Amazon Simple Systems Manager (SSM) 2014-11-06
- Client: Aws\Ssm\SsmClient
- Service ID: ssm
- Version: 2014-11-06
This page describes the parameters and results for the operations of the Amazon Simple Systems Manager (SSM) (2014-11-06), and shows how to use the Aws\Ssm\SsmClient object to call the described operations. This documentation is specific to the 2014-11-06 API version of the service.
Operation Summary
Each of the following operations can be created from a client using
$client->getCommand('CommandName')
, where "CommandName" is the
name of one of the following operations. Note: a command is a value that
encapsulates an operation and the parameters used to create an HTTP request.
You can also create and send a command immediately using the magic methods
available on a client object: $client->commandName(/* parameters */)
.
You can send the command asynchronously (returning a promise) by appending the
word "Async" to the operation name: $client->commandNameAsync(/* parameters */)
.
- AddTagsToResource ( array $params = [] )
- Adds or overwrites one or more tags for the specified resource.
- AssociateOpsItemRelatedItem ( array $params = [] )
- Associates a related item to a Systems Manager OpsCenter OpsItem.
- CancelCommand ( array $params = [] )
- Attempts to cancel the command specified by the Command ID.
- CancelMaintenanceWindowExecution ( array $params = [] )
- Stops a maintenance window execution that is already in progress and cancels any tasks in the window that haven't already starting running.
- CreateActivation ( array $params = [] )
- Generates an activation code and activation ID you can use to register your on-premises servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager.
- CreateAssociation ( array $params = [] )
- A State Manager association defines the state that you want to maintain on your managed nodes.
- CreateAssociationBatch ( array $params = [] )
- Associates the specified Amazon Web Services Systems Manager document (SSM document) with the specified managed nodes or targets.
- CreateDocument ( array $params = [] )
- Creates a Amazon Web Services Systems Manager (SSM document).
- CreateMaintenanceWindow ( array $params = [] )
- Creates a new maintenance window.
- CreateOpsItem ( array $params = [] )
- Creates a new OpsItem.
- CreateOpsMetadata ( array $params = [] )
- If you create a new application in Application Manager, Amazon Web Services Systems Manager calls this API operation to specify information about the new application, including the application type.
- CreatePatchBaseline ( array $params = [] )
- Creates a patch baseline.
- CreateResourceDataSync ( array $params = [] )
- A resource data sync helps you view data from multiple sources in a single location.
- DeleteActivation ( array $params = [] )
- Deletes an activation.
- DeleteAssociation ( array $params = [] )
- Disassociates the specified Amazon Web Services Systems Manager document (SSM document) from the specified managed node.
- DeleteDocument ( array $params = [] )
- Deletes the Amazon Web Services Systems Manager document (SSM document) and all managed node associations to the document.
- DeleteInventory ( array $params = [] )
- Delete a custom inventory type or the data associated with a custom Inventory type.
- DeleteMaintenanceWindow ( array $params = [] )
- Deletes a maintenance window.
- DeleteOpsItem ( array $params = [] )
- Delete an OpsItem.
- DeleteOpsMetadata ( array $params = [] )
- Delete OpsMetadata related to an application.
- DeleteParameter ( array $params = [] )
- Delete a parameter from the system.
- DeleteParameters ( array $params = [] )
- Delete a list of parameters.
- DeletePatchBaseline ( array $params = [] )
- Deletes a patch baseline.
- DeleteResourceDataSync ( array $params = [] )
- Deletes a resource data sync configuration.
- DeleteResourcePolicy ( array $params = [] )
- Deletes a Systems Manager resource policy.
- DeregisterManagedInstance ( array $params = [] )
- Removes the server or virtual machine from the list of registered servers.
- DeregisterPatchBaselineForPatchGroup ( array $params = [] )
- Removes a patch group from a patch baseline.
- DeregisterTargetFromMaintenanceWindow ( array $params = [] )
- Removes a target from a maintenance window.
- DeregisterTaskFromMaintenanceWindow ( array $params = [] )
- Removes a task from a maintenance window.
- DescribeActivations ( array $params = [] )
- Describes details about the activation, such as the date and time the activation was created, its expiration date, the Identity and Access Management (IAM) role assigned to the managed nodes in the activation, and the number of nodes registered by using this activation.
- DescribeAssociation ( array $params = [] )
- Describes the association for the specified target or managed node.
- DescribeAssociationExecutionTargets ( array $params = [] )
- Views information about a specific execution of a specific association.
- DescribeAssociationExecutions ( array $params = [] )
- Views all executions for a specific association ID.
- DescribeAutomationExecutions ( array $params = [] )
- Provides details about all active and terminated Automation executions.
- DescribeAutomationStepExecutions ( array $params = [] )
- Information about all active and terminated step executions in an Automation workflow.
- DescribeAvailablePatches ( array $params = [] )
- Lists all patches eligible to be included in a patch baseline.
- DescribeDocument ( array $params = [] )
- Describes the specified Amazon Web Services Systems Manager document (SSM document).
- DescribeDocumentPermission ( array $params = [] )
- Describes the permissions for a Amazon Web Services Systems Manager document (SSM document).
- DescribeEffectiveInstanceAssociations ( array $params = [] )
- All associations for the managed nodes.
- DescribeEffectivePatchesForPatchBaseline ( array $params = [] )
- Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline.
- DescribeInstanceAssociationsStatus ( array $params = [] )
- The status of the associations for the managed nodes.
- DescribeInstanceInformation ( array $params = [] )
- Provides information about one or more of your managed nodes, including the operating system platform, SSM Agent version, association status, and IP address.
- DescribeInstancePatchStates ( array $params = [] )
- Retrieves the high-level patch state of one or more managed nodes.
- DescribeInstancePatchStatesForPatchGroup ( array $params = [] )
- Retrieves the high-level patch state for the managed nodes in the specified patch group.
- DescribeInstancePatches ( array $params = [] )
- Retrieves information about the patches on the specified managed node and their state relative to the patch baseline being used for the node.
- DescribeInstanceProperties ( array $params = [] )
- An API operation used by the Systems Manager console to display information about Systems Manager managed nodes.
- DescribeInventoryDeletions ( array $params = [] )
- Describes a specific delete inventory operation.
- DescribeMaintenanceWindowExecutionTaskInvocations ( array $params = [] )
- Retrieves the individual task executions (one per target) for a particular task run as part of a maintenance window execution.
- DescribeMaintenanceWindowExecutionTasks ( array $params = [] )
- For a given maintenance window execution, lists the tasks that were run.
- DescribeMaintenanceWindowExecutions ( array $params = [] )
- Lists the executions of a maintenance window.
- DescribeMaintenanceWindowSchedule ( array $params = [] )
- Retrieves information about upcoming executions of a maintenance window.
- DescribeMaintenanceWindowTargets ( array $params = [] )
- Lists the targets registered with the maintenance window.
- DescribeMaintenanceWindowTasks ( array $params = [] )
- Lists the tasks in a maintenance window.
- DescribeMaintenanceWindows ( array $params = [] )
- Retrieves the maintenance windows in an Amazon Web Services account.
- DescribeMaintenanceWindowsForTarget ( array $params = [] )
- Retrieves information about the maintenance window targets or tasks that a managed node is associated with.
- DescribeOpsItems ( array $params = [] )
- Query a set of OpsItems.
- DescribeParameters ( array $params = [] )
- Lists the parameters in your Amazon Web Services account or the parameters shared with you when you enable the Shared option.
- DescribePatchBaselines ( array $params = [] )
- Lists the patch baselines in your Amazon Web Services account.
- DescribePatchGroupState ( array $params = [] )
- Returns high-level aggregated patch compliance state information for a patch group.
- DescribePatchGroups ( array $params = [] )
- Lists all patch groups that have been registered with patch baselines.
- DescribePatchProperties ( array $params = [] )
- Lists the properties of available patches organized by product, product family, classification, severity, and other properties of available patches.
- DescribeSessions ( array $params = [] )
- Retrieves a list of all active sessions (both connected and disconnected) or terminated sessions from the past 30 days.
- DisassociateOpsItemRelatedItem ( array $params = [] )
- Deletes the association between an OpsItem and a related item.
- GetAutomationExecution ( array $params = [] )
- Get detailed information about a particular Automation execution.
- GetCalendarState ( array $params = [] )
- Gets the state of a Amazon Web Services Systems Manager change calendar at the current time or a specified time.
- GetCommandInvocation ( array $params = [] )
- Returns detailed information about command execution for an invocation or plugin.
- GetConnectionStatus ( array $params = [] )
- Retrieves the Session Manager connection status for a managed node to determine whether it is running and ready to receive Session Manager connections.
- GetDefaultPatchBaseline ( array $params = [] )
- Retrieves the default patch baseline.
- GetDeployablePatchSnapshotForInstance ( array $params = [] )
- Retrieves the current snapshot for the patch baseline the managed node uses.
- GetDocument ( array $params = [] )
- Gets the contents of the specified Amazon Web Services Systems Manager document (SSM document).
- GetInventory ( array $params = [] )
- Query inventory information.
- GetInventorySchema ( array $params = [] )
- Return a list of inventory type names for the account, or return a list of attribute names for a specific Inventory item type.
- GetMaintenanceWindow ( array $params = [] )
- Retrieves a maintenance window.
- GetMaintenanceWindowExecution ( array $params = [] )
- Retrieves details about a specific a maintenance window execution.
- GetMaintenanceWindowExecutionTask ( array $params = [] )
- Retrieves the details about a specific task run as part of a maintenance window execution.
- GetMaintenanceWindowExecutionTaskInvocation ( array $params = [] )
- Retrieves information about a specific task running on a specific target.
- GetMaintenanceWindowTask ( array $params = [] )
- Retrieves the details of a maintenance window task.
- GetOpsItem ( array $params = [] )
- Get information about an OpsItem by using the ID.
- GetOpsMetadata ( array $params = [] )
- View operational metadata related to an application in Application Manager.
- GetOpsSummary ( array $params = [] )
- View a summary of operations metadata (OpsData) based on specified filters and aggregators.
- GetParameter ( array $params = [] )
- Get information about a single parameter by specifying the parameter name.
- GetParameterHistory ( array $params = [] )
- Retrieves the history of all changes to a parameter.
- GetParameters ( array $params = [] )
- Get information about one or more parameters by specifying multiple parameter names.
- GetParametersByPath ( array $params = [] )
- Retrieve information about one or more parameters in a specific hierarchy.
- GetPatchBaseline ( array $params = [] )
- Retrieves information about a patch baseline.
- GetPatchBaselineForPatchGroup ( array $params = [] )
- Retrieves the patch baseline that should be used for the specified patch group.
- GetResourcePolicies ( array $params = [] )
- Returns an array of the Policy object.
- GetServiceSetting ( array $params = [] )
- ServiceSetting is an account-level setting for an Amazon Web Services service.
- LabelParameterVersion ( array $params = [] )
- A parameter label is a user-defined alias to help you manage different versions of a parameter.
- ListAssociationVersions ( array $params = [] )
- Retrieves all versions of an association for a specific association ID.
- ListAssociations ( array $params = [] )
- Returns all State Manager associations in the current Amazon Web Services account and Amazon Web Services Region.
- ListCommandInvocations ( array $params = [] )
- An invocation is copy of a command sent to a specific managed node.
- ListCommands ( array $params = [] )
- Lists the commands requested by users of the Amazon Web Services account.
- ListComplianceItems ( array $params = [] )
- For a specified resource ID, this API operation returns a list of compliance statuses for different resource types.
- ListComplianceSummaries ( array $params = [] )
- Returns a summary count of compliant and non-compliant resources for a compliance type.
- ListDocumentMetadataHistory ( array $params = [] )
- Information about approval reviews for a version of a change template in Change Manager.
- ListDocumentVersions ( array $params = [] )
- List all versions for a document.
- ListDocuments ( array $params = [] )
- Returns all Systems Manager (SSM) documents in the current Amazon Web Services account and Amazon Web Services Region.
- ListInventoryEntries ( array $params = [] )
- A list of inventory items returned by the request.
- ListOpsItemEvents ( array $params = [] )
- Returns a list of all OpsItem events in the current Amazon Web Services Region and Amazon Web Services account.
- ListOpsItemRelatedItems ( array $params = [] )
- Lists all related-item resources associated with a Systems Manager OpsCenter OpsItem.
- ListOpsMetadata ( array $params = [] )
- Amazon Web Services Systems Manager calls this API operation when displaying all Application Manager OpsMetadata objects or blobs.
- ListResourceComplianceSummaries ( array $params = [] )
- Returns a resource-level summary count.
- ListResourceDataSync ( array $params = [] )
- Lists your resource data sync configurations.
- ListTagsForResource ( array $params = [] )
- Returns a list of the tags assigned to the specified resource.
- ModifyDocumentPermission ( array $params = [] )
- Shares a Amazon Web Services Systems Manager document (SSM document)publicly or privately.
- PutComplianceItems ( array $params = [] )
- Registers a compliance type and other compliance details on a designated resource.
- PutInventory ( array $params = [] )
- Bulk update custom inventory items on one or more managed nodes.
- PutParameter ( array $params = [] )
- Add a parameter to the system.
- PutResourcePolicy ( array $params = [] )
- Creates or updates a Systems Manager resource policy.
- RegisterDefaultPatchBaseline ( array $params = [] )
- Defines the default patch baseline for the relevant operating system.
- RegisterPatchBaselineForPatchGroup ( array $params = [] )
- Registers a patch baseline for a patch group.
- RegisterTargetWithMaintenanceWindow ( array $params = [] )
- Registers a target with a maintenance window.
- RegisterTaskWithMaintenanceWindow ( array $params = [] )
- Adds a new task to a maintenance window.
- RemoveTagsFromResource ( array $params = [] )
- Removes tag keys from the specified resource.
- ResetServiceSetting ( array $params = [] )
- ServiceSetting is an account-level setting for an Amazon Web Services service.
- ResumeSession ( array $params = [] )
- Reconnects a session to a managed node after it has been disconnected.
- SendAutomationSignal ( array $params = [] )
- Sends a signal to an Automation execution to change the current behavior or status of the execution.
- SendCommand ( array $params = [] )
- Runs commands on one or more managed nodes.
- StartAssociationsOnce ( array $params = [] )
- Runs an association immediately and only one time.
- StartAutomationExecution ( array $params = [] )
- Initiates execution of an Automation runbook.
- StartChangeRequestExecution ( array $params = [] )
- Creates a change request for Change Manager.
- StartSession ( array $params = [] )
- Initiates a connection to a target (for example, a managed node) for a Session Manager session.
- StopAutomationExecution ( array $params = [] )
- Stop an Automation that is currently running.
- TerminateSession ( array $params = [] )
- Permanently ends a session and closes the data connection between the Session Manager client and SSM Agent on the managed node.
- UnlabelParameterVersion ( array $params = [] )
- Remove a label or labels from a parameter.
- UpdateAssociation ( array $params = [] )
- Updates an association.
- UpdateAssociationStatus ( array $params = [] )
- Updates the status of the Amazon Web Services Systems Manager document (SSM document) associated with the specified managed node.
- UpdateDocument ( array $params = [] )
- Updates one or more values for an SSM document.
- UpdateDocumentDefaultVersion ( array $params = [] )
- Set the default version of a document.
- UpdateDocumentMetadata ( array $params = [] )
- Updates information related to approval reviews for a specific version of a change template in Change Manager.
- UpdateMaintenanceWindow ( array $params = [] )
- Updates an existing maintenance window.
- UpdateMaintenanceWindowTarget ( array $params = [] )
- Modifies the target of an existing maintenance window.
- UpdateMaintenanceWindowTask ( array $params = [] )
- Modifies a task assigned to a maintenance window.
- UpdateManagedInstanceRole ( array $params = [] )
- Changes the Identity and Access Management (IAM) role that is assigned to the on-premises server, edge device, or virtual machines (VM).
- UpdateOpsItem ( array $params = [] )
- Edit or change an OpsItem.
- UpdateOpsMetadata ( array $params = [] )
- Amazon Web Services Systems Manager calls this API operation when you edit OpsMetadata in Application Manager.
- UpdatePatchBaseline ( array $params = [] )
- Modifies an existing patch baseline.
- UpdateResourceDataSync ( array $params = [] )
- Update a resource data sync.
- UpdateServiceSetting ( array $params = [] )
- ServiceSetting is an account-level setting for an Amazon Web Services service.
Paginators
Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:
- DescribeActivations
- DescribeAssociationExecutionTargets
- DescribeAssociationExecutions
- DescribeAutomationExecutions
- DescribeAutomationStepExecutions
- DescribeAvailablePatches
- DescribeEffectiveInstanceAssociations
- DescribeEffectivePatchesForPatchBaseline
- DescribeInstanceAssociationsStatus
- DescribeInstanceInformation
- DescribeInstancePatchStates
- DescribeInstancePatchStatesForPatchGroup
- DescribeInstancePatches
- DescribeInstanceProperties
- DescribeInventoryDeletions
- DescribeMaintenanceWindowExecutionTaskInvocations
- DescribeMaintenanceWindowExecutionTasks
- DescribeMaintenanceWindowExecutions
- DescribeMaintenanceWindowSchedule
- DescribeMaintenanceWindowTargets
- DescribeMaintenanceWindowTasks
- DescribeMaintenanceWindows
- DescribeMaintenanceWindowsForTarget
- DescribeOpsItems
- DescribeParameters
- DescribePatchBaselines
- DescribePatchGroups
- DescribePatchProperties
- DescribeSessions
- GetInventory
- GetInventorySchema
- GetOpsSummary
- GetParameterHistory
- GetParametersByPath
- GetResourcePolicies
- ListAssociationVersions
- ListAssociations
- ListCommandInvocations
- ListCommands
- ListComplianceItems
- ListComplianceSummaries
- ListDocumentVersions
- ListDocuments
- ListOpsItemEvents
- ListOpsItemRelatedItems
- ListOpsMetadata
- ListResourceComplianceSummaries
- ListResourceDataSync
Waiters
Waiters allow you to poll a resource until it enters into a desired state. A waiter has a name used to describe what it does, and is associated with an API operation. When creating a waiter, you can provide the API operation parameters associated with the corresponding operation. Waiters can be accessed using the getWaiter($waiterName, $operationParameters) method of a client object. This client supports the following waiters:
Waiter name | API Operation | Delay | Max Attempts |
---|---|---|---|
CommandExecuted | GetCommandInvocation | 5 | 20 |
Operations
AddTagsToResource
$result = $client->addTagsToResource
([/* ... */]); $promise = $client->addTagsToResourceAsync
([/* ... */]);
Adds or overwrites one or more tags for the specified resource. Tags are metadata that you can assign to your automations, documents, managed nodes, maintenance windows, Parameter Store parameters, and patch baselines. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. For example, you could define a set of tags for your account's managed nodes that helps you track each node's owner and stack level. For example:
-
Key=Owner,Value=DbAdmin
-
Key=Owner,Value=SysAdmin
-
Key=Owner,Value=Dev
-
Key=Stack,Value=Production
-
Key=Stack,Value=Pre-Production
-
Key=Stack,Value=Test
Most resources can have a maximum of 50 tags. Automations can have a maximum of 5 tags.
We recommend that you devise a set of tag keys that meets your needs for each resource type. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags you add. Tags don't have any semantic meaning to and are interpreted strictly as a string of characters.
For more information about using tags with Amazon Elastic Compute Cloud (Amazon EC2) instances, see Tag your Amazon EC2 resources in the Amazon EC2 User Guide.
Parameter Syntax
$result = $client->addTagsToResource([ 'ResourceId' => '<string>', // REQUIRED 'ResourceType' => 'Document|ManagedInstance|MaintenanceWindow|Parameter|PatchBaseline|OpsItem|OpsMetadata|Automation|Association', // REQUIRED 'Tags' => [ // REQUIRED [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- ResourceId
-
- Required: Yes
- Type: string
The resource ID you want to tag.
Use the ID of the resource. Here are some examples:
MaintenanceWindow
:mw-012345abcde
PatchBaseline
:pb-012345abcde
Automation
:example-c160-4567-8519-012345abcde
OpsMetadata
object:ResourceID
for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically,ResourceID
is created from the strings that come after the wordopsmetadata
in the ARN. For example, an OpsMetadata object with an ARN ofarn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager
has aResourceID
of eitheraws/ssm/MyGroup/appmanager
or/aws/ssm/MyGroup/appmanager
.For the
Document
andParameter
values, use the name of the resource. If you're tagging a shared document, you must use the full ARN of the document.ManagedInstance
:mi-012345abcde
The
ManagedInstance
type for this API operation is only for on-premises managed nodes. You must specify the name of the managed node in the following format:mi-ID_number
. For example,mi-1a2b3c4d5e6f
. - ResourceType
-
- Required: Yes
- Type: string
Specifies the type of resource you are tagging.
The
ManagedInstance
type for this API operation is for on-premises managed nodes. You must specify the name of the managed node in the following format:mi-ID_number
. For example,mi-1a2b3c4d5e6f
. - Tags
-
- Required: Yes
- Type: Array of Tag structures
One or more tags. The value parameter is required.
Don't enter personally identifiable information in this field.
Result Syntax
[]
Result Details
Errors
- InvalidResourceType:
The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- InternalServerError:
An error occurred on the server side.
- TooManyTagsError:
The
Targets
parameter includes too many tags. Remove one or more tags and try the command again.- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
AssociateOpsItemRelatedItem
$result = $client->associateOpsItemRelatedItem
([/* ... */]); $promise = $client->associateOpsItemRelatedItemAsync
([/* ... */]);
Associates a related item to a Systems Manager OpsCenter OpsItem. For example, you can associate an Incident Manager incident or analysis with an OpsItem. Incident Manager and OpsCenter are capabilities of Amazon Web Services Systems Manager.
Parameter Syntax
$result = $client->associateOpsItemRelatedItem([ 'AssociationType' => '<string>', // REQUIRED 'OpsItemId' => '<string>', // REQUIRED 'ResourceType' => '<string>', // REQUIRED 'ResourceUri' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AssociationType
-
- Required: Yes
- Type: string
The type of association that you want to create between an OpsItem and a resource. OpsCenter supports
IsParentOf
andRelatesTo
association types. - OpsItemId
-
- Required: Yes
- Type: string
The ID of the OpsItem to which you want to associate a resource as a related item.
- ResourceType
-
- Required: Yes
- Type: string
The type of resource that you want to associate with an OpsItem. OpsCenter supports the following types:
AWS::SSMIncidents::IncidentRecord
: an Incident Manager incident.AWS::SSM::Document
: a Systems Manager (SSM) document. - ResourceUri
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the Amazon Web Services resource that you want to associate with the OpsItem.
Result Syntax
[ 'AssociationId' => '<string>', ]
Result Details
Members
- AssociationId
-
- Type: string
The association ID.
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemNotFoundException:
The specified OpsItem ID doesn't exist. Verify the ID and try again.
- OpsItemLimitExceededException:
The request caused OpsItems to exceed one or more quotas.
- OpsItemInvalidParameterException:
A specified parameter argument isn't valid. Verify the available arguments and try again.
- OpsItemRelatedItemAlreadyExistsException:
The Amazon Resource Name (ARN) is already associated with the OpsItem.
- OpsItemConflictException:
The specified OpsItem is in the process of being deleted.
CancelCommand
$result = $client->cancelCommand
([/* ... */]); $promise = $client->cancelCommandAsync
([/* ... */]);
Attempts to cancel the command specified by the Command ID. There is no guarantee that the command will be terminated and the underlying process stopped.
Parameter Syntax
$result = $client->cancelCommand([ 'CommandId' => '<string>', // REQUIRED 'InstanceIds' => ['<string>', ...], ]);
Parameter Details
Members
- CommandId
-
- Required: Yes
- Type: string
The ID of the command you want to cancel.
- InstanceIds
-
- Type: Array of strings
(Optional) A list of managed node IDs on which you want to cancel the command. If not provided, the command is canceled on every node on which it was requested.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidCommandId:
The specified command ID isn't valid. Verify the ID and try again.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- DuplicateInstanceId:
You can't specify a managed node ID in more than one association.
CancelMaintenanceWindowExecution
$result = $client->cancelMaintenanceWindowExecution
([/* ... */]); $promise = $client->cancelMaintenanceWindowExecutionAsync
([/* ... */]);
Stops a maintenance window execution that is already in progress and cancels any tasks in the window that haven't already starting running. Tasks already in progress will continue to completion.
Parameter Syntax
$result = $client->cancelMaintenanceWindowExecution([ 'WindowExecutionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- WindowExecutionId
-
- Required: Yes
- Type: string
The ID of the maintenance window execution to stop.
Result Syntax
[ 'WindowExecutionId' => '<string>', ]
Result Details
Members
- WindowExecutionId
-
- Type: string
The ID of the maintenance window execution that has been stopped.
Errors
- InternalServerError:
An error occurred on the server side.
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
CreateActivation
$result = $client->createActivation
([/* ... */]); $promise = $client->createActivationAsync
([/* ... */]);
Generates an activation code and activation ID you can use to register your on-premises servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and ID when installing SSM Agent on machines in your hybrid environment. For more information about requirements for managing on-premises machines using Systems Manager, see Using Amazon Web Services Systems Manager in hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.
Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that are configured for Systems Manager are all called managed nodes.
Parameter Syntax
$result = $client->createActivation([ 'DefaultInstanceName' => '<string>', 'Description' => '<string>', 'ExpirationDate' => <integer || string || DateTime>, 'IamRole' => '<string>', // REQUIRED 'RegistrationLimit' => <integer>, 'RegistrationMetadata' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- DefaultInstanceName
-
- Type: string
The name of the registered, managed node as it will appear in the Amazon Web Services Systems Manager console or when you use the Amazon Web Services command line tools to list Systems Manager resources.
Don't enter personally identifiable information in this field.
- Description
-
- Type: string
A user-defined description of the resource that you want to register with Systems Manager.
Don't enter personally identifiable information in this field.
- ExpirationDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date by which this activation request should expire, in timestamp format, such as "2024-07-07T00:00:00". You can specify a date up to 30 days in advance. If you don't provide an expiration date, the activation code expires in 24 hours.
- IamRole
-
- Required: Yes
- Type: string
The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal
ssm.amazonaws.com
. For more information, see Create the IAM service role required for Systems Manager in a hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.You can't specify an IAM service-linked role for this parameter. You must create a unique role.
- RegistrationLimit
-
- Type: int
Specify the maximum number of managed nodes you want to register. The default value is
1
. - RegistrationMetadata
-
- Type: Array of RegistrationMetadataItem structures
Reserved for internal use.
- Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an activation to identify which servers or virtual machines (VMs) in your on-premises environment you intend to activate. In this case, you could specify the following key-value pairs:
-
Key=OS,Value=Windows
-
Key=Environment,Value=Production
When you install SSM Agent on your on-premises servers and VMs, you specify an activation ID and code. When you specify the activation ID and code, tags assigned to the activation are automatically applied to the on-premises servers or VMs.
You can't add tags to or delete tags from an existing activation. You can tag your on-premises servers, edge devices, and VMs after they connect to Systems Manager for the first time and are assigned a managed node ID. This means they are listed in the Amazon Web Services Systems Manager console with an ID that is prefixed with "mi-". For information about how to add tags to your managed nodes, see AddTagsToResource. For information about how to remove tags from your managed nodes, see RemoveTagsFromResource.
Result Syntax
[ 'ActivationCode' => '<string>', 'ActivationId' => '<string>', ]
Result Details
Members
- ActivationCode
-
- Type: string
The code the system generates when it processes the activation. The activation code functions like a password to validate the activation ID.
- ActivationId
-
- Type: string
The ID number generated by the system when it processed the activation. The activation ID functions like a user name.
Errors
- InvalidParameters:
You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.
- InternalServerError:
An error occurred on the server side.
CreateAssociation
$result = $client->createAssociation
([/* ... */]); $promise = $client->createAssociationAsync
([/* ... */]);
A State Manager association defines the state that you want to maintain on your managed nodes. For example, an association can specify that anti-virus software must be installed and running on your managed nodes, or that certain ports must be closed. For static targets, the association specifies a schedule for when the configuration is reapplied. For dynamic targets, such as an Amazon Web Services resource group or an Amazon Web Services autoscaling group, State Manager, a capability of Amazon Web Services Systems Manager applies the configuration when new managed nodes are added to the group. The association also specifies actions to take when applying the configuration. For example, an association for anti-virus software might run once a day. If the software isn't installed, then State Manager installs it. If the software is installed, but the service isn't running, then the association might instruct State Manager to start the service.
Parameter Syntax
$result = $client->createAssociation([ 'AlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationName' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', // REQUIRED 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'SyncCompliance' => 'AUTO|MANUAL', 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ]);
Parameter Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm you want to apply to an automation or command.
- ApplyOnlyAtCronInterval
-
- Type: boolean
By default, when you create a new association, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
- AssociationName
-
- Type: string
Specify a descriptive name for the association.
- AutomationTargetParameterName
-
- Type: string
Choose the parameter that will define how your automation will branch out. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
- CalendarNames
-
- Type: Array of strings
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents you want to gate your associations under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
- ComplianceSeverity
-
- Type: string
The severity level to assign to the association.
- DocumentVersion
-
- Type: string
The document version you want to associate with the targets. Can be a specific version or the default version.
State Manager doesn't support running associations that use a new version of a document if that document is shared from another account. State Manager always runs the
default
version of a document if shared from another account, even though the Systems Manager console shows that a new version was processed. If you want to run an association using a new version of a document shared form another account, you must set the document version todefault
. - Duration
-
- Type: int
The number of hours the association can run before it is canceled. Duration applies to associations that are currently running, and any pending and in progress commands on all targets. If a target was taken offline for the association to run, it is made available again immediately, without a reboot.
The
Duration
parameter applies only when both these conditions are true:-
The association for which you specify a duration is cancelable according to the parameters of the SSM command document or Automation runbook associated with this execution.
-
The command specifies the
ApplyOnlyAtCronInterval
parameter, which means that the association doesn't run immediately after it is created, but only according to the specified schedule.
- InstanceId
-
- Type: string
The managed node ID.
InstanceId
has been deprecated. To specify a managed node ID for an association, use theTargets
parameter. Requests that include the parameterInstanceID
with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameterInstanceId
, you can't use the parametersAssociationName
,DocumentVersion
,MaxErrors
,MaxConcurrency
,OutputLocation
, orScheduleExpression
. To use these parameters, you must use theTargets
parameter. - MaxConcurrency
-
- Type: string
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new managed node starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified forMaxConcurrency
. - MaxErrors
-
- Type: string
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time. - Name
-
- Required: Yes
- Type: string
The name of the SSM Command document or Automation runbook that contains the configuration information for the managed node.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another Amazon Web Services account.
For Systems Manager documents (SSM documents) that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:
arn:partition:ssm:region:account-id:document/document-name
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example,
AWS-ApplyPatchBaseline
orMy-Document
. - OutputLocation
-
- Type: InstanceAssociationOutputLocation structure
An Amazon Simple Storage Service (Amazon S3) bucket where you want to store the output details of the request.
- Parameters
-
- Type: Associative array of custom strings keys (ParameterName) to stringss
The parameters for the runtime configuration of the document.
- ScheduleExpression
-
- Type: string
A cron expression when the association will be applied to the targets.
- ScheduleOffset
-
- Type: int
Number of days to wait after the scheduled day to run an association. For example, if you specified a cron schedule of
cron(0 0 ? * THU#2 *)
, you could specify an offset of 3 to run the association each Sunday after the second Thursday of the month. For more information about cron schedules for associations, see Reference: Cron and rate expressions for Systems Manager in the Amazon Web Services Systems Manager User Guide.To use offsets, you must specify the
ApplyOnlyAtCronInterval
parameter. This option tells the system not to run an association immediately after you create it. - SyncCompliance
-
- Type: string
The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
AUTO
mode. - Tags
-
- Type: Array of Tag structures
Adds or overwrites one or more tags for a State Manager association. Tags are metadata that you can assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define.
- TargetLocations
-
- Type: Array of TargetLocation structures
A location is a combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association. Use this action to create an association in multiple Regions and multiple accounts.
- TargetMaps
-
- Type: Array of maps
A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.
- Targets
-
- Type: Array of Target structures
The targets for the association. You can target managed nodes by using tags, Amazon Web Services resource groups, all managed nodes in an Amazon Web Services account, or individual managed node IDs. You can target all managed nodes in an Amazon Web Services account by specifying the
InstanceIds
key with a value of*
. For more information about choosing targets for an association, see Understanding targets and rate controls in State Manager associations in the Amazon Web Services Systems Manager User Guide.
Result Syntax
[ 'AssociationDescription' => [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationId' => '<string>', 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'Date' => <DateTime>, 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'LastExecutionDate' => <DateTime>, 'LastSuccessfulExecutionDate' => <DateTime>, 'LastUpdateAssociationDate' => <DateTime>, 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Overview' => [ 'AssociationStatusAggregatedCount' => [<integer>, ...], 'DetailedStatus' => '<string>', 'Status' => '<string>', ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'Status' => [ 'AdditionalInfo' => '<string>', 'Date' => <DateTime>, 'Message' => '<string>', 'Name' => 'Pending|Success|Failed', ], 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], ]
Result Details
Members
- AssociationDescription
-
- Type: AssociationDescription structure
Information about the association.
Errors
- AssociationAlreadyExists:
The specified association already exists.
- AssociationLimitExceeded:
You can have at most 2,000 active associations.
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- UnsupportedPlatformType:
The document doesn't support the platform type of the given managed node IDs. For example, you sent an document for a Windows managed node to a Linux node.
- InvalidOutputLocation:
The output location isn't valid or doesn't exist.
- InvalidParameters:
You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.
- InvalidTarget:
The target isn't valid or doesn't exist. It might not be configured for Systems Manager or you might not have permission to perform the operation.
- InvalidSchedule:
The schedule is invalid. Verify your cron or rate expression and try again.
- InvalidTargetMaps:
TargetMap parameter isn't valid.
- InvalidTag:
The specified tag key or value isn't valid.
CreateAssociationBatch
$result = $client->createAssociationBatch
([/* ... */]); $promise = $client->createAssociationBatchAsync
([/* ... */]);
Associates the specified Amazon Web Services Systems Manager document (SSM document) with the specified managed nodes or targets.
When you associate a document with one or more managed nodes using IDs or tags, Amazon Web Services Systems Manager Agent (SSM Agent) running on the managed node processes the document and configures the node as specified.
If you associate a document with a managed node that already has an associated document, the system returns the AssociationAlreadyExists exception.
Parameter Syntax
$result = $client->createAssociationBatch([ 'Entries' => [ // REQUIRED [ 'AlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationName' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', // REQUIRED 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ], // ... ], ]);
Parameter Details
Members
- Entries
-
- Required: Yes
- Type: Array of CreateAssociationBatchRequestEntry structures
One or more associations.
Result Syntax
[ 'Failed' => [ [ 'Entry' => [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationName' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ], 'Fault' => 'Client|Server|Unknown', 'Message' => '<string>', ], // ... ], 'Successful' => [ [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationId' => '<string>', 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'Date' => <DateTime>, 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'LastExecutionDate' => <DateTime>, 'LastSuccessfulExecutionDate' => <DateTime>, 'LastUpdateAssociationDate' => <DateTime>, 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Overview' => [ 'AssociationStatusAggregatedCount' => [<integer>, ...], 'DetailedStatus' => '<string>', 'Status' => '<string>', ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'Status' => [ 'AdditionalInfo' => '<string>', 'Date' => <DateTime>, 'Message' => '<string>', 'Name' => 'Pending|Success|Failed', ], 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], // ... ], ]
Result Details
Members
- Failed
-
- Type: Array of FailedCreateAssociation structures
Information about the associations that failed.
- Successful
-
- Type: Array of AssociationDescription structures
Information about the associations that succeeded.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidParameters:
You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.
- DuplicateInstanceId:
You can't specify a managed node ID in more than one association.
- AssociationLimitExceeded:
You can have at most 2,000 active associations.
- UnsupportedPlatformType:
The document doesn't support the platform type of the given managed node IDs. For example, you sent an document for a Windows managed node to a Linux node.
- InvalidOutputLocation:
The output location isn't valid or doesn't exist.
- InvalidTarget:
The target isn't valid or doesn't exist. It might not be configured for Systems Manager or you might not have permission to perform the operation.
- InvalidSchedule:
The schedule is invalid. Verify your cron or rate expression and try again.
- InvalidTargetMaps:
TargetMap parameter isn't valid.
CreateDocument
$result = $client->createDocument
([/* ... */]); $promise = $client->createDocumentAsync
([/* ... */]);
Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs on your managed nodes. For more information about SSM documents, including information about supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the Amazon Web Services Systems Manager User Guide.
Parameter Syntax
$result = $client->createDocument([ 'Attachments' => [ [ 'Key' => 'SourceUrl|S3FileUrl|AttachmentReference', 'Name' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'Content' => '<string>', // REQUIRED 'DisplayName' => '<string>', 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup', 'Name' => '<string>', // REQUIRED 'Requires' => [ [ 'Name' => '<string>', // REQUIRED 'RequireType' => '<string>', 'Version' => '<string>', 'VersionName' => '<string>', ], // ... ], 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'TargetType' => '<string>', 'VersionName' => '<string>', ]);
Parameter Details
Members
- Attachments
-
- Type: Array of AttachmentsSource structures
A list of key-value pairs that describe attachments to a version of a document.
- Content
-
- Required: Yes
- Type: string
The content for the new SSM document in JSON or YAML format. The content of the document must not exceed 64KB. This quota also includes the content specified for input parameters at runtime. We recommend storing the contents for your new document in an external JSON or YAML file and referencing the file in a command.
For examples, see the following topics in the Amazon Web Services Systems Manager User Guide.
- DisplayName
-
- Type: string
An optional field where you can specify a friendly name for the SSM document. This value can differ for each version of the document. You can update this value at a later time using the UpdateDocument operation.
- DocumentFormat
-
- Type: string
Specify the document format for the request. The document format can be JSON, YAML, or TEXT. JSON is the default format.
- DocumentType
-
- Type: string
The type of document to create.
The
DeploymentStrategy
document type is an internal-use-only document type reserved for AppConfig. - Name
-
- Required: Yes
- Type: string
A name for the SSM document.
You can't use the following strings as document name prefixes. These are reserved by Amazon Web Services for use as document name prefixes:
-
aws
-
amazon
-
amzn
-
AWSEC2
-
AWSConfigRemediation
-
AWSSupport
- Requires
-
- Type: Array of DocumentRequires structures
A list of SSM documents required by a document. This parameter is used exclusively by AppConfig. When a user creates an AppConfig configuration in an SSM document, the user must also specify a required document for validation purposes. In this case, an
ApplicationConfiguration
document requires anApplicationConfigurationSchema
document for validation purposes. For more information, see What is AppConfig? in the AppConfig User Guide. - Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an SSM document to identify the types of targets or the environment where it will run. In this case, you could specify the following key-value pairs:
-
Key=OS,Value=Windows
-
Key=Environment,Value=Production
To add tags to an existing SSM document, use the AddTagsToResource operation.
- TargetType
-
- Type: string
Specify a target type to define the kinds of resources the document can run on. For example, to run a document on EC2 instances, specify the following value:
/AWS::EC2::Instance
. If you specify a value of '/' the document can run on all types of resources. If you don't specify a value, the document can't run on any resources. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide. - VersionName
-
- Type: string
An optional field specifying the version of the artifact you are creating with the document. For example,
Release12.1
. This value is unique across all versions of a document, and can't be changed.
Result Syntax
[ 'DocumentDescription' => [ 'ApprovedVersion' => '<string>', 'AttachmentsInformation' => [ [ 'Name' => '<string>', ], // ... ], 'Author' => '<string>', 'Category' => ['<string>', ...], 'CategoryEnum' => ['<string>', ...], 'CreatedDate' => <DateTime>, 'DefaultVersion' => '<string>', 'Description' => '<string>', 'DisplayName' => '<string>', 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup', 'DocumentVersion' => '<string>', 'Hash' => '<string>', 'HashType' => 'Sha256|Sha1', 'LatestVersion' => '<string>', 'Name' => '<string>', 'Owner' => '<string>', 'Parameters' => [ [ 'DefaultValue' => '<string>', 'Description' => '<string>', 'Name' => '<string>', 'Type' => 'String|StringList', ], // ... ], 'PendingReviewVersion' => '<string>', 'PlatformTypes' => ['<string>', ...], 'Requires' => [ [ 'Name' => '<string>', 'RequireType' => '<string>', 'Version' => '<string>', 'VersionName' => '<string>', ], // ... ], 'ReviewInformation' => [ [ 'ReviewedTime' => <DateTime>, 'Reviewer' => '<string>', 'Status' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', ], // ... ], 'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', 'SchemaVersion' => '<string>', 'Sha1' => '<string>', 'Status' => 'Creating|Active|Updating|Deleting|Failed', 'StatusInformation' => '<string>', 'Tags' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], 'TargetType' => '<string>', 'VersionName' => '<string>', ], ]
Result Details
Members
- DocumentDescription
-
- Type: DocumentDescription structure
Information about the SSM document.
Errors
- DocumentAlreadyExists:
The specified document already exists.
- MaxDocumentSizeExceeded:
The size limit of a document is 64 KB.
- InternalServerError:
An error occurred on the server side.
- InvalidDocumentContent:
The content for the document isn't valid.
- DocumentLimitExceeded:
You can have at most 500 active SSM documents.
- InvalidDocumentSchemaVersion:
The version of the document schema isn't supported.
CreateMaintenanceWindow
$result = $client->createMaintenanceWindow
([/* ... */]); $promise = $client->createMaintenanceWindowAsync
([/* ... */]);
Creates a new maintenance window.
The value you specify for Duration
determines the specific end time for the maintenance window based on the time it begins. No maintenance window tasks are permitted to start after the resulting endtime minus the number of hours you specify for Cutoff
. For example, if the maintenance window starts at 3 PM, the duration is three hours, and the value you specify for Cutoff
is one hour, no maintenance window tasks can start after 5 PM.
Parameter Syntax
$result = $client->createMaintenanceWindow([ 'AllowUnassociatedTargets' => true || false, // REQUIRED 'ClientToken' => '<string>', 'Cutoff' => <integer>, // REQUIRED 'Description' => '<string>', 'Duration' => <integer>, // REQUIRED 'EndDate' => '<string>', 'Name' => '<string>', // REQUIRED 'Schedule' => '<string>', // REQUIRED 'ScheduleOffset' => <integer>, 'ScheduleTimezone' => '<string>', 'StartDate' => '<string>', 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- AllowUnassociatedTargets
-
- Required: Yes
- Type: boolean
Enables a maintenance window task to run on managed nodes, even if you haven't registered those nodes as targets. If enabled, then you must specify the unregistered managed nodes (by node ID) when you register a task with the maintenance window.
If you don't enable this option, then you must specify previously-registered targets when you register a task with the maintenance window.
- ClientToken
-
- Type: string
User-provided idempotency token.
- Cutoff
-
- Required: Yes
- Type: int
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
- Description
-
- Type: string
An optional description for the maintenance window. We recommend specifying a description to help you organize your maintenance windows.
- Duration
-
- Required: Yes
- Type: int
The duration of the maintenance window in hours.
- EndDate
-
- Type: string
The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become inactive.
EndDate
allows you to set a date and time in the future when the maintenance window will no longer run. - Name
-
- Required: Yes
- Type: string
The name of the maintenance window.
- Schedule
-
- Required: Yes
- Type: string
The schedule of the maintenance window in the form of a cron or rate expression.
- ScheduleOffset
-
- Type: int
The number of days to wait after the date and time specified by a cron expression before running the maintenance window.
For example, the following cron expression schedules a maintenance window to run on the third Tuesday of every month at 11:30 PM.
cron(30 23 ? * TUE#3 *)
If the schedule offset is
2
, the maintenance window won't run until two days later. - ScheduleTimezone
-
- Type: string
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
- StartDate
-
- Type: string
The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become active.
StartDate
allows you to delay activation of the maintenance window until the specified future date.When using a rate schedule, if you provide a start date that occurs in the past, the current date and time are used as the start date.
- Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a maintenance window to identify the type of tasks it will run, the types of targets, and the environment it will run in. In this case, you could specify the following key-value pairs:
-
Key=TaskType,Value=AgentUpdate
-
Key=OS,Value=Windows
-
Key=Environment,Value=Production
To add tags to an existing maintenance window, use the AddTagsToResource operation.
Result Syntax
[ 'WindowId' => '<string>', ]
Result Details
Members
- WindowId
-
- Type: string
The ID of the created maintenance window.
Errors
- IdempotentParameterMismatch:
Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.
- ResourceLimitExceededException:
Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.
For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
CreateOpsItem
$result = $client->createOpsItem
([/* ... */]); $promise = $client->createOpsItemAsync
([/* ... */]);
Creates a new OpsItem. You must have permission in Identity and Access Management (IAM) to create a new OpsItem. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.
Parameter Syntax
$result = $client->createOpsItem([ 'AccountId' => '<string>', 'ActualEndTime' => <integer || string || DateTime>, 'ActualStartTime' => <integer || string || DateTime>, 'Category' => '<string>', 'Description' => '<string>', // REQUIRED 'Notifications' => [ [ 'Arn' => '<string>', ], // ... ], 'OperationalData' => [ '<OpsItemDataKey>' => [ 'Type' => 'SearchableString|String', 'Value' => '<string>', ], // ... ], 'OpsItemType' => '<string>', 'PlannedEndTime' => <integer || string || DateTime>, 'PlannedStartTime' => <integer || string || DateTime>, 'Priority' => <integer>, 'RelatedOpsItems' => [ [ 'OpsItemId' => '<string>', // REQUIRED ], // ... ], 'Severity' => '<string>', 'Source' => '<string>', // REQUIRED 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'Title' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AccountId
-
- Type: string
The target Amazon Web Services account where you want to create an OpsItem. To make this call, your account must be configured to work with OpsItems across accounts. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.
- ActualEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time a runbook workflow ended. Currently reported only for the OpsItem type
/aws/changerequest
. - ActualStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time a runbook workflow started. Currently reported only for the OpsItem type
/aws/changerequest
. - Category
-
- Type: string
Specify a category to assign to an OpsItem.
- Description
-
- Required: Yes
- Type: string
User-defined text that contains information about the OpsItem, in Markdown format.
Provide enough information so that users viewing this OpsItem for the first time understand the issue.
- Notifications
-
- Type: Array of OpsItemNotification structures
The Amazon Resource Name (ARN) of an SNS topic where notifications are sent when this OpsItem is edited or changed.
- OperationalData
-
- Type: Associative array of custom strings keys (OpsItemDataKey) to OpsItemDataValue structures
Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.
Operational data keys can't begin with the following:
amazon
,aws
,amzn
,ssm
,/amazon
,/aws
,/amzn
,/ssm
.You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).
Use the
/aws/resources
key in OperationalData to specify a related resource in the request. Use the/aws/automations
key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Create OpsItems manually in the Amazon Web Services Systems Manager User Guide. - OpsItemType
-
- Type: string
The type of OpsItem to create. Systems Manager supports the following types of OpsItems:
-
/aws/issue
This type of OpsItem is used for default OpsItems created by OpsCenter.
-
/aws/changerequest
This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.
-
/aws/insight
This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.
- PlannedEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type
/aws/changerequest
. - PlannedStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type
/aws/changerequest
. - Priority
-
- Type: int
The importance of this OpsItem in relation to other OpsItems in the system.
- RelatedOpsItems
-
- Type: Array of RelatedOpsItem structures
One or more OpsItems that share something in common with the current OpsItems. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
- Severity
-
- Type: string
Specify a severity to assign to an OpsItem.
- Source
-
- Required: Yes
- Type: string
The origin of the OpsItem, such as Amazon EC2 or Systems Manager.
The source name can't contain the following strings:
aws
,amazon
, andamzn
. - Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource.
Tags use a key-value pair. For example:
Key=Department,Value=Finance
To add tags to a new OpsItem, a user must have IAM permissions for both the
ssm:CreateOpsItems
operation and thessm:AddTagsToResource
operation. To add tags to an existing OpsItem, use the AddTagsToResource operation. - Title
-
- Required: Yes
- Type: string
A short heading that describes the nature of the OpsItem and the impacted resource.
Result Syntax
[ 'OpsItemArn' => '<string>', 'OpsItemId' => '<string>', ]
Result Details
Members
- OpsItemArn
-
- Type: string
The OpsItem Amazon Resource Name (ARN).
- OpsItemId
-
- Type: string
The ID of the OpsItem.
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemAlreadyExistsException:
The OpsItem already exists.
- OpsItemLimitExceededException:
The request caused OpsItems to exceed one or more quotas.
- OpsItemInvalidParameterException:
A specified parameter argument isn't valid. Verify the available arguments and try again.
- OpsItemAccessDeniedException:
You don't have permission to view OpsItems in the specified account. Verify that your account is configured either as a Systems Manager delegated administrator or that you are logged into the Organizations management account.
CreateOpsMetadata
$result = $client->createOpsMetadata
([/* ... */]); $promise = $client->createOpsMetadataAsync
([/* ... */]);
If you create a new application in Application Manager, Amazon Web Services Systems Manager calls this API operation to specify information about the new application, including the application type.
Parameter Syntax
$result = $client->createOpsMetadata([ 'Metadata' => [ '<MetadataKey>' => [ 'Value' => '<string>', ], // ... ], 'ResourceId' => '<string>', // REQUIRED 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- Metadata
-
- Type: Associative array of custom strings keys (MetadataKey) to MetadataValue structures
Metadata for a new Application Manager application.
- ResourceId
-
- Required: Yes
- Type: string
A resource ID for a new Application Manager application.
- Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. You can specify a maximum of five tags for an OpsMetadata object. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an OpsMetadata object to identify an environment or target Amazon Web Services Region. In this case, you could specify the following key-value pairs:
-
Key=Environment,Value=Production
-
Key=Region,Value=us-east-2
Result Syntax
[ 'OpsMetadataArn' => '<string>', ]
Result Details
Members
- OpsMetadataArn
-
- Type: string
The Amazon Resource Name (ARN) of the OpsMetadata Object or blob created by the call.
Errors
- OpsMetadataAlreadyExistsException:
An OpsMetadata object already exists for the selected resource.
- OpsMetadataTooManyUpdatesException:
The system is processing too many concurrent updates. Wait a few moments and try again.
- OpsMetadataInvalidArgumentException:
One of the arguments passed is invalid.
- OpsMetadataLimitExceededException:
Your account reached the maximum number of OpsMetadata objects allowed by Application Manager. The maximum is 200 OpsMetadata objects. Delete one or more OpsMetadata object and try again.
- InternalServerError:
An error occurred on the server side.
CreatePatchBaseline
$result = $client->createPatchBaseline
([/* ... */]); $promise = $client->createPatchBaselineAsync
([/* ... */]);
Creates a patch baseline.
For information about valid key-value pairs in PatchFilters
for each supported operating system type, see PatchFilter.
Parameter Syntax
$result = $client->createPatchBaseline([ 'ApprovalRules' => [ 'PatchRules' => [ // REQUIRED [ 'ApproveAfterDays' => <integer>, 'ApproveUntilDate' => '<string>', 'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'EnableNonSecurity' => true || false, 'PatchFilterGroup' => [ // REQUIRED 'PatchFilters' => [ // REQUIRED [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], ], ], // ... ], ], 'ApprovedPatches' => ['<string>', ...], 'ApprovedPatchesComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'ApprovedPatchesEnableNonSecurity' => true || false, 'ClientToken' => '<string>', 'Description' => '<string>', 'GlobalFilters' => [ 'PatchFilters' => [ // REQUIRED [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], ], 'Name' => '<string>', // REQUIRED 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', 'RejectedPatches' => ['<string>', ...], 'RejectedPatchesAction' => 'ALLOW_AS_DEPENDENCY|BLOCK', 'Sources' => [ [ 'Configuration' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED 'Products' => ['<string>', ...], // REQUIRED ], // ... ], 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- ApprovalRules
-
- Type: PatchRuleGroup structure
A set of rules used to include patches in the baseline.
- ApprovedPatches
-
- Type: Array of strings
A list of explicitly approved patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
- ApprovedPatchesComplianceLevel
-
- Type: string
Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is
UNSPECIFIED
. - ApprovedPatchesEnableNonSecurity
-
- Type: boolean
Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is
false
. Applies to Linux managed nodes only. - ClientToken
-
- Type: string
User-provided idempotency token.
- Description
-
- Type: string
A description of the patch baseline.
- GlobalFilters
-
- Type: PatchFilterGroup structure
A set of global filters used to include patches in the baseline.
- Name
-
- Required: Yes
- Type: string
The name of the patch baseline.
- OperatingSystem
-
- Type: string
Defines the operating system the patch baseline applies to. The default value is
WINDOWS
. - RejectedPatches
-
- Type: Array of strings
A list of explicitly rejected patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
- RejectedPatchesAction
-
- Type: string
The action for Patch Manager to take on patches included in the
RejectedPackages
list.- ALLOW_AS_DEPENDENCY
-
Linux and macOS: A package in the rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as
INSTALLED_OTHER
. This is the default action if no option is specified.Windows Server: Windows Server doesn't support the concept of package dependencies. If a package in the rejected patches list and already installed on the node, its status is reported as
INSTALLED_OTHER
. Any package not already installed on the node is skipped. This is the default action if no option is specified. - BLOCK
-
All OSs: Packages in the rejected patches list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances. If a package was installed before it was added to the rejected patches list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as
INSTALLED_REJECTED
.
- Sources
-
- Type: Array of PatchSource structures
Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.
- Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to. In this case, you could specify the following key-value pairs:
-
Key=PatchSeverity,Value=Critical
-
Key=OS,Value=Windows
To add tags to an existing patch baseline, use the AddTagsToResource operation.
Result Syntax
[ 'BaselineId' => '<string>', ]
Result Details
Members
- BaselineId
-
- Type: string
The ID of the created patch baseline.
Errors
- IdempotentParameterMismatch:
Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.
- ResourceLimitExceededException:
Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.
For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
CreateResourceDataSync
$result = $client->createResourceDataSync
([/* ... */]); $promise = $client->createResourceDataSyncAsync
([/* ... */]);
A resource data sync helps you view data from multiple sources in a single location. Amazon Web Services Systems Manager offers two types of resource data sync: SyncToDestination
and SyncFromSource
.
You can configure Systems Manager Inventory to use the SyncToDestination
type to synchronize Inventory data from multiple Amazon Web Services Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Creatinga a resource data sync for Inventory in the Amazon Web Services Systems Manager User Guide.
You can configure Systems Manager Explorer to use the SyncFromSource
type to synchronize operational work items (OpsItems) and operational data (OpsData) from multiple Amazon Web Services Regions to a single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple Amazon Web Services accounts and Amazon Web Services Regions or EntireOrganization
by using Organizations. For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the Amazon Web Services Systems Manager User Guide.
A resource data sync is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data. To check the status of a sync, use the ListResourceDataSync.
By default, data isn't encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy.
Parameter Syntax
$result = $client->createResourceDataSync([ 'S3Destination' => [ 'AWSKMSKeyARN' => '<string>', 'BucketName' => '<string>', // REQUIRED 'DestinationDataSharing' => [ 'DestinationDataSharingType' => '<string>', ], 'Prefix' => '<string>', 'Region' => '<string>', // REQUIRED 'SyncFormat' => 'JsonSerDe', // REQUIRED ], 'SyncName' => '<string>', // REQUIRED 'SyncSource' => [ 'AwsOrganizationsSource' => [ 'OrganizationSourceType' => '<string>', // REQUIRED 'OrganizationalUnits' => [ [ 'OrganizationalUnitId' => '<string>', ], // ... ], ], 'EnableAllOpsDataSources' => true || false, 'IncludeFutureRegions' => true || false, 'SourceRegions' => ['<string>', ...], // REQUIRED 'SourceType' => '<string>', // REQUIRED ], 'SyncType' => '<string>', ]);
Parameter Details
Members
- S3Destination
-
- Type: ResourceDataSyncS3Destination structure
Amazon S3 configuration details for the sync. This parameter is required if the
SyncType
value is SyncToDestination. - SyncName
-
- Required: Yes
- Type: string
A name for the configuration.
- SyncSource
-
- Type: ResourceDataSyncSource structure
Specify information about the data sources to synchronize. This parameter is required if the
SyncType
value is SyncFromSource. - SyncType
-
- Type: string
Specify
SyncToDestination
to create a resource data sync that synchronizes data to an S3 bucket for Inventory. If you specifySyncToDestination
, you must provide a value forS3Destination
. SpecifySyncFromSource
to synchronize data from a single account and multiple Regions, or multiple Amazon Web Services accounts and Amazon Web Services Regions, as listed in Organizations for Explorer. If you specifySyncFromSource
, you must provide a value forSyncSource
. The default value isSyncToDestination
.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- ResourceDataSyncCountExceededException:
You have exceeded the allowed maximum sync configurations.
- ResourceDataSyncAlreadyExistsException:
A sync configuration with the same name already exists.
- ResourceDataSyncInvalidConfigurationException:
The specified sync configuration is invalid.
DeleteActivation
$result = $client->deleteActivation
([/* ... */]); $promise = $client->deleteActivationAsync
([/* ... */]);
Deletes an activation. You aren't required to delete an activation. If you delete an activation, you can no longer use it to register additional managed nodes. Deleting an activation doesn't de-register managed nodes. You must manually de-register managed nodes.
Parameter Syntax
$result = $client->deleteActivation([ 'ActivationId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ActivationId
-
- Required: Yes
- Type: string
The ID of the activation that you want to delete.
Result Syntax
[]
Result Details
Errors
- InvalidActivationId:
The activation ID isn't valid. Verify the you entered the correct ActivationId or ActivationCode and try again.
- InvalidActivation:
The activation isn't valid. The activation might have been deleted, or the ActivationId and the ActivationCode don't match.
- InternalServerError:
An error occurred on the server side.
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
DeleteAssociation
$result = $client->deleteAssociation
([/* ... */]); $promise = $client->deleteAssociationAsync
([/* ... */]);
Disassociates the specified Amazon Web Services Systems Manager document (SSM document) from the specified managed node. If you created the association by using the Targets
parameter, then you must delete the association by using the association ID.
When you disassociate a document from a managed node, it doesn't change the configuration of the node. To change the configuration state of a managed node after you disassociate a document, you must create a new document with the desired configuration and associate it with the node.
Parameter Syntax
$result = $client->deleteAssociation([ 'AssociationId' => '<string>', 'InstanceId' => '<string>', 'Name' => '<string>', ]);
Parameter Details
Members
- AssociationId
-
- Type: string
The association ID that you want to delete.
- InstanceId
-
- Type: string
The managed node ID.
InstanceId
has been deprecated. To specify a managed node ID for an association, use theTargets
parameter. Requests that include the parameterInstanceID
with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameterInstanceId
, you can't use the parametersAssociationName
,DocumentVersion
,MaxErrors
,MaxConcurrency
,OutputLocation
, orScheduleExpression
. To use these parameters, you must use theTargets
parameter. - Name
-
- Type: string
The name of the SSM document.
Result Syntax
[]
Result Details
Errors
- AssociationDoesNotExist:
The specified association doesn't exist.
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
DeleteDocument
$result = $client->deleteDocument
([/* ... */]); $promise = $client->deleteDocumentAsync
([/* ... */]);
Deletes the Amazon Web Services Systems Manager document (SSM document) and all managed node associations to the document.
Before you delete the document, we recommend that you use DeleteAssociation to disassociate all managed nodes that are associated with the document.
Parameter Syntax
$result = $client->deleteDocument([ 'DocumentVersion' => '<string>', 'Force' => true || false, 'Name' => '<string>', // REQUIRED 'VersionName' => '<string>', ]);
Parameter Details
Members
- DocumentVersion
-
- Type: string
The version of the document that you want to delete. If not provided, all versions of the document are deleted.
- Force
-
- Type: boolean
Some SSM document types require that you specify a
Force
flag before you can delete the document. For example, you must specify aForce
flag to delete a document of typeApplicationConfigurationSchema
. You can restrict access to theForce
flag in an Identity and Access Management (IAM) policy. - Name
-
- Required: Yes
- Type: string
The name of the document.
- VersionName
-
- Type: string
The version name of the document that you want to delete. If not provided, all versions of the document are deleted.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentOperation:
You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.
- AssociatedInstances:
You must disassociate a document from all managed nodes before you can delete it.
DeleteInventory
$result = $client->deleteInventory
([/* ... */]); $promise = $client->deleteInventoryAsync
([/* ... */]);
Delete a custom inventory type or the data associated with a custom Inventory type. Deleting a custom inventory type is also referred to as deleting a custom inventory schema.
Parameter Syntax
$result = $client->deleteInventory([ 'ClientToken' => '<string>', 'DryRun' => true || false, 'SchemaDeleteOption' => 'DisableSchema|DeleteSchema', 'TypeName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ClientToken
-
- Type: string
User-provided idempotency token.
- DryRun
-
- Type: boolean
Use this option to view a summary of the deletion request without deleting any data or the data type. This option is useful when you only want to understand what will be deleted. Once you validate that the data to be deleted is what you intend to delete, you can run the same command without specifying the
DryRun
option. - SchemaDeleteOption
-
- Type: string
Use the
SchemaDeleteOption
to delete a custom inventory type (schema). If you don't choose this option, the system only deletes existing inventory data associated with the custom inventory type. Choose one of the following options:DisableSchema: If you choose this option, the system ignores all inventory data for the specified version, and any earlier versions. To enable this schema again, you must call the
PutInventory
operation for a version greater than the disabled version.DeleteSchema: This option deletes the specified custom type from the Inventory service. You can recreate the schema later, if you want.
- TypeName
-
- Required: Yes
- Type: string
The name of the custom inventory type for which you want to delete either all previously collected data or the inventory type itself.
Result Syntax
[ 'DeletionId' => '<string>', 'DeletionSummary' => [ 'RemainingCount' => <integer>, 'SummaryItems' => [ [ 'Count' => <integer>, 'RemainingCount' => <integer>, 'Version' => '<string>', ], // ... ], 'TotalCount' => <integer>, ], 'TypeName' => '<string>', ]
Result Details
Members
- DeletionId
-
- Type: string
Every
DeleteInventory
operation is assigned a unique ID. This option returns a unique ID. You can use this ID to query the status of a delete operation. This option is useful for ensuring that a delete operation has completed before you begin other operations. - DeletionSummary
-
- Type: InventoryDeletionSummary structure
A summary of the delete operation. For more information about this summary, see Deleting custom inventory in the Amazon Web Services Systems Manager User Guide.
- TypeName
-
- Type: string
The name of the inventory data type specified in the request.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidTypeNameException:
The parameter type name isn't valid.
- InvalidOptionException:
The delete inventory option specified isn't valid. Verify the option and try again.
- InvalidDeleteInventoryParametersException:
One or more of the parameters specified for the delete operation isn't valid. Verify all parameters and try again.
- InvalidInventoryRequestException:
The request isn't valid.
DeleteMaintenanceWindow
$result = $client->deleteMaintenanceWindow
([/* ... */]); $promise = $client->deleteMaintenanceWindowAsync
([/* ... */]);
Deletes a maintenance window.
Parameter Syntax
$result = $client->deleteMaintenanceWindow([ 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window to delete.
Result Syntax
[ 'WindowId' => '<string>', ]
Result Details
Members
- WindowId
-
- Type: string
The ID of the deleted maintenance window.
Errors
- InternalServerError:
An error occurred on the server side.
DeleteOpsItem
$result = $client->deleteOpsItem
([/* ... */]); $promise = $client->deleteOpsItemAsync
([/* ... */]);
Delete an OpsItem. You must have permission in Identity and Access Management (IAM) to delete an OpsItem.
Note the following important information about this operation.
-
Deleting an OpsItem is irreversible. You can't restore a deleted OpsItem.
-
This operation uses an eventual consistency model, which means the system can take a few minutes to complete this operation. If you delete an OpsItem and immediately call, for example, GetOpsItem, the deleted OpsItem might still appear in the response.
-
This operation is idempotent. The system doesn't throw an exception if you repeatedly call this operation for the same OpsItem. If the first call is successful, all additional calls return the same successful response as the first call.
-
This operation doesn't support cross-account calls. A delegated administrator or management account can't delete OpsItems in other accounts, even if OpsCenter has been set up for cross-account administration. For more information about cross-account administration, see Setting up OpsCenter to centrally manage OpsItems across accounts in the Systems Manager User Guide.
Parameter Syntax
$result = $client->deleteOpsItem([ 'OpsItemId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- OpsItemId
-
- Required: Yes
- Type: string
The ID of the OpsItem that you want to delete.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemInvalidParameterException:
A specified parameter argument isn't valid. Verify the available arguments and try again.
DeleteOpsMetadata
$result = $client->deleteOpsMetadata
([/* ... */]); $promise = $client->deleteOpsMetadataAsync
([/* ... */]);
Delete OpsMetadata related to an application.
Parameter Syntax
$result = $client->deleteOpsMetadata([ 'OpsMetadataArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- OpsMetadataArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of an OpsMetadata Object to delete.
Result Syntax
[]
Result Details
Errors
- OpsMetadataNotFoundException:
The OpsMetadata object doesn't exist.
- OpsMetadataInvalidArgumentException:
One of the arguments passed is invalid.
- InternalServerError:
An error occurred on the server side.
DeleteParameter
$result = $client->deleteParameter
([/* ... */]); $promise = $client->deleteParameterAsync
([/* ... */]);
Delete a parameter from the system. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.
Parameter Syntax
$result = $client->deleteParameter([ 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Name
-
- Required: Yes
- Type: string
The name of the parameter to delete.
You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- ParameterNotFound:
The parameter couldn't be found. Verify the name and try again.
DeleteParameters
$result = $client->deleteParameters
([/* ... */]); $promise = $client->deleteParametersAsync
([/* ... */]);
Delete a list of parameters. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.
Parameter Syntax
$result = $client->deleteParameters([ 'Names' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- Names
-
- Required: Yes
- Type: Array of strings
The names of the parameters to delete. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.
You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.
Result Syntax
[ 'DeletedParameters' => ['<string>', ...], 'InvalidParameters' => ['<string>', ...], ]
Result Details
Members
- DeletedParameters
-
- Type: Array of strings
The names of the deleted parameters.
- InvalidParameters
-
- Type: Array of strings
The names of parameters that weren't deleted because the parameters aren't valid.
Errors
- InternalServerError:
An error occurred on the server side.
DeletePatchBaseline
$result = $client->deletePatchBaseline
([/* ... */]); $promise = $client->deletePatchBaselineAsync
([/* ... */]);
Deletes a patch baseline.
Parameter Syntax
$result = $client->deletePatchBaseline([ 'BaselineId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- BaselineId
-
- Required: Yes
- Type: string
The ID of the patch baseline to delete.
Result Syntax
[ 'BaselineId' => '<string>', ]
Result Details
Members
- BaselineId
-
- Type: string
The ID of the deleted patch baseline.
Errors
- ResourceInUseException:
Error returned if an attempt is made to delete a patch baseline that is registered for a patch group.
- InternalServerError:
An error occurred on the server side.
DeleteResourceDataSync
$result = $client->deleteResourceDataSync
([/* ... */]); $promise = $client->deleteResourceDataSyncAsync
([/* ... */]);
Deletes a resource data sync configuration. After the configuration is deleted, changes to data on managed nodes are no longer synced to or from the target. Deleting a sync configuration doesn't delete data.
Parameter Syntax
$result = $client->deleteResourceDataSync([ 'SyncName' => '<string>', // REQUIRED 'SyncType' => '<string>', ]);
Parameter Details
Members
- SyncName
-
- Required: Yes
- Type: string
The name of the configuration to delete.
- SyncType
-
- Type: string
Specify the type of resource data sync to delete.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- ResourceDataSyncNotFoundException:
The specified sync name wasn't found.
- ResourceDataSyncInvalidConfigurationException:
The specified sync configuration is invalid.
DeleteResourcePolicy
$result = $client->deleteResourcePolicy
([/* ... */]); $promise = $client->deleteResourcePolicyAsync
([/* ... */]);
Deletes a Systems Manager resource policy. A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. The following resources support Systems Manager resource policies.
-
OpsItemGroup
- The resource policy forOpsItemGroup
enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems). -
Parameter
- The resource policy is used to share a parameter with other accounts using Resource Access Manager (RAM). For more information about cross-account sharing of parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.
Parameter Syntax
$result = $client->deleteResourcePolicy([ 'PolicyHash' => '<string>', // REQUIRED 'PolicyId' => '<string>', // REQUIRED 'ResourceArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- PolicyHash
-
- Required: Yes
- Type: string
ID of the current policy version. The hash helps to prevent multiple calls from attempting to overwrite a policy.
- PolicyId
-
- Required: Yes
- Type: string
The policy ID.
- ResourceArn
-
- Required: Yes
- Type: string
Amazon Resource Name (ARN) of the resource to which the policies are attached.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- ResourcePolicyInvalidParameterException:
One or more parameters specified for the call aren't valid. Verify the parameters and their values and try again.
- ResourcePolicyConflictException:
The hash provided in the call doesn't match the stored hash. This exception is thrown when trying to update an obsolete policy version or when multiple requests to update a policy are sent.
- ResourceNotFoundException:
The specified parameter to be shared could not be found.
- MalformedResourcePolicyDocumentException:
The specified policy document is malformed or invalid, or excessive
PutResourcePolicy
orDeleteResourcePolicy
calls have been made.- ResourcePolicyNotFoundException:
No policies with the specified policy ID and hash could be found.
DeregisterManagedInstance
$result = $client->deregisterManagedInstance
([/* ... */]); $promise = $client->deregisterManagedInstanceAsync
([/* ... */]);
Removes the server or virtual machine from the list of registered servers. You can reregister the node again at any time. If you don't plan to use Run Command on the server, we suggest uninstalling SSM Agent first.
Parameter Syntax
$result = $client->deregisterManagedInstance([ 'InstanceId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- InstanceId
-
- Required: Yes
- Type: string
The ID assigned to the managed node when you registered it using the activation process.
Result Syntax
[]
Result Details
Errors
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InternalServerError:
An error occurred on the server side.
DeregisterPatchBaselineForPatchGroup
$result = $client->deregisterPatchBaselineForPatchGroup
([/* ... */]); $promise = $client->deregisterPatchBaselineForPatchGroupAsync
([/* ... */]);
Removes a patch group from a patch baseline.
Parameter Syntax
$result = $client->deregisterPatchBaselineForPatchGroup([ 'BaselineId' => '<string>', // REQUIRED 'PatchGroup' => '<string>', // REQUIRED ]);
Parameter Details
Members
- BaselineId
-
- Required: Yes
- Type: string
The ID of the patch baseline to deregister the patch group from.
- PatchGroup
-
- Required: Yes
- Type: string
The name of the patch group that should be deregistered from the patch baseline.
Result Syntax
[ 'BaselineId' => '<string>', 'PatchGroup' => '<string>', ]
Result Details
Members
- BaselineId
-
- Type: string
The ID of the patch baseline the patch group was deregistered from.
- PatchGroup
-
- Type: string
The name of the patch group deregistered from the patch baseline.
Errors
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- InternalServerError:
An error occurred on the server side.
DeregisterTargetFromMaintenanceWindow
$result = $client->deregisterTargetFromMaintenanceWindow
([/* ... */]); $promise = $client->deregisterTargetFromMaintenanceWindowAsync
([/* ... */]);
Removes a target from a maintenance window.
Parameter Syntax
$result = $client->deregisterTargetFromMaintenanceWindow([ 'Safe' => true || false, 'WindowId' => '<string>', // REQUIRED 'WindowTargetId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Safe
-
- Type: boolean
The system checks if the target is being referenced by a task. If the target is being referenced, the system returns an error and doesn't deregister the target from the maintenance window.
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window the target should be removed from.
- WindowTargetId
-
- Required: Yes
- Type: string
The ID of the target definition to remove.
Result Syntax
[ 'WindowId' => '<string>', 'WindowTargetId' => '<string>', ]
Result Details
Members
- WindowId
-
- Type: string
The ID of the maintenance window the target was removed from.
- WindowTargetId
-
- Type: string
The ID of the removed target definition.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
- TargetInUseException:
You specified the
Safe
option for the DeregisterTargetFromMaintenanceWindow operation, but the target is still referenced in a task.
DeregisterTaskFromMaintenanceWindow
$result = $client->deregisterTaskFromMaintenanceWindow
([/* ... */]); $promise = $client->deregisterTaskFromMaintenanceWindowAsync
([/* ... */]);
Removes a task from a maintenance window.
Parameter Syntax
$result = $client->deregisterTaskFromMaintenanceWindow([ 'WindowId' => '<string>', // REQUIRED 'WindowTaskId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window the task should be removed from.
- WindowTaskId
-
- Required: Yes
- Type: string
The ID of the task to remove from the maintenance window.
Result Syntax
[ 'WindowId' => '<string>', 'WindowTaskId' => '<string>', ]
Result Details
Members
- WindowId
-
- Type: string
The ID of the maintenance window the task was removed from.
- WindowTaskId
-
- Type: string
The ID of the task removed from the maintenance window.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
DescribeActivations
$result = $client->describeActivations
([/* ... */]); $promise = $client->describeActivationsAsync
([/* ... */]);
Describes details about the activation, such as the date and time the activation was created, its expiration date, the Identity and Access Management (IAM) role assigned to the managed nodes in the activation, and the number of nodes registered by using this activation.
Parameter Syntax
$result = $client->describeActivations([ 'Filters' => [ [ 'FilterKey' => 'ActivationIds|DefaultInstanceName|IamRole', 'FilterValues' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of DescribeActivationsFilter structures
A filter to view information about your activations.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'ActivationList' => [ [ 'ActivationId' => '<string>', 'CreatedDate' => <DateTime>, 'DefaultInstanceName' => '<string>', 'Description' => '<string>', 'ExpirationDate' => <DateTime>, 'Expired' => true || false, 'IamRole' => '<string>', 'RegistrationLimit' => <integer>, 'RegistrationsCount' => <integer>, 'Tags' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- ActivationList
-
- Type: Array of Activation structures
A list of activations for your Amazon Web Services account.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
- InternalServerError:
An error occurred on the server side.
DescribeAssociation
$result = $client->describeAssociation
([/* ... */]); $promise = $client->describeAssociationAsync
([/* ... */]);
Describes the association for the specified target or managed node. If you created the association by using the Targets
parameter, then you must retrieve the association by using the association ID.
Parameter Syntax
$result = $client->describeAssociation([ 'AssociationId' => '<string>', 'AssociationVersion' => '<string>', 'InstanceId' => '<string>', 'Name' => '<string>', ]);
Parameter Details
Members
- AssociationId
-
- Type: string
The association ID for which you want information.
- AssociationVersion
-
- Type: string
Specify the association version to retrieve. To view the latest version, either specify
$LATEST
for this parameter, or omit this parameter. To view a list of all associations for a managed node, use ListAssociations. To get a list of versions for a specific association, use ListAssociationVersions. - InstanceId
-
- Type: string
The managed node ID.
- Name
-
- Type: string
The name of the SSM document.
Result Syntax
[ 'AssociationDescription' => [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationId' => '<string>', 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'Date' => <DateTime>, 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'LastExecutionDate' => <DateTime>, 'LastSuccessfulExecutionDate' => <DateTime>, 'LastUpdateAssociationDate' => <DateTime>, 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Overview' => [ 'AssociationStatusAggregatedCount' => [<integer>, ...], 'DetailedStatus' => '<string>', 'Status' => '<string>', ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'Status' => [ 'AdditionalInfo' => '<string>', 'Date' => <DateTime>, 'Message' => '<string>', 'Name' => 'Pending|Success|Failed', ], 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], ]
Result Details
Members
- AssociationDescription
-
- Type: AssociationDescription structure
Information about the association.
Errors
- AssociationDoesNotExist:
The specified association doesn't exist.
- InvalidAssociationVersion:
The version you specified isn't valid. Use ListAssociationVersions to view all versions of an association according to the association ID. Or, use the
$LATEST
parameter to view the latest version of the association.- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
DescribeAssociationExecutionTargets
$result = $client->describeAssociationExecutionTargets
([/* ... */]); $promise = $client->describeAssociationExecutionTargetsAsync
([/* ... */]);
Views information about a specific execution of a specific association.
Parameter Syntax
$result = $client->describeAssociationExecutionTargets([ 'AssociationId' => '<string>', // REQUIRED 'ExecutionId' => '<string>', // REQUIRED 'Filters' => [ [ 'Key' => 'Status|ResourceId|ResourceType', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AssociationId
-
- Required: Yes
- Type: string
The association ID that includes the execution for which you want to view details.
- ExecutionId
-
- Required: Yes
- Type: string
The execution ID for which you want to view details.
- Filters
-
- Type: Array of AssociationExecutionTargetsFilter structures
Filters for the request. You can specify the following filters and values.
Status (EQUAL)
ResourceId (EQUAL)
ResourceType (EQUAL)
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'AssociationExecutionTargets' => [ [ 'AssociationId' => '<string>', 'AssociationVersion' => '<string>', 'DetailedStatus' => '<string>', 'ExecutionId' => '<string>', 'LastExecutionDate' => <DateTime>, 'OutputSource' => [ 'OutputSourceId' => '<string>', 'OutputSourceType' => '<string>', ], 'ResourceId' => '<string>', 'ResourceType' => '<string>', 'Status' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AssociationExecutionTargets
-
- Type: Array of AssociationExecutionTarget structures
Information about the execution.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InternalServerError:
An error occurred on the server side.
- AssociationDoesNotExist:
The specified association doesn't exist.
- InvalidNextToken:
The specified token isn't valid.
- AssociationExecutionDoesNotExist:
The specified execution ID doesn't exist. Verify the ID number and try again.
DescribeAssociationExecutions
$result = $client->describeAssociationExecutions
([/* ... */]); $promise = $client->describeAssociationExecutionsAsync
([/* ... */]);
Views all executions for a specific association ID.
Parameter Syntax
$result = $client->describeAssociationExecutions([ 'AssociationId' => '<string>', // REQUIRED 'Filters' => [ [ 'Key' => 'ExecutionId|Status|CreatedTime', // REQUIRED 'Type' => 'EQUAL|LESS_THAN|GREATER_THAN', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AssociationId
-
- Required: Yes
- Type: string
The association ID for which you want to view execution history details.
- Filters
-
- Type: Array of AssociationExecutionFilter structures
Filters for the request. You can specify the following filters and values.
ExecutionId (EQUAL)
Status (EQUAL)
CreatedTime (EQUAL, GREATER_THAN, LESS_THAN)
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'AssociationExecutions' => [ [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'AssociationId' => '<string>', 'AssociationVersion' => '<string>', 'CreatedTime' => <DateTime>, 'DetailedStatus' => '<string>', 'ExecutionId' => '<string>', 'LastExecutionDate' => <DateTime>, 'ResourceCountByStatus' => '<string>', 'Status' => '<string>', 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AssociationExecutions
-
- Type: Array of AssociationExecution structures
A list of the executions for the specified association ID.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InternalServerError:
An error occurred on the server side.
- AssociationDoesNotExist:
The specified association doesn't exist.
- InvalidNextToken:
The specified token isn't valid.
DescribeAutomationExecutions
$result = $client->describeAutomationExecutions
([/* ... */]); $promise = $client->describeAutomationExecutionsAsync
([/* ... */]);
Provides details about all active and terminated Automation executions.
Parameter Syntax
$result = $client->describeAutomationExecutions([ 'Filters' => [ [ 'Key' => 'DocumentNamePrefix|ExecutionStatus|ExecutionId|ParentExecutionId|CurrentAction|StartTimeBefore|StartTimeAfter|AutomationType|TagKey|TargetResourceGroup|AutomationSubtype|OpsItemId', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of AutomationExecutionFilter structures
Filters used to limit the scope of executions that are requested.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'AutomationExecutionMetadataList' => [ [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'AssociationId' => '<string>', 'AutomationExecutionId' => '<string>', 'AutomationExecutionStatus' => 'Pending|InProgress|Waiting|Success|TimedOut|Cancelling|Cancelled|Failed|PendingApproval|Approved|Rejected|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|CompletedWithSuccess|CompletedWithFailure|Exited', 'AutomationSubtype' => 'ChangeRequest', 'AutomationType' => 'CrossAccount|Local', 'ChangeRequestName' => '<string>', 'CurrentAction' => '<string>', 'CurrentStepName' => '<string>', 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'ExecutedBy' => '<string>', 'ExecutionEndTime' => <DateTime>, 'ExecutionStartTime' => <DateTime>, 'FailureMessage' => '<string>', 'LogFile' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Mode' => 'Auto|Interactive', 'OpsItemId' => '<string>', 'Outputs' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'ParentAutomationExecutionId' => '<string>', 'ResolvedTargets' => [ 'ParameterValues' => ['<string>', ...], 'Truncated' => true || false, ], 'Runbooks' => [ [ 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'TargetParameterName' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ], // ... ], 'ScheduledTime' => <DateTime>, 'Target' => '<string>', 'TargetLocationsURL' => '<string>', 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'TargetParameterName' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AutomationExecutionMetadataList
-
- Type: Array of AutomationExecutionMetadata structures
The list of details about each automation execution which has occurred which matches the filter specification, if any.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InvalidFilterKey:
The specified key isn't valid.
- InvalidFilterValue:
The filter value isn't valid. Verify the value and try again.
- InvalidNextToken:
The specified token isn't valid.
- InternalServerError:
An error occurred on the server side.
DescribeAutomationStepExecutions
$result = $client->describeAutomationStepExecutions
([/* ... */]); $promise = $client->describeAutomationStepExecutionsAsync
([/* ... */]);
Information about all active and terminated step executions in an Automation workflow.
Parameter Syntax
$result = $client->describeAutomationStepExecutions([ 'AutomationExecutionId' => '<string>', // REQUIRED 'Filters' => [ [ 'Key' => 'StartTimeBefore|StartTimeAfter|StepExecutionStatus|StepExecutionId|StepName|Action|ParentStepExecutionId|ParentStepIteration|ParentStepIteratorValue', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ReverseOrder' => true || false, ]);
Parameter Details
Members
- AutomationExecutionId
-
- Required: Yes
- Type: string
The Automation execution ID for which you want step execution descriptions.
- Filters
-
- Type: Array of StepExecutionFilter structures
One or more filters to limit the number of step executions returned by the request.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- ReverseOrder
-
- Type: boolean
Indicates whether to list step executions in reverse order by start time. The default value is 'false'.
Result Syntax
[ 'NextToken' => '<string>', 'StepExecutions' => [ [ 'Action' => '<string>', 'ExecutionEndTime' => <DateTime>, 'ExecutionStartTime' => <DateTime>, 'FailureDetails' => [ 'Details' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'FailureStage' => '<string>', 'FailureType' => '<string>', ], 'FailureMessage' => '<string>', 'Inputs' => ['<string>', ...], 'IsCritical' => true || false, 'IsEnd' => true || false, 'MaxAttempts' => <integer>, 'NextStep' => '<string>', 'OnFailure' => '<string>', 'Outputs' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'OverriddenParameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'ParentStepDetails' => [ 'Action' => '<string>', 'Iteration' => <integer>, 'IteratorValue' => '<string>', 'StepExecutionId' => '<string>', 'StepName' => '<string>', ], 'Response' => '<string>', 'ResponseCode' => '<string>', 'StepExecutionId' => '<string>', 'StepName' => '<string>', 'StepStatus' => 'Pending|InProgress|Waiting|Success|TimedOut|Cancelling|Cancelled|Failed|PendingApproval|Approved|Rejected|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|CompletedWithSuccess|CompletedWithFailure|Exited', 'TargetLocation' => [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TimeoutSeconds' => <integer>, 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], 'ValidNextSteps' => ['<string>', ...], ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- StepExecutions
-
- Type: Array of StepExecution structures
A list of details about the current state of all steps that make up an execution.
Errors
- AutomationExecutionNotFoundException:
There is no automation execution information for the requested automation execution ID.
- InvalidNextToken:
The specified token isn't valid.
- InvalidFilterKey:
The specified key isn't valid.
- InvalidFilterValue:
The filter value isn't valid. Verify the value and try again.
- InternalServerError:
An error occurred on the server side.
DescribeAvailablePatches
$result = $client->describeAvailablePatches
([/* ... */]); $promise = $client->describeAvailablePatchesAsync
([/* ... */]);
Lists all patches eligible to be included in a patch baseline.
Currently, DescribeAvailablePatches
supports only the Amazon Linux 1, Amazon Linux 2, and Windows Server operating systems.
Parameter Syntax
$result = $client->describeAvailablePatches([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of PatchOrchestratorFilter structures
Each element in the array is a structure containing a key-value pair.
Windows Server
Supported keys for Windows Server managed node patches include the following:
-
PATCH_SET
Sample values:
OS
|APPLICATION
-
PRODUCT
Sample values:
WindowsServer2012
|Office 2010
|MicrosoftDefenderAntivirus
-
PRODUCT_FAMILY
Sample values:
Windows
|Office
-
MSRC_SEVERITY
Sample values:
ServicePacks
|Important
|Moderate
-
CLASSIFICATION
Sample values:
ServicePacks
|SecurityUpdates
|DefinitionUpdates
-
PATCH_ID
Sample values:
KB123456
|KB4516046
Linux
When specifying filters for Linux patches, you must specify a key-pair for
PRODUCT
. For example, using the Command Line Interface (CLI), the following command fails:aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615
However, the following command succeeds:
aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615
Supported keys for Linux managed node patches include the following:
-
PRODUCT
Sample values:
AmazonLinux2018.03
|AmazonLinux2.0
-
NAME
Sample values:
kernel-headers
|samba-python
|php
-
SEVERITY
Sample values:
Critical
|Important
|Medium
|Low
-
EPOCH
Sample values:
0
|1
-
VERSION
Sample values:
78.6.1
|4.10.16
-
RELEASE
Sample values:
9.56.amzn1
|1.amzn2
-
ARCH
Sample values:
i686
|x86_64
-
REPOSITORY
Sample values:
Core
|Updates
-
ADVISORY_ID
Sample values:
ALAS-2018-1058
|ALAS2-2021-1594
-
CVE_ID
Sample values:
CVE-2018-3615
|CVE-2020-1472
-
BUGZILLA_ID
Sample values:
1463241
- MaxResults
-
- Type: int
The maximum number of patches to return (per page).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'NextToken' => '<string>', 'Patches' => [ [ 'AdvisoryIds' => ['<string>', ...], 'Arch' => '<string>', 'BugzillaIds' => ['<string>', ...], 'CVEIds' => ['<string>', ...], 'Classification' => '<string>', 'ContentUrl' => '<string>', 'Description' => '<string>', 'Epoch' => <integer>, 'Id' => '<string>', 'KbNumber' => '<string>', 'Language' => '<string>', 'MsrcNumber' => '<string>', 'MsrcSeverity' => '<string>', 'Name' => '<string>', 'Product' => '<string>', 'ProductFamily' => '<string>', 'Release' => '<string>', 'ReleaseDate' => <DateTime>, 'Repository' => '<string>', 'Severity' => '<string>', 'Title' => '<string>', 'Vendor' => '<string>', 'Version' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- Patches
-
- Type: Array of Patch structures
An array of patches. Each entry in the array is a patch structure.
Errors
- InternalServerError:
An error occurred on the server side.
DescribeDocument
$result = $client->describeDocument
([/* ... */]); $promise = $client->describeDocumentAsync
([/* ... */]);
Describes the specified Amazon Web Services Systems Manager document (SSM document).
Parameter Syntax
$result = $client->describeDocument([ 'DocumentVersion' => '<string>', 'Name' => '<string>', // REQUIRED 'VersionName' => '<string>', ]);
Parameter Details
Members
- DocumentVersion
-
- Type: string
The document version for which you want information. Can be a specific version or the default version.
- Name
-
- Required: Yes
- Type: string
The name of the SSM document.
- VersionName
-
- Type: string
An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.
Result Syntax
[ 'Document' => [ 'ApprovedVersion' => '<string>', 'AttachmentsInformation' => [ [ 'Name' => '<string>', ], // ... ], 'Author' => '<string>', 'Category' => ['<string>', ...], 'CategoryEnum' => ['<string>', ...], 'CreatedDate' => <DateTime>, 'DefaultVersion' => '<string>', 'Description' => '<string>', 'DisplayName' => '<string>', 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup', 'DocumentVersion' => '<string>', 'Hash' => '<string>', 'HashType' => 'Sha256|Sha1', 'LatestVersion' => '<string>', 'Name' => '<string>', 'Owner' => '<string>', 'Parameters' => [ [ 'DefaultValue' => '<string>', 'Description' => '<string>', 'Name' => '<string>', 'Type' => 'String|StringList', ], // ... ], 'PendingReviewVersion' => '<string>', 'PlatformTypes' => ['<string>', ...], 'Requires' => [ [ 'Name' => '<string>', 'RequireType' => '<string>', 'Version' => '<string>', 'VersionName' => '<string>', ], // ... ], 'ReviewInformation' => [ [ 'ReviewedTime' => <DateTime>, 'Reviewer' => '<string>', 'Status' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', ], // ... ], 'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', 'SchemaVersion' => '<string>', 'Sha1' => '<string>', 'Status' => 'Creating|Active|Updating|Deleting|Failed', 'StatusInformation' => '<string>', 'Tags' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], 'TargetType' => '<string>', 'VersionName' => '<string>', ], ]
Result Details
Members
- Document
-
- Type: DocumentDescription structure
Information about the SSM document.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
DescribeDocumentPermission
$result = $client->describeDocumentPermission
([/* ... */]); $promise = $client->describeDocumentPermissionAsync
([/* ... */]);
Describes the permissions for a Amazon Web Services Systems Manager document (SSM document). If you created the document, you are the owner. If a document is shared, it can either be shared privately (by specifying a user's Amazon Web Services account ID) or publicly (All).
Parameter Syntax
$result = $client->describeDocumentPermission([ 'MaxResults' => <integer>, 'Name' => '<string>', // REQUIRED 'NextToken' => '<string>', 'PermissionType' => 'Share', // REQUIRED ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- Name
-
- Required: Yes
- Type: string
The name of the document for which you are the owner.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- PermissionType
-
- Required: Yes
- Type: string
The permission type for the document. The permission type can be Share.
Result Syntax
[ 'AccountIds' => ['<string>', ...], 'AccountSharingInfoList' => [ [ 'AccountId' => '<string>', 'SharedDocumentVersion' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AccountIds
-
- Type: Array of strings
The account IDs that have permission to use this document. The ID can be either an Amazon Web Services account or All.
- AccountSharingInfoList
-
- Type: Array of AccountSharingInfo structures
A list of Amazon Web Services accounts where the current document is shared and the version shared with each account.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidNextToken:
The specified token isn't valid.
- InvalidPermissionType:
The permission type isn't supported. Share is the only supported permission type.
- InvalidDocumentOperation:
You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.
DescribeEffectiveInstanceAssociations
$result = $client->describeEffectiveInstanceAssociations
([/* ... */]); $promise = $client->describeEffectiveInstanceAssociationsAsync
([/* ... */]);
All associations for the managed nodes.
Parameter Syntax
$result = $client->describeEffectiveInstanceAssociations([ 'InstanceId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- InstanceId
-
- Required: Yes
- Type: string
The managed node ID for which you want to view all associations.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'Associations' => [ [ 'AssociationId' => '<string>', 'AssociationVersion' => '<string>', 'Content' => '<string>', 'InstanceId' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Associations
-
- Type: Array of InstanceAssociation structures
The associations for the requested managed node.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidNextToken:
The specified token isn't valid.
DescribeEffectivePatchesForPatchBaseline
$result = $client->describeEffectivePatchesForPatchBaseline
([/* ... */]); $promise = $client->describeEffectivePatchesForPatchBaselineAsync
([/* ... */]);
Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline. Applies to patch baselines for Windows only.
Parameter Syntax
$result = $client->describeEffectivePatchesForPatchBaseline([ 'BaselineId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- BaselineId
-
- Required: Yes
- Type: string
The ID of the patch baseline to retrieve the effective patches for.
- MaxResults
-
- Type: int
The maximum number of patches to return (per page).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'EffectivePatches' => [ [ 'Patch' => [ 'AdvisoryIds' => ['<string>', ...], 'Arch' => '<string>', 'BugzillaIds' => ['<string>', ...], 'CVEIds' => ['<string>', ...], 'Classification' => '<string>', 'ContentUrl' => '<string>', 'Description' => '<string>', 'Epoch' => <integer>, 'Id' => '<string>', 'KbNumber' => '<string>', 'Language' => '<string>', 'MsrcNumber' => '<string>', 'MsrcSeverity' => '<string>', 'Name' => '<string>', 'Product' => '<string>', 'ProductFamily' => '<string>', 'Release' => '<string>', 'ReleaseDate' => <DateTime>, 'Repository' => '<string>', 'Severity' => '<string>', 'Title' => '<string>', 'Vendor' => '<string>', 'Version' => '<string>', ], 'PatchStatus' => [ 'ApprovalDate' => <DateTime>, 'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'DeploymentStatus' => 'APPROVED|PENDING_APPROVAL|EXPLICIT_APPROVED|EXPLICIT_REJECTED', ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- EffectivePatches
-
- Type: Array of EffectivePatch structures
An array of patches and patch status.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- UnsupportedOperatingSystem:
The operating systems you specified isn't supported, or the operation isn't supported for the operating system.
- InternalServerError:
An error occurred on the server side.
DescribeInstanceAssociationsStatus
$result = $client->describeInstanceAssociationsStatus
([/* ... */]); $promise = $client->describeInstanceAssociationsStatusAsync
([/* ... */]);
The status of the associations for the managed nodes.
Parameter Syntax
$result = $client->describeInstanceAssociationsStatus([ 'InstanceId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- InstanceId
-
- Required: Yes
- Type: string
The managed node IDs for which you want association status information.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'InstanceAssociationStatusInfos' => [ [ 'AssociationId' => '<string>', 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'DetailedStatus' => '<string>', 'DocumentVersion' => '<string>', 'ErrorCode' => '<string>', 'ExecutionDate' => <DateTime>, 'ExecutionSummary' => '<string>', 'InstanceId' => '<string>', 'Name' => '<string>', 'OutputUrl' => [ 'S3OutputUrl' => [ 'OutputUrl' => '<string>', ], ], 'Status' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- InstanceAssociationStatusInfos
-
- Type: Array of InstanceAssociationStatusInfo structures
Status information about the association.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidNextToken:
The specified token isn't valid.
DescribeInstanceInformation
$result = $client->describeInstanceInformation
([/* ... */]); $promise = $client->describeInstanceInformationAsync
([/* ... */]);
Provides information about one or more of your managed nodes, including the operating system platform, SSM Agent version, association status, and IP address. This operation does not return information for nodes that are either Stopped or Terminated.
If you specify one or more node IDs, the operation returns information for those managed nodes. If you don't specify node IDs, it returns information for all your managed nodes. If you specify a node ID that isn't valid or a node that you don't own, you receive an error.
The IamRole
field returned for this API operation is the role assigned to an Amazon EC2 instance configured with a Systems Manager Quick Setup host management configuration or the role assigned to an on-premises managed node.
Parameter Syntax
$result = $client->describeInstanceInformation([ 'Filters' => [ [ 'Key' => '<string>', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'InstanceInformationFilterList' => [ [ 'key' => 'InstanceIds|AgentVersion|PingStatus|PlatformTypes|ActivationIds|IamRole|ResourceType|AssociationStatus', // REQUIRED 'valueSet' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of InstanceInformationStringFilter structures
One or more filters. Use a filter to return a more specific list of managed nodes. You can filter based on tags applied to your managed nodes. Tag filters can't be combined with other filter types. Use this
Filters
data type instead ofInstanceInformationFilterList
, which is deprecated. - InstanceInformationFilterList
-
- Type: Array of InstanceInformationFilter structures
This is a legacy method. We recommend that you don't use this method. Instead, use the
Filters
data type.Filters
enables you to return node information by filtering based on tags applied to managed nodes.Attempting to use
InstanceInformationFilterList
andFilters
leads to an exception error. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results. The default value is 10 items.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'InstanceInformationList' => [ [ 'ActivationId' => '<string>', 'AgentVersion' => '<string>', 'AssociationOverview' => [ 'DetailedStatus' => '<string>', 'InstanceAssociationStatusAggregatedCount' => [<integer>, ...], ], 'AssociationStatus' => '<string>', 'ComputerName' => '<string>', 'IPAddress' => '<string>', 'IamRole' => '<string>', 'InstanceId' => '<string>', 'IsLatestVersion' => true || false, 'LastAssociationExecutionDate' => <DateTime>, 'LastPingDateTime' => <DateTime>, 'LastSuccessfulAssociationExecutionDate' => <DateTime>, 'Name' => '<string>', 'PingStatus' => 'Online|ConnectionLost|Inactive', 'PlatformName' => '<string>', 'PlatformType' => 'Windows|Linux|MacOS', 'PlatformVersion' => '<string>', 'RegistrationDate' => <DateTime>, 'ResourceType' => 'ManagedInstance|EC2Instance', 'SourceId' => '<string>', 'SourceType' => 'AWS::EC2::Instance|AWS::IoT::Thing|AWS::SSM::ManagedInstance', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- InstanceInformationList
-
- Type: Array of InstanceInformation structures
The managed node information list.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidNextToken:
The specified token isn't valid.
- InvalidInstanceInformationFilterValue:
The specified filter value isn't valid.
- InvalidFilterKey:
The specified key isn't valid.
DescribeInstancePatchStates
$result = $client->describeInstancePatchStates
([/* ... */]); $promise = $client->describeInstancePatchStatesAsync
([/* ... */]);
Retrieves the high-level patch state of one or more managed nodes.
Parameter Syntax
$result = $client->describeInstancePatchStates([ 'InstanceIds' => ['<string>', ...], // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- InstanceIds
-
- Required: Yes
- Type: Array of strings
The ID of the managed node for which patch state information should be retrieved.
- MaxResults
-
- Type: int
The maximum number of managed nodes to return (per page).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'InstancePatchStates' => [ [ 'BaselineId' => '<string>', 'CriticalNonCompliantCount' => <integer>, 'FailedCount' => <integer>, 'InstallOverrideList' => '<string>', 'InstalledCount' => <integer>, 'InstalledOtherCount' => <integer>, 'InstalledPendingRebootCount' => <integer>, 'InstalledRejectedCount' => <integer>, 'InstanceId' => '<string>', 'LastNoRebootInstallOperationTime' => <DateTime>, 'MissingCount' => <integer>, 'NotApplicableCount' => <integer>, 'Operation' => 'Scan|Install', 'OperationEndTime' => <DateTime>, 'OperationStartTime' => <DateTime>, 'OtherNonCompliantCount' => <integer>, 'OwnerInformation' => '<string>', 'PatchGroup' => '<string>', 'RebootOption' => 'RebootIfNeeded|NoReboot', 'SecurityNonCompliantCount' => <integer>, 'SnapshotId' => '<string>', 'UnreportedNotApplicableCount' => <integer>, ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- InstancePatchStates
-
- Type: Array of InstancePatchState structures
The high-level patch state for the requested managed nodes.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidNextToken:
The specified token isn't valid.
DescribeInstancePatchStatesForPatchGroup
$result = $client->describeInstancePatchStatesForPatchGroup
([/* ... */]); $promise = $client->describeInstancePatchStatesForPatchGroupAsync
([/* ... */]);
Retrieves the high-level patch state for the managed nodes in the specified patch group.
Parameter Syntax
$result = $client->describeInstancePatchStatesForPatchGroup([ 'Filters' => [ [ 'Key' => '<string>', // REQUIRED 'Type' => 'Equal|NotEqual|LessThan|GreaterThan', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'PatchGroup' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of InstancePatchStateFilter structures
Each entry in the array is a structure containing:
-
Key (string between 1 and 200 characters)
-
Values (array containing a single string)
-
Type (string "Equal", "NotEqual", "LessThan", "GreaterThan")
- MaxResults
-
- Type: int
The maximum number of patches to return (per page).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- PatchGroup
-
- Required: Yes
- Type: string
The name of the patch group for which the patch state information should be retrieved.
Result Syntax
[ 'InstancePatchStates' => [ [ 'BaselineId' => '<string>', 'CriticalNonCompliantCount' => <integer>, 'FailedCount' => <integer>, 'InstallOverrideList' => '<string>', 'InstalledCount' => <integer>, 'InstalledOtherCount' => <integer>, 'InstalledPendingRebootCount' => <integer>, 'InstalledRejectedCount' => <integer>, 'InstanceId' => '<string>', 'LastNoRebootInstallOperationTime' => <DateTime>, 'MissingCount' => <integer>, 'NotApplicableCount' => <integer>, 'Operation' => 'Scan|Install', 'OperationEndTime' => <DateTime>, 'OperationStartTime' => <DateTime>, 'OtherNonCompliantCount' => <integer>, 'OwnerInformation' => '<string>', 'PatchGroup' => '<string>', 'RebootOption' => 'RebootIfNeeded|NoReboot', 'SecurityNonCompliantCount' => <integer>, 'SnapshotId' => '<string>', 'UnreportedNotApplicableCount' => <integer>, ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- InstancePatchStates
-
- Type: Array of InstancePatchState structures
The high-level patch state for the requested managed nodes.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
DescribeInstancePatches
$result = $client->describeInstancePatches
([/* ... */]); $promise = $client->describeInstancePatchesAsync
([/* ... */]);
Retrieves information about the patches on the specified managed node and their state relative to the patch baseline being used for the node.
Parameter Syntax
$result = $client->describeInstancePatches([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'InstanceId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of PatchOrchestratorFilter structures
Each element in the array is a structure containing a key-value pair.
Supported keys for
DescribeInstancePatches
include the following:-
Classification
Sample values:
Security
|SecurityUpdates
-
KBId
Sample values:
KB4480056
|java-1.7.0-openjdk.x86_64
-
Severity
Sample values:
Important
|Medium
|Low
-
State
Sample values:
Installed
|InstalledOther
|InstalledPendingReboot
For lists of all
State
values, see Patch compliance state values in the Amazon Web Services Systems Manager User Guide.
- InstanceId
-
- Required: Yes
- Type: string
The ID of the managed node whose patch state information should be retrieved.
- MaxResults
-
- Type: int
The maximum number of patches to return (per page).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'NextToken' => '<string>', 'Patches' => [ [ 'CVEIds' => '<string>', 'Classification' => '<string>', 'InstalledTime' => <DateTime>, 'KBId' => '<string>', 'Severity' => '<string>', 'State' => 'INSTALLED|INSTALLED_OTHER|INSTALLED_PENDING_REBOOT|INSTALLED_REJECTED|MISSING|NOT_APPLICABLE|FAILED', 'Title' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- Patches
-
- Type: Array of PatchComplianceData structures
Each entry in the array is a structure containing:
-
Title (string)
-
KBId (string)
-
Classification (string)
-
Severity (string)
-
State (string, such as "INSTALLED" or "FAILED")
-
InstalledTime (DateTime)
-
InstalledBy (string)
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
DescribeInstanceProperties
$result = $client->describeInstanceProperties
([/* ... */]); $promise = $client->describeInstancePropertiesAsync
([/* ... */]);
An API operation used by the Systems Manager console to display information about Systems Manager managed nodes.
Parameter Syntax
$result = $client->describeInstanceProperties([ 'FiltersWithOperator' => [ [ 'Key' => '<string>', // REQUIRED 'Operator' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan', 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'InstancePropertyFilterList' => [ [ 'key' => 'InstanceIds|AgentVersion|PingStatus|PlatformTypes|DocumentName|ActivationIds|IamRole|ResourceType|AssociationStatus', // REQUIRED 'valueSet' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- FiltersWithOperator
-
- Type: Array of InstancePropertyStringFilter structures
The request filters to use with the operator.
- InstancePropertyFilterList
-
- Type: Array of InstancePropertyFilter structures
An array of instance property filters.
- MaxResults
-
- Type: int
The maximum number of items to return for the call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token provided by a previous request to use to return the next set of properties.
Result Syntax
[ 'InstanceProperties' => [ [ 'ActivationId' => '<string>', 'AgentVersion' => '<string>', 'Architecture' => '<string>', 'AssociationOverview' => [ 'DetailedStatus' => '<string>', 'InstanceAssociationStatusAggregatedCount' => [<integer>, ...], ], 'AssociationStatus' => '<string>', 'ComputerName' => '<string>', 'IPAddress' => '<string>', 'IamRole' => '<string>', 'InstanceId' => '<string>', 'InstanceRole' => '<string>', 'InstanceState' => '<string>', 'InstanceType' => '<string>', 'KeyName' => '<string>', 'LastAssociationExecutionDate' => <DateTime>, 'LastPingDateTime' => <DateTime>, 'LastSuccessfulAssociationExecutionDate' => <DateTime>, 'LaunchTime' => <DateTime>, 'Name' => '<string>', 'PingStatus' => 'Online|ConnectionLost|Inactive', 'PlatformName' => '<string>', 'PlatformType' => 'Windows|Linux|MacOS', 'PlatformVersion' => '<string>', 'RegistrationDate' => <DateTime>, 'ResourceType' => '<string>', 'SourceId' => '<string>', 'SourceType' => 'AWS::EC2::Instance|AWS::IoT::Thing|AWS::SSM::ManagedInstance', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- InstanceProperties
-
- Type: Array of InstanceProperty structures
Properties for the managed instances.
- NextToken
-
- Type: string
The token for the next set of properties to return. Use this token to get the next set of results.
Errors
- InvalidNextToken:
The specified token isn't valid.
- InvalidFilterKey:
The specified key isn't valid.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidActivationId:
The activation ID isn't valid. Verify the you entered the correct ActivationId or ActivationCode and try again.
- InvalidInstancePropertyFilterValue:
The specified filter value isn't valid.
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
DescribeInventoryDeletions
$result = $client->describeInventoryDeletions
([/* ... */]); $promise = $client->describeInventoryDeletionsAsync
([/* ... */]);
Describes a specific delete inventory operation.
Parameter Syntax
$result = $client->describeInventoryDeletions([ 'DeletionId' => '<string>', 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- DeletionId
-
- Type: string
Specify the delete inventory ID for which you want information. This ID was returned by the
DeleteInventory
operation. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'InventoryDeletions' => [ [ 'DeletionId' => '<string>', 'DeletionStartTime' => <DateTime>, 'DeletionSummary' => [ 'RemainingCount' => <integer>, 'SummaryItems' => [ [ 'Count' => <integer>, 'RemainingCount' => <integer>, 'Version' => '<string>', ], // ... ], 'TotalCount' => <integer>, ], 'LastStatus' => 'InProgress|Complete', 'LastStatusMessage' => '<string>', 'LastStatusUpdateTime' => <DateTime>, 'TypeName' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- InventoryDeletions
-
- Type: Array of InventoryDeletionStatusItem structures
A list of status items for deleted inventory.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDeletionIdException:
The ID specified for the delete operation doesn't exist or isn't valid. Verify the ID and try again.
- InvalidNextToken:
The specified token isn't valid.
DescribeMaintenanceWindowExecutionTaskInvocations
$result = $client->describeMaintenanceWindowExecutionTaskInvocations
([/* ... */]); $promise = $client->describeMaintenanceWindowExecutionTaskInvocationsAsync
([/* ... */]);
Retrieves the individual task executions (one per target) for a particular task run as part of a maintenance window execution.
Parameter Syntax
$result = $client->describeMaintenanceWindowExecutionTaskInvocations([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'TaskId' => '<string>', // REQUIRED 'WindowExecutionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of MaintenanceWindowFilter structures
Optional filters used to scope down the returned task invocations. The supported filter key is
STATUS
with the corresponding valuesPENDING
,IN_PROGRESS
,SUCCESS
,FAILED
,TIMED_OUT
,CANCELLING
, andCANCELLED
. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- TaskId
-
- Required: Yes
- Type: string
The ID of the specific task in the maintenance window task that should be retrieved.
- WindowExecutionId
-
- Required: Yes
- Type: string
The ID of the maintenance window execution the task is part of.
Result Syntax
[ 'NextToken' => '<string>', 'WindowExecutionTaskInvocationIdentities' => [ [ 'EndTime' => <DateTime>, 'ExecutionId' => '<string>', 'InvocationId' => '<string>', 'OwnerInformation' => '<string>', 'Parameters' => '<string>', 'StartTime' => <DateTime>, 'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING', 'StatusDetails' => '<string>', 'TaskExecutionId' => '<string>', 'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', 'WindowExecutionId' => '<string>', 'WindowTargetId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- WindowExecutionTaskInvocationIdentities
-
- Type: Array of MaintenanceWindowExecutionTaskInvocationIdentity structures
Information about the task invocation results per invocation.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
DescribeMaintenanceWindowExecutionTasks
$result = $client->describeMaintenanceWindowExecutionTasks
([/* ... */]); $promise = $client->describeMaintenanceWindowExecutionTasksAsync
([/* ... */]);
For a given maintenance window execution, lists the tasks that were run.
Parameter Syntax
$result = $client->describeMaintenanceWindowExecutionTasks([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'WindowExecutionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of MaintenanceWindowFilter structures
Optional filters used to scope down the returned tasks. The supported filter key is
STATUS
with the corresponding valuesPENDING
,IN_PROGRESS
,SUCCESS
,FAILED
,TIMED_OUT
,CANCELLING
, andCANCELLED
. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- WindowExecutionId
-
- Required: Yes
- Type: string
The ID of the maintenance window execution whose task executions should be retrieved.
Result Syntax
[ 'NextToken' => '<string>', 'WindowExecutionTaskIdentities' => [ [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'EndTime' => <DateTime>, 'StartTime' => <DateTime>, 'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING', 'StatusDetails' => '<string>', 'TaskArn' => '<string>', 'TaskExecutionId' => '<string>', 'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], 'WindowExecutionId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- WindowExecutionTaskIdentities
-
- Type: Array of MaintenanceWindowExecutionTaskIdentity structures
Information about the task executions.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
DescribeMaintenanceWindowExecutions
$result = $client->describeMaintenanceWindowExecutions
([/* ... */]); $promise = $client->describeMaintenanceWindowExecutionsAsync
([/* ... */]);
Lists the executions of a maintenance window. This includes information about when the maintenance window was scheduled to be active, and information about tasks registered and run with the maintenance window.
Parameter Syntax
$result = $client->describeMaintenanceWindowExecutions([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of MaintenanceWindowFilter structures
Each entry in the array is a structure containing:
-
Key. A string between 1 and 128 characters. Supported keys include
ExecutedBefore
andExecutedAfter
. -
Values. An array of strings, each between 1 and 256 characters. Supported values are date/time strings in a valid ISO 8601 date/time format, such as
2024-11-04T05:00:00Z
.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window whose executions should be retrieved.
Result Syntax
[ 'NextToken' => '<string>', 'WindowExecutions' => [ [ 'EndTime' => <DateTime>, 'StartTime' => <DateTime>, 'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING', 'StatusDetails' => '<string>', 'WindowExecutionId' => '<string>', 'WindowId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- WindowExecutions
-
- Type: Array of MaintenanceWindowExecution structures
Information about the maintenance window executions.
Errors
- InternalServerError:
An error occurred on the server side.
DescribeMaintenanceWindowSchedule
$result = $client->describeMaintenanceWindowSchedule
([/* ... */]); $promise = $client->describeMaintenanceWindowScheduleAsync
([/* ... */]);
Retrieves information about upcoming executions of a maintenance window.
Parameter Syntax
$result = $client->describeMaintenanceWindowSchedule([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ResourceType' => 'INSTANCE|RESOURCE_GROUP', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'WindowId' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of PatchOrchestratorFilter structures
Filters used to limit the range of results. For example, you can limit maintenance window executions to only those scheduled before or after a certain date and time.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- ResourceType
-
- Type: string
The type of resource you want to retrieve information about. For example,
INSTANCE
. - Targets
-
- Type: Array of Target structures
The managed node ID or key-value pair to retrieve information about.
- WindowId
-
- Type: string
The ID of the maintenance window to retrieve information about.
Result Syntax
[ 'NextToken' => '<string>', 'ScheduledWindowExecutions' => [ [ 'ExecutionTime' => '<string>', 'Name' => '<string>', 'WindowId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. (You use this token in the next call.)
- ScheduledWindowExecutions
-
- Type: Array of ScheduledWindowExecution structures
Information about maintenance window executions scheduled for the specified time range.
Errors
- InternalServerError:
An error occurred on the server side.
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
DescribeMaintenanceWindowTargets
$result = $client->describeMaintenanceWindowTargets
([/* ... */]); $promise = $client->describeMaintenanceWindowTargetsAsync
([/* ... */]);
Lists the targets registered with the maintenance window.
Parameter Syntax
$result = $client->describeMaintenanceWindowTargets([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of MaintenanceWindowFilter structures
Optional filters that can be used to narrow down the scope of the returned window targets. The supported filter keys are
Type
,WindowTargetId
, andOwnerInformation
. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window whose targets should be retrieved.
Result Syntax
[ 'NextToken' => '<string>', 'Targets' => [ [ 'Description' => '<string>', 'Name' => '<string>', 'OwnerInformation' => '<string>', 'ResourceType' => 'INSTANCE|RESOURCE_GROUP', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'WindowId' => '<string>', 'WindowTargetId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- Targets
-
- Type: Array of MaintenanceWindowTarget structures
Information about the targets in the maintenance window.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
DescribeMaintenanceWindowTasks
$result = $client->describeMaintenanceWindowTasks
([/* ... */]); $promise = $client->describeMaintenanceWindowTasksAsync
([/* ... */]);
Lists the tasks in a maintenance window.
For maintenance window tasks without a specified target, you can't supply values for --max-errors
and --max-concurrency
. Instead, the system inserts a placeholder value of 1
, which may be reported in the response to this command. These values don't affect the running of your task and can be ignored.
Parameter Syntax
$result = $client->describeMaintenanceWindowTasks([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of MaintenanceWindowFilter structures
Optional filters used to narrow down the scope of the returned tasks. The supported filter keys are
WindowTaskId
,TaskArn
,Priority
, andTaskType
. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window whose tasks should be retrieved.
Result Syntax
[ 'NextToken' => '<string>', 'Tasks' => [ [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'CutoffBehavior' => 'CONTINUE_TASK|CANCEL_TASK', 'Description' => '<string>', 'LoggingInfo' => [ 'S3BucketName' => '<string>', 'S3KeyPrefix' => '<string>', 'S3Region' => '<string>', ], 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'Priority' => <integer>, 'ServiceRoleArn' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TaskArn' => '<string>', 'TaskParameters' => [ '<MaintenanceWindowTaskParameterName>' => [ 'Values' => ['<string>', ...], ], // ... ], 'Type' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', 'WindowId' => '<string>', 'WindowTaskId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- Tasks
-
- Type: Array of MaintenanceWindowTask structures
Information about the tasks in the maintenance window.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
DescribeMaintenanceWindows
$result = $client->describeMaintenanceWindows
([/* ... */]); $promise = $client->describeMaintenanceWindowsAsync
([/* ... */]);
Retrieves the maintenance windows in an Amazon Web Services account.
Parameter Syntax
$result = $client->describeMaintenanceWindows([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of MaintenanceWindowFilter structures
Optional filters used to narrow down the scope of the returned maintenance windows. Supported filter keys are
Name
andEnabled
. For example,Name=MyMaintenanceWindow
andEnabled=True
. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'NextToken' => '<string>', 'WindowIdentities' => [ [ 'Cutoff' => <integer>, 'Description' => '<string>', 'Duration' => <integer>, 'Enabled' => true || false, 'EndDate' => '<string>', 'Name' => '<string>', 'NextExecutionTime' => '<string>', 'Schedule' => '<string>', 'ScheduleOffset' => <integer>, 'ScheduleTimezone' => '<string>', 'StartDate' => '<string>', 'WindowId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- WindowIdentities
-
- Type: Array of MaintenanceWindowIdentity structures
Information about the maintenance windows.
Errors
- InternalServerError:
An error occurred on the server side.
DescribeMaintenanceWindowsForTarget
$result = $client->describeMaintenanceWindowsForTarget
([/* ... */]); $promise = $client->describeMaintenanceWindowsForTargetAsync
([/* ... */]);
Retrieves information about the maintenance window targets or tasks that a managed node is associated with.
Parameter Syntax
$result = $client->describeMaintenanceWindowsForTarget([ 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ResourceType' => 'INSTANCE|RESOURCE_GROUP', // REQUIRED 'Targets' => [ // REQUIRED [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- ResourceType
-
- Required: Yes
- Type: string
The type of resource you want to retrieve information about. For example,
INSTANCE
. - Targets
-
- Required: Yes
- Type: Array of Target structures
The managed node ID or key-value pair to retrieve information about.
Result Syntax
[ 'NextToken' => '<string>', 'WindowIdentities' => [ [ 'Name' => '<string>', 'WindowId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. (You use this token in the next call.)
- WindowIdentities
-
- Type: Array of MaintenanceWindowIdentityForTarget structures
Information about the maintenance window targets and tasks a managed node is associated with.
Errors
- InternalServerError:
An error occurred on the server side.
DescribeOpsItems
$result = $client->describeOpsItems
([/* ... */]); $promise = $client->describeOpsItemsAsync
([/* ... */]);
Query a set of OpsItems. You must have permission in Identity and Access Management (IAM) to query a list of OpsItems. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.
Parameter Syntax
$result = $client->describeOpsItems([ 'MaxResults' => <integer>, 'NextToken' => '<string>', 'OpsItemFilters' => [ [ 'Key' => 'Status|CreatedBy|Source|Priority|Title|OpsItemId|CreatedTime|LastModifiedTime|ActualStartTime|ActualEndTime|PlannedStartTime|PlannedEndTime|OperationalData|OperationalDataKey|OperationalDataValue|ResourceId|AutomationId|Category|Severity|OpsItemType|ChangeRequestByRequesterArn|ChangeRequestByRequesterName|ChangeRequestByApproverArn|ChangeRequestByApproverName|ChangeRequestByTemplate|ChangeRequestByTargetsResourceGroup|InsightByType|AccountId', // REQUIRED 'Operator' => 'Equal|Contains|GreaterThan|LessThan', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
- OpsItemFilters
-
- Type: Array of OpsItemFilter structures
One or more filters to limit the response.
-
Key: CreatedTime
Operations: GreaterThan, LessThan
-
Key: LastModifiedBy
Operations: Contains, Equals
-
Key: LastModifiedTime
Operations: GreaterThan, LessThan
-
Key: Priority
Operations: Equals
-
Key: Source
Operations: Contains, Equals
-
Key: Status
Operations: Equals
-
Key: Title*
Operations: Equals,Contains
-
Key: OperationalData**
Operations: Equals
-
Key: OperationalDataKey
Operations: Equals
-
Key: OperationalDataValue
Operations: Equals, Contains
-
Key: OpsItemId
Operations: Equals
-
Key: ResourceId
Operations: Contains
-
Key: AutomationId
Operations: Equals
-
Key: AccountId
Operations: Equals
*The Equals operator for Title matches the first 100 characters. If you specify more than 100 characters, they system returns an error that the filter value exceeds the length limit.
**If you filter the response by using the OperationalData operator, specify a key-value pair by using the following JSON format: {"key":"key_name","value":"a_value"}
Result Syntax
[ 'NextToken' => '<string>', 'OpsItemSummaries' => [ [ 'ActualEndTime' => <DateTime>, 'ActualStartTime' => <DateTime>, 'Category' => '<string>', 'CreatedBy' => '<string>', 'CreatedTime' => <DateTime>, 'LastModifiedBy' => '<string>', 'LastModifiedTime' => <DateTime>, 'OperationalData' => [ '<OpsItemDataKey>' => [ 'Type' => 'SearchableString|String', 'Value' => '<string>', ], // ... ], 'OpsItemId' => '<string>', 'OpsItemType' => '<string>', 'PlannedEndTime' => <DateTime>, 'PlannedStartTime' => <DateTime>, 'Priority' => <integer>, 'Severity' => '<string>', 'Source' => '<string>', 'Status' => 'Open|InProgress|Resolved|Pending|TimedOut|Cancelling|Cancelled|Failed|CompletedWithSuccess|CompletedWithFailure|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|PendingApproval|Approved|Rejected|Closed', 'Title' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- OpsItemSummaries
-
- Type: Array of OpsItemSummary structures
A list of OpsItems.
Errors
- InternalServerError:
An error occurred on the server side.
DescribeParameters
$result = $client->describeParameters
([/* ... */]); $promise = $client->describeParametersAsync
([/* ... */]);
Lists the parameters in your Amazon Web Services account or the parameters shared with you when you enable the Shared option.
Request results are returned on a best-effort basis. If you specify MaxResults
in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults
. If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken
. You can specify the NextToken
in a subsequent call to get the next set of results.
If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must also update the key alias the parameter uses to reference KMS. Otherwise, DescribeParameters
retrieves whatever the original key alias was referencing.
Parameter Syntax
$result = $client->describeParameters([ 'Filters' => [ [ 'Key' => 'Name|Type|KeyId', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ParameterFilters' => [ [ 'Key' => '<string>', // REQUIRED 'Option' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'Shared' => true || false, ]);
Parameter Details
Members
- Filters
-
- Type: Array of ParametersFilter structures
This data type is deprecated. Instead, use
ParameterFilters
. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- ParameterFilters
-
- Type: Array of ParameterStringFilter structures
Filters to limit the request results.
- Shared
-
- Type: boolean
Lists parameters that are shared with you.
By default when using this option, the command returns parameters that have been shared using a standard Resource Access Manager Resource Share. In order for a parameter that was shared using the PutResourcePolicy command to be returned, the associated
RAM Resource Share Created From Policy
must have been promoted to a standard Resource Share using the RAM PromoteResourceShareCreatedFromPolicy API operation.For more information about sharing parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.
Result Syntax
[ 'NextToken' => '<string>', 'Parameters' => [ [ 'ARN' => '<string>', 'AllowedPattern' => '<string>', 'DataType' => '<string>', 'Description' => '<string>', 'KeyId' => '<string>', 'LastModifiedDate' => <DateTime>, 'LastModifiedUser' => '<string>', 'Name' => '<string>', 'Policies' => [ [ 'PolicyStatus' => '<string>', 'PolicyText' => '<string>', 'PolicyType' => '<string>', ], // ... ], 'Tier' => 'Standard|Advanced|Intelligent-Tiering', 'Type' => 'String|StringList|SecureString', 'Version' => <integer>, ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items.
- Parameters
-
- Type: Array of ParameterMetadata structures
Parameters returned by the request.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidFilterKey:
The specified key isn't valid.
- InvalidFilterOption:
The specified filter option isn't valid. Valid options are Equals and BeginsWith. For Path filter, valid options are Recursive and OneLevel.
- InvalidFilterValue:
The filter value isn't valid. Verify the value and try again.
- InvalidNextToken:
The specified token isn't valid.
DescribePatchBaselines
$result = $client->describePatchBaselines
([/* ... */]); $promise = $client->describePatchBaselinesAsync
([/* ... */]);
Lists the patch baselines in your Amazon Web Services account.
Parameter Syntax
$result = $client->describePatchBaselines([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of PatchOrchestratorFilter structures
Each element in the array is a structure containing a key-value pair.
Supported keys for
DescribePatchBaselines
include the following:-
NAME_PREFIX
Sample values:
AWS-
|My-
-
OWNER
Sample values:
AWS
|Self
-
OPERATING_SYSTEM
Sample values:
AMAZON_LINUX
|SUSE
|WINDOWS
- MaxResults
-
- Type: int
The maximum number of patch baselines to return (per page).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'BaselineIdentities' => [ [ 'BaselineDescription' => '<string>', 'BaselineId' => '<string>', 'BaselineName' => '<string>', 'DefaultBaseline' => true || false, 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- BaselineIdentities
-
- Type: Array of PatchBaselineIdentity structures
An array of
PatchBaselineIdentity
elements. - NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
DescribePatchGroupState
$result = $client->describePatchGroupState
([/* ... */]); $promise = $client->describePatchGroupStateAsync
([/* ... */]);
Returns high-level aggregated patch compliance state information for a patch group.
Parameter Syntax
$result = $client->describePatchGroupState([ 'PatchGroup' => '<string>', // REQUIRED ]);
Parameter Details
Members
- PatchGroup
-
- Required: Yes
- Type: string
The name of the patch group whose patch snapshot should be retrieved.
Result Syntax
[ 'Instances' => <integer>, 'InstancesWithCriticalNonCompliantPatches' => <integer>, 'InstancesWithFailedPatches' => <integer>, 'InstancesWithInstalledOtherPatches' => <integer>, 'InstancesWithInstalledPatches' => <integer>, 'InstancesWithInstalledPendingRebootPatches' => <integer>, 'InstancesWithInstalledRejectedPatches' => <integer>, 'InstancesWithMissingPatches' => <integer>, 'InstancesWithNotApplicablePatches' => <integer>, 'InstancesWithOtherNonCompliantPatches' => <integer>, 'InstancesWithSecurityNonCompliantPatches' => <integer>, 'InstancesWithUnreportedNotApplicablePatches' => <integer>, ]
Result Details
Members
- Instances
-
- Type: int
The number of managed nodes in the patch group.
- InstancesWithCriticalNonCompliantPatches
-
- Type: int
The number of managed nodes where patches that are specified as
Critical
for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes isNON_COMPLIANT
. - InstancesWithFailedPatches
-
- Type: int
The number of managed nodes with patches from the patch baseline that failed to install.
- InstancesWithInstalledOtherPatches
-
- Type: int
The number of managed nodes with patches installed that aren't defined in the patch baseline.
- InstancesWithInstalledPatches
-
- Type: int
The number of managed nodes with installed patches.
- InstancesWithInstalledPendingRebootPatches
-
- Type: int
The number of managed nodes with patches installed by Patch Manager that haven't been rebooted after the patch installation. The status of these managed nodes is
NON_COMPLIANT
. - InstancesWithInstalledRejectedPatches
-
- Type: int
The number of managed nodes with patches installed that are specified in a
RejectedPatches
list. Patches with a status ofINSTALLED_REJECTED
were typically installed before they were added to aRejectedPatches
list.If
ALLOW_AS_DEPENDENCY
is the specified option forRejectedPatchesAction
, the value ofInstancesWithInstalledRejectedPatches
will always be0
(zero). - InstancesWithMissingPatches
-
- Type: int
The number of managed nodes with missing patches from the patch baseline.
- InstancesWithNotApplicablePatches
-
- Type: int
The number of managed nodes with patches that aren't applicable.
- InstancesWithOtherNonCompliantPatches
-
- Type: int
The number of managed nodes with patches installed that are specified as other than
Critical
orSecurity
but aren't compliant with the patch baseline. The status of these managed nodes isNON_COMPLIANT
. - InstancesWithSecurityNonCompliantPatches
-
- Type: int
The number of managed nodes where patches that are specified as
Security
in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes isNON_COMPLIANT
. - InstancesWithUnreportedNotApplicablePatches
-
- Type: int
The number of managed nodes with
NotApplicable
patches beyond the supported limit, which aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidNextToken:
The specified token isn't valid.
DescribePatchGroups
$result = $client->describePatchGroups
([/* ... */]); $promise = $client->describePatchGroupsAsync
([/* ... */]);
Lists all patch groups that have been registered with patch baselines.
Parameter Syntax
$result = $client->describePatchGroups([ 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of PatchOrchestratorFilter structures
Each element in the array is a structure containing a key-value pair.
Supported keys for
DescribePatchGroups
include the following:-
NAME_PREFIX
Sample values:
AWS-
|My-
. -
OPERATING_SYSTEM
Sample values:
AMAZON_LINUX
|SUSE
|WINDOWS
- MaxResults
-
- Type: int
The maximum number of patch groups to return (per page).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'Mappings' => [ [ 'BaselineIdentity' => [ 'BaselineDescription' => '<string>', 'BaselineId' => '<string>', 'BaselineName' => '<string>', 'DefaultBaseline' => true || false, 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', ], 'PatchGroup' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Mappings
-
- Type: Array of PatchGroupPatchBaselineMapping structures
Each entry in the array contains:
-
PatchGroup
: string (between 1 and 256 characters. Regex:^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$)
-
PatchBaselineIdentity
: APatchBaselineIdentity
element.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
DescribePatchProperties
$result = $client->describePatchProperties
([/* ... */]); $promise = $client->describePatchPropertiesAsync
([/* ... */]);
Lists the properties of available patches organized by product, product family, classification, severity, and other properties of available patches. You can use the reported properties in the filters you specify in requests for operations such as CreatePatchBaseline, UpdatePatchBaseline, DescribeAvailablePatches, and DescribePatchBaselines.
The following section lists the properties that can be used in filters for each major operating system type:
- AMAZON_LINUX
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- AMAZON_LINUX_2
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- AMAZON_LINUX_2023
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- CENTOS
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- DEBIAN
-
Valid properties:
PRODUCT
|PRIORITY
- MACOS
-
Valid properties:
PRODUCT
|CLASSIFICATION
- ORACLE_LINUX
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- REDHAT_ENTERPRISE_LINUX
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- SUSE
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- UBUNTU
-
Valid properties:
PRODUCT
|PRIORITY
- WINDOWS
-
Valid properties:
PRODUCT
|PRODUCT_FAMILY
|CLASSIFICATION
|MSRC_SEVERITY
Parameter Syntax
$result = $client->describePatchProperties([ 'MaxResults' => <integer>, 'NextToken' => '<string>', 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', // REQUIRED 'PatchSet' => 'OS|APPLICATION', 'Property' => 'PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|MSRC_SEVERITY|PRIORITY|SEVERITY', // REQUIRED ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- OperatingSystem
-
- Required: Yes
- Type: string
The operating system type for which to list patches.
- PatchSet
-
- Type: string
Indicates whether to list patches for the Windows operating system or for applications released by Microsoft. Not applicable for the Linux or macOS operating systems.
- Property
-
- Required: Yes
- Type: string
The patch property for which you want to view patch details.
Result Syntax
[ 'NextToken' => '<string>', 'Properties' => [ ['<string>', ...], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. (You use this token in the next call.)
- Properties
-
- Type: Array of stringss
A list of the properties for patches matching the filter request parameters.
Errors
- InternalServerError:
An error occurred on the server side.
DescribeSessions
$result = $client->describeSessions
([/* ... */]); $promise = $client->describeSessionsAsync
([/* ... */]);
Retrieves a list of all active sessions (both connected and disconnected) or terminated sessions from the past 30 days.
Parameter Syntax
$result = $client->describeSessions([ 'Filters' => [ [ 'key' => 'InvokedAfter|InvokedBefore|Target|Owner|Status|SessionId', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'State' => 'Active|History', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of SessionFilter structures
One or more filters to limit the type of sessions returned by the request.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- State
-
- Required: Yes
- Type: string
The session status to retrieve a list of sessions for. For example, "Active".
Result Syntax
[ 'NextToken' => '<string>', 'Sessions' => [ [ 'Details' => '<string>', 'DocumentName' => '<string>', 'EndDate' => <DateTime>, 'MaxSessionDuration' => '<string>', 'OutputUrl' => [ 'CloudWatchOutputUrl' => '<string>', 'S3OutputUrl' => '<string>', ], 'Owner' => '<string>', 'Reason' => '<string>', 'SessionId' => '<string>', 'StartDate' => <DateTime>, 'Status' => 'Connected|Connecting|Disconnected|Terminated|Terminating|Failed', 'Target' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- Sessions
-
- Type: Array of Session structures
A list of sessions meeting the request parameters.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidFilterKey:
The specified key isn't valid.
- InvalidNextToken:
The specified token isn't valid.
DisassociateOpsItemRelatedItem
$result = $client->disassociateOpsItemRelatedItem
([/* ... */]); $promise = $client->disassociateOpsItemRelatedItemAsync
([/* ... */]);
Deletes the association between an OpsItem and a related item. For example, this API operation can delete an Incident Manager incident from an OpsItem. Incident Manager is a capability of Amazon Web Services Systems Manager.
Parameter Syntax
$result = $client->disassociateOpsItemRelatedItem([ 'AssociationId' => '<string>', // REQUIRED 'OpsItemId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AssociationId
-
- Required: Yes
- Type: string
The ID of the association for which you want to delete an association between the OpsItem and a related item.
- OpsItemId
-
- Required: Yes
- Type: string
The ID of the OpsItem for which you want to delete an association between the OpsItem and a related item.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemRelatedItemAssociationNotFoundException:
The association wasn't found using the parameters you specified in the call. Verify the information and try again.
- OpsItemNotFoundException:
The specified OpsItem ID doesn't exist. Verify the ID and try again.
- OpsItemInvalidParameterException:
A specified parameter argument isn't valid. Verify the available arguments and try again.
- OpsItemConflictException:
The specified OpsItem is in the process of being deleted.
GetAutomationExecution
$result = $client->getAutomationExecution
([/* ... */]); $promise = $client->getAutomationExecutionAsync
([/* ... */]);
Get detailed information about a particular Automation execution.
Parameter Syntax
$result = $client->getAutomationExecution([ 'AutomationExecutionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AutomationExecutionId
-
- Required: Yes
- Type: string
The unique identifier for an existing automation execution to examine. The execution ID is returned by StartAutomationExecution when the execution of an Automation runbook is initiated.
Result Syntax
[ 'AutomationExecution' => [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'AssociationId' => '<string>', 'AutomationExecutionId' => '<string>', 'AutomationExecutionStatus' => 'Pending|InProgress|Waiting|Success|TimedOut|Cancelling|Cancelled|Failed|PendingApproval|Approved|Rejected|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|CompletedWithSuccess|CompletedWithFailure|Exited', 'AutomationSubtype' => 'ChangeRequest', 'ChangeRequestName' => '<string>', 'CurrentAction' => '<string>', 'CurrentStepName' => '<string>', 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'ExecutedBy' => '<string>', 'ExecutionEndTime' => <DateTime>, 'ExecutionStartTime' => <DateTime>, 'FailureMessage' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Mode' => 'Auto|Interactive', 'OpsItemId' => '<string>', 'Outputs' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'ParentAutomationExecutionId' => '<string>', 'ProgressCounters' => [ 'CancelledSteps' => <integer>, 'FailedSteps' => <integer>, 'SuccessSteps' => <integer>, 'TimedOutSteps' => <integer>, 'TotalSteps' => <integer>, ], 'ResolvedTargets' => [ 'ParameterValues' => ['<string>', ...], 'Truncated' => true || false, ], 'Runbooks' => [ [ 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'TargetParameterName' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ], // ... ], 'ScheduledTime' => <DateTime>, 'StepExecutions' => [ [ 'Action' => '<string>', 'ExecutionEndTime' => <DateTime>, 'ExecutionStartTime' => <DateTime>, 'FailureDetails' => [ 'Details' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'FailureStage' => '<string>', 'FailureType' => '<string>', ], 'FailureMessage' => '<string>', 'Inputs' => ['<string>', ...], 'IsCritical' => true || false, 'IsEnd' => true || false, 'MaxAttempts' => <integer>, 'NextStep' => '<string>', 'OnFailure' => '<string>', 'Outputs' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'OverriddenParameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'ParentStepDetails' => [ 'Action' => '<string>', 'Iteration' => <integer>, 'IteratorValue' => '<string>', 'StepExecutionId' => '<string>', 'StepName' => '<string>', ], 'Response' => '<string>', 'ResponseCode' => '<string>', 'StepExecutionId' => '<string>', 'StepName' => '<string>', 'StepStatus' => 'Pending|InProgress|Waiting|Success|TimedOut|Cancelling|Cancelled|Failed|PendingApproval|Approved|Rejected|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|CompletedWithSuccess|CompletedWithFailure|Exited', 'TargetLocation' => [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TimeoutSeconds' => <integer>, 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], 'ValidNextSteps' => ['<string>', ...], ], // ... ], 'StepExecutionsTruncated' => true || false, 'Target' => '<string>', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetLocationsURL' => '<string>', 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'TargetParameterName' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], 'Variables' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], ], ]
Result Details
Members
- AutomationExecution
-
- Type: AutomationExecution structure
Detailed information about the current state of an automation execution.
Errors
- AutomationExecutionNotFoundException:
There is no automation execution information for the requested automation execution ID.
- InternalServerError:
An error occurred on the server side.
GetCalendarState
$result = $client->getCalendarState
([/* ... */]); $promise = $client->getCalendarStateAsync
([/* ... */]);
Gets the state of a Amazon Web Services Systems Manager change calendar at the current time or a specified time. If you specify a time, GetCalendarState
returns the state of the calendar at that specific time, and returns the next time that the change calendar state will transition. If you don't specify a time, GetCalendarState
uses the current time. Change Calendar entries have two possible states: OPEN
or CLOSED
.
If you specify more than one calendar in a request, the command returns the status of OPEN
only if all calendars in the request are open. If one or more calendars in the request are closed, the status returned is CLOSED
.
For more information about Change Calendar, a capability of Amazon Web Services Systems Manager, see Amazon Web Services Systems Manager Change Calendar in the Amazon Web Services Systems Manager User Guide.
Parameter Syntax
$result = $client->getCalendarState([ 'AtTime' => '<string>', 'CalendarNames' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- AtTime
-
- Type: string
(Optional) The specific time for which you want to get calendar state information, in ISO 8601 format. If you don't specify a value or
AtTime
, the current time is used. - CalendarNames
-
- Required: Yes
- Type: Array of strings
The names or Amazon Resource Names (ARNs) of the Systems Manager documents (SSM documents) that represent the calendar entries for which you want to get the state.
Result Syntax
[ 'AtTime' => '<string>', 'NextTransitionTime' => '<string>', 'State' => 'OPEN|CLOSED', ]
Result Details
Members
- AtTime
-
- Type: string
The time, as an ISO 8601 string, that you specified in your command. If you don't specify a time,
GetCalendarState
uses the current time. - NextTransitionTime
-
- Type: string
The time, as an ISO 8601 string, that the calendar state will change. If the current calendar state is
OPEN
,NextTransitionTime
indicates when the calendar state changes toCLOSED
, and vice-versa. - State
-
- Type: string
The state of the calendar. An
OPEN
calendar indicates that actions are allowed to proceed, and aCLOSED
calendar indicates that actions aren't allowed to proceed.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentType:
The SSM document type isn't valid. Valid document types are described in the
DocumentType
property.- UnsupportedCalendarException:
The calendar entry contained in the specified SSM document isn't supported.
GetCommandInvocation
$result = $client->getCommandInvocation
([/* ... */]); $promise = $client->getCommandInvocationAsync
([/* ... */]);
Returns detailed information about command execution for an invocation or plugin. The Run Command API follows an eventual consistency model, due to the distributed nature of the system supporting the API. This means that the result of an API command you run that affects your resources might not be immediately visible to all subsequent commands you run. You should keep this in mind when you carry out an API command that immediately follows a previous API command.
GetCommandInvocation
only gives the execution status of a plugin in a document. To get the command execution status on a specific managed node, use ListCommandInvocations. To get the command execution status across managed nodes, use ListCommands.
Parameter Syntax
$result = $client->getCommandInvocation([ 'CommandId' => '<string>', // REQUIRED 'InstanceId' => '<string>', // REQUIRED 'PluginName' => '<string>', ]);
Parameter Details
Members
- CommandId
-
- Required: Yes
- Type: string
(Required) The parent command ID of the invocation plugin.
- InstanceId
-
- Required: Yes
- Type: string
(Required) The ID of the managed node targeted by the command. A managed node can be an Amazon Elastic Compute Cloud (Amazon EC2) instance, edge device, and on-premises server or VM in your hybrid environment that is configured for Amazon Web Services Systems Manager.
- PluginName
-
- Type: string
The name of the step for which you want detailed results. If the document contains only one step, you can omit the name and details for that step. If the document contains more than one step, you must specify the name of the step for which you want to view details. Be sure to specify the name of the step, not the name of a plugin like
aws:RunShellScript
.To find the
PluginName
, check the document content and find the name of the step you want details for. Alternatively, use ListCommandInvocations with theCommandId
andDetails
parameters. ThePluginName
is theName
attribute of theCommandPlugin
object in theCommandPlugins
list.
Result Syntax
[ 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'CommandId' => '<string>', 'Comment' => '<string>', 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'ExecutionElapsedTime' => '<string>', 'ExecutionEndDateTime' => '<string>', 'ExecutionStartDateTime' => '<string>', 'InstanceId' => '<string>', 'PluginName' => '<string>', 'ResponseCode' => <integer>, 'StandardErrorContent' => '<string>', 'StandardErrorUrl' => '<string>', 'StandardOutputContent' => '<string>', 'StandardOutputUrl' => '<string>', 'Status' => 'Pending|InProgress|Delayed|Success|Cancelled|TimedOut|Failed|Cancelling', 'StatusDetails' => '<string>', ]
Result Details
Members
- CloudWatchOutputConfig
-
- Type: CloudWatchOutputConfig structure
Amazon CloudWatch Logs information where Systems Manager sent the command output.
- CommandId
-
- Type: string
The parent command ID of the invocation plugin.
- Comment
-
- Type: string
The comment text for the command.
- DocumentName
-
- Type: string
The name of the document that was run. For example,
AWS-RunShellScript
. - DocumentVersion
-
- Type: string
The Systems Manager document (SSM document) version used in the request.
- ExecutionElapsedTime
-
- Type: string
Duration since
ExecutionStartDateTime
. - ExecutionEndDateTime
-
- Type: string
The date and time the plugin finished running. Date and time are written in ISO 8601 format. For example, June 7, 2017 is represented as 2017-06-7. The following sample Amazon Web Services CLI command uses the
InvokedAfter
filter.aws ssm list-commands --filters key=InvokedAfter,value=2017-06-07T00:00:00Z
If the plugin hasn't started to run, the string is empty.
- ExecutionStartDateTime
-
- Type: string
The date and time the plugin started running. Date and time are written in ISO 8601 format. For example, June 7, 2017 is represented as 2017-06-7. The following sample Amazon Web Services CLI command uses the
InvokedBefore
filter.aws ssm list-commands --filters key=InvokedBefore,value=2017-06-07T00:00:00Z
If the plugin hasn't started to run, the string is empty.
- InstanceId
-
- Type: string
The ID of the managed node targeted by the command. A managed node can be an Amazon Elastic Compute Cloud (Amazon EC2) instance, edge device, or on-premises server or VM in your hybrid environment that is configured for Amazon Web Services Systems Manager.
- PluginName
-
- Type: string
The name of the plugin, or step name, for which details are reported. For example,
aws:RunShellScript
is a plugin. - ResponseCode
-
- Type: int
The error level response code for the plugin script. If the response code is
-1
, then the command hasn't started running on the managed node, or it wasn't received by the node. - StandardErrorContent
-
- Type: string
The first 8,000 characters written by the plugin to
stderr
. If the command hasn't finished running, then this string is empty. - StandardErrorUrl
-
- Type: string
The URL for the complete text written by the plugin to
stderr
. If the command hasn't finished running, then this string is empty. - StandardOutputContent
-
- Type: string
The first 24,000 characters written by the plugin to
stdout
. If the command hasn't finished running, ifExecutionStatus
is neither Succeeded nor Failed, then this string is empty. - StandardOutputUrl
-
- Type: string
The URL for the complete text written by the plugin to
stdout
in Amazon Simple Storage Service (Amazon S3). If an S3 bucket wasn't specified, then this string is empty. - Status
-
- Type: string
The status of this invocation plugin. This status can be different than
StatusDetails
. - StatusDetails
-
- Type: string
A detailed status of the command execution for an invocation.
StatusDetails
includes more information thanStatus
because it includes states resulting from error and concurrency control parameters.StatusDetails
can show different results thanStatus
. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide.StatusDetails
can be one of the following values:-
Pending: The command hasn't been sent to the managed node.
-
In Progress: The command has been sent to the managed node but hasn't reached a terminal state.
-
Delayed: The system attempted to send the command to the target, but the target wasn't available. The managed node might not be available because of network issues, because the node was stopped, or for similar reasons. The system will try to send the command again.
-
Success: The command or plugin ran successfully. This is a terminal state.
-
Delivery Timed Out: The command wasn't delivered to the managed node before the delivery timeout expired. Delivery timeouts don't count against the parent command's
MaxErrors
limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state. -
Execution Timed Out: The command started to run on the managed node, but the execution wasn't complete before the timeout expired. Execution timeouts count against the
MaxErrors
limit of the parent command. This is a terminal state. -
Failed: The command wasn't run successfully on the managed node. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the
MaxErrors
limit of the parent command. This is a terminal state. -
Cancelled: The command was terminated before it was completed. This is a terminal state.
-
Undeliverable: The command can't be delivered to the managed node. The node might not exist or might not be responding. Undeliverable invocations don't count against the parent command's
MaxErrors
limit and don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state. -
Terminated: The parent command exceeded its
MaxErrors
limit and subsequent command invocations were canceled by the system. This is a terminal state.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidCommandId:
The specified command ID isn't valid. Verify the ID and try again.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidPluginName:
The plugin name isn't valid.
- InvocationDoesNotExist:
The command ID and managed node ID you specified didn't match any invocations. Verify the command ID and the managed node ID and try again.
GetConnectionStatus
$result = $client->getConnectionStatus
([/* ... */]); $promise = $client->getConnectionStatusAsync
([/* ... */]);
Retrieves the Session Manager connection status for a managed node to determine whether it is running and ready to receive Session Manager connections.
Parameter Syntax
$result = $client->getConnectionStatus([ 'Target' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Target
-
- Required: Yes
- Type: string
The managed node ID.
Result Syntax
[ 'Status' => 'connected|notconnected', 'Target' => '<string>', ]
Result Details
Members
- Status
-
- Type: string
The status of the connection to the managed node.
- Target
-
- Type: string
The ID of the managed node to check connection status.
Errors
- InternalServerError:
An error occurred on the server side.
GetDefaultPatchBaseline
$result = $client->getDefaultPatchBaseline
([/* ... */]); $promise = $client->getDefaultPatchBaselineAsync
([/* ... */]);
Retrieves the default patch baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
If you don't specify an operating system value, the default patch baseline for Windows is returned.
Parameter Syntax
$result = $client->getDefaultPatchBaseline([ 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', ]);
Parameter Details
Members
- OperatingSystem
-
- Type: string
Returns the default patch baseline for the specified operating system.
Result Syntax
[ 'BaselineId' => '<string>', 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', ]
Result Details
Members
- BaselineId
-
- Type: string
The ID of the default patch baseline.
- OperatingSystem
-
- Type: string
The operating system for the returned patch baseline.
Errors
- InternalServerError:
An error occurred on the server side.
GetDeployablePatchSnapshotForInstance
$result = $client->getDeployablePatchSnapshotForInstance
([/* ... */]); $promise = $client->getDeployablePatchSnapshotForInstanceAsync
([/* ... */]);
Retrieves the current snapshot for the patch baseline the managed node uses. This API is primarily used by the AWS-RunPatchBaseline
Systems Manager document (SSM document).
If you run the command locally, such as with the Command Line Interface (CLI), the system attempts to use your local Amazon Web Services credentials and the operation fails. To avoid this, you can run the command in the Amazon Web Services Systems Manager console. Use Run Command, a capability of Amazon Web Services Systems Manager, with an SSM document that enables you to target a managed node with a script or command. For example, run the command using the AWS-RunShellScript
document or the AWS-RunPowerShellScript
document.
Parameter Syntax
$result = $client->getDeployablePatchSnapshotForInstance([ 'BaselineOverride' => [ 'ApprovalRules' => [ 'PatchRules' => [ // REQUIRED [ 'ApproveAfterDays' => <integer>, 'ApproveUntilDate' => '<string>', 'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'EnableNonSecurity' => true || false, 'PatchFilterGroup' => [ // REQUIRED 'PatchFilters' => [ // REQUIRED [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], ], ], // ... ], ], 'ApprovedPatches' => ['<string>', ...], 'ApprovedPatchesComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'ApprovedPatchesEnableNonSecurity' => true || false, 'GlobalFilters' => [ 'PatchFilters' => [ // REQUIRED [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], ], 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', 'RejectedPatches' => ['<string>', ...], 'RejectedPatchesAction' => 'ALLOW_AS_DEPENDENCY|BLOCK', 'Sources' => [ [ 'Configuration' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED 'Products' => ['<string>', ...], // REQUIRED ], // ... ], ], 'InstanceId' => '<string>', // REQUIRED 'SnapshotId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- BaselineOverride
-
- Type: BaselineOverride structure
Defines the basic information about a patch baseline override.
- InstanceId
-
- Required: Yes
- Type: string
The ID of the managed node for which the appropriate patch snapshot should be retrieved.
- SnapshotId
-
- Required: Yes
- Type: string
The snapshot ID provided by the user when running
AWS-RunPatchBaseline
.
Result Syntax
[ 'InstanceId' => '<string>', 'Product' => '<string>', 'SnapshotDownloadUrl' => '<string>', 'SnapshotId' => '<string>', ]
Result Details
Members
- InstanceId
-
- Type: string
The managed node ID.
- Product
-
- Type: string
Returns the specific operating system (for example Windows Server 2012 or Amazon Linux 2015.09) on the managed node for the specified patch snapshot.
- SnapshotDownloadUrl
-
- Type: string
A pre-signed Amazon Simple Storage Service (Amazon S3) URL that can be used to download the patch snapshot.
- SnapshotId
-
- Type: string
The user-defined snapshot ID.
Errors
- InternalServerError:
An error occurred on the server side.
- UnsupportedOperatingSystem:
The operating systems you specified isn't supported, or the operation isn't supported for the operating system.
- UnsupportedFeatureRequiredException:
Patching for applications released by Microsoft is only available on EC2 instances and advanced instances. To patch applications released by Microsoft on on-premises servers and VMs, you must enable advanced instances. For more information, see Turning on the advanced-instances tier in the Amazon Web Services Systems Manager User Guide.
GetDocument
$result = $client->getDocument
([/* ... */]); $promise = $client->getDocumentAsync
([/* ... */]);
Gets the contents of the specified Amazon Web Services Systems Manager document (SSM document).
Parameter Syntax
$result = $client->getDocument([ 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentVersion' => '<string>', 'Name' => '<string>', // REQUIRED 'VersionName' => '<string>', ]);
Parameter Details
Members
- DocumentFormat
-
- Type: string
Returns the document in the specified format. The document format can be either JSON or YAML. JSON is the default format.
- DocumentVersion
-
- Type: string
The document version for which you want information.
- Name
-
- Required: Yes
- Type: string
The name of the SSM document.
- VersionName
-
- Type: string
An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document and can't be changed.
Result Syntax
[ 'AttachmentsContent' => [ [ 'Hash' => '<string>', 'HashType' => 'Sha256', 'Name' => '<string>', 'Size' => <integer>, 'Url' => '<string>', ], // ... ], 'Content' => '<string>', 'CreatedDate' => <DateTime>, 'DisplayName' => '<string>', 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup', 'DocumentVersion' => '<string>', 'Name' => '<string>', 'Requires' => [ [ 'Name' => '<string>', 'RequireType' => '<string>', 'Version' => '<string>', 'VersionName' => '<string>', ], // ... ], 'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', 'Status' => 'Creating|Active|Updating|Deleting|Failed', 'StatusInformation' => '<string>', 'VersionName' => '<string>', ]
Result Details
Members
- AttachmentsContent
-
- Type: Array of AttachmentContent structures
A description of the document attachments, including names, locations, sizes, and so on.
- Content
-
- Type: string
The contents of the SSM document.
- CreatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the SSM document was created.
- DisplayName
-
- Type: string
The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.
- DocumentFormat
-
- Type: string
The document format, either JSON or YAML.
- DocumentType
-
- Type: string
The document type.
- DocumentVersion
-
- Type: string
The document version.
- Name
-
- Type: string
The name of the SSM document.
- Requires
-
- Type: Array of DocumentRequires structures
A list of SSM documents required by a document. For example, an
ApplicationConfiguration
document requires anApplicationConfigurationSchema
document. - ReviewStatus
-
- Type: string
The current review status of a new custom Systems Manager document (SSM document) created by a member of your organization, or of the latest version of an existing SSM document.
Only one version of an SSM document can be in the APPROVED state at a time. When a new version is approved, the status of the previous version changes to REJECTED.
Only one version of an SSM document can be in review, or PENDING, at a time.
- Status
-
- Type: string
The status of the SSM document, such as
Creating
,Active
,Updating
,Failed
, andDeleting
. - StatusInformation
-
- Type: string
A message returned by Amazon Web Services Systems Manager that explains the
Status
value. For example, aFailed
status might be explained by theStatusInformation
message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct." - VersionName
-
- Type: string
The version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
GetInventory
$result = $client->getInventory
([/* ... */]); $promise = $client->getInventoryAsync
([/* ... */]);
Query inventory information. This includes managed node status, such as Stopped
or Terminated
.
Parameter Syntax
$result = $client->getInventory([ 'Aggregators' => [ [ 'Aggregators' => [...], // RECURSIVE 'Expression' => '<string>', 'Groups' => [ [ 'Filters' => [ // REQUIRED [ 'Key' => '<string>', // REQUIRED 'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists', 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'Name' => '<string>', // REQUIRED ], // ... ], ], // ... ], 'Filters' => [ [ 'Key' => '<string>', // REQUIRED 'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists', 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ResultAttributes' => [ [ 'TypeName' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- Aggregators
-
- Type: Array of InventoryAggregator structures
Returns counts of inventory types based on one or more expressions. For example, if you aggregate by using an expression that uses the
AWS:InstanceInformation.PlatformType
type, you can see a count of how many Windows and Linux managed nodes exist in your inventoried fleet. - Filters
-
- Type: Array of InventoryFilter structures
One or more filters. Use a filter to return a more specific list of results.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- ResultAttributes
-
- Type: Array of ResultAttribute structures
The list of inventory item types to return.
Result Syntax
[ 'Entities' => [ [ 'Data' => [ '<InventoryResultItemKey>' => [ 'CaptureTime' => '<string>', 'Content' => [ ['<string>', ...], // ... ], 'ContentHash' => '<string>', 'SchemaVersion' => '<string>', 'TypeName' => '<string>', ], // ... ], 'Id' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Entities
-
- Type: Array of InventoryResultEntity structures
Collection of inventory entities such as a collection of managed node inventory.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidInventoryGroupException:
The specified inventory group isn't valid.
- InvalidNextToken:
The specified token isn't valid.
- InvalidTypeNameException:
The parameter type name isn't valid.
- InvalidAggregatorException:
The specified aggregator isn't valid for inventory groups. Verify that the aggregator uses a valid inventory type such as
AWS:Application
orAWS:InstanceInformation
.- InvalidResultAttributeException:
The specified inventory item result attribute isn't valid.
GetInventorySchema
$result = $client->getInventorySchema
([/* ... */]); $promise = $client->getInventorySchemaAsync
([/* ... */]);
Return a list of inventory type names for the account, or return a list of attribute names for a specific Inventory item type.
Parameter Syntax
$result = $client->getInventorySchema([ 'Aggregator' => true || false, 'MaxResults' => <integer>, 'NextToken' => '<string>', 'SubType' => true || false, 'TypeName' => '<string>', ]);
Parameter Details
Members
- Aggregator
-
- Type: boolean
Returns inventory schemas that support aggregation. For example, this call returns the
AWS:InstanceInformation
type, because it supports aggregation based on thePlatformName
,PlatformType
, andPlatformVersion
attributes. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- SubType
-
- Type: boolean
Returns the sub-type schema for a specified inventory type.
- TypeName
-
- Type: string
The type of inventory item to return.
Result Syntax
[ 'NextToken' => '<string>', 'Schemas' => [ [ 'Attributes' => [ [ 'DataType' => 'string|number', 'Name' => '<string>', ], // ... ], 'DisplayName' => '<string>', 'TypeName' => '<string>', 'Version' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- Schemas
-
- Type: Array of InventoryItemSchema structures
Inventory schemas returned by the request.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidTypeNameException:
The parameter type name isn't valid.
- InvalidNextToken:
The specified token isn't valid.
GetMaintenanceWindow
$result = $client->getMaintenanceWindow
([/* ... */]); $promise = $client->getMaintenanceWindowAsync
([/* ... */]);
Retrieves a maintenance window.
Parameter Syntax
$result = $client->getMaintenanceWindow([ 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window for which you want to retrieve information.
Result Syntax
[ 'AllowUnassociatedTargets' => true || false, 'CreatedDate' => <DateTime>, 'Cutoff' => <integer>, 'Description' => '<string>', 'Duration' => <integer>, 'Enabled' => true || false, 'EndDate' => '<string>', 'ModifiedDate' => <DateTime>, 'Name' => '<string>', 'NextExecutionTime' => '<string>', 'Schedule' => '<string>', 'ScheduleOffset' => <integer>, 'ScheduleTimezone' => '<string>', 'StartDate' => '<string>', 'WindowId' => '<string>', ]
Result Details
Members
- AllowUnassociatedTargets
-
- Type: boolean
Whether targets must be registered with the maintenance window before tasks can be defined for those targets.
- CreatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the maintenance window was created.
- Cutoff
-
- Type: int
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
- Description
-
- Type: string
The description of the maintenance window.
- Duration
-
- Type: int
The duration of the maintenance window in hours.
- Enabled
-
- Type: boolean
Indicates whether the maintenance window is enabled.
- EndDate
-
- Type: string
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive. The maintenance window won't run after this specified time.
- ModifiedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the maintenance window was last modified.
- Name
-
- Type: string
The name of the maintenance window.
- NextExecutionTime
-
- Type: string
The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive.
- Schedule
-
- Type: string
The schedule of the maintenance window in the form of a cron or rate expression.
- ScheduleOffset
-
- Type: int
The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
- ScheduleTimezone
-
- Type: string
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
- StartDate
-
- Type: string
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. The maintenance window won't run before this specified time.
- WindowId
-
- Type: string
The ID of the created maintenance window.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
GetMaintenanceWindowExecution
$result = $client->getMaintenanceWindowExecution
([/* ... */]); $promise = $client->getMaintenanceWindowExecutionAsync
([/* ... */]);
Retrieves details about a specific a maintenance window execution.
Parameter Syntax
$result = $client->getMaintenanceWindowExecution([ 'WindowExecutionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- WindowExecutionId
-
- Required: Yes
- Type: string
The ID of the maintenance window execution that includes the task.
Result Syntax
[ 'EndTime' => <DateTime>, 'StartTime' => <DateTime>, 'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING', 'StatusDetails' => '<string>', 'TaskIds' => ['<string>', ...], 'WindowExecutionId' => '<string>', ]
Result Details
Members
- EndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the maintenance window finished running.
- StartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the maintenance window started running.
- Status
-
- Type: string
The status of the maintenance window execution.
- StatusDetails
-
- Type: string
The details explaining the status. Not available for all status values.
- TaskIds
-
- Type: Array of strings
The ID of the task executions from the maintenance window execution.
- WindowExecutionId
-
- Type: string
The ID of the maintenance window execution.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
GetMaintenanceWindowExecutionTask
$result = $client->getMaintenanceWindowExecutionTask
([/* ... */]); $promise = $client->getMaintenanceWindowExecutionTaskAsync
([/* ... */]);
Retrieves the details about a specific task run as part of a maintenance window execution.
Parameter Syntax
$result = $client->getMaintenanceWindowExecutionTask([ 'TaskId' => '<string>', // REQUIRED 'WindowExecutionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- TaskId
-
- Required: Yes
- Type: string
The ID of the specific task execution in the maintenance window task that should be retrieved.
- WindowExecutionId
-
- Required: Yes
- Type: string
The ID of the maintenance window execution that includes the task.
Result Syntax
[ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'EndTime' => <DateTime>, 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Priority' => <integer>, 'ServiceRole' => '<string>', 'StartTime' => <DateTime>, 'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING', 'StatusDetails' => '<string>', 'TaskArn' => '<string>', 'TaskExecutionId' => '<string>', 'TaskParameters' => [ [ '<MaintenanceWindowTaskParameterName>' => [ 'Values' => ['<string>', ...], ], // ... ], // ... ], 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], 'Type' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', 'WindowExecutionId' => '<string>', ]
Result Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm you applied to your maintenance window task.
- EndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the task execution completed.
- MaxConcurrency
-
- Type: string
The defined maximum number of task executions that could be run in parallel.
- MaxErrors
-
- Type: string
The defined maximum number of task execution errors allowed before scheduling of the task execution would have been stopped.
- Priority
-
- Type: int
The priority of the task.
- ServiceRole
-
- Type: string
The role that was assumed when running the task.
- StartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the task execution started.
- Status
-
- Type: string
The status of the task.
- StatusDetails
-
- Type: string
The details explaining the status. Not available for all status values.
- TaskArn
-
- Type: string
The Amazon Resource Name (ARN) of the task that ran.
- TaskExecutionId
-
- Type: string
The ID of the specific task execution in the maintenance window task that was retrieved.
- TaskParameters
-
- Type: Array of MaintenanceWindowTaskParameterValueExpression structuress
The parameters passed to the task when it was run.
TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.The map has the following format:
-
Key
: string, between 1 and 255 characters -
Value
: an array of strings, each between 1 and 255 characters
- TriggeredAlarms
-
- Type: Array of AlarmStateInformation structures
The CloudWatch alarms that were invoked by the maintenance window task.
- Type
-
- Type: string
The type of task that was run.
- WindowExecutionId
-
- Type: string
The ID of the maintenance window execution that includes the task.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
GetMaintenanceWindowExecutionTaskInvocation
$result = $client->getMaintenanceWindowExecutionTaskInvocation
([/* ... */]); $promise = $client->getMaintenanceWindowExecutionTaskInvocationAsync
([/* ... */]);
Retrieves information about a specific task running on a specific target.
Parameter Syntax
$result = $client->getMaintenanceWindowExecutionTaskInvocation([ 'InvocationId' => '<string>', // REQUIRED 'TaskId' => '<string>', // REQUIRED 'WindowExecutionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- InvocationId
-
- Required: Yes
- Type: string
The invocation ID to retrieve.
- TaskId
-
- Required: Yes
- Type: string
The ID of the specific task in the maintenance window task that should be retrieved.
- WindowExecutionId
-
- Required: Yes
- Type: string
The ID of the maintenance window execution for which the task is a part.
Result Syntax
[ 'EndTime' => <DateTime>, 'ExecutionId' => '<string>', 'InvocationId' => '<string>', 'OwnerInformation' => '<string>', 'Parameters' => '<string>', 'StartTime' => <DateTime>, 'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING', 'StatusDetails' => '<string>', 'TaskExecutionId' => '<string>', 'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', 'WindowExecutionId' => '<string>', 'WindowTargetId' => '<string>', ]
Result Details
Members
- EndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time that the task finished running on the target.
- ExecutionId
-
- Type: string
The execution ID.
- InvocationId
-
- Type: string
The invocation ID.
- OwnerInformation
-
- Type: string
User-provided value to be included in any Amazon CloudWatch Events or Amazon EventBridge events raised while running tasks for these targets in this maintenance window.
- Parameters
-
- Type: string
The parameters used at the time that the task ran.
- StartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time that the task started running on the target.
- Status
-
- Type: string
The task status for an invocation.
- StatusDetails
-
- Type: string
The details explaining the status. Details are only available for certain status values.
- TaskExecutionId
-
- Type: string
The task execution ID.
- TaskType
-
- Type: string
Retrieves the task type for a maintenance window.
- WindowExecutionId
-
- Type: string
The maintenance window execution ID.
- WindowTargetId
-
- Type: string
The maintenance window target ID.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
GetMaintenanceWindowTask
$result = $client->getMaintenanceWindowTask
([/* ... */]); $promise = $client->getMaintenanceWindowTaskAsync
([/* ... */]);
Retrieves the details of a maintenance window task.
For maintenance window tasks without a specified target, you can't supply values for --max-errors
and --max-concurrency
. Instead, the system inserts a placeholder value of 1
, which may be reported in the response to this command. These values don't affect the running of your task and can be ignored.
To retrieve a list of tasks in a maintenance window, instead use the DescribeMaintenanceWindowTasks command.
Parameter Syntax
$result = $client->getMaintenanceWindowTask([ 'WindowId' => '<string>', // REQUIRED 'WindowTaskId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- WindowId
-
- Required: Yes
- Type: string
The maintenance window ID that includes the task to retrieve.
- WindowTaskId
-
- Required: Yes
- Type: string
The maintenance window task ID to retrieve.
Result Syntax
[ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'CutoffBehavior' => 'CONTINUE_TASK|CANCEL_TASK', 'Description' => '<string>', 'LoggingInfo' => [ 'S3BucketName' => '<string>', 'S3KeyPrefix' => '<string>', 'S3Region' => '<string>', ], 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'Priority' => <integer>, 'ServiceRoleArn' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TaskArn' => '<string>', 'TaskInvocationParameters' => [ 'Automation' => [ 'DocumentVersion' => '<string>', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], ], 'Lambda' => [ 'ClientContext' => '<string>', 'Payload' => <string || resource || Psr\Http\Message\StreamInterface>, 'Qualifier' => '<string>', ], 'RunCommand' => [ 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'Comment' => '<string>', 'DocumentHash' => '<string>', 'DocumentHashType' => 'Sha256|Sha1', 'DocumentVersion' => '<string>', 'NotificationConfig' => [ 'NotificationArn' => '<string>', 'NotificationEvents' => ['<string>', ...], 'NotificationType' => 'Command|Invocation', ], 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ServiceRoleArn' => '<string>', 'TimeoutSeconds' => <integer>, ], 'StepFunctions' => [ 'Input' => '<string>', 'Name' => '<string>', ], ], 'TaskParameters' => [ '<MaintenanceWindowTaskParameterName>' => [ 'Values' => ['<string>', ...], ], // ... ], 'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', 'WindowId' => '<string>', 'WindowTaskId' => '<string>', ]
Result Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm you applied to your maintenance window task.
- CutoffBehavior
-
- Type: string
The action to take on tasks when the maintenance window cutoff time is reached.
CONTINUE_TASK
means that tasks continue to run. For Automation, Lambda, Step Functions tasks,CANCEL_TASK
means that currently running task invocations continue, but no new task invocations are started. For Run Command tasks,CANCEL_TASK
means the system attempts to stop the task by sending aCancelCommand
operation. - Description
-
- Type: string
The retrieved task description.
- LoggingInfo
-
- Type: LoggingInfo structure
The location in Amazon Simple Storage Service (Amazon S3) where the task results are logged.
LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. - MaxConcurrency
-
- Type: string
The maximum number of targets allowed to run this task in parallel.
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of
1
, which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored. - MaxErrors
-
- Type: string
The maximum number of errors allowed before the task stops being scheduled.
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of
1
, which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored. - Name
-
- Type: string
The retrieved task name.
- Priority
-
- Type: int
The priority of the task when it runs. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
- ServiceRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run
RegisterTaskWithMaintenanceWindow
.However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.
- Targets
-
- Type: Array of Target structures
The targets where the task should run.
- TaskArn
-
- Type: string
The resource that the task used during execution. For
RUN_COMMAND
andAUTOMATION
task types, the value ofTaskArn
is the SSM document name/ARN. ForLAMBDA
tasks, the value is the function name/ARN. ForSTEP_FUNCTIONS
tasks, the value is the state machine ARN. - TaskInvocationParameters
-
- Type: MaintenanceWindowTaskInvocationParameters structure
The parameters to pass to the task when it runs.
- TaskParameters
-
- Type: Associative array of custom strings keys (MaintenanceWindowTaskParameterName) to MaintenanceWindowTaskParameterValueExpression structures
The parameters to pass to the task when it runs.
TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. - TaskType
-
- Type: string
The type of task to run.
- WindowId
-
- Type: string
The retrieved maintenance window ID.
- WindowTaskId
-
- Type: string
The retrieved maintenance window task ID.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
GetOpsItem
$result = $client->getOpsItem
([/* ... */]); $promise = $client->getOpsItemAsync
([/* ... */]);
Get information about an OpsItem by using the ID. You must have permission in Identity and Access Management (IAM) to view information about an OpsItem. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.
Parameter Syntax
$result = $client->getOpsItem([ 'OpsItemArn' => '<string>', 'OpsItemId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- OpsItemArn
-
- Type: string
The OpsItem Amazon Resource Name (ARN).
- OpsItemId
-
- Required: Yes
- Type: string
The ID of the OpsItem that you want to get.
Result Syntax
[ 'OpsItem' => [ 'ActualEndTime' => <DateTime>, 'ActualStartTime' => <DateTime>, 'Category' => '<string>', 'CreatedBy' => '<string>', 'CreatedTime' => <DateTime>, 'Description' => '<string>', 'LastModifiedBy' => '<string>', 'LastModifiedTime' => <DateTime>, 'Notifications' => [ [ 'Arn' => '<string>', ], // ... ], 'OperationalData' => [ '<OpsItemDataKey>' => [ 'Type' => 'SearchableString|String', 'Value' => '<string>', ], // ... ], 'OpsItemArn' => '<string>', 'OpsItemId' => '<string>', 'OpsItemType' => '<string>', 'PlannedEndTime' => <DateTime>, 'PlannedStartTime' => <DateTime>, 'Priority' => <integer>, 'RelatedOpsItems' => [ [ 'OpsItemId' => '<string>', ], // ... ], 'Severity' => '<string>', 'Source' => '<string>', 'Status' => 'Open|InProgress|Resolved|Pending|TimedOut|Cancelling|Cancelled|Failed|CompletedWithSuccess|CompletedWithFailure|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|PendingApproval|Approved|Rejected|Closed', 'Title' => '<string>', 'Version' => '<string>', ], ]
Result Details
Members
- OpsItem
-
- Type: OpsItem structure
The OpsItem.
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemNotFoundException:
The specified OpsItem ID doesn't exist. Verify the ID and try again.
- OpsItemAccessDeniedException:
You don't have permission to view OpsItems in the specified account. Verify that your account is configured either as a Systems Manager delegated administrator or that you are logged into the Organizations management account.
GetOpsMetadata
$result = $client->getOpsMetadata
([/* ... */]); $promise = $client->getOpsMetadataAsync
([/* ... */]);
View operational metadata related to an application in Application Manager.
Parameter Syntax
$result = $client->getOpsMetadata([ 'MaxResults' => <integer>, 'NextToken' => '<string>', 'OpsMetadataArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
- OpsMetadataArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of an OpsMetadata Object to view.
Result Syntax
[ 'Metadata' => [ '<MetadataKey>' => [ 'Value' => '<string>', ], // ... ], 'NextToken' => '<string>', 'ResourceId' => '<string>', ]
Result Details
Members
- Metadata
-
- Type: Associative array of custom strings keys (MetadataKey) to MetadataValue structures
OpsMetadata for an Application Manager application.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- ResourceId
-
- Type: string
The resource ID of the Application Manager application.
Errors
- OpsMetadataNotFoundException:
The OpsMetadata object doesn't exist.
- OpsMetadataInvalidArgumentException:
One of the arguments passed is invalid.
- InternalServerError:
An error occurred on the server side.
GetOpsSummary
$result = $client->getOpsSummary
([/* ... */]); $promise = $client->getOpsSummaryAsync
([/* ... */]);
View a summary of operations metadata (OpsData) based on specified filters and aggregators. OpsData can include information about Amazon Web Services Systems Manager OpsCenter operational workitems (OpsItems) as well as information about any Amazon Web Services resource or service configured to report OpsData to Amazon Web Services Systems Manager Explorer.
Parameter Syntax
$result = $client->getOpsSummary([ 'Aggregators' => [ [ 'AggregatorType' => '<string>', 'Aggregators' => [...], // RECURSIVE 'AttributeName' => '<string>', 'Filters' => [ [ 'Key' => '<string>', // REQUIRED 'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists', 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'TypeName' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'Filters' => [ [ 'Key' => '<string>', // REQUIRED 'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists', 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ResultAttributes' => [ [ 'TypeName' => '<string>', // REQUIRED ], // ... ], 'SyncName' => '<string>', ]);
Parameter Details
Members
- Aggregators
-
- Type: Array of OpsAggregator structures
Optional aggregators that return counts of OpsData based on one or more expressions.
- Filters
-
- Type: Array of OpsFilter structures
Optional filters used to scope down the returned OpsData.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
- ResultAttributes
-
- Type: Array of OpsResultAttribute structures
The OpsData data type to return.
- SyncName
-
- Type: string
Specify the name of a resource data sync to get.
Result Syntax
[ 'Entities' => [ [ 'Data' => [ '<OpsEntityItemKey>' => [ 'CaptureTime' => '<string>', 'Content' => [ ['<string>', ...], // ... ], ], // ... ], 'Id' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Entities
-
- Type: Array of OpsEntity structures
The list of aggregated details and filtered OpsData.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InternalServerError:
An error occurred on the server side.
- ResourceDataSyncNotFoundException:
The specified sync name wasn't found.
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
- InvalidTypeNameException:
The parameter type name isn't valid.
- InvalidAggregatorException:
The specified aggregator isn't valid for inventory groups. Verify that the aggregator uses a valid inventory type such as
AWS:Application
orAWS:InstanceInformation
.
GetParameter
$result = $client->getParameter
([/* ... */]); $promise = $client->getParameterAsync
([/* ... */]);
Get information about a single parameter by specifying the parameter name.
To get information about more than one parameter at a time, use the GetParameters operation.
Parameter Syntax
$result = $client->getParameter([ 'Name' => '<string>', // REQUIRED 'WithDecryption' => true || false, ]);
Parameter Details
Members
- Name
-
- Required: Yes
- Type: string
The name or Amazon Resource Name (ARN) of the parameter that you want to query. For parameters shared with you from another account, you must use the full ARN.
To query by parameter label, use
"Name": "name:label"
. To query by parameter version, use"Name": "name:version"
.For more information about shared parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.
- WithDecryption
-
- Type: boolean
Return decrypted values for secure string parameters. This flag is ignored for
String
andStringList
parameter types.
Result Syntax
[ 'Parameter' => [ 'ARN' => '<string>', 'DataType' => '<string>', 'LastModifiedDate' => <DateTime>, 'Name' => '<string>', 'Selector' => '<string>', 'SourceResult' => '<string>', 'Type' => 'String|StringList|SecureString', 'Value' => '<string>', 'Version' => <integer>, ], ]
Result Details
Members
- Parameter
-
- Type: Parameter structure
Information about a parameter.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidKeyId:
The query key ID isn't valid.
- ParameterNotFound:
The parameter couldn't be found. Verify the name and try again.
- ParameterVersionNotFound:
The specified parameter version wasn't found. Verify the parameter name and version, and try again.
GetParameterHistory
$result = $client->getParameterHistory
([/* ... */]); $promise = $client->getParameterHistoryAsync
([/* ... */]);
Retrieves the history of all changes to a parameter.
If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must also update the key alias the parameter uses to reference KMS. Otherwise, GetParameterHistory
retrieves whatever the original key alias was referencing.
Parameter Syntax
$result = $client->getParameterHistory([ 'MaxResults' => <integer>, 'Name' => '<string>', // REQUIRED 'NextToken' => '<string>', 'WithDecryption' => true || false, ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- Name
-
- Required: Yes
- Type: string
The name or Amazon Resource Name (ARN) of the parameter for which you want to review history. For parameters shared with you from another account, you must use the full ARN.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- WithDecryption
-
- Type: boolean
Return decrypted values for secure string parameters. This flag is ignored for
String
andStringList
parameter types.
Result Syntax
[ 'NextToken' => '<string>', 'Parameters' => [ [ 'AllowedPattern' => '<string>', 'DataType' => '<string>', 'Description' => '<string>', 'KeyId' => '<string>', 'Labels' => ['<string>', ...], 'LastModifiedDate' => <DateTime>, 'LastModifiedUser' => '<string>', 'Name' => '<string>', 'Policies' => [ [ 'PolicyStatus' => '<string>', 'PolicyText' => '<string>', 'PolicyType' => '<string>', ], // ... ], 'Tier' => 'Standard|Advanced|Intelligent-Tiering', 'Type' => 'String|StringList|SecureString', 'Value' => '<string>', 'Version' => <integer>, ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- Parameters
-
- Type: Array of ParameterHistory structures
A list of parameters returned by the request.
Errors
- InternalServerError:
An error occurred on the server side.
- ParameterNotFound:
The parameter couldn't be found. Verify the name and try again.
- InvalidNextToken:
The specified token isn't valid.
- InvalidKeyId:
The query key ID isn't valid.
GetParameters
$result = $client->getParameters
([/* ... */]); $promise = $client->getParametersAsync
([/* ... */]);
Get information about one or more parameters by specifying multiple parameter names.
To get information about a single parameter, you can use the GetParameter operation instead.
Parameter Syntax
$result = $client->getParameters([ 'Names' => ['<string>', ...], // REQUIRED 'WithDecryption' => true || false, ]);
Parameter Details
Members
- Names
-
- Required: Yes
- Type: Array of strings
The names or Amazon Resource Names (ARNs) of the parameters that you want to query. For parameters shared with you from another account, you must use the full ARNs.
To query by parameter label, use
"Name": "name:label"
. To query by parameter version, use"Name": "name:version"
.The results for
GetParameters
requests are listed in alphabetical order in query responses.For information about shared parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.
- WithDecryption
-
- Type: boolean
Return decrypted secure string value. Return decrypted values for secure string parameters. This flag is ignored for
String
andStringList
parameter types.
Result Syntax
[ 'InvalidParameters' => ['<string>', ...], 'Parameters' => [ [ 'ARN' => '<string>', 'DataType' => '<string>', 'LastModifiedDate' => <DateTime>, 'Name' => '<string>', 'Selector' => '<string>', 'SourceResult' => '<string>', 'Type' => 'String|StringList|SecureString', 'Value' => '<string>', 'Version' => <integer>, ], // ... ], ]
Result Details
Members
- InvalidParameters
-
- Type: Array of strings
A list of parameters that aren't formatted correctly or don't run during an execution.
- Parameters
-
- Type: Array of Parameter structures
A list of details for a parameter.
Errors
- InvalidKeyId:
The query key ID isn't valid.
- InternalServerError:
An error occurred on the server side.
GetParametersByPath
$result = $client->getParametersByPath
([/* ... */]); $promise = $client->getParametersByPathAsync
([/* ... */]);
Retrieve information about one or more parameters in a specific hierarchy.
Request results are returned on a best-effort basis. If you specify MaxResults
in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults
. If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken
. You can specify the NextToken
in a subsequent call to get the next set of results.
Parameter Syntax
$result = $client->getParametersByPath([ 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ParameterFilters' => [ [ 'Key' => '<string>', // REQUIRED 'Option' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'Path' => '<string>', // REQUIRED 'Recursive' => true || false, 'WithDecryption' => true || false, ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
- ParameterFilters
-
- Type: Array of ParameterStringFilter structures
Filters to limit the request results.
The following
Key
values are supported forGetParametersByPath
:Type
,KeyId
, andLabel
.The following
Key
values aren't supported forGetParametersByPath
:tag
,DataType
,Name
,Path
, andTier
. - Path
-
- Required: Yes
- Type: string
The hierarchy for the parameter. Hierarchies start with a forward slash (/). The hierarchy is the parameter name except the last part of the parameter. For the API call to succeed, the last part of the parameter name can't be in the path. A parameter name hierarchy can have a maximum of 15 levels. Here is an example of a hierarchy:
/Finance/Prod/IAD/WinServ2016/license33
- Recursive
-
- Type: boolean
Retrieve all parameters within a hierarchy.
If a user has access to a path, then the user can access all levels of that path. For example, if a user has permission to access path
/a
, then the user can also access/a/b
. Even if a user has explicitly been denied access in IAM for parameter/a/b
, they can still call the GetParametersByPath API operation recursively for/a
and view/a/b
. - WithDecryption
-
- Type: boolean
Retrieve all parameters in a hierarchy with their value decrypted.
Result Syntax
[ 'NextToken' => '<string>', 'Parameters' => [ [ 'ARN' => '<string>', 'DataType' => '<string>', 'LastModifiedDate' => <DateTime>, 'Name' => '<string>', 'Selector' => '<string>', 'SourceResult' => '<string>', 'Type' => 'String|StringList|SecureString', 'Value' => '<string>', 'Version' => <integer>, ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- Parameters
-
- Type: Array of Parameter structures
A list of parameters found in the specified hierarchy.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidFilterKey:
The specified key isn't valid.
- InvalidFilterOption:
The specified filter option isn't valid. Valid options are Equals and BeginsWith. For Path filter, valid options are Recursive and OneLevel.
- InvalidFilterValue:
The filter value isn't valid. Verify the value and try again.
- InvalidKeyId:
The query key ID isn't valid.
- InvalidNextToken:
The specified token isn't valid.
GetPatchBaseline
$result = $client->getPatchBaseline
([/* ... */]); $promise = $client->getPatchBaselineAsync
([/* ... */]);
Retrieves information about a patch baseline.
Parameter Syntax
$result = $client->getPatchBaseline([ 'BaselineId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- BaselineId
-
- Required: Yes
- Type: string
The ID of the patch baseline to retrieve.
To retrieve information about an Amazon Web Services managed patch baseline, specify the full Amazon Resource Name (ARN) of the baseline. For example, for the baseline
AWS-AmazonLinuxDefaultPatchBaseline
, specifyarn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0e392de35e7c563b7
instead ofpb-0e392de35e7c563b7
.
Result Syntax
[ 'ApprovalRules' => [ 'PatchRules' => [ [ 'ApproveAfterDays' => <integer>, 'ApproveUntilDate' => '<string>', 'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'EnableNonSecurity' => true || false, 'PatchFilterGroup' => [ 'PatchFilters' => [ [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', 'Values' => ['<string>', ...], ], // ... ], ], ], // ... ], ], 'ApprovedPatches' => ['<string>', ...], 'ApprovedPatchesComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'ApprovedPatchesEnableNonSecurity' => true || false, 'BaselineId' => '<string>', 'CreatedDate' => <DateTime>, 'Description' => '<string>', 'GlobalFilters' => [ 'PatchFilters' => [ [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', 'Values' => ['<string>', ...], ], // ... ], ], 'ModifiedDate' => <DateTime>, 'Name' => '<string>', 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', 'PatchGroups' => ['<string>', ...], 'RejectedPatches' => ['<string>', ...], 'RejectedPatchesAction' => 'ALLOW_AS_DEPENDENCY|BLOCK', 'Sources' => [ [ 'Configuration' => '<string>', 'Name' => '<string>', 'Products' => ['<string>', ...], ], // ... ], ]
Result Details
Members
- ApprovalRules
-
- Type: PatchRuleGroup structure
A set of rules used to include patches in the baseline.
- ApprovedPatches
-
- Type: Array of strings
A list of explicitly approved patches for the baseline.
- ApprovedPatchesComplianceLevel
-
- Type: string
Returns the specified compliance severity level for approved patches in the patch baseline.
- ApprovedPatchesEnableNonSecurity
-
- Type: boolean
Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is
false
. Applies to Linux managed nodes only. - BaselineId
-
- Type: string
The ID of the retrieved patch baseline.
- CreatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the patch baseline was created.
- Description
-
- Type: string
A description of the patch baseline.
- GlobalFilters
-
- Type: PatchFilterGroup structure
A set of global filters used to exclude patches from the baseline.
- ModifiedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the patch baseline was last modified.
- Name
-
- Type: string
The name of the patch baseline.
- OperatingSystem
-
- Type: string
Returns the operating system specified for the patch baseline.
- PatchGroups
-
- Type: Array of strings
Patch groups included in the patch baseline.
- RejectedPatches
-
- Type: Array of strings
A list of explicitly rejected patches for the baseline.
- RejectedPatchesAction
-
- Type: string
The action specified to take on patches included in the
RejectedPatches
list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency. - Sources
-
- Type: Array of PatchSource structures
Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- InternalServerError:
An error occurred on the server side.
GetPatchBaselineForPatchGroup
$result = $client->getPatchBaselineForPatchGroup
([/* ... */]); $promise = $client->getPatchBaselineForPatchGroupAsync
([/* ... */]);
Retrieves the patch baseline that should be used for the specified patch group.
Parameter Syntax
$result = $client->getPatchBaselineForPatchGroup([ 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', 'PatchGroup' => '<string>', // REQUIRED ]);
Parameter Details
Members
- OperatingSystem
-
- Type: string
Returns the operating system rule specified for patch groups using the patch baseline.
- PatchGroup
-
- Required: Yes
- Type: string
The name of the patch group whose patch baseline should be retrieved.
Result Syntax
[ 'BaselineId' => '<string>', 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', 'PatchGroup' => '<string>', ]
Result Details
Members
- BaselineId
-
- Type: string
The ID of the patch baseline that should be used for the patch group.
- OperatingSystem
-
- Type: string
The operating system rule specified for patch groups using the patch baseline.
- PatchGroup
-
- Type: string
The name of the patch group.
Errors
- InternalServerError:
An error occurred on the server side.
GetResourcePolicies
$result = $client->getResourcePolicies
([/* ... */]); $promise = $client->getResourcePoliciesAsync
([/* ... */]);
Returns an array of the Policy
object.
Parameter Syntax
$result = $client->getResourcePolicies([ 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ResourceArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
- ResourceArn
-
- Required: Yes
- Type: string
Amazon Resource Name (ARN) of the resource to which the policies are attached.
Result Syntax
[ 'NextToken' => '<string>', 'Policies' => [ [ 'Policy' => '<string>', 'PolicyHash' => '<string>', 'PolicyId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- Policies
-
- Type: Array of GetResourcePoliciesResponseEntry structures
An array of the
Policy
object.
Errors
- InternalServerError:
An error occurred on the server side.
- ResourcePolicyInvalidParameterException:
One or more parameters specified for the call aren't valid. Verify the parameters and their values and try again.
- ResourceNotFoundException:
The specified parameter to be shared could not be found.
GetServiceSetting
$result = $client->getServiceSetting
([/* ... */]); $promise = $client->getServiceSettingAsync
([/* ... */]);
ServiceSetting
is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of false
. This means the user can't use this feature unless they change the setting to true
and intentionally opt in for a paid feature.
Services map a SettingId
object to a setting value. Amazon Web Services services teams define the default value for a SettingId
. You can't create a new SettingId
, but you can overwrite the default value if you have the ssm:UpdateServiceSetting
permission for the setting. Use the UpdateServiceSetting API operation to change the default setting. Or use the ResetServiceSetting to change the value back to the original value defined by the Amazon Web Services service team.
Query the current service setting for the Amazon Web Services account.
Parameter Syntax
$result = $client->getServiceSetting([ 'SettingId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- SettingId
-
- Required: Yes
- Type: string
The ID of the service setting to get. The setting ID can be one of the following.
-
/ssm/managed-instance/default-ec2-instance-management-role
-
/ssm/automation/customer-script-log-destination
-
/ssm/automation/customer-script-log-group-name
-
/ssm/documents/console/public-sharing-permission
-
/ssm/managed-instance/activation-tier
-
/ssm/opsinsights/opscenter
-
/ssm/parameter-store/default-parameter-tier
-
/ssm/parameter-store/high-throughput-enabled
Result Syntax
[ 'ServiceSetting' => [ 'ARN' => '<string>', 'LastModifiedDate' => <DateTime>, 'LastModifiedUser' => '<string>', 'SettingId' => '<string>', 'SettingValue' => '<string>', 'Status' => '<string>', ], ]
Result Details
Members
- ServiceSetting
-
- Type: ServiceSetting structure
The query result of the current service setting.
Errors
- InternalServerError:
An error occurred on the server side.
- ServiceSettingNotFound:
The specified service setting wasn't found. Either the service name or the setting hasn't been provisioned by the Amazon Web Services service team.
LabelParameterVersion
$result = $client->labelParameterVersion
([/* ... */]); $promise = $client->labelParameterVersionAsync
([/* ... */]);
A parameter label is a user-defined alias to help you manage different versions of a parameter. When you modify a parameter, Amazon Web Services Systems Manager automatically saves a new version and increments the version number by one. A label can help you remember the purpose of a parameter when there are multiple versions.
Parameter labels have the following requirements and restrictions.
-
A version of a parameter can have a maximum of 10 labels.
-
You can't attach the same label to different versions of the same parameter. For example, if version 1 has the label Production, then you can't attach Production to version 2.
-
You can move a label from one version of a parameter to another.
-
You can't create a label when you create a new parameter. You must attach a label to a specific version of a parameter.
-
If you no longer want to use a parameter label, then you can either delete it or move it to a different version of a parameter.
-
A label can have a maximum of 100 characters.
-
Labels can contain letters (case sensitive), numbers, periods (.), hyphens (-), or underscores (_).
-
Labels can't begin with a number, "
aws
" or "ssm
" (not case sensitive). If a label fails to meet these requirements, then the label isn't associated with a parameter and the system displays it in the list of InvalidLabels.
Parameter Syntax
$result = $client->labelParameterVersion([ 'Labels' => ['<string>', ...], // REQUIRED 'Name' => '<string>', // REQUIRED 'ParameterVersion' => <integer>, ]);
Parameter Details
Members
- Labels
-
- Required: Yes
- Type: Array of strings
One or more labels to attach to the specified parameter version.
- Name
-
- Required: Yes
- Type: string
The parameter name on which you want to attach one or more labels.
You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.
- ParameterVersion
-
- Type: long (int|float)
The specific version of the parameter on which you want to attach one or more labels. If no version is specified, the system attaches the label to the latest version.
Result Syntax
[ 'InvalidLabels' => ['<string>', ...], 'ParameterVersion' => <integer>, ]
Result Details
Members
- InvalidLabels
-
- Type: Array of strings
The label doesn't meet the requirements. For information about parameter label requirements, see Working with parameter labels in the Amazon Web Services Systems Manager User Guide.
- ParameterVersion
-
- Type: long (int|float)
The version of the parameter that has been labeled.
Errors
- InternalServerError:
An error occurred on the server side.
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
- ParameterNotFound:
The parameter couldn't be found. Verify the name and try again.
- ParameterVersionNotFound:
The specified parameter version wasn't found. Verify the parameter name and version, and try again.
- ParameterVersionLabelLimitExceeded:
A parameter version can have a maximum of ten labels.
ListAssociationVersions
$result = $client->listAssociationVersions
([/* ... */]); $promise = $client->listAssociationVersionsAsync
([/* ... */]);
Retrieves all versions of an association for a specific association ID.
Parameter Syntax
$result = $client->listAssociationVersions([ 'AssociationId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AssociationId
-
- Required: Yes
- Type: string
The association ID for which you want to view all versions.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'AssociationVersions' => [ [ 'ApplyOnlyAtCronInterval' => true || false, 'AssociationId' => '<string>', 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'CreatedDate' => <DateTime>, 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- AssociationVersions
-
- Type: Array of AssociationVersionInfo structures
Information about all versions of the association for the specified association ID.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidNextToken:
The specified token isn't valid.
- AssociationDoesNotExist:
The specified association doesn't exist.
ListAssociations
$result = $client->listAssociations
([/* ... */]); $promise = $client->listAssociationsAsync
([/* ... */]);
Returns all State Manager associations in the current Amazon Web Services account and Amazon Web Services Region. You can limit the results to a specific State Manager association document or managed node by specifying a filter. State Manager is a capability of Amazon Web Services Systems Manager.
Parameter Syntax
$result = $client->listAssociations([ 'AssociationFilterList' => [ [ 'key' => 'InstanceId|Name|AssociationId|AssociationStatusName|LastExecutedBefore|LastExecutedAfter|AssociationName|ResourceGroupName', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- AssociationFilterList
-
- Type: Array of AssociationFilter structures
One or more filters. Use a filter to return a more specific list of results.
Filtering associations using the
InstanceID
attribute only returns legacy associations created using theInstanceID
attribute. Associations targeting the managed node that are part of the Target AttributesResourceGroup
orTags
aren't returned. - MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'Associations' => [ [ 'AssociationId' => '<string>', 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'LastExecutionDate' => <DateTime>, 'Name' => '<string>', 'Overview' => [ 'AssociationStatusAggregatedCount' => [<integer>, ...], 'DetailedStatus' => '<string>', 'Status' => '<string>', ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Associations
-
- Type: Array of Association structures
The associations.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidNextToken:
The specified token isn't valid.
ListCommandInvocations
$result = $client->listCommandInvocations
([/* ... */]); $promise = $client->listCommandInvocationsAsync
([/* ... */]);
An invocation is copy of a command sent to a specific managed node. A command can apply to one or more managed nodes. A command invocation applies to one managed node. For example, if a user runs SendCommand
against three managed nodes, then a command invocation is created for each requested managed node ID. ListCommandInvocations
provide status about command execution.
Parameter Syntax
$result = $client->listCommandInvocations([ 'CommandId' => '<string>', 'Details' => true || false, 'Filters' => [ [ 'key' => 'InvokedAfter|InvokedBefore|Status|ExecutionStage|DocumentName', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'InstanceId' => '<string>', 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- CommandId
-
- Type: string
(Optional) The invocations for a specific command ID.
- Details
-
- Type: boolean
(Optional) If set this returns the response of the command executions and any command output. The default value is
false
. - Filters
-
- Type: Array of CommandFilter structures
(Optional) One or more filters. Use a filter to return a more specific list of results.
- InstanceId
-
- Type: string
(Optional) The command execution details for a specific managed node ID.
- MaxResults
-
- Type: int
(Optional) The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
(Optional) The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'CommandInvocations' => [ [ 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'CommandId' => '<string>', 'CommandPlugins' => [ [ 'Name' => '<string>', 'Output' => '<string>', 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', 'ResponseCode' => <integer>, 'ResponseFinishDateTime' => <DateTime>, 'ResponseStartDateTime' => <DateTime>, 'StandardErrorUrl' => '<string>', 'StandardOutputUrl' => '<string>', 'Status' => 'Pending|InProgress|Success|TimedOut|Cancelled|Failed', 'StatusDetails' => '<string>', ], // ... ], 'Comment' => '<string>', 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'InstanceId' => '<string>', 'InstanceName' => '<string>', 'NotificationConfig' => [ 'NotificationArn' => '<string>', 'NotificationEvents' => ['<string>', ...], 'NotificationType' => 'Command|Invocation', ], 'RequestedDateTime' => <DateTime>, 'ServiceRole' => '<string>', 'StandardErrorUrl' => '<string>', 'StandardOutputUrl' => '<string>', 'Status' => 'Pending|InProgress|Delayed|Success|Cancelled|TimedOut|Failed|Cancelling', 'StatusDetails' => '<string>', 'TraceOutput' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- CommandInvocations
-
- Type: Array of CommandInvocation structures
(Optional) A list of all invocations.
- NextToken
-
- Type: string
(Optional) The token for the next set of items to return. (You received this token from a previous call.)
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidCommandId:
The specified command ID isn't valid. Verify the ID and try again.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidFilterKey:
The specified key isn't valid.
- InvalidNextToken:
The specified token isn't valid.
ListCommands
$result = $client->listCommands
([/* ... */]); $promise = $client->listCommandsAsync
([/* ... */]);
Lists the commands requested by users of the Amazon Web Services account.
Parameter Syntax
$result = $client->listCommands([ 'CommandId' => '<string>', 'Filters' => [ [ 'key' => 'InvokedAfter|InvokedBefore|Status|ExecutionStage|DocumentName', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'InstanceId' => '<string>', 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- CommandId
-
- Type: string
(Optional) If provided, lists only the specified command.
- Filters
-
- Type: Array of CommandFilter structures
(Optional) One or more filters. Use a filter to return a more specific list of results.
- InstanceId
-
- Type: string
(Optional) Lists commands issued against this managed node ID.
You can't specify a managed node ID in the same command that you specify
Status
=Pending
. This is because the command hasn't reached the managed node yet. - MaxResults
-
- Type: int
(Optional) The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
(Optional) The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'Commands' => [ [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'CommandId' => '<string>', 'Comment' => '<string>', 'CompletedCount' => <integer>, 'DeliveryTimedOutCount' => <integer>, 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'ErrorCount' => <integer>, 'ExpiresAfter' => <DateTime>, 'InstanceIds' => ['<string>', ...], 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'NotificationConfig' => [ 'NotificationArn' => '<string>', 'NotificationEvents' => ['<string>', ...], 'NotificationType' => 'Command|Invocation', ], 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'RequestedDateTime' => <DateTime>, 'ServiceRole' => '<string>', 'Status' => 'Pending|InProgress|Success|Cancelled|Failed|TimedOut|Cancelling', 'StatusDetails' => '<string>', 'TargetCount' => <integer>, 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TimeoutSeconds' => <integer>, 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- Commands
-
- Type: Array of Command structures
(Optional) The list of commands requested by the user.
- NextToken
-
- Type: string
(Optional) The token for the next set of items to return. (You received this token from a previous call.)
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidCommandId:
The specified command ID isn't valid. Verify the ID and try again.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidFilterKey:
The specified key isn't valid.
- InvalidNextToken:
The specified token isn't valid.
ListComplianceItems
$result = $client->listComplianceItems
([/* ... */]); $promise = $client->listComplianceItemsAsync
([/* ... */]);
For a specified resource ID, this API operation returns a list of compliance statuses for different resource types. Currently, you can only specify one resource ID per call. List results depend on the criteria specified in the filter.
Parameter Syntax
$result = $client->listComplianceItems([ 'Filters' => [ [ 'Key' => '<string>', 'Type' => 'EQUAL|NOT_EQUAL|BEGIN_WITH|LESS_THAN|GREATER_THAN', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'ResourceIds' => ['<string>', ...], 'ResourceTypes' => ['<string>', ...], ]);
Parameter Details
Members
- Filters
-
- Type: Array of ComplianceStringFilter structures
One or more compliance filters. Use a filter to return a more specific list of results.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
- ResourceIds
-
- Type: Array of strings
The ID for the resources from which to get compliance information. Currently, you can only specify one resource ID.
- ResourceTypes
-
- Type: Array of strings
The type of resource from which to get compliance information. Currently, the only supported resource type is
ManagedInstance
.
Result Syntax
[ 'ComplianceItems' => [ [ 'ComplianceType' => '<string>', 'Details' => ['<string>', ...], 'ExecutionSummary' => [ 'ExecutionId' => '<string>', 'ExecutionTime' => <DateTime>, 'ExecutionType' => '<string>', ], 'Id' => '<string>', 'ResourceId' => '<string>', 'ResourceType' => '<string>', 'Severity' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'Status' => 'COMPLIANT|NON_COMPLIANT', 'Title' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- ComplianceItems
-
- Type: Array of ComplianceItem structures
A list of compliance information for the specified resource ID.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InvalidResourceType:
The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- InternalServerError:
An error occurred on the server side.
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
ListComplianceSummaries
$result = $client->listComplianceSummaries
([/* ... */]); $promise = $client->listComplianceSummariesAsync
([/* ... */]);
Returns a summary count of compliant and non-compliant resources for a compliance type. For example, this call can return State Manager associations, patches, or custom compliance types according to the filter criteria that you specify.
Parameter Syntax
$result = $client->listComplianceSummaries([ 'Filters' => [ [ 'Key' => '<string>', 'Type' => 'EQUAL|NOT_EQUAL|BEGIN_WITH|LESS_THAN|GREATER_THAN', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of ComplianceStringFilter structures
One or more compliance or inventory filters. Use a filter to return a more specific list of results.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. Currently, you can specify null or 50. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'ComplianceSummaryItems' => [ [ 'ComplianceType' => '<string>', 'CompliantSummary' => [ 'CompliantCount' => <integer>, 'SeveritySummary' => [ 'CriticalCount' => <integer>, 'HighCount' => <integer>, 'InformationalCount' => <integer>, 'LowCount' => <integer>, 'MediumCount' => <integer>, 'UnspecifiedCount' => <integer>, ], ], 'NonCompliantSummary' => [ 'NonCompliantCount' => <integer>, 'SeveritySummary' => [ 'CriticalCount' => <integer>, 'HighCount' => <integer>, 'InformationalCount' => <integer>, 'LowCount' => <integer>, 'MediumCount' => <integer>, 'UnspecifiedCount' => <integer>, ], ], ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- ComplianceSummaryItems
-
- Type: Array of ComplianceSummaryItem structures
A list of compliant and non-compliant summary counts based on compliance types. For example, this call returns State Manager associations, patches, or custom compliance types according to the filter criteria that you specified.
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
Errors
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
- InternalServerError:
An error occurred on the server side.
ListDocumentMetadataHistory
$result = $client->listDocumentMetadataHistory
([/* ... */]); $promise = $client->listDocumentMetadataHistoryAsync
([/* ... */]);
Information about approval reviews for a version of a change template in Change Manager.
Parameter Syntax
$result = $client->listDocumentMetadataHistory([ 'DocumentVersion' => '<string>', 'MaxResults' => <integer>, 'Metadata' => 'DocumentReviews', // REQUIRED 'Name' => '<string>', // REQUIRED 'NextToken' => '<string>', ]);
Parameter Details
Members
- DocumentVersion
-
- Type: string
The version of the change template.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- Metadata
-
- Required: Yes
- Type: string
The type of data for which details are being requested. Currently, the only supported value is
DocumentReviews
. - Name
-
- Required: Yes
- Type: string
The name of the change template.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'Author' => '<string>', 'DocumentVersion' => '<string>', 'Metadata' => [ 'ReviewerResponse' => [ [ 'Comment' => [ [ 'Content' => '<string>', 'Type' => 'Comment', ], // ... ], 'CreateTime' => <DateTime>, 'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', 'Reviewer' => '<string>', 'UpdatedTime' => <DateTime>, ], // ... ], ], 'Name' => '<string>', 'NextToken' => '<string>', ]
Result Details
Members
- Author
-
- Type: string
The user ID of the person in the organization who requested the review of the change template.
- DocumentVersion
-
- Type: string
The version of the change template.
- Metadata
-
- Type: DocumentMetadataResponseInfo structure
Information about the response to the change template approval request.
- Name
-
- Type: string
The name of the change template.
- NextToken
-
- Type: string
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
- InvalidNextToken:
The specified token isn't valid.
ListDocumentVersions
$result = $client->listDocumentVersions
([/* ... */]); $promise = $client->listDocumentVersionsAsync
([/* ... */]);
List all versions for a document.
Parameter Syntax
$result = $client->listDocumentVersions([ 'MaxResults' => <integer>, 'Name' => '<string>', // REQUIRED 'NextToken' => '<string>', ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- Name
-
- Required: Yes
- Type: string
The name of the document. You can specify an Amazon Resource Name (ARN).
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'DocumentVersions' => [ [ 'CreatedDate' => <DateTime>, 'DisplayName' => '<string>', 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentVersion' => '<string>', 'IsDefaultVersion' => true || false, 'Name' => '<string>', 'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', 'Status' => 'Creating|Active|Updating|Deleting|Failed', 'StatusInformation' => '<string>', 'VersionName' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- DocumentVersions
-
- Type: Array of DocumentVersionInfo structures
The document versions.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidNextToken:
The specified token isn't valid.
- InvalidDocument:
The specified SSM document doesn't exist.
ListDocuments
$result = $client->listDocuments
([/* ... */]); $promise = $client->listDocumentsAsync
([/* ... */]);
Returns all Systems Manager (SSM) documents in the current Amazon Web Services account and Amazon Web Services Region. You can limit the results of this request by using a filter.
Parameter Syntax
$result = $client->listDocuments([ 'DocumentFilterList' => [ [ 'key' => 'Name|Owner|PlatformTypes|DocumentType', // REQUIRED 'value' => '<string>', // REQUIRED ], // ... ], 'Filters' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- DocumentFilterList
-
- Type: Array of DocumentFilter structures
This data type is deprecated. Instead, use
Filters
. - Filters
-
- Type: Array of DocumentKeyValuesFilter structures
One or more
DocumentKeyValuesFilter
objects. Use a filter to return a more specific list of results. For keys, you can specify one or more key-value pair tags that have been applied to a document. Other valid keys includeOwner
,Name
,PlatformTypes
,DocumentType
, andTargetType
. For example, to return documents you own useKey=Owner,Values=Self
. To specify a custom key-value pair, use the formatKey=tag:tagName,Values=valueName
.This API operation only supports filtering documents by using a single tag key and one or more tag values. For example:
Key=tag:tagName,Values=valueName1,valueName2
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
Result Syntax
[ 'DocumentIdentifiers' => [ [ 'Author' => '<string>', 'CreatedDate' => <DateTime>, 'DisplayName' => '<string>', 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup', 'DocumentVersion' => '<string>', 'Name' => '<string>', 'Owner' => '<string>', 'PlatformTypes' => ['<string>', ...], 'Requires' => [ [ 'Name' => '<string>', 'RequireType' => '<string>', 'Version' => '<string>', 'VersionName' => '<string>', ], // ... ], 'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', 'SchemaVersion' => '<string>', 'Tags' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], 'TargetType' => '<string>', 'VersionName' => '<string>', ], // ... ], 'NextToken' => '<string>', ]
Result Details
Members
- DocumentIdentifiers
-
- Type: Array of DocumentIdentifier structures
The names of the SSM documents.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidNextToken:
The specified token isn't valid.
- InvalidFilterKey:
The specified key isn't valid.
ListInventoryEntries
$result = $client->listInventoryEntries
([/* ... */]); $promise = $client->listInventoryEntriesAsync
([/* ... */]);
A list of inventory items returned by the request.
Parameter Syntax
$result = $client->listInventoryEntries([ 'Filters' => [ [ 'Key' => '<string>', // REQUIRED 'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists', 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'InstanceId' => '<string>', // REQUIRED 'MaxResults' => <integer>, 'NextToken' => '<string>', 'TypeName' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Filters
-
- Type: Array of InventoryFilter structures
One or more filters. Use a filter to return a more specific list of results.
- InstanceId
-
- Required: Yes
- Type: string
The managed node ID for which you want inventory information.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- TypeName
-
- Required: Yes
- Type: string
The type of inventory item for which you want information.
Result Syntax
[ 'CaptureTime' => '<string>', 'Entries' => [ ['<string>', ...], // ... ], 'InstanceId' => '<string>', 'NextToken' => '<string>', 'SchemaVersion' => '<string>', 'TypeName' => '<string>', ]
Result Details
Members
- CaptureTime
-
- Type: string
The time that inventory information was collected for the managed nodes.
- Entries
-
- Type: Array of stringss
A list of inventory items on the managed nodes.
- InstanceId
-
- Type: string
The managed node ID targeted by the request to query inventory information.
- NextToken
-
- Type: string
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
- SchemaVersion
-
- Type: string
The inventory schema version used by the managed nodes.
- TypeName
-
- Type: string
The type of inventory item returned by the request.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidTypeNameException:
The parameter type name isn't valid.
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
ListOpsItemEvents
$result = $client->listOpsItemEvents
([/* ... */]); $promise = $client->listOpsItemEventsAsync
([/* ... */]);
Returns a list of all OpsItem events in the current Amazon Web Services Region and Amazon Web Services account. You can limit the results to events associated with specific OpsItems by specifying a filter.
Parameter Syntax
$result = $client->listOpsItemEvents([ 'Filters' => [ [ 'Key' => 'OpsItemId', // REQUIRED 'Operator' => 'Equal', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of OpsItemEventFilter structures
One or more OpsItem filters. Use a filter to return a more specific list of results.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'NextToken' => '<string>', 'Summaries' => [ [ 'CreatedBy' => [ 'Arn' => '<string>', ], 'CreatedTime' => <DateTime>, 'Detail' => '<string>', 'DetailType' => '<string>', 'EventId' => '<string>', 'OpsItemId' => '<string>', 'Source' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- Summaries
-
- Type: Array of OpsItemEventSummary structures
A list of event information for the specified OpsItems.
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemNotFoundException:
The specified OpsItem ID doesn't exist. Verify the ID and try again.
- OpsItemLimitExceededException:
The request caused OpsItems to exceed one or more quotas.
- OpsItemInvalidParameterException:
A specified parameter argument isn't valid. Verify the available arguments and try again.
ListOpsItemRelatedItems
$result = $client->listOpsItemRelatedItems
([/* ... */]); $promise = $client->listOpsItemRelatedItemsAsync
([/* ... */]);
Lists all related-item resources associated with a Systems Manager OpsCenter OpsItem. OpsCenter is a capability of Amazon Web Services Systems Manager.
Parameter Syntax
$result = $client->listOpsItemRelatedItems([ 'Filters' => [ [ 'Key' => 'ResourceType|AssociationId|ResourceUri', // REQUIRED 'Operator' => 'Equal', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', 'OpsItemId' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of OpsItemRelatedItemsFilter structures
One or more OpsItem filters. Use a filter to return a more specific list of results.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
The token for the next set of items to return. (You received this token from a previous call.)
- OpsItemId
-
- Type: string
The ID of the OpsItem for which you want to list all related-item resources.
Result Syntax
[ 'NextToken' => '<string>', 'Summaries' => [ [ 'AssociationId' => '<string>', 'AssociationType' => '<string>', 'CreatedBy' => [ 'Arn' => '<string>', ], 'CreatedTime' => <DateTime>, 'LastModifiedBy' => [ 'Arn' => '<string>', ], 'LastModifiedTime' => <DateTime>, 'OpsItemId' => '<string>', 'ResourceType' => '<string>', 'ResourceUri' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- Summaries
-
- Type: Array of OpsItemRelatedItemSummary structures
A list of related-item resources for the specified OpsItem.
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemInvalidParameterException:
A specified parameter argument isn't valid. Verify the available arguments and try again.
ListOpsMetadata
$result = $client->listOpsMetadata
([/* ... */]); $promise = $client->listOpsMetadataAsync
([/* ... */]);
Amazon Web Services Systems Manager calls this API operation when displaying all Application Manager OpsMetadata objects or blobs.
Parameter Syntax
$result = $client->listOpsMetadata([ 'Filters' => [ [ 'Key' => '<string>', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of OpsMetadataFilter structures
One or more filters to limit the number of OpsMetadata objects returned by the call.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'NextToken' => '<string>', 'OpsMetadataList' => [ [ 'CreationDate' => <DateTime>, 'LastModifiedDate' => <DateTime>, 'LastModifiedUser' => '<string>', 'OpsMetadataArn' => '<string>', 'ResourceId' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- OpsMetadataList
-
- Type: Array of OpsMetadata structures
Returns a list of OpsMetadata objects.
Errors
- OpsMetadataInvalidArgumentException:
One of the arguments passed is invalid.
- InternalServerError:
An error occurred on the server side.
ListResourceComplianceSummaries
$result = $client->listResourceComplianceSummaries
([/* ... */]); $promise = $client->listResourceComplianceSummariesAsync
([/* ... */]);
Returns a resource-level summary count. The summary includes information about compliant and non-compliant statuses and detailed compliance-item severity counts, according to the filter criteria you specify.
Parameter Syntax
$result = $client->listResourceComplianceSummaries([ 'Filters' => [ [ 'Key' => '<string>', 'Type' => 'EQUAL|NOT_EQUAL|BEGIN_WITH|LESS_THAN|GREATER_THAN', 'Values' => ['<string>', ...], ], // ... ], 'MaxResults' => <integer>, 'NextToken' => '<string>', ]);
Parameter Details
Members
- Filters
-
- Type: Array of ComplianceStringFilter structures
One or more filters. Use a filter to return a more specific list of results.
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
Result Syntax
[ 'NextToken' => '<string>', 'ResourceComplianceSummaryItems' => [ [ 'ComplianceType' => '<string>', 'CompliantSummary' => [ 'CompliantCount' => <integer>, 'SeveritySummary' => [ 'CriticalCount' => <integer>, 'HighCount' => <integer>, 'InformationalCount' => <integer>, 'LowCount' => <integer>, 'MediumCount' => <integer>, 'UnspecifiedCount' => <integer>, ], ], 'ExecutionSummary' => [ 'ExecutionId' => '<string>', 'ExecutionTime' => <DateTime>, 'ExecutionType' => '<string>', ], 'NonCompliantSummary' => [ 'NonCompliantCount' => <integer>, 'SeveritySummary' => [ 'CriticalCount' => <integer>, 'HighCount' => <integer>, 'InformationalCount' => <integer>, 'LowCount' => <integer>, 'MediumCount' => <integer>, 'UnspecifiedCount' => <integer>, ], ], 'OverallSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'ResourceId' => '<string>', 'ResourceType' => '<string>', 'Status' => 'COMPLIANT|NON_COMPLIANT', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- ResourceComplianceSummaryItems
-
- Type: Array of ResourceComplianceSummaryItem structures
A summary count for specified or targeted managed nodes. Summary count includes information about compliant and non-compliant State Manager associations, patch status, or custom items according to the filter criteria that you specify.
Errors
- InvalidFilter:
The filter name isn't valid. Verify the you entered the correct name and try again.
- InvalidNextToken:
The specified token isn't valid.
- InternalServerError:
An error occurred on the server side.
ListResourceDataSync
$result = $client->listResourceDataSync
([/* ... */]); $promise = $client->listResourceDataSyncAsync
([/* ... */]);
Lists your resource data sync configurations. Includes information about the last time a sync attempted to start, the last sync status, and the last time a sync successfully completed.
The number of sync configurations might be too large to return using a single call to ListResourceDataSync
. You can limit the number of sync configurations returned by using the MaxResults
parameter. To determine whether there are more sync configurations to list, check the value of NextToken
in the output. If there are more sync configurations to list, you can request them by specifying the NextToken
returned in the call to the parameter of a subsequent call.
Parameter Syntax
$result = $client->listResourceDataSync([ 'MaxResults' => <integer>, 'NextToken' => '<string>', 'SyncType' => '<string>', ]);
Parameter Details
Members
- MaxResults
-
- Type: int
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
- NextToken
-
- Type: string
A token to start the list. Use this token to get the next set of results.
- SyncType
-
- Type: string
View a list of resource data syncs according to the sync type. Specify
SyncToDestination
to view resource data syncs that synchronize data to an Amazon S3 bucket. SpecifySyncFromSource
to view resource data syncs from Organizations or from multiple Amazon Web Services Regions.
Result Syntax
[ 'NextToken' => '<string>', 'ResourceDataSyncItems' => [ [ 'LastStatus' => 'Successful|Failed|InProgress', 'LastSuccessfulSyncTime' => <DateTime>, 'LastSyncStatusMessage' => '<string>', 'LastSyncTime' => <DateTime>, 'S3Destination' => [ 'AWSKMSKeyARN' => '<string>', 'BucketName' => '<string>', 'DestinationDataSharing' => [ 'DestinationDataSharingType' => '<string>', ], 'Prefix' => '<string>', 'Region' => '<string>', 'SyncFormat' => 'JsonSerDe', ], 'SyncCreatedTime' => <DateTime>, 'SyncLastModifiedTime' => <DateTime>, 'SyncName' => '<string>', 'SyncSource' => [ 'AwsOrganizationsSource' => [ 'OrganizationSourceType' => '<string>', 'OrganizationalUnits' => [ [ 'OrganizationalUnitId' => '<string>', ], // ... ], ], 'EnableAllOpsDataSources' => true || false, 'IncludeFutureRegions' => true || false, 'SourceRegions' => ['<string>', ...], 'SourceType' => '<string>', 'State' => '<string>', ], 'SyncType' => '<string>', ], // ... ], ]
Result Details
Members
- NextToken
-
- Type: string
The token for the next set of items to return. Use this token to get the next set of results.
- ResourceDataSyncItems
-
- Type: Array of ResourceDataSyncItem structures
A list of your current resource data sync configurations and their statuses.
Errors
- ResourceDataSyncInvalidConfigurationException:
The specified sync configuration is invalid.
- InternalServerError:
An error occurred on the server side.
- InvalidNextToken:
The specified token isn't valid.
ListTagsForResource
$result = $client->listTagsForResource
([/* ... */]); $promise = $client->listTagsForResourceAsync
([/* ... */]);
Returns a list of the tags assigned to the specified resource.
For information about the ID format for each supported resource type, see AddTagsToResource.
Parameter Syntax
$result = $client->listTagsForResource([ 'ResourceId' => '<string>', // REQUIRED 'ResourceType' => 'Document|ManagedInstance|MaintenanceWindow|Parameter|PatchBaseline|OpsItem|OpsMetadata|Automation|Association', // REQUIRED ]);
Parameter Details
Members
- ResourceId
-
- Required: Yes
- Type: string
The resource ID for which you want to see a list of tags.
- ResourceType
-
- Required: Yes
- Type: string
Returns a list of tags for a specific resource type.
Result Syntax
[ 'TagList' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], ]
Result Details
Members
- TagList
-
- Type: Array of Tag structures
A list of tags.
Errors
- InvalidResourceType:
The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- InternalServerError:
An error occurred on the server side.
ModifyDocumentPermission
$result = $client->modifyDocumentPermission
([/* ... */]); $promise = $client->modifyDocumentPermissionAsync
([/* ... */]);
Shares a Amazon Web Services Systems Manager document (SSM document)publicly or privately. If you share a document privately, you must specify the Amazon Web Services user IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.
Parameter Syntax
$result = $client->modifyDocumentPermission([ 'AccountIdsToAdd' => ['<string>', ...], 'AccountIdsToRemove' => ['<string>', ...], 'Name' => '<string>', // REQUIRED 'PermissionType' => 'Share', // REQUIRED 'SharedDocumentVersion' => '<string>', ]);
Parameter Details
Members
- AccountIdsToAdd
-
- Type: Array of strings
The Amazon Web Services users that should have access to the document. The account IDs can either be a group of account IDs or All.
- AccountIdsToRemove
-
- Type: Array of strings
The Amazon Web Services users that should no longer have access to the document. The Amazon Web Services user can either be a group of account IDs or All. This action has a higher priority than
AccountIdsToAdd
. If you specify an ID to add and the same ID to remove, the system removes access to the document. - Name
-
- Required: Yes
- Type: string
The name of the document that you want to share.
- PermissionType
-
- Required: Yes
- Type: string
The permission type for the document. The permission type can be Share.
- SharedDocumentVersion
-
- Type: string
(Optional) The version of the document to share. If it isn't specified, the system choose the
Default
version to share.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidPermissionType:
The permission type isn't supported. Share is the only supported permission type.
- DocumentPermissionLimit:
The document can't be shared with more Amazon Web Services accounts. You can specify a maximum of 20 accounts per API operation to share a private document.
By default, you can share a private document with a maximum of 1,000 accounts and publicly share up to five documents.
If you need to increase the quota for privately or publicly shared Systems Manager documents, contact Amazon Web Services Support.
- DocumentLimitExceeded:
You can have at most 500 active SSM documents.
PutComplianceItems
$result = $client->putComplianceItems
([/* ... */]); $promise = $client->putComplianceItemsAsync
([/* ... */]);
Registers a compliance type and other compliance details on a designated resource. This operation lets you register custom compliance details with a resource. This call overwrites existing compliance information on the resource, so you must provide a full list of compliance items each time that you send the request.
ComplianceType can be one of the following:
-
ExecutionId: The execution ID when the patch, association, or custom compliance item was applied.
-
ExecutionType: Specify patch, association, or Custom:
string
. -
ExecutionTime. The time the patch, association, or custom compliance item was applied to the managed node.
-
Id: The patch, association, or custom compliance ID.
-
Title: A title.
-
Status: The status of the compliance item. For example,
approved
for patches, orFailed
for associations. -
Severity: A patch severity. For example,
Critical
. -
DocumentName: An SSM document name. For example,
AWS-RunPatchBaseline
. -
DocumentVersion: An SSM document version number. For example, 4.
-
Classification: A patch classification. For example,
security updates
. -
PatchBaselineId: A patch baseline ID.
-
PatchSeverity: A patch severity. For example,
Critical
. -
PatchState: A patch state. For example,
InstancesWithFailedPatches
. -
PatchGroup: The name of a patch group.
-
InstalledTime: The time the association, patch, or custom compliance item was applied to the resource. Specify the time by using the following format:
yyyy-MM-dd'T'HH:mm:ss'Z'
Parameter Syntax
$result = $client->putComplianceItems([ 'ComplianceType' => '<string>', // REQUIRED 'ExecutionSummary' => [ // REQUIRED 'ExecutionId' => '<string>', 'ExecutionTime' => <integer || string || DateTime>, // REQUIRED 'ExecutionType' => '<string>', ], 'ItemContentHash' => '<string>', 'Items' => [ // REQUIRED [ 'Details' => ['<string>', ...], 'Id' => '<string>', 'Severity' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', // REQUIRED 'Status' => 'COMPLIANT|NON_COMPLIANT', // REQUIRED 'Title' => '<string>', ], // ... ], 'ResourceId' => '<string>', // REQUIRED 'ResourceType' => '<string>', // REQUIRED 'UploadType' => 'COMPLETE|PARTIAL', ]);
Parameter Details
Members
- ComplianceType
-
- Required: Yes
- Type: string
Specify the compliance type. For example, specify Association (for a State Manager association), Patch, or Custom:
string
. - ExecutionSummary
-
- Required: Yes
- Type: ComplianceExecutionSummary structure
A summary of the call execution that includes an execution ID, the type of execution (for example,
Command
), and the date/time of the execution using a datetime object that is saved in the following format:yyyy-MM-dd'T'HH:mm:ss'Z'
- ItemContentHash
-
- Type: string
MD5 or SHA-256 content hash. The content hash is used to determine if existing information should be overwritten or ignored. If the content hashes match, the request to put compliance information is ignored.
- Items
-
- Required: Yes
- Type: Array of ComplianceItemEntry structures
Information about the compliance as defined by the resource type. For example, for a patch compliance type,
Items
includes information about the PatchSeverity, Classification, and so on. - ResourceId
-
- Required: Yes
- Type: string
Specify an ID for this resource. For a managed node, this is the node ID.
- ResourceType
-
- Required: Yes
- Type: string
Specify the type of resource.
ManagedInstance
is currently the only supported resource type. - UploadType
-
- Type: string
The mode for uploading compliance items. You can specify
COMPLETE
orPARTIAL
. InCOMPLETE
mode, the system overwrites all existing compliance information for the resource. You must provide a full list of compliance items each time you send the request.In
PARTIAL
mode, the system overwrites compliance information for a specific association. The association must be configured withSyncCompliance
set toMANUAL
. By default, all requests useCOMPLETE
mode.This attribute is only valid for association compliance.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidItemContentException:
One or more content items isn't valid.
- TotalSizeLimitExceededException:
The size of inventory data has exceeded the total size limit for the resource.
- ItemSizeLimitExceededException:
The inventory item size has exceeded the size limit.
- ComplianceTypeCountLimitExceededException:
You specified too many custom compliance types. You can specify a maximum of 10 different types.
- InvalidResourceType:
The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
PutInventory
$result = $client->putInventory
([/* ... */]); $promise = $client->putInventoryAsync
([/* ... */]);
Bulk update custom inventory items on one or more managed nodes. The request adds an inventory item, if it doesn't already exist, or updates an inventory item, if it does exist.
Parameter Syntax
$result = $client->putInventory([ 'InstanceId' => '<string>', // REQUIRED 'Items' => [ // REQUIRED [ 'CaptureTime' => '<string>', // REQUIRED 'Content' => [ ['<string>', ...], // ... ], 'ContentHash' => '<string>', 'Context' => ['<string>', ...], 'SchemaVersion' => '<string>', // REQUIRED 'TypeName' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- InstanceId
-
- Required: Yes
- Type: string
An managed node ID where you want to add or update inventory items.
- Items
-
- Required: Yes
- Type: Array of InventoryItem structures
The inventory items that you want to add or update on managed nodes.
Result Syntax
[ 'Message' => '<string>', ]
Result Details
Members
- Message
-
- Type: string
Information about the request.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidTypeNameException:
The parameter type name isn't valid.
- InvalidItemContentException:
One or more content items isn't valid.
- TotalSizeLimitExceededException:
The size of inventory data has exceeded the total size limit for the resource.
- ItemSizeLimitExceededException:
The inventory item size has exceeded the size limit.
- ItemContentMismatchException:
The inventory item has invalid content.
- CustomSchemaCountLimitExceededException:
You have exceeded the limit for custom schemas. Delete one or more custom schemas and try again.
- UnsupportedInventorySchemaVersionException:
Inventory item type schema version has to match supported versions in the service. Check output of GetInventorySchema to see the available schema version for each type.
- UnsupportedInventoryItemContextException:
The
Context
attribute that you specified for theInventoryItem
isn't allowed for this inventory type. You can only use theContext
attribute with inventory types likeAWS:ComplianceItem
.- InvalidInventoryItemContextException:
You specified invalid keys or values in the
Context
attribute forInventoryItem
. Verify the keys and values, and try again.- SubTypeCountLimitExceededException:
The sub-type count exceeded the limit for the inventory type.
PutParameter
$result = $client->putParameter
([/* ... */]); $promise = $client->putParameterAsync
([/* ... */]);
Add a parameter to the system.
Parameter Syntax
$result = $client->putParameter([ 'AllowedPattern' => '<string>', 'DataType' => '<string>', 'Description' => '<string>', 'KeyId' => '<string>', 'Name' => '<string>', // REQUIRED 'Overwrite' => true || false, 'Policies' => '<string>', 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'Tier' => 'Standard|Advanced|Intelligent-Tiering', 'Type' => 'String|StringList|SecureString', 'Value' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AllowedPattern
-
- Type: string
A regular expression used to validate the parameter value. For example, for String types with values restricted to numbers, you can specify the following: AllowedPattern=^\d+$
- DataType
-
- Type: string
The data type for a
String
parameter. Supported data types include plain text and Amazon Machine Image (AMI) IDs.The following data type values are supported.
-
text
-
aws:ec2:image
-
aws:ssm:integration
When you create a
String
parameter and specifyaws:ec2:image
, Amazon Web Services Systems Manager validates the parameter value is in the required format, such asami-12345abcdeEXAMPLE
, and that the specified AMI is available in your Amazon Web Services account.If the action is successful, the service sends back an HTTP 200 response which indicates a successful
PutParameter
call for all cases except for data typeaws:ec2:image
. If you callPutParameter
withaws:ec2:image
data type, a successful HTTP 200 response does not guarantee that your parameter was successfully created or updated. Theaws:ec2:image
value is validated asynchronously, and thePutParameter
call returns before the validation is complete. If you submit an invalid AMI value, the PutParameter operation will return success, but the asynchronous validation will fail and the parameter will not be created or updated. To monitor whether youraws:ec2:image
parameters are created successfully, see Setting up notifications or trigger actions based on Parameter Store events. For more information about AMI format validation , see Native parameter support for Amazon Machine Image IDs. - Description
-
- Type: string
Information about the parameter that you want to add to the system. Optional but recommended.
Don't enter personally identifiable information in this field.
- KeyId
-
- Type: string
The Key Management Service (KMS) ID that you want to use to encrypt a parameter. Use a custom key for better security. Required for parameters that use the
SecureString
data type.If you don't specify a key ID, the system uses the default key associated with your Amazon Web Services account which is not as secure as using a custom key.
-
To use a custom KMS key, choose the
SecureString
data type with theKey ID
parameter.
- Name
-
- Required: Yes
- Type: string
The fully qualified name of the parameter that you want to add to the system.
You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.
The fully qualified name includes the complete hierarchy of the parameter path and name. For parameters in a hierarchy, you must include a leading forward slash character (/) when you create or reference a parameter. For example:
/Dev/DBServer/MySQL/db-string13
Naming Constraints:
-
Parameter names are case sensitive.
-
A parameter name must be unique within an Amazon Web Services Region
-
A parameter name can't be prefixed with "
aws
" or "ssm
" (case-insensitive). -
Parameter names can include only the following symbols and letters:
a-zA-Z0-9_.-
In addition, the slash character ( / ) is used to delineate hierarchies in parameter names. For example:
/Dev/Production/East/Project-ABC/MyParameter
-
A parameter name can't include spaces.
-
Parameter hierarchies are limited to a maximum depth of fifteen levels.
For additional information about valid values for parameter names, see Creating Systems Manager parameters in the Amazon Web Services Systems Manager User Guide.
The maximum length constraint of 2048 characters listed below includes 1037 characters reserved for internal use by Systems Manager. The maximum length for a parameter name that you create is 1011 characters. This includes the characters in the ARN that precede the name you specify, such as
arn:aws:ssm:us-east-2:111122223333:parameter/
. - Overwrite
-
- Type: boolean
Overwrite an existing parameter. The default value is
false
. - Policies
-
- Type: string
One or more policies to apply to a parameter. This operation takes a JSON array. Parameter Store, a capability of Amazon Web Services Systems Manager supports the following policy types:
Expiration: This policy deletes the parameter after it expires. When you create the policy, you specify the expiration date. You can update the expiration date and time by updating the policy. Updating the parameter doesn't affect the expiration date and time. When the expiration time is reached, Parameter Store deletes the parameter.
ExpirationNotification: This policy initiates an event in Amazon CloudWatch Events that notifies you about the expiration. By using this policy, you can receive notification before or after the expiration time is reached, in units of days or hours.
NoChangeNotification: This policy initiates a CloudWatch Events event if a parameter hasn't been modified for a specified period of time. This policy type is useful when, for example, a secret needs to be changed within a period of time, but it hasn't been changed.
All existing policies are preserved until you send new policies or an empty policy. For more information about parameter policies, see Assigning parameter policies.
- Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Systems Manager parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter. In this case, you could specify the following key-value pairs:
-
Key=Resource,Value=S3bucket
-
Key=OS,Value=Windows
-
Key=ParameterType,Value=LicenseKey
To add tags to an existing Systems Manager parameter, use the AddTagsToResource operation.
- Tier
-
- Type: string
The parameter tier to assign to a parameter.
Parameter Store offers a standard tier and an advanced tier for parameters. Standard parameters have a content size limit of 4 KB and can't be configured to use parameter policies. You can create a maximum of 10,000 standard parameters for each Region in an Amazon Web Services account. Standard parameters are offered at no additional cost.
Advanced parameters have a content size limit of 8 KB and can be configured to use parameter policies. You can create a maximum of 100,000 advanced parameters for each Region in an Amazon Web Services account. Advanced parameters incur a charge. For more information, see Managing parameter tiers in the Amazon Web Services Systems Manager User Guide.
You can change a standard parameter to an advanced parameter any time. But you can't revert an advanced parameter to a standard parameter. Reverting an advanced parameter to a standard parameter would result in data loss because the system would truncate the size of the parameter from 8 KB to 4 KB. Reverting would also remove any policies attached to the parameter. Lastly, advanced parameters use a different form of encryption than standard parameters.
If you no longer need an advanced parameter, or if you no longer want to incur charges for an advanced parameter, you must delete it and recreate it as a new standard parameter.
Using the Default Tier Configuration
In
PutParameter
requests, you can specify the tier to create the parameter in. Whenever you specify a tier in the request, Parameter Store creates or updates the parameter according to that request. However, if you don't specify a tier in a request, Parameter Store assigns the tier based on the current Parameter Store default tier configuration.The default tier when you begin using Parameter Store is the standard-parameter tier. If you use the advanced-parameter tier, you can specify one of the following as the default:
-
Advanced: With this option, Parameter Store evaluates all requests as advanced parameters.
-
Intelligent-Tiering: With this option, Parameter Store evaluates each request to determine if the parameter is standard or advanced.
If the request doesn't include any options that require an advanced parameter, the parameter is created in the standard-parameter tier. If one or more options requiring an advanced parameter are included in the request, Parameter Store create a parameter in the advanced-parameter tier.
This approach helps control your parameter-related costs by always creating standard parameters unless an advanced parameter is necessary.
Options that require an advanced parameter include the following:
-
The content size of the parameter is more than 4 KB.
-
The parameter uses a parameter policy.
-
More than 10,000 parameters already exist in your Amazon Web Services account in the current Amazon Web Services Region.
For more information about configuring the default tier option, see Specifying a default parameter tier in the Amazon Web Services Systems Manager User Guide.
- Type
-
- Type: string
The type of parameter that you want to add to the system.
SecureString
isn't currently supported for CloudFormation templates.Items in a
StringList
must be separated by a comma (,). You can't use other punctuation or special character to escape items in the list. If you have a parameter value that requires a comma, then use theString
data type.Specifying a parameter type isn't required when updating a parameter. You must specify a parameter type when creating a parameter.
- Value
-
- Required: Yes
- Type: string
The parameter value that you want to add to the system. Standard parameters have a value limit of 4 KB. Advanced parameters have a value limit of 8 KB.
Parameters can't be referenced or nested in the values of other parameters. You can't include
{{}}
or{{ssm:parameter-name}}
in a parameter value.
Result Syntax
[ 'Tier' => 'Standard|Advanced|Intelligent-Tiering', 'Version' => <integer>, ]
Result Details
Members
- Tier
-
- Type: string
The tier assigned to the parameter.
- Version
-
- Type: long (int|float)
The new version number of a parameter. If you edit a parameter value, Parameter Store automatically creates a new version and assigns this new version a unique ID. You can reference a parameter version ID in API operations or in Systems Manager documents (SSM documents). By default, if you don't specify a specific version, the system returns the latest parameter value when a parameter is called.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidKeyId:
The query key ID isn't valid.
- ParameterLimitExceeded:
You have exceeded the number of parameters for this Amazon Web Services account. Delete one or more parameters and try again.
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
- ParameterAlreadyExists:
The parameter already exists. You can't create duplicate parameters.
- HierarchyLevelLimitExceededException:
A hierarchy can have a maximum of 15 levels. For more information, see Requirements and constraints for parameter names in the Amazon Web Services Systems Manager User Guide.
- HierarchyTypeMismatchException:
Parameter Store doesn't support changing a parameter type in a hierarchy. For example, you can't change a parameter from a
String
type to aSecureString
type. You must create a new, unique parameter.- InvalidAllowedPatternException:
The request doesn't meet the regular expression requirement.
- ParameterMaxVersionLimitExceeded:
Parameter Store retains the 100 most recently created versions of a parameter. After this number of versions has been created, Parameter Store deletes the oldest version when a new one is created. However, if the oldest version has a label attached to it, Parameter Store won't delete the version and instead presents this error message:
An error occurred (ParameterMaxVersionLimitExceeded) when calling the PutParameter operation: You attempted to create a new version of parameter-name by calling the PutParameter API with the overwrite flag. Version version-number, the oldest version, can't be deleted because it has a label associated with it. Move the label to another version of the parameter, and try again.
This safeguard is to prevent parameter versions with mission critical labels assigned to them from being deleted. To continue creating new parameters, first move the label from the oldest version of the parameter to a newer one for use in your operations. For information about moving parameter labels, see Move a parameter label (console) or Move a parameter label (CLI) in the Amazon Web Services Systems Manager User Guide.
- ParameterPatternMismatchException:
The parameter name isn't valid.
- UnsupportedParameterType:
The parameter type isn't supported.
- PoliciesLimitExceededException:
You specified more than the maximum number of allowed policies for the parameter. The maximum is 10.
- InvalidPolicyTypeException:
The policy type isn't supported. Parameter Store supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
- InvalidPolicyAttributeException:
A policy attribute or its value is invalid.
- IncompatiblePolicyException:
There is a conflict in the policies specified for this parameter. You can't, for example, specify two Expiration policies for a parameter. Review your policies, and try again.
PutResourcePolicy
$result = $client->putResourcePolicy
([/* ... */]); $promise = $client->putResourcePolicyAsync
([/* ... */]);
Creates or updates a Systems Manager resource policy. A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. The following resources support Systems Manager resource policies.
-
OpsItemGroup
- The resource policy forOpsItemGroup
enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems). -
Parameter
- The resource policy is used to share a parameter with other accounts using Resource Access Manager (RAM).To share a parameter, it must be in the advanced parameter tier. For information about parameter tiers, see Managing parameter tiers. For information about changing an existing standard parameter to an advanced parameter, see Changing a standard parameter to an advanced parameter.
To share a
SecureString
parameter, it must be encrypted with a customer managed key, and you must share the key separately through Key Management Service. Amazon Web Services managed keys cannot be shared. Parameters encrypted with the default Amazon Web Services managed key can be updated to use a customer managed key instead. For KMS key definitions, see KMS concepts in the Key Management Service Developer Guide.While you can share a parameter using the Systems Manager
PutResourcePolicy
operation, we recommend using Resource Access Manager (RAM) instead. This is because usingPutResourcePolicy
requires the extra step of promoting the parameter to a standard RAM Resource Share using the RAM PromoteResourceShareCreatedFromPolicy API operation. Otherwise, the parameter won't be returned by the Systems Manager DescribeParameters API operation using the--shared
option.For more information, see Sharing a parameter in the Amazon Web Services Systems Manager User Guide
Parameter Syntax
$result = $client->putResourcePolicy([ 'Policy' => '<string>', // REQUIRED 'PolicyHash' => '<string>', 'PolicyId' => '<string>', 'ResourceArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Policy
-
- Required: Yes
- Type: string
A policy you want to associate with a resource.
- PolicyHash
-
- Type: string
ID of the current policy version. The hash helps to prevent a situation where multiple users attempt to overwrite a policy. You must provide this hash when updating or deleting a policy.
- PolicyId
-
- Type: string
The policy ID.
- ResourceArn
-
- Required: Yes
- Type: string
Amazon Resource Name (ARN) of the resource to which you want to attach a policy.
Result Syntax
[ 'PolicyHash' => '<string>', 'PolicyId' => '<string>', ]
Result Details
Members
- PolicyHash
-
- Type: string
ID of the current policy version.
- PolicyId
-
- Type: string
The policy ID. To update a policy, you must specify
PolicyId
andPolicyHash
.
Errors
- InternalServerError:
An error occurred on the server side.
- ResourcePolicyInvalidParameterException:
One or more parameters specified for the call aren't valid. Verify the parameters and their values and try again.
- ResourcePolicyLimitExceededException:
The PutResourcePolicy API action enforces two limits. A policy can't be greater than 1024 bytes in size. And only one policy can be attached to
OpsItemGroup
. Verify these limits and try again.- ResourcePolicyConflictException:
The hash provided in the call doesn't match the stored hash. This exception is thrown when trying to update an obsolete policy version or when multiple requests to update a policy are sent.
- ResourceNotFoundException:
The specified parameter to be shared could not be found.
- MalformedResourcePolicyDocumentException:
The specified policy document is malformed or invalid, or excessive
PutResourcePolicy
orDeleteResourcePolicy
calls have been made.- ResourcePolicyNotFoundException:
No policies with the specified policy ID and hash could be found.
RegisterDefaultPatchBaseline
$result = $client->registerDefaultPatchBaseline
([/* ... */]); $promise = $client->registerDefaultPatchBaselineAsync
([/* ... */]);
Defines the default patch baseline for the relevant operating system.
To reset the Amazon Web Services-predefined patch baseline as the default, specify the full patch baseline Amazon Resource Name (ARN) as the baseline ID value. For example, for CentOS, specify arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed
instead of pb-0574b43a65ea646ed
.
Parameter Syntax
$result = $client->registerDefaultPatchBaseline([ 'BaselineId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- BaselineId
-
- Required: Yes
- Type: string
The ID of the patch baseline that should be the default patch baseline.
Result Syntax
[ 'BaselineId' => '<string>', ]
Result Details
Members
- BaselineId
-
- Type: string
The ID of the default patch baseline.
Errors
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
RegisterPatchBaselineForPatchGroup
$result = $client->registerPatchBaselineForPatchGroup
([/* ... */]); $promise = $client->registerPatchBaselineForPatchGroupAsync
([/* ... */]);
Registers a patch baseline for a patch group.
Parameter Syntax
$result = $client->registerPatchBaselineForPatchGroup([ 'BaselineId' => '<string>', // REQUIRED 'PatchGroup' => '<string>', // REQUIRED ]);
Parameter Details
Members
- BaselineId
-
- Required: Yes
- Type: string
The ID of the patch baseline to register with the patch group.
- PatchGroup
-
- Required: Yes
- Type: string
The name of the patch group to be registered with the patch baseline.
Result Syntax
[ 'BaselineId' => '<string>', 'PatchGroup' => '<string>', ]
Result Details
Members
- BaselineId
-
- Type: string
The ID of the patch baseline the patch group was registered with.
- PatchGroup
-
- Type: string
The name of the patch group registered with the patch baseline.
Errors
- AlreadyExistsException:
Error returned if an attempt is made to register a patch group with a patch baseline that is already registered with a different patch baseline.
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- ResourceLimitExceededException:
Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.
For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
RegisterTargetWithMaintenanceWindow
$result = $client->registerTargetWithMaintenanceWindow
([/* ... */]); $promise = $client->registerTargetWithMaintenanceWindowAsync
([/* ... */]);
Registers a target with a maintenance window.
Parameter Syntax
$result = $client->registerTargetWithMaintenanceWindow([ 'ClientToken' => '<string>', 'Description' => '<string>', 'Name' => '<string>', 'OwnerInformation' => '<string>', 'ResourceType' => 'INSTANCE|RESOURCE_GROUP', // REQUIRED 'Targets' => [ // REQUIRED [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- ClientToken
-
- Type: string
User-provided idempotency token.
- Description
-
- Type: string
An optional description for the target.
- Name
-
- Type: string
An optional name for the target.
- OwnerInformation
-
- Type: string
User-provided value that will be included in any Amazon CloudWatch Events events raised while running tasks for these targets in this maintenance window.
- ResourceType
-
- Required: Yes
- Type: string
The type of target being registered with the maintenance window.
- Targets
-
- Required: Yes
- Type: Array of Target structures
The targets to register with the maintenance window. In other words, the managed nodes to run commands on when the maintenance window runs.
If a single maintenance window task is registered with multiple targets, its task invocations occur sequentially and not in parallel. If your task must run on multiple targets at the same time, register a task for each target individually and assign each task the same priority level.
You can specify targets using managed node IDs, resource group names, or tags that have been applied to managed nodes.
Example 1: Specify managed node IDs
Key=InstanceIds,Values=<instance-id-1>,<instance-id-2>,<instance-id-3>
Example 2: Use tag key-pairs applied to managed nodes
Key=tag:<my-tag-key>,Values=<my-tag-value-1>,<my-tag-value-2>
Example 3: Use tag-keys applied to managed nodes
Key=tag-key,Values=<my-tag-key-1>,<my-tag-key-2>
Example 4: Use resource group names
Key=resource-groups:Name,Values=<resource-group-name>
Example 5: Use filters for resource group types
Key=resource-groups:ResourceTypeFilters,Values=<resource-type-1>,<resource-type-2>
For
Key=resource-groups:ResourceTypeFilters
, specify resource types in the following formatKey=resource-groups:ResourceTypeFilters,Values=AWS::EC2::INSTANCE,AWS::EC2::VPC
For more information about these examples formats, including the best use case for each one, see Examples: Register targets with a maintenance window in the Amazon Web Services Systems Manager User Guide.
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window the target should be registered with.
Result Syntax
[ 'WindowTargetId' => '<string>', ]
Result Details
Members
- WindowTargetId
-
- Type: string
The ID of the target definition in this maintenance window.
Errors
- IdempotentParameterMismatch:
Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- ResourceLimitExceededException:
Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.
For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
RegisterTaskWithMaintenanceWindow
$result = $client->registerTaskWithMaintenanceWindow
([/* ... */]); $promise = $client->registerTaskWithMaintenanceWindowAsync
([/* ... */]);
Adds a new task to a maintenance window.
Parameter Syntax
$result = $client->registerTaskWithMaintenanceWindow([ 'AlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ClientToken' => '<string>', 'CutoffBehavior' => 'CONTINUE_TASK|CANCEL_TASK', 'Description' => '<string>', 'LoggingInfo' => [ 'S3BucketName' => '<string>', // REQUIRED 'S3KeyPrefix' => '<string>', 'S3Region' => '<string>', // REQUIRED ], 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'Priority' => <integer>, 'ServiceRoleArn' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TaskArn' => '<string>', // REQUIRED 'TaskInvocationParameters' => [ 'Automation' => [ 'DocumentVersion' => '<string>', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], ], 'Lambda' => [ 'ClientContext' => '<string>', 'Payload' => <string || resource || Psr\Http\Message\StreamInterface>, 'Qualifier' => '<string>', ], 'RunCommand' => [ 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'Comment' => '<string>', 'DocumentHash' => '<string>', 'DocumentHashType' => 'Sha256|Sha1', 'DocumentVersion' => '<string>', 'NotificationConfig' => [ 'NotificationArn' => '<string>', 'NotificationEvents' => ['<string>', ...], 'NotificationType' => 'Command|Invocation', ], 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ServiceRoleArn' => '<string>', 'TimeoutSeconds' => <integer>, ], 'StepFunctions' => [ 'Input' => '<string>', 'Name' => '<string>', ], ], 'TaskParameters' => [ '<MaintenanceWindowTaskParameterName>' => [ 'Values' => ['<string>', ...], ], // ... ], 'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', // REQUIRED 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The CloudWatch alarm you want to apply to your maintenance window task.
- ClientToken
-
- Type: string
User-provided idempotency token.
- CutoffBehavior
-
- Type: string
Indicates whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.
-
CONTINUE_TASK
: When the cutoff time is reached, any tasks that are running continue. The default value. -
CANCEL_TASK
:-
For Automation, Lambda, Step Functions tasks: When the cutoff time is reached, any task invocations that are already running continue, but no new task invocations are started.
-
For Run Command tasks: When the cutoff time is reached, the system sends a CancelCommand operation that attempts to cancel the command associated with the task. However, there is no guarantee that the command will be terminated and the underlying process stopped.
The status for tasks that are not completed is
TIMED_OUT
. -
- Description
-
- Type: string
An optional description for the task.
- LoggingInfo
-
- Type: LoggingInfo structure
A structure containing information about an Amazon Simple Storage Service (Amazon S3) bucket to write managed node-level logs to.
LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. - MaxConcurrency
-
- Type: string
The maximum number of targets this task can be run for, in parallel.
Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of
1
. This value doesn't affect the running of your task. - MaxErrors
-
- Type: string
The maximum number of errors allowed before this task stops being scheduled.
Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of
1
. This value doesn't affect the running of your task. - Name
-
- Type: string
An optional name for the task.
- Priority
-
- Type: int
The priority of the task in the maintenance window, the lower the number the higher the priority. Tasks in a maintenance window are scheduled in priority order with tasks that have the same priority scheduled in parallel.
- ServiceRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run
RegisterTaskWithMaintenanceWindow
.However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.
- Targets
-
- Type: Array of Target structures
The targets (either managed nodes or maintenance window targets).
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.
Specify managed nodes using the following format:
Key=InstanceIds,Values=<instance-id-1>,<instance-id-2>
Specify maintenance window targets using the following format:
Key=WindowTargetIds,Values=<window-target-id-1>,<window-target-id-2>
- TaskArn
-
- Required: Yes
- Type: string
The ARN of the task to run.
- TaskInvocationParameters
-
- Type: MaintenanceWindowTaskInvocationParameters structure
The parameters that the task should use during execution. Populate only the fields that match the task type. All other fields should be empty.
- TaskParameters
-
- Type: Associative array of custom strings keys (MaintenanceWindowTaskParameterName) to MaintenanceWindowTaskParameterValueExpression structures
The parameters that should be passed to the task when it is run.
TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. - TaskType
-
- Required: Yes
- Type: string
The type of task being registered.
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window the task should be added to.
Result Syntax
[ 'WindowTaskId' => '<string>', ]
Result Details
Members
- WindowTaskId
-
- Type: string
The ID of the task in the maintenance window.
Errors
- IdempotentParameterMismatch:
Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- ResourceLimitExceededException:
Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.
For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- FeatureNotAvailableException:
You attempted to register a
LAMBDA
orSTEP_FUNCTIONS
task in a region where the corresponding service isn't available.- InternalServerError:
An error occurred on the server side.
RemoveTagsFromResource
$result = $client->removeTagsFromResource
([/* ... */]); $promise = $client->removeTagsFromResourceAsync
([/* ... */]);
Removes tag keys from the specified resource.
Parameter Syntax
$result = $client->removeTagsFromResource([ 'ResourceId' => '<string>', // REQUIRED 'ResourceType' => 'Document|ManagedInstance|MaintenanceWindow|Parameter|PatchBaseline|OpsItem|OpsMetadata|Automation|Association', // REQUIRED 'TagKeys' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- ResourceId
-
- Required: Yes
- Type: string
The ID of the resource from which you want to remove tags. For example:
ManagedInstance: mi-012345abcde
MaintenanceWindow: mw-012345abcde
Automation
:example-c160-4567-8519-012345abcde
PatchBaseline: pb-012345abcde
OpsMetadata object:
ResourceID
for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically,ResourceID
is created from the strings that come after the wordopsmetadata
in the ARN. For example, an OpsMetadata object with an ARN ofarn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager
has aResourceID
of eitheraws/ssm/MyGroup/appmanager
or/aws/ssm/MyGroup/appmanager
.For the Document and Parameter values, use the name of the resource.
The
ManagedInstance
type for this API operation is only for on-premises managed nodes. Specify the name of the managed node in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f. - ResourceType
-
- Required: Yes
- Type: string
The type of resource from which you want to remove a tag.
The
ManagedInstance
type for this API operation is only for on-premises managed nodes. Specify the name of the managed node in the following format:mi-ID_number
. For example,mi-1a2b3c4d5e6f
. - TagKeys
-
- Required: Yes
- Type: Array of strings
Tag keys that you want to remove from the specified resource.
Result Syntax
[]
Result Details
Errors
- InvalidResourceType:
The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.
- InvalidResourceId:
The resource ID isn't valid. Verify that you entered the correct ID and try again.
- InternalServerError:
An error occurred on the server side.
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
ResetServiceSetting
$result = $client->resetServiceSetting
([/* ... */]); $promise = $client->resetServiceSettingAsync
([/* ... */]);
ServiceSetting
is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.
Services map a SettingId
object to a setting value. Amazon Web Services services teams define the default value for a SettingId
. You can't create a new SettingId
, but you can overwrite the default value if you have the ssm:UpdateServiceSetting
permission for the setting. Use the GetServiceSetting API operation to view the current value. Use the UpdateServiceSetting API operation to change the default setting.
Reset the service setting for the account to the default value as provisioned by the Amazon Web Services service team.
Parameter Syntax
$result = $client->resetServiceSetting([ 'SettingId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- SettingId
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the service setting to reset. The setting ID can be one of the following.
-
/ssm/managed-instance/default-ec2-instance-management-role
-
/ssm/automation/customer-script-log-destination
-
/ssm/automation/customer-script-log-group-name
-
/ssm/documents/console/public-sharing-permission
-
/ssm/managed-instance/activation-tier
-
/ssm/opsinsights/opscenter
-
/ssm/parameter-store/default-parameter-tier
-
/ssm/parameter-store/high-throughput-enabled
Result Syntax
[ 'ServiceSetting' => [ 'ARN' => '<string>', 'LastModifiedDate' => <DateTime>, 'LastModifiedUser' => '<string>', 'SettingId' => '<string>', 'SettingValue' => '<string>', 'Status' => '<string>', ], ]
Result Details
Members
- ServiceSetting
-
- Type: ServiceSetting structure
The current, effective service setting after calling the ResetServiceSetting API operation.
Errors
- InternalServerError:
An error occurred on the server side.
- ServiceSettingNotFound:
The specified service setting wasn't found. Either the service name or the setting hasn't been provisioned by the Amazon Web Services service team.
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
ResumeSession
$result = $client->resumeSession
([/* ... */]); $promise = $client->resumeSessionAsync
([/* ... */]);
Reconnects a session to a managed node after it has been disconnected. Connections can be resumed for disconnected sessions, but not terminated sessions.
This command is primarily for use by client machines to automatically reconnect during intermittent network issues. It isn't intended for any other use.
Parameter Syntax
$result = $client->resumeSession([ 'SessionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- SessionId
-
- Required: Yes
- Type: string
The ID of the disconnected session to resume.
Result Syntax
[ 'SessionId' => '<string>', 'StreamUrl' => '<string>', 'TokenValue' => '<string>', ]
Result Details
Members
- SessionId
-
- Type: string
The ID of the session.
- StreamUrl
-
- Type: string
A URL back to SSM Agent on the managed node that the Session Manager client uses to send commands and receive output from the managed node. Format:
wss://ssmmessages.region.amazonaws.com/v1/data-channel/session-id?stream=(input|output)
.region represents the Region identifier for an Amazon Web Services Region supported by Amazon Web Services Systems Manager, such as
us-east-2
for the US East (Ohio) Region. For a list of supported region values, see the Region column in Systems Manager service endpoints in the Amazon Web Services General Reference.session-id represents the ID of a Session Manager session, such as
1a2b3c4dEXAMPLE
. - TokenValue
-
- Type: string
An encrypted token value containing session and caller information. Used to authenticate the connection to the managed node.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
SendAutomationSignal
$result = $client->sendAutomationSignal
([/* ... */]); $promise = $client->sendAutomationSignalAsync
([/* ... */]);
Sends a signal to an Automation execution to change the current behavior or status of the execution.
Parameter Syntax
$result = $client->sendAutomationSignal([ 'AutomationExecutionId' => '<string>', // REQUIRED 'Payload' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'SignalType' => 'Approve|Reject|StartStep|StopStep|Resume', // REQUIRED ]);
Parameter Details
Members
- AutomationExecutionId
-
- Required: Yes
- Type: string
The unique identifier for an existing Automation execution that you want to send the signal to.
- Payload
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
The data sent with the signal. The data schema depends on the type of signal used in the request.
For
Approve
andReject
signal types, the payload is an optional comment that you can send with the signal type. For example:Comment="Looks good"
For
StartStep
andResume
signal types, you must send the name of the Automation step to start or resume as the payload. For example:StepName="step1"
For the
StopStep
signal type, you must send the step execution ID as the payload. For example:StepExecutionId="97fff367-fc5a-4299-aed8-0123456789ab"
- SignalType
-
- Required: Yes
- Type: string
The type of signal to send to an Automation execution.
Result Syntax
[]
Result Details
Errors
- AutomationExecutionNotFoundException:
There is no automation execution information for the requested automation execution ID.
- AutomationStepNotFoundException:
The specified step name and execution ID don't exist. Verify the information and try again.
- InvalidAutomationSignalException:
The signal isn't valid for the current Automation execution.
- InternalServerError:
An error occurred on the server side.
SendCommand
$result = $client->sendCommand
([/* ... */]); $promise = $client->sendCommandAsync
([/* ... */]);
Runs commands on one or more managed nodes.
Parameter Syntax
$result = $client->sendCommand([ 'AlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'Comment' => '<string>', 'DocumentHash' => '<string>', 'DocumentHashType' => 'Sha256|Sha1', 'DocumentName' => '<string>', // REQUIRED 'DocumentVersion' => '<string>', 'InstanceIds' => ['<string>', ...], 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'NotificationConfig' => [ 'NotificationArn' => '<string>', 'NotificationEvents' => ['<string>', ...], 'NotificationType' => 'Command|Invocation', ], 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ServiceRoleArn' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TimeoutSeconds' => <integer>, ]);
Parameter Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The CloudWatch alarm you want to apply to your command.
- CloudWatchOutputConfig
-
- Type: CloudWatchOutputConfig structure
Enables Amazon Web Services Systems Manager to send Run Command output to Amazon CloudWatch Logs. Run Command is a capability of Amazon Web Services Systems Manager.
- Comment
-
- Type: string
User-specified information about the command, such as a brief description of what the command should do.
- DocumentHash
-
- Type: string
The Sha256 or Sha1 hash created by the system when the document was created.
Sha1 hashes have been deprecated.
- DocumentHashType
-
- Type: string
Sha256 or Sha1.
Sha1 hashes have been deprecated.
- DocumentName
-
- Required: Yes
- Type: string
The name of the Amazon Web Services Systems Manager document (SSM document) to run. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document Amazon Resource Name (ARN). For more information about how to use shared documents, see Sharing SSM documents in the Amazon Web Services Systems Manager User Guide.
If you specify a document name or ARN that hasn't been shared with your account, you receive an
InvalidDocument
error. - DocumentVersion
-
- Type: string
The SSM document version to use in the request. You can specify $DEFAULT, $LATEST, or a specific version number. If you run commands by using the Command Line Interface (Amazon Web Services CLI), then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:
--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
- InstanceIds
-
- Type: Array of strings
The IDs of the managed nodes where the command should run. Specifying managed node IDs is most useful when you are targeting a limited number of managed nodes, though you can specify up to 50 IDs.
To target a larger number of managed nodes, or if you prefer not to list individual node IDs, we recommend using the
Targets
option instead. UsingTargets
, which accepts tag key-value pairs to identify the managed nodes to send commands to, you can a send command to tens, hundreds, or thousands of nodes at once.For more information about how to use targets, see Run commands at scale in the Amazon Web Services Systems Manager User Guide.
- MaxConcurrency
-
- Type: string
(Optional) The maximum number of managed nodes that are allowed to run the command at the same time. You can specify a number such as 10 or a percentage such as 10%. The default value is
50
. For more information about how to useMaxConcurrency
, see Using concurrency controls in the Amazon Web Services Systems Manager User Guide. - MaxErrors
-
- Type: string
The maximum number of errors allowed without the command failing. When the command fails one more time beyond the value of
MaxErrors
, the systems stops sending the command to additional targets. You can specify a number like 10 or a percentage like 10%. The default value is0
. For more information about how to useMaxErrors
, see Using error controls in the Amazon Web Services Systems Manager User Guide. - NotificationConfig
-
- Type: NotificationConfig structure
Configurations for sending notifications.
- OutputS3BucketName
-
- Type: string
The name of the S3 bucket where command execution responses should be stored.
- OutputS3KeyPrefix
-
- Type: string
The directory structure within the S3 bucket where the responses should be stored.
- OutputS3Region
-
- Type: string
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Amazon Web Services Region of the S3 bucket.
- Parameters
-
- Type: Associative array of custom strings keys (ParameterName) to stringss
The required and optional parameters specified in the document being run.
- ServiceRoleArn
-
- Type: string
The ARN of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for Run Command commands.
This role must provide the
sns:Publish
permission for your notification topic. For information about creating and using this service role, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide. - Targets
-
- Type: Array of Target structures
An array of search criteria that targets managed nodes using a
Key,Value
combination that you specify. Specifying targets is most useful when you want to send a command to a large number of managed nodes at once. UsingTargets
, which accepts tag key-value pairs to identify managed nodes, you can send a command to tens, hundreds, or thousands of nodes at once.To send a command to a smaller number of managed nodes, you can use the
InstanceIds
option instead.For more information about how to use targets, see Run commands at scale in the Amazon Web Services Systems Manager User Guide.
- TimeoutSeconds
-
- Type: int
If this time is reached and the command hasn't already started running, it won't run.
Result Syntax
[ 'Command' => [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'CommandId' => '<string>', 'Comment' => '<string>', 'CompletedCount' => <integer>, 'DeliveryTimedOutCount' => <integer>, 'DocumentName' => '<string>', 'DocumentVersion' => '<string>', 'ErrorCount' => <integer>, 'ExpiresAfter' => <DateTime>, 'InstanceIds' => ['<string>', ...], 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'NotificationConfig' => [ 'NotificationArn' => '<string>', 'NotificationEvents' => ['<string>', ...], 'NotificationType' => 'Command|Invocation', ], 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'RequestedDateTime' => <DateTime>, 'ServiceRole' => '<string>', 'Status' => 'Pending|InProgress|Success|Cancelled|Failed|TimedOut|Cancelling', 'StatusDetails' => '<string>', 'TargetCount' => <integer>, 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TimeoutSeconds' => <integer>, 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], ]
Result Details
Members
- Command
-
- Type: Command structure
The request as it was received by Systems Manager. Also provides the command ID which can be used future references to this request.
Errors
- DuplicateInstanceId:
You can't specify a managed node ID in more than one association.
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
- InvalidOutputFolder:
The S3 bucket doesn't exist.
- InvalidParameters:
You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.
- UnsupportedPlatformType:
The document doesn't support the platform type of the given managed node IDs. For example, you sent an document for a Windows managed node to a Linux node.
- MaxDocumentSizeExceeded:
The size limit of a document is 64 KB.
- InvalidRole:
The role name can't contain invalid characters. Also verify that you specified an IAM role for notifications that includes the required trust policy. For information about configuring the IAM role for Run Command notifications, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
- InvalidNotificationConfig:
One or more configuration items isn't valid. Verify that a valid Amazon Resource Name (ARN) was provided for an Amazon Simple Notification Service topic.
StartAssociationsOnce
$result = $client->startAssociationsOnce
([/* ... */]); $promise = $client->startAssociationsOnceAsync
([/* ... */]);
Runs an association immediately and only one time. This operation can be helpful when troubleshooting associations.
Parameter Syntax
$result = $client->startAssociationsOnce([ 'AssociationIds' => ['<string>', ...], // REQUIRED ]);
Parameter Details
Members
- AssociationIds
-
- Required: Yes
- Type: Array of strings
The association IDs that you want to run immediately and only one time.
Result Syntax
[]
Result Details
Errors
- InvalidAssociation:
The association isn't valid or doesn't exist.
- AssociationDoesNotExist:
The specified association doesn't exist.
StartAutomationExecution
$result = $client->startAutomationExecution
([/* ... */]); $promise = $client->startAutomationExecutionAsync
([/* ... */]);
Initiates execution of an Automation runbook.
Parameter Syntax
$result = $client->startAutomationExecution([ 'AlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ClientToken' => '<string>', 'DocumentName' => '<string>', // REQUIRED 'DocumentVersion' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Mode' => 'Auto|Interactive', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetLocationsURL' => '<string>', 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'TargetParameterName' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ]);
Parameter Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The CloudWatch alarm you want to apply to your automation.
- ClientToken
-
- Type: string
User-provided idempotency token. The token must be unique, is case insensitive, enforces the UUID format, and can't be reused.
- DocumentName
-
- Required: Yes
- Type: string
The name of the SSM document to run. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document ARN. For more information about how to use shared documents, see Sharing SSM documents in the Amazon Web Services Systems Manager User Guide.
- DocumentVersion
-
- Type: string
The version of the Automation runbook to use for this execution.
- MaxConcurrency
-
- Type: string
The maximum number of targets allowed to run this task in parallel. You can specify a number, such as 10, or a percentage, such as 10%. The default value is
10
.If both this parameter and the
TargetLocation:TargetsMaxConcurrency
are supplied,TargetLocation:TargetsMaxConcurrency
takes precedence. - MaxErrors
-
- Type: string
The number of errors that are allowed before the system stops running the automation on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops running the automation when the fourth error is received. If you specify 0, then the system stops running the automation on additional targets after the first error result is returned. If you run an automation on 50 resources and set max-errors to 10%, then the system stops running the automation on additional targets when the sixth error is received.
Executions that are already running an automation when max-errors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one at a time.
If this parameter and the
TargetLocation:TargetsMaxErrors
parameter are both supplied,TargetLocation:TargetsMaxErrors
takes precedence. - Mode
-
- Type: string
The execution mode of the automation. Valid modes include the following: Auto and Interactive. The default mode is Auto.
- Parameters
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
A key-value map of execution parameters, which match the declared parameters in the Automation runbook.
- Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. You can specify a maximum of five tags for an automation. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an automation to identify an environment or operating system. In this case, you could specify the following key-value pairs:
-
Key=environment,Value=test
-
Key=OS,Value=Windows
To add tags to an existing automation, use the AddTagsToResource operation.
- TargetLocations
-
- Type: Array of TargetLocation structures
A location is a combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the automation. Use this operation to start an automation in multiple Amazon Web Services Regions and multiple Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the Amazon Web Services Systems Manager User Guide.
- TargetLocationsURL
-
- Type: string
Specify a publicly accessible URL for a file that contains the
TargetLocations
body. Currently, only files in presigned Amazon S3 buckets are supported. - TargetMaps
-
- Type: Array of maps
A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.
- TargetParameterName
-
- Type: string
The name of the parameter used as the target resource for the rate-controlled execution. Required if you specify targets.
- Targets
-
- Type: Array of Target structures
A key-value mapping to target resources. Required if you specify TargetParameterName.
If both this parameter and the
TargetLocation:Targets
parameter are supplied,TargetLocation:Targets
takes precedence.
Result Syntax
[ 'AutomationExecutionId' => '<string>', ]
Result Details
Members
- AutomationExecutionId
-
- Type: string
The unique ID of a newly scheduled automation execution.
Errors
- AutomationDefinitionNotFoundException:
An Automation runbook with the specified name couldn't be found.
- InvalidAutomationExecutionParametersException:
The supplied parameters for invoking the specified Automation runbook are incorrect. For example, they may not match the set of parameters permitted for the specified Automation document.
- AutomationExecutionLimitExceededException:
The number of simultaneously running Automation executions exceeded the allowable limit.
- AutomationDefinitionVersionNotFoundException:
An Automation runbook with the specified name and version couldn't be found.
- IdempotentParameterMismatch:
Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.
- InvalidTarget:
The target isn't valid or doesn't exist. It might not be configured for Systems Manager or you might not have permission to perform the operation.
- InternalServerError:
An error occurred on the server side.
StartChangeRequestExecution
$result = $client->startChangeRequestExecution
([/* ... */]); $promise = $client->startChangeRequestExecutionAsync
([/* ... */]);
Creates a change request for Change Manager. The Automation runbooks specified in the change request run only after all required approvals for the change request have been received.
Parameter Syntax
$result = $client->startChangeRequestExecution([ 'AutoApprove' => true || false, 'ChangeDetails' => '<string>', 'ChangeRequestName' => '<string>', 'ClientToken' => '<string>', 'DocumentName' => '<string>', // REQUIRED 'DocumentVersion' => '<string>', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'Runbooks' => [ // REQUIRED [ 'DocumentName' => '<string>', // REQUIRED 'DocumentVersion' => '<string>', 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'TargetParameterName' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ], // ... ], 'ScheduledEndTime' => <integer || string || DateTime>, 'ScheduledTime' => <integer || string || DateTime>, 'Tags' => [ [ 'Key' => '<string>', // REQUIRED 'Value' => '<string>', // REQUIRED ], // ... ], ]);
Parameter Details
Members
- AutoApprove
-
- Type: boolean
Indicates whether the change request can be approved automatically without the need for manual approvals.
If
AutoApprovable
is enabled in a change template, then settingAutoApprove
totrue
inStartChangeRequestExecution
creates a change request that bypasses approver review.Change Calendar restrictions are not bypassed in this scenario. If the state of an associated calendar is
CLOSED
, change freeze approvers must still grant permission for this change request to run. If they don't, the change won't be processed until the calendar state is againOPEN
. - ChangeDetails
-
- Type: string
User-provided details about the change. If no details are provided, content specified in the Template information section of the associated change template is added.
- ChangeRequestName
-
- Type: string
The name of the change request associated with the runbook workflow to be run.
- ClientToken
-
- Type: string
The user-provided idempotency token. The token must be unique, is case insensitive, enforces the UUID format, and can't be reused.
- DocumentName
-
- Required: Yes
- Type: string
The name of the change template document to run during the runbook workflow.
- DocumentVersion
-
- Type: string
The version of the change template document to run during the runbook workflow.
- Parameters
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
A key-value map of parameters that match the declared parameters in the change template document.
- Runbooks
-
- Required: Yes
- Type: Array of Runbook structures
Information about the Automation runbooks that are run during the runbook workflow.
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
- ScheduledEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time that the requester expects the runbook workflow related to the change request to complete. The time is an estimate only that the requester provides for reviewers.
- ScheduledTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time specified in the change request to run the Automation runbooks.
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
- Tags
-
- Type: Array of Tag structures
Optional metadata that you assign to a resource. You can specify a maximum of five tags for a change request. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a change request to identify an environment or target Amazon Web Services Region. In this case, you could specify the following key-value pairs:
-
Key=Environment,Value=Production
-
Key=Region,Value=us-east-2
Result Syntax
[ 'AutomationExecutionId' => '<string>', ]
Result Details
Members
- AutomationExecutionId
-
- Type: string
The unique ID of a runbook workflow operation. (A runbook workflow is a type of Automation operation.)
Errors
- AutomationDefinitionNotFoundException:
An Automation runbook with the specified name couldn't be found.
- InvalidAutomationExecutionParametersException:
The supplied parameters for invoking the specified Automation runbook are incorrect. For example, they may not match the set of parameters permitted for the specified Automation document.
- AutomationExecutionLimitExceededException:
The number of simultaneously running Automation executions exceeded the allowable limit.
- AutomationDefinitionVersionNotFoundException:
An Automation runbook with the specified name and version couldn't be found.
- IdempotentParameterMismatch:
Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.
- InternalServerError:
An error occurred on the server side.
- AutomationDefinitionNotApprovedException:
Indicates that the Change Manager change template used in the change request was rejected or is still in a pending state.
StartSession
$result = $client->startSession
([/* ... */]); $promise = $client->startSessionAsync
([/* ... */]);
Initiates a connection to a target (for example, a managed node) for a Session Manager session. Returns a URL and token that can be used to open a WebSocket connection for sending input and receiving outputs.
Amazon Web Services CLI usage: start-session
is an interactive command that requires the Session Manager plugin to be installed on the client machine making the call. For information, see Install the Session Manager plugin for the Amazon Web Services CLI in the Amazon Web Services Systems Manager User Guide.
Amazon Web Services Tools for PowerShell usage: Start-SSMSession isn't currently supported by Amazon Web Services Tools for PowerShell on Windows local machines.
Parameter Syntax
$result = $client->startSession([ 'DocumentName' => '<string>', 'Parameters' => [ '<SessionManagerParameterName>' => ['<string>', ...], // ... ], 'Reason' => '<string>', 'Target' => '<string>', // REQUIRED ]);
Parameter Details
Members
- DocumentName
-
- Type: string
The name of the SSM document you want to use to define the type of session, input parameters, or preferences for the session. For example,
SSM-SessionManagerRunShell
. You can call the GetDocument API to verify the document exists before attempting to start a session. If no document name is provided, a shell to the managed node is launched by default. For more information, see Start a session in the Amazon Web Services Systems Manager User Guide. - Parameters
-
- Type: Associative array of custom strings keys (SessionManagerParameterName) to stringss
The values you want to specify for the parameters defined in the Session document.
- Reason
-
- Type: string
The reason for connecting to the instance. This value is included in the details for the Amazon CloudWatch Events event created when you start the session.
- Target
-
- Required: Yes
- Type: string
The managed node to connect to for the session.
Result Syntax
[ 'SessionId' => '<string>', 'StreamUrl' => '<string>', 'TokenValue' => '<string>', ]
Result Details
Members
- SessionId
-
- Type: string
The ID of the session.
- StreamUrl
-
- Type: string
A URL back to SSM Agent on the managed node that the Session Manager client uses to send commands and receive output from the node. Format:
wss://ssmmessages.region.amazonaws.com/v1/data-channel/session-id?stream=(input|output)
region represents the Region identifier for an Amazon Web Services Region supported by Amazon Web Services Systems Manager, such as
us-east-2
for the US East (Ohio) Region. For a list of supported region values, see the Region column in Systems Manager service endpoints in the Amazon Web Services General Reference.session-id represents the ID of a Session Manager session, such as
1a2b3c4dEXAMPLE
. - TokenValue
-
- Type: string
An encrypted token value containing session and caller information. This token is used to authenticate the connection to the managed node, and is valid only long enough to ensure the connection is successful. Never share your session's token.
Errors
- InvalidDocument:
The specified SSM document doesn't exist.
- TargetNotConnected:
The specified target managed node for the session isn't fully configured for use with Session Manager. For more information, see Setting up Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you attempt to start a session on a managed node that is located in a different account or Region
- InternalServerError:
An error occurred on the server side.
StopAutomationExecution
$result = $client->stopAutomationExecution
([/* ... */]); $promise = $client->stopAutomationExecutionAsync
([/* ... */]);
Stop an Automation that is currently running.
Parameter Syntax
$result = $client->stopAutomationExecution([ 'AutomationExecutionId' => '<string>', // REQUIRED 'Type' => 'Complete|Cancel', ]);
Parameter Details
Members
- AutomationExecutionId
-
- Required: Yes
- Type: string
The execution ID of the Automation to stop.
- Type
-
- Type: string
The stop request type. Valid types include the following: Cancel and Complete. The default type is Cancel.
Result Syntax
[]
Result Details
Errors
- AutomationExecutionNotFoundException:
There is no automation execution information for the requested automation execution ID.
- InvalidAutomationStatusUpdateException:
The specified update status operation isn't valid.
- InternalServerError:
An error occurred on the server side.
TerminateSession
$result = $client->terminateSession
([/* ... */]); $promise = $client->terminateSessionAsync
([/* ... */]);
Permanently ends a session and closes the data connection between the Session Manager client and SSM Agent on the managed node. A terminated session can't be resumed.
Parameter Syntax
$result = $client->terminateSession([ 'SessionId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- SessionId
-
- Required: Yes
- Type: string
The ID of the session to terminate.
Result Syntax
[ 'SessionId' => '<string>', ]
Result Details
Members
- SessionId
-
- Type: string
The ID of the session that has been terminated.
Errors
- InternalServerError:
An error occurred on the server side.
UnlabelParameterVersion
$result = $client->unlabelParameterVersion
([/* ... */]); $promise = $client->unlabelParameterVersionAsync
([/* ... */]);
Remove a label or labels from a parameter.
Parameter Syntax
$result = $client->unlabelParameterVersion([ 'Labels' => ['<string>', ...], // REQUIRED 'Name' => '<string>', // REQUIRED 'ParameterVersion' => <integer>, // REQUIRED ]);
Parameter Details
Members
- Labels
-
- Required: Yes
- Type: Array of strings
One or more labels to delete from the specified parameter version.
- Name
-
- Required: Yes
- Type: string
The name of the parameter from which you want to delete one or more labels.
You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.
- ParameterVersion
-
- Required: Yes
- Type: long (int|float)
The specific version of the parameter which you want to delete one or more labels from. If it isn't present, the call will fail.
Result Syntax
[ 'InvalidLabels' => ['<string>', ...], 'RemovedLabels' => ['<string>', ...], ]
Result Details
Members
- InvalidLabels
-
- Type: Array of strings
The labels that aren't attached to the given parameter version.
- RemovedLabels
-
- Type: Array of strings
A list of all labels deleted from the parameter.
Errors
- InternalServerError:
An error occurred on the server side.
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
- ParameterNotFound:
The parameter couldn't be found. Verify the name and try again.
- ParameterVersionNotFound:
The specified parameter version wasn't found. Verify the parameter name and version, and try again.
UpdateAssociation
$result = $client->updateAssociation
([/* ... */]); $promise = $client->updateAssociationAsync
([/* ... */]);
Updates an association. You can update the association name and version, the document version, schedule, parameters, and Amazon Simple Storage Service (Amazon S3) output. When you call UpdateAssociation
, the system removes all optional parameters from the request and overwrites the association with null values for those parameters. This is by design. You must specify all optional parameters in the call, even if you are not changing the parameters. This includes the Name
parameter. Before calling this API action, we recommend that you call the DescribeAssociation API operation and make a note of all optional parameters required for your UpdateAssociation
call.
In order to call this API operation, a user, group, or role must be granted permission to call the DescribeAssociation API operation. If you don't have permission to call DescribeAssociation
, then you receive the following error: An error occurred (AccessDeniedException) when calling the UpdateAssociation operation: User: <user_arn> isn't authorized to perform: ssm:DescribeAssociation on resource: <resource_arn>
When you update an association, the association immediately runs against the specified targets. You can add the ApplyOnlyAtCronInterval
parameter to run the association during the next schedule run.
Parameter Syntax
$result = $client->updateAssociation([ 'AlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationId' => '<string>', // REQUIRED 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], ]);
Parameter Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm you want to apply to an automation or command.
- ApplyOnlyAtCronInterval
-
- Type: boolean
By default, when you update an association, the system runs it immediately after it is updated and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you update it. This parameter isn't supported for rate expressions.
If you chose this option when you created an association and later you edit that association or you make changes to the SSM document on which that association is based (by using the Documents page in the console), State Manager applies the association at the next specified cron interval. For example, if you chose the
Latest
version of an SSM document when you created an association and you edit the association by choosing a different document version on the Documents page, State Manager applies the association at the next specified cron interval if you previously selected this option. If this option wasn't selected, State Manager immediately runs the association.You can reset this option. To do so, specify the
no-apply-only-at-cron-interval
parameter when you update the association from the command line. This parameter forces the association to run immediately after updating it and according to the interval specified. - AssociationId
-
- Required: Yes
- Type: string
The ID of the association you want to update.
- AssociationName
-
- Type: string
The name of the association that you want to update.
- AssociationVersion
-
- Type: string
This parameter is provided for concurrency control purposes. You must specify the latest association version in the service. If you want to ensure that this request succeeds, either specify
$LATEST
, or omit this parameter. - AutomationTargetParameterName
-
- Type: string
Choose the parameter that will define how your automation will branch out. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
- CalendarNames
-
- Type: Array of strings
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents you want to gate your associations under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
- ComplianceSeverity
-
- Type: string
The severity level to assign to the association.
- DocumentVersion
-
- Type: string
The document version you want update for the association.
State Manager doesn't support running associations that use a new version of a document if that document is shared from another account. State Manager always runs the
default
version of a document if shared from another account, even though the Systems Manager console shows that a new version was processed. If you want to run an association using a new version of a document shared form another account, you must set the document version todefault
. - Duration
-
- Type: int
The number of hours the association can run before it is canceled. Duration applies to associations that are currently running, and any pending and in progress commands on all targets. If a target was taken offline for the association to run, it is made available again immediately, without a reboot.
The
Duration
parameter applies only when both these conditions are true:-
The association for which you specify a duration is cancelable according to the parameters of the SSM command document or Automation runbook associated with this execution.
-
The command specifies the
ApplyOnlyAtCronInterval
parameter, which means that the association doesn't run immediately after it is updated, but only according to the specified schedule.
- MaxConcurrency
-
- Type: string
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new managed node starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified forMaxConcurrency
. - MaxErrors
-
- Type: string
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time. - Name
-
- Type: string
The name of the SSM Command document or Automation runbook that contains the configuration information for the managed node.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.
For Systems Manager document (SSM document) that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:
arn:aws:ssm:region:account-id:document/document-name
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example,
AWS-ApplyPatchBaseline
orMy-Document
. - OutputLocation
-
- Type: InstanceAssociationOutputLocation structure
An S3 bucket where you want to store the results of this request.
- Parameters
-
- Type: Associative array of custom strings keys (ParameterName) to stringss
The parameters you want to update for the association. If you create a parameter using Parameter Store, a capability of Amazon Web Services Systems Manager, you can reference the parameter using
{{ssm:parameter-name}}
. - ScheduleExpression
-
- Type: string
The cron expression used to schedule the association that you want to update.
- ScheduleOffset
-
- Type: int
Number of days to wait after the scheduled day to run an association. For example, if you specified a cron schedule of
cron(0 0 ? * THU#2 *)
, you could specify an offset of 3 to run the association each Sunday after the second Thursday of the month. For more information about cron schedules for associations, see Reference: Cron and rate expressions for Systems Manager in the Amazon Web Services Systems Manager User Guide.To use offsets, you must specify the
ApplyOnlyAtCronInterval
parameter. This option tells the system not to run an association immediately after you create it. - SyncCompliance
-
- Type: string
The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
AUTO
mode. - TargetLocations
-
- Type: Array of TargetLocation structures
A location is a combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association. Use this action to update an association in multiple Regions and multiple accounts.
- TargetMaps
-
- Type: Array of maps
A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.
- Targets
-
- Type: Array of Target structures
The targets of the association.
Result Syntax
[ 'AssociationDescription' => [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationId' => '<string>', 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'Date' => <DateTime>, 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'LastExecutionDate' => <DateTime>, 'LastSuccessfulExecutionDate' => <DateTime>, 'LastUpdateAssociationDate' => <DateTime>, 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Overview' => [ 'AssociationStatusAggregatedCount' => [<integer>, ...], 'DetailedStatus' => '<string>', 'Status' => '<string>', ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'Status' => [ 'AdditionalInfo' => '<string>', 'Date' => <DateTime>, 'Message' => '<string>', 'Name' => 'Pending|Success|Failed', ], 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], ]
Result Details
Members
- AssociationDescription
-
- Type: AssociationDescription structure
The description of the association that was updated.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidSchedule:
The schedule is invalid. Verify your cron or rate expression and try again.
- InvalidParameters:
You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.
- InvalidOutputLocation:
The output location isn't valid or doesn't exist.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
- AssociationDoesNotExist:
The specified association doesn't exist.
- InvalidUpdate:
The update isn't valid.
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidTarget:
The target isn't valid or doesn't exist. It might not be configured for Systems Manager or you might not have permission to perform the operation.
- InvalidAssociationVersion:
The version you specified isn't valid. Use ListAssociationVersions to view all versions of an association according to the association ID. Or, use the
$LATEST
parameter to view the latest version of the association.- AssociationVersionLimitExceeded:
You have reached the maximum number versions allowed for an association. Each association has a limit of 1,000 versions.
- InvalidTargetMaps:
TargetMap parameter isn't valid.
UpdateAssociationStatus
$result = $client->updateAssociationStatus
([/* ... */]); $promise = $client->updateAssociationStatusAsync
([/* ... */]);
Updates the status of the Amazon Web Services Systems Manager document (SSM document) associated with the specified managed node.
UpdateAssociationStatus
is primarily used by the Amazon Web Services Systems Manager Agent (SSM Agent) to report status updates about your associations and is only used for associations created with the InstanceId
legacy parameter.
Parameter Syntax
$result = $client->updateAssociationStatus([ 'AssociationStatus' => [ // REQUIRED 'AdditionalInfo' => '<string>', 'Date' => <integer || string || DateTime>, // REQUIRED 'Message' => '<string>', // REQUIRED 'Name' => 'Pending|Success|Failed', // REQUIRED ], 'InstanceId' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AssociationStatus
-
- Required: Yes
- Type: AssociationStatus structure
The association status.
- InstanceId
-
- Required: Yes
- Type: string
The managed node ID.
- Name
-
- Required: Yes
- Type: string
The name of the SSM document.
Result Syntax
[ 'AssociationDescription' => [ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'ApplyOnlyAtCronInterval' => true || false, 'AssociationId' => '<string>', 'AssociationName' => '<string>', 'AssociationVersion' => '<string>', 'AutomationTargetParameterName' => '<string>', 'CalendarNames' => ['<string>', ...], 'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED', 'Date' => <DateTime>, 'DocumentVersion' => '<string>', 'Duration' => <integer>, 'InstanceId' => '<string>', 'LastExecutionDate' => <DateTime>, 'LastSuccessfulExecutionDate' => <DateTime>, 'LastUpdateAssociationDate' => <DateTime>, 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'OutputLocation' => [ 'S3Location' => [ 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'OutputS3Region' => '<string>', ], ], 'Overview' => [ 'AssociationStatusAggregatedCount' => [<integer>, ...], 'DetailedStatus' => '<string>', 'Status' => '<string>', ], 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ScheduleExpression' => '<string>', 'ScheduleOffset' => <integer>, 'Status' => [ 'AdditionalInfo' => '<string>', 'Date' => <DateTime>, 'Message' => '<string>', 'Name' => 'Pending|Success|Failed', ], 'SyncCompliance' => 'AUTO|MANUAL', 'TargetLocations' => [ [ 'Accounts' => ['<string>', ...], 'ExcludeAccounts' => ['<string>', ...], 'ExecutionRoleName' => '<string>', 'IncludeChildOrganizationUnits' => true || false, 'Regions' => ['<string>', ...], 'TargetLocationAlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'TargetLocationMaxConcurrency' => '<string>', 'TargetLocationMaxErrors' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TargetsMaxConcurrency' => '<string>', 'TargetsMaxErrors' => '<string>', ], // ... ], 'TargetMaps' => [ [ '<TargetMapKey>' => ['<string>', ...], // ... ], // ... ], 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TriggeredAlarms' => [ [ 'Name' => '<string>', 'State' => 'UNKNOWN|ALARM', ], // ... ], ], ]
Result Details
Members
- AssociationDescription
-
- Type: AssociationDescription structure
Information about the association.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InvalidDocument:
The specified SSM document doesn't exist.
- AssociationDoesNotExist:
The specified association doesn't exist.
- StatusUnchanged:
The updated status is the same as the current status.
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
UpdateDocument
$result = $client->updateDocument
([/* ... */]); $promise = $client->updateDocumentAsync
([/* ... */]);
Updates one or more values for an SSM document.
Parameter Syntax
$result = $client->updateDocument([ 'Attachments' => [ [ 'Key' => 'SourceUrl|S3FileUrl|AttachmentReference', 'Name' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'Content' => '<string>', // REQUIRED 'DisplayName' => '<string>', 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentVersion' => '<string>', 'Name' => '<string>', // REQUIRED 'TargetType' => '<string>', 'VersionName' => '<string>', ]);
Parameter Details
Members
- Attachments
-
- Type: Array of AttachmentsSource structures
A list of key-value pairs that describe attachments to a version of a document.
- Content
-
- Required: Yes
- Type: string
A valid JSON or YAML string.
- DisplayName
-
- Type: string
The friendly name of the SSM document that you want to update. This value can differ for each version of the document. If you don't specify a value for this parameter in your request, the existing value is applied to the new document version.
- DocumentFormat
-
- Type: string
Specify the document format for the new document version. Systems Manager supports JSON and YAML documents. JSON is the default format.
- DocumentVersion
-
- Type: string
The version of the document that you want to update. Currently, Systems Manager supports updating only the latest version of the document. You can specify the version number of the latest version or use the
$LATEST
variable.If you change a document version for a State Manager association, Systems Manager immediately runs the association unless you previously specifed the
apply-only-at-cron-interval
parameter. - Name
-
- Required: Yes
- Type: string
The name of the SSM document that you want to update.
- TargetType
-
- Type: string
Specify a new target type for the document.
- VersionName
-
- Type: string
An optional field specifying the version of the artifact you are updating with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.
Result Syntax
[ 'DocumentDescription' => [ 'ApprovedVersion' => '<string>', 'AttachmentsInformation' => [ [ 'Name' => '<string>', ], // ... ], 'Author' => '<string>', 'Category' => ['<string>', ...], 'CategoryEnum' => ['<string>', ...], 'CreatedDate' => <DateTime>, 'DefaultVersion' => '<string>', 'Description' => '<string>', 'DisplayName' => '<string>', 'DocumentFormat' => 'YAML|JSON|TEXT', 'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup', 'DocumentVersion' => '<string>', 'Hash' => '<string>', 'HashType' => 'Sha256|Sha1', 'LatestVersion' => '<string>', 'Name' => '<string>', 'Owner' => '<string>', 'Parameters' => [ [ 'DefaultValue' => '<string>', 'Description' => '<string>', 'Name' => '<string>', 'Type' => 'String|StringList', ], // ... ], 'PendingReviewVersion' => '<string>', 'PlatformTypes' => ['<string>', ...], 'Requires' => [ [ 'Name' => '<string>', 'RequireType' => '<string>', 'Version' => '<string>', 'VersionName' => '<string>', ], // ... ], 'ReviewInformation' => [ [ 'ReviewedTime' => <DateTime>, 'Reviewer' => '<string>', 'Status' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', ], // ... ], 'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED', 'SchemaVersion' => '<string>', 'Sha1' => '<string>', 'Status' => 'Creating|Active|Updating|Deleting|Failed', 'StatusInformation' => '<string>', 'Tags' => [ [ 'Key' => '<string>', 'Value' => '<string>', ], // ... ], 'TargetType' => '<string>', 'VersionName' => '<string>', ], ]
Result Details
Members
- DocumentDescription
-
- Type: DocumentDescription structure
A description of the document that was updated.
Errors
- MaxDocumentSizeExceeded:
The size limit of a document is 64 KB.
- DocumentVersionLimitExceeded:
The document has too many versions. Delete one or more document versions and try again.
- InternalServerError:
An error occurred on the server side.
- DuplicateDocumentContent:
The content of the association document matches another document. Change the content of the document and try again.
- DuplicateDocumentVersionName:
The version name has already been used in this document. Specify a different version name, and then try again.
- InvalidDocumentContent:
The content for the document isn't valid.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
- InvalidDocumentSchemaVersion:
The version of the document schema isn't supported.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentOperation:
You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.
UpdateDocumentDefaultVersion
$result = $client->updateDocumentDefaultVersion
([/* ... */]); $promise = $client->updateDocumentDefaultVersionAsync
([/* ... */]);
Set the default version of a document.
If you change a document version for a State Manager association, Systems Manager immediately runs the association unless you previously specifed the apply-only-at-cron-interval
parameter.
Parameter Syntax
$result = $client->updateDocumentDefaultVersion([ 'DocumentVersion' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- DocumentVersion
-
- Required: Yes
- Type: string
The version of a custom document that you want to set as the default version.
- Name
-
- Required: Yes
- Type: string
The name of a custom document that you want to set as the default version.
Result Syntax
[ 'Description' => [ 'DefaultVersion' => '<string>', 'DefaultVersionName' => '<string>', 'Name' => '<string>', ], ]
Result Details
Members
- Description
-
- Type: DocumentDefaultVersionDescription structure
The description of a custom document that you want to set as the default version.
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
- InvalidDocumentSchemaVersion:
The version of the document schema isn't supported.
UpdateDocumentMetadata
$result = $client->updateDocumentMetadata
([/* ... */]); $promise = $client->updateDocumentMetadataAsync
([/* ... */]);
Updates information related to approval reviews for a specific version of a change template in Change Manager.
Parameter Syntax
$result = $client->updateDocumentMetadata([ 'DocumentReviews' => [ // REQUIRED 'Action' => 'SendForReview|UpdateReview|Approve|Reject', // REQUIRED 'Comment' => [ [ 'Content' => '<string>', 'Type' => 'Comment', ], // ... ], ], 'DocumentVersion' => '<string>', 'Name' => '<string>', // REQUIRED ]);
Parameter Details
Members
- DocumentReviews
-
- Required: Yes
- Type: DocumentReviews structure
The change template review details to update.
- DocumentVersion
-
- Type: string
The version of a change template in which to update approval metadata.
- Name
-
- Required: Yes
- Type: string
The name of the change template for which a version's metadata is to be updated.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- InvalidDocument:
The specified SSM document doesn't exist.
- InvalidDocumentOperation:
You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.
- InvalidDocumentVersion:
The document version isn't valid or doesn't exist.
UpdateMaintenanceWindow
$result = $client->updateMaintenanceWindow
([/* ... */]); $promise = $client->updateMaintenanceWindowAsync
([/* ... */]);
Updates an existing maintenance window. Only specified parameters are modified.
The value you specify for Duration
determines the specific end time for the maintenance window based on the time it begins. No maintenance window tasks are permitted to start after the resulting endtime minus the number of hours you specify for Cutoff
. For example, if the maintenance window starts at 3 PM, the duration is three hours, and the value you specify for Cutoff
is one hour, no maintenance window tasks can start after 5 PM.
Parameter Syntax
$result = $client->updateMaintenanceWindow([ 'AllowUnassociatedTargets' => true || false, 'Cutoff' => <integer>, 'Description' => '<string>', 'Duration' => <integer>, 'Enabled' => true || false, 'EndDate' => '<string>', 'Name' => '<string>', 'Replace' => true || false, 'Schedule' => '<string>', 'ScheduleOffset' => <integer>, 'ScheduleTimezone' => '<string>', 'StartDate' => '<string>', 'WindowId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AllowUnassociatedTargets
-
- Type: boolean
Whether targets must be registered with the maintenance window before tasks can be defined for those targets.
- Cutoff
-
- Type: int
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
- Description
-
- Type: string
An optional description for the update request.
- Duration
-
- Type: int
The duration of the maintenance window in hours.
- Enabled
-
- Type: boolean
Whether the maintenance window is enabled.
- EndDate
-
- Type: string
The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become inactive.
EndDate
allows you to set a date and time in the future when the maintenance window will no longer run. - Name
-
- Type: string
The name of the maintenance window.
- Replace
-
- Type: boolean
If
True
, then all fields that are required by the CreateMaintenanceWindow operation are also required for this API request. Optional fields that aren't specified are set to null. - Schedule
-
- Type: string
The schedule of the maintenance window in the form of a cron or rate expression.
- ScheduleOffset
-
- Type: int
The number of days to wait after the date and time specified by a cron expression before running the maintenance window.
For example, the following cron expression schedules a maintenance window to run the third Tuesday of every month at 11:30 PM.
cron(30 23 ? * TUE#3 *)
If the schedule offset is
2
, the maintenance window won't run until two days later. - ScheduleTimezone
-
- Type: string
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
- StartDate
-
- Type: string
The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become active.
StartDate
allows you to delay activation of the maintenance window until the specified future date.When using a rate schedule, if you provide a start date that occurs in the past, the current date and time are used as the start date.
- WindowId
-
- Required: Yes
- Type: string
The ID of the maintenance window to update.
Result Syntax
[ 'AllowUnassociatedTargets' => true || false, 'Cutoff' => <integer>, 'Description' => '<string>', 'Duration' => <integer>, 'Enabled' => true || false, 'EndDate' => '<string>', 'Name' => '<string>', 'Schedule' => '<string>', 'ScheduleOffset' => <integer>, 'ScheduleTimezone' => '<string>', 'StartDate' => '<string>', 'WindowId' => '<string>', ]
Result Details
Members
- AllowUnassociatedTargets
-
- Type: boolean
Whether targets must be registered with the maintenance window before tasks can be defined for those targets.
- Cutoff
-
- Type: int
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
- Description
-
- Type: string
An optional description of the update.
- Duration
-
- Type: int
The duration of the maintenance window in hours.
- Enabled
-
- Type: boolean
Whether the maintenance window is enabled.
- EndDate
-
- Type: string
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive. The maintenance window won't run after this specified time.
- Name
-
- Type: string
The name of the maintenance window.
- Schedule
-
- Type: string
The schedule of the maintenance window in the form of a cron or rate expression.
- ScheduleOffset
-
- Type: int
The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
- ScheduleTimezone
-
- Type: string
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
- StartDate
-
- Type: string
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. The maintenance window won't run before this specified time.
- WindowId
-
- Type: string
The ID of the created maintenance window.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
UpdateMaintenanceWindowTarget
$result = $client->updateMaintenanceWindowTarget
([/* ... */]); $promise = $client->updateMaintenanceWindowTargetAsync
([/* ... */]);
Modifies the target of an existing maintenance window. You can change the following:
-
Name
-
Description
-
Owner
-
IDs for an ID target
-
Tags for a Tag target
-
From any supported tag type to another. The three supported tag types are ID target, Tag target, and resource group. For more information, see Target.
If a parameter is null, then the corresponding field isn't modified.
Parameter Syntax
$result = $client->updateMaintenanceWindowTarget([ 'Description' => '<string>', 'Name' => '<string>', 'OwnerInformation' => '<string>', 'Replace' => true || false, 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'WindowId' => '<string>', // REQUIRED 'WindowTargetId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- Description
-
- Type: string
An optional description for the update.
- Name
-
- Type: string
A name for the update.
- OwnerInformation
-
- Type: string
User-provided value that will be included in any Amazon CloudWatch Events events raised while running tasks for these targets in this maintenance window.
- Replace
-
- Type: boolean
If
True
, then all fields that are required by the RegisterTargetWithMaintenanceWindow operation are also required for this API request. Optional fields that aren't specified are set to null. - Targets
-
- Type: Array of Target structures
The targets to add or replace.
- WindowId
-
- Required: Yes
- Type: string
The maintenance window ID with which to modify the target.
- WindowTargetId
-
- Required: Yes
- Type: string
The target ID to modify.
Result Syntax
[ 'Description' => '<string>', 'Name' => '<string>', 'OwnerInformation' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'WindowId' => '<string>', 'WindowTargetId' => '<string>', ]
Result Details
Members
- Description
-
- Type: string
The updated description.
- Name
-
- Type: string
The updated name.
- OwnerInformation
-
- Type: string
The updated owner.
- Targets
-
- Type: Array of Target structures
The updated targets.
- WindowId
-
- Type: string
The maintenance window ID specified in the update request.
- WindowTargetId
-
- Type: string
The target ID specified in the update request.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
UpdateMaintenanceWindowTask
$result = $client->updateMaintenanceWindowTask
([/* ... */]); $promise = $client->updateMaintenanceWindowTaskAsync
([/* ... */]);
Modifies a task assigned to a maintenance window. You can't change the task type, but you can change the following values:
-
TaskARN
. For example, you can change aRUN_COMMAND
task fromAWS-RunPowerShellScript
toAWS-RunShellScript
. -
ServiceRoleArn
-
TaskInvocationParameters
-
Priority
-
MaxConcurrency
-
MaxErrors
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.
If the value for a parameter in UpdateMaintenanceWindowTask
is null, then the corresponding field isn't modified. If you set Replace
to true, then all fields required by the RegisterTaskWithMaintenanceWindow operation are required for this request. Optional fields that aren't specified are set to null.
When you update a maintenance window task that has options specified in TaskInvocationParameters
, you must provide again all the TaskInvocationParameters
values that you want to retain. The values you don't specify again are removed. For example, suppose that when you registered a Run Command task, you specified TaskInvocationParameters
values for Comment
, NotificationConfig
, and OutputS3BucketName
. If you update the maintenance window task and specify only a different OutputS3BucketName
value, the values for Comment
and NotificationConfig
are removed.
Parameter Syntax
$result = $client->updateMaintenanceWindowTask([ 'AlarmConfiguration' => [ 'Alarms' => [ // REQUIRED [ 'Name' => '<string>', // REQUIRED ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'CutoffBehavior' => 'CONTINUE_TASK|CANCEL_TASK', 'Description' => '<string>', 'LoggingInfo' => [ 'S3BucketName' => '<string>', // REQUIRED 'S3KeyPrefix' => '<string>', 'S3Region' => '<string>', // REQUIRED ], 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'Priority' => <integer>, 'Replace' => true || false, 'ServiceRoleArn' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TaskArn' => '<string>', 'TaskInvocationParameters' => [ 'Automation' => [ 'DocumentVersion' => '<string>', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], ], 'Lambda' => [ 'ClientContext' => '<string>', 'Payload' => <string || resource || Psr\Http\Message\StreamInterface>, 'Qualifier' => '<string>', ], 'RunCommand' => [ 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'Comment' => '<string>', 'DocumentHash' => '<string>', 'DocumentHashType' => 'Sha256|Sha1', 'DocumentVersion' => '<string>', 'NotificationConfig' => [ 'NotificationArn' => '<string>', 'NotificationEvents' => ['<string>', ...], 'NotificationType' => 'Command|Invocation', ], 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ServiceRoleArn' => '<string>', 'TimeoutSeconds' => <integer>, ], 'StepFunctions' => [ 'Input' => '<string>', 'Name' => '<string>', ], ], 'TaskParameters' => [ '<MaintenanceWindowTaskParameterName>' => [ 'Values' => ['<string>', ...], ], // ... ], 'WindowId' => '<string>', // REQUIRED 'WindowTaskId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The CloudWatch alarm you want to apply to your maintenance window task.
- CutoffBehavior
-
- Type: string
Indicates whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.
-
CONTINUE_TASK
: When the cutoff time is reached, any tasks that are running continue. The default value. -
CANCEL_TASK
:-
For Automation, Lambda, Step Functions tasks: When the cutoff time is reached, any task invocations that are already running continue, but no new task invocations are started.
-
For Run Command tasks: When the cutoff time is reached, the system sends a CancelCommand operation that attempts to cancel the command associated with the task. However, there is no guarantee that the command will be terminated and the underlying process stopped.
The status for tasks that are not completed is
TIMED_OUT
. -
- Description
-
- Type: string
The new task description to specify.
- LoggingInfo
-
- Type: LoggingInfo structure
The new logging location in Amazon S3 to specify.
LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. - MaxConcurrency
-
- Type: string
The new
MaxConcurrency
value you want to specify.MaxConcurrency
is the number of targets that are allowed to run this task, in parallel.Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of
1
. This value doesn't affect the running of your task. - MaxErrors
-
- Type: string
The new
MaxErrors
value to specify.MaxErrors
is the maximum number of errors that are allowed before the task stops being scheduled.Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of
1
. This value doesn't affect the running of your task. - Name
-
- Type: string
The new task name to specify.
- Priority
-
- Type: int
The new task priority to specify. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
- Replace
-
- Type: boolean
If True, then all fields that are required by the RegisterTaskWithMaintenanceWindow operation are also required for this API request. Optional fields that aren't specified are set to null.
- ServiceRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run
RegisterTaskWithMaintenanceWindow
.However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.
- Targets
-
- Type: Array of Target structures
The targets (either managed nodes or tags) to modify. Managed nodes are specified using the format
Key=instanceids,Values=instanceID_1,instanceID_2
. Tags are specified using the formatKey=tag_name,Values=tag_value
.One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.
- TaskArn
-
- Type: string
The task ARN to modify.
- TaskInvocationParameters
-
- Type: MaintenanceWindowTaskInvocationParameters structure
The parameters that the task should use during execution. Populate only the fields that match the task type. All other fields should be empty.
When you update a maintenance window task that has options specified in
TaskInvocationParameters
, you must provide again all theTaskInvocationParameters
values that you want to retain. The values you don't specify again are removed. For example, suppose that when you registered a Run Command task, you specifiedTaskInvocationParameters
values forComment
,NotificationConfig
, andOutputS3BucketName
. If you update the maintenance window task and specify only a differentOutputS3BucketName
value, the values forComment
andNotificationConfig
are removed. - TaskParameters
-
- Type: Associative array of custom strings keys (MaintenanceWindowTaskParameterName) to MaintenanceWindowTaskParameterValueExpression structures
The parameters to modify.
TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.The map has the following format:
Key: string, between 1 and 255 characters
Value: an array of strings, each string is between 1 and 255 characters
- WindowId
-
- Required: Yes
- Type: string
The maintenance window ID that contains the task to modify.
- WindowTaskId
-
- Required: Yes
- Type: string
The task ID to modify.
Result Syntax
[ 'AlarmConfiguration' => [ 'Alarms' => [ [ 'Name' => '<string>', ], // ... ], 'IgnorePollAlarmFailure' => true || false, ], 'CutoffBehavior' => 'CONTINUE_TASK|CANCEL_TASK', 'Description' => '<string>', 'LoggingInfo' => [ 'S3BucketName' => '<string>', 'S3KeyPrefix' => '<string>', 'S3Region' => '<string>', ], 'MaxConcurrency' => '<string>', 'MaxErrors' => '<string>', 'Name' => '<string>', 'Priority' => <integer>, 'ServiceRoleArn' => '<string>', 'Targets' => [ [ 'Key' => '<string>', 'Values' => ['<string>', ...], ], // ... ], 'TaskArn' => '<string>', 'TaskInvocationParameters' => [ 'Automation' => [ 'DocumentVersion' => '<string>', 'Parameters' => [ '<AutomationParameterKey>' => ['<string>', ...], // ... ], ], 'Lambda' => [ 'ClientContext' => '<string>', 'Payload' => <string || resource || Psr\Http\Message\StreamInterface>, 'Qualifier' => '<string>', ], 'RunCommand' => [ 'CloudWatchOutputConfig' => [ 'CloudWatchLogGroupName' => '<string>', 'CloudWatchOutputEnabled' => true || false, ], 'Comment' => '<string>', 'DocumentHash' => '<string>', 'DocumentHashType' => 'Sha256|Sha1', 'DocumentVersion' => '<string>', 'NotificationConfig' => [ 'NotificationArn' => '<string>', 'NotificationEvents' => ['<string>', ...], 'NotificationType' => 'Command|Invocation', ], 'OutputS3BucketName' => '<string>', 'OutputS3KeyPrefix' => '<string>', 'Parameters' => [ '<ParameterName>' => ['<string>', ...], // ... ], 'ServiceRoleArn' => '<string>', 'TimeoutSeconds' => <integer>, ], 'StepFunctions' => [ 'Input' => '<string>', 'Name' => '<string>', ], ], 'TaskParameters' => [ '<MaintenanceWindowTaskParameterName>' => [ 'Values' => ['<string>', ...], ], // ... ], 'WindowId' => '<string>', 'WindowTaskId' => '<string>', ]
Result Details
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm you applied to your maintenance window task.
- CutoffBehavior
-
- Type: string
The specification for whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.
- Description
-
- Type: string
The updated task description.
- LoggingInfo
-
- Type: LoggingInfo structure
The updated logging information in Amazon S3.
LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. - MaxConcurrency
-
- Type: string
The updated
MaxConcurrency
value. - MaxErrors
-
- Type: string
The updated
MaxErrors
value. - Name
-
- Type: string
The updated task name.
- Priority
-
- Type: int
The updated priority value.
- ServiceRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run
RegisterTaskWithMaintenanceWindow
.However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.
- Targets
-
- Type: Array of Target structures
The updated target values.
- TaskArn
-
- Type: string
The updated task ARN value.
- TaskInvocationParameters
-
- Type: MaintenanceWindowTaskInvocationParameters structure
The updated parameter values.
- TaskParameters
-
- Type: Associative array of custom strings keys (MaintenanceWindowTaskParameterName) to MaintenanceWindowTaskParameterValueExpression structures
The updated parameter values.
TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. - WindowId
-
- Type: string
The ID of the maintenance window that was updated.
- WindowTaskId
-
- Type: string
The task ID of the maintenance window that was updated.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
UpdateManagedInstanceRole
$result = $client->updateManagedInstanceRole
([/* ... */]); $promise = $client->updateManagedInstanceRoleAsync
([/* ... */]);
Changes the Identity and Access Management (IAM) role that is assigned to the on-premises server, edge device, or virtual machines (VM). IAM roles are first assigned to these hybrid nodes during the activation process. For more information, see CreateActivation.
Parameter Syntax
$result = $client->updateManagedInstanceRole([ 'IamRole' => '<string>', // REQUIRED 'InstanceId' => '<string>', // REQUIRED ]);
Parameter Details
Members
- IamRole
-
- Required: Yes
- Type: string
The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal
ssm.amazonaws.com
. For more information, see Create the IAM service role required for Systems Manager in hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.You can't specify an IAM service-linked role for this parameter. You must create a unique role.
- InstanceId
-
- Required: Yes
- Type: string
The ID of the managed node where you want to update the role.
Result Syntax
[]
Result Details
Errors
- InvalidInstanceId:
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
-
- InternalServerError:
An error occurred on the server side.
UpdateOpsItem
$result = $client->updateOpsItem
([/* ... */]); $promise = $client->updateOpsItemAsync
([/* ... */]);
Edit or change an OpsItem. You must have permission in Identity and Access Management (IAM) to update an OpsItem. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.
Parameter Syntax
$result = $client->updateOpsItem([ 'ActualEndTime' => <integer || string || DateTime>, 'ActualStartTime' => <integer || string || DateTime>, 'Category' => '<string>', 'Description' => '<string>', 'Notifications' => [ [ 'Arn' => '<string>', ], // ... ], 'OperationalData' => [ '<OpsItemDataKey>' => [ 'Type' => 'SearchableString|String', 'Value' => '<string>', ], // ... ], 'OperationalDataToDelete' => ['<string>', ...], 'OpsItemArn' => '<string>', 'OpsItemId' => '<string>', // REQUIRED 'PlannedEndTime' => <integer || string || DateTime>, 'PlannedStartTime' => <integer || string || DateTime>, 'Priority' => <integer>, 'RelatedOpsItems' => [ [ 'OpsItemId' => '<string>', // REQUIRED ], // ... ], 'Severity' => '<string>', 'Status' => 'Open|InProgress|Resolved|Pending|TimedOut|Cancelling|Cancelled|Failed|CompletedWithSuccess|CompletedWithFailure|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|PendingApproval|Approved|Rejected|Closed', 'Title' => '<string>', ]);
Parameter Details
Members
- ActualEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time a runbook workflow ended. Currently reported only for the OpsItem type
/aws/changerequest
. - ActualStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time a runbook workflow started. Currently reported only for the OpsItem type
/aws/changerequest
. - Category
-
- Type: string
Specify a new category for an OpsItem.
- Description
-
- Type: string
User-defined text that contains information about the OpsItem, in Markdown format.
- Notifications
-
- Type: Array of OpsItemNotification structures
The Amazon Resource Name (ARN) of an SNS topic where notifications are sent when this OpsItem is edited or changed.
- OperationalData
-
- Type: Associative array of custom strings keys (OpsItemDataKey) to OpsItemDataValue structures
Add new keys or edit existing key-value pairs of the OperationalData map in the OpsItem object.
Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.
Operational data keys can't begin with the following:
amazon
,aws
,amzn
,ssm
,/amazon
,/aws
,/amzn
,/ssm
.You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).
Use the
/aws/resources
key in OperationalData to specify a related resource in the request. Use the/aws/automations
key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Creating OpsItems manually in the Amazon Web Services Systems Manager User Guide. - OperationalDataToDelete
-
- Type: Array of strings
Keys that you want to remove from the OperationalData map.
- OpsItemArn
-
- Type: string
The OpsItem Amazon Resource Name (ARN).
- OpsItemId
-
- Required: Yes
- Type: string
The ID of the OpsItem.
- PlannedEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type
/aws/changerequest
. - PlannedStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type
/aws/changerequest
. - Priority
-
- Type: int
The importance of this OpsItem in relation to other OpsItems in the system.
- RelatedOpsItems
-
- Type: Array of RelatedOpsItem structures
One or more OpsItems that share something in common with the current OpsItems. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
- Severity
-
- Type: string
Specify a new severity for an OpsItem.
- Status
-
- Type: string
The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.
- Title
-
- Type: string
A short heading that describes the nature of the OpsItem and the impacted resource.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- OpsItemNotFoundException:
The specified OpsItem ID doesn't exist. Verify the ID and try again.
- OpsItemAlreadyExistsException:
The OpsItem already exists.
- OpsItemLimitExceededException:
The request caused OpsItems to exceed one or more quotas.
- OpsItemInvalidParameterException:
A specified parameter argument isn't valid. Verify the available arguments and try again.
- OpsItemAccessDeniedException:
You don't have permission to view OpsItems in the specified account. Verify that your account is configured either as a Systems Manager delegated administrator or that you are logged into the Organizations management account.
- OpsItemConflictException:
The specified OpsItem is in the process of being deleted.
UpdateOpsMetadata
$result = $client->updateOpsMetadata
([/* ... */]); $promise = $client->updateOpsMetadataAsync
([/* ... */]);
Amazon Web Services Systems Manager calls this API operation when you edit OpsMetadata in Application Manager.
Parameter Syntax
$result = $client->updateOpsMetadata([ 'KeysToDelete' => ['<string>', ...], 'MetadataToUpdate' => [ '<MetadataKey>' => [ 'Value' => '<string>', ], // ... ], 'OpsMetadataArn' => '<string>', // REQUIRED ]);
Parameter Details
Members
- KeysToDelete
-
- Type: Array of strings
The metadata keys to delete from the OpsMetadata object.
- MetadataToUpdate
-
- Type: Associative array of custom strings keys (MetadataKey) to MetadataValue structures
Metadata to add to an OpsMetadata object.
- OpsMetadataArn
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the OpsMetadata Object to update.
Result Syntax
[ 'OpsMetadataArn' => '<string>', ]
Result Details
Members
- OpsMetadataArn
-
- Type: string
The Amazon Resource Name (ARN) of the OpsMetadata Object that was updated.
Errors
- OpsMetadataNotFoundException:
The OpsMetadata object doesn't exist.
- OpsMetadataInvalidArgumentException:
One of the arguments passed is invalid.
- OpsMetadataKeyLimitExceededException:
The OpsMetadata object exceeds the maximum number of OpsMetadata keys that you can assign to an application in Application Manager.
- OpsMetadataTooManyUpdatesException:
The system is processing too many concurrent updates. Wait a few moments and try again.
- InternalServerError:
An error occurred on the server side.
UpdatePatchBaseline
$result = $client->updatePatchBaseline
([/* ... */]); $promise = $client->updatePatchBaselineAsync
([/* ... */]);
Modifies an existing patch baseline. Fields not specified in the request are left unchanged.
For information about valid key-value pairs in PatchFilters
for each supported operating system type, see PatchFilter.
Parameter Syntax
$result = $client->updatePatchBaseline([ 'ApprovalRules' => [ 'PatchRules' => [ // REQUIRED [ 'ApproveAfterDays' => <integer>, 'ApproveUntilDate' => '<string>', 'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'EnableNonSecurity' => true || false, 'PatchFilterGroup' => [ // REQUIRED 'PatchFilters' => [ // REQUIRED [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], ], ], // ... ], ], 'ApprovedPatches' => ['<string>', ...], 'ApprovedPatchesComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'ApprovedPatchesEnableNonSecurity' => true || false, 'BaselineId' => '<string>', // REQUIRED 'Description' => '<string>', 'GlobalFilters' => [ 'PatchFilters' => [ // REQUIRED [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED 'Values' => ['<string>', ...], // REQUIRED ], // ... ], ], 'Name' => '<string>', 'RejectedPatches' => ['<string>', ...], 'RejectedPatchesAction' => 'ALLOW_AS_DEPENDENCY|BLOCK', 'Replace' => true || false, 'Sources' => [ [ 'Configuration' => '<string>', // REQUIRED 'Name' => '<string>', // REQUIRED 'Products' => ['<string>', ...], // REQUIRED ], // ... ], ]);
Parameter Details
Members
- ApprovalRules
-
- Type: PatchRuleGroup structure
A set of rules used to include patches in the baseline.
- ApprovedPatches
-
- Type: Array of strings
A list of explicitly approved patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
- ApprovedPatchesComplianceLevel
-
- Type: string
Assigns a new compliance severity level to an existing patch baseline.
- ApprovedPatchesEnableNonSecurity
-
- Type: boolean
Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is
false
. Applies to Linux managed nodes only. - BaselineId
-
- Required: Yes
- Type: string
The ID of the patch baseline to update.
- Description
-
- Type: string
A description of the patch baseline.
- GlobalFilters
-
- Type: PatchFilterGroup structure
A set of global filters used to include patches in the baseline.
- Name
-
- Type: string
The name of the patch baseline.
- RejectedPatches
-
- Type: Array of strings
A list of explicitly rejected patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
- RejectedPatchesAction
-
- Type: string
The action for Patch Manager to take on patches included in the
RejectedPackages
list.- ALLOW_AS_DEPENDENCY
-
Linux and macOS: A package in the rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as
INSTALLED_OTHER
. This is the default action if no option is specified.Windows Server: Windows Server doesn't support the concept of package dependencies. If a package in the rejected patches list and already installed on the node, its status is reported as
INSTALLED_OTHER
. Any package not already installed on the node is skipped. This is the default action if no option is specified. - BLOCK
-
All OSs: Packages in the rejected patches list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances. If a package was installed before it was added to the rejected patches list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as
INSTALLED_REJECTED
.
- Replace
-
- Type: boolean
If True, then all fields that are required by the CreatePatchBaseline operation are also required for this API request. Optional fields that aren't specified are set to null.
- Sources
-
- Type: Array of PatchSource structures
Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.
Result Syntax
[ 'ApprovalRules' => [ 'PatchRules' => [ [ 'ApproveAfterDays' => <integer>, 'ApproveUntilDate' => '<string>', 'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'EnableNonSecurity' => true || false, 'PatchFilterGroup' => [ 'PatchFilters' => [ [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', 'Values' => ['<string>', ...], ], // ... ], ], ], // ... ], ], 'ApprovedPatches' => ['<string>', ...], 'ApprovedPatchesComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', 'ApprovedPatchesEnableNonSecurity' => true || false, 'BaselineId' => '<string>', 'CreatedDate' => <DateTime>, 'Description' => '<string>', 'GlobalFilters' => [ 'PatchFilters' => [ [ 'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', 'Values' => ['<string>', ...], ], // ... ], ], 'ModifiedDate' => <DateTime>, 'Name' => '<string>', 'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', 'RejectedPatches' => ['<string>', ...], 'RejectedPatchesAction' => 'ALLOW_AS_DEPENDENCY|BLOCK', 'Sources' => [ [ 'Configuration' => '<string>', 'Name' => '<string>', 'Products' => ['<string>', ...], ], // ... ], ]
Result Details
Members
- ApprovalRules
-
- Type: PatchRuleGroup structure
A set of rules used to include patches in the baseline.
- ApprovedPatches
-
- Type: Array of strings
A list of explicitly approved patches for the baseline.
- ApprovedPatchesComplianceLevel
-
- Type: string
The compliance severity level assigned to the patch baseline after the update completed.
- ApprovedPatchesEnableNonSecurity
-
- Type: boolean
Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is
false
. Applies to Linux managed nodes only. - BaselineId
-
- Type: string
The ID of the deleted patch baseline.
- CreatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date when the patch baseline was created.
- Description
-
- Type: string
A description of the patch baseline.
- GlobalFilters
-
- Type: PatchFilterGroup structure
A set of global filters used to exclude patches from the baseline.
- ModifiedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date when the patch baseline was last modified.
- Name
-
- Type: string
The name of the patch baseline.
- OperatingSystem
-
- Type: string
The operating system rule used by the updated patch baseline.
- RejectedPatches
-
- Type: Array of strings
A list of explicitly rejected patches for the baseline.
- RejectedPatchesAction
-
- Type: string
The action specified to take on patches included in the
RejectedPatches
list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency. - Sources
-
- Type: Array of PatchSource structures
Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.
Errors
- DoesNotExistException:
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
- InternalServerError:
An error occurred on the server side.
UpdateResourceDataSync
$result = $client->updateResourceDataSync
([/* ... */]); $promise = $client->updateResourceDataSyncAsync
([/* ... */]);
Update a resource data sync. After you create a resource data sync for a Region, you can't change the account options for that sync. For example, if you create a sync in the us-east-2 (Ohio) Region and you choose the Include only the current account
option, you can't edit that sync later and choose the Include all accounts from my Organizations configuration
option. Instead, you must delete the first resource data sync, and create a new one.
This API operation only supports a resource data sync that was created with a SyncFromSource SyncType
.
Parameter Syntax
$result = $client->updateResourceDataSync([ 'SyncName' => '<string>', // REQUIRED 'SyncSource' => [ // REQUIRED 'AwsOrganizationsSource' => [ 'OrganizationSourceType' => '<string>', // REQUIRED 'OrganizationalUnits' => [ [ 'OrganizationalUnitId' => '<string>', ], // ... ], ], 'EnableAllOpsDataSources' => true || false, 'IncludeFutureRegions' => true || false, 'SourceRegions' => ['<string>', ...], // REQUIRED 'SourceType' => '<string>', // REQUIRED ], 'SyncType' => '<string>', // REQUIRED ]);
Parameter Details
Members
- SyncName
-
- Required: Yes
- Type: string
The name of the resource data sync you want to update.
- SyncSource
-
- Required: Yes
- Type: ResourceDataSyncSource structure
Specify information about the data sources to synchronize.
- SyncType
-
- Required: Yes
- Type: string
The type of resource data sync. The supported
SyncType
is SyncFromSource.
Result Syntax
[]
Result Details
Errors
- ResourceDataSyncNotFoundException:
The specified sync name wasn't found.
- ResourceDataSyncInvalidConfigurationException:
The specified sync configuration is invalid.
- ResourceDataSyncConflictException:
Another
UpdateResourceDataSync
request is being processed. Wait a few minutes and try again.- InternalServerError:
An error occurred on the server side.
UpdateServiceSetting
$result = $client->updateServiceSetting
([/* ... */]); $promise = $client->updateServiceSettingAsync
([/* ... */]);
ServiceSetting
is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.
Services map a SettingId
object to a setting value. Amazon Web Services services teams define the default value for a SettingId
. You can't create a new SettingId
, but you can overwrite the default value if you have the ssm:UpdateServiceSetting
permission for the setting. Use the GetServiceSetting API operation to view the current value. Or, use the ResetServiceSetting to change the value back to the original value defined by the Amazon Web Services service team.
Update the service setting for the account.
Parameter Syntax
$result = $client->updateServiceSetting([ 'SettingId' => '<string>', // REQUIRED 'SettingValue' => '<string>', // REQUIRED ]);
Parameter Details
Members
- SettingId
-
- Required: Yes
- Type: string
The Amazon Resource Name (ARN) of the service setting to update. For example,
arn:aws:ssm:us-east-1:111122223333:servicesetting/ssm/parameter-store/high-throughput-enabled
. The setting ID can be one of the following.-
/ssm/managed-instance/default-ec2-instance-management-role
-
/ssm/automation/customer-script-log-destination
-
/ssm/automation/customer-script-log-group-name
-
/ssm/documents/console/public-sharing-permission
-
/ssm/managed-instance/activation-tier
-
/ssm/opsinsights/opscenter
-
/ssm/parameter-store/default-parameter-tier
-
/ssm/parameter-store/high-throughput-enabled
Permissions to update the
/ssm/managed-instance/default-ec2-instance-management-role
setting should only be provided to administrators. Implement least privilege access when allowing individuals to configure or modify the Default Host Management Configuration. - SettingValue
-
- Required: Yes
- Type: string
The new value to specify for the service setting. The following list specifies the available values for each setting.
-
For
/ssm/managed-instance/default-ec2-instance-management-role
, enter the name of an IAM role. -
For
/ssm/automation/customer-script-log-destination
, enterCloudWatch
. -
For
/ssm/automation/customer-script-log-group-name
, enter the name of an Amazon CloudWatch Logs log group. -
For
/ssm/documents/console/public-sharing-permission
, enterEnable
orDisable
. -
For
/ssm/managed-instance/activation-tier
, enterstandard
oradvanced
. -
For
/ssm/opsinsights/opscenter
, enterEnabled
orDisabled
. -
For
/ssm/parameter-store/default-parameter-tier
, enterStandard
,Advanced
, orIntelligent-Tiering
-
For
/ssm/parameter-store/high-throughput-enabled
, entertrue
orfalse
.
Result Syntax
[]
Result Details
Errors
- InternalServerError:
An error occurred on the server side.
- ServiceSettingNotFound:
The specified service setting wasn't found. Either the service name or the setting hasn't been provisioned by the Amazon Web Services service team.
- TooManyUpdates:
There are concurrent updates for a resource that supports one update at a time.
Shapes
AccountSharingInfo
Description
Information includes the Amazon Web Services account ID where the current document is shared and the version shared with that account.
Members
- AccountId
-
- Type: string
The Amazon Web Services account ID where the current document is shared.
- SharedDocumentVersion
-
- Type: string
The version of the current document shared with the account.
Activation
Description
An activation registers one or more on-premises servers or virtual machines (VMs) with Amazon Web Services so that you can configure those servers or VMs using Run Command. A server or VM that has been registered with Amazon Web Services Systems Manager is called a managed node.
Members
- ActivationId
-
- Type: string
The ID created by Systems Manager when you submitted the activation.
- CreatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the activation was created.
- DefaultInstanceName
-
- Type: string
A name for the managed node when it is created.
- Description
-
- Type: string
A user defined description of the activation.
- ExpirationDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date when this activation can no longer be used to register managed nodes.
- Expired
-
- Type: boolean
Whether or not the activation is expired.
- IamRole
-
- Type: string
The Identity and Access Management (IAM) role to assign to the managed node.
- RegistrationLimit
-
- Type: int
The maximum number of managed nodes that can be registered using this activation.
- RegistrationsCount
-
- Type: int
The number of managed nodes already registered with this activation.
- Tags
-
- Type: Array of Tag structures
Tags assigned to the activation.
Alarm
Description
A CloudWatch alarm you apply to an automation or command.
Members
- Name
-
- Required: Yes
- Type: string
The name of your CloudWatch alarm.
AlarmConfiguration
Description
The details for the CloudWatch alarm you want to apply to an automation or command.
Members
- Alarms
-
- Required: Yes
- Type: Array of Alarm structures
The name of the CloudWatch alarm specified in the configuration.
- IgnorePollAlarmFailure
-
- Type: boolean
When this value is true, your automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.
AlarmStateInformation
Description
The details about the state of your CloudWatch alarm.
Members
- Name
-
- Required: Yes
- Type: string
The name of your CloudWatch alarm.
- State
-
- Required: Yes
- Type: string
The state of your CloudWatch alarm.
AlreadyExistsException
Description
Error returned if an attempt is made to register a patch group with a patch baseline that is already registered with a different patch baseline.
Members
- Message
-
- Type: string
AssociatedInstances
Description
You must disassociate a document from all managed nodes before you can delete it.
Members
Association
Description
Describes an association of a Amazon Web Services Systems Manager document (SSM document) and a managed node.
Members
- AssociationId
-
- Type: string
The ID created by the system when you create an association. An association is a binding between a document and a set of targets with a schedule.
- AssociationName
-
- Type: string
The association name.
- AssociationVersion
-
- Type: string
The association version.
- DocumentVersion
-
- Type: string
The version of the document used in the association. If you change a document version for a State Manager association, Systems Manager immediately runs the association unless you previously specifed the
apply-only-at-cron-interval
parameter.State Manager doesn't support running associations that use a new version of a document if that document is shared from another account. State Manager always runs the
default
version of a document if shared from another account, even though the Systems Manager console shows that a new version was processed. If you want to run an association using a new version of a document shared form another account, you must set the document version todefault
. - Duration
-
- Type: int
The number of hours that an association can run on specified targets. After the resulting cutoff time passes, associations that are currently running are cancelled, and no pending executions are started on remaining targets.
- InstanceId
-
- Type: string
The managed node ID.
- LastExecutionDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date on which the association was last run.
- Name
-
- Type: string
The name of the SSM document.
- Overview
-
- Type: AssociationOverview structure
Information about the association.
- ScheduleExpression
-
- Type: string
A cron expression that specifies a schedule when the association runs. The schedule runs in Coordinated Universal Time (UTC).
- ScheduleOffset
-
- Type: int
Number of days to wait after the scheduled day to run an association.
- TargetMaps
-
- Type: Array of maps
A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.
- Targets
-
- Type: Array of Target structures
The managed nodes targeted by the request to create an association. You can target all managed nodes in an Amazon Web Services account by specifying the
InstanceIds
key with a value of*
.
AssociationAlreadyExists
Description
The specified association already exists.
Members
AssociationDescription
Description
Describes the parameters for a document.
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm you want to apply to an automation or command.
- ApplyOnlyAtCronInterval
-
- Type: boolean
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
- AssociationId
-
- Type: string
The association ID.
- AssociationName
-
- Type: string
The association name.
- AssociationVersion
-
- Type: string
The association version.
- AutomationTargetParameterName
-
- Type: string
Choose the parameter that will define how your automation will branch out. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
- CalendarNames
-
- Type: Array of strings
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
- ComplianceSeverity
-
- Type: string
The severity level that is assigned to the association.
- Date
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date when the association was made.
- DocumentVersion
-
- Type: string
The document version.
- Duration
-
- Type: int
The number of hours that an association can run on specified targets. After the resulting cutoff time passes, associations that are currently running are cancelled, and no pending executions are started on remaining targets.
- InstanceId
-
- Type: string
The managed node ID.
- LastExecutionDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date on which the association was last run.
- LastSuccessfulExecutionDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last date on which the association was successfully run.
- LastUpdateAssociationDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date when the association was last updated.
- MaxConcurrency
-
- Type: string
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new managed node starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified forMaxConcurrency
. - MaxErrors
-
- Type: string
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time. - Name
-
- Type: string
The name of the SSM document.
- OutputLocation
-
- Type: InstanceAssociationOutputLocation structure
An S3 bucket where you want to store the output details of the request.
- Overview
-
- Type: AssociationOverview structure
Information about the association.
- Parameters
-
- Type: Associative array of custom strings keys (ParameterName) to stringss
A description of the parameters for a document.
- ScheduleExpression
-
- Type: string
A cron expression that specifies a schedule when the association runs.
- ScheduleOffset
-
- Type: int
Number of days to wait after the scheduled day to run an association.
- Status
-
- Type: AssociationStatus structure
The association status.
- SyncCompliance
-
- Type: string
The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
AUTO
mode. - TargetLocations
-
- Type: Array of TargetLocation structures
The combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association.
- TargetMaps
-
- Type: Array of maps
A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.
- Targets
-
- Type: Array of Target structures
The managed nodes targeted by the request.
- TriggeredAlarms
-
- Type: Array of AlarmStateInformation structures
The CloudWatch alarm that was invoked during the association.
AssociationDoesNotExist
Description
The specified association doesn't exist.
Members
- Message
-
- Type: string
AssociationExecution
Description
Includes information about the specified association.
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm you want to apply to an automation or command.
- AssociationId
-
- Type: string
The association ID.
- AssociationVersion
-
- Type: string
The association version.
- CreatedTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the execution started.
- DetailedStatus
-
- Type: string
Detailed status information about the execution.
- ExecutionId
-
- Type: string
The execution ID for the association.
- LastExecutionDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date of the last execution.
- ResourceCountByStatus
-
- Type: string
An aggregate status of the resources in the execution based on the status type.
- Status
-
- Type: string
The status of the association execution.
- TriggeredAlarms
-
- Type: Array of AlarmStateInformation structures
The CloudWatch alarms that were invoked by the association.
AssociationExecutionDoesNotExist
Description
The specified execution ID doesn't exist. Verify the ID number and try again.
Members
- Message
-
- Type: string
AssociationExecutionFilter
Description
Filters used in the request.
Members
- Key
-
- Required: Yes
- Type: string
The key value used in the request.
- Type
-
- Required: Yes
- Type: string
The filter type specified in the request.
- Value
-
- Required: Yes
- Type: string
The value specified for the key.
AssociationExecutionTarget
Description
Includes information about the specified association execution.
Members
- AssociationId
-
- Type: string
The association ID.
- AssociationVersion
-
- Type: string
The association version.
- DetailedStatus
-
- Type: string
Detailed information about the execution status.
- ExecutionId
-
- Type: string
The execution ID.
- LastExecutionDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date of the last execution.
- OutputSource
-
- Type: OutputSource structure
The location where the association details are saved.
- ResourceId
-
- Type: string
The resource ID, for example, the managed node ID where the association ran.
- ResourceType
-
- Type: string
The resource type, for example, EC2.
- Status
-
- Type: string
The association execution status.
AssociationExecutionTargetsFilter
Description
Filters for the association execution.
Members
- Key
-
- Required: Yes
- Type: string
The key value used in the request.
- Value
-
- Required: Yes
- Type: string
The value specified for the key.
AssociationFilter
Description
Describes a filter.
Members
- key
-
- Required: Yes
- Type: string
The name of the filter.
InstanceId
has been deprecated. - value
-
- Required: Yes
- Type: string
The filter value.
AssociationLimitExceeded
Description
You can have at most 2,000 active associations.
Members
AssociationOverview
Description
Information about the association.
Members
- AssociationStatusAggregatedCount
-
- Type: Associative array of custom strings keys (StatusName) to ints
Returns the number of targets for the association status. For example, if you created an association with two managed nodes, and one of them was successful, this would return the count of managed nodes by status.
- DetailedStatus
-
- Type: string
A detailed status of the association.
- Status
-
- Type: string
The status of the association. Status can be: Pending, Success, or Failed.
AssociationStatus
Description
Describes an association status.
Members
- AdditionalInfo
-
- Type: string
A user-defined string.
- Date
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date when the status changed.
- Message
-
- Required: Yes
- Type: string
The reason for the status.
- Name
-
- Required: Yes
- Type: string
The status.
AssociationVersionInfo
Description
Information about the association version.
Members
- ApplyOnlyAtCronInterval
-
- Type: boolean
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
- AssociationId
-
- Type: string
The ID created by the system when the association was created.
- AssociationName
-
- Type: string
The name specified for the association version when the association version was created.
- AssociationVersion
-
- Type: string
The association version.
- CalendarNames
-
- Type: Array of strings
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations for this version only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
- ComplianceSeverity
-
- Type: string
The severity level that is assigned to the association.
- CreatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the association version was created.
- DocumentVersion
-
- Type: string
The version of an Amazon Web Services Systems Manager document (SSM document) used when the association version was created.
- Duration
-
- Type: int
The number of hours that an association can run on specified targets. After the resulting cutoff time passes, associations that are currently running are cancelled, and no pending executions are started on remaining targets.
- MaxConcurrency
-
- Type: string
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new managed node starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified forMaxConcurrency
. - MaxErrors
-
- Type: string
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time. - Name
-
- Type: string
The name specified when the association was created.
- OutputLocation
-
- Type: InstanceAssociationOutputLocation structure
The location in Amazon S3 specified for the association when the association version was created.
- Parameters
-
- Type: Associative array of custom strings keys (ParameterName) to stringss
Parameters specified when the association version was created.
- ScheduleExpression
-
- Type: string
The cron or rate schedule specified for the association when the association version was created.
- ScheduleOffset
-
- Type: int
Number of days to wait after the scheduled day to run an association.
- SyncCompliance
-
- Type: string
The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
AUTO
mode. - TargetLocations
-
- Type: Array of TargetLocation structures
The combination of Amazon Web Services Regions and Amazon Web Services accounts where you wanted to run the association when this association version was created.
- TargetMaps
-
- Type: Array of maps
A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.
- Targets
-
- Type: Array of Target structures
The targets specified for the association when the association version was created.
AssociationVersionLimitExceeded
Description
You have reached the maximum number versions allowed for an association. Each association has a limit of 1,000 versions.
Members
- Message
-
- Type: string
AttachmentContent
Description
A structure that includes attributes that describe a document attachment.
Members
- Hash
-
- Type: string
The cryptographic hash value of the document content.
- HashType
-
- Type: string
The hash algorithm used to calculate the hash value.
- Name
-
- Type: string
The name of an attachment.
- Size
-
- Type: long (int|float)
The size of an attachment in bytes.
- Url
-
- Type: string
The URL location of the attachment content.
AttachmentInformation
Description
An attribute of an attachment, such as the attachment name.
Members
- Name
-
- Type: string
The name of the attachment.
AttachmentsSource
Description
Identifying information about a document attachment, including the file name and a key-value pair that identifies the location of an attachment to a document.
Members
- Key
-
- Type: string
The key of a key-value pair that identifies the location of an attachment to a document.
- Name
-
- Type: string
The name of the document attachment file.
- Values
-
- Type: Array of strings
The value of a key-value pair that identifies the location of an attachment to a document. The format for Value depends on the type of key you specify.
-
For the key SourceUrl, the value is an S3 bucket location. For example:
"Values": [ "s3://amzn-s3-demo-bucket/my-prefix" ]
-
For the key S3FileUrl, the value is a file in an S3 bucket. For example:
"Values": [ "s3://amzn-s3-demo-bucket/my-prefix/my-file.py" ]
-
For the key AttachmentReference, the value is constructed from the name of another SSM document in your account, a version number of that document, and a file attached to that document version that you want to reuse. For example:
"Values": [ "MyOtherDocument/3/my-other-file.py" ]
However, if the SSM document is shared with you from another account, the full SSM document ARN must be specified instead of the document name only. For example:
"Values": [ "arn:aws:ssm:us-east-2:111122223333:document/OtherAccountDocument/3/their-file.py" ]
AutomationDefinitionNotApprovedException
Description
Indicates that the Change Manager change template used in the change request was rejected or is still in a pending state.
Members
- Message
-
- Type: string
AutomationDefinitionNotFoundException
Description
An Automation runbook with the specified name couldn't be found.
Members
- Message
-
- Type: string
AutomationDefinitionVersionNotFoundException
Description
An Automation runbook with the specified name and version couldn't be found.
Members
- Message
-
- Type: string
AutomationExecution
Description
Detailed information about the current state of an individual Automation execution.
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm applied to your automation.
- AssociationId
-
- Type: string
The ID of a State Manager association used in the Automation operation.
- AutomationExecutionId
-
- Type: string
The execution ID.
- AutomationExecutionStatus
-
- Type: string
The execution status of the Automation.
- AutomationSubtype
-
- Type: string
The subtype of the Automation operation. Currently, the only supported value is
ChangeRequest
. - ChangeRequestName
-
- Type: string
The name of the Change Manager change request.
- CurrentAction
-
- Type: string
The action of the step that is currently running.
- CurrentStepName
-
- Type: string
The name of the step that is currently running.
- DocumentName
-
- Type: string
The name of the Automation runbook used during the execution.
- DocumentVersion
-
- Type: string
The version of the document to use during execution.
- ExecutedBy
-
- Type: string
The Amazon Resource Name (ARN) of the user who ran the automation.
- ExecutionEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the execution finished.
- ExecutionStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the execution started.
- FailureMessage
-
- Type: string
A message describing why an execution has failed, if the status is set to Failed.
- MaxConcurrency
-
- Type: string
The
MaxConcurrency
value specified by the user when the execution started. - MaxErrors
-
- Type: string
The MaxErrors value specified by the user when the execution started.
- Mode
-
- Type: string
The automation execution mode.
- OpsItemId
-
- Type: string
The ID of an OpsItem that is created to represent a Change Manager change request.
- Outputs
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
The list of execution outputs as defined in the Automation runbook.
- Parameters
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
The key-value map of execution parameters, which were supplied when calling StartAutomationExecution.
- ParentAutomationExecutionId
-
- Type: string
The AutomationExecutionId of the parent automation.
- ProgressCounters
-
- Type: ProgressCounters structure
An aggregate of step execution statuses displayed in the Amazon Web Services Systems Manager console for a multi-Region and multi-account Automation execution.
- ResolvedTargets
-
- Type: ResolvedTargets structure
A list of resolved targets in the rate control execution.
- Runbooks
-
- Type: Array of Runbook structures
Information about the Automation runbooks that are run as part of a runbook workflow.
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
- ScheduledTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the Automation operation is scheduled to start.
- StepExecutions
-
- Type: Array of StepExecution structures
A list of details about the current state of all steps that comprise an execution. An Automation runbook contains a list of steps that are run in order.
- StepExecutionsTruncated
-
- Type: boolean
A boolean value that indicates if the response contains the full list of the Automation step executions. If true, use the DescribeAutomationStepExecutions API operation to get the full list of step executions.
- Target
-
- Type: string
The target of the execution.
- TargetLocations
-
- Type: Array of TargetLocation structures
The combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the Automation.
- TargetLocationsURL
-
- Type: string
A publicly accessible URL for a file that contains the
TargetLocations
body. Currently, only files in presigned Amazon S3 buckets are supported - TargetMaps
-
- Type: Array of maps
The specified key-value mapping of document parameters to target resources.
- TargetParameterName
-
- Type: string
The parameter name.
- Targets
-
- Type: Array of Target structures
The specified targets.
- TriggeredAlarms
-
- Type: Array of AlarmStateInformation structures
The CloudWatch alarm that was invoked by the automation.
- Variables
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
Variables defined for the automation.
AutomationExecutionFilter
Description
A filter used to match specific automation executions. This is used to limit the scope of Automation execution information returned.
Members
- Key
-
- Required: Yes
- Type: string
One or more keys to limit the results.
- Values
-
- Required: Yes
- Type: Array of strings
The values used to limit the execution information associated with the filter's key.
AutomationExecutionLimitExceededException
Description
The number of simultaneously running Automation executions exceeded the allowable limit.
Members
- Message
-
- Type: string
AutomationExecutionMetadata
Description
Details about a specific Automation execution.
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm applied to your automation.
- AssociationId
-
- Type: string
The ID of a State Manager association used in the Automation operation.
- AutomationExecutionId
-
- Type: string
The execution ID.
- AutomationExecutionStatus
-
- Type: string
The status of the execution.
- AutomationSubtype
-
- Type: string
The subtype of the Automation operation. Currently, the only supported value is
ChangeRequest
. - AutomationType
-
- Type: string
Use this filter with DescribeAutomationExecutions. Specify either Local or CrossAccount. CrossAccount is an Automation that runs in multiple Amazon Web Services Regions and Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the Amazon Web Services Systems Manager User Guide.
- ChangeRequestName
-
- Type: string
The name of the Change Manager change request.
- CurrentAction
-
- Type: string
The action of the step that is currently running.
- CurrentStepName
-
- Type: string
The name of the step that is currently running.
- DocumentName
-
- Type: string
The name of the Automation runbook used during execution.
- DocumentVersion
-
- Type: string
The document version used during the execution.
- ExecutedBy
-
- Type: string
The IAM role ARN of the user who ran the automation.
- ExecutionEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the execution finished. This isn't populated if the execution is still in progress.
- ExecutionStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the execution started.
- FailureMessage
-
- Type: string
The list of execution outputs as defined in the Automation runbook.
- LogFile
-
- Type: string
An S3 bucket where execution information is stored.
- MaxConcurrency
-
- Type: string
The
MaxConcurrency
value specified by the user when starting the automation. - MaxErrors
-
- Type: string
The
MaxErrors
value specified by the user when starting the automation. - Mode
-
- Type: string
The Automation execution mode.
- OpsItemId
-
- Type: string
The ID of an OpsItem that is created to represent a Change Manager change request.
- Outputs
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
The list of execution outputs as defined in the Automation runbook.
- ParentAutomationExecutionId
-
- Type: string
The execution ID of the parent automation.
- ResolvedTargets
-
- Type: ResolvedTargets structure
A list of targets that resolved during the execution.
- Runbooks
-
- Type: Array of Runbook structures
Information about the Automation runbooks that are run during a runbook workflow in Change Manager.
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
- ScheduledTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the Automation operation is scheduled to start.
- Target
-
- Type: string
The list of execution outputs as defined in the Automation runbook.
- TargetLocationsURL
-
- Type: string
A publicly accessible URL for a file that contains the
TargetLocations
body. Currently, only files in presigned Amazon S3 buckets are supported - TargetMaps
-
- Type: Array of maps
The specified key-value mapping of document parameters to target resources.
- TargetParameterName
-
- Type: string
The list of execution outputs as defined in the Automation runbook.
- Targets
-
- Type: Array of Target structures
The targets defined by the user when starting the automation.
- TriggeredAlarms
-
- Type: Array of AlarmStateInformation structures
The CloudWatch alarm that was invoked by the automation.
AutomationExecutionNotFoundException
Description
There is no automation execution information for the requested automation execution ID.
Members
- Message
-
- Type: string
AutomationStepNotFoundException
Description
The specified step name and execution ID don't exist. Verify the information and try again.
Members
- Message
-
- Type: string
BaselineOverride
Description
Defines the basic information about a patch baseline override.
Members
- ApprovalRules
-
- Type: PatchRuleGroup structure
A set of rules defining the approval rules for a patch baseline.
- ApprovedPatches
-
- Type: Array of strings
A list of explicitly approved patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
- ApprovedPatchesComplianceLevel
-
- Type: string
Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation.
- ApprovedPatchesEnableNonSecurity
-
- Type: boolean
Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is
false
. Applies to Linux managed nodes only. - GlobalFilters
-
- Type: PatchFilterGroup structure
A set of patch filters, typically used for approval rules.
- OperatingSystem
-
- Type: string
The operating system rule used by the patch baseline override.
- RejectedPatches
-
- Type: Array of strings
A list of explicitly rejected patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
- RejectedPatchesAction
-
- Type: string
The action for Patch Manager to take on patches included in the
RejectedPackages
list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency. - Sources
-
- Type: Array of PatchSource structures
Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.
CloudWatchOutputConfig
Description
Configuration options for sending command output to Amazon CloudWatch Logs.
Members
- CloudWatchLogGroupName
-
- Type: string
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
- CloudWatchOutputEnabled
-
- Type: boolean
Enables Systems Manager to send command output to CloudWatch Logs.
Command
Description
Describes a command request.
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm applied to your command.
- CloudWatchOutputConfig
-
- Type: CloudWatchOutputConfig structure
Amazon CloudWatch Logs information where you want Amazon Web Services Systems Manager to send the command output.
- CommandId
-
- Type: string
A unique identifier for this command.
- Comment
-
- Type: string
User-specified information about the command, such as a brief description of what the command should do.
- CompletedCount
-
- Type: int
The number of targets for which the command invocation reached a terminal state. Terminal states include the following: Success, Failed, Execution Timed Out, Delivery Timed Out, Cancelled, Terminated, or Undeliverable.
- DeliveryTimedOutCount
-
- Type: int
The number of targets for which the status is Delivery Timed Out.
- DocumentName
-
- Type: string
The name of the document requested for execution.
- DocumentVersion
-
- Type: string
The Systems Manager document (SSM document) version.
- ErrorCount
-
- Type: int
The number of targets for which the status is Failed or Execution Timed Out.
- ExpiresAfter
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
If a command expires, it changes status to
DeliveryTimedOut
for all invocations that have the statusInProgress
,Pending
, orDelayed
.ExpiresAfter
is calculated based on the total timeout for the overall command. For more information, see Understanding command timeout values in the Amazon Web Services Systems Manager User Guide. - InstanceIds
-
- Type: Array of strings
The managed node IDs against which this command was requested.
- MaxConcurrency
-
- Type: string
The maximum number of managed nodes that are allowed to run the command at the same time. You can specify a number of managed nodes, such as 10, or a percentage of nodes, such as 10%. The default value is 50. For more information about how to use
MaxConcurrency
, see Amazon Web Services Systems Manager Run Command in the Amazon Web Services Systems Manager User Guide. - MaxErrors
-
- Type: string
The maximum number of errors allowed before the system stops sending the command to additional targets. You can specify a number of errors, such as 10, or a percentage or errors, such as 10%. The default value is
0
. For more information about how to useMaxErrors
, see Amazon Web Services Systems Manager Run Command in the Amazon Web Services Systems Manager User Guide. - NotificationConfig
-
- Type: NotificationConfig structure
Configurations for sending notifications about command status changes.
- OutputS3BucketName
-
- Type: string
The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command.
- OutputS3KeyPrefix
-
- Type: string
The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command.
- OutputS3Region
-
- Type: string
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Amazon Web Services Region of the S3 bucket.
- Parameters
-
- Type: Associative array of custom strings keys (ParameterName) to stringss
The parameter values to be inserted in the document when running the command.
- RequestedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the command was requested.
- ServiceRole
-
- Type: string
The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes.
- Status
-
- Type: string
The status of the command.
- StatusDetails
-
- Type: string
A detailed status of the command execution.
StatusDetails
includes more information thanStatus
because it includes states resulting from error and concurrency control parameters.StatusDetails
can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide. StatusDetails can be one of the following values:-
Pending: The command hasn't been sent to any managed nodes.
-
In Progress: The command has been sent to at least one managed node but hasn't reached a final state on all managed nodes.
-
Success: The command successfully ran on all invocations. This is a terminal state.
-
Delivery Timed Out: The value of MaxErrors or more command invocations shows a status of Delivery Timed Out. This is a terminal state.
-
Execution Timed Out: The value of MaxErrors or more command invocations shows a status of Execution Timed Out. This is a terminal state.
-
Failed: The value of MaxErrors or more command invocations shows a status of Failed. This is a terminal state.
-
Incomplete: The command was attempted on all managed nodes and one or more invocations doesn't have a value of Success but not enough invocations failed for the status to be Failed. This is a terminal state.
-
Cancelled: The command was terminated before it was completed. This is a terminal state.
-
Rate Exceeded: The number of managed nodes targeted by the command exceeded the account limit for pending invocations. The system has canceled the command before running it on any managed node. This is a terminal state.
-
Delayed: The system attempted to send the command to the managed node but wasn't successful. The system retries again.
- TargetCount
-
- Type: int
The number of targets for the command.
- Targets
-
- Type: Array of Target structures
An array of search criteria that targets managed nodes using a Key,Value combination that you specify. Targets is required if you don't provide one or more managed node IDs in the call.
- TimeoutSeconds
-
- Type: int
The
TimeoutSeconds
value specified for a command. - TriggeredAlarms
-
- Type: Array of AlarmStateInformation structures
The CloudWatch alarm that was invoked by the command.
CommandFilter
Description
Describes a command filter.
A managed node ID can't be specified when a command status is Pending
because the command hasn't run on the node yet.
Members
- key
-
- Required: Yes
- Type: string
The name of the filter.
The
ExecutionStage
filter can't be used with theListCommandInvocations
operation, only withListCommands
. - value
-
- Required: Yes
- Type: string
The filter value. Valid values for each filter key are as follows:
-
InvokedAfter: Specify a timestamp to limit your results. For example, specify
2024-07-07T00:00:00Z
to see a list of command executions occurring July 7, 2021, and later. -
InvokedBefore: Specify a timestamp to limit your results. For example, specify
2024-07-07T00:00:00Z
to see a list of command executions from before July 7, 2021. -
Status: Specify a valid command status to see a list of all command executions with that status. The status choices depend on the API you call.
The status values you can specify for
ListCommands
are:-
Pending
-
InProgress
-
Success
-
Cancelled
-
Failed
-
TimedOut
(this includes both Delivery and Execution time outs) -
AccessDenied
-
DeliveryTimedOut
-
ExecutionTimedOut
-
Incomplete
-
NoInstancesInTag
-
LimitExceeded
The status values you can specify for
ListCommandInvocations
are:-
Pending
-
InProgress
-
Delayed
-
Success
-
Cancelled
-
Failed
-
TimedOut
(this includes both Delivery and Execution time outs) -
AccessDenied
-
DeliveryTimedOut
-
ExecutionTimedOut
-
Undeliverable
-
InvalidPlatform
-
Terminated
-
-
DocumentName: Specify name of the Amazon Web Services Systems Manager document (SSM document) for which you want to see command execution results. For example, specify
AWS-RunPatchBaseline
to see command executions that used this SSM document to perform security patching operations on managed nodes. -
ExecutionStage: Specify one of the following values (
ListCommands
operations only):-
Executing
: Returns a list of command executions that are currently still running. -
Complete
: Returns a list of command executions that have already completed.
-
CommandInvocation
Description
An invocation is a copy of a command sent to a specific managed node. A command can apply to one or more managed nodes. A command invocation applies to one managed node. For example, if a user runs SendCommand
against three managed nodes, then a command invocation is created for each requested managed node ID. A command invocation returns status and detail information about a command you ran.
Members
- CloudWatchOutputConfig
-
- Type: CloudWatchOutputConfig structure
Amazon CloudWatch Logs information where you want Amazon Web Services Systems Manager to send the command output.
- CommandId
-
- Type: string
The command against which this invocation was requested.
- CommandPlugins
-
- Type: Array of CommandPlugin structures
Plugins processed by the command.
- Comment
-
- Type: string
User-specified information about the command, such as a brief description of what the command should do.
- DocumentName
-
- Type: string
The document name that was requested for execution.
- DocumentVersion
-
- Type: string
The Systems Manager document (SSM document) version.
- InstanceId
-
- Type: string
The managed node ID in which this invocation was requested.
- InstanceName
-
- Type: string
The fully qualified host name of the managed node.
- NotificationConfig
-
- Type: NotificationConfig structure
Configurations for sending notifications about command status changes on a per managed node basis.
- RequestedDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time and date the request was sent to this managed node.
- ServiceRole
-
- Type: string
The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes on a per managed node basis.
- StandardErrorUrl
-
- Type: string
The URL to the plugin's StdErr file in Amazon Simple Storage Service (Amazon S3), if the S3 bucket was defined for the parent command. For an invocation,
StandardErrorUrl
is populated if there is just one plugin defined for the command, and the S3 bucket was defined for the command. - StandardOutputUrl
-
- Type: string
The URL to the plugin's StdOut file in Amazon Simple Storage Service (Amazon S3), if the S3 bucket was defined for the parent command. For an invocation,
StandardOutputUrl
is populated if there is just one plugin defined for the command, and the S3 bucket was defined for the command. - Status
-
- Type: string
Whether or not the invocation succeeded, failed, or is pending.
- StatusDetails
-
- Type: string
A detailed status of the command execution for each invocation (each managed node targeted by the command). StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide. StatusDetails can be one of the following values:
-
Pending: The command hasn't been sent to the managed node.
-
In Progress: The command has been sent to the managed node but hasn't reached a terminal state.
-
Success: The execution of the command or plugin was successfully completed. This is a terminal state.
-
Delivery Timed Out: The command wasn't delivered to the managed node before the delivery timeout expired. Delivery timeouts don't count against the parent command's
MaxErrors
limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state. -
Execution Timed Out: Command execution started on the managed node, but the execution wasn't complete before the execution timeout expired. Execution timeouts count against the
MaxErrors
limit of the parent command. This is a terminal state. -
Failed: The command wasn't successful on the managed node. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the
MaxErrors
limit of the parent command. This is a terminal state. -
Cancelled: The command was terminated before it was completed. This is a terminal state.
-
Undeliverable: The command can't be delivered to the managed node. The managed node might not exist or might not be responding. Undeliverable invocations don't count against the parent command's MaxErrors limit and don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state.
-
Terminated: The parent command exceeded its MaxErrors limit and subsequent command invocations were canceled by the system. This is a terminal state.
-
Delayed: The system attempted to send the command to the managed node but wasn't successful. The system retries again.
- TraceOutput
-
- Type: string
Gets the trace output sent by the agent.
CommandPlugin
Description
Describes plugin details.
Members
- Name
-
- Type: string
The name of the plugin. Must be one of the following:
aws:updateAgent
,aws:domainjoin
,aws:applications
,aws:runPowerShellScript
,aws:psmodule
,aws:cloudWatch
,aws:runShellScript
, oraws:updateSSMAgent
. - Output
-
- Type: string
Output of the plugin execution.
- OutputS3BucketName
-
- Type: string
The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:
amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript
amzn-s3-demo-bucket
is the name of the S3 bucket;my-prefix
is the name of the S3 prefix;i-02573cafcfEXAMPLE
is the managed node ID;awsrunShellScript
is the name of the plugin. - OutputS3KeyPrefix
-
- Type: string
The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:
amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript
amzn-s3-demo-bucket
is the name of the S3 bucket;my-prefix
is the name of the S3 prefix;i-02573cafcfEXAMPLE
is the managed node ID;awsrunShellScript
is the name of the plugin. - OutputS3Region
-
- Type: string
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the S3 bucket region.
- ResponseCode
-
- Type: int
A numeric response code generated after running the plugin.
- ResponseFinishDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the plugin stopped running. Could stop prematurely if, for example, a cancel command was sent.
- ResponseStartDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the plugin started running.
- StandardErrorUrl
-
- Type: string
The URL for the complete text written by the plugin to stderr. If execution isn't yet complete, then this string is empty.
- StandardOutputUrl
-
- Type: string
The URL for the complete text written by the plugin to stdout in Amazon S3. If the S3 bucket for the command wasn't specified, then this string is empty.
- Status
-
- Type: string
The status of this plugin. You can run a document with multiple plugins.
- StatusDetails
-
- Type: string
A detailed status of the plugin execution.
StatusDetails
includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide. StatusDetails can be one of the following values:-
Pending: The command hasn't been sent to the managed node.
-
In Progress: The command has been sent to the managed node but hasn't reached a terminal state.
-
Success: The execution of the command or plugin was successfully completed. This is a terminal state.
-
Delivery Timed Out: The command wasn't delivered to the managed node before the delivery timeout expired. Delivery timeouts don't count against the parent command's
MaxErrors
limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state. -
Execution Timed Out: Command execution started on the managed node, but the execution wasn't complete before the execution timeout expired. Execution timeouts count against the
MaxErrors
limit of the parent command. This is a terminal state. -
Failed: The command wasn't successful on the managed node. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the MaxErrors limit of the parent command. This is a terminal state.
-
Cancelled: The command was terminated before it was completed. This is a terminal state.
-
Undeliverable: The command can't be delivered to the managed node. The managed node might not exist, or it might not be responding. Undeliverable invocations don't count against the parent command's MaxErrors limit, and they don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state.
-
Terminated: The parent command exceeded its MaxErrors limit and subsequent command invocations were canceled by the system. This is a terminal state.
ComplianceExecutionSummary
Description
A summary of the call execution that includes an execution ID, the type of execution (for example, Command
), and the date/time of the execution using a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'
Members
- ExecutionId
-
- Type: string
An ID created by the system when
PutComplianceItems
was called. For example,CommandID
is a valid execution ID. You can use this ID in subsequent calls. - ExecutionTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the execution ran as a datetime object that is saved in the following format:
yyyy-MM-dd'T'HH:mm:ss'Z'
- ExecutionType
-
- Type: string
The type of execution. For example,
Command
is a valid execution type.
ComplianceItem
Description
Information about the compliance as defined by the resource type. For example, for a patch resource type, Items
includes information about the PatchSeverity, Classification, and so on.
Members
- ComplianceType
-
- Type: string
The compliance type. For example, Association (for a State Manager association), Patch, or Custom:
string
are all valid compliance types. - Details
-
- Type: Associative array of custom strings keys (AttributeName) to strings
A "Key": "Value" tag combination for the compliance item.
- ExecutionSummary
-
- Type: ComplianceExecutionSummary structure
A summary for the compliance item. The summary includes an execution ID, the execution type (for example, command), and the execution time.
- Id
-
- Type: string
An ID for the compliance item. For example, if the compliance item is a Windows patch, the ID could be the number of the KB article; for example: KB4010320.
- ResourceId
-
- Type: string
An ID for the resource. For a managed node, this is the node ID.
- ResourceType
-
- Type: string
The type of resource.
ManagedInstance
is currently the only supported resource type. - Severity
-
- Type: string
The severity of the compliance status. Severity can be one of the following: Critical, High, Medium, Low, Informational, Unspecified.
- Status
-
- Type: string
The status of the compliance item. An item is either COMPLIANT, NON_COMPLIANT, or an empty string (for Windows patches that aren't applicable).
- Title
-
- Type: string
A title for the compliance item. For example, if the compliance item is a Windows patch, the title could be the title of the KB article for the patch; for example: Security Update for Active Directory Federation Services.
ComplianceItemEntry
Description
Information about a compliance item.
Members
- Details
-
- Type: Associative array of custom strings keys (AttributeName) to strings
A "Key": "Value" tag combination for the compliance item.
- Id
-
- Type: string
The compliance item ID. For example, if the compliance item is a Windows patch, the ID could be the number of the KB article.
- Severity
-
- Required: Yes
- Type: string
The severity of the compliance status. Severity can be one of the following: Critical, High, Medium, Low, Informational, Unspecified.
- Status
-
- Required: Yes
- Type: string
The status of the compliance item. An item is either COMPLIANT or NON_COMPLIANT.
- Title
-
- Type: string
The title of the compliance item. For example, if the compliance item is a Windows patch, the title could be the title of the KB article for the patch; for example: Security Update for Active Directory Federation Services.
ComplianceStringFilter
Description
One or more filters. Use a filter to return a more specific list of results.
Members
- Key
-
- Type: string
The name of the filter.
- Type
-
- Type: string
The type of comparison that should be performed for the value: Equal, NotEqual, BeginWith, LessThan, or GreaterThan.
- Values
-
- Type: Array of strings
The value for which to search.
ComplianceSummaryItem
Description
A summary of compliance information by compliance type.
Members
- ComplianceType
-
- Type: string
The type of compliance item. For example, the compliance type can be Association, Patch, or Custom:string.
- CompliantSummary
-
- Type: CompliantSummary structure
A list of COMPLIANT items for the specified compliance type.
- NonCompliantSummary
-
- Type: NonCompliantSummary structure
A list of NON_COMPLIANT items for the specified compliance type.
ComplianceTypeCountLimitExceededException
Description
You specified too many custom compliance types. You can specify a maximum of 10 different types.
Members
- Message
-
- Type: string
CompliantSummary
Description
A summary of resources that are compliant. The summary is organized according to the resource count for each compliance type.
Members
- CompliantCount
-
- Type: int
The total number of resources that are compliant.
- SeveritySummary
-
- Type: SeveritySummary structure
A summary of the compliance severity by compliance type.
CreateAssociationBatchRequestEntry
Description
Describes the association of a Amazon Web Services Systems Manager document (SSM document) and a managed node.
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm you want to apply to an automation or command.
- ApplyOnlyAtCronInterval
-
- Type: boolean
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
- AssociationName
-
- Type: string
Specify a descriptive name for the association.
- AutomationTargetParameterName
-
- Type: string
Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
- CalendarNames
-
- Type: Array of strings
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
- ComplianceSeverity
-
- Type: string
The severity level to assign to the association.
- DocumentVersion
-
- Type: string
The document version.
- Duration
-
- Type: int
The number of hours the association can run before it is canceled. Duration applies to associations that are currently running, and any pending and in progress commands on all targets. If a target was taken offline for the association to run, it is made available again immediately, without a reboot.
The
Duration
parameter applies only when both these conditions are true:-
The association for which you specify a duration is cancelable according to the parameters of the SSM command document or Automation runbook associated with this execution.
-
The command specifies the
ApplyOnlyAtCronInterval
parameter, which means that the association doesn't run immediately after it is created, but only according to the specified schedule.
- InstanceId
-
- Type: string
The managed node ID.
InstanceId
has been deprecated. To specify a managed node ID for an association, use theTargets
parameter. Requests that include the parameterInstanceID
with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameterInstanceId
, you can't use the parametersAssociationName
,DocumentVersion
,MaxErrors
,MaxConcurrency
,OutputLocation
, orScheduleExpression
. To use these parameters, you must use theTargets
parameter. - MaxConcurrency
-
- Type: string
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new managed node starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified forMaxConcurrency
. - MaxErrors
-
- Type: string
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time. - Name
-
- Required: Yes
- Type: string
The name of the SSM document that contains the configuration information for the managed node. You can specify Command or Automation runbooks.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.
For SSM documents that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:
arn:aws:ssm:region:account-id:document/document-name
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example,
AWS-ApplyPatchBaseline
orMy-Document
. - OutputLocation
-
- Type: InstanceAssociationOutputLocation structure
An S3 bucket where you want to store the results of this request.
- Parameters
-
- Type: Associative array of custom strings keys (ParameterName) to stringss
A description of the parameters for a document.
- ScheduleExpression
-
- Type: string
A cron expression that specifies a schedule when the association runs.
- ScheduleOffset
-
- Type: int
Number of days to wait after the scheduled day to run an association.
- SyncCompliance
-
- Type: string
The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
AUTO
mode. - TargetLocations
-
- Type: Array of TargetLocation structures
Use this action to create an association in multiple Regions and multiple accounts.
- TargetMaps
-
- Type: Array of maps
A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.
- Targets
-
- Type: Array of Target structures
The managed nodes targeted by the request.
CustomSchemaCountLimitExceededException
Description
You have exceeded the limit for custom schemas. Delete one or more custom schemas and try again.
Members
- Message
-
- Type: string
DescribeActivationsFilter
Description
Filter for the DescribeActivation API.
Members
- FilterKey
-
- Type: string
The name of the filter.
- FilterValues
-
- Type: Array of strings
The filter values.
DocumentAlreadyExists
Description
The specified document already exists.
Members
- Message
-
- Type: string
DocumentDefaultVersionDescription
Description
A default version of a document.
Members
- DefaultVersion
-
- Type: string
The default version of the document.
- DefaultVersionName
-
- Type: string
The default version of the artifact associated with the document.
- Name
-
- Type: string
The name of the document.
DocumentDescription
Description
Describes an Amazon Web Services Systems Manager document (SSM document).
Members
- ApprovedVersion
-
- Type: string
The version of the document currently approved for use in the organization.
- AttachmentsInformation
-
- Type: Array of AttachmentInformation structures
Details about the document attachments, including names, locations, sizes, and so on.
- Author
-
- Type: string
The user in your organization who created the document.
- Category
-
- Type: Array of strings
The classification of a document to help you identify and categorize its use.
- CategoryEnum
-
- Type: Array of strings
The value that identifies a document's category.
- CreatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date when the document was created.
- DefaultVersion
-
- Type: string
The default version.
- Description
-
- Type: string
A description of the document.
- DisplayName
-
- Type: string
The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.
- DocumentFormat
-
- Type: string
The document format, either JSON or YAML.
- DocumentType
-
- Type: string
The type of document.
- DocumentVersion
-
- Type: string
The document version.
- Hash
-
- Type: string
The Sha256 or Sha1 hash created by the system when the document was created.
Sha1 hashes have been deprecated.
- HashType
-
- Type: string
The hash type of the document. Valid values include
Sha256
orSha1
.Sha1 hashes have been deprecated.
- LatestVersion
-
- Type: string
The latest version of the document.
- Name
-
- Type: string
The name of the SSM document.
- Owner
-
- Type: string
The Amazon Web Services user that created the document.
- Parameters
-
- Type: Array of DocumentParameter structures
A description of the parameters for a document.
- PendingReviewVersion
-
- Type: string
The version of the document that is currently under review.
- PlatformTypes
-
- Type: Array of strings
The list of operating system (OS) platforms compatible with this SSM document.
- Requires
-
- Type: Array of DocumentRequires structures
A list of SSM documents required by a document. For example, an
ApplicationConfiguration
document requires anApplicationConfigurationSchema
document. - ReviewInformation
-
- Type: Array of ReviewInformation structures
Details about the review of a document.
- ReviewStatus
-
- Type: string
The current status of the review.
- SchemaVersion
-
- Type: string
The schema version.
- Sha1
-
- Type: string
The SHA1 hash of the document, which you can use for verification.
- Status
-
- Type: string
The status of the SSM document.
- StatusInformation
-
- Type: string
A message returned by Amazon Web Services Systems Manager that explains the
Status
value. For example, aFailed
status might be explained by theStatusInformation
message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct." - Tags
-
- Type: Array of Tag structures
The tags, or metadata, that have been applied to the document.
- TargetType
-
- Type: string
The target type which defines the kinds of resources the document can run on. For example,
/AWS::EC2::Instance
. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide. - VersionName
-
- Type: string
The version of the artifact associated with the document.
DocumentFilter
Description
This data type is deprecated. Instead, use DocumentKeyValuesFilter.
Members
- key
-
- Required: Yes
- Type: string
The name of the filter.
- value
-
- Required: Yes
- Type: string
The value of the filter.
DocumentIdentifier
Description
Describes the name of a SSM document.
Members
- Author
-
- Type: string
The user in your organization who created the document.
- CreatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the SSM document was created.
- DisplayName
-
- Type: string
An optional field where you can specify a friendly name for the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.
- DocumentFormat
-
- Type: string
The document format, either JSON or YAML.
- DocumentType
-
- Type: string
The document type.
- DocumentVersion
-
- Type: string
The document version.
- Name
-
- Type: string
The name of the SSM document.
- Owner
-
- Type: string
The Amazon Web Services user that created the document.
- PlatformTypes
-
- Type: Array of strings
The operating system platform.
- Requires
-
- Type: Array of DocumentRequires structures
A list of SSM documents required by a document. For example, an
ApplicationConfiguration
document requires anApplicationConfigurationSchema
document. - ReviewStatus
-
- Type: string
The current status of a document review.
- SchemaVersion
-
- Type: string
The schema version.
- Tags
-
- Type: Array of Tag structures
The tags, or metadata, that have been applied to the document.
- TargetType
-
- Type: string
The target type which defines the kinds of resources the document can run on. For example,
/AWS::EC2::Instance
. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide. - VersionName
-
- Type: string
An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.
DocumentKeyValuesFilter
Description
One or more filters. Use a filter to return a more specific list of documents.
For keys, you can specify one or more tags that have been applied to a document.
You can also use Amazon Web Services-provided keys, some of which have specific allowed values. These keys and their associated values are as follows:
- DocumentType
-
-
ApplicationConfiguration
-
ApplicationConfigurationSchema
-
Automation
-
ChangeCalendar
-
Command
-
Package
-
Policy
-
Session
-
- Owner
-
Note that only one
Owner
can be specified in a request. For example:Key=Owner,Values=Self
.-
Amazon
-
Private
-
Public
-
Self
-
ThirdParty
-
- PlatformTypes
-
-
Linux
-
Windows
-
Name
is another Amazon Web Services-provided key. If you use Name
as a key, you can use a name prefix to return a list of documents. For example, in the Amazon Web Services CLI, to return a list of all documents that begin with Te
, run the following command:
aws ssm list-documents --filters Key=Name,Values=Te
You can also use the TargetType
Amazon Web Services-provided key. For a list of valid resource type values that can be used with this key, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.
If you specify more than two keys, only documents that are identified by all the tags are returned in the results. If you specify more than two values for a key, documents that are identified by any of the values are returned in the results.
To specify a custom key-value pair, use the format Key=tag:tagName,Values=valueName
.
For example, if you created a key called region and are using the Amazon Web Services CLI to call the list-documents
command:
aws ssm list-documents --filters Key=tag:region,Values=east,west Key=Owner,Values=Self
Members
- Key
-
- Type: string
The name of the filter key.
- Values
-
- Type: Array of strings
The value for the filter key.
DocumentLimitExceeded
Description
You can have at most 500 active SSM documents.
Members
- Message
-
- Type: string
DocumentMetadataResponseInfo
Description
Details about the response to a document review request.
Members
- ReviewerResponse
-
- Type: Array of DocumentReviewerResponseSource structures
Details about a reviewer's response to a document review request.
DocumentParameter
Description
Parameters specified in a Systems Manager document that run on the server when the command is run.
Members
- DefaultValue
-
- Type: string
If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.
- Description
-
- Type: string
A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.
- Name
-
- Type: string
The name of the parameter.
- Type
-
- Type: string
The type of parameter. The type can be either String or StringList.
DocumentPermissionLimit
Description
The document can't be shared with more Amazon Web Services accounts. You can specify a maximum of 20 accounts per API operation to share a private document.
By default, you can share a private document with a maximum of 1,000 accounts and publicly share up to five documents.
If you need to increase the quota for privately or publicly shared Systems Manager documents, contact Amazon Web Services Support.
Members
- Message
-
- Type: string
DocumentRequires
Description
An SSM document required by the current document.
Members
- Name
-
- Required: Yes
- Type: string
The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
- RequireType
-
- Type: string
The document type of the required SSM document.
- Version
-
- Type: string
The document version required by the current document.
- VersionName
-
- Type: string
An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.
DocumentReviewCommentSource
Description
Information about comments added to a document review request.
Members
- Content
-
- Type: string
The content of a comment entered by a user who requests a review of a new document version, or who reviews the new version.
- Type
-
- Type: string
The type of information added to a review request. Currently, only the value
Comment
is supported.
DocumentReviewerResponseSource
Description
Information about a reviewer's response to a document review request.
Members
- Comment
-
- Type: Array of DocumentReviewCommentSource structures
The comment entered by a reviewer as part of their document review response.
- CreateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that a reviewer entered a response to a document review request.
- ReviewStatus
-
- Type: string
The current review status of a new custom SSM document created by a member of your organization, or of the latest version of an existing SSM document.
Only one version of a document can be in the APPROVED state at a time. When a new version is approved, the status of the previous version changes to REJECTED.
Only one version of a document can be in review, or PENDING, at a time.
- Reviewer
-
- Type: string
The user in your organization assigned to review a document request.
- UpdatedTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time that a reviewer last updated a response to a document review request.
DocumentReviews
Description
Information about a document approval review.
Members
- Action
-
- Required: Yes
- Type: string
The action to take on a document approval review request.
- Comment
-
- Type: Array of DocumentReviewCommentSource structures
A comment entered by a user in your organization about the document review request.
DocumentVersionInfo
Description
Version information about the document.
Members
- CreatedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the document was created.
- DisplayName
-
- Type: string
The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.
- DocumentFormat
-
- Type: string
The document format, either JSON or YAML.
- DocumentVersion
-
- Type: string
The document version.
- IsDefaultVersion
-
- Type: boolean
An identifier for the default version of the document.
- Name
-
- Type: string
The document name.
- ReviewStatus
-
- Type: string
The current status of the approval review for the latest version of the document.
- Status
-
- Type: string
The status of the SSM document, such as
Creating
,Active
,Failed
, andDeleting
. - StatusInformation
-
- Type: string
A message returned by Amazon Web Services Systems Manager that explains the
Status
value. For example, aFailed
status might be explained by theStatusInformation
message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct." - VersionName
-
- Type: string
The version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.
DocumentVersionLimitExceeded
Description
The document has too many versions. Delete one or more document versions and try again.
Members
- Message
-
- Type: string
DoesNotExistException
Description
Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.
For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
Members
- Message
-
- Type: string
DuplicateDocumentContent
Description
The content of the association document matches another document. Change the content of the document and try again.
Members
- Message
-
- Type: string
DuplicateDocumentVersionName
Description
The version name has already been used in this document. Specify a different version name, and then try again.
Members
- Message
-
- Type: string
DuplicateInstanceId
Description
You can't specify a managed node ID in more than one association.
Members
EffectivePatch
Description
The EffectivePatch
structure defines metadata about a patch along with the approval state of the patch in a particular patch baseline. The approval state includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.
Members
- Patch
-
- Type: Patch structure
Provides metadata for a patch, including information such as the KB ID, severity, classification and a URL for where more information can be obtained about the patch.
- PatchStatus
-
- Type: PatchStatus structure
The status of the patch in a patch baseline. This includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.
FailedCreateAssociation
Description
Describes a failed association.
Members
- Entry
-
- Type: CreateAssociationBatchRequestEntry structure
The association.
- Fault
-
- Type: string
The source of the failure.
- Message
-
- Type: string
A description of the failure.
FailureDetails
Description
Information about an Automation failure.
Members
- Details
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
Detailed information about the Automation step failure.
- FailureStage
-
- Type: string
The stage of the Automation execution when the failure occurred. The stages include the following: InputValidation, PreVerification, Invocation, PostVerification.
- FailureType
-
- Type: string
The type of Automation failure. Failure types include the following: Action, Permission, Throttling, Verification, Internal.
FeatureNotAvailableException
Description
You attempted to register a LAMBDA
or STEP_FUNCTIONS
task in a region where the corresponding service isn't available.
Members
- Message
-
- Type: string
GetResourcePoliciesResponseEntry
Description
A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. Currently, OpsItemGroup
is the only resource that supports Systems Manager resource policies. The resource policy for OpsItemGroup
enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems).
Members
- Policy
-
- Type: string
A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. Currently,
OpsItemGroup
is the only resource that supports Systems Manager resource policies. The resource policy forOpsItemGroup
enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems). - PolicyHash
-
- Type: string
ID of the current policy version. The hash helps to prevent a situation where multiple users attempt to overwrite a policy. You must provide this hash when updating or deleting a policy.
- PolicyId
-
- Type: string
A policy ID.
HierarchyLevelLimitExceededException
Description
A hierarchy can have a maximum of 15 levels. For more information, see Requirements and constraints for parameter names in the Amazon Web Services Systems Manager User Guide.
Members
- message
-
- Type: string
A hierarchy can have a maximum of 15 levels. For more information, see About requirements and constraints for parameter names in the Amazon Web Services Systems Manager User Guide.
HierarchyTypeMismatchException
Description
Parameter Store doesn't support changing a parameter type in a hierarchy. For example, you can't change a parameter from a String
type to a SecureString
type. You must create a new, unique parameter.
Members
- message
-
- Type: string
Parameter Store doesn't support changing a parameter type in a hierarchy. For example, you can't change a parameter from a
String
type to aSecureString
type. You must create a new, unique parameter.
IdempotentParameterMismatch
Description
Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.
Members
- Message
-
- Type: string
IncompatiblePolicyException
Description
There is a conflict in the policies specified for this parameter. You can't, for example, specify two Expiration policies for a parameter. Review your policies, and try again.
Members
- message
-
- Type: string
InstanceAggregatedAssociationOverview
Description
Status information about the aggregated associations.
Members
- DetailedStatus
-
- Type: string
Detailed status information about the aggregated associations.
- InstanceAssociationStatusAggregatedCount
-
- Type: Associative array of custom strings keys (StatusName) to ints
The number of associations for the managed nodes.
InstanceAssociation
Description
One or more association documents on the managed node.
Members
- AssociationId
-
- Type: string
The association ID.
- AssociationVersion
-
- Type: string
Version information for the association on the managed node.
- Content
-
- Type: string
The content of the association document for the managed nodes.
- InstanceId
-
- Type: string
The managed node ID.
InstanceAssociationOutputLocation
Description
An S3 bucket where you want to store the results of this request.
For the minimal permissions required to enable Amazon S3 output for an association, see Create an association (console) in the Systems Manager User Guide.
Members
- S3Location
-
- Type: S3OutputLocation structure
An S3 bucket where you want to store the results of this request.
InstanceAssociationOutputUrl
Description
The URL of S3 bucket where you want to store the results of this request.
Members
- S3OutputUrl
-
- Type: S3OutputUrl structure
The URL of S3 bucket where you want to store the results of this request.
InstanceAssociationStatusInfo
Description
Status information about the association.
Members
- AssociationId
-
- Type: string
The association ID.
- AssociationName
-
- Type: string
The name of the association applied to the managed node.
- AssociationVersion
-
- Type: string
The version of the association applied to the managed node.
- DetailedStatus
-
- Type: string
Detailed status information about the association.
- DocumentVersion
-
- Type: string
The association document versions.
- ErrorCode
-
- Type: string
An error code returned by the request to create the association.
- ExecutionDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the association ran.
- ExecutionSummary
-
- Type: string
Summary information about association execution.
- InstanceId
-
- Type: string
The managed node ID where the association was created.
- Name
-
- Type: string
The name of the association.
- OutputUrl
-
- Type: InstanceAssociationOutputUrl structure
A URL for an S3 bucket where you want to store the results of this request.
- Status
-
- Type: string
Status information about the association.
InstanceInformation
Description
Describes a filter for a specific list of managed nodes.
Members
- ActivationId
-
- Type: string
The activation ID created by Amazon Web Services Systems Manager when the server or virtual machine (VM) was registered.
- AgentVersion
-
- Type: string
The version of SSM Agent running on your Linux managed node.
- AssociationOverview
-
- Type: InstanceAggregatedAssociationOverview structure
Information about the association.
- AssociationStatus
-
- Type: string
The status of the association.
- ComputerName
-
- Type: string
The fully qualified host name of the managed node.
- IPAddress
-
- Type: string
The IP address of the managed node.
- IamRole
-
- Type: string
The role assigned to an Amazon EC2 instance configured with a Systems Manager Quick Setup host management configuration or the role assigned to an on-premises managed node.
This call doesn't return the IAM role for unmanaged Amazon EC2 instances (instances not configured for Systems Manager). To retrieve the role for an unmanaged instance, use the Amazon EC2
DescribeInstances
operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference. - InstanceId
-
- Type: string
The managed node ID.
- IsLatestVersion
-
- Type: boolean
Indicates whether the latest version of SSM Agent is running on your Linux managed node. This field doesn't indicate whether or not the latest version is installed on Windows managed nodes, because some older versions of Windows Server use the EC2Config service to process Systems Manager requests.
- LastAssociationExecutionDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the association was last run.
- LastPingDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the agent last pinged the Systems Manager service.
- LastSuccessfulAssociationExecutionDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last date the association was successfully run.
- Name
-
- Type: string
The name assigned to an on-premises server, edge device, or virtual machine (VM) when it is activated as a Systems Manager managed node. The name is specified as the
DefaultInstanceName
property using the CreateActivation command. It is applied to the managed node by specifying the Activation Code and Activation ID when you install SSM Agent on the node, as explained in How to install SSM Agent on hybrid Linux nodes and How to install SSM Agent on hybrid Windows Server nodes. To retrieve theName
tag of an EC2 instance, use the Amazon EC2DescribeInstances
operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference. - PingStatus
-
- Type: string
Connection status of SSM Agent.
The status
Inactive
has been deprecated and is no longer in use. - PlatformName
-
- Type: string
The name of the operating system platform running on your managed node.
- PlatformType
-
- Type: string
The operating system platform type.
- PlatformVersion
-
- Type: string
The version of the OS platform running on your managed node.
- RegistrationDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the server or VM was registered with Amazon Web Services as a managed node.
- ResourceType
-
- Type: string
The type of instance. Instances are either EC2 instances or managed instances.
- SourceId
-
- Type: string
The ID of the source resource. For IoT Greengrass devices,
SourceId
is the Thing name. - SourceType
-
- Type: string
The type of the source resource. For IoT Greengrass devices,
SourceType
isAWS::IoT::Thing
.
InstanceInformationFilter
Description
Describes a filter for a specific list of managed nodes. You can filter node information by using tags. You specify tags by using a key-value mapping.
Use this operation instead of the DescribeInstanceInformationRequest$InstanceInformationFilterList method. The InstanceInformationFilterList
method is a legacy method and doesn't support tags.
Members
- key
-
- Required: Yes
- Type: string
The name of the filter.
- valueSet
-
- Required: Yes
- Type: Array of strings
The filter values.
InstanceInformationStringFilter
Description
The filters to describe or get information about your managed nodes.
Members
- Key
-
- Required: Yes
- Type: string
The filter key name to describe your managed nodes.
Valid filter key values: ActivationIds | AgentVersion | AssociationStatus | IamRole | InstanceIds | PingStatus | PlatformTypes | ResourceType | SourceIds | SourceTypes | "tag-key" | "tag:
{keyname}
-
Valid values for the
AssociationStatus
filter key: Success | Pending | Failed -
Valid values for the
PingStatus
filter key: Online | ConnectionLost | Inactive (deprecated) -
Valid values for the
PlatformType
filter key: Windows | Linux | MacOS -
Valid values for the
ResourceType
filter key: EC2Instance | ManagedInstance -
Valid values for the
SourceType
filter key: AWS::EC2::Instance | AWS::SSM::ManagedInstance | AWS::IoT::Thing -
Valid tag examples:
Key=tag-key,Values=Purpose
|Key=tag:Purpose,Values=Test
.
- Values
-
- Required: Yes
- Type: Array of strings
The filter values.
InstancePatchState
Description
Defines the high-level patch compliance state for a managed node, providing information about the number of installed, missing, not applicable, and failed patches along with metadata about the operation when this information was gathered for the managed node.
Members
- BaselineId
-
- Required: Yes
- Type: string
The ID of the patch baseline used to patch the managed node.
- CriticalNonCompliantCount
-
- Type: int
The number of patches per node that are specified as
Critical
for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes isNON_COMPLIANT
. - FailedCount
-
- Type: int
The number of patches from the patch baseline that were attempted to be installed during the last patching operation, but failed to install.
- InstallOverrideList
-
- Type: string
An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document
AWS-RunPatchBaseline
, overrides the patches specified by the default patch baseline.For more information about the
InstallOverrideList
parameter, see SSM Command document for patching:AWS-RunPatchBaseline
in the Amazon Web Services Systems Manager User Guide. - InstalledCount
-
- Type: int
The number of patches from the patch baseline that are installed on the managed node.
- InstalledOtherCount
-
- Type: int
The number of patches not specified in the patch baseline that are installed on the managed node.
- InstalledPendingRebootCount
-
- Type: int
The number of patches installed by Patch Manager since the last time the managed node was rebooted.
- InstalledRejectedCount
-
- Type: int
The number of patches installed on a managed node that are specified in a
RejectedPatches
list. Patches with a status ofInstalledRejected
were typically installed before they were added to aRejectedPatches
list.If
ALLOW_AS_DEPENDENCY
is the specified option forRejectedPatchesAction
, the value ofInstalledRejectedCount
will always be0
(zero). - InstanceId
-
- Required: Yes
- Type: string
The ID of the managed node the high-level patch compliance information was collected for.
- LastNoRebootInstallOperationTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time of the last attempt to patch the managed node with
NoReboot
specified as the reboot option. - MissingCount
-
- Type: int
The number of patches from the patch baseline that are applicable for the managed node but aren't currently installed.
- NotApplicableCount
-
- Type: int
The number of patches from the patch baseline that aren't applicable for the managed node and therefore aren't installed on the node. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in
UnreportedNotApplicableCount
. - Operation
-
- Required: Yes
- Type: string
The type of patching operation that was performed: or
-
SCAN
assesses the patch compliance state. -
INSTALL
installs missing patches.
- OperationEndTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the most recent patching operation completed on the managed node.
- OperationStartTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the most recent patching operation was started on the managed node.
- OtherNonCompliantCount
-
- Type: int
The number of patches per node that are specified as other than
Critical
orSecurity
but aren't compliant with the patch baseline. The status of these managed nodes isNON_COMPLIANT
. - OwnerInformation
-
- Type: string
Placeholder information. This field will always be empty in the current release of the service.
- PatchGroup
-
- Required: Yes
- Type: string
The name of the patch group the managed node belongs to.
- RebootOption
-
- Type: string
Indicates the reboot option specified in the patch baseline.
Reboot options apply to
Install
operations only. Reboots aren't attempted for Patch ManagerScan
operations.-
RebootIfNeeded
: Patch Manager tries to reboot the managed node if it installed any patches, or if any patches are detected with a status ofInstalledPendingReboot
. -
NoReboot
: Patch Manager attempts to install missing packages without trying to reboot the system. Patches installed with this option are assigned a status ofInstalledPendingReboot
. These patches might not be in effect until a reboot is performed.
- SecurityNonCompliantCount
-
- Type: int
The number of patches per node that are specified as
Security
in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes isNON_COMPLIANT
. - SnapshotId
-
- Type: string
The ID of the patch baseline snapshot used during the patching operation when this compliance data was collected.
- UnreportedNotApplicableCount
-
- Type: int
The number of patches beyond the supported limit of
NotApplicableCount
that aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.
InstancePatchStateFilter
Description
Defines a filter used in DescribeInstancePatchStatesForPatchGroup to scope down the information returned by the API.
Example: To filter for all managed nodes in a patch group having more than three patches with a FailedCount
status, use the following for the filter:
-
Value for
Key
:FailedCount
-
Value for
Type
:GreaterThan
-
Value for
Values
:3
Members
- Key
-
- Required: Yes
- Type: string
The key for the filter. Supported values include the following:
-
InstalledCount
-
InstalledOtherCount
-
InstalledPendingRebootCount
-
InstalledRejectedCount
-
MissingCount
-
FailedCount
-
UnreportedNotApplicableCount
-
NotApplicableCount
- Type
-
- Required: Yes
- Type: string
The type of comparison that should be performed for the value.
- Values
-
- Required: Yes
- Type: Array of strings
The value for the filter. Must be an integer greater than or equal to 0.
InstanceProperty
Description
An object containing various properties of a managed node.
Members
- ActivationId
-
- Type: string
The activation ID created by Systems Manager when the server or virtual machine (VM) was registered
- AgentVersion
-
- Type: string
The version of SSM Agent running on your managed node.
- Architecture
-
- Type: string
The CPU architecture of the node. For example,
x86_64
. - AssociationOverview
-
- Type: InstanceAggregatedAssociationOverview structure
Status information about the aggregated associations.
- AssociationStatus
-
- Type: string
The status of the State Manager association applied to the managed node.
- ComputerName
-
- Type: string
The fully qualified host name of the managed node.
- IPAddress
-
- Type: string
The public IPv4 address assigned to the node. If a public IPv4 address isn't assigned to the node, this value is blank.
- IamRole
-
- Type: string
The IAM role used in the hybrid activation to register the node with Systems Manager.
- InstanceId
-
- Type: string
The ID of the managed node.
- InstanceRole
-
- Type: string
The instance profile attached to the node. If an instance profile isn't attached to the node, this value is blank.
- InstanceState
-
- Type: string
The current state of the node.
- InstanceType
-
- Type: string
The instance type of the managed node. For example, t3.large.
- KeyName
-
- Type: string
The name of the key pair associated with the node. If a key pair isnt't associated with the node, this value is blank.
- LastAssociationExecutionDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the association was last run.
- LastPingDateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time when the SSM Agent last pinged the Systems Manager service.
- LastSuccessfulAssociationExecutionDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last date the association was successfully run.
- LaunchTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The timestamp for when the node was launched.
- Name
-
- Type: string
The value of the EC2
Name
tag associated with the node. If aName
tag hasn't been applied to the node, this value is blank. - PingStatus
-
- Type: string
Connection status of the SSM Agent on the managed node.
- PlatformName
-
- Type: string
The name of the operating system platform running on your managed node.
- PlatformType
-
- Type: string
The operating system platform type of the managed node. For example, Windows.
- PlatformVersion
-
- Type: string
The version of the OS platform running on your managed node.
- RegistrationDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the node was registered with Systems Manager.
- ResourceType
-
- Type: string
The type of managed node.
- SourceId
-
- Type: string
The ID of the source resource.
- SourceType
-
- Type: string
The type of the source resource.
InstancePropertyFilter
Description
Describes a filter for a specific list of managed nodes. You can filter node information by using tags. You specify tags by using a key-value mapping.
Members
- key
-
- Required: Yes
- Type: string
The name of the filter.
- valueSet
-
- Required: Yes
- Type: Array of strings
The filter values.
InstancePropertyStringFilter
Description
The filters to describe or get information about your managed nodes.
Members
- Key
-
- Required: Yes
- Type: string
The filter key name to describe your managed nodes.
- Operator
-
- Type: string
The operator used by the filter call.
- Values
-
- Required: Yes
- Type: Array of strings
The filter key name to describe your managed nodes.
InternalServerError
Description
An error occurred on the server side.
Members
- Message
-
- Type: string
InvalidActivation
Description
The activation isn't valid. The activation might have been deleted, or the ActivationId and the ActivationCode don't match.
Members
- Message
-
- Type: string
InvalidActivationId
Description
The activation ID isn't valid. Verify the you entered the correct ActivationId or ActivationCode and try again.
Members
- Message
-
- Type: string
InvalidAggregatorException
Description
The specified aggregator isn't valid for inventory groups. Verify that the aggregator uses a valid inventory type such as AWS:Application
or AWS:InstanceInformation
.
Members
- Message
-
- Type: string
InvalidAllowedPatternException
Description
The request doesn't meet the regular expression requirement.
Members
- message
-
- Type: string
The request doesn't meet the regular expression requirement.
InvalidAssociation
Description
The association isn't valid or doesn't exist.
Members
- Message
-
- Type: string
InvalidAssociationVersion
Description
The version you specified isn't valid. Use ListAssociationVersions to view all versions of an association according to the association ID. Or, use the $LATEST
parameter to view the latest version of the association.
Members
- Message
-
- Type: string
InvalidAutomationExecutionParametersException
Description
The supplied parameters for invoking the specified Automation runbook are incorrect. For example, they may not match the set of parameters permitted for the specified Automation document.
Members
- Message
-
- Type: string
InvalidAutomationSignalException
Description
The signal isn't valid for the current Automation execution.
Members
- Message
-
- Type: string
InvalidAutomationStatusUpdateException
Description
The specified update status operation isn't valid.
Members
- Message
-
- Type: string
InvalidCommandId
Description
The specified command ID isn't valid. Verify the ID and try again.
Members
InvalidDeleteInventoryParametersException
Description
One or more of the parameters specified for the delete operation isn't valid. Verify all parameters and try again.
Members
- Message
-
- Type: string
InvalidDeletionIdException
Description
The ID specified for the delete operation doesn't exist or isn't valid. Verify the ID and try again.
Members
- Message
-
- Type: string
InvalidDocument
Description
The specified SSM document doesn't exist.
Members
- Message
-
- Type: string
The SSM document doesn't exist or the document isn't available to the user. This exception can be issued by various API operations.
InvalidDocumentContent
Description
The content for the document isn't valid.
Members
- Message
-
- Type: string
A description of the validation error.
InvalidDocumentOperation
Description
You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.
Members
- Message
-
- Type: string
InvalidDocumentSchemaVersion
Description
The version of the document schema isn't supported.
Members
- Message
-
- Type: string
InvalidDocumentType
Description
The SSM document type isn't valid. Valid document types are described in the DocumentType
property.
Members
- Message
-
- Type: string
InvalidDocumentVersion
Description
The document version isn't valid or doesn't exist.
Members
- Message
-
- Type: string
InvalidFilter
Description
The filter name isn't valid. Verify the you entered the correct name and try again.
Members
- Message
-
- Type: string
InvalidFilterKey
Description
The specified key isn't valid.
Members
InvalidFilterOption
Description
The specified filter option isn't valid. Valid options are Equals and BeginsWith. For Path filter, valid options are Recursive and OneLevel.
Members
- message
-
- Type: string
The specified filter option isn't valid. Valid options are Equals and BeginsWith. For Path filter, valid options are Recursive and OneLevel.
InvalidFilterValue
Description
The filter value isn't valid. Verify the value and try again.
Members
- Message
-
- Type: string
InvalidInstanceId
Description
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
Members
- Message
-
- Type: string
InvalidInstanceInformationFilterValue
Description
The specified filter value isn't valid.
Members
- message
-
- Type: string
InvalidInstancePropertyFilterValue
Description
The specified filter value isn't valid.
Members
- message
-
- Type: string
InvalidInventoryGroupException
Description
The specified inventory group isn't valid.
Members
- Message
-
- Type: string
InvalidInventoryItemContextException
Description
You specified invalid keys or values in the Context
attribute for InventoryItem
. Verify the keys and values, and try again.
Members
- Message
-
- Type: string
InvalidInventoryRequestException
Description
The request isn't valid.
Members
- Message
-
- Type: string
InvalidItemContentException
Description
One or more content items isn't valid.
Members
- Message
-
- Type: string
- TypeName
-
- Type: string
InvalidKeyId
Description
The query key ID isn't valid.
Members
- message
-
- Type: string
InvalidNextToken
Description
The specified token isn't valid.
Members
- Message
-
- Type: string
InvalidNotificationConfig
Description
One or more configuration items isn't valid. Verify that a valid Amazon Resource Name (ARN) was provided for an Amazon Simple Notification Service topic.
Members
- Message
-
- Type: string
InvalidOptionException
Description
The delete inventory option specified isn't valid. Verify the option and try again.
Members
- Message
-
- Type: string
InvalidOutputFolder
Description
The S3 bucket doesn't exist.
Members
InvalidOutputLocation
Description
The output location isn't valid or doesn't exist.
Members
InvalidParameters
Description
You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.
Members
- Message
-
- Type: string
InvalidPermissionType
Description
The permission type isn't supported. Share is the only supported permission type.
Members
- Message
-
- Type: string
InvalidPluginName
Description
The plugin name isn't valid.
Members
InvalidPolicyAttributeException
Description
A policy attribute or its value is invalid.
Members
- message
-
- Type: string
InvalidPolicyTypeException
Description
The policy type isn't supported. Parameter Store supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
Members
- message
-
- Type: string
InvalidResourceId
Description
The resource ID isn't valid. Verify that you entered the correct ID and try again.
Members
InvalidResourceType
Description
The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.
Members
InvalidResultAttributeException
Description
The specified inventory item result attribute isn't valid.
Members
- Message
-
- Type: string
InvalidRole
Description
The role name can't contain invalid characters. Also verify that you specified an IAM role for notifications that includes the required trust policy. For information about configuring the IAM role for Run Command notifications, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
Members
- Message
-
- Type: string
InvalidSchedule
Description
The schedule is invalid. Verify your cron or rate expression and try again.
Members
- Message
-
- Type: string
InvalidTag
Description
The specified tag key or value isn't valid.
Members
- Message
-
- Type: string
InvalidTarget
Description
The target isn't valid or doesn't exist. It might not be configured for Systems Manager or you might not have permission to perform the operation.
Members
- Message
-
- Type: string
InvalidTargetMaps
Description
TargetMap parameter isn't valid.
Members
- Message
-
- Type: string
InvalidTypeNameException
Description
The parameter type name isn't valid.
Members
- Message
-
- Type: string
InvalidUpdate
Description
The update isn't valid.
Members
- Message
-
- Type: string
InventoryAggregator
Description
Specifies the inventory type and attribute for the aggregation execution.
Members
- Aggregators
-
- Type: Array of InventoryAggregator structures
Nested aggregators to further refine aggregation for an inventory type.
- Expression
-
- Type: string
The inventory type and attribute name for aggregation.
- Groups
-
- Type: Array of InventoryGroup structures
A user-defined set of one or more filters on which to aggregate inventory data. Groups return a count of resources that match and don't match the specified criteria.
InventoryDeletionStatusItem
Description
Status information returned by the DeleteInventory
operation.
Members
- DeletionId
-
- Type: string
The deletion ID returned by the
DeleteInventory
operation. - DeletionStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The UTC timestamp when the delete operation started.
- DeletionSummary
-
- Type: InventoryDeletionSummary structure
Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the Amazon Web Services Systems Manager User Guide.
- LastStatus
-
- Type: string
The status of the operation. Possible values are InProgress and Complete.
- LastStatusMessage
-
- Type: string
Information about the status.
- LastStatusUpdateTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The UTC timestamp of when the last status report.
- TypeName
-
- Type: string
The name of the inventory data type.
InventoryDeletionSummary
Description
Information about the delete operation.
Members
- RemainingCount
-
- Type: int
Remaining number of items to delete.
- SummaryItems
-
- Type: Array of InventoryDeletionSummaryItem structures
A list of counts and versions for deleted items.
- TotalCount
-
- Type: int
The total number of items to delete. This count doesn't change during the delete operation.
InventoryDeletionSummaryItem
Description
Either a count, remaining count, or a version number in a delete inventory summary.
Members
- Count
-
- Type: int
A count of the number of deleted items.
- RemainingCount
-
- Type: int
The remaining number of items to delete.
- Version
-
- Type: string
The inventory type version.
InventoryFilter
Description
One or more filters. Use a filter to return a more specific list of results.
Members
- Key
-
- Required: Yes
- Type: string
The name of the filter key.
- Type
-
- Type: string
The type of filter.
The
Exists
filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide. - Values
-
- Required: Yes
- Type: Array of strings
Inventory filter values. Example: inventory filter where managed node IDs are specified as values
Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal
.
InventoryGroup
Description
A user-defined set of one or more filters on which to aggregate inventory data. Groups return a count of resources that match and don't match the specified criteria.
Members
- Filters
-
- Required: Yes
- Type: Array of InventoryFilter structures
Filters define the criteria for the group. The
matchingCount
field displays the number of resources that match the criteria. ThenotMatchingCount
field displays the number of resources that don't match the criteria. - Name
-
- Required: Yes
- Type: string
The name of the group.
InventoryItem
Description
Information collected from managed nodes based on your inventory policy document
Members
- CaptureTime
-
- Required: Yes
- Type: string
The time the inventory information was collected.
- Content
-
- Type: Array of stringss
The inventory data of the inventory type.
- ContentHash
-
- Type: string
MD5 hash of the inventory item type contents. The content hash is used to determine whether to update inventory information. The PutInventory API doesn't update the inventory item type contents if the MD5 hash hasn't changed since last update.
- Context
-
- Type: Associative array of custom strings keys (AttributeName) to strings
A map of associated properties for a specified inventory type. For example, with this attribute, you can specify the
ExecutionId
,ExecutionType
,ComplianceType
properties of theAWS:ComplianceItem
type. - SchemaVersion
-
- Required: Yes
- Type: string
The schema version for the inventory item.
- TypeName
-
- Required: Yes
- Type: string
The name of the inventory type. Default inventory item type names start with
AWS
. Custom inventory type names will start with Custom. Default inventory item types include the following:AWS:AWSComponent
,AWS:Application
,AWS:InstanceInformation
,AWS:Network
, andAWS:WindowsUpdate
.
InventoryItemAttribute
Description
Attributes are the entries within the inventory item content. It contains name and value.
Members
- DataType
-
- Required: Yes
- Type: string
The data type of the inventory item attribute.
- Name
-
- Required: Yes
- Type: string
Name of the inventory item attribute.
InventoryItemSchema
Description
The inventory item schema definition. Users can use this to compose inventory query filters.
Members
- Attributes
-
- Required: Yes
- Type: Array of InventoryItemAttribute structures
The schema attributes for inventory. This contains data type and attribute name.
- DisplayName
-
- Type: string
The alias name of the inventory type. The alias name is used for display purposes.
- TypeName
-
- Required: Yes
- Type: string
The name of the inventory type. Default inventory item type names start with Amazon Web Services. Custom inventory type names will start with Custom. Default inventory item types include the following:
AWS:AWSComponent
,AWS:Application
,AWS:InstanceInformation
,AWS:Network
, andAWS:WindowsUpdate
. - Version
-
- Type: string
The schema version for the inventory item.
InventoryResultEntity
Description
Inventory query results.
Members
- Data
-
- Type: Associative array of custom strings keys (InventoryResultItemKey) to InventoryResultItem structures
The data section in the inventory result entity JSON.
- Id
-
- Type: string
ID of the inventory result entity. For example, for managed node inventory the result will be the managed node ID. For EC2 instance inventory, the result will be the instance ID.
InventoryResultItem
Description
The inventory result item.
Members
- CaptureTime
-
- Type: string
The time inventory item data was captured.
- Content
-
- Required: Yes
- Type: Array of stringss
Contains all the inventory data of the item type. Results include attribute names and values.
- ContentHash
-
- Type: string
MD5 hash of the inventory item type contents. The content hash is used to determine whether to update inventory information. The PutInventory API doesn't update the inventory item type contents if the MD5 hash hasn't changed since last update.
- SchemaVersion
-
- Required: Yes
- Type: string
The schema version for the inventory result item/
- TypeName
-
- Required: Yes
- Type: string
The name of the inventory result item type.
InvocationDoesNotExist
Description
The command ID and managed node ID you specified didn't match any invocations. Verify the command ID and the managed node ID and try again.
Members
ItemContentMismatchException
Description
The inventory item has invalid content.
Members
- Message
-
- Type: string
- TypeName
-
- Type: string
ItemSizeLimitExceededException
Description
The inventory item size has exceeded the size limit.
Members
- Message
-
- Type: string
- TypeName
-
- Type: string
LoggingInfo
Description
Information about an Amazon Simple Storage Service (Amazon S3) bucket to write managed node-level logs to.
LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName
and OutputS3KeyPrefix
options in the TaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.
Members
- S3BucketName
-
- Required: Yes
- Type: string
The name of an S3 bucket where execution logs are stored.
- S3KeyPrefix
-
- Type: string
(Optional) The S3 bucket subfolder.
- S3Region
-
- Required: Yes
- Type: string
The Amazon Web Services Region where the S3 bucket is located.
MaintenanceWindowAutomationParameters
Description
The parameters for an AUTOMATION
task type.
Members
- DocumentVersion
-
- Type: string
The version of an Automation runbook to use during task execution.
- Parameters
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
The parameters for the
AUTOMATION
task.For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.For
AUTOMATION
task types, Amazon Web Services Systems Manager ignores any values specified for these parameters.
MaintenanceWindowExecution
Description
Describes the information about an execution of a maintenance window.
Members
- EndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the execution finished.
- StartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the execution started.
- Status
-
- Type: string
The status of the execution.
- StatusDetails
-
- Type: string
The details explaining the status. Not available for all status values.
- WindowExecutionId
-
- Type: string
The ID of the maintenance window execution.
- WindowId
-
- Type: string
The ID of the maintenance window.
MaintenanceWindowExecutionTaskIdentity
Description
Information about a task execution performed as part of a maintenance window execution.
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm applied to your maintenance window task.
- EndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the task execution finished.
- StartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the task execution started.
- Status
-
- Type: string
The status of the task execution.
- StatusDetails
-
- Type: string
The details explaining the status of the task execution. Not available for all status values.
- TaskArn
-
- Type: string
The Amazon Resource Name (ARN) of the task that ran.
- TaskExecutionId
-
- Type: string
The ID of the specific task execution in the maintenance window execution.
- TaskType
-
- Type: string
The type of task that ran.
- TriggeredAlarms
-
- Type: Array of AlarmStateInformation structures
The CloudWatch alarm that was invoked by the maintenance window task.
- WindowExecutionId
-
- Type: string
The ID of the maintenance window execution that ran the task.
MaintenanceWindowExecutionTaskInvocationIdentity
Description
Describes the information about a task invocation for a particular target as part of a task execution performed as part of a maintenance window execution.
Members
- EndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the invocation finished.
- ExecutionId
-
- Type: string
The ID of the action performed in the service that actually handled the task invocation. If the task type is
RUN_COMMAND
, this value is the command ID. - InvocationId
-
- Type: string
The ID of the task invocation.
- OwnerInformation
-
- Type: string
User-provided value that was specified when the target was registered with the maintenance window. This was also included in any Amazon CloudWatch Events events raised during the task invocation.
- Parameters
-
- Type: string
The parameters that were provided for the invocation when it was run.
- StartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the invocation started.
- Status
-
- Type: string
The status of the task invocation.
- StatusDetails
-
- Type: string
The details explaining the status of the task invocation. Not available for all status values.
- TaskExecutionId
-
- Type: string
The ID of the specific task execution in the maintenance window execution.
- TaskType
-
- Type: string
The task type.
- WindowExecutionId
-
- Type: string
The ID of the maintenance window execution that ran the task.
- WindowTargetId
-
- Type: string
The ID of the target definition in this maintenance window the invocation was performed for.
MaintenanceWindowFilter
Description
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter>
include the following:
Members
- Key
-
- Type: string
The name of the filter.
- Values
-
- Type: Array of strings
The filter values.
MaintenanceWindowIdentity
Description
Information about the maintenance window.
Members
- Cutoff
-
- Type: int
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
- Description
-
- Type: string
A description of the maintenance window.
- Duration
-
- Type: int
The duration of the maintenance window in hours.
- Enabled
-
- Type: boolean
Indicates whether the maintenance window is enabled.
- EndDate
-
- Type: string
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive.
- Name
-
- Type: string
The name of the maintenance window.
- NextExecutionTime
-
- Type: string
The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive.
- Schedule
-
- Type: string
The schedule of the maintenance window in the form of a cron or rate expression.
- ScheduleOffset
-
- Type: int
The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
- ScheduleTimezone
-
- Type: string
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.
- StartDate
-
- Type: string
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active.
- WindowId
-
- Type: string
The ID of the maintenance window.
MaintenanceWindowIdentityForTarget
Description
The maintenance window to which the specified target belongs.
Members
- Name
-
- Type: string
The name of the maintenance window.
- WindowId
-
- Type: string
The ID of the maintenance window.
MaintenanceWindowLambdaParameters
Description
The parameters for a LAMBDA
task type.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName
and OutputS3KeyPrefix
options in the TaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.
TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters
option in the TaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.
For Lambda tasks, Systems Manager ignores any values specified for TaskParameters and LoggingInfo.
Members
- ClientContext
-
- Type: string
Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.
- Payload
-
- Type: blob (string|resource|Psr\Http\Message\StreamInterface)
JSON to provide to your Lambda function as input.
- Qualifier
-
- Type: string
(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.
MaintenanceWindowRunCommandParameters
Description
The parameters for a RUN_COMMAND
task type.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName
and OutputS3KeyPrefix
options in the TaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.
TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters
option in the TaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.
For RUN_COMMAND
tasks, Systems Manager uses specified values for TaskParameters
and LoggingInfo
only if no values are specified for TaskInvocationParameters
.
Members
- CloudWatchOutputConfig
-
- Type: CloudWatchOutputConfig structure
Configuration options for sending command output to Amazon CloudWatch Logs.
- Comment
-
- Type: string
Information about the commands to run.
- DocumentHash
-
- Type: string
The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
- DocumentHashType
-
- Type: string
SHA-256 or SHA-1. SHA-1 hashes have been deprecated.
- DocumentVersion
-
- Type: string
The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify
$DEFAULT
,$LATEST
, or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
- NotificationConfig
-
- Type: NotificationConfig structure
Configurations for sending notifications about command status changes on a per-managed node basis.
- OutputS3BucketName
-
- Type: string
The name of the Amazon Simple Storage Service (Amazon S3) bucket.
- OutputS3KeyPrefix
-
- Type: string
The S3 bucket subfolder.
- Parameters
-
- Type: Associative array of custom strings keys (ParameterName) to stringss
The parameters for the
RUN_COMMAND
task execution. - ServiceRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run
RegisterTaskWithMaintenanceWindow
.However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.
- TimeoutSeconds
-
- Type: int
If this time is reached and the command hasn't already started running, it doesn't run.
MaintenanceWindowStepFunctionsParameters
Description
The parameters for a STEP_FUNCTIONS
task.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName
and OutputS3KeyPrefix
options in the TaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.
TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters
option in the TaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.
For Step Functions tasks, Systems Manager ignores any values specified for TaskParameters
and LoggingInfo
.
Members
- Input
-
- Type: string
The inputs for the
STEP_FUNCTIONS
task. - Name
-
- Type: string
The name of the
STEP_FUNCTIONS
task.
MaintenanceWindowTarget
Description
The target registered with the maintenance window.
Members
- Description
-
- Type: string
A description for the target.
- Name
-
- Type: string
The name for the maintenance window target.
- OwnerInformation
-
- Type: string
A user-provided value that will be included in any Amazon CloudWatch Events events that are raised while running tasks for these targets in this maintenance window.
- ResourceType
-
- Type: string
The type of target that is being registered with the maintenance window.
- Targets
-
- Type: Array of Target structures
The targets, either managed nodes or tags.
Specify managed nodes using the following format:
Key=instanceids,Values=<instanceid1>,<instanceid2>
Tags are specified using the following format:
Key=<tag name>,Values=<tag value>
. - WindowId
-
- Type: string
The ID of the maintenance window to register the target with.
- WindowTargetId
-
- Type: string
The ID of the target.
MaintenanceWindowTask
Description
Information about a task defined for a maintenance window.
Members
- AlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm applied to your maintenance window task.
- CutoffBehavior
-
- Type: string
The specification for whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.
- Description
-
- Type: string
A description of the task.
- LoggingInfo
-
- Type: LoggingInfo structure
Information about an S3 bucket to write task-level logs to.
LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. - MaxConcurrency
-
- Type: string
The maximum number of targets this task can be run for, in parallel.
Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of
1
. This value doesn't affect the running of your task. - MaxErrors
-
- Type: string
The maximum number of errors allowed before this task stops being scheduled.
Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of
1
. This value doesn't affect the running of your task. - Name
-
- Type: string
The task name.
- Priority
-
- Type: int
The priority of the task in the maintenance window. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
- ServiceRoleArn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run
RegisterTaskWithMaintenanceWindow
.However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.
- Targets
-
- Type: Array of Target structures
The targets (either managed nodes or tags). Managed nodes are specified using
Key=instanceids,Values=<instanceid1>,<instanceid2>
. Tags are specified usingKey=<tag name>,Values=<tag value>
. - TaskArn
-
- Type: string
The resource that the task uses during execution. For
RUN_COMMAND
andAUTOMATION
task types,TaskArn
is the Amazon Web Services Systems Manager (SSM document) name or ARN. ForLAMBDA
tasks, it's the function name or ARN. ForSTEP_FUNCTIONS
tasks, it's the state machine ARN. - TaskParameters
-
- Type: Associative array of custom strings keys (MaintenanceWindowTaskParameterName) to MaintenanceWindowTaskParameterValueExpression structures
The parameters that should be passed to the task when it is run.
TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. - Type
-
- Type: string
The type of task.
- WindowId
-
- Type: string
The ID of the maintenance window where the task is registered.
- WindowTaskId
-
- Type: string
The task ID.
MaintenanceWindowTaskInvocationParameters
Description
The parameters for task execution.
Members
- Automation
-
- Type: MaintenanceWindowAutomationParameters structure
The parameters for an
AUTOMATION
task type. - Lambda
-
- Type: MaintenanceWindowLambdaParameters structure
The parameters for a
LAMBDA
task type. - RunCommand
-
- Type: MaintenanceWindowRunCommandParameters structure
The parameters for a
RUN_COMMAND
task type. - StepFunctions
-
- Type: MaintenanceWindowStepFunctionsParameters structure
The parameters for a
STEP_FUNCTIONS
task type.
MaintenanceWindowTaskParameterValueExpression
Description
Defines the values for a task parameter.
Members
- Values
-
- Type: Array of strings
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
MalformedResourcePolicyDocumentException
Description
The specified policy document is malformed or invalid, or excessive PutResourcePolicy
or DeleteResourcePolicy
calls have been made.
Members
- Message
-
- Type: string
MaxDocumentSizeExceeded
Description
The size limit of a document is 64 KB.
Members
- Message
-
- Type: string
MetadataValue
Description
Metadata to assign to an Application Manager application.
Members
- Value
-
- Type: string
Metadata value to assign to an Application Manager application.
NonCompliantSummary
Description
A summary of resources that aren't compliant. The summary is organized according to resource type.
Members
- NonCompliantCount
-
- Type: int
The total number of compliance items that aren't compliant.
- SeveritySummary
-
- Type: SeveritySummary structure
A summary of the non-compliance severity by compliance type
NotificationConfig
Description
Configurations for sending notifications.
Members
- NotificationArn
-
- Type: string
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
- NotificationEvents
-
- Type: Array of strings
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
- NotificationType
-
- Type: string
The type of notification.
-
Command
: Receive notification when the status of a command changes. -
Invocation
: For commands sent to multiple managed nodes, receive notification on a per-node basis when the status of a command changes.
OpsAggregator
Description
One or more aggregators for viewing counts of OpsData using different dimensions such as Source
, CreatedTime
, or Source and CreatedTime
, to name a few.
Members
- AggregatorType
-
- Type: string
Either a
Range
orCount
aggregator for limiting an OpsData summary. - Aggregators
-
- Type: Array of OpsAggregator structures
A nested aggregator for viewing counts of OpsData.
- AttributeName
-
- Type: string
The name of an OpsData attribute on which to limit the count of OpsData.
- Filters
-
- Type: Array of OpsFilter structures
The aggregator filters.
- TypeName
-
- Type: string
The data type name to use for viewing counts of OpsData.
- Values
-
- Type: Associative array of custom strings keys (OpsAggregatorValueKey) to strings
The aggregator value.
OpsEntity
Description
The result of the query.
Members
- Data
-
- Type: Associative array of custom strings keys (OpsEntityItemKey) to OpsEntityItem structures
The data returned by the query.
- Id
-
- Type: string
The query ID.
OpsEntityItem
Description
The OpsData summary.
Members
- CaptureTime
-
- Type: string
The time the OpsData was captured.
- Content
-
- Type: Array of stringss
The details of an OpsData summary.
OpsFilter
Description
A filter for viewing OpsData summaries.
Members
- Key
-
- Required: Yes
- Type: string
The name of the filter.
- Type
-
- Type: string
The type of filter.
- Values
-
- Required: Yes
- Type: Array of strings
The filter value.
OpsItem
Description
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational work items (OpsItems) impacting the performance and health of their Amazon Web Services resources. OpsCenter is integrated with Amazon EventBridge and Amazon CloudWatch. This means you can configure these services to automatically create an OpsItem in OpsCenter when a CloudWatch alarm enters the ALARM state or when EventBridge processes an event from any Amazon Web Services service that publishes events. Configuring Amazon CloudWatch alarms and EventBridge events to automatically create OpsItems allows you to quickly diagnose and remediate issues with Amazon Web Services resources from a single console.
To help you diagnose issues, each OpsItem includes contextually relevant information such as the name and ID of the Amazon Web Services resource that generated the OpsItem, alarm or event details, alarm history, and an alarm timeline graph. For the Amazon Web Services resource, OpsCenter aggregates information from Config, CloudTrail logs, and EventBridge, so you don't have to navigate across multiple console pages during your investigation. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.
Members
- ActualEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time a runbook workflow ended. Currently reported only for the OpsItem type
/aws/changerequest
. - ActualStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time a runbook workflow started. Currently reported only for the OpsItem type
/aws/changerequest
. - Category
-
- Type: string
An OpsItem category. Category options include: Availability, Cost, Performance, Recovery, Security.
- CreatedBy
-
- Type: string
The ARN of the Amazon Web Services account that created the OpsItem.
- CreatedTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the OpsItem was created.
- Description
-
- Type: string
The OpsItem description.
- LastModifiedBy
-
- Type: string
The ARN of the Amazon Web Services account that last updated the OpsItem.
- LastModifiedTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the OpsItem was last updated.
- Notifications
-
- Type: Array of OpsItemNotification structures
The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.
- OperationalData
-
- Type: Associative array of custom strings keys (OpsItemDataKey) to OpsItemDataValue structures
Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.
Operational data keys can't begin with the following:
amazon
,aws
,amzn
,ssm
,/amazon
,/aws
,/amzn
,/ssm
.You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).
Use the
/aws/resources
key in OperationalData to specify a related resource in the request. Use the/aws/automations
key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Creating OpsItems manually in the Amazon Web Services Systems Manager User Guide. - OpsItemArn
-
- Type: string
The OpsItem Amazon Resource Name (ARN).
- OpsItemId
-
- Type: string
The ID of the OpsItem.
- OpsItemType
-
- Type: string
The type of OpsItem. Systems Manager supports the following types of OpsItems:
-
/aws/issue
This type of OpsItem is used for default OpsItems created by OpsCenter.
-
/aws/changerequest
This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.
-
/aws/insight
This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.
- PlannedEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type
/aws/changerequest
. - PlannedStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type
/aws/changerequest
. - Priority
-
- Type: int
The importance of this OpsItem in relation to other OpsItems in the system.
- RelatedOpsItems
-
- Type: Array of RelatedOpsItem structures
One or more OpsItems that share something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
- Severity
-
- Type: string
The severity of the OpsItem. Severity options range from 1 to 4.
- Source
-
- Type: string
The origin of the OpsItem, such as Amazon EC2 or Systems Manager. The impacted resource is a subset of source.
- Status
-
- Type: string
The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.
- Title
-
- Type: string
A short heading that describes the nature of the OpsItem and the impacted resource.
- Version
-
- Type: string
The version of this OpsItem. Each time the OpsItem is edited the version number increments by one.
OpsItemAccessDeniedException
Description
You don't have permission to view OpsItems in the specified account. Verify that your account is configured either as a Systems Manager delegated administrator or that you are logged into the Organizations management account.
Members
- Message
-
- Type: string
OpsItemAlreadyExistsException
Description
The OpsItem already exists.
Members
- Message
-
- Type: string
- OpsItemId
-
- Type: string
OpsItemConflictException
Description
The specified OpsItem is in the process of being deleted.
Members
- Message
-
- Type: string
OpsItemDataValue
Description
An object that defines the value of the key and its type in the OperationalData map.
Members
- Type
-
- Type: string
The type of key-value pair. Valid types include
SearchableString
andString
. - Value
-
- Type: string
The value of the OperationalData key.
OpsItemEventFilter
Description
Describes a filter for a specific list of OpsItem events. You can filter event information by using tags. You specify tags by using a key-value pair mapping.
Members
- Key
-
- Required: Yes
- Type: string
The name of the filter key. Currently, the only supported value is
OpsItemId
. - Operator
-
- Required: Yes
- Type: string
The operator used by the filter call. Currently, the only supported value is
Equal
. - Values
-
- Required: Yes
- Type: Array of strings
The values for the filter, consisting of one or more OpsItem IDs.
OpsItemEventSummary
Description
Summary information about an OpsItem event or that associated an OpsItem with a related item.
Members
- CreatedBy
-
- Type: OpsItemIdentity structure
Information about the user or resource that created the OpsItem event.
- CreatedTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the OpsItem event was created.
- Detail
-
- Type: string
Specific information about the OpsItem event.
- DetailType
-
- Type: string
The type of information provided as a detail.
- EventId
-
- Type: string
The ID of the OpsItem event.
- OpsItemId
-
- Type: string
The ID of the OpsItem.
- Source
-
- Type: string
The source of the OpsItem event.
OpsItemFilter
Description
Describes an OpsItem filter.
Members
- Key
-
- Required: Yes
- Type: string
The name of the filter.
- Operator
-
- Required: Yes
- Type: string
The operator used by the filter call.
- Values
-
- Required: Yes
- Type: Array of strings
The filter value.
OpsItemIdentity
Description
Information about the user or resource that created an OpsItem event.
Members
- Arn
-
- Type: string
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem event.
OpsItemInvalidParameterException
Description
A specified parameter argument isn't valid. Verify the available arguments and try again.
Members
- Message
-
- Type: string
- ParameterNames
-
- Type: Array of strings
OpsItemLimitExceededException
Description
The request caused OpsItems to exceed one or more quotas.
Members
- Limit
-
- Type: int
- LimitType
-
- Type: string
- Message
-
- Type: string
- ResourceTypes
-
- Type: Array of strings
OpsItemNotFoundException
Description
The specified OpsItem ID doesn't exist. Verify the ID and try again.
Members
- Message
-
- Type: string
OpsItemNotification
Description
A notification about the OpsItem.
Members
- Arn
-
- Type: string
The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.
OpsItemRelatedItemAlreadyExistsException
Description
The Amazon Resource Name (ARN) is already associated with the OpsItem.
Members
- Message
-
- Type: string
- OpsItemId
-
- Type: string
- ResourceUri
-
- Type: string
OpsItemRelatedItemAssociationNotFoundException
Description
The association wasn't found using the parameters you specified in the call. Verify the information and try again.
Members
- Message
-
- Type: string
OpsItemRelatedItemSummary
Description
Summary information about related-item resources for an OpsItem.
Members
- AssociationId
-
- Type: string
The association ID.
- AssociationType
-
- Type: string
The association type.
- CreatedBy
-
- Type: OpsItemIdentity structure
Information about the user or resource that created an OpsItem event.
- CreatedTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the related-item association was created.
- LastModifiedBy
-
- Type: OpsItemIdentity structure
Information about the user or resource that created an OpsItem event.
- LastModifiedTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time the related-item association was last updated.
- OpsItemId
-
- Type: string
The OpsItem ID.
- ResourceType
-
- Type: string
The resource type.
- ResourceUri
-
- Type: string
The Amazon Resource Name (ARN) of the related-item resource.
OpsItemRelatedItemsFilter
Description
Describes a filter for a specific list of related-item resources.
Members
- Key
-
- Required: Yes
- Type: string
The name of the filter key. Supported values include
ResourceUri
,ResourceType
, orAssociationId
. - Operator
-
- Required: Yes
- Type: string
The operator used by the filter call. The only supported operator is
EQUAL
. - Values
-
- Required: Yes
- Type: Array of strings
The values for the filter.
OpsItemSummary
Description
A count of OpsItems.
Members
- ActualEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time a runbook workflow ended. Currently reported only for the OpsItem type
/aws/changerequest
. - ActualStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time a runbook workflow started. Currently reported only for the OpsItem type
/aws/changerequest
. - Category
-
- Type: string
A list of OpsItems by category.
- CreatedBy
-
- Type: string
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem.
- CreatedTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the OpsItem was created.
- LastModifiedBy
-
- Type: string
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem.
- LastModifiedTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the OpsItem was last updated.
- OperationalData
-
- Type: Associative array of custom strings keys (OpsItemDataKey) to OpsItemDataValue structures
Operational data is custom data that provides useful reference details about the OpsItem.
- OpsItemId
-
- Type: string
The ID of the OpsItem.
- OpsItemType
-
- Type: string
The type of OpsItem. Systems Manager supports the following types of OpsItems:
-
/aws/issue
This type of OpsItem is used for default OpsItems created by OpsCenter.
-
/aws/changerequest
This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.
-
/aws/insight
This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.
- PlannedEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type
/aws/changerequest
. - PlannedStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type
/aws/changerequest
. - Priority
-
- Type: int
The importance of this OpsItem in relation to other OpsItems in the system.
- Severity
-
- Type: string
A list of OpsItems by severity.
- Source
-
- Type: string
The impacted Amazon Web Services resource.
- Status
-
- Type: string
The OpsItem status.
- Title
-
- Type: string
A short heading that describes the nature of the OpsItem and the impacted resource.
OpsMetadata
Description
Operational metadata for an application in Application Manager.
Members
- CreationDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the OpsMetadata objects was created.
- LastModifiedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the OpsMetadata object was last updated.
- LastModifiedUser
-
- Type: string
The user name who last updated the OpsMetadata object.
- OpsMetadataArn
-
- Type: string
The Amazon Resource Name (ARN) of the OpsMetadata Object or blob.
- ResourceId
-
- Type: string
The ID of the Application Manager application.
OpsMetadataAlreadyExistsException
Description
An OpsMetadata object already exists for the selected resource.
Members
- message
-
- Type: string
OpsMetadataFilter
Description
A filter to limit the number of OpsMetadata objects displayed.
Members
- Key
-
- Required: Yes
- Type: string
A filter key.
- Values
-
- Required: Yes
- Type: Array of strings
A filter value.
OpsMetadataInvalidArgumentException
Description
One of the arguments passed is invalid.
Members
- message
-
- Type: string
OpsMetadataKeyLimitExceededException
Description
The OpsMetadata object exceeds the maximum number of OpsMetadata keys that you can assign to an application in Application Manager.
Members
- message
-
- Type: string
OpsMetadataLimitExceededException
Description
Your account reached the maximum number of OpsMetadata objects allowed by Application Manager. The maximum is 200 OpsMetadata objects. Delete one or more OpsMetadata object and try again.
Members
- message
-
- Type: string
OpsMetadataNotFoundException
Description
The OpsMetadata object doesn't exist.
Members
- message
-
- Type: string
OpsMetadataTooManyUpdatesException
Description
The system is processing too many concurrent updates. Wait a few moments and try again.
Members
- message
-
- Type: string
OpsResultAttribute
Description
The OpsItem data type to return.
Members
- TypeName
-
- Required: Yes
- Type: string
Name of the data type. Valid value:
AWS:OpsItem
,AWS:EC2InstanceInformation
,AWS:OpsItemTrendline
, orAWS:ComplianceSummary
.
OutputSource
Description
Information about the source where the association execution details are stored.
Members
- OutputSourceId
-
- Type: string
The ID of the output source, for example the URL of an S3 bucket.
- OutputSourceType
-
- Type: string
The type of source where the association execution details are stored, for example, Amazon S3.
Parameter
Description
An Amazon Web Services Systems Manager parameter in Parameter Store.
Members
- ARN
-
- Type: string
The Amazon Resource Name (ARN) of the parameter.
- DataType
-
- Type: string
The data type of the parameter, such as
text
oraws:ec2:image
. The default istext
. - LastModifiedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Date the parameter was last changed or updated and the parameter version was created.
- Name
-
- Type: string
The name of the parameter.
- Selector
-
- Type: string
Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:
parameter_name:version
parameter_name:label
- SourceResult
-
- Type: string
Applies to parameters that reference information in other Amazon Web Services services.
SourceResult
is the raw result or response from the source. - Type
-
- Type: string
The type of parameter. Valid values include the following:
String
,StringList
, andSecureString
.If type is
StringList
, the system returns a comma-separated string with no spaces between commas in theValue
field. - Value
-
- Type: string
The parameter value.
If type is
StringList
, the system returns a comma-separated string with no spaces between commas in theValue
field. - Version
-
- Type: long (int|float)
The parameter version.
ParameterAlreadyExists
Description
The parameter already exists. You can't create duplicate parameters.
Members
- message
-
- Type: string
ParameterHistory
Description
Information about parameter usage.
Members
- AllowedPattern
-
- Type: string
Parameter names can include the following letters and symbols.
a-zA-Z0-9_.-
- DataType
-
- Type: string
The data type of the parameter, such as
text
oraws:ec2:image
. The default istext
. - Description
-
- Type: string
Information about the parameter.
- KeyId
-
- Type: string
The alias of the Key Management Service (KMS) key used to encrypt the parameter. Applies to
SecureString
parameters only - Labels
-
- Type: Array of strings
Labels assigned to the parameter version.
- LastModifiedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Date the parameter was last changed or updated.
- LastModifiedUser
-
- Type: string
Amazon Resource Name (ARN) of the Amazon Web Services user who last changed the parameter.
- Name
-
- Type: string
The name of the parameter.
- Policies
-
- Type: Array of ParameterInlinePolicy structures
Information about the policies assigned to a parameter.
Assigning parameter policies in the Amazon Web Services Systems Manager User Guide.
- Tier
-
- Type: string
The parameter tier.
- Type
-
- Type: string
The type of parameter used.
- Value
-
- Type: string
The parameter value.
- Version
-
- Type: long (int|float)
The parameter version.
ParameterInlinePolicy
Description
One or more policies assigned to a parameter.
Members
- PolicyStatus
-
- Type: string
The status of the policy. Policies report the following statuses: Pending (the policy hasn't been enforced or applied yet), Finished (the policy was applied), Failed (the policy wasn't applied), or InProgress (the policy is being applied now).
- PolicyText
-
- Type: string
The JSON text of the policy.
- PolicyType
-
- Type: string
The type of policy. Parameter Store, a capability of Amazon Web Services Systems Manager, supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
ParameterLimitExceeded
Description
You have exceeded the number of parameters for this Amazon Web Services account. Delete one or more parameters and try again.
Members
- message
-
- Type: string
ParameterMaxVersionLimitExceeded
Description
Parameter Store retains the 100 most recently created versions of a parameter. After this number of versions has been created, Parameter Store deletes the oldest version when a new one is created. However, if the oldest version has a label attached to it, Parameter Store won't delete the version and instead presents this error message:
An error occurred (ParameterMaxVersionLimitExceeded) when calling the PutParameter operation: You attempted to create a new version of parameter-name by calling the PutParameter API with the overwrite flag. Version version-number, the oldest version, can't be deleted because it has a label associated with it. Move the label to another version of the parameter, and try again.
This safeguard is to prevent parameter versions with mission critical labels assigned to them from being deleted. To continue creating new parameters, first move the label from the oldest version of the parameter to a newer one for use in your operations. For information about moving parameter labels, see Move a parameter label (console) or Move a parameter label (CLI) in the Amazon Web Services Systems Manager User Guide.
Members
- message
-
- Type: string
ParameterMetadata
Description
Metadata includes information like the Amazon Resource Name (ARN) of the last user to update the parameter and the date and time the parameter was last used.
Members
- ARN
-
- Type: string
The (ARN) of the last user to update the parameter.
- AllowedPattern
-
- Type: string
A parameter name can include only the following letters and symbols.
a-zA-Z0-9_.-
- DataType
-
- Type: string
The data type of the parameter, such as
text
oraws:ec2:image
. The default istext
. - Description
-
- Type: string
Description of the parameter actions.
- KeyId
-
- Type: string
The alias of the Key Management Service (KMS) key used to encrypt the parameter. Applies to
SecureString
parameters only. - LastModifiedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
Date the parameter was last changed or updated.
- LastModifiedUser
-
- Type: string
Amazon Resource Name (ARN) of the Amazon Web Services user who last changed the parameter.
- Name
-
- Type: string
The parameter name.
- Policies
-
- Type: Array of ParameterInlinePolicy structures
A list of policies associated with a parameter.
- Tier
-
- Type: string
The parameter tier.
- Type
-
- Type: string
The type of parameter. Valid parameter types include the following:
String
,StringList
, andSecureString
. - Version
-
- Type: long (int|float)
The parameter version.
ParameterNotFound
Description
The parameter couldn't be found. Verify the name and try again.
Members
- message
-
- Type: string
ParameterPatternMismatchException
Description
The parameter name isn't valid.
Members
- message
-
- Type: string
The parameter name isn't valid.
ParameterStringFilter
Description
One or more filters. Use a filter to return a more specific list of results.
Members
- Key
-
- Required: Yes
- Type: string
The name of the filter.
The
ParameterStringFilter
object is used by the DescribeParameters and GetParametersByPath API operations. However, not all of the pattern values listed forKey
can be used with both operations.For
DescribeParameters
, all of the listed patterns are valid exceptLabel
.For
GetParametersByPath
, the following patterns listed forKey
aren't valid:tag
,DataType
,Name
,Path
, andTier
.For examples of Amazon Web Services CLI commands demonstrating valid parameter filter constructions, see Searching for Systems Manager parameters in the Amazon Web Services Systems Manager User Guide.
- Option
-
- Type: string
For all filters used with DescribeParameters, valid options include
Equals
andBeginsWith
. TheName
filter additionally supports theContains
option. (Exception: For filters using the keyPath
, valid options includeRecursive
andOneLevel
.)For filters used with GetParametersByPath, valid options include
Equals
andBeginsWith
. (Exception: For filters usingLabel
as the Key name, the only valid option isEquals
.) - Values
-
- Type: Array of strings
The value you want to search for.
ParameterVersionLabelLimitExceeded
Description
A parameter version can have a maximum of ten labels.
Members
- message
-
- Type: string
ParameterVersionNotFound
Description
The specified parameter version wasn't found. Verify the parameter name and version, and try again.
Members
- message
-
- Type: string
ParametersFilter
Description
This data type is deprecated. Instead, use ParameterStringFilter.
Members
- Key
-
- Required: Yes
- Type: string
The name of the filter.
- Values
-
- Required: Yes
- Type: Array of strings
The filter values.
ParentStepDetails
Description
A detailed status of the parent step.
Members
- Action
-
- Type: string
The name of the automation action.
- Iteration
-
- Type: int
The current repetition of the loop represented by an integer.
- IteratorValue
-
- Type: string
The current value of the specified iterator in the loop.
- StepExecutionId
-
- Type: string
The unique ID of a step execution.
- StepName
-
- Type: string
The name of the step.
Patch
Description
Represents metadata about a patch.
Members
- AdvisoryIds
-
- Type: Array of strings
The Advisory ID of the patch. For example,
RHSA-2020:3779
. Applies to Linux-based managed nodes only. - Arch
-
- Type: string
The architecture of the patch. For example, in
example-pkg-0.710.10-2.7.abcd.x86_64
, the architecture is indicated byx86_64
. Applies to Linux-based managed nodes only. - BugzillaIds
-
- Type: Array of strings
The Bugzilla ID of the patch. For example,
1600646
. Applies to Linux-based managed nodes only. - CVEIds
-
- Type: Array of strings
The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example,
CVE-2011-3192
. Applies to Linux-based managed nodes only. - Classification
-
- Type: string
The classification of the patch. For example,
SecurityUpdates
,Updates
, orCriticalUpdates
. - ContentUrl
-
- Type: string
The URL where more information can be obtained about the patch.
- Description
-
- Type: string
The description of the patch.
- Epoch
-
- Type: int
The epoch of the patch. For example in
pkg-example-EE-20180914-2.2.amzn1.noarch
, the epoch value is20180914-2
. Applies to Linux-based managed nodes only. - Id
-
- Type: string
The ID of the patch. Applies to Windows patches only.
This ID isn't the same as the Microsoft Knowledge Base ID.
- KbNumber
-
- Type: string
The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.
- Language
-
- Type: string
The language of the patch if it's language-specific.
- MsrcNumber
-
- Type: string
The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example,
MS14-045
. Applies to Windows patches only. - MsrcSeverity
-
- Type: string
The severity of the patch, such as
Critical
,Important
, orModerate
. Applies to Windows patches only. - Name
-
- Type: string
The name of the patch. Applies to Linux-based managed nodes only.
- Product
-
- Type: string
The specific product the patch is applicable for. For example,
WindowsServer2016
orAmazonLinux2018.03
. - ProductFamily
-
- Type: string
The product family the patch is applicable for. For example,
Windows
orAmazon Linux 2
. - Release
-
- Type: string
The particular release of a patch. For example, in
pkg-example-EE-20180914-2.2.amzn1.noarch
, the release is2.amaz1
. Applies to Linux-based managed nodes only. - ReleaseDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the patch was released.
- Repository
-
- Type: string
The source patch repository for the operating system and version, such as
trusty-security
for Ubuntu Server 14.04 LTE andfocal-security
for Ubuntu Server 20.04 LTE. Applies to Linux-based managed nodes only. - Severity
-
- Type: string
The severity level of the patch. For example,
CRITICAL
orMODERATE
. - Title
-
- Type: string
The title of the patch.
- Vendor
-
- Type: string
The name of the vendor providing the patch.
- Version
-
- Type: string
The version number of the patch. For example, in
example-pkg-1.710.10-2.7.abcd.x86_64
, the version number is indicated by-1
. Applies to Linux-based managed nodes only.
PatchBaselineIdentity
Description
Defines the basic information about a patch baseline.
Members
- BaselineDescription
-
- Type: string
The description of the patch baseline.
- BaselineId
-
- Type: string
The ID of the patch baseline.
- BaselineName
-
- Type: string
The name of the patch baseline.
- DefaultBaseline
-
- Type: boolean
Indicates whether this is the default baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
- OperatingSystem
-
- Type: string
Defines the operating system the patch baseline applies to. The default value is
WINDOWS
.
PatchComplianceData
Description
Information about the state of a patch on a particular managed node as it relates to the patch baseline used to patch the node.
Members
- CVEIds
-
- Type: string
The IDs of one or more Common Vulnerabilities and Exposure (CVE) issues that are resolved by the patch.
Currently, CVE ID values are reported only for patches with a status of
Missing
orFailed
. - Classification
-
- Required: Yes
- Type: string
The classification of the patch, such as
SecurityUpdates
,Updates
, andCriticalUpdates
. - InstalledTime
-
- Required: Yes
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date/time the patch was installed on the managed node. Not all operating systems provide this level of information.
- KBId
-
- Required: Yes
- Type: string
The operating system-specific ID of the patch.
- Severity
-
- Required: Yes
- Type: string
The severity of the patch such as
Critical
,Important
, andModerate
. - State
-
- Required: Yes
- Type: string
The state of the patch on the managed node, such as INSTALLED or FAILED.
For descriptions of each patch state, see About patch compliance in the Amazon Web Services Systems Manager User Guide.
- Title
-
- Required: Yes
- Type: string
The title of the patch.
PatchFilter
Description
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS
are PATCH_SET
, PRODUCT
, PRODUCT_FAMILY
, CLASSIFICATION
, and MSRC_SEVERITY
.
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT
and the filter values are ["Office 2013", "Office 2016"]
, then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties
command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties.
Members
- Key
-
- Required: Yes
- Type: string
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
- Values
-
- Required: Yes
- Type: Array of strings
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
PatchFilterGroup
Description
A set of patch filters, typically used for approval rules.
Members
- PatchFilters
-
- Required: Yes
- Type: Array of PatchFilter structures
The set of patch filters that make up the group.
PatchGroupPatchBaselineMapping
Description
The mapping between a patch group and the patch baseline the patch group is registered with.
Members
- BaselineIdentity
-
- Type: PatchBaselineIdentity structure
The patch baseline the patch group is registered with.
- PatchGroup
-
- Type: string
The name of the patch group registered with the patch baseline.
PatchOrchestratorFilter
Description
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter
include the following:
Members
- Key
-
- Type: string
The key for the filter.
- Values
-
- Type: Array of strings
The value for the filter.
PatchRule
Description
Defines an approval rule for a patch baseline.
Members
- ApproveAfterDays
-
- Type: int
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7
means that patches are approved seven days after they are released.This parameter is marked as
Required: No
, but your request must include a value for eitherApproveAfterDays
orApproveUntilDate
.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.
- ApproveUntilDate
-
- Type: string
The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.
Enter dates in the format
YYYY-MM-DD
. For example,2024-12-31
.This parameter is marked as
Required: No
, but your request must include a value for eitherApproveUntilDate
orApproveAfterDays
.Not supported for Debian Server or Ubuntu Server.
Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.
- ComplianceLevel
-
- Type: string
A compliance severity level for all approved patches in a patch baseline.
- EnableNonSecurity
-
- Type: boolean
For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false
. Applies to Linux managed nodes only. - PatchFilterGroup
-
- Required: Yes
- Type: PatchFilterGroup structure
The patch filter group that defines the criteria for the rule.
PatchRuleGroup
Description
A set of rules defining the approval rules for a patch baseline.
Members
- PatchRules
-
- Required: Yes
- Type: Array of PatchRule structures
The rules that make up the rule group.
PatchSource
Description
Information about the patches to use to update the managed nodes, including target operating systems and source repository. Applies to Linux managed nodes only.
Members
- Configuration
-
- Required: Yes
- Type: string
The value of the yum repo configuration. For example:
[main]
name=MyCustomRepository
baseurl=https://my-custom-repository
enabled=1
For information about other options available for your yum repository configuration, see dnf.conf(5).
- Name
-
- Required: Yes
- Type: string
The name specified to identify the patch source.
- Products
-
- Required: Yes
- Type: Array of strings
The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
PatchStatus
Description
Information about the approval status of a patch.
Members
- ApprovalDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date the patch was approved (or will be approved if the status is
PENDING_APPROVAL
). - ComplianceLevel
-
- Type: string
The compliance severity level for a patch.
- DeploymentStatus
-
- Type: string
The approval status of a patch.
PoliciesLimitExceededException
Description
You specified more than the maximum number of allowed policies for the parameter. The maximum is 10.
Members
- message
-
- Type: string
ProgressCounters
Description
An aggregate of step execution statuses displayed in the Amazon Web Services Systems Manager console for a multi-Region and multi-account Automation execution.
Members
- CancelledSteps
-
- Type: int
The total number of steps that the system cancelled in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
- FailedSteps
-
- Type: int
The total number of steps that failed to run in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
- SuccessSteps
-
- Type: int
The total number of steps that successfully completed in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
- TimedOutSteps
-
- Type: int
The total number of steps that timed out in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
- TotalSteps
-
- Type: int
The total number of steps run in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
RegistrationMetadataItem
Description
Reserved for internal use.
Members
- Key
-
- Required: Yes
- Type: string
Reserved for internal use.
- Value
-
- Required: Yes
- Type: string
Reserved for internal use.
RelatedOpsItem
Description
An OpsItems that shares something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
Members
- OpsItemId
-
- Required: Yes
- Type: string
The ID of an OpsItem related to the current OpsItem.
ResolvedTargets
Description
Information about targets that resolved during the Automation execution.
Members
- ParameterValues
-
- Type: Array of strings
A list of parameter values sent to targets that resolved during the Automation execution.
- Truncated
-
- Type: boolean
A boolean value indicating whether the resolved target list is truncated.
ResourceComplianceSummaryItem
Description
Compliance summary information for a specific resource.
Members
- ComplianceType
-
- Type: string
The compliance type.
- CompliantSummary
-
- Type: CompliantSummary structure
A list of items that are compliant for the resource.
- ExecutionSummary
-
- Type: ComplianceExecutionSummary structure
Information about the execution.
- NonCompliantSummary
-
- Type: NonCompliantSummary structure
A list of items that aren't compliant for the resource.
- OverallSeverity
-
- Type: string
The highest severity item found for the resource. The resource is compliant for this item.
- ResourceId
-
- Type: string
The resource ID.
- ResourceType
-
- Type: string
The resource type.
- Status
-
- Type: string
The compliance status for the resource.
ResourceDataSyncAlreadyExistsException
Description
A sync configuration with the same name already exists.
Members
- SyncName
-
- Type: string
ResourceDataSyncAwsOrganizationsSource
Description
Information about the AwsOrganizationsSource
resource data sync source. A sync source of this type can synchronize data from Organizations or, if an Amazon Web Services organization isn't present, from multiple Amazon Web Services Regions.
Members
- OrganizationSourceType
-
- Required: Yes
- Type: string
If an Amazon Web Services organization is present, this is either
OrganizationalUnits
orEntireOrganization
. ForOrganizationalUnits
, the data is aggregated from a set of organization units. ForEntireOrganization
, the data is aggregated from the entire Amazon Web Services organization. - OrganizationalUnits
-
- Type: Array of ResourceDataSyncOrganizationalUnit structures
The Organizations organization units included in the sync.
ResourceDataSyncConflictException
Description
Another UpdateResourceDataSync
request is being processed. Wait a few minutes and try again.
Members
- Message
-
- Type: string
ResourceDataSyncCountExceededException
Description
You have exceeded the allowed maximum sync configurations.
Members
- Message
-
- Type: string
ResourceDataSyncDestinationDataSharing
Description
Synchronize Amazon Web Services Systems Manager Inventory data from multiple Amazon Web Services accounts defined in Organizations to a centralized Amazon S3 bucket. Data is synchronized to individual key prefixes in the central bucket. Each key prefix represents a different Amazon Web Services account ID.
Members
- DestinationDataSharingType
-
- Type: string
The sharing data type. Only
Organization
is supported.
ResourceDataSyncInvalidConfigurationException
Description
The specified sync configuration is invalid.
Members
- Message
-
- Type: string
ResourceDataSyncItem
Description
Information about a resource data sync configuration, including its current status and last successful sync.
Members
- LastStatus
-
- Type: string
The status reported by the last sync.
- LastSuccessfulSyncTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last time the sync operations returned a status of
SUCCESSFUL
(UTC). - LastSyncStatusMessage
-
- Type: string
The status message details reported by the last sync.
- LastSyncTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last time the configuration attempted to sync (UTC).
- S3Destination
-
- Type: ResourceDataSyncS3Destination structure
Configuration information for the target S3 bucket.
- SyncCreatedTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the configuration was created (UTC).
- SyncLastModifiedTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time the resource data sync was changed.
- SyncName
-
- Type: string
The name of the resource data sync.
- SyncSource
-
- Type: ResourceDataSyncSourceWithState structure
Information about the source where the data was synchronized.
- SyncType
-
- Type: string
The type of resource data sync. If
SyncType
isSyncToDestination
, then the resource data sync synchronizes data to an S3 bucket. If theSyncType
isSyncFromSource
then the resource data sync synchronizes data from Organizations or from multiple Amazon Web Services Regions.
ResourceDataSyncNotFoundException
Description
The specified sync name wasn't found.
Members
- Message
-
- Type: string
- SyncName
-
- Type: string
- SyncType
-
- Type: string
ResourceDataSyncOrganizationalUnit
Description
The Organizations organizational unit data source for the sync.
Members
- OrganizationalUnitId
-
- Type: string
The Organizations unit ID data source for the sync.
ResourceDataSyncS3Destination
Description
Information about the target S3 bucket for the resource data sync.
Members
- AWSKMSKeyARN
-
- Type: string
The ARN of an encryption key for a destination in Amazon S3. Must belong to the same Region as the destination S3 bucket.
- BucketName
-
- Required: Yes
- Type: string
The name of the S3 bucket where the aggregated data is stored.
- DestinationDataSharing
-
- Type: ResourceDataSyncDestinationDataSharing structure
Enables destination data sharing. By default, this field is
null
. - Prefix
-
- Type: string
An Amazon S3 prefix for the bucket.
- Region
-
- Required: Yes
- Type: string
The Amazon Web Services Region with the S3 bucket targeted by the resource data sync.
- SyncFormat
-
- Required: Yes
- Type: string
A supported sync format. The following format is currently supported: JsonSerDe
ResourceDataSyncSource
Description
Information about the source of the data included in the resource data sync.
Members
- AwsOrganizationsSource
-
- Type: ResourceDataSyncAwsOrganizationsSource structure
Information about the
AwsOrganizationsSource
resource data sync source. A sync source of this type can synchronize data from Organizations. - EnableAllOpsDataSources
-
- Type: boolean
When you create a resource data sync, if you choose one of the Organizations options, then Systems Manager automatically enables all OpsData sources in the selected Amazon Web Services Regions for all Amazon Web Services accounts in your organization (or in the selected organization units). For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the Amazon Web Services Systems Manager User Guide.
- IncludeFutureRegions
-
- Type: boolean
Whether to automatically synchronize and aggregate data from new Amazon Web Services Regions when those Regions come online.
- SourceRegions
-
- Required: Yes
- Type: Array of strings
The
SyncSource
Amazon Web Services Regions included in the resource data sync. - SourceType
-
- Required: Yes
- Type: string
The type of data source for the resource data sync.
SourceType
is eitherAwsOrganizations
(if an organization is present in Organizations) orSingleAccountMultiRegions
.
ResourceDataSyncSourceWithState
Description
The data type name for including resource data sync state. There are four sync states:
OrganizationNotExists
(Your organization doesn't exist)
NoPermissions
(The system can't locate the service-linked role. This role is automatically created when a user creates a resource data sync in Amazon Web Services Systems Manager Explorer.)
InvalidOrganizationalUnit
(You specified or selected an invalid unit in the resource data sync configuration.)
TrustedAccessDisabled
(You disabled Systems Manager access in the organization in Organizations.)
Members
- AwsOrganizationsSource
-
- Type: ResourceDataSyncAwsOrganizationsSource structure
The field name in
SyncSource
for theResourceDataSyncAwsOrganizationsSource
type. - EnableAllOpsDataSources
-
- Type: boolean
When you create a resource data sync, if you choose one of the Organizations options, then Systems Manager automatically enables all OpsData sources in the selected Amazon Web Services Regions for all Amazon Web Services accounts in your organization (or in the selected organization units). For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the Amazon Web Services Systems Manager User Guide.
- IncludeFutureRegions
-
- Type: boolean
Whether to automatically synchronize and aggregate data from new Amazon Web Services Regions when those Regions come online.
- SourceRegions
-
- Type: Array of strings
The
SyncSource
Amazon Web Services Regions included in the resource data sync. - SourceType
-
- Type: string
The type of data source for the resource data sync.
SourceType
is eitherAwsOrganizations
(if an organization is present in Organizations) orsingleAccountMultiRegions
. - State
-
- Type: string
The data type name for including resource data sync state. There are four sync states:
OrganizationNotExists
: Your organization doesn't exist.NoPermissions
: The system can't locate the service-linked role. This role is automatically created when a user creates a resource data sync in Explorer.InvalidOrganizationalUnit
: You specified or selected an invalid unit in the resource data sync configuration.TrustedAccessDisabled
: You disabled Systems Manager access in the organization in Organizations.
ResourceInUseException
Description
Error returned if an attempt is made to delete a patch baseline that is registered for a patch group.
Members
- Message
-
- Type: string
ResourceLimitExceededException
Description
Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.
For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.
Members
- Message
-
- Type: string
ResourceNotFoundException
Description
The specified parameter to be shared could not be found.
Members
- Message
-
- Type: string
ResourcePolicyConflictException
Description
The hash provided in the call doesn't match the stored hash. This exception is thrown when trying to update an obsolete policy version or when multiple requests to update a policy are sent.
Members
- Message
-
- Type: string
ResourcePolicyInvalidParameterException
Description
One or more parameters specified for the call aren't valid. Verify the parameters and their values and try again.
Members
- Message
-
- Type: string
- ParameterNames
-
- Type: Array of strings
ResourcePolicyLimitExceededException
Description
The PutResourcePolicy API action enforces two limits. A policy can't be greater than 1024 bytes in size. And only one policy can be attached to OpsItemGroup
. Verify these limits and try again.
Members
- Limit
-
- Type: int
- LimitType
-
- Type: string
- Message
-
- Type: string
ResourcePolicyNotFoundException
Description
No policies with the specified policy ID and hash could be found.
Members
- Message
-
- Type: string
ResultAttribute
Description
The inventory item result attribute.
Members
- TypeName
-
- Required: Yes
- Type: string
Name of the inventory item type. Valid value:
AWS:InstanceInformation
. Default Value:AWS:InstanceInformation
.
ReviewInformation
Description
Information about the result of a document review request.
Members
- ReviewedTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The time that the reviewer took action on the document review request.
- Reviewer
-
- Type: string
The reviewer assigned to take action on the document review request.
- Status
-
- Type: string
The current status of the document review request.
Runbook
Description
Information about an Automation runbook used in a runbook workflow in Change Manager.
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
Members
- DocumentName
-
- Required: Yes
- Type: string
The name of the Automation runbook used in a runbook workflow.
- DocumentVersion
-
- Type: string
The version of the Automation runbook used in a runbook workflow.
- MaxConcurrency
-
- Type: string
The
MaxConcurrency
value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time. - MaxErrors
-
- Type: string
The
MaxErrors
value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back. - Parameters
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
The key-value map of execution parameters, which were supplied when calling
StartChangeRequestExecution
. - TargetLocations
-
- Type: Array of TargetLocation structures
Information about the Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Runbook operation.
- TargetMaps
-
- Type: Array of maps
A key-value mapping of runbook parameters to target resources. Both Targets and TargetMaps can't be specified together.
- TargetParameterName
-
- Type: string
The name of the parameter used as the target resource for the rate-controlled runbook workflow. Required if you specify
Targets
. - Targets
-
- Type: Array of Target structures
A key-value mapping to target resources that the runbook operation performs tasks on. Required if you specify
TargetParameterName
.
S3OutputLocation
Description
An S3 bucket where you want to store the results of this request.
Members
- OutputS3BucketName
-
- Type: string
The name of the S3 bucket.
- OutputS3KeyPrefix
-
- Type: string
The S3 bucket subfolder.
- OutputS3Region
-
- Type: string
The Amazon Web Services Region of the S3 bucket.
S3OutputUrl
Description
A URL for the Amazon Web Services Systems Manager (Systems Manager) bucket where you want to store the results of this request.
Members
- OutputUrl
-
- Type: string
A URL for an S3 bucket where you want to store the results of this request.
ScheduledWindowExecution
Description
Information about a scheduled execution for a maintenance window.
Members
- ExecutionTime
-
- Type: string
The time, in ISO-8601 Extended format, that the maintenance window is scheduled to be run.
- Name
-
- Type: string
The name of the maintenance window to be run.
- WindowId
-
- Type: string
The ID of the maintenance window to be run.
ServiceSetting
Description
The service setting data structure.
ServiceSetting
is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.
Services map a SettingId
object to a setting value. Amazon Web Services services teams define the default value for a SettingId
. You can't create a new SettingId
, but you can overwrite the default value if you have the ssm:UpdateServiceSetting
permission for the setting. Use the UpdateServiceSetting API operation to change the default setting. Or, use the ResetServiceSetting to change the value back to the original value defined by the Amazon Web Services service team.
Members
- ARN
-
- Type: string
The ARN of the service setting.
- LastModifiedDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The last time the service setting was modified.
- LastModifiedUser
-
- Type: string
The ARN of the last modified user. This field is populated only if the setting value was overwritten.
- SettingId
-
- Type: string
The ID of the service setting.
- SettingValue
-
- Type: string
The value of the service setting.
- Status
-
- Type: string
The status of the service setting. The value can be Default, Customized or PendingUpdate.
-
Default: The current setting uses a default value provisioned by the Amazon Web Services service team.
-
Customized: The current setting use a custom value specified by the customer.
-
PendingUpdate: The current setting uses a default or custom value, but a setting change request is pending approval.
ServiceSettingNotFound
Description
The specified service setting wasn't found. Either the service name or the setting hasn't been provisioned by the Amazon Web Services service team.
Members
- Message
-
- Type: string
Session
Description
Information about a Session Manager connection to a managed node.
Members
- Details
-
- Type: string
Reserved for future use.
- DocumentName
-
- Type: string
The name of the Session Manager SSM document used to define the parameters and plugin settings for the session. For example,
SSM-SessionManagerRunShell
. - EndDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time, in ISO-8601 Extended format, when the session was terminated.
- MaxSessionDuration
-
- Type: string
The maximum duration of a session before it terminates.
- OutputUrl
-
- Type: SessionManagerOutputUrl structure
Reserved for future use.
- Owner
-
- Type: string
The ID of the Amazon Web Services user that started the session.
- Reason
-
- Type: string
The reason for connecting to the instance.
- SessionId
-
- Type: string
The ID of the session.
- StartDate
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
The date and time, in ISO-8601 Extended format, when the session began.
- Status
-
- Type: string
The status of the session. For example, "Connected" or "Terminated".
- Target
-
- Type: string
The managed node that the Session Manager session connected to.
SessionFilter
Description
Describes a filter for Session Manager information.
Members
- key
-
- Required: Yes
- Type: string
The name of the filter.
- value
-
- Required: Yes
- Type: string
The filter value. Valid values for each filter key are as follows:
-
InvokedAfter: Specify a timestamp to limit your results. For example, specify 2024-08-29T00:00:00Z to see sessions that started August 29, 2024, and later.
-
InvokedBefore: Specify a timestamp to limit your results. For example, specify 2024-08-29T00:00:00Z to see sessions that started before August 29, 2024.
-
Target: Specify a managed node to which session connections have been made.
-
Owner: Specify an Amazon Web Services user to see a list of sessions started by that user.
-
Status: Specify a valid session status to see a list of all sessions with that status. Status values you can specify include:
-
Connected
-
Connecting
-
Disconnected
-
Terminated
-
Terminating
-
Failed
-
-
SessionId: Specify a session ID to return details about the session.
SessionManagerOutputUrl
Description
Reserved for future use.
Members
- CloudWatchOutputUrl
-
- Type: string
Reserved for future use.
- S3OutputUrl
-
- Type: string
Reserved for future use.
SeveritySummary
Description
The number of managed nodes found for each patch severity level defined in the request filter.
Members
- CriticalCount
-
- Type: int
The total number of resources or compliance items that have a severity level of
Critical
. Critical severity is determined by the organization that published the compliance items. - HighCount
-
- Type: int
The total number of resources or compliance items that have a severity level of high. High severity is determined by the organization that published the compliance items.
- InformationalCount
-
- Type: int
The total number of resources or compliance items that have a severity level of informational. Informational severity is determined by the organization that published the compliance items.
- LowCount
-
- Type: int
The total number of resources or compliance items that have a severity level of low. Low severity is determined by the organization that published the compliance items.
- MediumCount
-
- Type: int
The total number of resources or compliance items that have a severity level of medium. Medium severity is determined by the organization that published the compliance items.
- UnspecifiedCount
-
- Type: int
The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.
StatusUnchanged
Description
The updated status is the same as the current status.
Members
StepExecution
Description
Detailed information about an the execution state of an Automation step.
Members
- Action
-
- Type: string
The action this step performs. The action determines the behavior of the step.
- ExecutionEndTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
If a step has finished execution, this contains the time the execution ended. If the step hasn't yet concluded, this field isn't populated.
- ExecutionStartTime
-
- Type: timestamp (string|DateTime or anything parsable by strtotime)
If a step has begun execution, this contains the time the step started. If the step is in Pending status, this field isn't populated.
- FailureDetails
-
- Type: FailureDetails structure
Information about the Automation failure.
- FailureMessage
-
- Type: string
If a step failed, this message explains why the execution failed.
- Inputs
-
- Type: Associative array of custom strings keys (String) to strings
Fully-resolved values passed into the step before execution.
- IsCritical
-
- Type: boolean
The flag which can be used to help decide whether the failure of current step leads to the Automation failure.
- IsEnd
-
- Type: boolean
The flag which can be used to end automation no matter whether the step succeeds or fails.
- MaxAttempts
-
- Type: int
The maximum number of tries to run the action of the step. The default value is
1
. - NextStep
-
- Type: string
The next step after the step succeeds.
- OnFailure
-
- Type: string
The action to take if the step fails. The default value is
Abort
. - Outputs
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
Returned values from the execution of the step.
- OverriddenParameters
-
- Type: Associative array of custom strings keys (AutomationParameterKey) to stringss
A user-specified list of parameters to override when running a step.
- ParentStepDetails
-
- Type: ParentStepDetails structure
Information about the parent step.
- Response
-
- Type: string
A message associated with the response code for an execution.
- ResponseCode
-
- Type: string
The response code returned by the execution of the step.
- StepExecutionId
-
- Type: string
The unique ID of a step execution.
- StepName
-
- Type: string
The name of this execution step.
- StepStatus
-
- Type: string
The execution status for this step.
- TargetLocation
-
- Type: TargetLocation structure
The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation execution.
- Targets
-
- Type: Array of Target structures
The targets for the step execution.
- TimeoutSeconds
-
- Type: long (int|float)
The timeout seconds of the step.
- TriggeredAlarms
-
- Type: Array of AlarmStateInformation structures
The CloudWatch alarms that were invoked by the automation.
- ValidNextSteps
-
- Type: Array of strings
Strategies used when step fails, we support Continue and Abort. Abort will fail the automation when the step fails. Continue will ignore the failure of current step and allow automation to run the next step. With conditional branching, we add step:stepName to support the automation to go to another specific step.
StepExecutionFilter
Description
A filter to limit the amount of step execution information returned by the call.
Members
- Key
-
- Required: Yes
- Type: string
One or more keys to limit the results.
- Values
-
- Required: Yes
- Type: Array of strings
The values of the filter key.
SubTypeCountLimitExceededException
Description
The sub-type count exceeded the limit for the inventory type.
Members
- Message
-
- Type: string
Tag
Description
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed nodes, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
Members
- Key
-
- Required: Yes
- Type: string
The name of the tag.
- Value
-
- Required: Yes
- Type: string
The value of the tag.
Target
Description
An array of search criteria that targets managed nodes using a key-value pair that you specify.
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.
Supported formats include the following.
For all Systems Manager capabilities:
-
Key=tag-key,Values=tag-value-1,tag-value-2
For Automation and Change Manager:
-
Key=tag:tag-key,Values=tag-value
-
Key=ResourceGroup,Values=resource-group-name
-
Key=ParameterValues,Values=value-1,value-2,value-3
-
To target all instances in the Amazon Web Services Region:
-
Key=AWS::EC2::Instance,Values=*
-
Key=InstanceIds,Values=*
-
For Run Command and Maintenance Windows:
-
Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
-
Key=tag:tag-key,Values=tag-value-1,tag-value-2
-
Key=resource-groups:Name,Values=resource-group-name
-
Additionally, Maintenance Windows support targeting resource types:
-
Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2
-
For State Manager:
-
Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
-
Key=tag:tag-key,Values=tag-value-1,tag-value-2
-
To target all instances in the Amazon Web Services Region:
-
Key=InstanceIds,Values=*
-
For more information about how to send commands that target managed nodes using Key,Value
parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.
Members
- Key
-
- Type: string
User-defined criteria for sending commands that target managed nodes that meet the criteria.
- Values
-
- Type: Array of strings
User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TargetInUseException
Description
You specified the Safe
option for the DeregisterTargetFromMaintenanceWindow operation, but the target is still referenced in a task.
Members
- Message
-
- Type: string
TargetLocation
Description
The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation execution.
Members
- Accounts
-
- Type: Array of strings
The Amazon Web Services accounts targeted by the current Automation execution.
- ExcludeAccounts
-
- Type: Array of strings
Amazon Web Services accounts or organizational units to exclude as expanded targets.
- ExecutionRoleName
-
- Type: string
The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
. - IncludeChildOrganizationUnits
-
- Type: boolean
Indicates whether to include child organizational units (OUs) that are children of the targeted OUs. The default is
false
. - Regions
-
- Type: Array of strings
The Amazon Web Services Regions targeted by the current Automation execution.
- TargetLocationAlarmConfiguration
-
- Type: AlarmConfiguration structure
The details for the CloudWatch alarm you want to apply to an automation or command.
- TargetLocationMaxConcurrency
-
- Type: string
The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
- TargetLocationMaxErrors
-
- Type: string
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
- Targets
-
- Type: Array of Target structures
A list of key-value mappings to target resources. If you specify values for this data type, you must also specify a value for
TargetParameterName
.This
Targets
parameter takes precedence over theStartAutomationExecution:Targets
parameter if both are supplied. - TargetsMaxConcurrency
-
- Type: string
The maximum number of targets allowed to run this task in parallel. This
TargetsMaxConcurrency
takes precedence over theStartAutomationExecution:MaxConcurrency
parameter if both are supplied. - TargetsMaxErrors
-
- Type: string
The maximum number of errors that are allowed before the system stops running the automation on additional targets. This
TargetsMaxErrors
parameter takes precedence over theStartAutomationExecution:MaxErrors
parameter if both are supplied.
TargetNotConnected
Description
The specified target managed node for the session isn't fully configured for use with Session Manager. For more information, see Setting up Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you attempt to start a session on a managed node that is located in a different account or Region
Members
- Message
-
- Type: string
TooManyTagsError
Description
The Targets
parameter includes too many tags. Remove one or more tags and try the command again.
Members
TooManyUpdates
Description
There are concurrent updates for a resource that supports one update at a time.
Members
- Message
-
- Type: string
TotalSizeLimitExceededException
Description
The size of inventory data has exceeded the total size limit for the resource.
Members
- Message
-
- Type: string
UnsupportedCalendarException
Description
The calendar entry contained in the specified SSM document isn't supported.
Members
- Message
-
- Type: string
UnsupportedFeatureRequiredException
Description
Patching for applications released by Microsoft is only available on EC2 instances and advanced instances. To patch applications released by Microsoft on on-premises servers and VMs, you must enable advanced instances. For more information, see Turning on the advanced-instances tier in the Amazon Web Services Systems Manager User Guide.
Members
- Message
-
- Type: string
UnsupportedInventoryItemContextException
Description
The Context
attribute that you specified for the InventoryItem
isn't allowed for this inventory type. You can only use the Context
attribute with inventory types like AWS:ComplianceItem
.
Members
- Message
-
- Type: string
- TypeName
-
- Type: string
UnsupportedInventorySchemaVersionException
Description
Inventory item type schema version has to match supported versions in the service. Check output of GetInventorySchema to see the available schema version for each type.
Members
- Message
-
- Type: string
UnsupportedOperatingSystem
Description
The operating systems you specified isn't supported, or the operation isn't supported for the operating system.
Members
- Message
-
- Type: string
UnsupportedParameterType
Description
The parameter type isn't supported.
Members
- message
-
- Type: string
UnsupportedPlatformType
Description
The document doesn't support the platform type of the given managed node IDs. For example, you sent an document for a Windows managed node to a Linux node.
Members
- Message
-
- Type: string