AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::SSM::Document

The AWS::SSM::Document resource creates an SSM document in AWS Systems Manager that describes an instance configuration, which you can use to set up and run commands on your instances.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::SSM::Document", "Properties" : { "Content" : JSON object, "DocumentType" : String, "Tags" : [ Resource Tag, ... ] } }

YAML

Type: "AWS::SSM::Document" Properties: Content: JSON object DocumentType: String Tags: - Resource Tag

Properties

Content

A JSON object that describes an instance configuration. For more information, see Creating Systems Manager Documents in the AWS Systems Manager User Guide.

Note

The Content property is a non-stringified property. For more information about automation actions, see Systems Manager Automation Document Reference in the AWS Systems Manager User Guide.

Required: Yes

Type: JSON object

Update requires: Replacement

DocumentType

The type of document to create that relates to the purpose of your document, such as running commands, bootstrapping software, or automating tasks. For valid values, see the CreateDocument action in the AWS Systems Manager API Reference.

Required: No

Type: String

Update requires: Replacement

Tags

AWS CloudFormation resource tags to apply to the document, which can help you identify and categorize these resources.

Required: No

Type: AWS CloudFormation Resource Tags

Update requires: No interruption

Return Value

Ref

When you pass the logical ID of an AWS::SSM::Document resource to the intrinsic Ref function, the function returns the Systems Manager document name, such as ssm-myinstanceconfig-ABCNPH3XCAO6.

For more information about using the Ref function, see Ref.

Examples

The following Systems Manager document joins instances to a directory in AWS Directory Service. The three runtime configuration parameters specify which directory the instance joins. You specify these parameter values when you associate the document with an instance.

JSON

"document" : { "Type" : "AWS::SSM::Document", "Properties" : { "Content" : { "schemaVersion":"1.2", "description":"Join instances to an AWS Directory Service domain.", "parameters":{ "directoryId":{ "type":"String", "description":"(Required) The ID of the AWS Directory Service directory." }, "directoryName":{ "type":"String", "description":"(Required) The name of the directory; for example, test.example.com" }, "dnsIpAddresses":{ "type":"StringList", "default":[ ], "description":"(Optional) The IP addresses of the DNS servers in the directory. Required when DHCP is not configured. Learn more at http://docs.aws.amazon.com/directoryservice/latest/simple-ad/join_get_dns_addresses.html", "allowedPattern":"((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" } }, "runtimeConfig":{ "aws:domainJoin":{ "properties":{ "directoryId":"{{ directoryId }}", "directoryName":"{{ directoryName }}", "dnsIpAddresses":"{{ dnsIpAddresses }}" } } } } } }

YAML

document: Type: "AWS::SSM::Document" Properties: Content: schemaVersion: "1.2" description: "Join instances to an AWS Directory Service domain." parameters: directoryId: type: "String" description: "(Required) The ID of the AWS Directory Service directory." directoryName: type: "String" description: "(Required) The name of the directory; for example, test.example.com" dnsIpAddresses: type: "StringList" default: [] description: "(Optional) The IP addresses of the DNS servers in the directory. Required when DHCP is not configured. Learn more at http://docs.aws.amazon.com/directoryservice/latest/simple-ad/join_get_dns_addresses.html" allowedPattern: "((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" runtimeConfig: aws:domainJoin: properties: directoryId: "{{ directoryId }}" directoryName: "{{ directoryName }}" dnsIpAddresses: "{{ dnsIpAddresses }}"

The following example shows how to associate the SSM document with an instance. The DocumentName property specifies the SSM document and the AssociationParameters property specifies values for the runtime configuration parameters.

JSON

"myEC2" : { "Type" : "AWS::EC2::Instance", "Properties" : { "ImageId" : {"Ref" : "myImageId"}, "InstanceType" : "t2.micro", "SsmAssociations" : [ { "DocumentName" : {"Ref" : "document"}, "AssociationParameters" : [ { "Key" : "directoryId", "Value" : [ { "Ref" : "myDirectory" } ] }, { "Key" : "directoryName", "Value" : ["testDirectory.example.com"] }, { "Key" : "dnsIpAddresses", "Value" : { "Fn::GetAtt" : ["myDirectory", "DnsIpAddresses"] } } ] } ], "IamInstanceProfile" : {"Ref" : "myInstanceProfile"}, "NetworkInterfaces" : [ { "DeviceIndex" : "0", "AssociatePublicIpAddress" : "true", "SubnetId" : {"Ref" : "mySubnet"} } ], "KeyName" : {"Ref" : "myKeyName"} } }

YAML

myEC2: Type: "AWS::EC2::Instance" Properties: ImageId: Ref: "myImageId" InstanceType: "t2.micro" SsmAssociations: - DocumentName: Ref: "document" AssociationParameters: - Key: "directoryId" Value: - Ref: "myDirectory" - Key: "directoryName" Value: - "testDirectory.example.com" - Key: "dnsIpAddresses" Value: Fn::GetAtt: - "myDirectory" - "DnsIpAddresses" IamInstanceProfile: Ref: "myInstanceProfile" NetworkInterfaces: - DeviceIndex: "0" AssociatePublicIpAddress: "true" SubnetId: Ref: "mySubnet" KeyName: Ref: "myKeyName"