Amazon Simple Systems Manager (SSM) 2014-11-06
- Client: Aws\Ssm\SsmClient
- Service ID: ssm
- Version: 2014-11-06
This page describes the parameters and results for the operations of the Amazon Simple Systems Manager (SSM) (2014-11-06), and shows how to use the Aws\Ssm\SsmClient object to call the described operations. This documentation is specific to the 2014-11-06 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName')
, where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */)
.
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */)
.
- AddTagsToResource ( array $params = [] )
- Adds or overwrites one or more tags for the specified resource.
- AssociateOpsItemRelatedItem ( array $params = [] )
- Associates a related item to a Systems Manager OpsCenter OpsItem.
- CancelCommand ( array $params = [] )
- Attempts to cancel the command specified by the Command ID.
- CancelMaintenanceWindowExecution ( array $params = [] )
- Stops a maintenance window execution that is already in progress and cancels any tasks in the window that haven't already starting running.
- CreateActivation ( array $params = [] )
- Generates an activation code and activation ID you can use to register your on-premises servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager.
- CreateAssociation ( array $params = [] )
- A State Manager association defines the state that you want to maintain on your managed nodes.
- CreateAssociationBatch ( array $params = [] )
- Associates the specified Amazon Web Services Systems Manager document (SSM document) with the specified managed nodes or targets.
- CreateDocument ( array $params = [] )
- Creates a Amazon Web Services Systems Manager (SSM document).
- CreateMaintenanceWindow ( array $params = [] )
- Creates a new maintenance window.
- CreateOpsItem ( array $params = [] )
- Creates a new OpsItem.
- CreateOpsMetadata ( array $params = [] )
- If you create a new application in Application Manager, Amazon Web Services Systems Manager calls this API operation to specify information about the new application, including the application type.
- CreatePatchBaseline ( array $params = [] )
- Creates a patch baseline.
- CreateResourceDataSync ( array $params = [] )
- A resource data sync helps you view data from multiple sources in a single location.
- DeleteActivation ( array $params = [] )
- Deletes an activation.
- DeleteAssociation ( array $params = [] )
- Disassociates the specified Amazon Web Services Systems Manager document (SSM document) from the specified managed node.
- DeleteDocument ( array $params = [] )
- Deletes the Amazon Web Services Systems Manager document (SSM document) and all managed node associations to the document.
- DeleteInventory ( array $params = [] )
- Delete a custom inventory type or the data associated with a custom Inventory type.
- DeleteMaintenanceWindow ( array $params = [] )
- Deletes a maintenance window.
- DeleteOpsItem ( array $params = [] )
- Delete an OpsItem.
- DeleteOpsMetadata ( array $params = [] )
- Delete OpsMetadata related to an application.
- DeleteParameter ( array $params = [] )
- Delete a parameter from the system.
- DeleteParameters ( array $params = [] )
- Delete a list of parameters.
- DeletePatchBaseline ( array $params = [] )
- Deletes a patch baseline.
- DeleteResourceDataSync ( array $params = [] )
- Deletes a resource data sync configuration.
- DeleteResourcePolicy ( array $params = [] )
- Deletes a Systems Manager resource policy.
- DeregisterManagedInstance ( array $params = [] )
- Removes the server or virtual machine from the list of registered servers.
- DeregisterPatchBaselineForPatchGroup ( array $params = [] )
- Removes a patch group from a patch baseline.
- DeregisterTargetFromMaintenanceWindow ( array $params = [] )
- Removes a target from a maintenance window.
- DeregisterTaskFromMaintenanceWindow ( array $params = [] )
- Removes a task from a maintenance window.
- DescribeActivations ( array $params = [] )
- Describes details about the activation, such as the date and time the activation was created, its expiration date, the Identity and Access Management (IAM) role assigned to the managed nodes in the activation, and the number of nodes registered by using this activation.
- DescribeAssociation ( array $params = [] )
- Describes the association for the specified target or managed node.
- DescribeAssociationExecutionTargets ( array $params = [] )
- Views information about a specific execution of a specific association.
- DescribeAssociationExecutions ( array $params = [] )
- Views all executions for a specific association ID.
- DescribeAutomationExecutions ( array $params = [] )
- Provides details about all active and terminated Automation executions.
- DescribeAutomationStepExecutions ( array $params = [] )
- Information about all active and terminated step executions in an Automation workflow.
- DescribeAvailablePatches ( array $params = [] )
- Lists all patches eligible to be included in a patch baseline.
- DescribeDocument ( array $params = [] )
- Describes the specified Amazon Web Services Systems Manager document (SSM document).
- DescribeDocumentPermission ( array $params = [] )
- Describes the permissions for a Amazon Web Services Systems Manager document (SSM document).
- DescribeEffectiveInstanceAssociations ( array $params = [] )
- All associations for the managed nodes.
- DescribeEffectivePatchesForPatchBaseline ( array $params = [] )
- Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline.
- DescribeInstanceAssociationsStatus ( array $params = [] )
- The status of the associations for the managed nodes.
- DescribeInstanceInformation ( array $params = [] )
- Provides information about one or more of your managed nodes, including the operating system platform, SSM Agent version, association status, and IP address.
- DescribeInstancePatchStates ( array $params = [] )
- Retrieves the high-level patch state of one or more managed nodes.
- DescribeInstancePatchStatesForPatchGroup ( array $params = [] )
- Retrieves the high-level patch state for the managed nodes in the specified patch group.
- DescribeInstancePatches ( array $params = [] )
- Retrieves information about the patches on the specified managed node and their state relative to the patch baseline being used for the node.
- DescribeInstanceProperties ( array $params = [] )
- An API operation used by the Systems Manager console to display information about Systems Manager managed nodes.
- DescribeInventoryDeletions ( array $params = [] )
- Describes a specific delete inventory operation.
- DescribeMaintenanceWindowExecutionTaskInvocations ( array $params = [] )
- Retrieves the individual task executions (one per target) for a particular task run as part of a maintenance window execution.
- DescribeMaintenanceWindowExecutionTasks ( array $params = [] )
- For a given maintenance window execution, lists the tasks that were run.
- DescribeMaintenanceWindowExecutions ( array $params = [] )
- Lists the executions of a maintenance window.
- DescribeMaintenanceWindowSchedule ( array $params = [] )
- Retrieves information about upcoming executions of a maintenance window.
- DescribeMaintenanceWindowTargets ( array $params = [] )
- Lists the targets registered with the maintenance window.
- DescribeMaintenanceWindowTasks ( array $params = [] )
- Lists the tasks in a maintenance window.
- DescribeMaintenanceWindows ( array $params = [] )
- Retrieves the maintenance windows in an Amazon Web Services account.
- DescribeMaintenanceWindowsForTarget ( array $params = [] )
- Retrieves information about the maintenance window targets or tasks that a managed node is associated with.
- DescribeOpsItems ( array $params = [] )
- Query a set of OpsItems.
- DescribeParameters ( array $params = [] )
- Lists the parameters in your Amazon Web Services account or the parameters shared with you when you enable the Shared option.
- DescribePatchBaselines ( array $params = [] )
- Lists the patch baselines in your Amazon Web Services account.
- DescribePatchGroupState ( array $params = [] )
- Returns high-level aggregated patch compliance state information for a patch group.
- DescribePatchGroups ( array $params = [] )
- Lists all patch groups that have been registered with patch baselines.
- DescribePatchProperties ( array $params = [] )
- Lists the properties of available patches organized by product, product family, classification, severity, and other properties of available patches.
- DescribeSessions ( array $params = [] )
- Retrieves a list of all active sessions (both connected and disconnected) or terminated sessions from the past 30 days.
- DisassociateOpsItemRelatedItem ( array $params = [] )
- Deletes the association between an OpsItem and a related item.
- GetAutomationExecution ( array $params = [] )
- Get detailed information about a particular Automation execution.
- GetCalendarState ( array $params = [] )
- Gets the state of a Amazon Web Services Systems Manager change calendar at the current time or a specified time.
- GetCommandInvocation ( array $params = [] )
- Returns detailed information about command execution for an invocation or plugin.
- GetConnectionStatus ( array $params = [] )
- Retrieves the Session Manager connection status for a managed node to determine whether it is running and ready to receive Session Manager connections.
- GetDefaultPatchBaseline ( array $params = [] )
- Retrieves the default patch baseline.
- GetDeployablePatchSnapshotForInstance ( array $params = [] )
- Retrieves the current snapshot for the patch baseline the managed node uses.
- GetDocument ( array $params = [] )
- Gets the contents of the specified Amazon Web Services Systems Manager document (SSM document).
- GetInventory ( array $params = [] )
- Query inventory information.
- GetInventorySchema ( array $params = [] )
- Return a list of inventory type names for the account, or return a list of attribute names for a specific Inventory item type.
- GetMaintenanceWindow ( array $params = [] )
- Retrieves a maintenance window.
- GetMaintenanceWindowExecution ( array $params = [] )
- Retrieves details about a specific a maintenance window execution.
- GetMaintenanceWindowExecutionTask ( array $params = [] )
- Retrieves the details about a specific task run as part of a maintenance window execution.
- GetMaintenanceWindowExecutionTaskInvocation ( array $params = [] )
- Retrieves information about a specific task running on a specific target.
- GetMaintenanceWindowTask ( array $params = [] )
- Retrieves the details of a maintenance window task.
- GetOpsItem ( array $params = [] )
- Get information about an OpsItem by using the ID.
- GetOpsMetadata ( array $params = [] )
- View operational metadata related to an application in Application Manager.
- GetOpsSummary ( array $params = [] )
- View a summary of operations metadata (OpsData) based on specified filters and aggregators.
- GetParameter ( array $params = [] )
- Get information about a single parameter by specifying the parameter name.
- GetParameterHistory ( array $params = [] )
- Retrieves the history of all changes to a parameter.
- GetParameters ( array $params = [] )
- Get information about one or more parameters by specifying multiple parameter names.
- GetParametersByPath ( array $params = [] )
- Retrieve information about one or more parameters in a specific hierarchy.
- GetPatchBaseline ( array $params = [] )
- Retrieves information about a patch baseline.
- GetPatchBaselineForPatchGroup ( array $params = [] )
- Retrieves the patch baseline that should be used for the specified patch group.
- GetResourcePolicies ( array $params = [] )
- Returns an array of the Policy object.
- GetServiceSetting ( array $params = [] )
- ServiceSetting is an account-level setting for an Amazon Web Services service.
- LabelParameterVersion ( array $params = [] )
- A parameter label is a user-defined alias to help you manage different versions of a parameter.
- ListAssociationVersions ( array $params = [] )
- Retrieves all versions of an association for a specific association ID.
- ListAssociations ( array $params = [] )
- Returns all State Manager associations in the current Amazon Web Services account and Amazon Web Services Region.
- ListCommandInvocations ( array $params = [] )
- An invocation is copy of a command sent to a specific managed node.
- ListCommands ( array $params = [] )
- Lists the commands requested by users of the Amazon Web Services account.
- ListComplianceItems ( array $params = [] )
- For a specified resource ID, this API operation returns a list of compliance statuses for different resource types.
- ListComplianceSummaries ( array $params = [] )
- Returns a summary count of compliant and non-compliant resources for a compliance type.
- ListDocumentMetadataHistory ( array $params = [] )
- Information about approval reviews for a version of a change template in Change Manager.
- ListDocumentVersions ( array $params = [] )
- List all versions for a document.
- ListDocuments ( array $params = [] )
- Returns all Systems Manager (SSM) documents in the current Amazon Web Services account and Amazon Web Services Region.
- ListInventoryEntries ( array $params = [] )
- A list of inventory items returned by the request.
- ListOpsItemEvents ( array $params = [] )
- Returns a list of all OpsItem events in the current Amazon Web Services Region and Amazon Web Services account.
- ListOpsItemRelatedItems ( array $params = [] )
- Lists all related-item resources associated with a Systems Manager OpsCenter OpsItem.
- ListOpsMetadata ( array $params = [] )
- Amazon Web Services Systems Manager calls this API operation when displaying all Application Manager OpsMetadata objects or blobs.
- ListResourceComplianceSummaries ( array $params = [] )
- Returns a resource-level summary count.
- ListResourceDataSync ( array $params = [] )
- Lists your resource data sync configurations.
- ListTagsForResource ( array $params = [] )
- Returns a list of the tags assigned to the specified resource.
- ModifyDocumentPermission ( array $params = [] )
- Shares a Amazon Web Services Systems Manager document (SSM document)publicly or privately.
- PutComplianceItems ( array $params = [] )
- Registers a compliance type and other compliance details on a designated resource.
- PutInventory ( array $params = [] )
- Bulk update custom inventory items on one or more managed nodes.
- PutParameter ( array $params = [] )
- Add a parameter to the system.
- PutResourcePolicy ( array $params = [] )
- Creates or updates a Systems Manager resource policy.
- RegisterDefaultPatchBaseline ( array $params = [] )
- Defines the default patch baseline for the relevant operating system.
- RegisterPatchBaselineForPatchGroup ( array $params = [] )
- Registers a patch baseline for a patch group.
- RegisterTargetWithMaintenanceWindow ( array $params = [] )
- Registers a target with a maintenance window.
- RegisterTaskWithMaintenanceWindow ( array $params = [] )
- Adds a new task to a maintenance window.
- RemoveTagsFromResource ( array $params = [] )
- Removes tag keys from the specified resource.
- ResetServiceSetting ( array $params = [] )
- ServiceSetting is an account-level setting for an Amazon Web Services service.
- ResumeSession ( array $params = [] )
- Reconnects a session to a managed node after it has been disconnected.
- SendAutomationSignal ( array $params = [] )
- Sends a signal to an Automation execution to change the current behavior or status of the execution.
- SendCommand ( array $params = [] )
- Runs commands on one or more managed nodes.
- StartAssociationsOnce ( array $params = [] )
- Runs an association immediately and only one time.
- StartAutomationExecution ( array $params = [] )
- Initiates execution of an Automation runbook.
- StartChangeRequestExecution ( array $params = [] )
- Creates a change request for Change Manager.
- StartSession ( array $params = [] )
- Initiates a connection to a target (for example, a managed node) for a Session Manager session.
- StopAutomationExecution ( array $params = [] )
- Stop an Automation that is currently running.
- TerminateSession ( array $params = [] )
- Permanently ends a session and closes the data connection between the Session Manager client and SSM Agent on the managed node.
- UnlabelParameterVersion ( array $params = [] )
- Remove a label or labels from a parameter.
- UpdateAssociation ( array $params = [] )
- Updates an association.
- UpdateAssociationStatus ( array $params = [] )
- Updates the status of the Amazon Web Services Systems Manager document (SSM document) associated with the specified managed node.
- UpdateDocument ( array $params = [] )
- Updates one or more values for an SSM document.
- UpdateDocumentDefaultVersion ( array $params = [] )
- Set the default version of a document.
- UpdateDocumentMetadata ( array $params = [] )
- Updates information related to approval reviews for a specific version of a change template in Change Manager.
- UpdateMaintenanceWindow ( array $params = [] )
- Updates an existing maintenance window.
- UpdateMaintenanceWindowTarget ( array $params = [] )
- Modifies the target of an existing maintenance window.
- UpdateMaintenanceWindowTask ( array $params = [] )
- Modifies a task assigned to a maintenance window.
- UpdateManagedInstanceRole ( array $params = [] )
- Changes the Identity and Access Management (IAM) role that is assigned to the on-premises server, edge device, or virtual machines (VM).
- UpdateOpsItem ( array $params = [] )
- Edit or change an OpsItem.
- UpdateOpsMetadata ( array $params = [] )
- Amazon Web Services Systems Manager calls this API operation when you edit OpsMetadata in Application Manager.
- UpdatePatchBaseline ( array $params = [] )
- Modifies an existing patch baseline.
- UpdateResourceDataSync ( array $params = [] )
- Update a resource data sync.
- UpdateServiceSetting ( array $params = [] )
- ServiceSetting is an account-level setting for an Amazon Web Services service.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
- DescribeActivations
- DescribeAssociationExecutionTargets
- DescribeAssociationExecutions
- DescribeAutomationExecutions
- DescribeAutomationStepExecutions
- DescribeAvailablePatches
- DescribeEffectiveInstanceAssociations
- DescribeEffectivePatchesForPatchBaseline
- DescribeInstanceAssociationsStatus
- DescribeInstanceInformation
- DescribeInstancePatchStates
- DescribeInstancePatchStatesForPatchGroup
- DescribeInstancePatches
- DescribeInstanceProperties
- DescribeInventoryDeletions
- DescribeMaintenanceWindowExecutionTaskInvocations
- DescribeMaintenanceWindowExecutionTasks
- DescribeMaintenanceWindowExecutions
- DescribeMaintenanceWindowSchedule
- DescribeMaintenanceWindowTargets
- DescribeMaintenanceWindowTasks
- DescribeMaintenanceWindows
- DescribeMaintenanceWindowsForTarget
- DescribeOpsItems
- DescribeParameters
- DescribePatchBaselines
- DescribePatchGroups
- DescribePatchProperties
- DescribeSessions
- GetInventory
- GetInventorySchema
- GetOpsSummary
- GetParameterHistory
- GetParametersByPath
- GetResourcePolicies
- ListAssociationVersions
- ListAssociations
- ListCommandInvocations
- ListCommands
- ListComplianceItems
- ListComplianceSummaries
- ListDocumentVersions
- ListDocuments
- ListOpsItemEvents
- ListOpsItemRelatedItems
- ListOpsMetadata
- ListResourceComplianceSummaries
- ListResourceDataSync
Waiters
Waiters allow you to poll a resource until it enters into a desired state. A waiter has a name used to describe what it does, and is associated with an API operation. When creating a waiter, you can provide the API operation parameters associated with the corresponding operation. Waiters can be accessed using the getWaiter($waiterName, $operationParameters) method of a client object. This client supports the following waiters:
Waiter name | API Operation | Delay | Max Attempts |
---|---|---|---|
CommandExecuted | GetCommandInvocation | 5 | 20 |
Operations
AddTagsToResource
$result = $client->addTagsToResource
([/* ... */]); $promise = $client->addTagsToResourceAsync
([/* ... */]);
Adds or overwrites one or more tags for the specified resource. Tags are metadata that you can assign to your automations, documents, managed nodes, maintenance windows, Parameter Store parameters, and patch baselines. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. For example, you could define a set of tags for your account's managed nodes that helps you track each node's owner and stack level. For example:
-
Key=Owner,Value=DbAdmin
-
Key=Owner,Value=SysAdmin
-
Key=Owner,Value=Dev
-
Key=Stack,Value=Production
-
Key=Stack,Value=Pre-Production
-
Key=Stack,Value=Test
Most resources can have a maximum of 50 tags. Automations can have a maximum of 5 tags.
We recommend that you devise a set of tag keys that meets your needs for each resource type. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags you add. Tags don't have any semantic meaning to and are interpreted strictly as a string of characters.
For more information about using tags with Amazon Elastic Compute Cloud (Amazon EC2) instances, see Tag your Amazon EC2 resources in the Amazon EC2 User Guide.
Parameter Syntax
$result = $client->addTagsToResource([ 'ResourceId' => '<string>', // REQUIRED 'ResourceType' => 'Document|ManagedInstance|MaintenanceWindow|Parameter|PatchBaseline|OpsItem|OpsMetadata|Automation|Association', // REQUIRED 'Tags' => [ // REQUIRED [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- ResourceId
-
- Required: Yes
- Type: string
The resource ID you want to tag.
Use the ID of the resource. Here are some examples:
MaintenanceWindow
:mw-012345abcde
PatchBaseline
:pb-012345abcde
Automation
:example-c160-4567-8519-012345abcde
OpsMetadata
object:ResourceID
for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically,ResourceID
is created from the strings that come after the wordopsmetadata
in the ARN. For example, an OpsMetadata object with an ARN ofarn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager
has aResourceID
of eitheraws/ssm/MyGroup/appmanager
or/aws/ssm/MyGroup/appmanager
.For the
Document
andParameter
values, use the name of the resource. If you're tagging a shared document, you must use the full ARN of the document.ManagedInstance
:mi-012345abcde
The
ManagedInstance
type for this API operation is only for on-premises managed nodes. You must specify the name of the managed node in the following format:mi-ID_number
. For example,mi-1a2b3c4d5e6f
. - ResourceType
-
- Required: Yes
- Type: string
Specifies the type of resource you are tagging.
The
ManagedInstance
type for this API operation is for on-premises managed nodes. You must specify the name of the managed node in the following format:mi-ID_number
. For example,mi-1a2b3c4d5e6f
. - Tags
-
- Required: Yes
- Type: Array of Tag structures
One or more tags. The value parameter is required.
Don't enter personally identifiable information in this field.
Result Syntax
[]
Result Details
Errors
- InvalidResourceType:
The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- InternalServerError:
An error occurred on the server side.
- TooManyTagsError:
The
Targets
parameter includes too many tags. Remove one or more tags and try the command again.- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
AssociateOpsItemRelatedItem
$result = $client->associateOpsItemRelatedItem
([/* ... */]); $promise = $client->associateOpsItemRelatedItemAsync
([/* ... */]);
Associates a related item to a Systems Manager OpsCenter OpsItem. For example, you can associate an Incident Manager incident or analysis with an OpsItem. Incident Manager and OpsCenter are capabilities of Amazon Web Services Systems Manager.
Parameter Syntax
$result = $client->associateOpsItemRelatedItem([ 'AssociationType' => '<string>', // REQUIRED 'OpsItemId' => '<string>', // REQUIRED 'ResourceType' => '<string>', // REQUIRED 'ResourceUri' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AssociationType
-
- Required: Yes
- Type: string
The type of association that you want to create between an OpsItem and a resource. OpsCenter supports
IsParentOf
andRelatesTo
association types. - OpsItemId
-
- Required: Yes
- Type: string
The ID of the OpsItem to which you want to associate a resource as a related item.
- ResourceType
-
- Required: Yes
- Type: string
The type of resource that you want to associate with an OpsItem. OpsCenter supports the following types:
AWS::SSMIncidents::IncidentRecord
: an Incident Manager incident.AWS::SSM::Document
: a Systems Manager (SSM) document. - ResourceUri
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the Amazon Web Services resource that you want to associate with the OpsItem.
Result Syntax
[ 'AssociationId' => '<string>', ]
Result Details
Members
- AssociationId
-
- Type: string
The association ID.
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemNotFoundException:
The specified OpsItem ID doesn't exist. Verify the ID and try again.
- OpsItemLimitExceededException:
The request caused OpsItems to exceed one or more quotas.
- OpsItemInvalidParameterException:
A specified parameter argument isn't valid. Verify the available arguments and try again.
- OpsItemRelatedItemAlreadyExistsException:
The Amazon Resource Name (ARN) is already associated with the OpsItem.
- OpsItemConflictException:
The specified OpsItem is in the process of being deleted.
CancelCommand
$result = $client->cancelCommand
([/* ... */]); $promise = $client->cancelCommandAsync
([/* ... */]);
Attempts to cancel the command specified by the Command ID. There is no guarantee that the command will be terminated and the underlying process stopped.
Parameter Syntax
$result = $client->cancelCommand([ 'CommandId' => '<string>', // REQUIRED 'InstanceIds' => ['<string>', ...], ]);
Parameter Details
Members
- CommandId
-
- Required: Yes
- Type: string
The ID of the command you want to cancel.
- InstanceIds
-
- Type: Array of strings
(Optional) A list of managed node IDs on which you want to cancel the command. If not provided, the command is canceled on every node on which it was requested.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidCommandId:
The specified command ID isn't valid. Verify the ID and try again.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- DuplicateInstanceId:
You can't specify a managed node ID in more than one association.
CancelMaintenanceWindowExecution
$result = $client->cancelMaintenanceWindowExecution
([/* ... */]); $promise = $client->cancelMaintenanceWindowExecutionAsync
([/* ... */]);
Stops a maintenance window execution that is already in progress and cancels any tasks in the window that haven't already starting running. Tasks already in progress will continue to completion.
Parameter Syntax
$result = $client->cancelMaintenanceWindowExecution([ 'WindowExecutionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- WindowExecutionId
-
- Required: Yes
- Type: string
The ID of the maintenance window execution to stop.
Result Syntax
[ 'WindowExecutionId' => '<string>', ]
Result Details
Members
- WindowExecutionId
-
- Type: string
The ID of the maintenance window execution that has been stopped.
Errors
- InternalServerError:
An error occurred on the server side.
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
CreateActivation
$result = $client->createActivation
([/* ... */]); $promise = $client->createActivationAsync
([/* ... */]);
Generates an activation code and activation ID you can use to register your on-premises servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and ID when installing SSM Agent on machines in your hybrid environment. For more information about requirements for managing on-premises machines using Systems Manager, see Setting up Amazon Web Services Systems Manager for hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.
Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that are configured for Systems Manager are all called managed nodes.
Parameter Syntax
$result = $client->createActivation([ 'DefaultInstanceName' => '<string>', 'Description' => '<string>', 'ExpirationDate' => <integer || string || DateTime>, 'IamRole' => '<string>', // REQUIRED 'RegistrationLimit' => <integer>, 'RegistrationMetadata' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- DefaultInstanceName
-
- Type: string
The name of the registered, managed node as it will appear in the Amazon Web Services Systems Manager console or when you use the Amazon Web Services command line tools to list Systems Manager resources.
Don't enter personally identifiable information in this field.
- Description
-
- Type: string
A user-defined description of the resource that you want to register with Systems Manager.
Don't enter personally identifiable information in this field.
- ExpirationDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date by which this activation request should expire, in timestamp format, such as "2021-07-07T00:00:00". You can specify a date up to 30 days in advance. If you don't provide an expiration date, the activation code expires in 24 hours.
- IamRole
-
- Required: Yes
- Type: string
The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal
ssm.amazonaws.com
. For more information, see Create an IAM service role for a hybrid and multicloud environment in the Amazon Web Services Systems Manager User Guide.You can't specify an IAM service-linked role for this parameter. You must create a unique role.
- RegistrationLimit
-
- Type: int
Specify the maximum number of managed nodes you want to register. The default value is
1
. - RegistrationMetadata
-
- Type: Array of RegistrationMetadataItem structures
Reserved for internal use.
- Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an activation to identify which servers or virtual machines (VMs) in your on-premises environment you intend to activate. In this case, you could specify the following key-value pairs:
-
Key=OS,Value=Windows
-
Key=Environment,Value=Production
When you install SSM Agent on your on-premises servers and VMs, you specify an activation ID and code. When you specify the activation ID and code, tags assigned to the activation are automatically applied to the on-premises servers or VMs.
You can't add tags to or delete tags from an existing activation. You can tag your on-premises servers, edge devices, and VMs after they connect to Systems Manager for the first time and are assigned a managed node ID. This means they are listed in the Amazon Web Services Systems Manager console with an ID that is prefixed with "mi-". For information about how to add tags to your managed nodes, see AddTagsToResource. For information about how to remove tags from your managed nodes, see RemoveTagsFromResource.
Result Syntax
[ 'ActivationCode' => '<string>', 'ActivationId' => '<string>', ]
Result Details
Members
- ActivationCode
-
- Type: string
The code the system generates when it processes the activation. The activation code functions like a password to validate the activation ID.
- ActivationId
-
- Type: string
The ID number generated by the system when it processed the activation. The activation ID functions like a user name.
Errors
- InvalidParameters:
You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.
- InternalServerError:
An error occurred on the server side.
CreateAssociation
$result = $client->createAssociation
([/* ... */]); $promise = $client->createAssociationAsync
([/* ... */]);
A State Manager association defines the state that you want to maintain on your managed nodes. For example, an association can specify that anti-virus software must be installed and running on your managed nodes, or that certain ports must be closed. For static targets, the association specifies a schedule for when the configuration is reapplied. For dynamic targets, such as an Amazon Web Services resource group or an Amazon Web Services autoscaling group, State Manager, a capability of Amazon Web Services Systems Manager applies the configuration when new managed nodes are added to the group. The association also specifies actions to take when applying the configuration. For example, an association for anti-virus software might run once a day. If the software isn't installed, then State Manager installs it. If the software is installed, but the service isn't running, then the association might instruct State Manager to start the service.
Parameter Syntax
$result = $client->createAssociation([ 'AlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationName' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', // REQUIRED 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'SyncCompliance' => 'AUTO|MANUAL', 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ]);
Parameter Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm you want to apply to an automation or command.
- ApplyOnlyAtCronInterval
-
- Type: boolean
By default, when you create a new association, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
- AssociationName
-
- Type: string
Specify a descriptive name for the association.
- AutomationTargetParameterName
-
- Type: string
Choose the parameter that will define how your automation will branch out. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
- CalendarNames
-
- Type: Array of strings
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents you want to gate your associations under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
- ComplianceSeverity
-
- Type: string
The severity level to assign to the association.
- DocumentVersion
-
- Type: string
The document version you want to associate with the targets. Can be a specific version or the default version.
State Manager doesn't support running associations that use a new version of a document if that document is shared from another account. State Manager always runs the
default
version of a document if shared from another account, even though the Systems Manager console shows that a new version was processed. If you want to run an association using a new version of a document shared form another account, you must set the document version todefault
. - Duration
-
- Type: int
The number of hours the association can run before it is canceled. Duration applies to associations that are currently running, and any pending and in progress commands on all targets. If a target was taken offline for the association to run, it is made available again immediately, without a reboot.
The
Duration
parameter applies only when both these conditions are true:-
The association for which you specify a duration is cancelable according to the parameters of the SSM command document or Automation runbook associated with this execution.
-
The command specifies the
ApplyOnlyAtCronInterval
parameter, which means that the association doesn't run immediately after it is created, but only according to the specified schedule.
- InstanceId
-
- Type: string
The managed node ID.
InstanceId
has been deprecated. To specify a managed node ID for an association, use theTargets
parameter. Requests that include the parameterInstanceID
with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameterInstanceId
, you can't use the parametersAssociationName
,DocumentVersion
,MaxErrors
,MaxConcurrency
,OutputLocation
, orScheduleExpression
. To use these parameters, you must use theTargets
parameter. - MaxConcurrency
-
- Type: string
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new managed node starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified forMaxConcurrency
. - MaxErrors
-
- Type: string
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time. - Name
-
- Required: Yes
- Type: string
The name of the SSM Command document or Automation runbook that contains the configuration information for the managed node.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another Amazon Web Services account.
For Systems Manager documents (SSM documents) that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:
arn:partition:ssm:region:account-id:document/document-name
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example,
AWS-ApplyPatchBaseline
orMy-Document
. - OutputLocation
-
- Type: InstanceAssociationOutputLocation structure
An Amazon Simple Storage Service (Amazon S3) bucket where you want to store the output details of the request.
- Parameters
-
- Type: Associative array of custom strings keys (ParameterName) to stringss
The parameters for the runtime configuration of the document.
- ScheduleExpression
-
- Type: string
A cron expression when the association will be applied to the targets.
- ScheduleOffset
-
- Type: int
Number of days to wait after the scheduled day to run an association. For example, if you specified a cron schedule of
cron(0 0 ? * THU#2 *)
, you could specify an offset of 3 to run the association each Sunday after the second Thursday of the month. For more information about cron schedules for associations, see Reference: Cron and rate expressions for Systems Manager in the Amazon Web Services Systems Manager User Guide.To use offsets, you must specify the
ApplyOnlyAtCronInterval
parameter. This option tells the system not to run an association immediately after you create it. - SyncCompliance
-
- Type: string
The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
AUTO
mode. - Tags
-
- Type: Array of Tag structures
Adds or overwrites one or more tags for a State Manager association. Tags are metadata that you can assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define.
- TargetLocations
-
- Type: Array of TargetLocation structures
A location is a combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association. Use this action to create an association in multiple Regions and multiple accounts.
- TargetMaps
-
- Type: Array of maps
A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.
- Targets
-
- Type: Array of Target structures
The targets for the association. You can target managed nodes by using tags, Amazon Web Services resource groups, all managed nodes in an Amazon Web Services account, or individual managed node IDs. You can target all managed nodes in an Amazon Web Services account by specifying the
InstanceIds
key with a value of*
. For more information about choosing targets for an association, see About targets and rate controls in State Manager associations in the Amazon Web Services Systems Manager User Guide.
Result Syntax
[ 'AssociationDescription' => [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationId' => '<string>', 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'Date' => <DateTime>, 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'LastExecutionDate' => <DateTime>, 'LastSuccessfulExecutionDate' => <DateTime>, 'LastUpdateAssociationDate' => <DateTime>, 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Overview' => [ 'AssociationStatusAggregatedCount' => [<integer>, ...], 'DetailedStatus' => '<string>', 'Status' => '<string>', ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'Status' => [ 'AdditionalInfo' => '<string>', 'Date' => <DateTime>, 'Message' => '<string>', 'Name' => 'Pending|Success|Failed', ], 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], ]
Result Details
Members
- AssociationDescription
-
- Type: AssociationDescription structure
Information about the association.
Errors
- AssociationAlreadyExists:
The specified association already exists.
- AssociationLimitExceeded:
You can have at most 2,000 active associations.
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- UnsupportedPlatformType:
The document doesn't support the platform type of the given managed node IDs. For example, you sent an document for a Windows managed node to a Linux node.
- InvalidOutputLocation:
The output location isn't valid or doesn't exist.
- InvalidParameters:
You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.
- InvalidTarget:
The target isn't valid or doesn't exist. It might not be configured for Systems Manager or you might not have permission to perform the operation.
- InvalidSchedule:
The schedule is invalid. Verify your cron or rate expression and try again.
- InvalidTargetMaps:
TargetMap parameter isn't valid.
- InvalidTag:
The specified tag key or value isn't valid.
CreateAssociationBatch
$result = $client->createAssociationBatch
([/* ... */]); $promise = $client->createAssociationBatchAsync
([/* ... */]);
Associates the specified Amazon Web Services Systems Manager document (SSM document) with the specified managed nodes or targets.
When you associate a document with one or more managed nodes using IDs or tags, Amazon Web Services Systems Manager Agent (SSM Agent) running on the managed node processes the document and configures the node as specified.
If you associate a document with a managed node that already has an associated document, the system returns the AssociationAlreadyExists exception.
Parameter Syntax
$result = $client->createAssociationBatch([ 'Entries' => [ // REQUIRED [ 'AlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationName' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', // REQUIRED 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ], // ... ], ]);
Parameter Details
Members
- Entries
-
- Required: Yes
- Type: Array of CreateAssociationBatchRequestEntry structures
One or more associations.
Result Syntax
[ 'Failed' => [ [ 'Entry' => [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationName' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ], 'Fault' => 'Client|Server|Unknown', 'Message' => '<string>', ], // ... ], 'Successful' => [ [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationId' => '<string>', 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'Date' => <DateTime>, 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'LastExecutionDate' => <DateTime>, 'LastSuccessfulExecutionDate' => <DateTime>, 'LastUpdateAssociationDate' => <DateTime>, 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Overview' => [ 'AssociationStatusAggregatedCount' => [<integer>, ...], 'DetailedStatus' => '<string>', 'Status' => '<string>', ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'Status' => [ 'AdditionalInfo' => '<string>', 'Date' => <DateTime>, 'Message' => '<string>', 'Name' => 'Pending|Success|Failed', ], 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], // ... ], ]
Result Details
Members
- Failed
-
- Type: Array of FailedCreateAssociation structures
Information about the associations that failed.
- Successful
-
- Type: Array of AssociationDescription structures
Information about the associations that succeeded.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidParameters:
You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.
- DuplicateInstanceId:
You can't specify a managed node ID in more than one association.
- AssociationLimitExceeded:
You can have at most 2,000 active associations.
- UnsupportedPlatformType:
The document doesn't support the platform type of the given managed node IDs. For example, you sent an document for a Windows managed node to a Linux node.
- InvalidOutputLocation:
The output location isn't valid or doesn't exist.
- InvalidTarget:
The target isn't valid or doesn't exist. It might not be configured for Systems Manager or you might not have permission to perform the operation.
- InvalidSchedule:
The schedule is invalid. Verify your cron or rate expression and try again.
- InvalidTargetMaps:
TargetMap parameter isn't valid.
CreateDocument
$result = $client->createDocument
([/* ... */]); $promise = $client->createDocumentAsync
([/* ... */]);
Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs on your managed nodes. For more information about SSM documents, including information about supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the Amazon Web Services Systems Manager User Guide.
Parameter Syntax
$result = $client->createDocument([ 'Attachments' => [ [ 'Key' => 'SourceUrl|S3FileUrl|AttachmentReference', 'Name' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'Content' => '<string>', // REQUIRED 'DisplayName' => '<string>', 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup', 'Name' => '<string>', // REQUIRED 'Requires' => [ [ 'Name' => '<string>', // REQUIRED 'RequireType' => '<string>', 'Version' => '<string>', 'VersionName' => '<string>', ], // ... ], 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'TargetType' => '<string>', 'VersionName' => '<string>', ]);
Parameter Details
Members
- Attachments
-
- Type: Array of AttachmentsSource structures
A list of key-value pairs that describe attachments to a version of a document.
- Content
-
- Required: Yes
- Type: string
The content for the new SSM document in JSON or YAML format. The content of the document must not exceed 64KB. This quota also includes the content specified for input parameters at runtime. We recommend storing the contents for your new document in an external JSON or YAML file and referencing the file in a command.
For examples, see the following topics in the Amazon Web Services Systems Manager User Guide.
- DisplayName
-
- Type: string
An optional field where you can specify a friendly name for the SSM document. This value can differ for each version of the document. You can update this value at a later time using the UpdateDocument operation.
- DocumentFormat
-
- Type: string
Specify the document format for the request. The document format can be JSON, YAML, or TEXT. JSON is the default format.
- DocumentType
-
- Type: string
The type of document to create.
The
DeploymentStrategy
document type is an internal-use-only document type reserved for AppConfig. - Name
-
- Required: Yes
- Type: string
A name for the SSM document.
You can't use the following strings as document name prefixes. These are reserved by Amazon Web Services for use as document name prefixes:
-
aws
-
amazon
-
amzn
-
AWSEC2
-
AWSConfigRemediation
-
AWSSupport
- Requires
-
- Type: Array of DocumentRequires structures
A list of SSM documents required by a document. This parameter is used exclusively by AppConfig. When a user creates an AppConfig configuration in an SSM document, the user must also specify a required document for validation purposes. In this case, an
ApplicationConfiguration
document requires anApplicationConfigurationSchema
document for validation purposes. For more information, see What is AppConfig? in the AppConfig User Guide. - Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an SSM document to identify the types of targets or the environment where it will run. In this case, you could specify the following key-value pairs:
-
Key=OS,Value=Windows
-
Key=Environment,Value=Production
To add tags to an existing SSM document, use the AddTagsToResource operation.
- TargetType
-
- Type: string
Specify a target type to define the kinds of resources the document can run on. For example, to run a document on EC2 instances, specify the following value:
/AWS::EC2::Instance
. If you specify a value of '/' the document can run on all types of resources. If you don't specify a value, the document can't run on any resources. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide. - VersionName
-
- Type: string
An optional field specifying the version of the artifact you are creating with the document. For example,
Release12.1
. This value is unique across all versions of a document, and can't be changed.
Result Syntax
[ 'DocumentDescription' => [ 'ApprovedVersion' => '<string>', 'AttachmentsInformation' => [ [ 'Name' => '<string>', ], // ... ], 'Author' => '<string>', 'Category' => ['<string>', ...], 'CategoryEnum' => ['<string>', ...], 'CreatedDate' => <DateTime>, 'DefaultVersion' => '<string>', 'Description' => '<string>', 'DisplayName' => '<string>', 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup', 'DocumentVersion' => '<string>', 'Hash' => '<string>', 'HashType' => 'Sha256|Sha1', 'LatestVersion' => '<string>', 'Name' => '<string>', 'Owner' => '<string>', 'Parameters' => [ [ 'DefaultValue' => '<string>', 'Description' => '<string>', 'Name' => '<string>', 'Type' => 'String|StringList', ], // ... ], 'PendingReviewVersion' => '<string>', 'PlatformTypes' => ['<string>', ...], 'Requires' => [ [ 'Name' => '<string>', 'RequireType' => '<string>', 'Version' => '<string>', 'VersionName' => '<string>', ], // ... ], 'ReviewInformation' => [ [ 'ReviewedTime' => <DateTime>, 'Reviewer' => '<string>', 'Status' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', ], // ... ], 'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', 'SchemaVersion' => '<string>', 'Sha1' => '<string>', 'Status' => 'Creating|Active|Updating|Deleting|Failed', 'StatusInformation' => '<string>', 'Tags' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], 'TargetType' => '<string>', 'VersionName' => '<string>', ], ]
Result Details
Members
- DocumentDescription
-
- Type: DocumentDescription structure
Information about the SSM document.
Errors
- DocumentAlreadyExists:
The specified document already exists.
- MaxDocumentSizeExceeded:
The size limit of a document is 64 KB.
- InternalServerError:
An error occurred on the server side.
- InvalidDocumentContent:
The content for the document isn't valid.
- DocumentLimitExceeded:
You can have at most 500 active SSM documents.
- InvalidDocumentSchemaVersion:
The version of the document schema isn't supported.
CreateMaintenanceWindow
$result = $client->createMaintenanceWindow
([/* ... */]); $promise = $client->createMaintenanceWindowAsync
([/* ... */]);
Creates a new maintenance window.
The value you specify for Duration
determines the specific end time for the maintenance window based on the time it begins. No maintenance window tasks are permitted to start after the resulting endtime minus the number of hours you specify for Cutoff
. For example, if the maintenance window starts at 3 PM, the duration is three hours, and the value you specify for Cutoff
is one hour, no maintenance window tasks can start after 5 PM.
Parameter Syntax
$result = $client->createMaintenanceWindow([ 'AllowUnassociatedTargets' => true || false, // REQUIRED 'ClientToken' => '<string>', 'Cutoff' => <integer>, // REQUIRED 'Description' => '<string>', 'Duration' => <integer>, // REQUIRED 'EndDate' => '<string>', 'Name' => '<string>', // REQUIRED 'Schedule' => '<string>', // REQUIRED 'ScheduleOffset' => <integer>, 'ScheduleTimezone' => '<string>', 'StartDate' => '<string>', 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- AllowUnassociatedTargets
-
- Required: Yes
- Type: boolean
Enables a maintenance window task to run on managed nodes, even if you haven't registered those nodes as targets. If enabled, then you must specify the unregistered managed nodes (by node ID) when you register a task with the maintenance window.
If you don't enable this option, then you must specify previously-registered targets when you register a task with the maintenance window.
- ClientToken
-
- Type: string
User-provided idempotency token.
- Cutoff
-
- Required: Yes
- Type: int
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
- Description
-
- Type: string
An optional description for the maintenance window. We recommend specifying a description to help you organize your maintenance windows.
- Duration
-
- Required: Yes
- Type: int
The duration of the maintenance window in hours.
- EndDate
-
- Type: string
The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become inactive.
EndDate
allows you to set a date and time in the future when the maintenance window will no longer run. - Name
-
- Required: Yes
- Type: string
The name of the maintenance window.
- Schedule
-
- Required: Yes
- Type: string
The schedule of the maintenance window in the form of a cron or rate expression.
- ScheduleOffset
-
- Type: int
The number of days to wait after the date and time specified by a cron expression before running the maintenance window.
For example, the following cron expression schedules a maintenance window to run on the third Tuesday of every month at 11:30 PM.
cron(30 23 ? * TUE#3 *)
If the schedule offset is
2
, the maintenance window won't run until two days later. - ScheduleTimezone
-
- Type: string
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
- StartDate
-
- Type: string
The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become active.
StartDate
allows you to delay activation of the maintenance window until the specified future date.When using a rate schedule, if you provide a start date that occurs in the past, the current date and time are used as the start date.
- Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a maintenance window to identify the type of tasks it will run, the types of targets, and the environment it will run in. In this case, you could specify the following key-value pairs:
-
Key=TaskType,Value=AgentUpdate
-
Key=OS,Value=Windows
-
Key=Environment,Value=Production
To add tags to an existing maintenance window, use the AddTagsToResource operation.
Result Syntax
[ 'WindowId' => '<string>', ]
Result Details
Members
- WindowId
-
- Type: string
The ID of the created maintenance window.
Errors
- IdempotentParameterMismatch:
Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.
- ResourceLimitExceededException:
Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.
For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
CreateOpsItem
$result = $client->createOpsItem
([/* ... */]); $promise = $client->createOpsItemAsync
([/* ... */]);
Creates a new OpsItem. You must have permission in Identity and Access Management (IAM) to create a new OpsItem. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.
Parameter Syntax
$result = $client->createOpsItem([ 'AccountId' => '<string>', 'ActualEndTime' => <integer || string || DateTime>, 'ActualStartTime' => <integer || string || DateTime>, 'Category' => '<string>', 'Description' => '<string>', // REQUIRED 'Notifications' => [ [ 'Arn' => '<string>', ], // ... ], 'OperationalData' => [ '<OpsItemDataKey>' => [ 'Type' => 'SearchableString|String', 'Value' => '<string>', ], // ... ], 'OpsItemType' => '<string>', 'PlannedEndTime' => <integer || string || DateTime>, 'PlannedStartTime' => <integer || string || DateTime>, 'Priority' => <integer>, 'RelatedOpsItems' => [ [ 'OpsItemId' => '<string>', // REQUIRED ], // ... ], 'Severity' => '<string>', 'Source' => '<string>', // REQUIRED 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'Title' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Type: string
The target Amazon Web Services account where you want to create an OpsItem. To make this call, your account must be configured to work with OpsItems across accounts. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.
- ActualEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time a runbook workflow ended. Currently reported only for the OpsItem type
/aws/changerequest
. - ActualStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time a runbook workflow started. Currently reported only for the OpsItem type
/aws/changerequest
. - Category
-
- Type: string
Specify a category to assign to an OpsItem.
- Description
-
- Required: Yes
- Type: string
User-defined text that contains information about the OpsItem, in Markdown format.
Provide enough information so that users viewing this OpsItem for the first time understand the issue.
- Notifications
-
- Type: Array of OpsItemNotification structures
The Amazon Resource Name (ARN) of an SNS topic where notifications are sent when this OpsItem is edited or changed.
- OperationalData
-
- Type: Associative array of custom strings keys (OpsItemDataKey) to OpsItemDataValue structures
Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.
Operational data keys can't begin with the following:
amazon
,aws
,amzn
,ssm
,/amazon
,/aws
,/amzn
,/ssm
.You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).
Use the
/aws/resources
key in OperationalData to specify a related resource in the request. Use the/aws/automations
key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Create OpsItems manually in the Amazon Web Services Systems Manager User Guide. - OpsItemType
-
- Type: string
The type of OpsItem to create. Systems Manager supports the following types of OpsItems:
-
/aws/issue
This type of OpsItem is used for default OpsItems created by OpsCenter.
-
/aws/changerequest
This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.
-
/aws/insight
This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.
- PlannedEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type
/aws/changerequest
. - PlannedStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type
/aws/changerequest
. - Priority
-
- Type: int
The importance of this OpsItem in relation to other OpsItems in the system.
- RelatedOpsItems
-
- Type: Array of RelatedOpsItem structures
One or more OpsItems that share something in common with the current OpsItems. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
- Severity
-
- Type: string
Specify a severity to assign to an OpsItem.
- Source
-
- Required: Yes
- Type: string
The origin of the OpsItem, such as Amazon EC2 or Systems Manager.
The source name can't contain the following strings:
aws
,amazon
, andamzn
. - Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource.
Tags use a key-value pair. For example:
Key=Department,Value=Finance
To add tags to a new OpsItem, a user must have IAM permissions for both the
ssm:CreateOpsItems
operation and thessm:AddTagsToResource
operation. To add tags to an existing OpsItem, use the AddTagsToResource operation. - Title
-
- Required: Yes
- Type: string
A short heading that describes the nature of the OpsItem and the impacted resource.
Result Syntax
[ 'OpsItemArn' => '<string>', 'OpsItemId' => '<string>', ]
Result Details
Members
- OpsItemArn
-
- Type: string
The OpsItem Amazon Resource Name (ARN).
- OpsItemId
-
- Type: string
The ID of the OpsItem.
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemAlreadyExistsException:
The OpsItem already exists.
- OpsItemLimitExceededException:
The request caused OpsItems to exceed one or more quotas.
- OpsItemInvalidParameterException:
A specified parameter argument isn't valid. Verify the available arguments and try again.
- OpsItemAccessDeniedException:
You don't have permission to view OpsItems in the specified account. Verify that your account is configured either as a Systems Manager delegated administrator or that you are logged into the Organizations management account.
CreateOpsMetadata
$result = $client->createOpsMetadata
([/* ... */]); $promise = $client->createOpsMetadataAsync
([/* ... */]);
If you create a new application in Application Manager, Amazon Web Services Systems Manager calls this API operation to specify information about the new application, including the application type.
Parameter Syntax
$result = $client->createOpsMetadata([ 'Metadata' => [ '<MetadataKey>' => [ 'Value' => '<string>', ], // ... ], 'ResourceId' => '<string>', // REQUIRED 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- Metadata
-
- Type: Associative array of custom strings keys (MetadataKey) to MetadataValue structures
Metadata for a new Application Manager application.
- ResourceId
-
- Required: Yes
- Type: string
A resource ID for a new Application Manager application.
- Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. You can specify a maximum of five tags for an OpsMetadata object. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an OpsMetadata object to identify an environment or target Amazon Web Services Region. In this case, you could specify the following key-value pairs:
-
Key=Environment,Value=Production
-
Key=Region,Value=us-east-2
Result Syntax
[ 'OpsMetadataArn' => '<string>', ]
Result Details
Members
- OpsMetadataArn
-
- Type: string
The Amazon Resource Name (ARN) of the OpsMetadata Object or blob created by the call.
Errors
- OpsMetadataAlreadyExistsException:
An OpsMetadata object already exists for the selected resource.
- OpsMetadataTooManyUpdatesException:
The system is processing too many concurrent updates. Wait a few moments and try again.
- OpsMetadataInvalidArgumentException:
One of the arguments passed is invalid.
- OpsMetadataLimitExceededException:
Your account reached the maximum number of OpsMetadata objects allowed by Application Manager. The maximum is 200 OpsMetadata objects. Delete one or more OpsMetadata object and try again.
- InternalServerError:
An error occurred on the server side.
CreatePatchBaseline
$result = $client->createPatchBaseline
([/* ... */]); $promise = $client->createPatchBaselineAsync
([/* ... */]);
Creates a patch baseline.
For information about valid key-value pairs in PatchFilters
for each supported operating system type, see PatchFilter.
Parameter Syntax
$result = $client->createPatchBaseline([ 'ApprovalRules' => [ 'PatchRules' => [ // REQUIRED [ 'ApproveAfterDays' => <integer>, 'ApproveUntilDate' => '<string>', 'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'EnableNonSecurity' => true || false, 'PatchFilterGroup' => [ // REQUIRED 'PatchFilters' => [ // REQUIRED [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], ], ], // ... ], ], 'ApprovedPatches' => ['<string>', ...], 'ApprovedPatchesComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'ApprovedPatchesEnableNonSecurity' => true || false, 'ClientToken' => '<string>', 'Description' => '<string>', 'GlobalFilters' => [ 'PatchFilters' => [ // REQUIRED [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], ], 'Name' => '<string>', // REQUIRED 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', 'RejectedPatches' => ['<string>', ...], 'RejectedPatchesAction' => 'ALLOW_AS_DEPENDENCY|BLOCK', 'Sources' => [ [ 'Configuration' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED 'Products' => ['<string>', ...], // REQUIRED ], // ... ], 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- ApprovalRules
-
- Type: PatchRuleGroup structure
A set of rules used to include patches in the baseline.
- ApprovedPatches
-
- Type: Array of strings
A list of explicitly approved patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
- ApprovedPatchesComplianceLevel
-
- Type: string
Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is
UNSPECIFIED
. - ApprovedPatchesEnableNonSecurity
-
- Type: boolean
Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is
false
. Applies to Linux managed nodes only. - ClientToken
-
- Type: string
User-provided idempotency token.
- Description
-
- Type: string
A description of the patch baseline.
- GlobalFilters
-
- Type: PatchFilterGroup structure
A set of global filters used to include patches in the baseline.
- Name
-
- Required: Yes
- Type: string
The name of the patch baseline.
- OperatingSystem
-
- Type: string
Defines the operating system the patch baseline applies to. The default value is
WINDOWS
. - RejectedPatches
-
- Type: Array of strings
A list of explicitly rejected patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
- RejectedPatchesAction
-
- Type: string
The action for Patch Manager to take on patches included in the
RejectedPackages
list.- ALLOW_AS_DEPENDENCY
-
Linux and macOS: A package in the rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as
INSTALLED_OTHER
. This is the default action if no option is specified.Windows Server: Windows Server doesn't support the concept of package dependencies. If a package in the rejected patches list and already installed on the node, its status is reported as
INSTALLED_OTHER
. Any package not already installed on the node is skipped. This is the default action if no option is specified. - BLOCK
-
All OSs: Packages in the rejected patches list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances. If a package was installed before it was added to the rejected patches list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as
INSTALLED_REJECTED
.
- Sources
-
- Type: Array of PatchSource structures
Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.
- Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to. In this case, you could specify the following key-value pairs:
-
Key=PatchSeverity,Value=Critical
-
Key=OS,Value=Windows
To add tags to an existing patch baseline, use the AddTagsToResource operation.
Result Syntax
[ 'BaselineId' => '<string>', ]
Result Details
Members
- BaselineId
-
- Type: string
The ID of the created patch baseline.
Errors
- IdempotentParameterMismatch:
Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.
- ResourceLimitExceededException:
Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.
For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
CreateResourceDataSync
$result = $client->createResourceDataSync
([/* ... */]); $promise = $client->createResourceDataSyncAsync
([/* ... */]);
A resource data sync helps you view data from multiple sources in a single location. Amazon Web Services Systems Manager offers two types of resource data sync: SyncToDestination
and SyncFromSource
.
You can configure Systems Manager Inventory to use the SyncToDestination
type to synchronize Inventory data from multiple Amazon Web Services Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Configuring resource data sync for Inventory in the Amazon Web Services Systems Manager User Guide.
You can configure Systems Manager Explorer to use the SyncFromSource
type to synchronize operational work items (OpsItems) and operational data (OpsData) from multiple Amazon Web Services Regions to a single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple Amazon Web Services accounts and Amazon Web Services Regions or EntireOrganization
by using Organizations. For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the Amazon Web Services Systems Manager User Guide.
A resource data sync is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data. To check the status of a sync, use the ListResourceDataSync.
By default, data isn't encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy.
Parameter Syntax
$result = $client->createResourceDataSync([ 'S3Destination' => [ 'AWSKMSKeyARN' => '<string>', 'BucketName' => '<string>', // REQUIRED 'DestinationDataSharing' => [ 'DestinationDataSharingType' => '<string>', ], 'Prefix' => '<string>', 'Region' => '<string>', // REQUIRED 'SyncFormat' => 'JsonSerDe', // REQUIRED ], 'SyncName' => '<string>', // REQUIRED 'SyncSource' => [ 'AwsOrganizationsSource' => [ 'OrganizationSourceType' => '<string>', // REQUIRED 'OrganizationalUnits' => [ [ 'OrganizationalUnitId' => '<string>', ], // ... ], ], 'EnableAllOpsDataSources' => true || false, 'IncludeFutureRegions' => true || false, 'SourceRegions' => ['<string>', ...], // REQUIRED 'SourceType' => '<string>', // REQUIRED ], 'SyncType' => '<string>', ]);
Parameter Details
Members
- S3Destination
-
- Type: ResourceDataSyncS3Destination structure
Amazon S3 configuration details for the sync. This parameter is required if the
SyncType
value is SyncToDestination. - SyncName
-
- Required: Yes
- Type: string
A name for the configuration.
- SyncSource
-
- Type: ResourceDataSyncSource structure
Specify information about the data sources to synchronize. This parameter is required if the
SyncType
value is SyncFromSource. - SyncType
-
- Type: string
Specify
SyncToDestination
to create a resource data sync that synchronizes data to an S3 bucket for Inventory. If you specifySyncToDestination
, you must provide a value forS3Destination
. SpecifySyncFromSource
to synchronize data from a single account and multiple Regions, or multiple Amazon Web Services accounts and Amazon Web Services Regions, as listed in Organizations for Explorer. If you specifySyncFromSource
, you must provide a value forSyncSource
. The default value isSyncToDestination
.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- ResourceDataSyncCountExceededException:
You have exceeded the allowed maximum sync configurations.
- ResourceDataSyncAlreadyExistsException:
A sync configuration with the same name already exists.
- ResourceDataSyncInvalidConfigurationException:
The specified sync configuration is invalid.
DeleteActivation
$result = $client->deleteActivation
([/* ... */]); $promise = $client->deleteActivationAsync
([/* ... */]);
Deletes an activation. You aren't required to delete an activation. If you delete an activation, you can no longer use it to register additional managed nodes. Deleting an activation doesn't de-register managed nodes. You must manually de-register managed nodes.
Parameter Syntax
$result = $client->deleteActivation([ 'ActivationId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ActivationId
-
- Required: Yes
- Type: string
The ID of the activation that you want to delete.
Result Syntax
[]
Result Details
Errors
- InvalidActivationId:
The activation ID isn't valid. Verify the you entered the correct ActivationId or ActivationCode and try again.
- InvalidActivation:
The activation isn't valid. The activation might have been deleted, or the ActivationId and the ActivationCode don't match.
- InternalServerError:
An error occurred on the server side.
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
DeleteAssociation
$result = $client->deleteAssociation
([/* ... */]); $promise = $client->deleteAssociationAsync
([/* ... */]);
Disassociates the specified Amazon Web Services Systems Manager document (SSM document) from the specified managed node. If you created the association by using the Targets
parameter, then you must delete the association by using the association ID.
When you disassociate a document from a managed node, it doesn't change the configuration of the node. To change the configuration state of a managed node after you disassociate a document, you must create a new document with the desired configuration and associate it with the node.
Parameter Syntax
$result = $client->deleteAssociation([ 'AssociationId' => '<string>', 'InstanceId' => '<string>', 'Name' => '<string>', ]);
Parameter Details
Members
- AssociationId
-
- Type: string
The association ID that you want to delete.
- InstanceId
-
- Type: string
The managed node ID.
InstanceId
has been deprecated. To specify a managed node ID for an association, use theTargets
parameter. Requests that include the parameterInstanceID
with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameterInstanceId
, you can't use the parametersAssociationName
,DocumentVersion
,MaxErrors
,MaxConcurrency
,OutputLocation
, orScheduleExpression
. To use these parameters, you must use theTargets
parameter. - Name
-
- Type: string
The name of the SSM document.
Result Syntax
[]
Result Details
Errors
- AssociationDoesNotExist:
The specified association doesn't exist.
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
DeleteDocument
$result = $client->deleteDocument
([/* ... */]); $promise = $client->deleteDocumentAsync
([/* ... */]);
Deletes the Amazon Web Services Systems Manager document (SSM document) and all managed node associations to the document.
Before you delete the document, we recommend that you use DeleteAssociation to disassociate all managed nodes that are associated with the document.
Parameter Syntax
$result = $client->deleteDocument([ 'DocumentVersion' => '<string>', 'Force' => true || false, 'Name' => '<string>', // REQUIRED 'VersionName' => '<string>', ]);
Parameter Details
Members
- DocumentVersion
-
- Type: string
The version of the document that you want to delete. If not provided, all versions of the document are deleted.
- Force
-
- Type: boolean
Some SSM document types require that you specify a
Force
flag before you can delete the document. For example, you must specify aForce
flag to delete a document of typeApplicationConfigurationSchema
. You can restrict access to theForce
flag in an Identity and Access Management (IAM) policy. - Name
-
- Required: Yes
- Type: string
The name of the document.
- VersionName
-
- Type: string
The version name of the document that you want to delete. If not provided, all versions of the document are deleted.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentOperation:
You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.
- AssociatedInstances:
You must disassociate a document from all managed nodes before you can delete it.
DeleteInventory
$result = $client->deleteInventory
([/* ... */]); $promise = $client->deleteInventoryAsync
([/* ... */]);
Delete a custom inventory type or the data associated with a custom Inventory type. Deleting a custom inventory type is also referred to as deleting a custom inventory schema.
Parameter Syntax
$result = $client->deleteInventory([ 'ClientToken' => '<string>', 'DryRun' => true || false, 'SchemaDeleteOption' => 'DisableSchema|DeleteSchema', 'TypeName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ClientToken
-
- Type: string
User-provided idempotency token.
- DryRun
-
- Type: boolean
Use this option to view a summary of the deletion request without deleting any data or the data type. This option is useful when you only want to understand what will be deleted. Once you validate that the data to be deleted is what you intend to delete, you can run the same command without specifying the
DryRun
option. - SchemaDeleteOption
-
- Type: string
Use the
SchemaDeleteOption
to delete a custom inventory type (schema). If you don't choose this option, the system only deletes existing inventory data associated with the custom inventory type. Choose one of the following options:DisableSchema: If you choose this option, the system ignores all inventory data for the specified version, and any earlier versions. To enable this schema again, you must call the
PutInventory
operation for a version greater than the disabled version.DeleteSchema: This option deletes the specified custom type from the Inventory service. You can recreate the schema later, if you want.
- TypeName
-
- Required: Yes
- Type: string
The name of the custom inventory type for which you want to delete either all previously collected data or the inventory type itself.
Result Syntax
[ 'DeletionId' => '<string>', 'DeletionSummary' => [ 'RemainingCount' => <integer>, 'SummaryItems' => [ [ 'Count' => <integer>, 'RemainingCount' => <integer>, 'Version' => '<string>', ], // ... ], 'TotalCount' => <integer>, ], 'TypeName' => '<string>', ]
Result Details
Members
- DeletionId
-
- Type: string
Every
DeleteInventory
operation is assigned a unique ID. This option returns a unique ID. You can use this ID to query the status of a delete operation. This option is useful for ensuring that a delete operation has completed before you begin other operations. - DeletionSummary
-
- Type: InventoryDeletionSummary structure
A summary of the delete operation. For more information about this summary, see Understanding the delete inventory summary in the Amazon Web Services Systems Manager User Guide.
- TypeName
-
- Type: string
The name of the inventory data type specified in the request.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidTypeNameException:
The parameter type name isn't valid.
- InvalidOptionException:
The delete inventory option specified isn't valid. Verify the option and try again.
- InvalidDeleteInventoryParametersException:
One or more of the parameters specified for the delete operation isn't valid. Verify all parameters and try again.
- InvalidInventoryRequestException:
The request isn't valid.
DeleteMaintenanceWindow
$result = $client->deleteMaintenanceWindow
([/* ... */]); $promise = $client->deleteMaintenanceWindowAsync
([/* ... */]);
Deletes a maintenance window.
Parameter Syntax
$result = $client->deleteMaintenanceWindow([ 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window to delete.
Result Syntax
[ 'WindowId' => '<string>', ]
Result Details
Members
- WindowId
-
- Type: string
The ID of the deleted maintenance window.
Errors
- InternalServerError:
An error occurred on the server side.
DeleteOpsItem
$result = $client->deleteOpsItem
([/* ... */]); $promise = $client->deleteOpsItemAsync
([/* ... */]);
Delete an OpsItem. You must have permission in Identity and Access Management (IAM) to delete an OpsItem.
Note the following important information about this operation.
-
Deleting an OpsItem is irreversible. You can't restore a deleted OpsItem.
-
This operation uses an eventual consistency model, which means the system can take a few minutes to complete this operation. If you delete an OpsItem and immediately call, for example, GetOpsItem, the deleted OpsItem might still appear in the response.
-
This operation is idempotent. The system doesn't throw an exception if you repeatedly call this operation for the same OpsItem. If the first call is successful, all additional calls return the same successful response as the first call.
-
This operation doesn't support cross-account calls. A delegated administrator or management account can't delete OpsItems in other accounts, even if OpsCenter has been set up for cross-account administration. For more information about cross-account administration, see Setting up OpsCenter to centrally manage OpsItems across accounts in the Systems Manager User Guide.
Parameter Syntax
$result = $client->deleteOpsItem([ 'OpsItemId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- OpsItemId
-
- Required: Yes
- Type: string
The ID of the OpsItem that you want to delete.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemInvalidParameterException:
A specified parameter argument isn't valid. Verify the available arguments and try again.
DeleteOpsMetadata
$result = $client->deleteOpsMetadata
([/* ... */]); $promise = $client->deleteOpsMetadataAsync
([/* ... */]);
Delete OpsMetadata related to an application.
Parameter Syntax
$result = $client->deleteOpsMetadata([ 'OpsMetadataArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- OpsMetadataArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of an OpsMetadata Object to delete.
Result Syntax
[]
Result Details
Errors
- OpsMetadataNotFoundException:
The OpsMetadata object doesn't exist.
- OpsMetadataInvalidArgumentException:
One of the arguments passed is invalid.
- InternalServerError:
An error occurred on the server side.
DeleteParameter
$result = $client->deleteParameter
([/* ... */]); $promise = $client->deleteParameterAsync
([/* ... */]);
Delete a parameter from the system. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.
Parameter Syntax
$result = $client->deleteParameter([ 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Name
-
- Required: Yes
- Type: string
The name of the parameter to delete.
You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- ParameterNotFound:
The parameter couldn't be found. Verify the name and try again.
DeleteParameters
$result = $client->deleteParameters
([/* ... */]); $promise = $client->deleteParametersAsync
([/* ... */]);
Delete a list of parameters. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.
Parameter Syntax
$result = $client->deleteParameters([ 'Names' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- Names
-
- Required: Yes
- Type: Array of strings
The names of the parameters to delete. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.
You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.
Result Syntax
[ 'DeletedParameters' => ['<string>', ...], 'InvalidParameters' => ['<string>', ...], ]
Result Details
Members
- DeletedParameters
-
- Type: Array of strings
The names of the deleted parameters.
- InvalidParameters
-
- Type: Array of strings
The names of parameters that weren't deleted because the parameters aren't valid.
Errors
- InternalServerError:
An error occurred on the server side.
DeletePatchBaseline
$result = $client->deletePatchBaseline
([/* ... */]); $promise = $client->deletePatchBaselineAsync
([/* ... */]);
Deletes a patch baseline.
Parameter Syntax
$result = $client->deletePatchBaseline([ 'BaselineId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- BaselineId
-
- Required: Yes
- Type: string
The ID of the patch baseline to delete.
Result Syntax
[ 'BaselineId' => '<string>', ]
Result Details
Members
- BaselineId
-
- Type: string
The ID of the deleted patch baseline.
Errors
- ResourceInUseException:
Error returned if an attempt is made to delete a patch baseline that is registered for a patch group.
- InternalServerError:
An error occurred on the server side.
DeleteResourceDataSync
$result = $client->deleteResourceDataSync
([/* ... */]); $promise = $client->deleteResourceDataSyncAsync
([/* ... */]);
Deletes a resource data sync configuration. After the configuration is deleted, changes to data on managed nodes are no longer synced to or from the target. Deleting a sync configuration doesn't delete data.
Parameter Syntax
$result = $client->deleteResourceDataSync([ 'SyncName' => '<string>', // REQUIRED 'SyncType' => '<string>', ]);
Parameter Details
Members
- SyncName
-
- Required: Yes
- Type: string
The name of the configuration to delete.
- SyncType
-
- Type: string
Specify the type of resource data sync to delete.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- ResourceDataSyncNotFoundException:
The specified sync name wasn't found.
- ResourceDataSyncInvalidConfigurationException:
The specified sync configuration is invalid.
DeleteResourcePolicy
$result = $client->deleteResourcePolicy
([/* ... */]); $promise = $client->deleteResourcePolicyAsync
([/* ... */]);
Deletes a Systems Manager resource policy. A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. The following resources support Systems Manager resource policies.
-
OpsItemGroup
- The resource policy forOpsItemGroup
enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems). -
Parameter
- The resource policy is used to share a parameter with other accounts using Resource Access Manager (RAM). For more information about cross-account sharing of parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.
Parameter Syntax
$result = $client->deleteResourcePolicy([ 'PolicyHash' => '<string>', // REQUIRED 'PolicyId' => '<string>', // REQUIRED 'ResourceArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- PolicyHash
-
- Required: Yes
- Type: string
ID of the current policy version. The hash helps to prevent multiple calls from attempting to overwrite a policy.
- PolicyId
-
- Required: Yes
- Type: string
The policy ID.
- ResourceArn
-
- Required: Yes
- Type: string
Amazon Resource Name (ARN) of the resource to which the policies are attached.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- ResourcePolicyInvalidParameterException:
One or more parameters specified for the call aren't valid. Verify the parameters and their values and try again.
- ResourcePolicyConflictException:
The hash provided in the call doesn't match the stored hash. This exception is thrown when trying to update an obsolete policy version or when multiple requests to update a policy are sent.
- ResourceNotFoundException:
The specified parameter to be shared could not be found.
- MalformedResourcePolicyDocumentException:
The specified policy document is malformed or invalid, or excessive
PutResourcePolicy
orDeleteResourcePolicy
calls have been made.- ResourcePolicyNotFoundException:
No policies with the specified policy ID and hash could be found.
DeregisterManagedInstance
$result = $client->deregisterManagedInstance
([/* ... */]); $promise = $client->deregisterManagedInstanceAsync
([/* ... */]);
Removes the server or virtual machine from the list of registered servers. You can reregister the node again at any time. If you don't plan to use Run Command on the server, we suggest uninstalling SSM Agent first.
Parameter Syntax
$result = $client->deregisterManagedInstance([ 'InstanceId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- InstanceId
-
- Required: Yes
- Type: string
The ID assigned to the managed node when you registered it using the activation process.
Result Syntax
[]
Result Details
Errors
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InternalServerError:
An error occurred on the server side.
DeregisterPatchBaselineForPatchGroup
$result = $client->deregisterPatchBaselineForPatchGroup
([/* ... */]); $promise = $client->deregisterPatchBaselineForPatchGroupAsync
([/* ... */]);
Removes a patch group from a patch baseline.
Parameter Syntax
$result = $client->deregisterPatchBaselineForPatchGroup([ 'BaselineId' => '<string>', // REQUIRED 'PatchGroup' => '<string>', // REQUIRED ]);
Parameter Details
Members
- BaselineId
-
- Required: Yes
- Type: string
The ID of the patch baseline to deregister the patch group from.
- PatchGroup
-
- Required: Yes
- Type: string
The name of the patch group that should be deregistered from the patch baseline.
Result Syntax
[ 'BaselineId' => '<string>', 'PatchGroup' => '<string>', ]
Result Details
Members
- BaselineId
-
- Type: string
The ID of the patch baseline the patch group was deregistered from.
- PatchGroup
-
- Type: string
The name of the patch group deregistered from the patch baseline.
Errors
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- InternalServerError:
An error occurred on the server side.
DeregisterTargetFromMaintenanceWindow
$result = $client->deregisterTargetFromMaintenanceWindow
([/* ... */]); $promise = $client->deregisterTargetFromMaintenanceWindowAsync
([/* ... */]);
Removes a target from a maintenance window.
Parameter Syntax
$result = $client->deregisterTargetFromMaintenanceWindow([ 'Safe' => true || false, 'WindowId' => '<string>', // REQUIRED 'WindowTargetId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Safe
-
- Type: boolean
The system checks if the target is being referenced by a task. If the target is being referenced, the system returns an error and doesn't deregister the target from the maintenance window.
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window the target should be removed from.
- WindowTargetId
-
- Required: Yes
- Type: string
The ID of the target definition to remove.
Result Syntax
[ 'WindowId' => '<string>', 'WindowTargetId' => '<string>', ]
Result Details
Members
- WindowId
-
- Type: string
The ID of the maintenance window the target was removed from.
- WindowTargetId
-
- Type: string
The ID of the removed target definition.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
- TargetInUseException:
You specified the
Safe
option for the DeregisterTargetFromMaintenanceWindow operation, but the target is still referenced in a task.
DeregisterTaskFromMaintenanceWindow
$result = $client->deregisterTaskFromMaintenanceWindow
([/* ... */]); $promise = $client->deregisterTaskFromMaintenanceWindowAsync
([/* ... */]);
Removes a task from a maintenance window.
Parameter Syntax
$result = $client->deregisterTaskFromMaintenanceWindow([ 'WindowId' => '<string>', // REQUIRED 'WindowTaskId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window the task should be removed from.
- WindowTaskId
-
- Required: Yes
- Type: string
The ID of the task to remove from the maintenance window.
Result Syntax
[ 'WindowId' => '<string>', 'WindowTaskId' => '<string>', ]
Result Details
Members
- WindowId
-
- Type: string
The ID of the maintenance window the task was removed from.
- WindowTaskId
-
- Type: string
The ID of the task removed from the maintenance window.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
DescribeActivations
$result = $client->describeActivations
([/* ... */]); $promise = $client->describeActivationsAsync
([/* ... */]);
Describes details about the activation, such as the date and time the activation was created, its expiration date, the Identity and Access Management (IAM) role assigned to the managed nodes in the activation, and the number of nodes registered by using this activation.
Parameter Syntax
$result = $client->describeActivations([ 'Filters' => [ [ 'FilterKey' => 'ActivationIds|DefaultInstanceName|IamRole', 'FilterValues' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of DescribeActivationsFilter structures
A filter to view information about your activations.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'ActivationList' => [ [ 'ActivationId' => '<string>', 'CreatedDate' => <DateTime>, 'DefaultInstanceName' => '<string>', 'Description' => '<string>', 'ExpirationDate' => <DateTime>, 'Expired' => true || false, 'IamRole' => '<string>', 'RegistrationLimit' => <integer>, 'RegistrationsCount' => <integer>, 'Tags' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- ActivationList
-
- Type: Array of Activation structures
A list of activations for your Amazon Web Services account.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
- InternalServerError:
An error occurred on the server side.
DescribeAssociation
$result = $client->describeAssociation
([/* ... */]); $promise = $client->describeAssociationAsync
([/* ... */]);
Describes the association for the specified target or managed node. If you created the association by using the Targets
parameter, then you must retrieve the association by using the association ID.
Parameter Syntax
$result = $client->describeAssociation([ 'AssociationId' => '<string>', 'AssociationVersion' => '<string>', 'InstanceId' => '<string>', 'Name' => '<string>', ]);
Parameter Details
Members
- AssociationId
-
- Type: string
The association ID for which you want information.
- AssociationVersion
-
- Type: string
Specify the association version to retrieve. To view the latest version, either specify
$LATEST
for this parameter, or omit this parameter. To view a list of all associations for a managed node, use ListAssociations. To get a list of versions for a specific association, use ListAssociationVersions. - InstanceId
-
- Type: string
The managed node ID.
- Name
-
- Type: string
The name of the SSM document.
Result Syntax
[ 'AssociationDescription' => [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationId' => '<string>', 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'Date' => <DateTime>, 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'LastExecutionDate' => <DateTime>, 'LastSuccessfulExecutionDate' => <DateTime>, 'LastUpdateAssociationDate' => <DateTime>, 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Overview' => [ 'AssociationStatusAggregatedCount' => [<integer>, ...], 'DetailedStatus' => '<string>', 'Status' => '<string>', ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'Status' => [ 'AdditionalInfo' => '<string>', 'Date' => <DateTime>, 'Message' => '<string>', 'Name' => 'Pending|Success|Failed', ], 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], ]
Result Details
Members
- AssociationDescription
-
- Type: AssociationDescription structure
Information about the association.
Errors
- AssociationDoesNotExist:
The specified association doesn't exist.
- InvalidAssociationVersion:
The version you specified isn't valid. Use ListAssociationVersions to view all versions of an association according to the association ID. Or, use the
$LATEST
parameter to view the latest version of the association.- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
DescribeAssociationExecutionTargets
$result = $client->describeAssociationExecutionTargets
([/* ... */]); $promise = $client->describeAssociationExecutionTargetsAsync
([/* ... */]);
Views information about a specific execution of a specific association.
Parameter Syntax
$result = $client->describeAssociationExecutionTargets([ 'AssociationId' => '<string>', // REQUIRED 'ExecutionId' => '<string>', // REQUIRED 'Filters' => [ [ 'Key' => 'Status|ResourceId|ResourceType', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AssociationId
-
- Required: Yes
- Type: string
The association ID that includes the execution for which you want to view details.
- ExecutionId
-
- Required: Yes
- Type: string
The execution ID for which you want to view details.
- Filters
-
- Type: Array of AssociationExecutionTargetsFilter structures
Filters for the request. You can specify the following filters and values.
Status (EQUAL)
ResourceId (EQUAL)
ResourceType (EQUAL)
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'AssociationExecutionTargets' => [ [ 'AssociationId' => '<string>', 'AssociationVersion' => '<string>', 'DetailedStatus' => '<string>', 'ExecutionId' => '<string>', 'LastExecutionDate' => <DateTime>, 'OutputSource' => [ 'OutputSourceId' => '<string>', 'OutputSourceType' => '<string>', ], 'ResourceId' => '<string>', 'ResourceType' => '<string>', 'Status' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AssociationExecutionTargets
-
- Type: Array of AssociationExecutionTarget structures
Information about the execution.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InternalServerError:
An error occurred on the server side.
- AssociationDoesNotExist:
The specified association doesn't exist.
- InvalidNextToken:
The specified token isn't valid.
- AssociationExecutionDoesNotExist:
The specified execution ID doesn't exist. Verify the ID number and try again.
DescribeAssociationExecutions
$result = $client->describeAssociationExecutions
([/* ... */]); $promise = $client->describeAssociationExecutionsAsync
([/* ... */]);
Views all executions for a specific association ID.
Parameter Syntax
$result = $client->describeAssociationExecutions([ 'AssociationId' => '<string>', // REQUIRED 'Filters' => [ [ 'Key' => 'ExecutionId|Status|CreatedTime', // REQUIRED 'Type' => 'EQUAL|LESS_THAN|GREATER_THAN', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AssociationId
-
- Required: Yes
- Type: string
The association ID for which you want to view execution history details.
- Filters
-
- Type: Array of AssociationExecutionFilter structures
Filters for the request. You can specify the following filters and values.
ExecutionId (EQUAL)
Status (EQUAL)
CreatedTime (EQUAL, GREATER_THAN, LESS_THAN)
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'AssociationExecutions' => [ [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'AssociationId' => '<string>', 'AssociationVersion' => '<string>', 'CreatedTime' => <DateTime>, 'DetailedStatus' => '<string>', 'ExecutionId' => '<string>', 'LastExecutionDate' => <DateTime>, 'ResourceCountByStatus' => '<string>', 'Status' => '<string>', 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AssociationExecutions
-
- Type: Array of AssociationExecution structures
A list of the executions for the specified association ID.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InternalServerError:
An error occurred on the server side.
- AssociationDoesNotExist:
The specified association doesn't exist.
- InvalidNextToken:
The specified token isn't valid.
DescribeAutomationExecutions
$result = $client->describeAutomationExecutions
([/* ... */]); $promise = $client->describeAutomationExecutionsAsync
([/* ... */]);
Provides details about all active and terminated Automation executions.
Parameter Syntax
$result = $client->describeAutomationExecutions([ 'Filters' => [ [ 'Key' => 'DocumentNamePrefix|ExecutionStatus|ExecutionId|ParentExecutionId|CurrentAction|StartTimeBefore|StartTimeAfter|AutomationType|TagKey|TargetResourceGroup|AutomationSubtype|OpsItemId', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of AutomationExecutionFilter structures
Filters used to limit the scope of executions that are requested.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'AutomationExecutionMetadataList' => [ [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'AssociationId' => '<string>', 'AutomationExecutionId' => '<string>', 'AutomationExecutionStatus' => 'Pending|InProgress|Waiting|Success|TimedOut|Cancelling|Cancelled|Failed|PendingApproval|Approved|Rejected|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|CompletedWithSuccess|CompletedWithFailure|Exited', 'AutomationSubtype' => 'ChangeRequest', 'AutomationType' => 'CrossAccount|Local', 'ChangeRequestName' => '<string>', 'CurrentAction' => '<string>', 'CurrentStepName' => '<string>', 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'ExecutedBy' => '<string>', 'ExecutionEndTime' => <DateTime>, 'ExecutionStartTime' => <DateTime>, 'FailureMessage' => '<string>', 'LogFile' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Mode' => 'Auto|Interactive', 'OpsItemId' => '<string>', 'Outputs' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'ParentAutomationExecutionId' => '<string>', 'ResolvedTargets' => [ 'ParameterValues' => ['<string>', ...], 'Truncated' => true || false, ], 'Runbooks' => [ [ 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'TargetParameterName' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ], // ... ], 'ScheduledTime' => <DateTime>, 'Target' => '<string>', 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'TargetParameterName' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AutomationExecutionMetadataList
-
- Type: Array of AutomationExecutionMetadata structures
The list of details about each automation execution which has occurred which matches the filter specification, if any.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InvalidFilterKey:
The specified key isn't valid.
- InvalidFilterValue:
The filter value isn't valid. Verify the value and try again.
- InvalidNextToken:
The specified token isn't valid.
- InternalServerError:
An error occurred on the server side.
DescribeAutomationStepExecutions
$result = $client->describeAutomationStepExecutions
([/* ... */]); $promise = $client->describeAutomationStepExecutionsAsync
([/* ... */]);
Information about all active and terminated step executions in an Automation workflow.
Parameter Syntax
$result = $client->describeAutomationStepExecutions([ 'AutomationExecutionId' => '<string>', // REQUIRED 'Filters' => [ [ 'Key' => 'StartTimeBefore|StartTimeAfter|StepExecutionStatus|StepExecutionId|StepName|Action|ParentStepExecutionId|ParentStepIteration|ParentStepIteratorValue', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ReverseOrder' => true || false, ]);
Parameter Details
Members
- AutomationExecutionId
-
- Required: Yes
- Type: string
The Automation execution ID for which you want step execution descriptions.
- Filters
-
- Type: Array of StepExecutionFilter structures
One or more filters to limit the number of step executions returned by the request.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- ReverseOrder
-
- Type: boolean
Indicates whether to list step executions in reverse order by start time. The default value is 'false'.
Result Syntax
[ 'NextToken' => '<string>', 'StepExecutions' => [ [ 'Action' => '<string>', 'ExecutionEndTime' => <DateTime>, 'ExecutionStartTime' => <DateTime>, 'FailureDetails' => [ 'Details' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'FailureStage' => '<string>', 'FailureType' => '<string>', ], 'FailureMessage' => '<string>', 'Inputs' => ['<string>', ...], 'IsCritical' => true || false, 'IsEnd' => true || false, 'MaxAttempts' => <integer>, 'NextStep' => '<string>', 'OnFailure' => '<string>', 'Outputs' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'OverriddenParameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'ParentStepDetails' => [ 'Action' => '<string>', 'Iteration' => <integer>, 'IteratorValue' => '<string>', 'StepExecutionId' => '<string>', 'StepName' => '<string>', ], 'Response' => '<string>', 'ResponseCode' => '<string>', 'StepExecutionId' => '<string>', 'StepName' => '<string>', 'StepStatus' => 'Pending|InProgress|Waiting|Success|TimedOut|Cancelling|Cancelled|Failed|PendingApproval|Approved|Rejected|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|CompletedWithSuccess|CompletedWithFailure|Exited', 'TargetLocation' => [ 'Accounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TimeoutSeconds' => <integer>, 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], 'ValidNextSteps' => ['<string>', ...], ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- StepExecutions
-
- Type: Array of StepExecution structures
A list of details about the current state of all steps that make up an execution.
Errors
- AutomationExecutionNotFoundException:
There is no automation execution information for the requested automation execution ID.
- InvalidNextToken:
The specified token isn't valid.
- InvalidFilterKey:
The specified key isn't valid.
- InvalidFilterValue:
The filter value isn't valid. Verify the value and try again.
- InternalServerError:
An error occurred on the server side.
DescribeAvailablePatches
$result = $client->describeAvailablePatches
([/* ... */]); $promise = $client->describeAvailablePatchesAsync
([/* ... */]);
Lists all patches eligible to be included in a patch baseline.
Currently, DescribeAvailablePatches
supports only the Amazon Linux 1, Amazon Linux 2, and Windows Server operating systems.
Parameter Syntax
$result = $client->describeAvailablePatches([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of PatchOrchestratorFilter structures
Each element in the array is a structure containing a key-value pair.
Windows Server
Supported keys for Windows Server managed node patches include the following:
-
PATCH_SET
Sample values:
OS
|APPLICATION
-
PRODUCT
Sample values:
WindowsServer2012
|Office 2010
|MicrosoftDefenderAntivirus
-
PRODUCT_FAMILY
Sample values:
Windows
|Office
-
MSRC_SEVERITY
Sample values:
ServicePacks
|Important
|Moderate
-
CLASSIFICATION
Sample values:
ServicePacks
|SecurityUpdates
|DefinitionUpdates
-
PATCH_ID
Sample values:
KB123456
|KB4516046
Linux
When specifying filters for Linux patches, you must specify a key-pair for
PRODUCT
. For example, using the Command Line Interface (CLI), the following command fails:aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615
However, the following command succeeds:
aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615
Supported keys for Linux managed node patches include the following:
-
PRODUCT
Sample values:
AmazonLinux2018.03
|AmazonLinux2.0
-
NAME
Sample values:
kernel-headers
|samba-python
|php
-
SEVERITY
Sample values:
Critical
|Important
|Medium
|Low
-
EPOCH
Sample values:
0
|1
-
VERSION
Sample values:
78.6.1
|4.10.16
-
RELEASE
Sample values:
9.56.amzn1
|1.amzn2
-
ARCH
Sample values:
i686
|x86_64
-
REPOSITORY
Sample values:
Core
|Updates
-
ADVISORY_ID
Sample values:
ALAS-2018-1058
|ALAS2-2021-1594
-
CVE_ID
Sample values:
CVE-2018-3615
|CVE-2020-1472
-
BUGZILLA_ID
Sample values:
1463241
- MaxResults
-
- Type: int
The maximum number of patches to return (per page).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'NextToken' => '<string>', 'Patches' => [ [ 'AdvisoryIds' => ['<string>', ...], 'Arch' => '<string>', 'BugzillaIds' => ['<string>', ...], 'CVEIds' => ['<string>', ...], 'Classification' => '<string>', 'ContentUrl' => '<string>', 'Description' => '<string>', 'Epoch' => <integer>, 'Id' => '<string>', 'KbNumber' => '<string>', 'Language' => '<string>', 'MsrcNumber' => '<string>', 'MsrcSeverity' => '<string>', 'Name' => '<string>', 'Product' => '<string>', 'ProductFamily' => '<string>', 'Release' => '<string>', 'ReleaseDate' => <DateTime>, 'Repository' => '<string>', 'Severity' => '<string>', 'Title' => '<string>', 'Vendor' => '<string>', 'Version' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- Patches
-
- Type: Array of Patch structures
An array of patches. Each entry in the array is a patch structure.
Errors
- InternalServerError:
An error occurred on the server side.
DescribeDocument
$result = $client->describeDocument
([/* ... */]); $promise = $client->describeDocumentAsync
([/* ... */]);
Describes the specified Amazon Web Services Systems Manager document (SSM document).
Parameter Syntax
$result = $client->describeDocument([ 'DocumentVersion' => '<string>', 'Name' => '<string>', // REQUIRED 'VersionName' => '<string>', ]);
Parameter Details
Members
- DocumentVersion
-
- Type: string
The document version for which you want information. Can be a specific version or the default version.
- Name
-
- Required: Yes
- Type: string
The name of the SSM document.
- VersionName
-
- Type: string
An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.
Result Syntax
[ 'Document' => [ 'ApprovedVersion' => '<string>', 'AttachmentsInformation' => [ [ 'Name' => '<string>', ], // ... ], 'Author' => '<string>', 'Category' => ['<string>', ...], 'CategoryEnum' => ['<string>', ...], 'CreatedDate' => <DateTime>, 'DefaultVersion' => '<string>', 'Description' => '<string>', 'DisplayName' => '<string>', 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup', 'DocumentVersion' => '<string>', 'Hash' => '<string>', 'HashType' => 'Sha256|Sha1', 'LatestVersion' => '<string>', 'Name' => '<string>', 'Owner' => '<string>', 'Parameters' => [ [ 'DefaultValue' => '<string>', 'Description' => '<string>', 'Name' => '<string>', 'Type' => 'String|StringList', ], // ... ], 'PendingReviewVersion' => '<string>', 'PlatformTypes' => ['<string>', ...], 'Requires' => [ [ 'Name' => '<string>', 'RequireType' => '<string>', 'Version' => '<string>', 'VersionName' => '<string>', ], // ... ], 'ReviewInformation' => [ [ 'ReviewedTime' => <DateTime>, 'Reviewer' => '<string>', 'Status' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', ], // ... ], 'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', 'SchemaVersion' => '<string>', 'Sha1' => '<string>', 'Status' => 'Creating|Active|Updating|Deleting|Failed', 'StatusInformation' => '<string>', 'Tags' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], 'TargetType' => '<string>', 'VersionName' => '<string>', ], ]
Result Details
Members
- Document
-
- Type: DocumentDescription structure
Information about the SSM document.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
DescribeDocumentPermission
$result = $client->describeDocumentPermission
([/* ... */]); $promise = $client->describeDocumentPermissionAsync
([/* ... */]);
Describes the permissions for a Amazon Web Services Systems Manager document (SSM document). If you created the document, you are the owner. If a document is shared, it can either be shared privately (by specifying a user's Amazon Web Services account ID) or publicly (All).
Parameter Syntax
$result = $client->describeDocumentPermission([ 'MaxResults' => <integer>, 'Name' => '<string>', // REQUIRED 'NextToken' => '<string>', 'PermissionType' => 'Share', // REQUIRED ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- Name
-
- Required: Yes
- Type: string
The name of the document for which you are the owner.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- PermissionType
-
- Required: Yes
- Type: string
The permission type for the document. The permission type can be Share.
Result Syntax
[ 'AccountIds' => ['<string>', ...], 'AccountSharingInfoList' => [ [ 'AccountId' => '<string>', 'SharedDocumentVersion' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AccountIds
-
- Type: Array of strings
The account IDs that have permission to use this document. The ID can be either an Amazon Web Services account or All.
- AccountSharingInfoList
-
- Type: Array of AccountSharingInfo structures
A list of Amazon Web Services accounts where the current document is shared and the version shared with each account.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidNextToken:
The specified token isn't valid.
- InvalidPermissionType:
The permission type isn't supported. Share is the only supported permission type.
- InvalidDocumentOperation:
You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.
DescribeEffectiveInstanceAssociations
$result = $client->describeEffectiveInstanceAssociations
([/* ... */]); $promise = $client->describeEffectiveInstanceAssociationsAsync
([/* ... */]);
All associations for the managed nodes.
Parameter Syntax
$result = $client->describeEffectiveInstanceAssociations([ 'InstanceId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- InstanceId
-
- Required: Yes
- Type: string
The managed node ID for which you want to view all associations.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'Associations' => [ [ 'AssociationId' => '<string>', 'AssociationVersion' => '<string>', 'Content' => '<string>', 'InstanceId' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Associations
-
- Type: Array of InstanceAssociation structures
The associations for the requested managed node.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidNextToken:
The specified token isn't valid.
DescribeEffectivePatchesForPatchBaseline
$result = $client->describeEffectivePatchesForPatchBaseline
([/* ... */]); $promise = $client->describeEffectivePatchesForPatchBaselineAsync
([/* ... */]);
Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline. Applies to patch baselines for Windows only.
Parameter Syntax
$result = $client->describeEffectivePatchesForPatchBaseline([ 'BaselineId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- BaselineId
-
- Required: Yes
- Type: string
The ID of the patch baseline to retrieve the effective patches for.
- MaxResults
-
- Type: int
The maximum number of patches to return (per page).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'EffectivePatches' => [ [ 'Patch' => [ 'AdvisoryIds' => ['<string>', ...], 'Arch' => '<string>', 'BugzillaIds' => ['<string>', ...], 'CVEIds' => ['<string>', ...], 'Classification' => '<string>', 'ContentUrl' => '<string>', 'Description' => '<string>', 'Epoch' => <integer>, 'Id' => '<string>', 'KbNumber' => '<string>', 'Language' => '<string>', 'MsrcNumber' => '<string>', 'MsrcSeverity' => '<string>', 'Name' => '<string>', 'Product' => '<string>', 'ProductFamily' => '<string>', 'Release' => '<string>', 'ReleaseDate' => <DateTime>, 'Repository' => '<string>', 'Severity' => '<string>', 'Title' => '<string>', 'Vendor' => '<string>', 'Version' => '<string>', ], 'PatchStatus' => [ 'ApprovalDate' => <DateTime>, 'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'DeploymentStatus' => 'APPROVED|PENDING_APPROVAL|EXPLICIT_APPROVED|EXPLICIT_REJECTED', ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- EffectivePatches
-
- Type: Array of EffectivePatch structures
An array of patches and patch status.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- UnsupportedOperatingSystem:
The operating systems you specified isn't supported, or the operation isn't supported for the operating system.
- InternalServerError:
An error occurred on the server side.
DescribeInstanceAssociationsStatus
$result = $client->describeInstanceAssociationsStatus
([/* ... */]); $promise = $client->describeInstanceAssociationsStatusAsync
([/* ... */]);
The status of the associations for the managed nodes.
Parameter Syntax
$result = $client->describeInstanceAssociationsStatus([ 'InstanceId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- InstanceId
-
- Required: Yes
- Type: string
The managed node IDs for which you want association status information.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'InstanceAssociationStatusInfos' => [ [ 'AssociationId' => '<string>', 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'DetailedStatus' => '<string>', 'DocumentVersion' => '<string>', 'ErrorCode' => '<string>', 'ExecutionDate' => <DateTime>, 'ExecutionSummary' => '<string>', 'InstanceId' => '<string>', 'Name' => '<string>', 'OutputUrl' => [ 'S3OutputUrl' => [ 'OutputUrl' => '<string>', ], ], 'Status' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- InstanceAssociationStatusInfos
-
- Type: Array of InstanceAssociationStatusInfo structures
Status information about the association.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidNextToken:
The specified token isn't valid.
DescribeInstanceInformation
$result = $client->describeInstanceInformation
([/* ... */]); $promise = $client->describeInstanceInformationAsync
([/* ... */]);
Provides information about one or more of your managed nodes, including the operating system platform, SSM Agent version, association status, and IP address. This operation does not return information for nodes that are either Stopped or Terminated.
If you specify one or more node IDs, the operation returns information for those managed nodes. If you don't specify node IDs, it returns information for all your managed nodes. If you specify a node ID that isn't valid or a node that you don't own, you receive an error.
The IamRole
field returned for this API operation is the role assigned to an Amazon EC2 instance configured with a Systems Manager Quick Setup host management configuration or the role assigned to an on-premises managed node.
Parameter Syntax
$result = $client->describeInstanceInformation([ 'Filters' => [ [ 'Key' => '<string>', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'InstanceInformationFilterList' => [ [ 'key' => 'InstanceIds|AgentVersion|PingStatus|PlatformTypes|ActivationIds|IamRole|ResourceType|AssociationStatus', // REQUIRED 'valueSet' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of InstanceInformationStringFilter structures
One or more filters. Use a filter to return a more specific list of managed nodes. You can filter based on tags applied to your managed nodes. Tag filters can't be combined with other filter types. Use this
Filters
data type instead ofInstanceInformationFilterList
, which is deprecated. - InstanceInformationFilterList
-
- Type: Array of InstanceInformationFilter structures
This is a legacy method. We recommend that you don't use this method. Instead, use the
Filters
data type.Filters
enables you to return node information by filtering based on tags applied to managed nodes.Attempting to use
InstanceInformationFilterList
andFilters
leads to an exception error. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results. The default value is 10 items.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'InstanceInformationList' => [ [ 'ActivationId' => '<string>', 'AgentVersion' => '<string>', 'AssociationOverview' => [ 'DetailedStatus' => '<string>', 'InstanceAssociationStatusAggregatedCount' => [<integer>, ...], ], 'AssociationStatus' => '<string>', 'ComputerName' => '<string>', 'IPAddress' => '<string>', 'IamRole' => '<string>', 'InstanceId' => '<string>', 'IsLatestVersion' => true || false, 'LastAssociationExecutionDate' => <DateTime>, 'LastPingDateTime' => <DateTime>, 'LastSuccessfulAssociationExecutionDate' => <DateTime>, 'Name' => '<string>', 'PingStatus' => 'Online|ConnectionLost|Inactive', 'PlatformName' => '<string>', 'PlatformType' => 'Windows|Linux|MacOS', 'PlatformVersion' => '<string>', 'RegistrationDate' => <DateTime>, 'ResourceType' => 'ManagedInstance|EC2Instance', 'SourceId' => '<string>', 'SourceType' => 'AWS::EC2::Instance|AWS::IoT::Thing|AWS::SSM::ManagedInstance', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- InstanceInformationList
-
- Type: Array of InstanceInformation structures
The managed node information list.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidNextToken:
The specified token isn't valid.
- InvalidInstanceInformationFilterValue:
The specified filter value isn't valid.
- InvalidFilterKey:
The specified key isn't valid.
DescribeInstancePatchStates
$result = $client->describeInstancePatchStates
([/* ... */]); $promise = $client->describeInstancePatchStatesAsync
([/* ... */]);
Retrieves the high-level patch state of one or more managed nodes.
Parameter Syntax
$result = $client->describeInstancePatchStates([ 'InstanceIds' => ['<string>', ...], // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- InstanceIds
-
- Required: Yes
- Type: Array of strings
The ID of the managed node for which patch state information should be retrieved.
- MaxResults
-
- Type: int
The maximum number of managed nodes to return (per page).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'InstancePatchStates' => [ [ 'BaselineId' => '<string>', 'CriticalNonCompliantCount' => <integer>, 'FailedCount' => <integer>, 'InstallOverrideList' => '<string>', 'InstalledCount' => <integer>, 'InstalledOtherCount' => <integer>, 'InstalledPendingRebootCount' => <integer>, 'InstalledRejectedCount' => <integer>, 'InstanceId' => '<string>', 'LastNoRebootInstallOperationTime' => <DateTime>, 'MissingCount' => <integer>, 'NotApplicableCount' => <integer>, 'Operation' => 'Scan|Install', 'OperationEndTime' => <DateTime>, 'OperationStartTime' => <DateTime>, 'OtherNonCompliantCount' => <integer>, 'OwnerInformation' => '<string>', 'PatchGroup' => '<string>', 'RebootOption' => 'RebootIfNeeded|NoReboot', 'SecurityNonCompliantCount' => <integer>, 'SnapshotId' => '<string>', 'UnreportedNotApplicableCount' => <integer>, ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- InstancePatchStates
-
- Type: Array of InstancePatchState structures
The high-level patch state for the requested managed nodes.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidNextToken:
The specified token isn't valid.
DescribeInstancePatchStatesForPatchGroup
$result = $client->describeInstancePatchStatesForPatchGroup
([/* ... */]); $promise = $client->describeInstancePatchStatesForPatchGroupAsync
([/* ... */]);
Retrieves the high-level patch state for the managed nodes in the specified patch group.
Parameter Syntax
$result = $client->describeInstancePatchStatesForPatchGroup([ 'Filters' => [ [ 'Key' => '<string>', // REQUIRED 'Type' => 'Equal|NotEqual|LessThan|GreaterThan', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'PatchGroup' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of InstancePatchStateFilter structures
Each entry in the array is a structure containing:
-
Key (string between 1 and 200 characters)
-
Values (array containing a single string)
-
Type (string "Equal", "NotEqual", "LessThan", "GreaterThan")
- MaxResults
-
- Type: int
The maximum number of patches to return (per page).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- PatchGroup
-
- Required: Yes
- Type: string
The name of the patch group for which the patch state information should be retrieved.
Result Syntax
[ 'InstancePatchStates' => [ [ 'BaselineId' => '<string>', 'CriticalNonCompliantCount' => <integer>, 'FailedCount' => <integer>, 'InstallOverrideList' => '<string>', 'InstalledCount' => <integer>, 'InstalledOtherCount' => <integer>, 'InstalledPendingRebootCount' => <integer>, 'InstalledRejectedCount' => <integer>, 'InstanceId' => '<string>', 'LastNoRebootInstallOperationTime' => <DateTime>, 'MissingCount' => <integer>, 'NotApplicableCount' => <integer>, 'Operation' => 'Scan|Install', 'OperationEndTime' => <DateTime>, 'OperationStartTime' => <DateTime>, 'OtherNonCompliantCount' => <integer>, 'OwnerInformation' => '<string>', 'PatchGroup' => '<string>', 'RebootOption' => 'RebootIfNeeded|NoReboot', 'SecurityNonCompliantCount' => <integer>, 'SnapshotId' => '<string>', 'UnreportedNotApplicableCount' => <integer>, ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- InstancePatchStates
-
- Type: Array of InstancePatchState structures
The high-level patch state for the requested managed nodes.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
DescribeInstancePatches
$result = $client->describeInstancePatches
([/* ... */]); $promise = $client->describeInstancePatchesAsync
([/* ... */]);
Retrieves information about the patches on the specified managed node and their state relative to the patch baseline being used for the node.
Parameter Syntax
$result = $client->describeInstancePatches([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'InstanceId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of PatchOrchestratorFilter structures
Each element in the array is a structure containing a key-value pair.
Supported keys for
DescribeInstancePatches
include the following:-
Classification
Sample values:
Security
|SecurityUpdates
-
KBId
Sample values:
KB4480056
|java-1.7.0-openjdk.x86_64
-
Severity
Sample values:
Important
|Medium
|Low
-
State
Sample values:
Installed
|InstalledOther
|InstalledPendingReboot
For lists of all
State
values, see Understanding patch compliance state values in the Amazon Web Services Systems Manager User Guide.
- InstanceId
-
- Required: Yes
- Type: string
The ID of the managed node whose patch state information should be retrieved.
- MaxResults
-
- Type: int
The maximum number of patches to return (per page).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'NextToken' => '<string>', 'Patches' => [ [ 'CVEIds' => '<string>', 'Classification' => '<string>', 'InstalledTime' => <DateTime>, 'KBId' => '<string>', 'Severity' => '<string>', 'State' => 'INSTALLED|INSTALLED_OTHER|INSTALLED_PENDING_REBOOT|INSTALLED_REJECTED|MISSING|NOT_APPLICABLE|FAILED', 'Title' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- Patches
-
- Type: Array of PatchComplianceData structures
Each entry in the array is a structure containing:
-
Title (string)
-
KBId (string)
-
Classification (string)
-
Severity (string)
-
State (string, such as "INSTALLED" or "FAILED")
-
InstalledTime (DateTime)
-
InstalledBy (string)
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
DescribeInstanceProperties
$result = $client->describeInstanceProperties
([/* ... */]); $promise = $client->describeInstancePropertiesAsync
([/* ... */]);
An API operation used by the Systems Manager console to display information about Systems Manager managed nodes.
Parameter Syntax
$result = $client->describeInstanceProperties([ 'FiltersWithOperator' => [ [ 'Key' => '<string>', // REQUIRED 'Operator' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan', 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'InstancePropertyFilterList' => [ [ 'key' => 'InstanceIds|AgentVersion|PingStatus|PlatformTypes|DocumentName|ActivationIds|IamRole|ResourceType|AssociationStatus', // REQUIRED 'valueSet' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- FiltersWithOperator
-
- Type: Array of InstancePropertyStringFilter structures
The request filters to use with the operator.
- InstancePropertyFilterList
-
- Type: Array of InstancePropertyFilter structures
An array of instance property filters.
- MaxResults
-
- Type: int
The maximum number of items to return for the call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token provided by a previous request to use to return the next set of properties.
Result Syntax
[ 'InstanceProperties' => [ [ 'ActivationId' => '<string>', 'AgentVersion' => '<string>', 'Architecture' => '<string>', 'AssociationOverview' => [ 'DetailedStatus' => '<string>', 'InstanceAssociationStatusAggregatedCount' => [<integer>, ...], ], 'AssociationStatus' => '<string>', 'ComputerName' => '<string>', 'IPAddress' => '<string>', 'IamRole' => '<string>', 'InstanceId' => '<string>', 'InstanceRole' => '<string>', 'InstanceState' => '<string>', 'InstanceType' => '<string>', 'KeyName' => '<string>', 'LastAssociationExecutionDate' => <DateTime>, 'LastPingDateTime' => <DateTime>, 'LastSuccessfulAssociationExecutionDate' => <DateTime>, 'LaunchTime' => <DateTime>, 'Name' => '<string>', 'PingStatus' => 'Online|ConnectionLost|Inactive', 'PlatformName' => '<string>', 'PlatformType' => 'Windows|Linux|MacOS', 'PlatformVersion' => '<string>', 'RegistrationDate' => <DateTime>, 'ResourceType' => '<string>', 'SourceId' => '<string>', 'SourceType' => 'AWS::EC2::Instance|AWS::IoT::Thing|AWS::SSM::ManagedInstance', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- InstanceProperties
-
- Type: Array of InstanceProperty structures
Properties for the managed instances.
- NextToken
-
- Type: string
The token for the next set of properties to return. Use this token to get the next set of results.
Errors
- InvalidNextToken:
The specified token isn't valid.
- InvalidFilterKey:
The specified key isn't valid.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidActivationId:
The activation ID isn't valid. Verify the you entered the correct ActivationId or ActivationCode and try again.
- InvalidInstancePropertyFilterValue:
The specified filter value isn't valid.
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
DescribeInventoryDeletions
$result = $client->describeInventoryDeletions
([/* ... */]); $promise = $client->describeInventoryDeletionsAsync
([/* ... */]);
Describes a specific delete inventory operation.
Parameter Syntax
$result = $client->describeInventoryDeletions([ 'DeletionId' => '<string>', 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- DeletionId
-
- Type: string
Specify the delete inventory ID for which you want information. This ID was returned by the
DeleteInventory
operation. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'InventoryDeletions' => [ [ 'DeletionId' => '<string>', 'DeletionStartTime' => <DateTime>, 'DeletionSummary' => [ 'RemainingCount' => <integer>, 'SummaryItems' => [ [ 'Count' => <integer>, 'RemainingCount' => <integer>, 'Version' => '<string>', ], // ... ], 'TotalCount' => <integer>, ], 'LastStatus' => 'InProgress|Complete', 'LastStatusMessage' => '<string>', 'LastStatusUpdateTime' => <DateTime>, 'TypeName' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- InventoryDeletions
-
- Type: Array of InventoryDeletionStatusItem structures
A list of status items for deleted inventory.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDeletionIdException:
The ID specified for the delete operation doesn't exist or isn't valid. Verify the ID and try again.
- InvalidNextToken:
The specified token isn't valid.
DescribeMaintenanceWindowExecutionTaskInvocations
$result = $client->describeMaintenanceWindowExecutionTaskInvocations
([/* ... */]); $promise = $client->describeMaintenanceWindowExecutionTaskInvocationsAsync
([/* ... */]);
Retrieves the individual task executions (one per target) for a particular task run as part of a maintenance window execution.
Parameter Syntax
$result = $client->describeMaintenanceWindowExecutionTaskInvocations([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'TaskId' => '<string>', // REQUIRED 'WindowExecutionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of MaintenanceWindowFilter structures
Optional filters used to scope down the returned task invocations. The supported filter key is
STATUS
with the corresponding valuesPENDING
,IN_PROGRESS
,SUCCESS
,FAILED
,TIMED_OUT
,CANCELLING
, andCANCELLED
. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- TaskId
-
- Required: Yes
- Type: string
The ID of the specific task in the maintenance window task that should be retrieved.
- WindowExecutionId
-
- Required: Yes
- Type: string
The ID of the maintenance window execution the task is part of.
Result Syntax
[ 'NextToken' => '<string>', 'WindowExecutionTaskInvocationIdentities' => [ [ 'EndTime' => <DateTime>, 'ExecutionId' => '<string>', 'InvocationId' => '<string>', 'OwnerInformation' => '<string>', 'Parameters' => '<string>', 'StartTime' => <DateTime>, 'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING', 'StatusDetails' => '<string>', 'TaskExecutionId' => '<string>', 'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', 'WindowExecutionId' => '<string>', 'WindowTargetId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- WindowExecutionTaskInvocationIdentities
-
- Type: Array of MaintenanceWindowExecutionTaskInvocationIdentity structures
Information about the task invocation results per invocation.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
DescribeMaintenanceWindowExecutionTasks
$result = $client->describeMaintenanceWindowExecutionTasks
([/* ... */]); $promise = $client->describeMaintenanceWindowExecutionTasksAsync
([/* ... */]);
For a given maintenance window execution, lists the tasks that were run.
Parameter Syntax
$result = $client->describeMaintenanceWindowExecutionTasks([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'WindowExecutionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of MaintenanceWindowFilter structures
Optional filters used to scope down the returned tasks. The supported filter key is
STATUS
with the corresponding valuesPENDING
,IN_PROGRESS
,SUCCESS
,FAILED
,TIMED_OUT
,CANCELLING
, andCANCELLED
. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- WindowExecutionId
-
- Required: Yes
- Type: string
The ID of the maintenance window execution whose task executions should be retrieved.
Result Syntax
[ 'NextToken' => '<string>', 'WindowExecutionTaskIdentities' => [ [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'EndTime' => <DateTime>, 'StartTime' => <DateTime>, 'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING', 'StatusDetails' => '<string>', 'TaskArn' => '<string>', 'TaskExecutionId' => '<string>', 'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], 'WindowExecutionId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- WindowExecutionTaskIdentities
-
- Type: Array of MaintenanceWindowExecutionTaskIdentity structures
Information about the task executions.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
DescribeMaintenanceWindowExecutions
$result = $client->describeMaintenanceWindowExecutions
([/* ... */]); $promise = $client->describeMaintenanceWindowExecutionsAsync
([/* ... */]);
Lists the executions of a maintenance window. This includes information about when the maintenance window was scheduled to be active, and information about tasks registered and run with the maintenance window.
Parameter Syntax
$result = $client->describeMaintenanceWindowExecutions([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of MaintenanceWindowFilter structures
Each entry in the array is a structure containing:
-
Key. A string between 1 and 128 characters. Supported keys include
ExecutedBefore
andExecutedAfter
. -
Values. An array of strings, each between 1 and 256 characters. Supported values are date/time strings in a valid ISO 8601 date/time format, such as
2021-11-04T05:00:00Z
.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window whose executions should be retrieved.
Result Syntax
[ 'NextToken' => '<string>', 'WindowExecutions' => [ [ 'EndTime' => <DateTime>, 'StartTime' => <DateTime>, 'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING', 'StatusDetails' => '<string>', 'WindowExecutionId' => '<string>', 'WindowId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- WindowExecutions
-
- Type: Array of MaintenanceWindowExecution structures
Information about the maintenance window executions.
Errors
- InternalServerError:
An error occurred on the server side.
DescribeMaintenanceWindowSchedule
$result = $client->describeMaintenanceWindowSchedule
([/* ... */]); $promise = $client->describeMaintenanceWindowScheduleAsync
([/* ... */]);
Retrieves information about upcoming executions of a maintenance window.
Parameter Syntax
$result = $client->describeMaintenanceWindowSchedule([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ResourceType' => 'INSTANCE|RESOURCE_GROUP', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'WindowId' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of PatchOrchestratorFilter structures
Filters used to limit the range of results. For example, you can limit maintenance window executions to only those scheduled before or after a certain date and time.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- ResourceType
-
- Type: string
The type of resource you want to retrieve information about. For example,
INSTANCE
. - Targets
-
- Type: Array of Target structures
The managed node ID or key-value pair to retrieve information about.
- WindowId
-
- Type: string
The ID of the maintenance window to retrieve information about.
Result Syntax
[ 'NextToken' => '<string>', 'ScheduledWindowExecutions' => [ [ 'ExecutionTime' => '<string>', 'Name' => '<string>', 'WindowId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. (You use this token in the next call.)
- ScheduledWindowExecutions
-
- Type: Array of ScheduledWindowExecution structures
Information about maintenance window executions scheduled for the specified time range.
Errors
- InternalServerError:
An error occurred on the server side.
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
DescribeMaintenanceWindowTargets
$result = $client->describeMaintenanceWindowTargets
([/* ... */]); $promise = $client->describeMaintenanceWindowTargetsAsync
([/* ... */]);
Lists the targets registered with the maintenance window.
Parameter Syntax
$result = $client->describeMaintenanceWindowTargets([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of MaintenanceWindowFilter structures
Optional filters that can be used to narrow down the scope of the returned window targets. The supported filter keys are
Type
,WindowTargetId
, andOwnerInformation
. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window whose targets should be retrieved.
Result Syntax
[ 'NextToken' => '<string>', 'Targets' => [ [ 'Description' => '<string>', 'Name' => '<string>', 'OwnerInformation' => '<string>', 'ResourceType' => 'INSTANCE|RESOURCE_GROUP', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'WindowId' => '<string>', 'WindowTargetId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- Targets
-
- Type: Array of MaintenanceWindowTarget structures
Information about the targets in the maintenance window.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
DescribeMaintenanceWindowTasks
$result = $client->describeMaintenanceWindowTasks
([/* ... */]); $promise = $client->describeMaintenanceWindowTasksAsync
([/* ... */]);
Lists the tasks in a maintenance window.
For maintenance window tasks without a specified target, you can't supply values for --max-errors
and --max-concurrency
. Instead, the system inserts a placeholder value of 1
, which may be reported in the response to this command. These values don't affect the running of your task and can be ignored.
Parameter Syntax
$result = $client->describeMaintenanceWindowTasks([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of MaintenanceWindowFilter structures
Optional filters used to narrow down the scope of the returned tasks. The supported filter keys are
WindowTaskId
,TaskArn
,Priority
, andTaskType
. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window whose tasks should be retrieved.
Result Syntax
[ 'NextToken' => '<string>', 'Tasks' => [ [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'CutoffBehavior' => 'CONTINUE_TASK|CANCEL_TASK', 'Description' => '<string>', 'LoggingInfo' => [ 'S3BucketName' => '<string>', 'S3KeyPrefix' => '<string>', 'S3Region' => '<string>', ], 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'Priority' => <integer>, 'ServiceRoleArn' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TaskArn' => '<string>', 'TaskParameters' => [ '<MaintenanceWindowTaskParameterName>' => [ 'Values' => ['<string>', ...], ], // ... ], 'Type' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', 'WindowId' => '<string>', 'WindowTaskId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- Tasks
-
- Type: Array of MaintenanceWindowTask structures
Information about the tasks in the maintenance window.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
DescribeMaintenanceWindows
$result = $client->describeMaintenanceWindows
([/* ... */]); $promise = $client->describeMaintenanceWindowsAsync
([/* ... */]);
Retrieves the maintenance windows in an Amazon Web Services account.
Parameter Syntax
$result = $client->describeMaintenanceWindows([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of MaintenanceWindowFilter structures
Optional filters used to narrow down the scope of the returned maintenance windows. Supported filter keys are
Name
andEnabled
. For example,Name=MyMaintenanceWindow
andEnabled=True
. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'NextToken' => '<string>', 'WindowIdentities' => [ [ 'Cutoff' => <integer>, 'Description' => '<string>', 'Duration' => <integer>, 'Enabled' => true || false, 'EndDate' => '<string>', 'Name' => '<string>', 'NextExecutionTime' => '<string>', 'Schedule' => '<string>', 'ScheduleOffset' => <integer>, 'ScheduleTimezone' => '<string>', 'StartDate' => '<string>', 'WindowId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- WindowIdentities
-
- Type: Array of MaintenanceWindowIdentity structures
Information about the maintenance windows.
Errors
- InternalServerError:
An error occurred on the server side.
DescribeMaintenanceWindowsForTarget
$result = $client->describeMaintenanceWindowsForTarget
([/* ... */]); $promise = $client->describeMaintenanceWindowsForTargetAsync
([/* ... */]);
Retrieves information about the maintenance window targets or tasks that a managed node is associated with.
Parameter Syntax
$result = $client->describeMaintenanceWindowsForTarget([ 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ResourceType' => 'INSTANCE|RESOURCE_GROUP', // REQUIRED 'Targets' => [ // REQUIRED [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- ResourceType
-
- Required: Yes
- Type: string
The type of resource you want to retrieve information about. For example,
INSTANCE
. - Targets
-
- Required: Yes
- Type: Array of Target structures
The managed node ID or key-value pair to retrieve information about.
Result Syntax
[ 'NextToken' => '<string>', 'WindowIdentities' => [ [ 'Name' => '<string>', 'WindowId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. (You use this token in the next call.)
- WindowIdentities
-
- Type: Array of MaintenanceWindowIdentityForTarget structures
Information about the maintenance window targets and tasks a managed node is associated with.
Errors
- InternalServerError:
An error occurred on the server side.
DescribeOpsItems
$result = $client->describeOpsItems
([/* ... */]); $promise = $client->describeOpsItemsAsync
([/* ... */]);
Query a set of OpsItems. You must have permission in Identity and Access Management (IAM) to query a list of OpsItems. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.
Parameter Syntax
$result = $client->describeOpsItems([ 'MaxResults' => <integer>, 'NextToken' => '<string>', 'OpsItemFilters' => [ [ 'Key' => 'Status|CreatedBy|Source|Priority|Title|OpsItemId|CreatedTime|LastModifiedTime|ActualStartTime|ActualEndTime|PlannedStartTime|PlannedEndTime|OperationalData|OperationalDataKey|OperationalDataValue|ResourceId|AutomationId|Category|Severity|OpsItemType|ChangeRequestByRequesterArn|ChangeRequestByRequesterName|ChangeRequestByApproverArn|ChangeRequestByApproverName|ChangeRequestByTemplate|ChangeRequestByTargetsResourceGroup|InsightByType|AccountId', // REQUIRED 'Operator' => 'Equal|Contains|GreaterThan|LessThan', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
- OpsItemFilters
-
- Type: Array of OpsItemFilter structures
One or more filters to limit the response.
-
Key: CreatedTime
Operations: GreaterThan, LessThan
-
Key: LastModifiedBy
Operations: Contains, Equals
-
Key: LastModifiedTime
Operations: GreaterThan, LessThan
-
Key: Priority
Operations: Equals
-
Key: Source
Operations: Contains, Equals
-
Key: Status
Operations: Equals
-
Key: Title*
Operations: Equals,Contains
-
Key: OperationalData**
Operations: Equals
-
Key: OperationalDataKey
Operations: Equals
-
Key: OperationalDataValue
Operations: Equals, Contains
-
Key: OpsItemId
Operations: Equals
-
Key: ResourceId
Operations: Contains
-
Key: AutomationId
Operations: Equals
-
Key: AccountId
Operations: Equals
*The Equals operator for Title matches the first 100 characters. If you specify more than 100 characters, they system returns an error that the filter value exceeds the length limit.
**If you filter the response by using the OperationalData operator, specify a key-value pair by using the following JSON format: {"key":"key_name","value":"a_value"}
Result Syntax
[ 'NextToken' => '<string>', 'OpsItemSummaries' => [ [ 'ActualEndTime' => <DateTime>, 'ActualStartTime' => <DateTime>, 'Category' => '<string>', 'CreatedBy' => '<string>', 'CreatedTime' => <DateTime>, 'LastModifiedBy' => '<string>', 'LastModifiedTime' => <DateTime>, 'OperationalData' => [ '<OpsItemDataKey>' => [ 'Type' => 'SearchableString|String', 'Value' => '<string>', ], // ... ], 'OpsItemId' => '<string>', 'OpsItemType' => '<string>', 'PlannedEndTime' => <DateTime>, 'PlannedStartTime' => <DateTime>, 'Priority' => <integer>, 'Severity' => '<string>', 'Source' => '<string>', 'Status' => 'Open|InProgress|Resolved|Pending|TimedOut|Cancelling|Cancelled|Failed|CompletedWithSuccess|CompletedWithFailure|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|PendingApproval|Approved|Rejected|Closed', 'Title' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- OpsItemSummaries
-
- Type: Array of OpsItemSummary structures
A list of OpsItems.
Errors
- InternalServerError:
An error occurred on the server side.
DescribeParameters
$result = $client->describeParameters
([/* ... */]); $promise = $client->describeParametersAsync
([/* ... */]);
Lists the parameters in your Amazon Web Services account or the parameters shared with you when you enable the Shared option.
Request results are returned on a best-effort basis. If you specify MaxResults
in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults
. If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken
. You can specify the NextToken
in a subsequent call to get the next set of results.
If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must also update the key alias the parameter uses to reference KMS. Otherwise, DescribeParameters
retrieves whatever the original key alias was referencing.
Parameter Syntax
$result = $client->describeParameters([ 'Filters' => [ [ 'Key' => 'Name|Type|KeyId', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ParameterFilters' => [ [ 'Key' => '<string>', // REQUIRED 'Option' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'Shared' => true || false, ]);
Parameter Details
Members
- Filters
-
- Type: Array of ParametersFilter structures
This data type is deprecated. Instead, use
ParameterFilters
. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- ParameterFilters
-
- Type: Array of ParameterStringFilter structures
Filters to limit the request results.
- Shared
-
- Type: boolean
Lists parameters that are shared with you.
By default when using this option, the command returns parameters that have been shared using a standard Resource Access Manager Resource Share. In order for a parameter that was shared using the PutResourcePolicy command to be returned, the associated
RAM Resource Share Created From Policy
must have been promoted to a standard Resource Share using the RAM PromoteResourceShareCreatedFromPolicy API operation.For more information about sharing parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.
Result Syntax
[ 'NextToken' => '<string>', 'Parameters' => [ [ 'ARN' => '<string>', 'AllowedPattern' => '<string>', 'DataType' => '<string>', 'Description' => '<string>', 'KeyId' => '<string>', 'LastModifiedDate' => <DateTime>, 'LastModifiedUser' => '<string>', 'Name' => '<string>', 'Policies' => [ [ 'PolicyStatus' => '<string>', 'PolicyText' => '<string>', 'PolicyType' => '<string>', ], // ... ], 'Tier' => 'Standard|Advanced|Intelligent-Tiering', 'Type' => 'String|StringList|SecureString', 'Version' => <integer>, ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items.
- Parameters
-
- Type: Array of ParameterMetadata structures
Parameters returned by the request.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidFilterKey:
The specified key isn't valid.
- InvalidFilterOption:
The specified filter option isn't valid. Valid options are Equals and BeginsWith. For Path filter, valid options are Recursive and OneLevel.
- InvalidFilterValue:
The filter value isn't valid. Verify the value and try again.
- InvalidNextToken:
The specified token isn't valid.
DescribePatchBaselines
$result = $client->describePatchBaselines
([/* ... */]); $promise = $client->describePatchBaselinesAsync
([/* ... */]);
Lists the patch baselines in your Amazon Web Services account.
Parameter Syntax
$result = $client->describePatchBaselines([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of PatchOrchestratorFilter structures
Each element in the array is a structure containing a key-value pair.
Supported keys for
DescribePatchBaselines
include the following:-
NAME_PREFIX
Sample values:
AWS-
|My-
-
OWNER
Sample values:
AWS
|Self
-
OPERATING_SYSTEM
Sample values:
AMAZON_LINUX
|SUSE
|WINDOWS
- MaxResults
-
- Type: int
The maximum number of patch baselines to return (per page).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'BaselineIdentities' => [ [ 'BaselineDescription' => '<string>', 'BaselineId' => '<string>', 'BaselineName' => '<string>', 'DefaultBaseline' => true || false, 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- BaselineIdentities
-
- Type: Array of PatchBaselineIdentity structures
An array of
PatchBaselineIdentity
elements. - NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
DescribePatchGroupState
$result = $client->describePatchGroupState
([/* ... */]); $promise = $client->describePatchGroupStateAsync
([/* ... */]);
Returns high-level aggregated patch compliance state information for a patch group.
Parameter Syntax
$result = $client->describePatchGroupState([ 'PatchGroup' => '<string>', // REQUIRED ]);
Parameter Details
Members
- PatchGroup
-
- Required: Yes
- Type: string
The name of the patch group whose patch snapshot should be retrieved.
Result Syntax
[ 'Instances' => <integer>, 'InstancesWithCriticalNonCompliantPatches' => <integer>, 'InstancesWithFailedPatches' => <integer>, 'InstancesWithInstalledOtherPatches' => <integer>, 'InstancesWithInstalledPatches' => <integer>, 'InstancesWithInstalledPendingRebootPatches' => <integer>, 'InstancesWithInstalledRejectedPatches' => <integer>, 'InstancesWithMissingPatches' => <integer>, 'InstancesWithNotApplicablePatches' => <integer>, 'InstancesWithOtherNonCompliantPatches' => <integer>, 'InstancesWithSecurityNonCompliantPatches' => <integer>, 'InstancesWithUnreportedNotApplicablePatches' => <integer>, ]
Result Details
Members
- Instances
-
- Type: int
The number of managed nodes in the patch group.
- InstancesWithCriticalNonCompliantPatches
-
- Type: int
The number of managed nodes where patches that are specified as
Critical
for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes isNON_COMPLIANT
. - InstancesWithFailedPatches
-
- Type: int
The number of managed nodes with patches from the patch baseline that failed to install.
- InstancesWithInstalledOtherPatches
-
- Type: int
The number of managed nodes with patches installed that aren't defined in the patch baseline.
- InstancesWithInstalledPatches
-
- Type: int
The number of managed nodes with installed patches.
- InstancesWithInstalledPendingRebootPatches
-
- Type: int
The number of managed nodes with patches installed by Patch Manager that haven't been rebooted after the patch installation. The status of these managed nodes is
NON_COMPLIANT
. - InstancesWithInstalledRejectedPatches
-
- Type: int
The number of managed nodes with patches installed that are specified in a
RejectedPatches
list. Patches with a status ofINSTALLED_REJECTED
were typically installed before they were added to aRejectedPatches
list.If
ALLOW_AS_DEPENDENCY
is the specified option forRejectedPatchesAction
, the value ofInstancesWithInstalledRejectedPatches
will always be0
(zero). - InstancesWithMissingPatches
-
- Type: int
The number of managed nodes with missing patches from the patch baseline.
- InstancesWithNotApplicablePatches
-
- Type: int
The number of managed nodes with patches that aren't applicable.
- InstancesWithOtherNonCompliantPatches
-
- Type: int
The number of managed nodes with patches installed that are specified as other than
Critical
orSecurity
but aren't compliant with the patch baseline. The status of these managed nodes isNON_COMPLIANT
. - InstancesWithSecurityNonCompliantPatches
-
- Type: int
The number of managed nodes where patches that are specified as
Security
in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes isNON_COMPLIANT
. - InstancesWithUnreportedNotApplicablePatches
-
- Type: int
The number of managed nodes with
NotApplicable
patches beyond the supported limit, which aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidNextToken:
The specified token isn't valid.
DescribePatchGroups
$result = $client->describePatchGroups
([/* ... */]); $promise = $client->describePatchGroupsAsync
([/* ... */]);
Lists all patch groups that have been registered with patch baselines.
Parameter Syntax
$result = $client->describePatchGroups([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of PatchOrchestratorFilter structures
Each element in the array is a structure containing a key-value pair.
Supported keys for
DescribePatchGroups
include the following:-
NAME_PREFIX
Sample values:
AWS-
|My-
. -
OPERATING_SYSTEM
Sample values:
AMAZON_LINUX
|SUSE
|WINDOWS
- MaxResults
-
- Type: int
The maximum number of patch groups to return (per page).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'Mappings' => [ [ 'BaselineIdentity' => [ 'BaselineDescription' => '<string>', 'BaselineId' => '<string>', 'BaselineName' => '<string>', 'DefaultBaseline' => true || false, 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', ], 'PatchGroup' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Mappings
-
- Type: Array of PatchGroupPatchBaselineMapping structures
Each entry in the array contains:
-
PatchGroup
: string (between 1 and 256 characters. Regex:^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$)
-
PatchBaselineIdentity
: APatchBaselineIdentity
element.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
DescribePatchProperties
$result = $client->describePatchProperties
([/* ... */]); $promise = $client->describePatchPropertiesAsync
([/* ... */]);
Lists the properties of available patches organized by product, product family, classification, severity, and other properties of available patches. You can use the reported properties in the filters you specify in requests for operations such as CreatePatchBaseline, UpdatePatchBaseline, DescribeAvailablePatches, and DescribePatchBaselines.
The following section lists the properties that can be used in filters for each major operating system type:
- AMAZON_LINUX
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- AMAZON_LINUX_2
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- AMAZON_LINUX_2023
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- CENTOS
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- DEBIAN
-
Valid properties:
PRODUCT
|PRIORITY
- MACOS
-
Valid properties:
PRODUCT
|CLASSIFICATION
- ORACLE_LINUX
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- REDHAT_ENTERPRISE_LINUX
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- SUSE
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- UBUNTU
-
Valid properties:
PRODUCT
|PRIORITY
- WINDOWS
-
Valid properties:
PRODUCT
|PRODUCT_FAMILY
|CLASSIFICATION
|MSRC_SEVERITY
Parameter Syntax
$result = $client->describePatchProperties([ 'MaxResults' => <integer>, 'NextToken' => '<string>', 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', // REQUIRED 'PatchSet' => 'OS|APPLICATION', 'Property' => 'PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|MSRC_SEVERITY|PRIORITY|SEVERITY', // REQUIRED ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- OperatingSystem
-
- Required: Yes
- Type: string
The operating system type for which to list patches.
- PatchSet
-
- Type: string
Indicates whether to list patches for the Windows operating system or for applications released by Microsoft. Not applicable for the Linux or macOS operating systems.
- Property
-
- Required: Yes
- Type: string
The patch property for which you want to view patch details.
Result Syntax
[ 'NextToken' => '<string>', 'Properties' => [ ['<string>', ...], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. (You use this token in the next call.)
- Properties
-
- Type: Array of stringss
A list of the properties for patches matching the filter request parameters.
Errors
- InternalServerError:
An error occurred on the server side.
DescribeSessions
$result = $client->describeSessions
([/* ... */]); $promise = $client->describeSessionsAsync
([/* ... */]);
Retrieves a list of all active sessions (both connected and disconnected) or terminated sessions from the past 30 days.
Parameter Syntax
$result = $client->describeSessions([ 'Filters' => [ [ 'key' => 'InvokedAfter|InvokedBefore|Target|Owner|Status|SessionId', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'State' => 'Active|History', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of SessionFilter structures
One or more filters to limit the type of sessions returned by the request.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- State
-
- Required: Yes
- Type: string
The session status to retrieve a list of sessions for. For example, "Active".
Result Syntax
[ 'NextToken' => '<string>', 'Sessions' => [ [ 'Details' => '<string>', 'DocumentName' => '<string>', 'EndDate' => <DateTime>, 'MaxSessionDuration' => '<string>', 'OutputUrl' => [ 'CloudWatchOutputUrl' => '<string>', 'S3OutputUrl' => '<string>', ], 'Owner' => '<string>', 'Reason' => '<string>', 'SessionId' => '<string>', 'StartDate' => <DateTime>, 'Status' => 'Connected|Connecting|Disconnected|Terminated|Terminating|Failed', 'Target' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- Sessions
-
- Type: Array of Session structures
A list of sessions meeting the request parameters.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidFilterKey:
The specified key isn't valid.
- InvalidNextToken:
The specified token isn't valid.
DisassociateOpsItemRelatedItem
$result = $client->disassociateOpsItemRelatedItem
([/* ... */]); $promise = $client->disassociateOpsItemRelatedItemAsync
([/* ... */]);
Deletes the association between an OpsItem and a related item. For example, this API operation can delete an Incident Manager incident from an OpsItem. Incident Manager is a capability of Amazon Web Services Systems Manager.
Parameter Syntax
$result = $client->disassociateOpsItemRelatedItem([ 'AssociationId' => '<string>', // REQUIRED 'OpsItemId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AssociationId
-
- Required: Yes
- Type: string
The ID of the association for which you want to delete an association between the OpsItem and a related item.
- OpsItemId
-
- Required: Yes
- Type: string
The ID of the OpsItem for which you want to delete an association between the OpsItem and a related item.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemRelatedItemAssociationNotFoundException:
The association wasn't found using the parameters you specified in the call. Verify the information and try again.
- OpsItemNotFoundException:
The specified OpsItem ID doesn't exist. Verify the ID and try again.
- OpsItemInvalidParameterException:
A specified parameter argument isn't valid. Verify the available arguments and try again.
- OpsItemConflictException:
The specified OpsItem is in the process of being deleted.
GetAutomationExecution
$result = $client->getAutomationExecution
([/* ... */]); $promise = $client->getAutomationExecutionAsync
([/* ... */]);
Get detailed information about a particular Automation execution.
Parameter Syntax
$result = $client->getAutomationExecution([ 'AutomationExecutionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AutomationExecutionId
-
- Required: Yes
- Type: string
The unique identifier for an existing automation execution to examine. The execution ID is returned by StartAutomationExecution when the execution of an Automation runbook is initiated.
Result Syntax
[ 'AutomationExecution' => [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'AssociationId' => '<string>', 'AutomationExecutionId' => '<string>', 'AutomationExecutionStatus' => 'Pending|InProgress|Waiting|Success|TimedOut|Cancelling|Cancelled|Failed|PendingApproval|Approved|Rejected|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|CompletedWithSuccess|CompletedWithFailure|Exited', 'AutomationSubtype' => 'ChangeRequest', 'ChangeRequestName' => '<string>', 'CurrentAction' => '<string>', 'CurrentStepName' => '<string>', 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'ExecutedBy' => '<string>', 'ExecutionEndTime' => <DateTime>, 'ExecutionStartTime' => <DateTime>, 'FailureMessage' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Mode' => 'Auto|Interactive', 'OpsItemId' => '<string>', 'Outputs' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'ParentAutomationExecutionId' => '<string>', 'ProgressCounters' => [ 'CancelledSteps' => <integer>, 'FailedSteps' => <integer>, 'SuccessSteps' => <integer>, 'TimedOutSteps' => <integer>, 'TotalSteps' => <integer>, ], 'ResolvedTargets' => [ 'ParameterValues' => ['<string>', ...], 'Truncated' => true || false, ], 'Runbooks' => [ [ 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'TargetParameterName' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ], // ... ], 'ScheduledTime' => <DateTime>, 'StepExecutions' => [ [ 'Action' => '<string>', 'ExecutionEndTime' => <DateTime>, 'ExecutionStartTime' => <DateTime>, 'FailureDetails' => [ 'Details' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'FailureStage' => '<string>', 'FailureType' => '<string>', ], 'FailureMessage' => '<string>', 'Inputs' => ['<string>', ...], 'IsCritical' => true || false, 'IsEnd' => true || false, 'MaxAttempts' => <integer>, 'NextStep' => '<string>', 'OnFailure' => '<string>', 'Outputs' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'OverriddenParameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'ParentStepDetails' => [ 'Action' => '<string>', 'Iteration' => <integer>, 'IteratorValue' => '<string>', 'StepExecutionId' => '<string>', 'StepName' => '<string>', ], 'Response' => '<string>', 'ResponseCode' => '<string>', 'StepExecutionId' => '<string>', 'StepName' => '<string>', 'StepStatus' => 'Pending|InProgress|Waiting|Success|TimedOut|Cancelling|Cancelled|Failed|PendingApproval|Approved|Rejected|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|CompletedWithSuccess|CompletedWithFailure|Exited', 'TargetLocation' => [ 'Accounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TimeoutSeconds' => <integer>, 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], 'ValidNextSteps' => ['<string>', ...], ], // ... ], 'StepExecutionsTruncated' => true || false, 'Target' => '<string>', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'TargetParameterName' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], 'Variables' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], ], ]
Result Details
Members
- AutomationExecution
-
- Type: AutomationExecution structure
Detailed information about the current state of an automation execution.
Errors
- AutomationExecutionNotFoundException:
There is no automation execution information for the requested automation execution ID.
- InternalServerError:
An error occurred on the server side.
GetCalendarState
$result = $client->getCalendarState
([/* ... */]); $promise = $client->getCalendarStateAsync
([/* ... */]);
Gets the state of a Amazon Web Services Systems Manager change calendar at the current time or a specified time. If you specify a time, GetCalendarState
returns the state of the calendar at that specific time, and returns the next time that the change calendar state will transition. If you don't specify a time, GetCalendarState
uses the current time. Change Calendar entries have two possible states: OPEN
or CLOSED
.
If you specify more than one calendar in a request, the command returns the status of OPEN
only if all calendars in the request are open. If one or more calendars in the request are closed, the status returned is CLOSED
.
For more information about Change Calendar, a capability of Amazon Web Services Systems Manager, see Amazon Web Services Systems Manager Change Calendar in the Amazon Web Services Systems Manager User Guide.
Parameter Syntax
$result = $client->getCalendarState([ 'AtTime' => '<string>', 'CalendarNames' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- AtTime
-
- Type: string
(Optional) The specific time for which you want to get calendar state information, in ISO 8601 format. If you don't specify a value or
AtTime
, the current time is used. - CalendarNames
-
- Required: Yes
- Type: Array of strings
The names or Amazon Resource Names (ARNs) of the Systems Manager documents (SSM documents) that represent the calendar entries for which you want to get the state.
Result Syntax
[ 'AtTime' => '<string>', 'NextTransitionTime' => '<string>', 'State' => 'OPEN|CLOSED', ]
Result Details
Members
- AtTime
-
- Type: string
The time, as an ISO 8601 string, that you specified in your command. If you don't specify a time,
GetCalendarState
uses the current time. - NextTransitionTime
-
- Type: string
The time, as an ISO 8601 string, that the calendar state will change. If the current calendar state is
OPEN
,NextTransitionTime
indicates when the calendar state changes toCLOSED
, and vice-versa. - State
-
- Type: string
The state of the calendar. An
OPEN
calendar indicates that actions are allowed to proceed, and aCLOSED
calendar indicates that actions aren't allowed to proceed.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentType:
The SSM document type isn't valid. Valid document types are described in the
DocumentType
property.- UnsupportedCalendarException:
The calendar entry contained in the specified SSM document isn't supported.
GetCommandInvocation
$result = $client->getCommandInvocation
([/* ... */]); $promise = $client->getCommandInvocationAsync
([/* ... */]);
Returns detailed information about command execution for an invocation or plugin. The Run Command API follows an eventual consistency model, due to the distributed nature of the system supporting the API. This means that the result of an API command you run that affects your resources might not be immediately visible to all subsequent commands you run. You should keep this in mind when you carry out an API command that immediately follows a previous API command.
GetCommandInvocation
only gives the execution status of a plugin in a document. To get the command execution status on a specific managed node, use ListCommandInvocations. To get the command execution status across managed nodes, use ListCommands.
Parameter Syntax
$result = $client->getCommandInvocation([ 'CommandId' => '<string>', // REQUIRED 'InstanceId' => '<string>', // REQUIRED 'PluginName' => '<string>', ]);
Parameter Details
Members
- CommandId
-
- Required: Yes
- Type: string
(Required) The parent command ID of the invocation plugin.
- InstanceId
-
- Required: Yes
- Type: string
(Required) The ID of the managed node targeted by the command. A managed node can be an Amazon Elastic Compute Cloud (Amazon EC2) instance, edge device, and on-premises server or VM in your hybrid environment that is configured for Amazon Web Services Systems Manager.
- PluginName
-
- Type: string
The name of the step for which you want detailed results. If the document contains only one step, you can omit the name and details for that step. If the document contains more than one step, you must specify the name of the step for which you want to view details. Be sure to specify the name of the step, not the name of a plugin like
aws:RunShellScript
.To find the
PluginName
, check the document content and find the name of the step you want details for. Alternatively, use ListCommandInvocations with theCommandId
andDetails
parameters. ThePluginName
is theName
attribute of theCommandPlugin
object in theCommandPlugins
list.
Result Syntax
[ 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'CommandId' => '<string>', 'Comment' => '<string>', 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'ExecutionElapsedTime' => '<string>', 'ExecutionEndDateTime' => '<string>', 'ExecutionStartDateTime' => '<string>', 'InstanceId' => '<string>', 'PluginName' => '<string>', 'ResponseCode' => <integer>, 'StandardErrorContent' => '<string>', 'StandardErrorUrl' => '<string>', 'StandardOutputContent' => '<string>', 'StandardOutputUrl' => '<string>', 'Status' => 'Pending|InProgress|Delayed|Success|Cancelled|TimedOut|Failed|Cancelling', 'StatusDetails' => '<string>', ]
Result Details
Members
- CloudWatchOutputConfig
-
- Type: CloudWatchOutputConfig structure
Amazon CloudWatch Logs information where Systems Manager sent the command output.
- CommandId
-
- Type: string
The parent command ID of the invocation plugin.
- Comment
-
- Type: string
The comment text for the command.
- DocumentName
-
- Type: string
The name of the document that was run. For example,
AWS-RunShellScript
. - DocumentVersion
-
- Type: string
The Systems Manager document (SSM document) version used in the request.
- ExecutionElapsedTime
-
- Type: string
Duration since
ExecutionStartDateTime
. - ExecutionEndDateTime
-
- Type: string
The date and time the plugin finished running. Date and time are written in ISO 8601 format. For example, June 7, 2017 is represented as 2017-06-7. The following sample Amazon Web Services CLI command uses the
InvokedAfter
filter.aws ssm list-commands --filters key=InvokedAfter,value=2017-06-07T00:00:00Z
If the plugin hasn't started to run, the string is empty.
- ExecutionStartDateTime
-
- Type: string
The date and time the plugin started running. Date and time are written in ISO 8601 format. For example, June 7, 2017 is represented as 2017-06-7. The following sample Amazon Web Services CLI command uses the
InvokedBefore
filter.aws ssm list-commands --filters key=InvokedBefore,value=2017-06-07T00:00:00Z
If the plugin hasn't started to run, the string is empty.
- InstanceId
-
- Type: string
The ID of the managed node targeted by the command. A managed node can be an Amazon Elastic Compute Cloud (Amazon EC2) instance, edge device, or on-premises server or VM in your hybrid environment that is configured for Amazon Web Services Systems Manager.
- PluginName
-
- Type: string
The name of the plugin, or step name, for which details are reported. For example,
aws:RunShellScript
is a plugin. - ResponseCode
-
- Type: int
The error level response code for the plugin script. If the response code is
-1
, then the command hasn't started running on the managed node, or it wasn't received by the node. - StandardErrorContent
-
- Type: string
The first 8,000 characters written by the plugin to
stderr
. If the command hasn't finished running, then this string is empty. - StandardErrorUrl
-
- Type: string
The URL for the complete text written by the plugin to
stderr
. If the command hasn't finished running, then this string is empty. - StandardOutputContent
-
- Type: string
The first 24,000 characters written by the plugin to
stdout
. If the command hasn't finished running, ifExecutionStatus
is neither Succeeded nor Failed, then this string is empty. - StandardOutputUrl
-
- Type: string
The URL for the complete text written by the plugin to
stdout
in Amazon Simple Storage Service (Amazon S3). If an S3 bucket wasn't specified, then this string is empty. - Status
-
- Type: string
The status of this invocation plugin. This status can be different than
StatusDetails
. - StatusDetails
-
- Type: string
A detailed status of the command execution for an invocation.
StatusDetails
includes more information thanStatus
because it includes states resulting from error and concurrency control parameters.StatusDetails
can show different results thanStatus
. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide.StatusDetails
can be one of the following values:-
Pending: The command hasn't been sent to the managed node.
-
In Progress: The command has been sent to the managed node but hasn't reached a terminal state.
-
Delayed: The system attempted to send the command to the target, but the target wasn't available. The managed node might not be available because of network issues, because the node was stopped, or for similar reasons. The system will try to send the command again.
-
Success: The command or plugin ran successfully. This is a terminal state.
-
Delivery Timed Out: The command wasn't delivered to the managed node before the delivery timeout expired. Delivery timeouts don't count against the parent command's
MaxErrors
limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state. -
Execution Timed Out: The command started to run on the managed node, but the execution wasn't complete before the timeout expired. Execution timeouts count against the
MaxErrors
limit of the parent command. This is a terminal state. -
Failed: The command wasn't run successfully on the managed node. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the
MaxErrors
limit of the parent command. This is a terminal state. -
Cancelled: The command was terminated before it was completed. This is a terminal state.
-
Undeliverable: The command can't be delivered to the managed node. The node might not exist or might not be responding. Undeliverable invocations don't count against the parent command's
MaxErrors
limit and don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state. -
Terminated: The parent command exceeded its
MaxErrors
limit and subsequent command invocations were canceled by the system. This is a terminal state.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidCommandId:
The specified command ID isn't valid. Verify the ID and try again.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidPluginName:
The plugin name isn't valid.
- InvocationDoesNotExist:
The command ID and managed node ID you specified didn't match any invocations. Verify the command ID and the managed node ID and try again.
GetConnectionStatus
$result = $client->getConnectionStatus
([/* ... */]); $promise = $client->getConnectionStatusAsync
([/* ... */]);
Retrieves the Session Manager connection status for a managed node to determine whether it is running and ready to receive Session Manager connections.
Parameter Syntax
$result = $client->getConnectionStatus([ 'Target' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Target
-
- Required: Yes
- Type: string
The managed node ID.
Result Syntax
[ 'Status' => 'connected|notconnected', 'Target' => '<string>', ]
Result Details
Members
- Status
-
- Type: string
The status of the connection to the managed node.
- Target
-
- Type: string
The ID of the managed node to check connection status.
Errors
- InternalServerError:
An error occurred on the server side.
GetDefaultPatchBaseline
$result = $client->getDefaultPatchBaseline
([/* ... */]); $promise = $client->getDefaultPatchBaselineAsync
([/* ... */]);
Retrieves the default patch baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
If you don't specify an operating system value, the default patch baseline for Windows is returned.
Parameter Syntax
$result = $client->getDefaultPatchBaseline([ 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', ]);
Parameter Details
Members
- OperatingSystem
-
- Type: string
Returns the default patch baseline for the specified operating system.
Result Syntax
[ 'BaselineId' => '<string>', 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', ]
Result Details
Members
- BaselineId
-
- Type: string
The ID of the default patch baseline.
- OperatingSystem
-
- Type: string
The operating system for the returned patch baseline.
Errors
- InternalServerError:
An error occurred on the server side.
GetDeployablePatchSnapshotForInstance
$result = $client->getDeployablePatchSnapshotForInstance
([/* ... */]); $promise = $client->getDeployablePatchSnapshotForInstanceAsync
([/* ... */]);
Retrieves the current snapshot for the patch baseline the managed node uses. This API is primarily used by the AWS-RunPatchBaseline
Systems Manager document (SSM document).
If you run the command locally, such as with the Command Line Interface (CLI), the system attempts to use your local Amazon Web Services credentials and the operation fails. To avoid this, you can run the command in the Amazon Web Services Systems Manager console. Use Run Command, a capability of Amazon Web Services Systems Manager, with an SSM document that enables you to target a managed node with a script or command. For example, run the command using the AWS-RunShellScript
document or the AWS-RunPowerShellScript
document.
Parameter Syntax
$result = $client->getDeployablePatchSnapshotForInstance([ 'BaselineOverride' => [ 'ApprovalRules' => [ 'PatchRules' => [ // REQUIRED [ 'ApproveAfterDays' => <integer>, 'ApproveUntilDate' => '<string>', 'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'EnableNonSecurity' => true || false, 'PatchFilterGroup' => [ // REQUIRED 'PatchFilters' => [ // REQUIRED [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], ], ], // ... ], ], 'ApprovedPatches' => ['<string>', ...], 'ApprovedPatchesComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'ApprovedPatchesEnableNonSecurity' => true || false, 'GlobalFilters' => [ 'PatchFilters' => [ // REQUIRED [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], ], 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', 'RejectedPatches' => ['<string>', ...], 'RejectedPatchesAction' => 'ALLOW_AS_DEPENDENCY|BLOCK', 'Sources' => [ [ 'Configuration' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED 'Products' => ['<string>', ...], // REQUIRED ], // ... ], ], 'InstanceId' => '<string>', // REQUIRED 'SnapshotId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- BaselineOverride
-
- Type: BaselineOverride structure
Defines the basic information about a patch baseline override.
- InstanceId
-
- Required: Yes
- Type: string
The ID of the managed node for which the appropriate patch snapshot should be retrieved.
- SnapshotId
-
- Required: Yes
- Type: string
The snapshot ID provided by the user when running
AWS-RunPatchBaseline
.
Result Syntax
[ 'InstanceId' => '<string>', 'Product' => '<string>', 'SnapshotDownloadUrl' => '<string>', 'SnapshotId' => '<string>', ]
Result Details
Members
- InstanceId
-
- Type: string
The managed node ID.
- Product
-
- Type: string
Returns the specific operating system (for example Windows Server 2012 or Amazon Linux 2015.09) on the managed node for the specified patch snapshot.
- SnapshotDownloadUrl
-
- Type: string
A pre-signed Amazon Simple Storage Service (Amazon S3) URL that can be used to download the patch snapshot.
- SnapshotId
-
- Type: string
The user-defined snapshot ID.
Errors
- InternalServerError:
An error occurred on the server side.
- UnsupportedOperatingSystem:
The operating systems you specified isn't supported, or the operation isn't supported for the operating system.
- UnsupportedFeatureRequiredException:
Patching for applications released by Microsoft is only available on EC2 instances and advanced instances. To patch applications released by Microsoft on on-premises servers and VMs, you must enable advanced instances. For more information, see Turning on the advanced-instances tier in the Amazon Web Services Systems Manager User Guide.
GetDocument
$result = $client->getDocument
([/* ... */]); $promise = $client->getDocumentAsync
([/* ... */]);
Gets the contents of the specified Amazon Web Services Systems Manager document (SSM document).
Parameter Syntax
$result = $client->getDocument([ 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentVersion' => '<string>', 'Name' => '<string>', // REQUIRED 'VersionName' => '<string>', ]);
Parameter Details
Members
- DocumentFormat
-
- Type: string
Returns the document in the specified format. The document format can be either JSON or YAML. JSON is the default format.
- DocumentVersion
-
- Type: string
The document version for which you want information.
- Name
-
- Required: Yes
- Type: string
The name of the SSM document.
- VersionName
-
- Type: string
An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document and can't be changed.
Result Syntax
[ 'AttachmentsContent' => [ [ 'Hash' => '<string>', 'HashType' => 'Sha256', 'Name' => '<string>', 'Size' => <integer>, 'Url' => '<string>', ], // ... ], 'Content' => '<string>', 'CreatedDate' => <DateTime>, 'DisplayName' => '<string>', 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup', 'DocumentVersion' => '<string>', 'Name' => '<string>', 'Requires' => [ [ 'Name' => '<string>', 'RequireType' => '<string>', 'Version' => '<string>', 'VersionName' => '<string>', ], // ... ], 'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', 'Status' => 'Creating|Active|Updating|Deleting|Failed', 'StatusInformation' => '<string>', 'VersionName' => '<string>', ]
Result Details
Members
- AttachmentsContent
-
- Type: Array of AttachmentContent structures
A description of the document attachments, including names, locations, sizes, and so on.
- Content
-
- Type: string
The contents of the SSM document.
- CreatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the SSM document was created.
- DisplayName
-
- Type: string
The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.
- DocumentFormat
-
- Type: string
The document format, either JSON or YAML.
- DocumentType
-
- Type: string
The document type.
- DocumentVersion
-
- Type: string
The document version.
- Name
-
- Type: string
The name of the SSM document.
- Requires
-
- Type: Array of DocumentRequires structures
A list of SSM documents required by a document. For example, an
ApplicationConfiguration
document requires anApplicationConfigurationSchema
document. - ReviewStatus
-
- Type: string
The current review status of a new custom Systems Manager document (SSM document) created by a member of your organization, or of the latest version of an existing SSM document.
Only one version of an SSM document can be in the APPROVED state at a time. When a new version is approved, the status of the previous version changes to REJECTED.
Only one version of an SSM document can be in review, or PENDING, at a time.
- Status
-
- Type: string
The status of the SSM document, such as
Creating
,Active
,Updating
,Failed
, andDeleting
. - StatusInformation
-
- Type: string
A message returned by Amazon Web Services Systems Manager that explains the
Status
value. For example, aFailed
status might be explained by theStatusInformation
message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct." - VersionName
-
- Type: string
The version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
GetInventory
$result = $client->getInventory
([/* ... */]); $promise = $client->getInventoryAsync
([/* ... */]);
Query inventory information. This includes managed node status, such as Stopped
or Terminated
.
Parameter Syntax
$result = $client->getInventory([ 'Aggregators' => [ [ 'Aggregators' => [...], // RECURSIVE 'Expression' => '<string>', 'Groups' => [ [ 'Filters' => [ // REQUIRED [ 'Key' => '<string>', // REQUIRED 'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists', 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'Name' => '<string>', // REQUIRED ], // ... ], ], // ... ], 'Filters' => [ [ 'Key' => '<string>', // REQUIRED 'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists', 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ResultAttributes' => [ [ 'TypeName' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- Aggregators
-
- Type: Array of InventoryAggregator structures
Returns counts of inventory types based on one or more expressions. For example, if you aggregate by using an expression that uses the
AWS:InstanceInformation.PlatformType
type, you can see a count of how many Windows and Linux managed nodes exist in your inventoried fleet. - Filters
-
- Type: Array of InventoryFilter structures
One or more filters. Use a filter to return a more specific list of results.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- ResultAttributes
-
- Type: Array of ResultAttribute structures
The list of inventory item types to return.
Result Syntax
[ 'Entities' => [ [ 'Data' => [ '<InventoryResultItemKey>' => [ 'CaptureTime' => '<string>', 'Content' => [ ['<string>', ...], // ... ], 'ContentHash' => '<string>', 'SchemaVersion' => '<string>', 'TypeName' => '<string>', ], // ... ], 'Id' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Entities
-
- Type: Array of InventoryResultEntity structures
Collection of inventory entities such as a collection of managed node inventory.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidInventoryGroupException:
The specified inventory group isn't valid.
- InvalidNextToken:
The specified token isn't valid.
- InvalidTypeNameException:
The parameter type name isn't valid.
- InvalidAggregatorException:
The specified aggregator isn't valid for inventory groups. Verify that the aggregator uses a valid inventory type such as
AWS:Application
orAWS:InstanceInformation
.- InvalidResultAttributeException:
The specified inventory item result attribute isn't valid.
GetInventorySchema
$result = $client->getInventorySchema
([/* ... */]); $promise = $client->getInventorySchemaAsync
([/* ... */]);
Return a list of inventory type names for the account, or return a list of attribute names for a specific Inventory item type.
Parameter Syntax
$result = $client->getInventorySchema([ 'Aggregator' => true || false, 'MaxResults' => <integer>, 'NextToken' => '<string>', 'SubType' => true || false, 'TypeName' => '<string>', ]);
Parameter Details
Members
- Aggregator
-
- Type: boolean
Returns inventory schemas that support aggregation. For example, this call returns the
AWS:InstanceInformation
type, because it supports aggregation based on thePlatformName
,PlatformType
, andPlatformVersion
attributes. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- SubType
-
- Type: boolean
Returns the sub-type schema for a specified inventory type.
- TypeName
-
- Type: string
The type of inventory item to return.
Result Syntax
[ 'NextToken' => '<string>', 'Schemas' => [ [ 'Attributes' => [ [ 'DataType' => 'string|number', 'Name' => '<string>', ], // ... ], 'DisplayName' => '<string>', 'TypeName' => '<string>', 'Version' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- Schemas
-
- Type: Array of InventoryItemSchema structures
Inventory schemas returned by the request.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidTypeNameException:
The parameter type name isn't valid.
- InvalidNextToken:
The specified token isn't valid.
GetMaintenanceWindow
$result = $client->getMaintenanceWindow
([/* ... */]); $promise = $client->getMaintenanceWindowAsync
([/* ... */]);
Retrieves a maintenance window.
Parameter Syntax
$result = $client->getMaintenanceWindow([ 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window for which you want to retrieve information.
Result Syntax
[ 'AllowUnassociatedTargets' => true || false, 'CreatedDate' => <DateTime>, 'Cutoff' => <integer>, 'Description' => '<string>', 'Duration' => <integer>, 'Enabled' => true || false, 'EndDate' => '<string>', 'ModifiedDate' => <DateTime>, 'Name' => '<string>', 'NextExecutionTime' => '<string>', 'Schedule' => '<string>', 'ScheduleOffset' => <integer>, 'ScheduleTimezone' => '<string>', 'StartDate' => '<string>', 'WindowId' => '<string>', ]
Result Details
Members
- AllowUnassociatedTargets
-
- Type: boolean
Whether targets must be registered with the maintenance window before tasks can be defined for those targets.
- CreatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the maintenance window was created.
- Cutoff
-
- Type: int
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
- Description
-
- Type: string
The description of the maintenance window.
- Duration
-
- Type: int
The duration of the maintenance window in hours.
- Enabled
-
- Type: boolean
Indicates whether the maintenance window is enabled.
- EndDate
-
- Type: string
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive. The maintenance window won't run after this specified time.
- ModifiedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the maintenance window was last modified.
- Name
-
- Type: string
The name of the maintenance window.
- NextExecutionTime
-
- Type: string
The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive.
- Schedule
-
- Type: string
The schedule of the maintenance window in the form of a cron or rate expression.
- ScheduleOffset
-
- Type: int
The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
- ScheduleTimezone
-
- Type: string
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
- StartDate
-
- Type: string
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. The maintenance window won't run before this specified time.
- WindowId
-
- Type: string
The ID of the created maintenance window.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
GetMaintenanceWindowExecution
$result = $client->getMaintenanceWindowExecution
([/* ... */]); $promise = $client->getMaintenanceWindowExecutionAsync
([/* ... */]);
Retrieves details about a specific a maintenance window execution.
Parameter Syntax
$result = $client->getMaintenanceWindowExecution([ 'WindowExecutionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- WindowExecutionId
-
- Required: Yes
- Type: string
The ID of the maintenance window execution that includes the task.
Result Syntax
[ 'EndTime' => <DateTime>, 'StartTime' => <DateTime>, 'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING', 'StatusDetails' => '<string>', 'TaskIds' => ['<string>', ...], 'WindowExecutionId' => '<string>', ]
Result Details
Members
- EndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the maintenance window finished running.
- StartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the maintenance window started running.
- Status
-
- Type: string
The status of the maintenance window execution.
- StatusDetails
-
- Type: string
The details explaining the status. Not available for all status values.
- TaskIds
-
- Type: Array of strings
The ID of the task executions from the maintenance window execution.
- WindowExecutionId
-
- Type: string
The ID of the maintenance window execution.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
GetMaintenanceWindowExecutionTask
$result = $client->getMaintenanceWindowExecutionTask
([/* ... */]); $promise = $client->getMaintenanceWindowExecutionTaskAsync
([/* ... */]);
Retrieves the details about a specific task run as part of a maintenance window execution.
Parameter Syntax
$result = $client->getMaintenanceWindowExecutionTask([ 'TaskId' => '<string>', // REQUIRED 'WindowExecutionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- TaskId
-
- Required: Yes
- Type: string
The ID of the specific task execution in the maintenance window task that should be retrieved.
- WindowExecutionId
-
- Required: Yes
- Type: string
The ID of the maintenance window execution that includes the task.
Result Syntax
[ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'EndTime' => <DateTime>, 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Priority' => <integer>, 'ServiceRole' => '<string>', 'StartTime' => <DateTime>, 'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING', 'StatusDetails' => '<string>', 'TaskArn' => '<string>', 'TaskExecutionId' => '<string>', 'TaskParameters' => [ [ '<MaintenanceWindowTaskParameterName>' => [ 'Values' => ['<string>', ...], ], // ... ], // ... ], 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], 'Type' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', 'WindowExecutionId' => '<string>', ]
Result Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm you applied to your maintenance window task.
- EndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the task execution completed.
- MaxConcurrency
-
- Type: string
The defined maximum number of task executions that could be run in parallel.
- MaxErrors
-
- Type: string
The defined maximum number of task execution errors allowed before scheduling of the task execution would have been stopped.
- Priority
-
- Type: int
The priority of the task.
- ServiceRole
-
- Type: string
The role that was assumed when running the task.
- StartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the task execution started.
- Status
-
- Type: string
The status of the task.
- StatusDetails
-
- Type: string
The details explaining the status. Not available for all status values.
- TaskArn
-
- Type: string
The Amazon Resource Name (ARN) of the task that ran.
- TaskExecutionId
-
- Type: string
The ID of the specific task execution in the maintenance window task that was retrieved.
- TaskParameters
-
- Type: Array of MaintenanceWindowTaskParameterValueExpression structuress
The parameters passed to the task when it was run.
TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.The map has the following format:
-
Key
: string, between 1 and 255 characters -
Value
: an array of strings, each between 1 and 255 characters
- TriggeredAlarms
-
- Type: Array of AlarmStateInformation structures
The CloudWatch alarms that were invoked by the maintenance window task.
- Type
-
- Type: string
The type of task that was run.
- WindowExecutionId
-
- Type: string
The ID of the maintenance window execution that includes the task.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
GetMaintenanceWindowExecutionTaskInvocation
$result = $client->getMaintenanceWindowExecutionTaskInvocation
([/* ... */]); $promise = $client->getMaintenanceWindowExecutionTaskInvocationAsync
([/* ... */]);
Retrieves information about a specific task running on a specific target.
Parameter Syntax
$result = $client->getMaintenanceWindowExecutionTaskInvocation([ 'InvocationId' => '<string>', // REQUIRED 'TaskId' => '<string>', // REQUIRED 'WindowExecutionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- InvocationId
-
- Required: Yes
- Type: string
The invocation ID to retrieve.
- TaskId
-
- Required: Yes
- Type: string
The ID of the specific task in the maintenance window task that should be retrieved.
- WindowExecutionId
-
- Required: Yes
- Type: string
The ID of the maintenance window execution for which the task is a part.
Result Syntax
[ 'EndTime' => <DateTime>, 'ExecutionId' => '<string>', 'InvocationId' => '<string>', 'OwnerInformation' => '<string>', 'Parameters' => '<string>', 'StartTime' => <DateTime>, 'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING', 'StatusDetails' => '<string>', 'TaskExecutionId' => '<string>', 'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', 'WindowExecutionId' => '<string>', 'WindowTargetId' => '<string>', ]
Result Details
Members
- EndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time that the task finished running on the target.
- ExecutionId
-
- Type: string
The execution ID.
- InvocationId
-
- Type: string
The invocation ID.
- OwnerInformation
-
- Type: string
User-provided value to be included in any Amazon CloudWatch Events or Amazon EventBridge events raised while running tasks for these targets in this maintenance window.
- Parameters
-
- Type: string
The parameters used at the time that the task ran.
- StartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time that the task started running on the target.
- Status
-
- Type: string
The task status for an invocation.
- StatusDetails
-
- Type: string
The details explaining the status. Details are only available for certain status values.
- TaskExecutionId
-
- Type: string
The task execution ID.
- TaskType
-
- Type: string
Retrieves the task type for a maintenance window.
- WindowExecutionId
-
- Type: string
The maintenance window execution ID.
- WindowTargetId
-
- Type: string
The maintenance window target ID.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
GetMaintenanceWindowTask
$result = $client->getMaintenanceWindowTask
([/* ... */]); $promise = $client->getMaintenanceWindowTaskAsync
([/* ... */]);
Retrieves the details of a maintenance window task.
For maintenance window tasks without a specified target, you can't supply values for --max-errors
and --max-concurrency
. Instead, the system inserts a placeholder value of 1
, which may be reported in the response to this command. These values don't affect the running of your task and can be ignored.
To retrieve a list of tasks in a maintenance window, instead use the DescribeMaintenanceWindowTasks command.
Parameter Syntax
$result = $client->getMaintenanceWindowTask([ 'WindowId' => '<string>', // REQUIRED 'WindowTaskId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- WindowId
-
- Required: Yes
- Type: string
The maintenance window ID that includes the task to retrieve.
- WindowTaskId
-
- Required: Yes
- Type: string
The maintenance window task ID to retrieve.
Result Syntax
[ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'CutoffBehavior' => 'CONTINUE_TASK|CANCEL_TASK', 'Description' => '<string>', 'LoggingInfo' => [ 'S3BucketName' => '<string>', 'S3KeyPrefix' => '<string>', 'S3Region' => '<string>', ], 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'Priority' => <integer>, 'ServiceRoleArn' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TaskArn' => '<string>', 'TaskInvocationParameters' => [ 'Automation' => [ 'DocumentVersion' => '<string>', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], ], 'Lambda' => [ 'ClientContext' => '<string>', 'Payload' => <string || resource || Psr\Http\Message\StreamInterface>, 'Qualifier' => '<string>', ], 'RunCommand' => [ 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'Comment' => '<string>', 'DocumentHash' => '<string>', 'DocumentHashType' => 'Sha256|Sha1', 'DocumentVersion' => '<string>', 'NotificationConfig' => [ 'NotificationArn' => '<string>', 'NotificationEvents' => ['<string>', ...], 'NotificationType' => 'Command|Invocation', ], 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ServiceRoleArn' => '<string>', 'TimeoutSeconds' => <integer>, ], 'StepFunctions' => [ 'Input' => '<string>', 'Name' => '<string>', ], ], 'TaskParameters' => [ '<MaintenanceWindowTaskParameterName>' => [ 'Values' => ['<string>', ...], ], // ... ], 'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', 'WindowId' => '<string>', 'WindowTaskId' => '<string>', ]
Result Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm you applied to your maintenance window task.
- CutoffBehavior
-
- Type: string
The action to take on tasks when the maintenance window cutoff time is reached.
CONTINUE_TASK
means that tasks continue to run. For Automation, Lambda, Step Functions tasks,CANCEL_TASK
means that currently running task invocations continue, but no new task invocations are started. For Run Command tasks,CANCEL_TASK
means the system attempts to stop the task by sending aCancelCommand
operation. - Description
-
- Type: string
The retrieved task description.
- LoggingInfo
-
- Type: LoggingInfo structure
The location in Amazon Simple Storage Service (Amazon S3) where the task results are logged.
LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. - MaxConcurrency
-
- Type: string
The maximum number of targets allowed to run this task in parallel.
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of
1
, which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored. - MaxErrors
-
- Type: string
The maximum number of errors allowed before the task stops being scheduled.
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of
1
, which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored. - Name
-
- Type: string
The retrieved task name.
- Priority
-
- Type: int
The priority of the task when it runs. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
- ServiceRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run
RegisterTaskWithMaintenanceWindow
.However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up maintenance windows in the in the Amazon Web Services Systems Manager User Guide.
- Targets
-
- Type: Array of Target structures
The targets where the task should run.
- TaskArn
-
- Type: string
The resource that the task used during execution. For
RUN_COMMAND
andAUTOMATION
task types, the value ofTaskArn
is the SSM document name/ARN. ForLAMBDA
tasks, the value is the function name/ARN. ForSTEP_FUNCTIONS
tasks, the value is the state machine ARN. - TaskInvocationParameters
-
- Type: MaintenanceWindowTaskInvocationParameters structure
The parameters to pass to the task when it runs.
- TaskParameters
-
- Type: Associative array of custom strings keys (MaintenanceWindowTaskParameterName) to MaintenanceWindowTaskParameterValueExpression structures
The parameters to pass to the task when it runs.
TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. - TaskType
-
- Type: string
The type of task to run.
- WindowId
-
- Type: string
The retrieved maintenance window ID.
- WindowTaskId
-
- Type: string
The retrieved maintenance window task ID.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
GetOpsItem
$result = $client->getOpsItem
([/* ... */]); $promise = $client->getOpsItemAsync
([/* ... */]);
Get information about an OpsItem by using the ID. You must have permission in Identity and Access Management (IAM) to view information about an OpsItem. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.
Parameter Syntax
$result = $client->getOpsItem([ 'OpsItemArn' => '<string>', 'OpsItemId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- OpsItemArn
-
- Type: string
The OpsItem Amazon Resource Name (ARN).
- OpsItemId
-
- Required: Yes
- Type: string
The ID of the OpsItem that you want to get.
Result Syntax
[ 'OpsItem' => [ 'ActualEndTime' => <DateTime>, 'ActualStartTime' => <DateTime>, 'Category' => '<string>', 'CreatedBy' => '<string>', 'CreatedTime' => <DateTime>, 'Description' => '<string>', 'LastModifiedBy' => '<string>', 'LastModifiedTime' => <DateTime>, 'Notifications' => [ [ 'Arn' => '<string>', ], // ... ], 'OperationalData' => [ '<OpsItemDataKey>' => [ 'Type' => 'SearchableString|String', 'Value' => '<string>', ], // ... ], 'OpsItemArn' => '<string>', 'OpsItemId' => '<string>', 'OpsItemType' => '<string>', 'PlannedEndTime' => <DateTime>, 'PlannedStartTime' => <DateTime>, 'Priority' => <integer>, 'RelatedOpsItems' => [ [ 'OpsItemId' => '<string>', ], // ... ], 'Severity' => '<string>', 'Source' => '<string>', 'Status' => 'Open|InProgress|Resolved|Pending|TimedOut|Cancelling|Cancelled|Failed|CompletedWithSuccess|CompletedWithFailure|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|PendingApproval|Approved|Rejected|Closed', 'Title' => '<string>', 'Version' => '<string>', ], ]
Result Details
Members
- OpsItem
-
- Type: OpsItem structure
The OpsItem.
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemNotFoundException:
The specified OpsItem ID doesn't exist. Verify the ID and try again.
- OpsItemAccessDeniedException:
You don't have permission to view OpsItems in the specified account. Verify that your account is configured either as a Systems Manager delegated administrator or that you are logged into the Organizations management account.
GetOpsMetadata
$result = $client->getOpsMetadata
([/* ... */]); $promise = $client->getOpsMetadataAsync
([/* ... */]);
View operational metadata related to an application in Application Manager.
Parameter Syntax
$result = $client->getOpsMetadata([ 'MaxResults' => <integer>, 'NextToken' => '<string>', 'OpsMetadataArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
- OpsMetadataArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of an OpsMetadata Object to view.
Result Syntax
[ 'Metadata' => [ '<MetadataKey>' => [ 'Value' => '<string>', ], // ... ], 'NextToken' => '<string>', 'ResourceId' => '<string>', ]
Result Details
Members
- Metadata
-
- Type: Associative array of custom strings keys (MetadataKey) to MetadataValue structures
OpsMetadata for an Application Manager application.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- ResourceId
-
- Type: string
The resource ID of the Application Manager application.
Errors
- OpsMetadataNotFoundException:
The OpsMetadata object doesn't exist.
- OpsMetadataInvalidArgumentException:
One of the arguments passed is invalid.
- InternalServerError:
An error occurred on the server side.
GetOpsSummary
$result = $client->getOpsSummary
([/* ... */]); $promise = $client->getOpsSummaryAsync
([/* ... */]);
View a summary of operations metadata (OpsData) based on specified filters and aggregators. OpsData can include information about Amazon Web Services Systems Manager OpsCenter operational workitems (OpsItems) as well as information about any Amazon Web Services resource or service configured to report OpsData to Amazon Web Services Systems Manager Explorer.
Parameter Syntax
$result = $client->getOpsSummary([ 'Aggregators' => [ [ 'AggregatorType' => '<string>', 'Aggregators' => [...], // RECURSIVE 'AttributeName' => '<string>', 'Filters' => [ [ 'Key' => '<string>', // REQUIRED 'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists', 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'TypeName' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'Filters' => [ [ 'Key' => '<string>', // REQUIRED 'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists', 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ResultAttributes' => [ [ 'TypeName' => '<string>', // REQUIRED ], // ... ], 'SyncName' => '<string>', ]);
Parameter Details
Members
- Aggregators
-
- Type: Array of OpsAggregator structures
Optional aggregators that return counts of OpsData based on one or more expressions.
- Filters
-
- Type: Array of OpsFilter structures
Optional filters used to scope down the returned OpsData.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
- ResultAttributes
-
- Type: Array of OpsResultAttribute structures
The OpsData data type to return.
- SyncName
-
- Type: string
Specify the name of a resource data sync to get.
Result Syntax
[ 'Entities' => [ [ 'Data' => [ '<OpsEntityItemKey>' => [ 'CaptureTime' => '<string>', 'Content' => [ ['<string>', ...], // ... ], ], // ... ], 'Id' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Entities
-
- Type: Array of OpsEntity structures
The list of aggregated details and filtered OpsData.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InternalServerError:
An error occurred on the server side.
- ResourceDataSyncNotFoundException:
The specified sync name wasn't found.
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
- InvalidTypeNameException:
The parameter type name isn't valid.
- InvalidAggregatorException:
The specified aggregator isn't valid for inventory groups. Verify that the aggregator uses a valid inventory type such as
AWS:Application
orAWS:InstanceInformation
.
GetParameter
$result = $client->getParameter
([/* ... */]); $promise = $client->getParameterAsync
([/* ... */]);
Get information about a single parameter by specifying the parameter name.
To get information about more than one parameter at a time, use the GetParameters operation.
Parameter Syntax
$result = $client->getParameter([ 'Name' => '<string>', // REQUIRED 'WithDecryption' => true || false, ]);
Parameter Details
Members
- Name
-
- Required: Yes
- Type: string
The name or Amazon Resource Name (ARN) of the parameter that you want to query. For parameters shared with you from another account, you must use the full ARN.
To query by parameter label, use
"Name": "name:label"
. To query by parameter version, use"Name": "name:version"
.For more information about shared parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.
- WithDecryption
-
- Type: boolean
Return decrypted values for secure string parameters. This flag is ignored for
String
andStringList
parameter types.
Result Syntax
[ 'Parameter' => [ 'ARN' => '<string>', 'DataType' => '<string>', 'LastModifiedDate' => <DateTime>, 'Name' => '<string>', 'Selector' => '<string>', 'SourceResult' => '<string>', 'Type' => 'String|StringList|SecureString', 'Value' => '<string>', 'Version' => <integer>, ], ]
Result Details
Members
- Parameter
-
- Type: Parameter structure
Information about a parameter.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidKeyId:
The query key ID isn't valid.
- ParameterNotFound:
The parameter couldn't be found. Verify the name and try again.
- ParameterVersionNotFound:
The specified parameter version wasn't found. Verify the parameter name and version, and try again.
GetParameterHistory
$result = $client->getParameterHistory
([/* ... */]); $promise = $client->getParameterHistoryAsync
([/* ... */]);
Retrieves the history of all changes to a parameter.
If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must also update the key alias the parameter uses to reference KMS. Otherwise, GetParameterHistory
retrieves whatever the original key alias was referencing.
Parameter Syntax
$result = $client->getParameterHistory([ 'MaxResults' => <integer>, 'Name' => '<string>', // REQUIRED 'NextToken' => '<string>', 'WithDecryption' => true || false, ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- Name
-
- Required: Yes
- Type: string
The name or Amazon Resource Name (ARN) of the parameter for which you want to review history. For parameters shared with you from another account, you must use the full ARN.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- WithDecryption
-
- Type: boolean
Return decrypted values for secure string parameters. This flag is ignored for
String
andStringList
parameter types.
Result Syntax
[ 'NextToken' => '<string>', 'Parameters' => [ [ 'AllowedPattern' => '<string>', 'DataType' => '<string>', 'Description' => '<string>', 'KeyId' => '<string>', 'Labels' => ['<string>', ...], 'LastModifiedDate' => <DateTime>, 'LastModifiedUser' => '<string>', 'Name' => '<string>', 'Policies' => [ [ 'PolicyStatus' => '<string>', 'PolicyText' => '<string>', 'PolicyType' => '<string>', ], // ... ], 'Tier' => 'Standard|Advanced|Intelligent-Tiering', 'Type' => 'String|StringList|SecureString', 'Value' => '<string>', 'Version' => <integer>, ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- Parameters
-
- Type: Array of ParameterHistory structures
A list of parameters returned by the request.
Errors
- InternalServerError:
An error occurred on the server side.
- ParameterNotFound:
The parameter couldn't be found. Verify the name and try again.
- InvalidNextToken:
The specified token isn't valid.
- InvalidKeyId:
The query key ID isn't valid.
GetParameters
$result = $client->getParameters
([/* ... */]); $promise = $client->getParametersAsync
([/* ... */]);
Get information about one or more parameters by specifying multiple parameter names.
To get information about a single parameter, you can use the GetParameter operation instead.
Parameter Syntax
$result = $client->getParameters([ 'Names' => ['<string>', ...], // REQUIRED 'WithDecryption' => true || false, ]);
Parameter Details
Members
- Names
-
- Required: Yes
- Type: Array of strings
The names or Amazon Resource Names (ARNs) of the parameters that you want to query. For parameters shared with you from another account, you must use the full ARNs.
To query by parameter label, use
"Name": "name:label"
. To query by parameter version, use"Name": "name:version"
.The results for
GetParameters
requests are listed in alphabetical order in query responses.For information about shared parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.
- WithDecryption
-
- Type: boolean
Return decrypted secure string value. Return decrypted values for secure string parameters. This flag is ignored for
String
andStringList
parameter types.
Result Syntax
[ 'InvalidParameters' => ['<string>', ...], 'Parameters' => [ [ 'ARN' => '<string>', 'DataType' => '<string>', 'LastModifiedDate' => <DateTime>, 'Name' => '<string>', 'Selector' => '<string>', 'SourceResult' => '<string>', 'Type' => 'String|StringList|SecureString', 'Value' => '<string>', 'Version' => <integer>, ], // ... ], ]
Result Details
Members
- InvalidParameters
-
- Type: Array of strings
A list of parameters that aren't formatted correctly or don't run during an execution.
- Parameters
-
- Type: Array of Parameter structures
A list of details for a parameter.
Errors
- InvalidKeyId:
The query key ID isn't valid.
- InternalServerError:
An error occurred on the server side.
GetParametersByPath
$result = $client->getParametersByPath
([/* ... */]); $promise = $client->getParametersByPathAsync
([/* ... */]);
Retrieve information about one or more parameters in a specific hierarchy.
Request results are returned on a best-effort basis. If you specify MaxResults
in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults
. If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken
. You can specify the NextToken
in a subsequent call to get the next set of results.
Parameter Syntax
$result = $client->getParametersByPath([ 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ParameterFilters' => [ [ 'Key' => '<string>', // REQUIRED 'Option' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'Path' => '<string>', // REQUIRED 'Recursive' => true || false, 'WithDecryption' => true || false, ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
- ParameterFilters
-
- Type: Array of ParameterStringFilter structures
Filters to limit the request results.
The following
Key
values are supported forGetParametersByPath
:Type
,KeyId
, andLabel
.The following
Key
values aren't supported forGetParametersByPath
:tag
,DataType
,Name
,Path
, andTier
. - Path
-
- Required: Yes
- Type: string
The hierarchy for the parameter. Hierarchies start with a forward slash (/). The hierarchy is the parameter name except the last part of the parameter. For the API call to succeed, the last part of the parameter name can't be in the path. A parameter name hierarchy can have a maximum of 15 levels. Here is an example of a hierarchy:
/Finance/Prod/IAD/WinServ2016/license33
- Recursive
-
- Type: boolean
Retrieve all parameters within a hierarchy.
If a user has access to a path, then the user can access all levels of that path. For example, if a user has permission to access path
/a
, then the user can also access/a/b
. Even if a user has explicitly been denied access in IAM for parameter/a/b
, they can still call the GetParametersByPath API operation recursively for/a
and view/a/b
. - WithDecryption
-
- Type: boolean
Retrieve all parameters in a hierarchy with their value decrypted.
Result Syntax
[ 'NextToken' => '<string>', 'Parameters' => [ [ 'ARN' => '<string>', 'DataType' => '<string>', 'LastModifiedDate' => <DateTime>, 'Name' => '<string>', 'Selector' => '<string>', 'SourceResult' => '<string>', 'Type' => 'String|StringList|SecureString', 'Value' => '<string>', 'Version' => <integer>, ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- Parameters
-
- Type: Array of Parameter structures
A list of parameters found in the specified hierarchy.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidFilterKey:
The specified key isn't valid.
- InvalidFilterOption:
The specified filter option isn't valid. Valid options are Equals and BeginsWith. For Path filter, valid options are Recursive and OneLevel.
- InvalidFilterValue:
The filter value isn't valid. Verify the value and try again.
- InvalidKeyId:
The query key ID isn't valid.
- InvalidNextToken:
The specified token isn't valid.
GetPatchBaseline
$result = $client->getPatchBaseline
([/* ... */]); $promise = $client->getPatchBaselineAsync
([/* ... */]);
Retrieves information about a patch baseline.
Parameter Syntax
$result = $client->getPatchBaseline([ 'BaselineId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- BaselineId
-
- Required: Yes
- Type: string
The ID of the patch baseline to retrieve.
To retrieve information about an Amazon Web Services managed patch baseline, specify the full Amazon Resource Name (ARN) of the baseline. For example, for the baseline
AWS-AmazonLinuxDefaultPatchBaseline
, specifyarn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0e392de35e7c563b7
instead ofpb-0e392de35e7c563b7
.
Result Syntax
[ 'ApprovalRules' => [ 'PatchRules' => [ [ 'ApproveAfterDays' => <integer>, 'ApproveUntilDate' => '<string>', 'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'EnableNonSecurity' => true || false, 'PatchFilterGroup' => [ 'PatchFilters' => [ [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', 'Values' => ['<string>', ...], ], // ... ], ], ], // ... ], ], 'ApprovedPatches' => ['<string>', ...], 'ApprovedPatchesComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'ApprovedPatchesEnableNonSecurity' => true || false, 'BaselineId' => '<string>', 'CreatedDate' => <DateTime>, 'Description' => '<string>', 'GlobalFilters' => [ 'PatchFilters' => [ [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', 'Values' => ['<string>', ...], ], // ... ], ], 'ModifiedDate' => <DateTime>, 'Name' => '<string>', 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', 'PatchGroups' => ['<string>', ...], 'RejectedPatches' => ['<string>', ...], 'RejectedPatchesAction' => 'ALLOW_AS_DEPENDENCY|BLOCK', 'Sources' => [ [ 'Configuration' => '<string>', 'Name' => '<string>', 'Products' => ['<string>', ...], ], // ... ], ]
Result Details
Members
- ApprovalRules
-
- Type: PatchRuleGroup structure
A set of rules used to include patches in the baseline.
- ApprovedPatches
-
- Type: Array of strings
A list of explicitly approved patches for the baseline.
- ApprovedPatchesComplianceLevel
-
- Type: string
Returns the specified compliance severity level for approved patches in the patch baseline.
- ApprovedPatchesEnableNonSecurity
-
- Type: boolean
Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is
false
. Applies to Linux managed nodes only. - BaselineId
-
- Type: string
The ID of the retrieved patch baseline.
- CreatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the patch baseline was created.
- Description
-
- Type: string
A description of the patch baseline.
- GlobalFilters
-
- Type: PatchFilterGroup structure
A set of global filters used to exclude patches from the baseline.
- ModifiedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the patch baseline was last modified.
- Name
-
- Type: string
The name of the patch baseline.
- OperatingSystem
-
- Type: string
Returns the operating system specified for the patch baseline.
- PatchGroups
-
- Type: Array of strings
Patch groups included in the patch baseline.
- RejectedPatches
-
- Type: Array of strings
A list of explicitly rejected patches for the baseline.
- RejectedPatchesAction
-
- Type: string
The action specified to take on patches included in the
RejectedPatches
list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency. - Sources
-
- Type: Array of PatchSource structures
Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- InternalServerError:
An error occurred on the server side.
GetPatchBaselineForPatchGroup
$result = $client->getPatchBaselineForPatchGroup
([/* ... */]); $promise = $client->getPatchBaselineForPatchGroupAsync
([/* ... */]);
Retrieves the patch baseline that should be used for the specified patch group.
Parameter Syntax
$result = $client->getPatchBaselineForPatchGroup([ 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', 'PatchGroup' => '<string>', // REQUIRED ]);
Parameter Details
Members
- OperatingSystem
-
- Type: string
Returns the operating system rule specified for patch groups using the patch baseline.
- PatchGroup
-
- Required: Yes
- Type: string
The name of the patch group whose patch baseline should be retrieved.
Result Syntax
[ 'BaselineId' => '<string>', 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', 'PatchGroup' => '<string>', ]
Result Details
Members
- BaselineId
-
- Type: string
The ID of the patch baseline that should be used for the patch group.
- OperatingSystem
-
- Type: string
The operating system rule specified for patch groups using the patch baseline.
- PatchGroup
-
- Type: string
The name of the patch group.
Errors
- InternalServerError:
An error occurred on the server side.
GetResourcePolicies
$result = $client->getResourcePolicies
([/* ... */]); $promise = $client->getResourcePoliciesAsync
([/* ... */]);
Returns an array of the Policy
object.
Parameter Syntax
$result = $client->getResourcePolicies([ 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ResourceArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
- ResourceArn
-
- Required: Yes
- Type: string
Amazon Resource Name (ARN) of the resource to which the policies are attached.
Result Syntax
[ 'NextToken' => '<string>', 'Policies' => [ [ 'Policy' => '<string>', 'PolicyHash' => '<string>', 'PolicyId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- Policies
-
- Type: Array of GetResourcePoliciesResponseEntry structures
An array of the
Policy
object.
Errors
- InternalServerError:
An error occurred on the server side.
- ResourcePolicyInvalidParameterException:
One or more parameters specified for the call aren't valid. Verify the parameters and their values and try again.
- ResourceNotFoundException:
The specified parameter to be shared could not be found.
GetServiceSetting
$result = $client->getServiceSetting
([/* ... */]); $promise = $client->getServiceSettingAsync
([/* ... */]);
ServiceSetting
is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of false
. This means the user can't use this feature unless they change the setting to true
and intentionally opt in for a paid feature.
Services map a SettingId
object to a setting value. Amazon Web Services services teams define the default value for a SettingId
. You can't create a new SettingId
, but you can overwrite the default value if you have the ssm:UpdateServiceSetting
permission for the setting. Use the UpdateServiceSetting API operation to change the default setting. Or use the ResetServiceSetting to change the value back to the original value defined by the Amazon Web Services service team.
Query the current service setting for the Amazon Web Services account.
Parameter Syntax
$result = $client->getServiceSetting([ 'SettingId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- SettingId
-
- Required: Yes
- Type: string
The ID of the service setting to get. The setting ID can be one of the following.
-
/ssm/managed-instance/default-ec2-instance-management-role
-
/ssm/automation/customer-script-log-destination
-
/ssm/automation/customer-script-log-group-name
-
/ssm/documents/console/public-sharing-permission
-
/ssm/managed-instance/activation-tier
-
/ssm/opsinsights/opscenter
-
/ssm/parameter-store/default-parameter-tier
-
/ssm/parameter-store/high-throughput-enabled
Result Syntax
[ 'ServiceSetting' => [ 'ARN' => '<string>', 'LastModifiedDate' => <DateTime>, 'LastModifiedUser' => '<string>', 'SettingId' => '<string>', 'SettingValue' => '<string>', 'Status' => '<string>', ], ]
Result Details
Members
- ServiceSetting
-
- Type: ServiceSetting structure
The query result of the current service setting.
Errors
- InternalServerError:
An error occurred on the server side.
- ServiceSettingNotFound:
The specified service setting wasn't found. Either the service name or the setting hasn't been provisioned by the Amazon Web Services service team.
LabelParameterVersion
$result = $client->labelParameterVersion
([/* ... */]); $promise = $client->labelParameterVersionAsync
([/* ... */]);
A parameter label is a user-defined alias to help you manage different versions of a parameter. When you modify a parameter, Amazon Web Services Systems Manager automatically saves a new version and increments the version number by one. A label can help you remember the purpose of a parameter when there are multiple versions.
Parameter labels have the following requirements and restrictions.
-
A version of a parameter can have a maximum of 10 labels.
-
You can't attach the same label to different versions of the same parameter. For example, if version 1 has the label Production, then you can't attach Production to version 2.
-
You can move a label from one version of a parameter to another.
-
You can't create a label when you create a new parameter. You must attach a label to a specific version of a parameter.
-
If you no longer want to use a parameter label, then you can either delete it or move it to a different version of a parameter.
-
A label can have a maximum of 100 characters.
-
Labels can contain letters (case sensitive), numbers, periods (.), hyphens (-), or underscores (_).
-
Labels can't begin with a number, "
aws
" or "ssm
" (not case sensitive). If a label fails to meet these requirements, then the label isn't associated with a parameter and the system displays it in the list of InvalidLabels.
Parameter Syntax
$result = $client->labelParameterVersion([ 'Labels' => ['<string>', ...], // REQUIRED 'Name' => '<string>', // REQUIRED 'ParameterVersion' => <integer>, ]);
Parameter Details
Members
- Labels
-
- Required: Yes
- Type: Array of strings
One or more labels to attach to the specified parameter version.
- Name
-
- Required: Yes
- Type: string
The parameter name on which you want to attach one or more labels.
You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.
- ParameterVersion
-
- Type: long (int|float)
The specific version of the parameter on which you want to attach one or more labels. If no version is specified, the system attaches the label to the latest version.
Result Syntax
[ 'InvalidLabels' => ['<string>', ...], 'ParameterVersion' => <integer>, ]
Result Details
Members
- InvalidLabels
-
- Type: Array of strings
The label doesn't meet the requirements. For information about parameter label requirements, see Working with parameter labels in the Amazon Web Services Systems Manager User Guide.
- ParameterVersion
-
- Type: long (int|float)
The version of the parameter that has been labeled.
Errors
- InternalServerError:
An error occurred on the server side.
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
- ParameterNotFound:
The parameter couldn't be found. Verify the name and try again.
- ParameterVersionNotFound:
The specified parameter version wasn't found. Verify the parameter name and version, and try again.
- ParameterVersionLabelLimitExceeded:
A parameter version can have a maximum of ten labels.
ListAssociationVersions
$result = $client->listAssociationVersions
([/* ... */]); $promise = $client->listAssociationVersionsAsync
([/* ... */]);
Retrieves all versions of an association for a specific association ID.
Parameter Syntax
$result = $client->listAssociationVersions([ 'AssociationId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AssociationId
-
- Required: Yes
- Type: string
The association ID for which you want to view all versions.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'AssociationVersions' => [ [ 'ApplyOnlyAtCronInterval' => true || false, 'AssociationId' => '<string>', 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'CreatedDate' => <DateTime>, 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AssociationVersions
-
- Type: Array of AssociationVersionInfo structures
Information about all versions of the association for the specified association ID.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidNextToken:
The specified token isn't valid.
- AssociationDoesNotExist:
The specified association doesn't exist.
ListAssociations
$result = $client->listAssociations
([/* ... */]); $promise = $client->listAssociationsAsync
([/* ... */]);
Returns all State Manager associations in the current Amazon Web Services account and Amazon Web Services Region. You can limit the results to a specific State Manager association document or managed node by specifying a filter. State Manager is a capability of Amazon Web Services Systems Manager.
Parameter Syntax
$result = $client->listAssociations([ 'AssociationFilterList' => [ [ 'key' => 'InstanceId|Name|AssociationId|AssociationStatusName|LastExecutedBefore|LastExecutedAfter|AssociationName|ResourceGroupName', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AssociationFilterList
-
- Type: Array of AssociationFilter structures
One or more filters. Use a filter to return a more specific list of results.
Filtering associations using the
InstanceID
attribute only returns legacy associations created using theInstanceID
attribute. Associations targeting the managed node that are part of the Target AttributesResourceGroup
orTags
aren't returned. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'Associations' => [ [ 'AssociationId' => '<string>', 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'LastExecutionDate' => <DateTime>, 'Name' => '<string>', 'Overview' => [ 'AssociationStatusAggregatedCount' => [<integer>, ...], 'DetailedStatus' => '<string>', 'Status' => '<string>', ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Associations
-
- Type: Array of Association structures
The associations.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidNextToken:
The specified token isn't valid.
ListCommandInvocations
$result = $client->listCommandInvocations
([/* ... */]); $promise = $client->listCommandInvocationsAsync
([/* ... */]);
An invocation is copy of a command sent to a specific managed node. A command can apply to one or more managed nodes. A command invocation applies to one managed node. For example, if a user runs SendCommand
against three managed nodes, then a command invocation is created for each requested managed node ID. ListCommandInvocations
provide status about command execution.
Parameter Syntax
$result = $client->listCommandInvocations([ 'CommandId' => '<string>', 'Details' => true || false, 'Filters' => [ [ 'key' => 'InvokedAfter|InvokedBefore|Status|ExecutionStage|DocumentName', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'InstanceId' => '<string>', 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- CommandId
-
- Type: string
(Optional) The invocations for a specific command ID.
- Details
-
- Type: boolean
(Optional) If set this returns the response of the command executions and any command output. The default value is
false
. - Filters
-
- Type: Array of CommandFilter structures
(Optional) One or more filters. Use a filter to return a more specific list of results.
- InstanceId
-
- Type: string
(Optional) The command execution details for a specific managed node ID.
- MaxResults
-
- Type: int
(Optional) The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
(Optional) The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'CommandInvocations' => [ [ 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'CommandId' => '<string>', 'CommandPlugins' => [ [ 'Name' => '<string>', 'Output' => '<string>', 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', 'ResponseCode' => <integer>, 'ResponseFinishDateTime' => <DateTime>, 'ResponseStartDateTime' => <DateTime>, 'StandardErrorUrl' => '<string>', 'StandardOutputUrl' => '<string>', 'Status' => 'Pending|InProgress|Success|TimedOut|Cancelled|Failed', 'StatusDetails' => '<string>', ], // ... ], 'Comment' => '<string>', 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'InstanceId' => '<string>', 'InstanceName' => '<string>', 'NotificationConfig' => [ 'NotificationArn' => '<string>', 'NotificationEvents' => ['<string>', ...], 'NotificationType' => 'Command|Invocation', ], 'RequestedDateTime' => <DateTime>, 'ServiceRole' => '<string>', 'StandardErrorUrl' => '<string>', 'StandardOutputUrl' => '<string>', 'Status' => 'Pending|InProgress|Delayed|Success|Cancelled|TimedOut|Failed|Cancelling', 'StatusDetails' => '<string>', 'TraceOutput' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- CommandInvocations
-
- Type: Array of CommandInvocation structures
(Optional) A list of all invocations.
- NextToken
-
- Type: string
(Optional) The token for the next set of items to return. (You received this token from a previous call.)
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidCommandId:
The specified command ID isn't valid. Verify the ID and try again.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidFilterKey:
The specified key isn't valid.
- InvalidNextToken:
The specified token isn't valid.
ListCommands
$result = $client->listCommands
([/* ... */]); $promise = $client->listCommandsAsync
([/* ... */]);
Lists the commands requested by users of the Amazon Web Services account.
Parameter Syntax
$result = $client->listCommands([ 'CommandId' => '<string>', 'Filters' => [ [ 'key' => 'InvokedAfter|InvokedBefore|Status|ExecutionStage|DocumentName', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'InstanceId' => '<string>', 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- CommandId
-
- Type: string
(Optional) If provided, lists only the specified command.
- Filters
-
- Type: Array of CommandFilter structures
(Optional) One or more filters. Use a filter to return a more specific list of results.
- InstanceId
-
- Type: string
(Optional) Lists commands issued against this managed node ID.
You can't specify a managed node ID in the same command that you specify
Status
=Pending
. This is because the command hasn't reached the managed node yet. - MaxResults
-
- Type: int
(Optional) The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
(Optional) The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'Commands' => [ [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'CommandId' => '<string>', 'Comment' => '<string>', 'CompletedCount' => <integer>, 'DeliveryTimedOutCount' => <integer>, 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'ErrorCount' => <integer>, 'ExpiresAfter' => <DateTime>, 'InstanceIds' => ['<string>', ...], 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'NotificationConfig' => [ 'NotificationArn' => '<string>', 'NotificationEvents' => ['<string>', ...], 'NotificationType' => 'Command|Invocation', ], 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'RequestedDateTime' => <DateTime>, 'ServiceRole' => '<string>', 'Status' => 'Pending|InProgress|Success|Cancelled|Failed|TimedOut|Cancelling', 'StatusDetails' => '<string>', 'TargetCount' => <integer>, 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TimeoutSeconds' => <integer>, 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Commands
-
- Type: Array of Command structures
(Optional) The list of commands requested by the user.
- NextToken
-
- Type: string
(Optional) The token for the next set of items to return. (You received this token from a previous call.)
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidCommandId:
The specified command ID isn't valid. Verify the ID and try again.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidFilterKey:
The specified key isn't valid.
- InvalidNextToken:
The specified token isn't valid.
ListComplianceItems
$result = $client->listComplianceItems
([/* ... */]); $promise = $client->listComplianceItemsAsync
([/* ... */]);
For a specified resource ID, this API operation returns a list of compliance statuses for different resource types. Currently, you can only specify one resource ID per call. List results depend on the criteria specified in the filter.
Parameter Syntax
$result = $client->listComplianceItems([ 'Filters' => [ [ 'Key' => '<string>', 'Type' => 'EQUAL|NOT_EQUAL|BEGIN_WITH|LESS_THAN|GREATER_THAN', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ResourceIds' => ['<string>', ...], 'ResourceTypes' => ['<string>', ...], ]);
Parameter Details
Members
- Filters
-
- Type: Array of ComplianceStringFilter structures
One or more compliance filters. Use a filter to return a more specific list of results.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
- ResourceIds
-
- Type: Array of strings
The ID for the resources from which to get compliance information. Currently, you can only specify one resource ID.
- ResourceTypes
-
- Type: Array of strings
The type of resource from which to get compliance information. Currently, the only supported resource type is
ManagedInstance
.
Result Syntax
[ 'ComplianceItems' => [ [ 'ComplianceType' => '<string>', 'Details' => ['<string>', ...], 'ExecutionSummary' => [ 'ExecutionId' => '<string>', 'ExecutionTime' => <DateTime>, 'ExecutionType' => '<string>', ], 'Id' => '<string>', 'ResourceId' => '<string>', 'ResourceType' => '<string>', 'Severity' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'Status' => 'COMPLIANT|NON_COMPLIANT', 'Title' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- ComplianceItems
-
- Type: Array of ComplianceItem structures
A list of compliance information for the specified resource ID.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InvalidResourceType:
The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- InternalServerError:
An error occurred on the server side.
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
ListComplianceSummaries
$result = $client->listComplianceSummaries
([/* ... */]); $promise = $client->listComplianceSummariesAsync
([/* ... */]);
Returns a summary count of compliant and non-compliant resources for a compliance type. For example, this call can return State Manager associations, patches, or custom compliance types according to the filter criteria that you specify.
Parameter Syntax
$result = $client->listComplianceSummaries([ 'Filters' => [ [ 'Key' => '<string>', 'Type' => 'EQUAL|NOT_EQUAL|BEGIN_WITH|LESS_THAN|GREATER_THAN', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of ComplianceStringFilter structures
One or more compliance or inventory filters. Use a filter to return a more specific list of results.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. Currently, you can specify null or 50. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'ComplianceSummaryItems' => [ [ 'ComplianceType' => '<string>', 'CompliantSummary' => [ 'CompliantCount' => <integer>, 'SeveritySummary' => [ 'CriticalCount' => <integer>, 'HighCount' => <integer>, 'InformationalCount' => <integer>, 'LowCount' => <integer>, 'MediumCount' => <integer>, 'UnspecifiedCount' => <integer>, ], ], 'NonCompliantSummary' => [ 'NonCompliantCount' => <integer>, 'SeveritySummary' => [ 'CriticalCount' => <integer>, 'HighCount' => <integer>, 'InformationalCount' => <integer>, 'LowCount' => <integer>, 'MediumCount' => <integer>, 'UnspecifiedCount' => <integer>, ], ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- ComplianceSummaryItems
-
- Type: Array of ComplianceSummaryItem structures
A list of compliant and non-compliant summary counts based on compliance types. For example, this call returns State Manager associations, patches, or custom compliance types according to the filter criteria that you specified.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
- InternalServerError:
An error occurred on the server side.
ListDocumentMetadataHistory
$result = $client->listDocumentMetadataHistory
([/* ... */]); $promise = $client->listDocumentMetadataHistoryAsync
([/* ... */]);
Information about approval reviews for a version of a change template in Change Manager.
Parameter Syntax
$result = $client->listDocumentMetadataHistory([ 'DocumentVersion' => '<string>', 'MaxResults' => <integer>, 'Metadata' => 'DocumentReviews', // REQUIRED 'Name' => '<string>', // REQUIRED 'NextToken' => '<string>', ]);
Parameter Details
Members
- DocumentVersion
-
- Type: string
The version of the change template.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- Metadata
-
- Required: Yes
- Type: string
The type of data for which details are being requested. Currently, the only supported value is
DocumentReviews
. - Name
-
- Required: Yes
- Type: string
The name of the change template.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'Author' => '<string>', 'DocumentVersion' => '<string>', 'Metadata' => [ 'ReviewerResponse' => [ [ 'Comment' => [ [ 'Content' => '<string>', 'Type' => 'Comment', ], // ... ], 'CreateTime' => <DateTime>, 'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', 'Reviewer' => '<string>', 'UpdatedTime' => <DateTime>, ], // ... ], ], 'Name' => '<string>', 'NextToken' => '<string>', ]
Result Details
Members
- Author
-
- Type: string
The user ID of the person in the organization who requested the review of the change template.
- DocumentVersion
-
- Type: string
The version of the change template.
- Metadata
-
- Type: DocumentMetadataResponseInfo structure
Information about the response to the change template approval request.
- Name
-
- Type: string
The name of the change template.
- NextToken
-
- Type: string
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
- InvalidNextToken:
The specified token isn't valid.
ListDocumentVersions
$result = $client->listDocumentVersions
([/* ... */]); $promise = $client->listDocumentVersionsAsync
([/* ... */]);
List all versions for a document.
Parameter Syntax
$result = $client->listDocumentVersions([ 'MaxResults' => <integer>, 'Name' => '<string>', // REQUIRED 'NextToken' => '<string>', ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- Name
-
- Required: Yes
- Type: string
The name of the document. You can specify an Amazon Resource Name (ARN).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'DocumentVersions' => [ [ 'CreatedDate' => <DateTime>, 'DisplayName' => '<string>', 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentVersion' => '<string>', 'IsDefaultVersion' => true || false, 'Name' => '<string>', 'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', 'Status' => 'Creating|Active|Updating|Deleting|Failed', 'StatusInformation' => '<string>', 'VersionName' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- DocumentVersions
-
- Type: Array of DocumentVersionInfo structures
The document versions.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidNextToken:
The specified token isn't valid.
- InvalidDocument:
The specified SSM document doesn't exist.
ListDocuments
$result = $client->listDocuments
([/* ... */]); $promise = $client->listDocumentsAsync
([/* ... */]);
Returns all Systems Manager (SSM) documents in the current Amazon Web Services account and Amazon Web Services Region. You can limit the results of this request by using a filter.
Parameter Syntax
$result = $client->listDocuments([ 'DocumentFilterList' => [ [ 'key' => 'Name|Owner|PlatformTypes|DocumentType', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- DocumentFilterList
-
- Type: Array of DocumentFilter structures
This data type is deprecated. Instead, use
Filters
. - Filters
-
- Type: Array of DocumentKeyValuesFilter structures
One or more
DocumentKeyValuesFilter
objects. Use a filter to return a more specific list of results. For keys, you can specify one or more key-value pair tags that have been applied to a document. Other valid keys includeOwner
,Name
,PlatformTypes
,DocumentType
, andTargetType
. For example, to return documents you own useKey=Owner,Values=Self
. To specify a custom key-value pair, use the formatKey=tag:tagName,Values=valueName
.This API operation only supports filtering documents by using a single tag key and one or more tag values. For example:
Key=tag:tagName,Values=valueName1,valueName2
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'DocumentIdentifiers' => [ [ 'Author' => '<string>', 'CreatedDate' => <DateTime>, 'DisplayName' => '<string>', 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup', 'DocumentVersion' => '<string>', 'Name' => '<string>', 'Owner' => '<string>', 'PlatformTypes' => ['<string>', ...], 'Requires' => [ [ 'Name' => '<string>', 'RequireType' => '<string>', 'Version' => '<string>', 'VersionName' => '<string>', ], // ... ], 'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', 'SchemaVersion' => '<string>', 'Tags' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], 'TargetType' => '<string>', 'VersionName' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- DocumentIdentifiers
-
- Type: Array of DocumentIdentifier structures
The names of the SSM documents.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidNextToken:
The specified token isn't valid.
- InvalidFilterKey:
The specified key isn't valid.
ListInventoryEntries
$result = $client->listInventoryEntries
([/* ... */]); $promise = $client->listInventoryEntriesAsync
([/* ... */]);
A list of inventory items returned by the request.
Parameter Syntax
$result = $client->listInventoryEntries([ 'Filters' => [ [ 'Key' => '<string>', // REQUIRED 'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists', 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'InstanceId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', 'TypeName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of InventoryFilter structures
One or more filters. Use a filter to return a more specific list of results.
- InstanceId
-
- Required: Yes
- Type: string
The managed node ID for which you want inventory information.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- TypeName
-
- Required: Yes
- Type: string
The type of inventory item for which you want information.
Result Syntax
[ 'CaptureTime' => '<string>', 'Entries' => [ ['<string>', ...], // ... ], 'InstanceId' => '<string>', 'NextToken' => '<string>', 'SchemaVersion' => '<string>', 'TypeName' => '<string>', ]
Result Details
Members
- CaptureTime
-
- Type: string
The time that inventory information was collected for the managed nodes.
- Entries
-
- Type: Array of stringss
A list of inventory items on the managed nodes.
- InstanceId
-
- Type: string
The managed node ID targeted by the request to query inventory information.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- SchemaVersion
-
- Type: string
The inventory schema version used by the managed nodes.
- TypeName
-
- Type: string
The type of inventory item returned by the request.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidTypeNameException:
The parameter type name isn't valid.
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
ListOpsItemEvents
$result = $client->listOpsItemEvents
([/* ... */]); $promise = $client->listOpsItemEventsAsync
([/* ... */]);
Returns a list of all OpsItem events in the current Amazon Web Services Region and Amazon Web Services account. You can limit the results to events associated with specific OpsItems by specifying a filter.
Parameter Syntax
$result = $client->listOpsItemEvents([ 'Filters' => [ [ 'Key' => 'OpsItemId', // REQUIRED 'Operator' => 'Equal', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of OpsItemEventFilter structures
One or more OpsItem filters. Use a filter to return a more specific list of results.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'NextToken' => '<string>', 'Summaries' => [ [ 'CreatedBy' => [ 'Arn' => '<string>', ], 'CreatedTime' => <DateTime>, 'Detail' => '<string>', 'DetailType' => '<string>', 'EventId' => '<string>', 'OpsItemId' => '<string>', 'Source' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- Summaries
-
- Type: Array of OpsItemEventSummary structures
A list of event information for the specified OpsItems.
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemNotFoundException:
The specified OpsItem ID doesn't exist. Verify the ID and try again.
- OpsItemLimitExceededException:
The request caused OpsItems to exceed one or more quotas.
- OpsItemInvalidParameterException:
A specified parameter argument isn't valid. Verify the available arguments and try again.
ListOpsItemRelatedItems
$result = $client->listOpsItemRelatedItems
([/* ... */]); $promise = $client->listOpsItemRelatedItemsAsync
([/* ... */]);
Lists all related-item resources associated with a Systems Manager OpsCenter OpsItem. OpsCenter is a capability of Amazon Web Services Systems Manager.
Parameter Syntax
$result = $client->listOpsItemRelatedItems([ 'Filters' => [ [ 'Key' => 'ResourceType|AssociationId|ResourceUri', // REQUIRED 'Operator' => 'Equal', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'OpsItemId' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of OpsItemRelatedItemsFilter structures
One or more OpsItem filters. Use a filter to return a more specific list of results.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- OpsItemId
-
- Type: string
The ID of the OpsItem for which you want to list all related-item resources.
Result Syntax
[ 'NextToken' => '<string>', 'Summaries' => [ [ 'AssociationId' => '<string>', 'AssociationType' => '<string>', 'CreatedBy' => [ 'Arn' => '<string>', ], 'CreatedTime' => <DateTime>, 'LastModifiedBy' => [ 'Arn' => '<string>', ], 'LastModifiedTime' => <DateTime>, 'OpsItemId' => '<string>', 'ResourceType' => '<string>', 'ResourceUri' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- Summaries
-
- Type: Array of OpsItemRelatedItemSummary structures
A list of related-item resources for the specified OpsItem.
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemInvalidParameterException:
A specified parameter argument isn't valid. Verify the available arguments and try again.
ListOpsMetadata
$result = $client->listOpsMetadata
([/* ... */]); $promise = $client->listOpsMetadataAsync
([/* ... */]);
Amazon Web Services Systems Manager calls this API operation when displaying all Application Manager OpsMetadata objects or blobs.
Parameter Syntax
$result = $client->listOpsMetadata([ 'Filters' => [ [ 'Key' => '<string>', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of OpsMetadataFilter structures
One or more filters to limit the number of OpsMetadata objects returned by the call.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'NextToken' => '<string>', 'OpsMetadataList' => [ [ 'CreationDate' => <DateTime>, 'LastModifiedDate' => <DateTime>, 'LastModifiedUser' => '<string>', 'OpsMetadataArn' => '<string>', 'ResourceId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- OpsMetadataList
-
- Type: Array of OpsMetadata structures
Returns a list of OpsMetadata objects.
Errors
- OpsMetadataInvalidArgumentException:
One of the arguments passed is invalid.
- InternalServerError:
An error occurred on the server side.
ListResourceComplianceSummaries
$result = $client->listResourceComplianceSummaries
([/* ... */]); $promise = $client->listResourceComplianceSummariesAsync
([/* ... */]);
Returns a resource-level summary count. The summary includes information about compliant and non-compliant statuses and detailed compliance-item severity counts, according to the filter criteria you specify.
Parameter Syntax
$result = $client->listResourceComplianceSummaries([ 'Filters' => [ [ 'Key' => '<string>', 'Type' => 'EQUAL|NOT_EQUAL|BEGIN_WITH|LESS_THAN|GREATER_THAN', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of ComplianceStringFilter structures
One or more filters. Use a filter to return a more specific list of results.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'NextToken' => '<string>', 'ResourceComplianceSummaryItems' => [ [ 'ComplianceType' => '<string>', 'CompliantSummary' => [ 'CompliantCount' => <integer>, 'SeveritySummary' => [ 'CriticalCount' => <integer>, 'HighCount' => <integer>, 'InformationalCount' => <integer>, 'LowCount' => <integer>, 'MediumCount' => <integer>, 'UnspecifiedCount' => <integer>, ], ], 'ExecutionSummary' => [ 'ExecutionId' => '<string>', 'ExecutionTime' => <DateTime>, 'ExecutionType' => '<string>', ], 'NonCompliantSummary' => [ 'NonCompliantCount' => <integer>, 'SeveritySummary' => [ 'CriticalCount' => <integer>, 'HighCount' => <integer>, 'InformationalCount' => <integer>, 'LowCount' => <integer>, 'MediumCount' => <integer>, 'UnspecifiedCount' => <integer>, ], ], 'OverallSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'ResourceId' => '<string>', 'ResourceType' => '<string>', 'Status' => 'COMPLIANT|NON_COMPLIANT', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- ResourceComplianceSummaryItems
-
- Type: Array of ResourceComplianceSummaryItem structures
A summary count for specified or targeted managed nodes. Summary count includes information about compliant and non-compliant State Manager associations, patch status, or custom items according to the filter criteria that you specify.
Errors
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
- InternalServerError:
An error occurred on the server side.
ListResourceDataSync
$result = $client->listResourceDataSync
([/* ... */]); $promise = $client->listResourceDataSyncAsync
([/* ... */]);
Lists your resource data sync configurations. Includes information about the last time a sync attempted to start, the last sync status, and the last time a sync successfully completed.
The number of sync configurations might be too large to return using a single call to ListResourceDataSync
. You can limit the number of sync configurations returned by using the MaxResults
parameter. To determine whether there are more sync configurations to list, check the value of NextToken
in the output. If there are more sync configurations to list, you can request them by specifying the NextToken
returned in the call to the parameter of a subsequent call.
Parameter Syntax
$result = $client->listResourceDataSync([ 'MaxResults' => <integer>, 'NextToken' => '<string>', 'SyncType' => '<string>', ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
- SyncType
-
- Type: string
View a list of resource data syncs according to the sync type. Specify
SyncToDestination
to view resource data syncs that synchronize data to an Amazon S3 bucket. SpecifySyncFromSource
to view resource data syncs from Organizations or from multiple Amazon Web Services Regions.
Result Syntax
[ 'NextToken' => '<string>', 'ResourceDataSyncItems' => [ [ 'LastStatus' => 'Successful|Failed|InProgress', 'LastSuccessfulSyncTime' => <DateTime>, 'LastSyncStatusMessage' => '<string>', 'LastSyncTime' => <DateTime>, 'S3Destination' => [ 'AWSKMSKeyARN' => '<string>', 'BucketName' => '<string>', 'DestinationDataSharing' => [ 'DestinationDataSharingType' => '<string>', ], 'Prefix' => '<string>', 'Region' => '<string>', 'SyncFormat' => 'JsonSerDe', ], 'SyncCreatedTime' => <DateTime>, 'SyncLastModifiedTime' => <DateTime>, 'SyncName' => '<string>', 'SyncSource' => [ 'AwsOrganizationsSource' => [ 'OrganizationSourceType' => '<string>', 'OrganizationalUnits' => [ [ 'OrganizationalUnitId' => '<string>', ], // ... ], ], 'EnableAllOpsDataSources' => true || false, 'IncludeFutureRegions' => true || false, 'SourceRegions' => ['<string>', ...], 'SourceType' => '<string>', 'State' => '<string>', ], 'SyncType' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- ResourceDataSyncItems
-
- Type: Array of ResourceDataSyncItem structures
A list of your current resource data sync configurations and their statuses.
Errors
- ResourceDataSyncInvalidConfigurationException:
The specified sync configuration is invalid.
- InternalServerError:
An error occurred on the server side.
- InvalidNextToken:
The specified token isn't valid.
ListTagsForResource
$result = $client->listTagsForResource
([/* ... */]); $promise = $client->listTagsForResourceAsync
([/* ... */]);
Returns a list of the tags assigned to the specified resource.
For information about the ID format for each supported resource type, see AddTagsToResource.
Parameter Syntax
$result = $client->listTagsForResource([ 'ResourceId' => '<string>', // REQUIRED 'ResourceType' => 'Document|ManagedInstance|MaintenanceWindow|Parameter|PatchBaseline|OpsItem|OpsMetadata|Automation|Association', // REQUIRED ]);
Parameter Details
Members
- ResourceId
-
- Required: Yes
- Type: string
The resource ID for which you want to see a list of tags.
- ResourceType
-
- Required: Yes
- Type: string
Returns a list of tags for a specific resource type.
Result Syntax
[ 'TagList' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], ]
Result Details
Members
- TagList
-
- Type: Array of Tag structures
A list of tags.
Errors
- InvalidResourceType:
The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- InternalServerError:
An error occurred on the server side.
ModifyDocumentPermission
$result = $client->modifyDocumentPermission
([/* ... */]); $promise = $client->modifyDocumentPermissionAsync
([/* ... */]);
Shares a Amazon Web Services Systems Manager document (SSM document)publicly or privately. If you share a document privately, you must specify the Amazon Web Services user IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.
Parameter Syntax
$result = $client->modifyDocumentPermission([ 'AccountIdsToAdd' => ['<string>', ...], 'AccountIdsToRemove' => ['<string>', ...], 'Name' => '<string>', // REQUIRED 'PermissionType' => 'Share', // REQUIRED 'SharedDocumentVersion' => '<string>', ]);
Parameter Details
Members
- AccountIdsToAdd
-
- Type: Array of strings
The Amazon Web Services users that should have access to the document. The account IDs can either be a group of account IDs or All.
- AccountIdsToRemove
-
- Type: Array of strings
The Amazon Web Services users that should no longer have access to the document. The Amazon Web Services user can either be a group of account IDs or All. This action has a higher priority than
AccountIdsToAdd
. If you specify an ID to add and the same ID to remove, the system removes access to the document. - Name
-
- Required: Yes
- Type: string
The name of the document that you want to share.
- PermissionType
-
- Required: Yes
- Type: string
The permission type for the document. The permission type can be Share.
- SharedDocumentVersion
-
- Type: string
(Optional) The version of the document to share. If it isn't specified, the system choose the
Default
version to share.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidPermissionType:
The permission type isn't supported. Share is the only supported permission type.
- DocumentPermissionLimit:
The document can't be shared with more Amazon Web Services accounts. You can specify a maximum of 20 accounts per API operation to share a private document.
By default, you can share a private document with a maximum of 1,000 accounts and publicly share up to five documents.
If you need to increase the quota for privately or publicly shared Systems Manager documents, contact Amazon Web Services Support.
- DocumentLimitExceeded:
You can have at most 500 active SSM documents.
PutComplianceItems
$result = $client->putComplianceItems
([/* ... */]); $promise = $client->putComplianceItemsAsync
([/* ... */]);
Registers a compliance type and other compliance details on a designated resource. This operation lets you register custom compliance details with a resource. This call overwrites existing compliance information on the resource, so you must provide a full list of compliance items each time that you send the request.
ComplianceType can be one of the following:
-
ExecutionId: The execution ID when the patch, association, or custom compliance item was applied.
-
ExecutionType: Specify patch, association, or Custom:
string
. -
ExecutionTime. The time the patch, association, or custom compliance item was applied to the managed node.
-
Id: The patch, association, or custom compliance ID.
-
Title: A title.
-
Status: The status of the compliance item. For example,
approved
for patches, orFailed
for associations. -
Severity: A patch severity. For example,
Critical
. -
DocumentName: An SSM document name. For example,
AWS-RunPatchBaseline
. -
DocumentVersion: An SSM document version number. For example, 4.
-
Classification: A patch classification. For example,
security updates
. -
PatchBaselineId: A patch baseline ID.
-
PatchSeverity: A patch severity. For example,
Critical
. -
PatchState: A patch state. For example,
InstancesWithFailedPatches
. -
PatchGroup: The name of a patch group.
-
InstalledTime: The time the association, patch, or custom compliance item was applied to the resource. Specify the time by using the following format:
yyyy-MM-dd'T'HH:mm:ss'Z'
Parameter Syntax
$result = $client->putComplianceItems([ 'ComplianceType' => '<string>', // REQUIRED 'ExecutionSummary' => [ // REQUIRED 'ExecutionId' => '<string>', 'ExecutionTime' => <integer || string || DateTime>, // REQUIRED 'ExecutionType' => '<string>', ], 'ItemContentHash' => '<string>', 'Items' => [ // REQUIRED [ 'Details' => ['<string>', ...], 'Id' => '<string>', 'Severity' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', // REQUIRED 'Status' => 'COMPLIANT|NON_COMPLIANT', // REQUIRED 'Title' => '<string>', ], // ... ], 'ResourceId' => '<string>', // REQUIRED 'ResourceType' => '<string>', // REQUIRED 'UploadType' => 'COMPLETE|PARTIAL', ]);
Parameter Details
Members
- ComplianceType
-
- Required: Yes
- Type: string
Specify the compliance type. For example, specify Association (for a State Manager association), Patch, or Custom:
string
. - ExecutionSummary
-
- Required: Yes
- Type: ComplianceExecutionSummary structure
A summary of the call execution that includes an execution ID, the type of execution (for example,
Command
), and the date/time of the execution using a datetime object that is saved in the following format:yyyy-MM-dd'T'HH:mm:ss'Z'
- ItemContentHash
-
- Type: string
MD5 or SHA-256 content hash. The content hash is used to determine if existing information should be overwritten or ignored. If the content hashes match, the request to put compliance information is ignored.
- Items
-
- Required: Yes
- Type: Array of ComplianceItemEntry structures
Information about the compliance as defined by the resource type. For example, for a patch compliance type,
Items
includes information about the PatchSeverity, Classification, and so on. - ResourceId
-
- Required: Yes
- Type: string
Specify an ID for this resource. For a managed node, this is the node ID.
- ResourceType
-
- Required: Yes
- Type: string
Specify the type of resource.
ManagedInstance
is currently the only supported resource type. - UploadType
-
- Type: string
The mode for uploading compliance items. You can specify
COMPLETE
orPARTIAL
. InCOMPLETE
mode, the system overwrites all existing compliance information for the resource. You must provide a full list of compliance items each time you send the request.In
PARTIAL
mode, the system overwrites compliance information for a specific association. The association must be configured withSyncCompliance
set toMANUAL
. By default, all requests useCOMPLETE
mode.This attribute is only valid for association compliance.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidItemContentException:
One or more content items isn't valid.
- TotalSizeLimitExceededException:
The size of inventory data has exceeded the total size limit for the resource.
- ItemSizeLimitExceededException:
The inventory item size has exceeded the size limit.
- ComplianceTypeCountLimitExceededException:
You specified too many custom compliance types. You can specify a maximum of 10 different types.
- InvalidResourceType:
The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
PutInventory
$result = $client->putInventory
([/* ... */]); $promise = $client->putInventoryAsync
([/* ... */]);
Bulk update custom inventory items on one or more managed nodes. The request adds an inventory item, if it doesn't already exist, or updates an inventory item, if it does exist.
Parameter Syntax
$result = $client->putInventory([ 'InstanceId' => '<string>', // REQUIRED 'Items' => [ // REQUIRED [ 'CaptureTime' => '<string>', // REQUIRED 'Content' => [ ['<string>', ...], // ... ], 'ContentHash' => '<string>', 'Context' => ['<string>', ...], 'SchemaVersion' => '<string>', // REQUIRED 'TypeName' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- InstanceId
-
- Required: Yes
- Type: string
An managed node ID where you want to add or update inventory items.
- Items
-
- Required: Yes
- Type: Array of InventoryItem structures
The inventory items that you want to add or update on managed nodes.
Result Syntax
[ 'Message' => '<string>', ]
Result Details
Members
- Message
-
- Type: string
Information about the request.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidTypeNameException:
The parameter type name isn't valid.
- InvalidItemContentException:
One or more content items isn't valid.
- TotalSizeLimitExceededException:
The size of inventory data has exceeded the total size limit for the resource.
- ItemSizeLimitExceededException:
The inventory item size has exceeded the size limit.
- ItemContentMismatchException:
The inventory item has invalid content.
- CustomSchemaCountLimitExceededException:
You have exceeded the limit for custom schemas. Delete one or more custom schemas and try again.
- UnsupportedInventorySchemaVersionException:
Inventory item type schema version has to match supported versions in the service. Check output of GetInventorySchema to see the available schema version for each type.
- UnsupportedInventoryItemContextException:
The
Context
attribute that you specified for theInventoryItem
isn't allowed for this inventory type. You can only use theContext
attribute with inventory types likeAWS:ComplianceItem
.- InvalidInventoryItemContextException:
You specified invalid keys or values in the
Context
attribute forInventoryItem
. Verify the keys and values, and try again.- SubTypeCountLimitExceededException:
The sub-type count exceeded the limit for the inventory type.
PutParameter
$result = $client->putParameter
([/* ... */]); $promise = $client->putParameterAsync
([/* ... */]);
Add a parameter to the system.
Parameter Syntax
$result = $client->putParameter([ 'AllowedPattern' => '<string>', 'DataType' => '<string>', 'Description' => '<string>', 'KeyId' => '<string>', 'Name' => '<string>', // REQUIRED 'Overwrite' => true || false, 'Policies' => '<string>', 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'Tier' => 'Standard|Advanced|Intelligent-Tiering', 'Type' => 'String|StringList|SecureString', 'Value' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AllowedPattern
-
- Type: string
A regular expression used to validate the parameter value. For example, for String types with values restricted to numbers, you can specify the following: AllowedPattern=^\d+$
- DataType
-
- Type: string
The data type for a
String
parameter. Supported data types include plain text and Amazon Machine Image (AMI) IDs.The following data type values are supported.
-
text
-
aws:ec2:image
-
aws:ssm:integration
When you create a
String
parameter and specifyaws:ec2:image
, Amazon Web Services Systems Manager validates the parameter value is in the required format, such asami-12345abcdeEXAMPLE
, and that the specified AMI is available in your Amazon Web Services account.If the action is successful, the service sends back an HTTP 200 response which indicates a successful
PutParameter
call for all cases except for data typeaws:ec2:image
. If you callPutParameter
withaws:ec2:image
data type, a successful HTTP 200 response does not guarantee that your parameter was successfully created or updated. Theaws:ec2:image
value is validated asynchronously, and thePutParameter
call returns before the validation is complete. If you submit an invalid AMI value, the PutParameter operation will return success, but the asynchronous validation will fail and the parameter will not be created or updated. To monitor whether youraws:ec2:image
parameters are created successfully, see Setting up notifications or trigger actions based on Parameter Store events. For more information about AMI format validation , see Native parameter support for Amazon Machine Image IDs. - Description
-
- Type: string
Information about the parameter that you want to add to the system. Optional but recommended.
Don't enter personally identifiable information in this field.
- KeyId
-
- Type: string
The Key Management Service (KMS) ID that you want to use to encrypt a parameter. Use a custom key for better security. Required for parameters that use the
SecureString
data type.If you don't specify a key ID, the system uses the default key associated with your Amazon Web Services account which is not as secure as using a custom key.
-
To use a custom KMS key, choose the
SecureString
data type with theKey ID
parameter.
- Name
-
- Required: Yes
- Type: string
The fully qualified name of the parameter that you want to add to the system.
You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.
The fully qualified name includes the complete hierarchy of the parameter path and name. For parameters in a hierarchy, you must include a leading forward slash character (/) when you create or reference a parameter. For example:
/Dev/DBServer/MySQL/db-string13
Naming Constraints:
-
Parameter names are case sensitive.
-
A parameter name must be unique within an Amazon Web Services Region
-
A parameter name can't be prefixed with "
aws
" or "ssm
" (case-insensitive). -
Parameter names can include only the following symbols and letters:
a-zA-Z0-9_.-
In addition, the slash character ( / ) is used to delineate hierarchies in parameter names. For example:
/Dev/Production/East/Project-ABC/MyParameter
-
A parameter name can't include spaces.
-
Parameter hierarchies are limited to a maximum depth of fifteen levels.
For additional information about valid values for parameter names, see Creating Systems Manager parameters in the Amazon Web Services Systems Manager User Guide.
The maximum length constraint of 2048 characters listed below includes 1037 characters reserved for internal use by Systems Manager. The maximum length for a parameter name that you create is 1011 characters. This includes the characters in the ARN that precede the name you specify, such as
arn:aws:ssm:us-east-2:111122223333:parameter/
. - Overwrite
-
- Type: boolean
Overwrite an existing parameter. The default value is
false
. - Policies
-
- Type: string
One or more policies to apply to a parameter. This operation takes a JSON array. Parameter Store, a capability of Amazon Web Services Systems Manager supports the following policy types:
Expiration: This policy deletes the parameter after it expires. When you create the policy, you specify the expiration date. You can update the expiration date and time by updating the policy. Updating the parameter doesn't affect the expiration date and time. When the expiration time is reached, Parameter Store deletes the parameter.
ExpirationNotification: This policy initiates an event in Amazon CloudWatch Events that notifies you about the expiration. By using this policy, you can receive notification before or after the expiration time is reached, in units of days or hours.
NoChangeNotification: This policy initiates a CloudWatch Events event if a parameter hasn't been modified for a specified period of time. This policy type is useful when, for example, a secret needs to be changed within a period of time, but it hasn't been changed.
All existing policies are preserved until you send new policies or an empty policy. For more information about parameter policies, see Assigning parameter policies.
- Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Systems Manager parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter. In this case, you could specify the following key-value pairs:
-
Key=Resource,Value=S3bucket
-
Key=OS,Value=Windows
-
Key=ParameterType,Value=LicenseKey
To add tags to an existing Systems Manager parameter, use the AddTagsToResource operation.
- Tier
-
- Type: string
The parameter tier to assign to a parameter.
Parameter Store offers a standard tier and an advanced tier for parameters. Standard parameters have a content size limit of 4 KB and can't be configured to use parameter policies. You can create a maximum of 10,000 standard parameters for each Region in an Amazon Web Services account. Standard parameters are offered at no additional cost.
Advanced parameters have a content size limit of 8 KB and can be configured to use parameter policies. You can create a maximum of 100,000 advanced parameters for each Region in an Amazon Web Services account. Advanced parameters incur a charge. For more information, see Managing parameter tiers in the Amazon Web Services Systems Manager User Guide.
You can change a standard parameter to an advanced parameter any time. But you can't revert an advanced parameter to a standard parameter. Reverting an advanced parameter to a standard parameter would result in data loss because the system would truncate the size of the parameter from 8 KB to 4 KB. Reverting would also remove any policies attached to the parameter. Lastly, advanced parameters use a different form of encryption than standard parameters.
If you no longer need an advanced parameter, or if you no longer want to incur charges for an advanced parameter, you must delete it and recreate it as a new standard parameter.
Using the Default Tier Configuration
In
PutParameter
requests, you can specify the tier to create the parameter in. Whenever you specify a tier in the request, Parameter Store creates or updates the parameter according to that request. However, if you don't specify a tier in a request, Parameter Store assigns the tier based on the current Parameter Store default tier configuration.The default tier when you begin using Parameter Store is the standard-parameter tier. If you use the advanced-parameter tier, you can specify one of the following as the default:
-
Advanced: With this option, Parameter Store evaluates all requests as advanced parameters.
-
Intelligent-Tiering: With this option, Parameter Store evaluates each request to determine if the parameter is standard or advanced.
If the request doesn't include any options that require an advanced parameter, the parameter is created in the standard-parameter tier. If one or more options requiring an advanced parameter are included in the request, Parameter Store create a parameter in the advanced-parameter tier.
This approach helps control your parameter-related costs by always creating standard parameters unless an advanced parameter is necessary.
Options that require an advanced parameter include the following:
-
The content size of the parameter is more than 4 KB.
-
The parameter uses a parameter policy.
-
More than 10,000 parameters already exist in your Amazon Web Services account in the current Amazon Web Services Region.
For more information about configuring the default tier option, see Specifying a default parameter tier in the Amazon Web Services Systems Manager User Guide.
- Type
-
- Type: string
The type of parameter that you want to add to the system.
SecureString
isn't currently supported for CloudFormation templates.Items in a
StringList
must be separated by a comma (,). You can't use other punctuation or special character to escape items in the list. If you have a parameter value that requires a comma, then use theString
data type.Specifying a parameter type isn't required when updating a parameter. You must specify a parameter type when creating a parameter.
- Value
-
- Required: Yes
- Type: string
The parameter value that you want to add to the system. Standard parameters have a value limit of 4 KB. Advanced parameters have a value limit of 8 KB.
Parameters can't be referenced or nested in the values of other parameters. You can't include
{{}}
or{{ssm:parameter-name}}
in a parameter value.
Result Syntax
[ 'Tier' => 'Standard|Advanced|Intelligent-Tiering', 'Version' => <integer>, ]
Result Details
Members
- Tier
-
- Type: string
The tier assigned to the parameter.
- Version
-
- Type: long (int|float)
The new version number of a parameter. If you edit a parameter value, Parameter Store automatically creates a new version and assigns this new version a unique ID. You can reference a parameter version ID in API operations or in Systems Manager documents (SSM documents). By default, if you don't specify a specific version, the system returns the latest parameter value when a parameter is called.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidKeyId:
The query key ID isn't valid.
- ParameterLimitExceeded:
You have exceeded the number of parameters for this Amazon Web Services account. Delete one or more parameters and try again.
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
- ParameterAlreadyExists:
The parameter already exists. You can't create duplicate parameters.
- HierarchyLevelLimitExceededException:
A hierarchy can have a maximum of 15 levels. For more information, see Requirements and constraints for parameter names in the Amazon Web Services Systems Manager User Guide.
- HierarchyTypeMismatchException:
Parameter Store doesn't support changing a parameter type in a hierarchy. For example, you can't change a parameter from a
String
type to aSecureString
type. You must create a new, unique parameter.- InvalidAllowedPatternException:
The request doesn't meet the regular expression requirement.
- ParameterMaxVersionLimitExceeded:
Parameter Store retains the 100 most recently created versions of a parameter. After this number of versions has been created, Parameter Store deletes the oldest version when a new one is created. However, if the oldest version has a label attached to it, Parameter Store won't delete the version and instead presents this error message:
An error occurred (ParameterMaxVersionLimitExceeded) when calling the PutParameter operation: You attempted to create a new version of parameter-name by calling the PutParameter API with the overwrite flag. Version version-number, the oldest version, can't be deleted because it has a label associated with it. Move the label to another version of the parameter, and try again.
This safeguard is to prevent parameter versions with mission critical labels assigned to them from being deleted. To continue creating new parameters, first move the label from the oldest version of the parameter to a newer one for use in your operations. For information about moving parameter labels, see Move a parameter label (console) or Move a parameter label (CLI) in the Amazon Web Services Systems Manager User Guide.
- ParameterPatternMismatchException:
The parameter name isn't valid.
- UnsupportedParameterType:
The parameter type isn't supported.
- PoliciesLimitExceededException:
You specified more than the maximum number of allowed policies for the parameter. The maximum is 10.
- InvalidPolicyTypeException:
The policy type isn't supported. Parameter Store supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
- InvalidPolicyAttributeException:
A policy attribute or its value is invalid.
- IncompatiblePolicyException:
There is a conflict in the policies specified for this parameter. You can't, for example, specify two Expiration policies for a parameter. Review your policies, and try again.
PutResourcePolicy
$result = $client->putResourcePolicy
([/* ... */]); $promise = $client->putResourcePolicyAsync
([/* ... */]);
Creates or updates a Systems Manager resource policy. A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. The following resources support Systems Manager resource policies.
-
OpsItemGroup
- The resource policy forOpsItemGroup
enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems). -
Parameter
- The resource policy is used to share a parameter with other accounts using Resource Access Manager (RAM).To share a parameter, it must be in the advanced parameter tier. For information about parameter tiers, see Managing parameter tiers. For information about changing an existing standard parameter to an advanced parameter, see Changing a standard parameter to an advanced parameter.
To share a
SecureString
parameter, it must be encrypted with a customer managed key, and you must share the key separately through Key Management Service. Amazon Web Services managed keys cannot be shared. Parameters encrypted with the default Amazon Web Services managed key can be updated to use a customer managed key instead. For KMS key definitions, see KMS concepts in the Key Management Service Developer Guide.While you can share a parameter using the Systems Manager
PutResourcePolicy
operation, we recommend using Resource Access Manager (RAM) instead. This is because usingPutResourcePolicy
requires the extra step of promoting the parameter to a standard RAM Resource Share using the RAM PromoteResourceShareCreatedFromPolicy API operation. Otherwise, the parameter won't be returned by the Systems Manager DescribeParameters API operation using the--shared
option.For more information, see Sharing a parameter in the Amazon Web Services Systems Manager User Guide
Parameter Syntax
$result = $client->putResourcePolicy([ 'Policy' => '<string>', // REQUIRED 'PolicyHash' => '<string>', 'PolicyId' => '<string>', 'ResourceArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Policy
-
- Required: Yes
- Type: string
A policy you want to associate with a resource.
- PolicyHash
-
- Type: string
ID of the current policy version. The hash helps to prevent a situation where multiple users attempt to overwrite a policy. You must provide this hash when updating or deleting a policy.
- PolicyId
-
- Type: string
The policy ID.
- ResourceArn
-
- Required: Yes
- Type: string
Amazon Resource Name (ARN) of the resource to which you want to attach a policy.
Result Syntax
[ 'PolicyHash' => '<string>', 'PolicyId' => '<string>', ]
Result Details
Members
- PolicyHash
-
- Type: string
ID of the current policy version.
- PolicyId
-
- Type: string
The policy ID. To update a policy, you must specify
PolicyId
andPolicyHash
.
Errors
- InternalServerError:
An error occurred on the server side.
- ResourcePolicyInvalidParameterException:
One or more parameters specified for the call aren't valid. Verify the parameters and their values and try again.
- ResourcePolicyLimitExceededException:
The PutResourcePolicy API action enforces two limits. A policy can't be greater than 1024 bytes in size. And only one policy can be attached to
OpsItemGroup
. Verify these limits and try again.- ResourcePolicyConflictException:
The hash provided in the call doesn't match the stored hash. This exception is thrown when trying to update an obsolete policy version or when multiple requests to update a policy are sent.
- ResourceNotFoundException:
The specified parameter to be shared could not be found.
- MalformedResourcePolicyDocumentException:
The specified policy document is malformed or invalid, or excessive
PutResourcePolicy
orDeleteResourcePolicy
calls have been made.- ResourcePolicyNotFoundException:
No policies with the specified policy ID and hash could be found.
RegisterDefaultPatchBaseline
$result = $client->registerDefaultPatchBaseline
([/* ... */]); $promise = $client->registerDefaultPatchBaselineAsync
([/* ... */]);
Defines the default patch baseline for the relevant operating system.
To reset the Amazon Web Services-predefined patch baseline as the default, specify the full patch baseline Amazon Resource Name (ARN) as the baseline ID value. For example, for CentOS, specify arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed
instead of pb-0574b43a65ea646ed
.
Parameter Syntax
$result = $client->registerDefaultPatchBaseline([ 'BaselineId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- BaselineId
-
- Required: Yes
- Type: string
The ID of the patch baseline that should be the default patch baseline.
Result Syntax
[ 'BaselineId' => '<string>', ]
Result Details
Members
- BaselineId
-
- Type: string
The ID of the default patch baseline.
Errors
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
RegisterPatchBaselineForPatchGroup
$result = $client->registerPatchBaselineForPatchGroup
([/* ... */]); $promise = $client->registerPatchBaselineForPatchGroupAsync
([/* ... */]);
Registers a patch baseline for a patch group.
Parameter Syntax
$result = $client->registerPatchBaselineForPatchGroup([ 'BaselineId' => '<string>', // REQUIRED 'PatchGroup' => '<string>', // REQUIRED ]);
Parameter Details
Members
- BaselineId
-
- Required: Yes
- Type: string
The ID of the patch baseline to register with the patch group.
- PatchGroup
-
- Required: Yes
- Type: string
The name of the patch group to be registered with the patch baseline.
Result Syntax
[ 'BaselineId' => '<string>', 'PatchGroup' => '<string>', ]
Result Details
Members
- BaselineId
-
- Type: string
The ID of the patch baseline the patch group was registered with.
- PatchGroup
-
- Type: string
The name of the patch group registered with the patch baseline.
Errors
- AlreadyExistsException:
Error returned if an attempt is made to register a patch group with a patch baseline that is already registered with a different patch baseline.
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- ResourceLimitExceededException:
Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.
For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
RegisterTargetWithMaintenanceWindow
$result = $client->registerTargetWithMaintenanceWindow
([/* ... */]); $promise = $client->registerTargetWithMaintenanceWindowAsync
([/* ... */]);
Registers a target with a maintenance window.
Parameter Syntax
$result = $client->registerTargetWithMaintenanceWindow([ 'ClientToken' => '<string>', 'Description' => '<string>', 'Name' => '<string>', 'OwnerInformation' => '<string>', 'ResourceType' => 'INSTANCE|RESOURCE_GROUP', // REQUIRED 'Targets' => [ // REQUIRED [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ClientToken
-
- Type: string
User-provided idempotency token.
- Description
-
- Type: string
An optional description for the target.
- Name
-
- Type: string
An optional name for the target.
- OwnerInformation
-
- Type: string
User-provided value that will be included in any Amazon CloudWatch Events events raised while running tasks for these targets in this maintenance window.
- ResourceType
-
- Required: Yes
- Type: string
The type of target being registered with the maintenance window.
- Targets
-
- Required: Yes
- Type: Array of Target structures
The targets to register with the maintenance window. In other words, the managed nodes to run commands on when the maintenance window runs.
If a single maintenance window task is registered with multiple targets, its task invocations occur sequentially and not in parallel. If your task must run on multiple targets at the same time, register a task for each target individually and assign each task the same priority level.
You can specify targets using managed node IDs, resource group names, or tags that have been applied to managed nodes.
Example 1: Specify managed node IDs
Key=InstanceIds,Values=<instance-id-1>,<instance-id-2>,<instance-id-3>
Example 2: Use tag key-pairs applied to managed nodes
Key=tag:<my-tag-key>,Values=<my-tag-value-1>,<my-tag-value-2>
Example 3: Use tag-keys applied to managed nodes
Key=tag-key,Values=<my-tag-key-1>,<my-tag-key-2>
Example 4: Use resource group names
Key=resource-groups:Name,Values=<resource-group-name>
Example 5: Use filters for resource group types
Key=resource-groups:ResourceTypeFilters,Values=<resource-type-1>,<resource-type-2>
For
Key=resource-groups:ResourceTypeFilters
, specify resource types in the following formatKey=resource-groups:ResourceTypeFilters,Values=AWS::EC2::INSTANCE,AWS::EC2::VPC
For more information about these examples formats, including the best use case for each one, see Examples: Register targets with a maintenance window in the Amazon Web Services Systems Manager User Guide.
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window the target should be registered with.
Result Syntax
[ 'WindowTargetId' => '<string>', ]
Result Details
Members
- WindowTargetId
-
- Type: string
The ID of the target definition in this maintenance window.
Errors
- IdempotentParameterMismatch:
Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- ResourceLimitExceededException:
Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.
For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
RegisterTaskWithMaintenanceWindow
$result = $client->registerTaskWithMaintenanceWindow
([/* ... */]); $promise = $client->registerTaskWithMaintenanceWindowAsync
([/* ... */]);
Adds a new task to a maintenance window.
Parameter Syntax
$result = $client->registerTaskWithMaintenanceWindow([ 'AlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ClientToken' => '<string>', 'CutoffBehavior' => 'CONTINUE_TASK|CANCEL_TASK', 'Description' => '<string>', 'LoggingInfo' => [ 'S3BucketName' => '<string>', // REQUIRED 'S3KeyPrefix' => '<string>', 'S3Region' => '<string>', // REQUIRED ], 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'Priority' => <integer>, 'ServiceRoleArn' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TaskArn' => '<string>', // REQUIRED 'TaskInvocationParameters' => [ 'Automation' => [ 'DocumentVersion' => '<string>', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], ], 'Lambda' => [ 'ClientContext' => '<string>', 'Payload' => <string || resource || Psr\Http\Message\StreamInterface>, 'Qualifier' => '<string>', ], 'RunCommand' => [ 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'Comment' => '<string>', 'DocumentHash' => '<string>', 'DocumentHashType' => 'Sha256|Sha1', 'DocumentVersion' => '<string>', 'NotificationConfig' => [ 'NotificationArn' => '<string>', 'NotificationEvents' => ['<string>', ...], 'NotificationType' => 'Command|Invocation', ], 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ServiceRoleArn' => '<string>', 'TimeoutSeconds' => <integer>, ], 'StepFunctions' => [ 'Input' => '<string>', 'Name' => '<string>', ], ], 'TaskParameters' => [ '<MaintenanceWindowTaskParameterName>' => [ 'Values' => ['<string>', ...], ], // ... ], 'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', // REQUIRED 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The CloudWatch alarm you want to apply to your maintenance window task.
- ClientToken
-
- Type: string
User-provided idempotency token.
- CutoffBehavior
-
- Type: string
Indicates whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.
-
CONTINUE_TASK
: When the cutoff time is reached, any tasks that are running continue. The default value. -
CANCEL_TASK
:-
For Automation, Lambda, Step Functions tasks: When the cutoff time is reached, any task invocations that are already running continue, but no new task invocations are started.
-
For Run Command tasks: When the cutoff time is reached, the system sends a CancelCommand operation that attempts to cancel the command associated with the task. However, there is no guarantee that the command will be terminated and the underlying process stopped.
The status for tasks that are not completed is
TIMED_OUT
. -
- Description
-
- Type: string
An optional description for the task.
- LoggingInfo
-
- Type: LoggingInfo structure
A structure containing information about an Amazon Simple Storage Service (Amazon S3) bucket to write managed node-level logs to.
LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. - MaxConcurrency
-
- Type: string
The maximum number of targets this task can be run for, in parallel.
Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of
1
. This value doesn't affect the running of your task. - MaxErrors
-
- Type: string
The maximum number of errors allowed before this task stops being scheduled.
Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of
1
. This value doesn't affect the running of your task. - Name
-
- Type: string
An optional name for the task.
- Priority
-
- Type: int
The priority of the task in the maintenance window, the lower the number the higher the priority. Tasks in a maintenance window are scheduled in priority order with tasks that have the same priority scheduled in parallel.
- ServiceRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run
RegisterTaskWithMaintenanceWindow
.However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up maintenance windows in the in the Amazon Web Services Systems Manager User Guide.
- Targets
-
- Type: Array of Target structures
The targets (either managed nodes or maintenance window targets).
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.
Specify managed nodes using the following format:
Key=InstanceIds,Values=<instance-id-1>,<instance-id-2>
Specify maintenance window targets using the following format:
Key=WindowTargetIds,Values=<window-target-id-1>,<window-target-id-2>
- TaskArn
-
- Required: Yes
- Type: string
The ARN of the task to run.
- TaskInvocationParameters
-
- Type: MaintenanceWindowTaskInvocationParameters structure
The parameters that the task should use during execution. Populate only the fields that match the task type. All other fields should be empty.
- TaskParameters
-
- Type: Associative array of custom strings keys (MaintenanceWindowTaskParameterName) to MaintenanceWindowTaskParameterValueExpression structures
The parameters that should be passed to the task when it is run.
TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. - TaskType
-
- Required: Yes
- Type: string
The type of task being registered.
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window the task should be added to.
Result Syntax
[ 'WindowTaskId' => '<string>', ]
Result Details
Members
- WindowTaskId
-
- Type: string
The ID of the task in the maintenance window.
Errors
- IdempotentParameterMismatch:
Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- ResourceLimitExceededException:
Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.
For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- FeatureNotAvailableException:
You attempted to register a
LAMBDA
orSTEP_FUNCTIONS
task in a region where the corresponding service isn't available.- InternalServerError:
An error occurred on the server side.
RemoveTagsFromResource
$result = $client->removeTagsFromResource
([/* ... */]); $promise = $client->removeTagsFromResourceAsync
([/* ... */]);
Removes tag keys from the specified resource.
Parameter Syntax
$result = $client->removeTagsFromResource([ 'ResourceId' => '<string>', // REQUIRED 'ResourceType' => 'Document|ManagedInstance|MaintenanceWindow|Parameter|PatchBaseline|OpsItem|OpsMetadata|Automation|Association', // REQUIRED 'TagKeys' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- ResourceId
-
- Required: Yes
- Type: string
The ID of the resource from which you want to remove tags. For example:
ManagedInstance: mi-012345abcde
MaintenanceWindow: mw-012345abcde
Automation
:example-c160-4567-8519-012345abcde
PatchBaseline: pb-012345abcde
OpsMetadata object:
ResourceID
for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically,ResourceID
is created from the strings that come after the wordopsmetadata
in the ARN. For example, an OpsMetadata object with an ARN ofarn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager
has aResourceID
of eitheraws/ssm/MyGroup/appmanager
or/aws/ssm/MyGroup/appmanager
.For the Document and Parameter values, use the name of the resource.
The
ManagedInstance
type for this API operation is only for on-premises managed nodes. Specify the name of the managed node in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f. - ResourceType
-
- Required: Yes
- Type: string
The type of resource from which you want to remove a tag.
The
ManagedInstance
type for this API operation is only for on-premises managed nodes. Specify the name of the managed node in the following format:mi-ID_number
. For example,mi-1a2b3c4d5e6f
. - TagKeys
-
- Required: Yes
- Type: Array of strings
Tag keys that you want to remove from the specified resource.
Result Syntax
[]
Result Details
Errors
- InvalidResourceType:
The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- InternalServerError:
An error occurred on the server side.
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
ResetServiceSetting
$result = $client->resetServiceSetting
([/* ... */]); $promise = $client->resetServiceSettingAsync
([/* ... */]);
ServiceSetting
is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.
Services map a SettingId
object to a setting value. Amazon Web Services services teams define the default value for a SettingId
. You can't create a new SettingId
, but you can overwrite the default value if you have the ssm:UpdateServiceSetting
permission for the setting. Use the GetServiceSetting API operation to view the current value. Use the UpdateServiceSetting API operation to change the default setting.
Reset the service setting for the account to the default value as provisioned by the Amazon Web Services service team.
Parameter Syntax
$result = $client->resetServiceSetting([ 'SettingId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- SettingId
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the service setting to reset. The setting ID can be one of the following.
-
/ssm/managed-instance/default-ec2-instance-management-role
-
/ssm/automation/customer-script-log-destination
-
/ssm/automation/customer-script-log-group-name
-
/ssm/documents/console/public-sharing-permission
-
/ssm/managed-instance/activation-tier
-
/ssm/opsinsights/opscenter
-
/ssm/parameter-store/default-parameter-tier
-
/ssm/parameter-store/high-throughput-enabled
Result Syntax
[ 'ServiceSetting' => [ 'ARN' => '<string>', 'LastModifiedDate' => <DateTime>, 'LastModifiedUser' => '<string>', 'SettingId' => '<string>', 'SettingValue' => '<string>', 'Status' => '<string>', ], ]
Result Details
Members
- ServiceSetting
-
- Type: ServiceSetting structure
The current, effective service setting after calling the ResetServiceSetting API operation.
Errors
- InternalServerError:
An error occurred on the server side.
- ServiceSettingNotFound:
The specified service setting wasn't found. Either the service name or the setting hasn't been provisioned by the Amazon Web Services service team.
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
ResumeSession
$result = $client->resumeSession
([/* ... */]); $promise = $client->resumeSessionAsync
([/* ... */]);
Reconnects a session to a managed node after it has been disconnected. Connections can be resumed for disconnected sessions, but not terminated sessions.
This command is primarily for use by client machines to automatically reconnect during intermittent network issues. It isn't intended for any other use.
Parameter Syntax
$result = $client->resumeSession([ 'SessionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- SessionId
-
- Required: Yes
- Type: string
The ID of the disconnected session to resume.
Result Syntax
[ 'SessionId' => '<string>', 'StreamUrl' => '<string>', 'TokenValue' => '<string>', ]
Result Details
Members
- SessionId
-
- Type: string
The ID of the session.
- StreamUrl
-
- Type: string
A URL back to SSM Agent on the managed node that the Session Manager client uses to send commands and receive output from the managed node. Format:
wss://ssmmessages.region.amazonaws.com/v1/data-channel/session-id?stream=(input|output)
.region represents the Region identifier for an Amazon Web Services Region supported by Amazon Web Services Systems Manager, such as
us-east-2
for the US East (Ohio) Region. For a list of supported region values, see the Region column in Systems Manager service endpoints in the Amazon Web Services General Reference.session-id represents the ID of a Session Manager session, such as
1a2b3c4dEXAMPLE
. - TokenValue
-
- Type: string
An encrypted token value containing session and caller information. Used to authenticate the connection to the managed node.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
SendAutomationSignal
$result = $client->sendAutomationSignal
([/* ... */]); $promise = $client->sendAutomationSignalAsync
([/* ... */]);
Sends a signal to an Automation execution to change the current behavior or status of the execution.
Parameter Syntax
$result = $client->sendAutomationSignal([ 'AutomationExecutionId' => '<string>', // REQUIRED 'Payload' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'SignalType' => 'Approve|Reject|StartStep|StopStep|Resume', // REQUIRED ]);
Parameter Details
Members
- AutomationExecutionId
-
- Required: Yes
- Type: string
The unique identifier for an existing Automation execution that you want to send the signal to.
- Payload
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
The data sent with the signal. The data schema depends on the type of signal used in the request.
For
Approve
andReject
signal types, the payload is an optional comment that you can send with the signal type. For example:Comment="Looks good"
For
StartStep
andResume
signal types, you must send the name of the Automation step to start or resume as the payload. For example:StepName="step1"
For the
StopStep
signal type, you must send the step execution ID as the payload. For example:StepExecutionId="97fff367-fc5a-4299-aed8-0123456789ab"
- SignalType
-
- Required: Yes
- Type: string
The type of signal to send to an Automation execution.
Result Syntax
[]
Result Details
Errors
- AutomationExecutionNotFoundException:
There is no automation execution information for the requested automation execution ID.
- AutomationStepNotFoundException:
The specified step name and execution ID don't exist. Verify the information and try again.
- InvalidAutomationSignalException:
The signal isn't valid for the current Automation execution.
- InternalServerError:
An error occurred on the server side.
SendCommand
$result = $client->sendCommand
([/* ... */]); $promise = $client->sendCommandAsync
([/* ... */]);
Runs commands on one or more managed nodes.
Parameter Syntax
$result = $client->sendCommand([ 'AlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'Comment' => '<string>', 'DocumentHash' => '<string>', 'DocumentHashType' => 'Sha256|Sha1', 'DocumentName' => '<string>', // REQUIRED 'DocumentVersion' => '<string>', 'InstanceIds' => ['<string>', ...], 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'NotificationConfig' => [ 'NotificationArn' => '<string>', 'NotificationEvents' => ['<string>', ...], 'NotificationType' => 'Command|Invocation', ], 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ServiceRoleArn' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TimeoutSeconds' => <integer>, ]);
Parameter Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The CloudWatch alarm you want to apply to your command.
- CloudWatchOutputConfig
-
- Type: CloudWatchOutputConfig structure
Enables Amazon Web Services Systems Manager to send Run Command output to Amazon CloudWatch Logs. Run Command is a capability of Amazon Web Services Systems Manager.
- Comment
-
- Type: string
User-specified information about the command, such as a brief description of what the command should do.
- DocumentHash
-
- Type: string
The Sha256 or Sha1 hash created by the system when the document was created.
Sha1 hashes have been deprecated.
- DocumentHashType
-
- Type: string
Sha256 or Sha1.
Sha1 hashes have been deprecated.
- DocumentName
-
- Required: Yes
- Type: string
The name of the Amazon Web Services Systems Manager document (SSM document) to run. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document Amazon Resource Name (ARN). For more information about how to use shared documents, see Sharing SSM documents in the Amazon Web Services Systems Manager User Guide.
If you specify a document name or ARN that hasn't been shared with your account, you receive an
InvalidDocument
error. - DocumentVersion
-
- Type: string
The SSM document version to use in the request. You can specify $DEFAULT, $LATEST, or a specific version number. If you run commands by using the Command Line Interface (Amazon Web Services CLI), then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:
--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
- InstanceIds
-
- Type: Array of strings
The IDs of the managed nodes where the command should run. Specifying managed node IDs is most useful when you are targeting a limited number of managed nodes, though you can specify up to 50 IDs.
To target a larger number of managed nodes, or if you prefer not to list individual node IDs, we recommend using the
Targets
option instead. UsingTargets
, which accepts tag key-value pairs to identify the managed nodes to send commands to, you can a send command to tens, hundreds, or thousands of nodes at once.For more information about how to use targets, see Run commands at scale in the Amazon Web Services Systems Manager User Guide.
- MaxConcurrency
-
- Type: string
(Optional) The maximum number of managed nodes that are allowed to run the command at the same time. You can specify a number such as 10 or a percentage such as 10%. The default value is
50
. For more information about how to useMaxConcurrency
, see Using concurrency controls in the Amazon Web Services Systems Manager User Guide. - MaxErrors
-
- Type: string
The maximum number of errors allowed without the command failing. When the command fails one more time beyond the value of
MaxErrors
, the systems stops sending the command to additional targets. You can specify a number like 10 or a percentage like 10%. The default value is0
. For more information about how to useMaxErrors
, see Using error controls in the Amazon Web Services Systems Manager User Guide. - NotificationConfig
-
- Type: NotificationConfig structure
Configurations for sending notifications.
- OutputS3BucketName
-
- Type: string
The name of the S3 bucket where command execution responses should be stored.
- OutputS3KeyPrefix
-
- Type: string
The directory structure within the S3 bucket where the responses should be stored.
- OutputS3Region
-
- Type: string
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Amazon Web Services Region of the S3 bucket.
- Parameters
-
- Type: Associative array of custom strings keys (ParameterName) to stringss
The required and optional parameters specified in the document being run.
- ServiceRoleArn
-
- Type: string
The ARN of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for Run Command commands.
This role must provide the
sns:Publish
permission for your notification topic. For information about creating and using this service role, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide. - Targets
-
- Type: Array of Target structures
An array of search criteria that targets managed nodes using a
Key,Value
combination that you specify. Specifying targets is most useful when you want to send a command to a large number of managed nodes at once. UsingTargets
, which accepts tag key-value pairs to identify managed nodes, you can send a command to tens, hundreds, or thousands of nodes at once.To send a command to a smaller number of managed nodes, you can use the
InstanceIds
option instead.For more information about how to use targets, see Run commands at scale in the Amazon Web Services Systems Manager User Guide.
- TimeoutSeconds
-
- Type: int
If this time is reached and the command hasn't already started running, it won't run.
Result Syntax
[ 'Command' => [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'CommandId' => '<string>', 'Comment' => '<string>', 'CompletedCount' => <integer>, 'DeliveryTimedOutCount' => <integer>, 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'ErrorCount' => <integer>, 'ExpiresAfter' => <DateTime>, 'InstanceIds' => ['<string>', ...], 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'NotificationConfig' => [ 'NotificationArn' => '<string>', 'NotificationEvents' => ['<string>', ...], 'NotificationType' => 'Command|Invocation', ], 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'RequestedDateTime' => <DateTime>, 'ServiceRole' => '<string>', 'Status' => 'Pending|InProgress|Success|Cancelled|Failed|TimedOut|Cancelling', 'StatusDetails' => '<string>', 'TargetCount' => <integer>, 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TimeoutSeconds' => <integer>, 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], ]
Result Details
Members
- Command
-
- Type: Command structure
The request as it was received by Systems Manager. Also provides the command ID which can be used future references to this request.
Errors
- DuplicateInstanceId:
You can't specify a managed node ID in more than one association.
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
- InvalidOutputFolder:
The S3 bucket doesn't exist.
- InvalidParameters:
You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.
- UnsupportedPlatformType:
The document doesn't support the platform type of the given managed node IDs. For example, you sent an document for a Windows managed node to a Linux node.
- MaxDocumentSizeExceeded:
The size limit of a document is 64 KB.
- InvalidRole:
The role name can't contain invalid characters. Also verify that you specified an IAM role for notifications that includes the required trust policy. For information about configuring the IAM role for Run Command notifications, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
- InvalidNotificationConfig:
One or more configuration items isn't valid. Verify that a valid Amazon Resource Name (ARN) was provided for an Amazon Simple Notification Service topic.
StartAssociationsOnce
$result = $client->startAssociationsOnce
([/* ... */]); $promise = $client->startAssociationsOnceAsync
([/* ... */]);
Runs an association immediately and only one time. This operation can be helpful when troubleshooting associations.
Parameter Syntax
$result = $client->startAssociationsOnce([ 'AssociationIds' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- AssociationIds
-
- Required: Yes
- Type: Array of strings
The association IDs that you want to run immediately and only one time.
Result Syntax
[]
Result Details
Errors
- InvalidAssociation:
The association isn't valid or doesn't exist.
- AssociationDoesNotExist:
The specified association doesn't exist.
StartAutomationExecution
$result = $client->startAutomationExecution
([/* ... */]); $promise = $client->startAutomationExecutionAsync
([/* ... */]);
Initiates execution of an Automation runbook.
Parameter Syntax
$result = $client->startAutomationExecution([ 'AlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ClientToken' => '<string>', 'DocumentName' => '<string>', // REQUIRED 'DocumentVersion' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Mode' => 'Auto|Interactive', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'TargetParameterName' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ]);
Parameter Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The CloudWatch alarm you want to apply to your automation.
- ClientToken
-
- Type: string
User-provided idempotency token. The token must be unique, is case insensitive, enforces the UUID format, and can't be reused.
- DocumentName
-
- Required: Yes
- Type: string
The name of the SSM document to run. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document ARN. For more information about how to use shared documents, see Sharing SSM documents in the Amazon Web Services Systems Manager User Guide.
- DocumentVersion
-
- Type: string
The version of the Automation runbook to use for this execution.
- MaxConcurrency
-
- Type: string
The maximum number of targets allowed to run this task in parallel. You can specify a number, such as 10, or a percentage, such as 10%. The default value is
10
. - MaxErrors
-
- Type: string
The number of errors that are allowed before the system stops running the automation on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops running the automation when the fourth error is received. If you specify 0, then the system stops running the automation on additional targets after the first error result is returned. If you run an automation on 50 resources and set max-errors to 10%, then the system stops running the automation on additional targets when the sixth error is received.
Executions that are already running an automation when max-errors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one at a time.
- Mode
-
- Type: string
The execution mode of the automation. Valid modes include the following: Auto and Interactive. The default mode is Auto.
- Parameters
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
A key-value map of execution parameters, which match the declared parameters in the Automation runbook.
- Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. You can specify a maximum of five tags for an automation. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an automation to identify an environment or operating system. In this case, you could specify the following key-value pairs:
-
Key=environment,Value=test
-
Key=OS,Value=Windows
To add tags to an existing automation, use the AddTagsToResource operation.
- TargetLocations
-
- Type: Array of TargetLocation structures
A location is a combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the automation. Use this operation to start an automation in multiple Amazon Web Services Regions and multiple Amazon Web Services accounts. For more information, see Running Automation workflows in multiple Amazon Web Services Regions and Amazon Web Services accounts in the Amazon Web Services Systems Manager User Guide.
- TargetMaps
-
- Type: Array of maps
A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.
- TargetParameterName
-
- Type: string
The name of the parameter used as the target resource for the rate-controlled execution. Required if you specify targets.
- Targets
-
- Type: Array of Target structures
A key-value mapping to target resources. Required if you specify TargetParameterName.
Result Syntax
[ 'AutomationExecutionId' => '<string>', ]
Result Details
Members
- AutomationExecutionId
-
- Type: string
The unique ID of a newly scheduled automation execution.
Errors
- AutomationDefinitionNotFoundException:
An Automation runbook with the specified name couldn't be found.
- InvalidAutomationExecutionParametersException:
The supplied parameters for invoking the specified Automation runbook are incorrect. For example, they may not match the set of parameters permitted for the specified Automation document.
- AutomationExecutionLimitExceededException:
The number of simultaneously running Automation executions exceeded the allowable limit.
- AutomationDefinitionVersionNotFoundException:
An Automation runbook with the specified name and version couldn't be found.
- IdempotentParameterMismatch:
Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.
- InvalidTarget:
The target isn't valid or doesn't exist. It might not be configured for Systems Manager or you might not have permission to perform the operation.
- InternalServerError:
An error occurred on the server side.
StartChangeRequestExecution
$result = $client->startChangeRequestExecution
([/* ... */]); $promise = $client->startChangeRequestExecutionAsync
([/* ... */]);
Creates a change request for Change Manager. The Automation runbooks specified in the change request run only after all required approvals for the change request have been received.
Parameter Syntax
$result = $client->startChangeRequestExecution([ 'AutoApprove' => true || false, 'ChangeDetails' => '<string>', 'ChangeRequestName' => '<string>', 'ClientToken' => '<string>', 'DocumentName' => '<string>', // REQUIRED 'DocumentVersion' => '<string>', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'Runbooks' => [ // REQUIRED [ 'DocumentName' => '<string>', // REQUIRED 'DocumentVersion' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'TargetParameterName' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ], // ... ], 'ScheduledEndTime' => <integer || string || DateTime>, 'ScheduledTime' => <integer || string || DateTime>, 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- AutoApprove
-
- Type: boolean
Indicates whether the change request can be approved automatically without the need for manual approvals.
If
AutoApprovable
is enabled in a change template, then settingAutoApprove
totrue
inStartChangeRequestExecution
creates a change request that bypasses approver review.Change Calendar restrictions are not bypassed in this scenario. If the state of an associated calendar is
CLOSED
, change freeze approvers must still grant permission for this change request to run. If they don't, the change won't be processed until the calendar state is againOPEN
. - ChangeDetails
-
- Type: string
User-provided details about the change. If no details are provided, content specified in the Template information section of the associated change template is added.
- ChangeRequestName
-
- Type: string
The name of the change request associated with the runbook workflow to be run.
- ClientToken
-
- Type: string
The user-provided idempotency token. The token must be unique, is case insensitive, enforces the UUID format, and can't be reused.
- DocumentName
-
- Required: Yes
- Type: string
The name of the change template document to run during the runbook workflow.
- DocumentVersion
-
- Type: string
The version of the change template document to run during the runbook workflow.
- Parameters
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
A key-value map of parameters that match the declared parameters in the change template document.
- Runbooks
-
- Required: Yes
- Type: Array of Runbook structures
Information about the Automation runbooks that are run during the runbook workflow.
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
- ScheduledEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time that the requester expects the runbook workflow related to the change request to complete. The time is an estimate only that the requester provides for reviewers.
- ScheduledTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time specified in the change request to run the Automation runbooks.
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
- Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. You can specify a maximum of five tags for a change request. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a change request to identify an environment or target Amazon Web Services Region. In this case, you could specify the following key-value pairs:
-
Key=Environment,Value=Production
-
Key=Region,Value=us-east-2
Result Syntax
[ 'AutomationExecutionId' => '<string>', ]
Result Details
Members
- AutomationExecutionId
-
- Type: string
The unique ID of a runbook workflow operation. (A runbook workflow is a type of Automation operation.)
Errors
- AutomationDefinitionNotFoundException:
An Automation runbook with the specified name couldn't be found.
- InvalidAutomationExecutionParametersException:
The supplied parameters for invoking the specified Automation runbook are incorrect. For example, they may not match the set of parameters permitted for the specified Automation document.
- AutomationExecutionLimitExceededException:
The number of simultaneously running Automation executions exceeded the allowable limit.
- AutomationDefinitionVersionNotFoundException:
An Automation runbook with the specified name and version couldn't be found.
- IdempotentParameterMismatch:
Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.
- InternalServerError:
An error occurred on the server side.
- AutomationDefinitionNotApprovedException:
Indicates that the Change Manager change template used in the change request was rejected or is still in a pending state.
StartSession
$result = $client->startSession
([/* ... */]); $promise = $client->startSessionAsync
([/* ... */]);
Initiates a connection to a target (for example, a managed node) for a Session Manager session. Returns a URL and token that can be used to open a WebSocket connection for sending input and receiving outputs.
Amazon Web Services CLI usage: start-session
is an interactive command that requires the Session Manager plugin to be installed on the client machine making the call. For information, see Install the Session Manager plugin for the Amazon Web Services CLI in the Amazon Web Services Systems Manager User Guide.
Amazon Web Services Tools for PowerShell usage: Start-SSMSession isn't currently supported by Amazon Web Services Tools for PowerShell on Windows local machines.
Parameter Syntax
$result = $client->startSession([ 'DocumentName' => '<string>', 'Parameters' => [ '<SessionManagerParameterName>' => ['<string>', ...], // ... ], 'Reason' => '<string>', 'Target' => '<string>', // REQUIRED ]);
Parameter Details
Members
- DocumentName
-
- Type: string
The name of the SSM document you want to use to define the type of session, input parameters, or preferences for the session. For example,
SSM-SessionManagerRunShell
. You can call the GetDocument API to verify the document exists before attempting to start a session. If no document name is provided, a shell to the managed node is launched by default. For more information, see Start a session in the Amazon Web Services Systems Manager User Guide. - Parameters
-
- Type: Associative array of custom strings keys (SessionManagerParameterName) to stringss
The values you want to specify for the parameters defined in the Session document.
- Reason
-
- Type: string
The reason for connecting to the instance. This value is included in the details for the Amazon CloudWatch Events event created when you start the session.
- Target
-
- Required: Yes
- Type: string
The managed node to connect to for the session.
Result Syntax
[ 'SessionId' => '<string>', 'StreamUrl' => '<string>', 'TokenValue' => '<string>', ]
Result Details
Members
- SessionId
-
- Type: string
The ID of the session.
- StreamUrl
-
- Type: string
A URL back to SSM Agent on the managed node that the Session Manager client uses to send commands and receive output from the node. Format:
wss://ssmmessages.region.amazonaws.com/v1/data-channel/session-id?stream=(input|output)
region represents the Region identifier for an Amazon Web Services Region supported by Amazon Web Services Systems Manager, such as
us-east-2
for the US East (Ohio) Region. For a list of supported region values, see the Region column in Systems Manager service endpoints in the Amazon Web Services General Reference.session-id represents the ID of a Session Manager session, such as
1a2b3c4dEXAMPLE
. - TokenValue
-
- Type: string
An encrypted token value containing session and caller information. This token is used to authenticate the connection to the managed node, and is valid only long enough to ensure the connection is successful. Never share your session's token.
Errors
- InvalidDocument:
The specified SSM document doesn't exist.
- TargetNotConnected:
The specified target managed node for the session isn't fully configured for use with Session Manager. For more information, see Getting started with Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you attempt to start a session on a managed node that is located in a different account or Region
- InternalServerError:
An error occurred on the server side.
StopAutomationExecution
$result = $client->stopAutomationExecution
([/* ... */]); $promise = $client->stopAutomationExecutionAsync
([/* ... */]);
Stop an Automation that is currently running.
Parameter Syntax
$result = $client->stopAutomationExecution([ 'AutomationExecutionId' => '<string>', // REQUIRED 'Type' => 'Complete|Cancel', ]);
Parameter Details
Members
- AutomationExecutionId
-
- Required: Yes
- Type: string
The execution ID of the Automation to stop.
- Type
-
- Type: string
The stop request type. Valid types include the following: Cancel and Complete. The default type is Cancel.
Result Syntax
[]
Result Details
Errors
- AutomationExecutionNotFoundException:
There is no automation execution information for the requested automation execution ID.
- InvalidAutomationStatusUpdateException:
The specified update status operation isn't valid.
- InternalServerError:
An error occurred on the server side.
TerminateSession
$result = $client->terminateSession
([/* ... */]); $promise = $client->terminateSessionAsync
([/* ... */]);
Permanently ends a session and closes the data connection between the Session Manager client and SSM Agent on the managed node. A terminated session can't be resumed.
Parameter Syntax
$result = $client->terminateSession([ 'SessionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- SessionId
-
- Required: Yes
- Type: string
The ID of the session to terminate.
Result Syntax
[ 'SessionId' => '<string>', ]
Result Details
Members
- SessionId
-
- Type: string
The ID of the session that has been terminated.
Errors
- InternalServerError:
An error occurred on the server side.
UnlabelParameterVersion
$result = $client->unlabelParameterVersion
([/* ... */]); $promise = $client->unlabelParameterVersionAsync
([/* ... */]);
Remove a label or labels from a parameter.
Parameter Syntax
$result = $client->unlabelParameterVersion([ 'Labels' => ['<string>', ...], // REQUIRED 'Name' => '<string>', // REQUIRED 'ParameterVersion' => <integer>, // REQUIRED ]);
Parameter Details
Members
- Labels
-
- Required: Yes
- Type: Array of strings
One or more labels to delete from the specified parameter version.
- Name
-
- Required: Yes
- Type: string
The name of the parameter from which you want to delete one or more labels.
You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.
- ParameterVersion
-
- Required: Yes
- Type: long (int|float)
The specific version of the parameter which you want to delete one or more labels from. If it isn't present, the call will fail.
Result Syntax
[ 'InvalidLabels' => ['<string>', ...], 'RemovedLabels' => ['<string>', ...], ]
Result Details
Members
- InvalidLabels
-
- Type: Array of strings
The labels that aren't attached to the given parameter version.
- RemovedLabels
-
- Type: Array of strings
A list of all labels deleted from the parameter.