Amazon EC2 Systems Manager
User Guide

Systems Manager Release History

The following table describes important changes to the documentation since the preceding release of Systems Manager.

Change Release Date Description

Changes to Maintenance Windows

August 16, 2017

Maintenance Windows include the following changes or enhancements:

  • Previously, Maintenance Windows could only perform tasks by using Run Command. You can now perform tasks by using Systems Manager Automation, AWS Lambda, and AWS Step Functions.

  • You can edit the targets of a Maintenance Window, specify a target name, description, and owner.

  • You can edit tasks in a Maintenance Window, including specifying a new SSM document for Run Command and Automation tasks.

  • All Run Command parameters are now supported, including DocumentHash, DocumentHashType, TimeoutSeconds, Comment, and NotificationConfig.

  • You can now use a safe flag when you attempt to deregister a target. If enabled, the system returns an error if the target is referenced by any task.

For more information, see Systems Manager Maintenance Windows.

New Automation Action: aws:approve

August 10, 2017

This new action for Automation documents temporarily pauses an Automation execution until designated principals either approve or reject the action. After the required number of approvals is reached, the Automation execution resumes.

For more information, see Systems Manager Automation Actions.

Automation Assume Role No Longer Required

August 3, 2017

Automation previously required that you specify a service role (or assume role) so that the service had permission to perform actions on your behalf. Automation no longer requires this role because the service now operates by using the context of the user who invoked the execution.

However, the following situations still require that you specify a service role for Automation:

  • When you want to restrict a user's privileges on a resource, but you want the user to execute an Automation workflow that requires higher privileges. In this scenario, you can create a service role with higher privileges and allow the user to execute the workflow.

  • Operations that you expect to run longer than 12 hours require a service role.

For more information, see Setting Up Automation.

SSM Document Enhancements

July 12, 2017

SSM Command and Policy documents now offer cross-platform support. This means that a single SSM document can process plugins for Windows and Linux operating systems. Cross-platform suppport enables you to consolidate the number of documents you manage. Cross-platform support is offered in SSM documents that use schema version 2.2 or later.

SSM Command documents that use schema version 2.0 or later can now include multiple plugins of the same type. For example, you can create a Command document that calls the aws:runRunShellScript plugin multiple times.

For more information about schema verion 2.2 changes, see Systems Manager Documents. For more information about SSM plugins, see Systems Manager Plugins.

Linux Patching

July 6, 2017

Patch Manager can now patch the following Linux distributions:

64-Bit and 32-Bit Systems

  • Amazon Linux 2014.03, 2014.09, or later

  • Ubuntu Server 16.04 LTS, 14.04 LTS, or 12.04 LTS

  • Red Hat Enterprise Linux (RHEL) 6.5 or later

64-Bit Systems Only

  • Amazon Linux 2015.03, 2015.09, or later

  • Red Hat Enterprise Linux (RHEL) 7.x or later

For more information, see Systems Manager Patch Management.


  • To patch Linux instances, your instances must be running SSM Agent version 2.0.834.0 or later. For information about updating the agent, see the section titled Example: Update the SSM Agent in Executing Commands from the EC2 Console.

  • The AWS-ApplyPatchBaseline SSM document is being replaced by the AWS-RunPatchBaseline document.

Resource Data Sync

June 29, 2017

You can use Systems Manager Resource Data Sync to send Inventory data collected from all of your managed instances to a single Amazon S3 bucket. Resource Data Sync then automatically updates the centralized data when new Inventory data is collected. With all Inventory data stored in a target Amazon S3 bucket, you can use services like Amazon Athena and Amazon QuickSight to query and analyze the aggregated data.For more information, see Configuring Resource Data Sync for Inventory. For an example of how to work with Resource Data Sync, see Using Resource Data Sync to Aggregate Inventory Data.

Systems Manager Parameter Hierarchies

June 22, 2017

Managing dozens or hundreds of Systems Manager parameters as a flat list is time-consuming and prone to errors. You can use parameter hierarchies to help you organize and manage Systems Manager parameters. A hierarchy is a parameter name that includes a path that you define by using forward slashes. Here is an example that uses three hierarchy levels in the name to identify the following:

/Environment/Type of computer/Application/Data


For more information, see Organizing Parameters into Hierarchies. For an example of how to work with parameter hierarchies, see Manage Parameters Using Hierarchies.

SSM Agent Support for SUSE Linux Enterprise Server

June 14, 2017

You can install the SSM agent on 64-bit SUSE Linux Enterprise Server (SLES). For more information, see Installing SSM Agent on Linux.