.
Removes all tags from the specified resource.
Sends a signal to an Automation execution to change the current behavior or status of the execution.
Executes commands on one or more managed instances.
Initiates execution of an Automation document.
Stop an Automation that is currently executing.
Updates an association. You can update the association name and version, the document version, schedule, parameters, and Amazon S3 output.
Updates the status of the Systems Manager document associated with the specified instance.
The document you want to update.
Set the default version of a document.
Updates an existing Maintenance Window. Only specified parameters are modified.
Modifies the target of an existing Maintenance Window. You can’t change the target type, but you can change the following:
The target from being an ID target to a Tag target, or a Tag target to an ID target.
IDs for an ID target.
Tags for a Tag target.
Owner.
Name.
Description.
If a parameter is null, then the corresponding field is not modified.
Modifies a task assigned to a Maintenance Window. You can’t change the task type, but you can change the following values:
Task ARN. For example, you can change a RUN_COMMAND task from AWS-RunPowerShellScript to AWS-RunShellScript.
Service role ARN.
Task parameters.
Task priority.
Task MaxConcurrency and MaxErrors.
Log location.
If a parameter is null, then the corresponding field is not modified. Also, if you set Replace to true, then all fields required by the RegisterTaskWithMaintenanceWindow action are required for this request. Optional fields that aren’t specified are set to null.
Assigns or changes an Amazon Identity and Access Management (IAM) role to the managed instance.
Modifies an existing patch baseline. Fields not specified in the request are left unchanged.