AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.
start-automation-execution
--document-name <value>
[--document-version <value>]
[--parameters <value>]
[--client-token <value>]
[--mode <value>]
[--target-parameter-name <value>]
[--targets <value>]
[--target-maps <value>]
[--max-concurrency <value>]
[--max-errors <value>]
[--target-locations <value>]
[--tags <value>]
[--alarm-configuration <value>]
[--target-locations-url <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
[--debug]
[--endpoint-url <value>]
[--no-verify-ssl]
[--no-paginate]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--no-sign-request]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
--document-name
(string)
The name of the SSM document to run. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document ARN. For more information about how to use shared documents, see Sharing SSM documents in the Amazon Web Services Systems Manager User Guide .
--document-version
(string)
The version of the Automation runbook to use for this execution.
--parameters
(map)
A key-value map of execution parameters, which match the declared parameters in the Automation runbook.
key -> (string)
value -> (list)
(string)
Shorthand Syntax:
KeyName1=string,string,KeyName2=string,string
JSON Syntax:
{"string": ["string", ...]
...}
--client-token
(string)
User-provided idempotency token. The token must be unique, is case insensitive, enforces the UUID format, and can't be reused.
--mode
(string)
The execution mode of the automation. Valid modes include the following: Auto and Interactive. The default mode is Auto.
Possible values:
Auto
Interactive
--target-parameter-name
(string)
The name of the parameter used as the target resource for the rate-controlled execution. Required if you specify targets.
--targets
(list)
A key-value mapping to target resources. Required if you specify TargetParameterName.
If both this parameter and the
TargetLocation:Targets
parameter are supplied,TargetLocation:Targets
takes precedence.(structure)
An array of search criteria that targets managed nodes using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .Supported formats include the following.
For all Systems Manager capabilities:
Key=tag-key,Values=tag-value-1,tag-value-2
For Automation and Change Manager:
Key=tag:tag-key,Values=tag-value
Key=ResourceGroup,Values=resource-group-name
Key=ParameterValues,Values=value-1,value-2,value-3
- To target all instances in the Amazon Web Services Region:
Key=AWS::EC2::Instance,Values=*
Key=InstanceIds,Values=*
For Run Command and Maintenance Windows:
Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
Key=tag:tag-key,Values=tag-value-1,tag-value-2
Key=resource-groups:Name,Values=resource-group-name
- Additionally, Maintenance Windows support targeting resource types:
Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2
For State Manager:
Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
Key=tag:tag-key,Values=tag-value-1,tag-value-2
- To target all instances in the Amazon Web Services Region:
Key=InstanceIds,Values=*
For more information about how to send commands that target managed nodes using
Key,Value
parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide .Key -> (string)
User-defined criteria for sending commands that target managed nodes that meet the criteria.Values -> (list)
User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
(string)
Shorthand Syntax:
Key=string,Values=string,string ...
JSON Syntax:
[
{
"Key": "string",
"Values": ["string", ...]
}
...
]
--target-maps
(list)
A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.
(map)
key -> (string)
value -> (list)
(string)
Shorthand Syntax:
KeyName1=string,string,KeyName2=string,string ...
JSON Syntax:
[
{"string": ["string", ...]
...}
...
]
--max-concurrency
(string)
The maximum number of targets allowed to run this task in parallel. You can specify a number, such as 10, or a percentage, such as 10%. The default value is
10
.If both this parameter and the
TargetLocation:TargetsMaxConcurrency
are supplied,TargetLocation:TargetsMaxConcurrency
takes precedence.
--max-errors
(string)
The number of errors that are allowed before the system stops running the automation on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops running the automation when the fourth error is received. If you specify 0, then the system stops running the automation on additional targets after the first error result is returned. If you run an automation on 50 resources and set max-errors to 10%, then the system stops running the automation on additional targets when the sixth error is received.
Executions that are already running an automation when max-errors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one at a time.
If this parameter and the
TargetLocation:TargetsMaxErrors
parameter are both supplied,TargetLocation:TargetsMaxErrors
takes precedence.
--target-locations
(list)
A location is a combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the automation. Use this operation to start an automation in multiple Amazon Web Services Regions and multiple Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the Amazon Web Services Systems Manager User Guide .
(structure)
The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation execution.
Accounts -> (list)
The Amazon Web Services accounts targeted by the current Automation execution.
(string)
Regions -> (list)
The Amazon Web Services Regions targeted by the current Automation execution.
(string)
TargetLocationMaxConcurrency -> (string)
The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.TargetLocationMaxErrors -> (string)
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.ExecutionRoleName -> (string)
The Automation execution role used by the currently running Automation. If not specified, the default value isAWS-SystemsManager-AutomationExecutionRole
.TargetLocationAlarmConfiguration -> (structure)
The details for the CloudWatch alarm you want to apply to an automation or command.
IgnorePollAlarmFailure -> (boolean)
When this value is true , your automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false .Alarms -> (list)
The name of the CloudWatch alarm specified in the configuration.
(structure)
A CloudWatch alarm you apply to an automation or command.
Name -> (string)
The name of your CloudWatch alarm.IncludeChildOrganizationUnits -> (boolean)
Indicates whether to include child organizational units (OUs) that are children of the targeted OUs. The default isfalse
.ExcludeAccounts -> (list)
Amazon Web Services accounts or organizational units to exclude as expanded targets.
(string)
Targets -> (list)
A list of key-value mappings to target resources. If you specify values for this data type, you must also specify a value for
TargetParameterName
.This
Targets
parameter takes precedence over theStartAutomationExecution:Targets
parameter if both are supplied.(structure)
An array of search criteria that targets managed nodes using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .Supported formats include the following.
For all Systems Manager capabilities:
Key=tag-key,Values=tag-value-1,tag-value-2
For Automation and Change Manager:
Key=tag:tag-key,Values=tag-value
Key=ResourceGroup,Values=resource-group-name
Key=ParameterValues,Values=value-1,value-2,value-3
- To target all instances in the Amazon Web Services Region:
Key=AWS::EC2::Instance,Values=*
Key=InstanceIds,Values=*
For Run Command and Maintenance Windows:
Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
Key=tag:tag-key,Values=tag-value-1,tag-value-2
Key=resource-groups:Name,Values=resource-group-name
- Additionally, Maintenance Windows support targeting resource types:
Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2
For State Manager:
Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
Key=tag:tag-key,Values=tag-value-1,tag-value-2
- To target all instances in the Amazon Web Services Region:
Key=InstanceIds,Values=*
For more information about how to send commands that target managed nodes using
Key,Value
parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide .Key -> (string)
User-defined criteria for sending commands that target managed nodes that meet the criteria.Values -> (list)
User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
(string)
TargetsMaxConcurrency -> (string)
The maximum number of targets allowed to run this task in parallel. ThisTargetsMaxConcurrency
takes precedence over theStartAutomationExecution:MaxConcurrency
parameter if both are supplied.TargetsMaxErrors -> (string)
The maximum number of errors that are allowed before the system stops running the automation on additional targets. ThisTargetsMaxErrors
parameter takes precedence over theStartAutomationExecution:MaxErrors
parameter if both are supplied.
JSON Syntax:
[
{
"Accounts": ["string", ...],
"Regions": ["string", ...],
"TargetLocationMaxConcurrency": "string",
"TargetLocationMaxErrors": "string",
"ExecutionRoleName": "string",
"TargetLocationAlarmConfiguration": {
"IgnorePollAlarmFailure": true|false,
"Alarms": [
{
"Name": "string"
}
...
]
},
"IncludeChildOrganizationUnits": true|false,
"ExcludeAccounts": ["string", ...],
"Targets": [
{
"Key": "string",
"Values": ["string", ...]
}
...
],
"TargetsMaxConcurrency": "string",
"TargetsMaxErrors": "string"
}
...
]
--tags
(list)
Optional metadata that you assign to a resource. You can specify a maximum of five tags for an automation. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an automation to identify an environment or operating system. In this case, you could specify the following key-value pairs:
Key=environment,Value=test
Key=OS,Value=Windows
Note
To add tags to an existing automation, use the AddTagsToResource operation.(structure)
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed nodes, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
Key -> (string)
The name of the tag.Value -> (string)
The value of the tag.
Shorthand Syntax:
Key=string,Value=string ...
JSON Syntax:
[
{
"Key": "string",
"Value": "string"
}
...
]
--alarm-configuration
(structure)
The CloudWatch alarm you want to apply to your automation.
IgnorePollAlarmFailure -> (boolean)
When this value is true , your automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false .Alarms -> (list)
The name of the CloudWatch alarm specified in the configuration.
(structure)
A CloudWatch alarm you apply to an automation or command.
Name -> (string)
The name of your CloudWatch alarm.
Shorthand Syntax:
IgnorePollAlarmFailure=boolean,Alarms=[{Name=string},{Name=string}]
JSON Syntax:
{
"IgnorePollAlarmFailure": true|false,
"Alarms": [
{
"Name": "string"
}
...
]
}
--target-locations-url
(string)
Specify a publicly accessible URL for a file that contains theTargetLocations
body. Currently, only files in presigned Amazon S3 buckets are supported.
--cli-input-json
(string)
Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
--debug
(boolean)
Turn on debug logging.
--endpoint-url
(string)
Override command's default URL with the given URL.
--no-verify-ssl
(boolean)
By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.
--no-paginate
(boolean)
Disable automatic pagination. If automatic pagination is disabled, the AWS CLI will only make one call, for the first page of results.
--output
(string)
The formatting style for command output.
--query
(string)
A JMESPath query to use in filtering the response data.
--profile
(string)
Use a specific profile from your credential file.
--region
(string)
The region to use. Overrides config/env settings.
--version
(string)
Display the version of this tool.
--color
(string)
Turn on/off color output.
--no-sign-request
(boolean)
Do not sign requests. Credentials will not be loaded if this argument is provided.
--ca-bundle
(string)
The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.
--cli-read-timeout
(int)
The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.
--cli-connect-timeout
(int)
The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.
To use the following examples, you must have the AWS CLI installed and configured. See the Getting started guide in the AWS CLI User Guide for more information.
Unless otherwise stated, all examples have unix-like quotation rules. These examples will need to be adapted to your terminal's quoting rules. See Using quotation marks with strings in the AWS CLI User Guide .
Example 1: To execute an automation document
The following start-automation-execution
example runs an Automation document.
aws ssm start-automation-execution \
--document-name "AWS-UpdateLinuxAmi" \
--parameters "AutomationAssumeRole=arn:aws:iam::123456789012:role/SSMAutomationRole,SourceAmiId=ami-EXAMPLE,IamInstanceProfileName=EC2InstanceRole"
Output:
{
"AutomationExecutionId": "4105a4fc-f944-11e6-9d32-0a1b2EXAMPLE"
}
For more information, see Running an Automation Workflow Manually in the AWS Systems Manager User Guide.
Example 2: To run a shared automation document
The following start-automation-execution
example runs a shared Automation document.
aws ssm start-automation-execution \
--document-name "arn:aws:ssm:us-east-1:123456789012:document/ExampleDocument"
Output:
{
"AutomationExecutionId": "4105a4fc-f944-11e6-9d32-0a1b2EXAMPLE"
}
For more information, see Using shared SSM documents in the AWS Systems Manager User Guide.