SDK for PHP 3.x

Client: Aws\Ssm\SsmClient
Service ID: ssm
Version: 2014-11-06

This page describes the parameters and results for the operations of the Amazon Simple Systems Manager (SSM) (2014-11-06), and shows how to use the Aws\Ssm\SsmClient object to call the described operations. This documentation is specific to the 2014-11-06 API version of the service.

Operation Summary

Each of the following operations can be created from a client using $client->getCommand('CommandName'), where "CommandName" is the name of one of the following operations. Note: a command is a value that encapsulates an operation and the parameters used to create an HTTP request.

You can also create and send a command immediately using the magic methods available on a client object: $client->commandName(/* parameters */). You can send the command asynchronously (returning a promise) by appending the word "Async" to the operation name: $client->commandNameAsync(/* parameters */).

AddTagsToResource ( array $params = [] )
Adds or overwrites one or more tags for the specified resource.
AssociateOpsItemRelatedItem ( array $params = [] )
Associates a related item to a Systems Manager OpsCenter OpsItem.
CancelCommand ( array $params = [] )
Attempts to cancel the command specified by the Command ID.
CancelMaintenanceWindowExecution ( array $params = [] )
Stops a maintenance window execution that is already in progress and cancels any tasks in the window that haven't already starting running.
CreateActivation ( array $params = [] )
Generates an activation code and activation ID you can use to register your on-premises servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager.
CreateAssociation ( array $params = [] )
A State Manager association defines the state that you want to maintain on your managed nodes.
CreateAssociationBatch ( array $params = [] )
Associates the specified Amazon Web Services Systems Manager document (SSM document) with the specified managed nodes or targets.
CreateDocument ( array $params = [] )
Creates a Amazon Web Services Systems Manager (SSM document).
CreateMaintenanceWindow ( array $params = [] )
Creates a new maintenance window.
CreateOpsItem ( array $params = [] )
Creates a new OpsItem.
CreateOpsMetadata ( array $params = [] )
If you create a new application in Application Manager, Amazon Web Services Systems Manager calls this API operation to specify information about the new application, including the application type.
CreatePatchBaseline ( array $params = [] )
Creates a patch baseline.
CreateResourceDataSync ( array $params = [] )
A resource data sync helps you view data from multiple sources in a single location.
DeleteActivation ( array $params = [] )
Deletes an activation.
DeleteAssociation ( array $params = [] )
Disassociates the specified Amazon Web Services Systems Manager document (SSM document) from the specified managed node.
DeleteDocument ( array $params = [] )
Deletes the Amazon Web Services Systems Manager document (SSM document) and all managed node associations to the document.
DeleteInventory ( array $params = [] )
Delete a custom inventory type or the data associated with a custom Inventory type.
DeleteMaintenanceWindow ( array $params = [] )
Deletes a maintenance window.
DeleteOpsItem ( array $params = [] )
Delete an OpsItem.
DeleteOpsMetadata ( array $params = [] )
Delete OpsMetadata related to an application.
DeleteParameter ( array $params = [] )
Delete a parameter from the system.
DeleteParameters ( array $params = [] )
Delete a list of parameters.
DeletePatchBaseline ( array $params = [] )
Deletes a patch baseline.
DeleteResourceDataSync ( array $params = [] )
Deletes a resource data sync configuration.
DeleteResourcePolicy ( array $params = [] )
Deletes a Systems Manager resource policy.
DeregisterManagedInstance ( array $params = [] )
Removes the server or virtual machine from the list of registered servers.
DeregisterPatchBaselineForPatchGroup ( array $params = [] )
Removes a patch group from a patch baseline.
DeregisterTargetFromMaintenanceWindow ( array $params = [] )
Removes a target from a maintenance window.
DeregisterTaskFromMaintenanceWindow ( array $params = [] )
Removes a task from a maintenance window.
DescribeActivations ( array $params = [] )
Describes details about the activation, such as the date and time the activation was created, its expiration date, the Identity and Access Management (IAM) role assigned to the managed nodes in the activation, and the number of nodes registered by using this activation.
DescribeAssociation ( array $params = [] )
Describes the association for the specified target or managed node.
DescribeAssociationExecutionTargets ( array $params = [] )
Views information about a specific execution of a specific association.
DescribeAssociationExecutions ( array $params = [] )
Views all executions for a specific association ID.
DescribeAutomationExecutions ( array $params = [] )
Provides details about all active and terminated Automation executions.
DescribeAutomationStepExecutions ( array $params = [] )
Information about all active and terminated step executions in an Automation workflow.
DescribeAvailablePatches ( array $params = [] )
Lists all patches eligible to be included in a patch baseline.
DescribeDocument ( array $params = [] )
Describes the specified Amazon Web Services Systems Manager document (SSM document).
DescribeDocumentPermission ( array $params = [] )
Describes the permissions for a Amazon Web Services Systems Manager document (SSM document).
DescribeEffectiveInstanceAssociations ( array $params = [] )
All associations for the managed nodes.
DescribeEffectivePatchesForPatchBaseline ( array $params = [] )
Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline.
DescribeInstanceAssociationsStatus ( array $params = [] )
The status of the associations for the managed nodes.
DescribeInstanceInformation ( array $params = [] )
Provides information about one or more of your managed nodes, including the operating system platform, SSM Agent version, association status, and IP address.
DescribeInstancePatchStates ( array $params = [] )
Retrieves the high-level patch state of one or more managed nodes.
DescribeInstancePatchStatesForPatchGroup ( array $params = [] )
Retrieves the high-level patch state for the managed nodes in the specified patch group.
DescribeInstancePatches ( array $params = [] )
Retrieves information about the patches on the specified managed node and their state relative to the patch baseline being used for the node.
DescribeInstanceProperties ( array $params = [] )
An API operation used by the Systems Manager console to display information about Systems Manager managed nodes.
DescribeInventoryDeletions ( array $params = [] )
Describes a specific delete inventory operation.
DescribeMaintenanceWindowExecutionTaskInvocations ( array $params = [] )
Retrieves the individual task executions (one per target) for a particular task run as part of a maintenance window execution.
DescribeMaintenanceWindowExecutionTasks ( array $params = [] )
For a given maintenance window execution, lists the tasks that were run.
DescribeMaintenanceWindowExecutions ( array $params = [] )
Lists the executions of a maintenance window.
DescribeMaintenanceWindowSchedule ( array $params = [] )
Retrieves information about upcoming executions of a maintenance window.
DescribeMaintenanceWindowTargets ( array $params = [] )
Lists the targets registered with the maintenance window.
DescribeMaintenanceWindowTasks ( array $params = [] )
Lists the tasks in a maintenance window.
DescribeMaintenanceWindows ( array $params = [] )
Retrieves the maintenance windows in an Amazon Web Services account.
DescribeMaintenanceWindowsForTarget ( array $params = [] )
Retrieves information about the maintenance window targets or tasks that a managed node is associated with.
DescribeOpsItems ( array $params = [] )
Query a set of OpsItems.
DescribeParameters ( array $params = [] )
Lists the parameters in your Amazon Web Services account or the parameters shared with you when you enable the Shared option.
DescribePatchBaselines ( array $params = [] )
Lists the patch baselines in your Amazon Web Services account.
DescribePatchGroupState ( array $params = [] )
Returns high-level aggregated patch compliance state information for a patch group.
DescribePatchGroups ( array $params = [] )
Lists all patch groups that have been registered with patch baselines.
DescribePatchProperties ( array $params = [] )
Lists the properties of available patches organized by product, product family, classification, severity, and other properties of available patches.
DescribeSessions ( array $params = [] )
Retrieves a list of all active sessions (both connected and disconnected) or terminated sessions from the past 30 days.
DisassociateOpsItemRelatedItem ( array $params = [] )
Deletes the association between an OpsItem and a related item.
GetAutomationExecution ( array $params = [] )
Get detailed information about a particular Automation execution.
GetCalendarState ( array $params = [] )
Gets the state of a Amazon Web Services Systems Manager change calendar at the current time or a specified time.
GetCommandInvocation ( array $params = [] )
Returns detailed information about command execution for an invocation or plugin.
GetConnectionStatus ( array $params = [] )
Retrieves the Session Manager connection status for a managed node to determine whether it is running and ready to receive Session Manager connections.
GetDefaultPatchBaseline ( array $params = [] )
Retrieves the default patch baseline.
GetDeployablePatchSnapshotForInstance ( array $params = [] )
Retrieves the current snapshot for the patch baseline the managed node uses.
GetDocument ( array $params = [] )
Gets the contents of the specified Amazon Web Services Systems Manager document (SSM document).
GetInventory ( array $params = [] )
Query inventory information.
GetInventorySchema ( array $params = [] )
Return a list of inventory type names for the account, or return a list of attribute names for a specific Inventory item type.
GetMaintenanceWindow ( array $params = [] )
Retrieves a maintenance window.
GetMaintenanceWindowExecution ( array $params = [] )
Retrieves details about a specific a maintenance window execution.
GetMaintenanceWindowExecutionTask ( array $params = [] )
Retrieves the details about a specific task run as part of a maintenance window execution.
GetMaintenanceWindowExecutionTaskInvocation ( array $params = [] )
Retrieves information about a specific task running on a specific target.
GetMaintenanceWindowTask ( array $params = [] )
Retrieves the details of a maintenance window task.
GetOpsItem ( array $params = [] )
Get information about an OpsItem by using the ID.
GetOpsMetadata ( array $params = [] )
View operational metadata related to an application in Application Manager.
GetOpsSummary ( array $params = [] )
View a summary of operations metadata (OpsData) based on specified filters and aggregators.
GetParameter ( array $params = [] )
Get information about a single parameter by specifying the parameter name.
GetParameterHistory ( array $params = [] )
Retrieves the history of all changes to a parameter.
GetParameters ( array $params = [] )
Get information about one or more parameters by specifying multiple parameter names.
GetParametersByPath ( array $params = [] )
Retrieve information about one or more parameters in a specific hierarchy.
GetPatchBaseline ( array $params = [] )
Retrieves information about a patch baseline.
GetPatchBaselineForPatchGroup ( array $params = [] )
Retrieves the patch baseline that should be used for the specified patch group.
GetResourcePolicies ( array $params = [] )
Returns an array of the Policy object.
GetServiceSetting ( array $params = [] )
ServiceSetting is an account-level setting for an Amazon Web Services service.
LabelParameterVersion ( array $params = [] )
A parameter label is a user-defined alias to help you manage different versions of a parameter.
ListAssociationVersions ( array $params = [] )
Retrieves all versions of an association for a specific association ID.
ListAssociations ( array $params = [] )
Returns all State Manager associations in the current Amazon Web Services account and Amazon Web Services Region.
ListCommandInvocations ( array $params = [] )
An invocation is copy of a command sent to a specific managed node.
ListCommands ( array $params = [] )
Lists the commands requested by users of the Amazon Web Services account.
ListComplianceItems ( array $params = [] )
For a specified resource ID, this API operation returns a list of compliance statuses for different resource types.
ListComplianceSummaries ( array $params = [] )
Returns a summary count of compliant and non-compliant resources for a compliance type.
ListDocumentMetadataHistory ( array $params = [] )
Information about approval reviews for a version of a change template in Change Manager.
ListDocumentVersions ( array $params = [] )
List all versions for a document.
ListDocuments ( array $params = [] )
Returns all Systems Manager (SSM) documents in the current Amazon Web Services account and Amazon Web Services Region.
ListInventoryEntries ( array $params = [] )
A list of inventory items returned by the request.
ListOpsItemEvents ( array $params = [] )
Returns a list of all OpsItem events in the current Amazon Web Services Region and Amazon Web Services account.
ListOpsItemRelatedItems ( array $params = [] )
Lists all related-item resources associated with a Systems Manager OpsCenter OpsItem.
ListOpsMetadata ( array $params = [] )
Amazon Web Services Systems Manager calls this API operation when displaying all Application Manager OpsMetadata objects or blobs.
ListResourceComplianceSummaries ( array $params = [] )
Returns a resource-level summary count.
ListResourceDataSync ( array $params = [] )
Lists your resource data sync configurations.
ListTagsForResource ( array $params = [] )
Returns a list of the tags assigned to the specified resource.
ModifyDocumentPermission ( array $params = [] )
Shares a Amazon Web Services Systems Manager document (SSM document)publicly or privately.
PutComplianceItems ( array $params = [] )
Registers a compliance type and other compliance details on a designated resource.
PutInventory ( array $params = [] )
Bulk update custom inventory items on one or more managed nodes.
PutParameter ( array $params = [] )
Add a parameter to the system.
PutResourcePolicy ( array $params = [] )
Creates or updates a Systems Manager resource policy.
RegisterDefaultPatchBaseline ( array $params = [] )
Defines the default patch baseline for the relevant operating system.
RegisterPatchBaselineForPatchGroup ( array $params = [] )
Registers a patch baseline for a patch group.
RegisterTargetWithMaintenanceWindow ( array $params = [] )
Registers a target with a maintenance window.
RegisterTaskWithMaintenanceWindow ( array $params = [] )
Adds a new task to a maintenance window.
RemoveTagsFromResource ( array $params = [] )
Removes tag keys from the specified resource.
ResetServiceSetting ( array $params = [] )
ServiceSetting is an account-level setting for an Amazon Web Services service.
ResumeSession ( array $params = [] )
Reconnects a session to a managed node after it has been disconnected.
SendAutomationSignal ( array $params = [] )
Sends a signal to an Automation execution to change the current behavior or status of the execution.
SendCommand ( array $params = [] )
Runs commands on one or more managed nodes.
StartAssociationsOnce ( array $params = [] )
Runs an association immediately and only one time.
StartAutomationExecution ( array $params = [] )
Initiates execution of an Automation runbook.
StartChangeRequestExecution ( array $params = [] )
Creates a change request for Change Manager.
StartSession ( array $params = [] )
Initiates a connection to a target (for example, a managed node) for a Session Manager session.
StopAutomationExecution ( array $params = [] )
Stop an Automation that is currently running.
TerminateSession ( array $params = [] )
Permanently ends a session and closes the data connection between the Session Manager client and SSM Agent on the managed node.
UnlabelParameterVersion ( array $params = [] )
Remove a label or labels from a parameter.
UpdateAssociation ( array $params = [] )
Updates an association.
UpdateAssociationStatus ( array $params = [] )
Updates the status of the Amazon Web Services Systems Manager document (SSM document) associated with the specified managed node.
UpdateDocument ( array $params = [] )
Updates one or more values for an SSM document.
UpdateDocumentDefaultVersion ( array $params = [] )
Set the default version of a document.
UpdateDocumentMetadata ( array $params = [] )
Updates information related to approval reviews for a specific version of a change template in Change Manager.
UpdateMaintenanceWindow ( array $params = [] )
Updates an existing maintenance window.
UpdateMaintenanceWindowTarget ( array $params = [] )
Modifies the target of an existing maintenance window.
UpdateMaintenanceWindowTask ( array $params = [] )
Modifies a task assigned to a maintenance window.
UpdateManagedInstanceRole ( array $params = [] )
Changes the Identity and Access Management (IAM) role that is assigned to the on-premises server, edge device, or virtual machines (VM).
UpdateOpsItem ( array $params = [] )
Edit or change an OpsItem.
UpdateOpsMetadata ( array $params = [] )
Amazon Web Services Systems Manager calls this API operation when you edit OpsMetadata in Application Manager.
UpdatePatchBaseline ( array $params = [] )
Modifies an existing patch baseline.
UpdateResourceDataSync ( array $params = [] )
Update a resource data sync.
UpdateServiceSetting ( array $params = [] )
ServiceSetting is an account-level setting for an Amazon Web Services service.

Paginators

Paginators handle automatically iterating over paginated API results. Paginators are associated with specific API operations, and they accept the parameters that the corresponding API operation accepts. You can get a paginator from a client class using getPaginator($paginatorName, $operationParameters). This client supports the following paginators:

DescribeActivations
DescribeAssociationExecutionTargets
DescribeAssociationExecutions
DescribeAutomationExecutions
DescribeAutomationStepExecutions
DescribeAvailablePatches
DescribeEffectiveInstanceAssociations
DescribeEffectivePatchesForPatchBaseline
DescribeInstanceAssociationsStatus
DescribeInstanceInformation
DescribeInstancePatchStates
DescribeInstancePatchStatesForPatchGroup
DescribeInstancePatches
DescribeInstanceProperties
DescribeInventoryDeletions
DescribeMaintenanceWindowExecutionTaskInvocations
DescribeMaintenanceWindowExecutionTasks
DescribeMaintenanceWindowExecutions
DescribeMaintenanceWindowSchedule
DescribeMaintenanceWindowTargets
DescribeMaintenanceWindowTasks
DescribeMaintenanceWindows
DescribeMaintenanceWindowsForTarget
DescribeOpsItems
DescribeParameters
DescribePatchBaselines
DescribePatchGroups
DescribePatchProperties
DescribeSessions
GetInventory
GetInventorySchema
GetOpsSummary
GetParameterHistory
GetParametersByPath
GetResourcePolicies
ListAssociationVersions
ListAssociations
ListCommandInvocations
ListCommands
ListComplianceItems
ListComplianceSummaries
ListDocumentVersions
ListDocuments
ListOpsItemEvents
ListOpsItemRelatedItems
ListOpsMetadata
ListResourceComplianceSummaries
ListResourceDataSync

Waiters

Waiters allow you to poll a resource until it enters into a desired state. A waiter has a name used to describe what it does, and is associated with an API operation. When creating a waiter, you can provide the API operation parameters associated with the corresponding operation. Waiters can be accessed using the getWaiter($waiterName, $operationParameters) method of a client object. This client supports the following waiters:

Waiter name API Operation Delay Max Attempts
CommandExecuted GetCommandInvocation 5 20

Operations

AddTagsToResource

$result = $client->addTagsToResource([/* ... */]);
$promise = $client->addTagsToResourceAsync([/* ... */]);

Adds or overwrites one or more tags for the specified resource. Tags are metadata that you can assign to your automations, documents, managed nodes, maintenance windows, Parameter Store parameters, and patch baselines. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. For example, you could define a set of tags for your account's managed nodes that helps you track each node's owner and stack level. For example:

  • Key=Owner,Value=DbAdmin

  • Key=Owner,Value=SysAdmin

  • Key=Owner,Value=Dev

  • Key=Stack,Value=Production

  • Key=Stack,Value=Pre-Production

  • Key=Stack,Value=Test

Most resources can have a maximum of 50 tags. Automations can have a maximum of 5 tags.

We recommend that you devise a set of tag keys that meets your needs for each resource type. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags you add. Tags don't have any semantic meaning to and are interpreted strictly as a string of characters.

For more information about using tags with Amazon Elastic Compute Cloud (Amazon EC2) instances, see Tag your Amazon EC2 resources in the Amazon EC2 User Guide.

Parameter Syntax

$result = $client->addTagsToResource([
    'ResourceId' => '<string>', // REQUIRED
    'ResourceType' => 'Document|ManagedInstance|MaintenanceWindow|Parameter|PatchBaseline|OpsItem|OpsMetadata|Automation|Association', // REQUIRED
    'Tags' => [ // REQUIRED
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
ResourceId
Required: Yes
Type: string

The resource ID you want to tag.

Use the ID of the resource. Here are some examples:

MaintenanceWindow: mw-012345abcde

PatchBaseline: pb-012345abcde

Automation: example-c160-4567-8519-012345abcde

OpsMetadata object: ResourceID for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically, ResourceID is created from the strings that come after the word opsmetadata in the ARN. For example, an OpsMetadata object with an ARN of arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager has a ResourceID of either aws/ssm/MyGroup/appmanager or /aws/ssm/MyGroup/appmanager.

For the Document and Parameter values, use the name of the resource. If you're tagging a shared document, you must use the full ARN of the document.

ManagedInstance: mi-012345abcde

The ManagedInstance type for this API operation is only for on-premises managed nodes. You must specify the name of the managed node in the following format: mi-ID_number . For example, mi-1a2b3c4d5e6f.

ResourceType
Required: Yes
Type: string

Specifies the type of resource you are tagging.

The ManagedInstance type for this API operation is for on-premises managed nodes. You must specify the name of the managed node in the following format: mi-ID_number . For example, mi-1a2b3c4d5e6f.

Tags
Required: Yes
Type: Array of Tag structures

One or more tags. The value parameter is required.

Don't enter personally identifiable information in this field.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidResourceType:

The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.

InvalidResourceId:

The resource ID isn't valid. Verify that you entered the correct ID and try again.

InternalServerError:

An error occurred on the server side.

TooManyTagsError:

The Targets parameter includes too many tags. Remove one or more tags and try the command again.

TooManyUpdates:

There are concurrent updates for a resource that supports one update at a time.

AssociateOpsItemRelatedItem

$result = $client->associateOpsItemRelatedItem([/* ... */]);
$promise = $client->associateOpsItemRelatedItemAsync([/* ... */]);

Associates a related item to a Systems Manager OpsCenter OpsItem. For example, you can associate an Incident Manager incident or analysis with an OpsItem. Incident Manager and OpsCenter are capabilities of Amazon Web Services Systems Manager.

Parameter Syntax

$result = $client->associateOpsItemRelatedItem([
    'AssociationType' => '<string>', // REQUIRED
    'OpsItemId' => '<string>', // REQUIRED
    'ResourceType' => '<string>', // REQUIRED
    'ResourceUri' => '<string>', // REQUIRED
]);

Parameter Details

Members
AssociationType
Required: Yes
Type: string

The type of association that you want to create between an OpsItem and a resource. OpsCenter supports IsParentOf and RelatesTo association types.

OpsItemId
Required: Yes
Type: string

The ID of the OpsItem to which you want to associate a resource as a related item.

ResourceType
Required: Yes
Type: string

The type of resource that you want to associate with an OpsItem. OpsCenter supports the following types:

AWS::SSMIncidents::IncidentRecord: an Incident Manager incident.

AWS::SSM::Document: a Systems Manager (SSM) document.

ResourceUri
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the Amazon Web Services resource that you want to associate with the OpsItem.

Result Syntax

[
    'AssociationId' => '<string>',
]

Result Details

Members
AssociationId
Type: string

The association ID.

Errors

InternalServerError:

An error occurred on the server side.

OpsItemNotFoundException:

The specified OpsItem ID doesn't exist. Verify the ID and try again.

OpsItemLimitExceededException:

The request caused OpsItems to exceed one or more quotas.

OpsItemInvalidParameterException:

A specified parameter argument isn't valid. Verify the available arguments and try again.

OpsItemRelatedItemAlreadyExistsException:

The Amazon Resource Name (ARN) is already associated with the OpsItem.

OpsItemConflictException:

The specified OpsItem is in the process of being deleted.

CancelCommand

$result = $client->cancelCommand([/* ... */]);
$promise = $client->cancelCommandAsync([/* ... */]);

Attempts to cancel the command specified by the Command ID. There is no guarantee that the command will be terminated and the underlying process stopped.

Parameter Syntax

$result = $client->cancelCommand([
    'CommandId' => '<string>', // REQUIRED
    'InstanceIds' => ['<string>', ...],
]);

Parameter Details

Members
CommandId
Required: Yes
Type: string

The ID of the command you want to cancel.

InstanceIds
Type: Array of strings

(Optional) A list of managed node IDs on which you want to cancel the command. If not provided, the command is canceled on every node on which it was requested.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerError:

An error occurred on the server side.

InvalidCommandId:

The specified command ID isn't valid. Verify the ID and try again.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

DuplicateInstanceId:

You can't specify a managed node ID in more than one association.

CancelMaintenanceWindowExecution

$result = $client->cancelMaintenanceWindowExecution([/* ... */]);
$promise = $client->cancelMaintenanceWindowExecutionAsync([/* ... */]);

Stops a maintenance window execution that is already in progress and cancels any tasks in the window that haven't already starting running. Tasks already in progress will continue to completion.

Parameter Syntax

$result = $client->cancelMaintenanceWindowExecution([
    'WindowExecutionId' => '<string>', // REQUIRED
]);

Parameter Details

Members
WindowExecutionId
Required: Yes
Type: string

The ID of the maintenance window execution to stop.

Result Syntax

[
    'WindowExecutionId' => '<string>',
]

Result Details

Members
WindowExecutionId
Type: string

The ID of the maintenance window execution that has been stopped.

Errors

InternalServerError:

An error occurred on the server side.

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

CreateActivation

$result = $client->createActivation([/* ... */]);
$promise = $client->createActivationAsync([/* ... */]);

Generates an activation code and activation ID you can use to register your on-premises servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and ID when installing SSM Agent on machines in your hybrid environment. For more information about requirements for managing on-premises machines using Systems Manager, see Using Amazon Web Services Systems Manager in hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.

Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that are configured for Systems Manager are all called managed nodes.

Parameter Syntax

$result = $client->createActivation([
    'DefaultInstanceName' => '<string>',
    'Description' => '<string>',
    'ExpirationDate' => <integer || string || DateTime>,
    'IamRole' => '<string>', // REQUIRED
    'RegistrationLimit' => <integer>,
    'RegistrationMetadata' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
DefaultInstanceName
Type: string

The name of the registered, managed node as it will appear in the Amazon Web Services Systems Manager console or when you use the Amazon Web Services command line tools to list Systems Manager resources.

Don't enter personally identifiable information in this field.

Description
Type: string

A user-defined description of the resource that you want to register with Systems Manager.

Don't enter personally identifiable information in this field.

ExpirationDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date by which this activation request should expire, in timestamp format, such as "2024-07-07T00:00:00". You can specify a date up to 30 days in advance. If you don't provide an expiration date, the activation code expires in 24 hours.

IamRole
Required: Yes
Type: string

The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create the IAM service role required for Systems Manager in a hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.

You can't specify an IAM service-linked role for this parameter. You must create a unique role.

RegistrationLimit
Type: int

Specify the maximum number of managed nodes you want to register. The default value is 1.

RegistrationMetadata
Type: Array of RegistrationMetadataItem structures

Reserved for internal use.

Tags
Type: Array of Tag structures

Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an activation to identify which servers or virtual machines (VMs) in your on-premises environment you intend to activate. In this case, you could specify the following key-value pairs:

  • Key=OS,Value=Windows

  • Key=Environment,Value=Production

When you install SSM Agent on your on-premises servers and VMs, you specify an activation ID and code. When you specify the activation ID and code, tags assigned to the activation are automatically applied to the on-premises servers or VMs.

You can't add tags to or delete tags from an existing activation. You can tag your on-premises servers, edge devices, and VMs after they connect to Systems Manager for the first time and are assigned a managed node ID. This means they are listed in the Amazon Web Services Systems Manager console with an ID that is prefixed with "mi-". For information about how to add tags to your managed nodes, see AddTagsToResource. For information about how to remove tags from your managed nodes, see RemoveTagsFromResource.

Result Syntax

[
    'ActivationCode' => '<string>',
    'ActivationId' => '<string>',
]

Result Details

Members
ActivationCode
Type: string

The code the system generates when it processes the activation. The activation code functions like a password to validate the activation ID.

ActivationId
Type: string

The ID number generated by the system when it processed the activation. The activation ID functions like a user name.

Errors

InvalidParameters:

You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.

InternalServerError:

An error occurred on the server side.

CreateAssociation

$result = $client->createAssociation([/* ... */]);
$promise = $client->createAssociationAsync([/* ... */]);

A State Manager association defines the state that you want to maintain on your managed nodes. For example, an association can specify that anti-virus software must be installed and running on your managed nodes, or that certain ports must be closed. For static targets, the association specifies a schedule for when the configuration is reapplied. For dynamic targets, such as an Amazon Web Services resource group or an Amazon Web Services autoscaling group, State Manager, a capability of Amazon Web Services Systems Manager applies the configuration when new managed nodes are added to the group. The association also specifies actions to take when applying the configuration. For example, an association for anti-virus software might run once a day. If the software isn't installed, then State Manager installs it. If the software is installed, but the service isn't running, then the association might instruct State Manager to start the service.

Parameter Syntax

$result = $client->createAssociation([
    'AlarmConfiguration' => [
        'Alarms' => [ // REQUIRED
            [
                'Name' => '<string>', // REQUIRED
            ],
            // ...
        ],
        'IgnorePollAlarmFailure' => true || false,
    ],
    'ApplyOnlyAtCronInterval' => true || false,
    'AssociationName' => '<string>',
    'AutomationTargetParameterName' => '<string>',
    'CalendarNames' => ['<string>', ...],
    'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED',
    'DocumentVersion' => '<string>',
    'Duration' => <integer>,
    'InstanceId' => '<string>',
    'MaxConcurrency' => '<string>',
    'MaxErrors' => '<string>',
    'Name' => '<string>', // REQUIRED
    'OutputLocation' => [
        'S3Location' => [
            'OutputS3BucketName' => '<string>',
            'OutputS3KeyPrefix' => '<string>',
            'OutputS3Region' => '<string>',
        ],
    ],
    'Parameters' => [
        '<ParameterName>' => ['<string>', ...],
        // ...
    ],
    'ScheduleExpression' => '<string>',
    'ScheduleOffset' => <integer>,
    'SyncCompliance' => 'AUTO|MANUAL',
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'TargetLocations' => [
        [
            'Accounts' => ['<string>', ...],
            'ExcludeAccounts' => ['<string>', ...],
            'ExecutionRoleName' => '<string>',
            'IncludeChildOrganizationUnits' => true || false,
            'Regions' => ['<string>', ...],
            'TargetLocationAlarmConfiguration' => [
                'Alarms' => [ // REQUIRED
                    [
                        'Name' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'IgnorePollAlarmFailure' => true || false,
            ],
            'TargetLocationMaxConcurrency' => '<string>',
            'TargetLocationMaxErrors' => '<string>',
            'Targets' => [
                [
                    'Key' => '<string>',
                    'Values' => ['<string>', ...],
                ],
                // ...
            ],
            'TargetsMaxConcurrency' => '<string>',
            'TargetsMaxErrors' => '<string>',
        ],
        // ...
    ],
    'TargetMaps' => [
        [
            '<TargetMapKey>' => ['<string>', ...],
            // ...
        ],
        // ...
    ],
    'Targets' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
]);

Parameter Details

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The details for the CloudWatch alarm you want to apply to an automation or command.

ApplyOnlyAtCronInterval
Type: boolean

By default, when you create a new association, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.

AssociationName
Type: string

Specify a descriptive name for the association.

AutomationTargetParameterName
Type: string

Choose the parameter that will define how your automation will branch out. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.

CalendarNames
Type: Array of strings

The names or Amazon Resource Names (ARNs) of the Change Calendar type documents you want to gate your associations under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.

ComplianceSeverity
Type: string

The severity level to assign to the association.

DocumentVersion
Type: string

The document version you want to associate with the targets. Can be a specific version or the default version.

State Manager doesn't support running associations that use a new version of a document if that document is shared from another account. State Manager always runs the default version of a document if shared from another account, even though the Systems Manager console shows that a new version was processed. If you want to run an association using a new version of a document shared form another account, you must set the document version to default.

Duration
Type: int

The number of hours the association can run before it is canceled. Duration applies to associations that are currently running, and any pending and in progress commands on all targets. If a target was taken offline for the association to run, it is made available again immediately, without a reboot.

The Duration parameter applies only when both these conditions are true:

  • The association for which you specify a duration is cancelable according to the parameters of the SSM command document or Automation runbook associated with this execution.

  • The command specifies the ApplyOnlyAtCronInterval parameter, which means that the association doesn't run immediately after it is created, but only according to the specified schedule.

InstanceId
Type: string

The managed node ID.

InstanceId has been deprecated. To specify a managed node ID for an association, use the Targets parameter. Requests that include the parameter InstanceID with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameter InstanceId, you can't use the parameters AssociationName, DocumentVersion, MaxErrors, MaxConcurrency, OutputLocation, or ScheduleExpression. To use these parameters, you must use the Targets parameter.

MaxConcurrency
Type: string

The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.

If a new managed node starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for MaxConcurrency.

MaxErrors
Type: string

The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set MaxError to 10%, then the system stops sending the request when the sixth error is received.

Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.

Name
Required: Yes
Type: string

The name of the SSM Command document or Automation runbook that contains the configuration information for the managed node.

You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another Amazon Web Services account.

For Systems Manager documents (SSM documents) that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:

arn:partition:ssm:region:account-id:document/document-name

For example:

arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document

For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS-ApplyPatchBaseline or My-Document.

OutputLocation

An Amazon Simple Storage Service (Amazon S3) bucket where you want to store the output details of the request.

Parameters
Type: Associative array of custom strings keys (ParameterName) to stringss

The parameters for the runtime configuration of the document.

ScheduleExpression
Type: string

A cron expression when the association will be applied to the targets.

ScheduleOffset
Type: int

Number of days to wait after the scheduled day to run an association. For example, if you specified a cron schedule of cron(0 0 ? * THU#2 *), you could specify an offset of 3 to run the association each Sunday after the second Thursday of the month. For more information about cron schedules for associations, see Reference: Cron and rate expressions for Systems Manager in the Amazon Web Services Systems Manager User Guide.

To use offsets, you must specify the ApplyOnlyAtCronInterval parameter. This option tells the system not to run an association immediately after you create it.

SyncCompliance
Type: string

The mode for generating association compliance. You can specify AUTO or MANUAL. In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT. If the association execution doesn't run successfully, the association is NON-COMPLIANT.

In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager. It is managed by your direct call to the PutComplianceItems API operation.

By default, all associations use AUTO mode.

Tags
Type: Array of Tag structures

Adds or overwrites one or more tags for a State Manager association. Tags are metadata that you can assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define.

TargetLocations
Type: Array of TargetLocation structures

A location is a combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association. Use this action to create an association in multiple Regions and multiple accounts.

TargetMaps
Type: Array of maps

A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.

Targets
Type: Array of Target structures

The targets for the association. You can target managed nodes by using tags, Amazon Web Services resource groups, all managed nodes in an Amazon Web Services account, or individual managed node IDs. You can target all managed nodes in an Amazon Web Services account by specifying the InstanceIds key with a value of *. For more information about choosing targets for an association, see Understanding targets and rate controls in State Manager associations in the Amazon Web Services Systems Manager User Guide.

Result Syntax

[
    'AssociationDescription' => [
        'AlarmConfiguration' => [
            'Alarms' => [
                [
                    'Name' => '<string>',
                ],
                // ...
            ],
            'IgnorePollAlarmFailure' => true || false,
        ],
        'ApplyOnlyAtCronInterval' => true || false,
        'AssociationId' => '<string>',
        'AssociationName' => '<string>',
        'AssociationVersion' => '<string>',
        'AutomationTargetParameterName' => '<string>',
        'CalendarNames' => ['<string>', ...],
        'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED',
        'Date' => <DateTime>,
        'DocumentVersion' => '<string>',
        'Duration' => <integer>,
        'InstanceId' => '<string>',
        'LastExecutionDate' => <DateTime>,
        'LastSuccessfulExecutionDate' => <DateTime>,
        'LastUpdateAssociationDate' => <DateTime>,
        'MaxConcurrency' => '<string>',
        'MaxErrors' => '<string>',
        'Name' => '<string>',
        'OutputLocation' => [
            'S3Location' => [
                'OutputS3BucketName' => '<string>',
                'OutputS3KeyPrefix' => '<string>',
                'OutputS3Region' => '<string>',
            ],
        ],
        'Overview' => [
            'AssociationStatusAggregatedCount' => [<integer>, ...],
            'DetailedStatus' => '<string>',
            'Status' => '<string>',
        ],
        'Parameters' => [
            '<ParameterName>' => ['<string>', ...],
            // ...
        ],
        'ScheduleExpression' => '<string>',
        'ScheduleOffset' => <integer>,
        'Status' => [
            'AdditionalInfo' => '<string>',
            'Date' => <DateTime>,
            'Message' => '<string>',
            'Name' => 'Pending|Success|Failed',
        ],
        'SyncCompliance' => 'AUTO|MANUAL',
        'TargetLocations' => [
            [
                'Accounts' => ['<string>', ...],
                'ExcludeAccounts' => ['<string>', ...],
                'ExecutionRoleName' => '<string>',
                'IncludeChildOrganizationUnits' => true || false,
                'Regions' => ['<string>', ...],
                'TargetLocationAlarmConfiguration' => [
                    'Alarms' => [
                        [
                            'Name' => '<string>',
                        ],
                        // ...
                    ],
                    'IgnorePollAlarmFailure' => true || false,
                ],
                'TargetLocationMaxConcurrency' => '<string>',
                'TargetLocationMaxErrors' => '<string>',
                'Targets' => [
                    [
                        'Key' => '<string>',
                        'Values' => ['<string>', ...],
                    ],
                    // ...
                ],
                'TargetsMaxConcurrency' => '<string>',
                'TargetsMaxErrors' => '<string>',
            ],
            // ...
        ],
        'TargetMaps' => [
            [
                '<TargetMapKey>' => ['<string>', ...],
                // ...
            ],
            // ...
        ],
        'Targets' => [
            [
                'Key' => '<string>',
                'Values' => ['<string>', ...],
            ],
            // ...
        ],
        'TriggeredAlarms' => [
            [
                'Name' => '<string>',
                'State' => 'UNKNOWN|ALARM',
            ],
            // ...
        ],
    ],
]

Result Details

Members
AssociationDescription
Type: AssociationDescription structure

Information about the association.

Errors

AssociationAlreadyExists:

The specified association already exists.

AssociationLimitExceeded:

You can have at most 2,000 active associations.

InternalServerError:

An error occurred on the server side.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidDocumentVersion:

The document version isn't valid or doesn't exist.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

UnsupportedPlatformType:

The document doesn't support the platform type of the given managed node IDs. For example, you sent an document for a Windows managed node to a Linux node.

InvalidOutputLocation:

The output location isn't valid or doesn't exist.

InvalidParameters:

You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.

InvalidTarget:

The target isn't valid or doesn't exist. It might not be configured for Systems Manager or you might not have permission to perform the operation.

InvalidSchedule:

The schedule is invalid. Verify your cron or rate expression and try again.

InvalidTargetMaps:

TargetMap parameter isn't valid.

InvalidTag:

The specified tag key or value isn't valid.

CreateAssociationBatch

$result = $client->createAssociationBatch([/* ... */]);
$promise = $client->createAssociationBatchAsync([/* ... */]);

Associates the specified Amazon Web Services Systems Manager document (SSM document) with the specified managed nodes or targets.

When you associate a document with one or more managed nodes using IDs or tags, Amazon Web Services Systems Manager Agent (SSM Agent) running on the managed node processes the document and configures the node as specified.

If you associate a document with a managed node that already has an associated document, the system returns the AssociationAlreadyExists exception.

Parameter Syntax

$result = $client->createAssociationBatch([
    'Entries' => [ // REQUIRED
        [
            'AlarmConfiguration' => [
                'Alarms' => [ // REQUIRED
                    [
                        'Name' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'IgnorePollAlarmFailure' => true || false,
            ],
            'ApplyOnlyAtCronInterval' => true || false,
            'AssociationName' => '<string>',
            'AutomationTargetParameterName' => '<string>',
            'CalendarNames' => ['<string>', ...],
            'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED',
            'DocumentVersion' => '<string>',
            'Duration' => <integer>,
            'InstanceId' => '<string>',
            'MaxConcurrency' => '<string>',
            'MaxErrors' => '<string>',
            'Name' => '<string>', // REQUIRED
            'OutputLocation' => [
                'S3Location' => [
                    'OutputS3BucketName' => '<string>',
                    'OutputS3KeyPrefix' => '<string>',
                    'OutputS3Region' => '<string>',
                ],
            ],
            'Parameters' => [
                '<ParameterName>' => ['<string>', ...],
                // ...
            ],
            'ScheduleExpression' => '<string>',
            'ScheduleOffset' => <integer>,
            'SyncCompliance' => 'AUTO|MANUAL',
            'TargetLocations' => [
                [
                    'Accounts' => ['<string>', ...],
                    'ExcludeAccounts' => ['<string>', ...],
                    'ExecutionRoleName' => '<string>',
                    'IncludeChildOrganizationUnits' => true || false,
                    'Regions' => ['<string>', ...],
                    'TargetLocationAlarmConfiguration' => [
                        'Alarms' => [ // REQUIRED
                            [
                                'Name' => '<string>', // REQUIRED
                            ],
                            // ...
                        ],
                        'IgnorePollAlarmFailure' => true || false,
                    ],
                    'TargetLocationMaxConcurrency' => '<string>',
                    'TargetLocationMaxErrors' => '<string>',
                    'Targets' => [
                        [
                            'Key' => '<string>',
                            'Values' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'TargetsMaxConcurrency' => '<string>',
                    'TargetsMaxErrors' => '<string>',
                ],
                // ...
            ],
            'TargetMaps' => [
                [
                    '<TargetMapKey>' => ['<string>', ...],
                    // ...
                ],
                // ...
            ],
            'Targets' => [
                [
                    'Key' => '<string>',
                    'Values' => ['<string>', ...],
                ],
                // ...
            ],
        ],
        // ...
    ],
]);

Parameter Details

Members
Entries
Required: Yes
Type: Array of CreateAssociationBatchRequestEntry structures

One or more associations.

Result Syntax

[
    'Failed' => [
        [
            'Entry' => [
                'AlarmConfiguration' => [
                    'Alarms' => [
                        [
                            'Name' => '<string>',
                        ],
                        // ...
                    ],
                    'IgnorePollAlarmFailure' => true || false,
                ],
                'ApplyOnlyAtCronInterval' => true || false,
                'AssociationName' => '<string>',
                'AutomationTargetParameterName' => '<string>',
                'CalendarNames' => ['<string>', ...],
                'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED',
                'DocumentVersion' => '<string>',
                'Duration' => <integer>,
                'InstanceId' => '<string>',
                'MaxConcurrency' => '<string>',
                'MaxErrors' => '<string>',
                'Name' => '<string>',
                'OutputLocation' => [
                    'S3Location' => [
                        'OutputS3BucketName' => '<string>',
                        'OutputS3KeyPrefix' => '<string>',
                        'OutputS3Region' => '<string>',
                    ],
                ],
                'Parameters' => [
                    '<ParameterName>' => ['<string>', ...],
                    // ...
                ],
                'ScheduleExpression' => '<string>',
                'ScheduleOffset' => <integer>,
                'SyncCompliance' => 'AUTO|MANUAL',
                'TargetLocations' => [
                    [
                        'Accounts' => ['<string>', ...],
                        'ExcludeAccounts' => ['<string>', ...],
                        'ExecutionRoleName' => '<string>',
                        'IncludeChildOrganizationUnits' => true || false,
                        'Regions' => ['<string>', ...],
                        'TargetLocationAlarmConfiguration' => [
                            'Alarms' => [
                                [
                                    'Name' => '<string>',
                                ],
                                // ...
                            ],
                            'IgnorePollAlarmFailure' => true || false,
                        ],
                        'TargetLocationMaxConcurrency' => '<string>',
                        'TargetLocationMaxErrors' => '<string>',
                        'Targets' => [
                            [
                                'Key' => '<string>',
                                'Values' => ['<string>', ...],
                            ],
                            // ...
                        ],
                        'TargetsMaxConcurrency' => '<string>',
                        'TargetsMaxErrors' => '<string>',
                    ],
                    // ...
                ],
                'TargetMaps' => [
                    [
                        '<TargetMapKey>' => ['<string>', ...],
                        // ...
                    ],
                    // ...
                ],
                'Targets' => [
                    [
                        'Key' => '<string>',
                        'Values' => ['<string>', ...],
                    ],
                    // ...
                ],
            ],
            'Fault' => 'Client|Server|Unknown',
            'Message' => '<string>',
        ],
        // ...
    ],
    'Successful' => [
        [
            'AlarmConfiguration' => [
                'Alarms' => [
                    [
                        'Name' => '<string>',
                    ],
                    // ...
                ],
                'IgnorePollAlarmFailure' => true || false,
            ],
            'ApplyOnlyAtCronInterval' => true || false,
            'AssociationId' => '<string>',
            'AssociationName' => '<string>',
            'AssociationVersion' => '<string>',
            'AutomationTargetParameterName' => '<string>',
            'CalendarNames' => ['<string>', ...],
            'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED',
            'Date' => <DateTime>,
            'DocumentVersion' => '<string>',
            'Duration' => <integer>,
            'InstanceId' => '<string>',
            'LastExecutionDate' => <DateTime>,
            'LastSuccessfulExecutionDate' => <DateTime>,
            'LastUpdateAssociationDate' => <DateTime>,
            'MaxConcurrency' => '<string>',
            'MaxErrors' => '<string>',
            'Name' => '<string>',
            'OutputLocation' => [
                'S3Location' => [
                    'OutputS3BucketName' => '<string>',
                    'OutputS3KeyPrefix' => '<string>',
                    'OutputS3Region' => '<string>',
                ],
            ],
            'Overview' => [
                'AssociationStatusAggregatedCount' => [<integer>, ...],
                'DetailedStatus' => '<string>',
                'Status' => '<string>',
            ],
            'Parameters' => [
                '<ParameterName>' => ['<string>', ...],
                // ...
            ],
            'ScheduleExpression' => '<string>',
            'ScheduleOffset' => <integer>,
            'Status' => [
                'AdditionalInfo' => '<string>',
                'Date' => <DateTime>,
                'Message' => '<string>',
                'Name' => 'Pending|Success|Failed',
            ],
            'SyncCompliance' => 'AUTO|MANUAL',
            'TargetLocations' => [
                [
                    'Accounts' => ['<string>', ...],
                    'ExcludeAccounts' => ['<string>', ...],
                    'ExecutionRoleName' => '<string>',
                    'IncludeChildOrganizationUnits' => true || false,
                    'Regions' => ['<string>', ...],
                    'TargetLocationAlarmConfiguration' => [
                        'Alarms' => [
                            [
                                'Name' => '<string>',
                            ],
                            // ...
                        ],
                        'IgnorePollAlarmFailure' => true || false,
                    ],
                    'TargetLocationMaxConcurrency' => '<string>',
                    'TargetLocationMaxErrors' => '<string>',
                    'Targets' => [
                        [
                            'Key' => '<string>',
                            'Values' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'TargetsMaxConcurrency' => '<string>',
                    'TargetsMaxErrors' => '<string>',
                ],
                // ...
            ],
            'TargetMaps' => [
                [
                    '<TargetMapKey>' => ['<string>', ...],
                    // ...
                ],
                // ...
            ],
            'Targets' => [
                [
                    'Key' => '<string>',
                    'Values' => ['<string>', ...],
                ],
                // ...
            ],
            'TriggeredAlarms' => [
                [
                    'Name' => '<string>',
                    'State' => 'UNKNOWN|ALARM',
                ],
                // ...
            ],
        ],
        // ...
    ],
]

Result Details

Members
Failed
Type: Array of FailedCreateAssociation structures

Information about the associations that failed.

Successful
Type: Array of AssociationDescription structures

Information about the associations that succeeded.

Errors

InternalServerError:

An error occurred on the server side.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidDocumentVersion:

The document version isn't valid or doesn't exist.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InvalidParameters:

You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.

DuplicateInstanceId:

You can't specify a managed node ID in more than one association.

AssociationLimitExceeded:

You can have at most 2,000 active associations.

UnsupportedPlatformType:

The document doesn't support the platform type of the given managed node IDs. For example, you sent an document for a Windows managed node to a Linux node.

InvalidOutputLocation:

The output location isn't valid or doesn't exist.

InvalidTarget:

The target isn't valid or doesn't exist. It might not be configured for Systems Manager or you might not have permission to perform the operation.

InvalidSchedule:

The schedule is invalid. Verify your cron or rate expression and try again.

InvalidTargetMaps:

TargetMap parameter isn't valid.

CreateDocument

$result = $client->createDocument([/* ... */]);
$promise = $client->createDocumentAsync([/* ... */]);

Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs on your managed nodes. For more information about SSM documents, including information about supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the Amazon Web Services Systems Manager User Guide.

Parameter Syntax

$result = $client->createDocument([
    'Attachments' => [
        [
            'Key' => 'SourceUrl|S3FileUrl|AttachmentReference',
            'Name' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'Content' => '<string>', // REQUIRED
    'DisplayName' => '<string>',
    'DocumentFormat' => 'YAML|JSON|TEXT',
    'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup',
    'Name' => '<string>', // REQUIRED
    'Requires' => [
        [
            'Name' => '<string>', // REQUIRED
            'RequireType' => '<string>',
            'Version' => '<string>',
            'VersionName' => '<string>',
        ],
        // ...
    ],
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'TargetType' => '<string>',
    'VersionName' => '<string>',
]);

Parameter Details

Members
Attachments
Type: Array of AttachmentsSource structures

A list of key-value pairs that describe attachments to a version of a document.

Content
Required: Yes
Type: string

The content for the new SSM document in JSON or YAML format. The content of the document must not exceed 64KB. This quota also includes the content specified for input parameters at runtime. We recommend storing the contents for your new document in an external JSON or YAML file and referencing the file in a command.

For examples, see the following topics in the Amazon Web Services Systems Manager User Guide.

DisplayName
Type: string

An optional field where you can specify a friendly name for the SSM document. This value can differ for each version of the document. You can update this value at a later time using the UpdateDocument operation.

DocumentFormat
Type: string

Specify the document format for the request. The document format can be JSON, YAML, or TEXT. JSON is the default format.

DocumentType
Type: string

The type of document to create.

The DeploymentStrategy document type is an internal-use-only document type reserved for AppConfig.

Name
Required: Yes
Type: string

A name for the SSM document.

You can't use the following strings as document name prefixes. These are reserved by Amazon Web Services for use as document name prefixes:

  • aws

  • amazon

  • amzn

  • AWSEC2

  • AWSConfigRemediation

  • AWSSupport

Requires
Type: Array of DocumentRequires structures

A list of SSM documents required by a document. This parameter is used exclusively by AppConfig. When a user creates an AppConfig configuration in an SSM document, the user must also specify a required document for validation purposes. In this case, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document for validation purposes. For more information, see What is AppConfig? in the AppConfig User Guide.

Tags
Type: Array of Tag structures

Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an SSM document to identify the types of targets or the environment where it will run. In this case, you could specify the following key-value pairs:

  • Key=OS,Value=Windows

  • Key=Environment,Value=Production

To add tags to an existing SSM document, use the AddTagsToResource operation.

TargetType
Type: string

Specify a target type to define the kinds of resources the document can run on. For example, to run a document on EC2 instances, specify the following value: /AWS::EC2::Instance. If you specify a value of '/' the document can run on all types of resources. If you don't specify a value, the document can't run on any resources. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.

VersionName
Type: string

An optional field specifying the version of the artifact you are creating with the document. For example, Release12.1. This value is unique across all versions of a document, and can't be changed.

Result Syntax

[
    'DocumentDescription' => [
        'ApprovedVersion' => '<string>',
        'AttachmentsInformation' => [
            [
                'Name' => '<string>',
            ],
            // ...
        ],
        'Author' => '<string>',
        'Category' => ['<string>', ...],
        'CategoryEnum' => ['<string>', ...],
        'CreatedDate' => <DateTime>,
        'DefaultVersion' => '<string>',
        'Description' => '<string>',
        'DisplayName' => '<string>',
        'DocumentFormat' => 'YAML|JSON|TEXT',
        'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup',
        'DocumentVersion' => '<string>',
        'Hash' => '<string>',
        'HashType' => 'Sha256|Sha1',
        'LatestVersion' => '<string>',
        'Name' => '<string>',
        'Owner' => '<string>',
        'Parameters' => [
            [
                'DefaultValue' => '<string>',
                'Description' => '<string>',
                'Name' => '<string>',
                'Type' => 'String|StringList',
            ],
            // ...
        ],
        'PendingReviewVersion' => '<string>',
        'PlatformTypes' => ['<string>', ...],
        'Requires' => [
            [
                'Name' => '<string>',
                'RequireType' => '<string>',
                'Version' => '<string>',
                'VersionName' => '<string>',
            ],
            // ...
        ],
        'ReviewInformation' => [
            [
                'ReviewedTime' => <DateTime>,
                'Reviewer' => '<string>',
                'Status' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED',
            ],
            // ...
        ],
        'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED',
        'SchemaVersion' => '<string>',
        'Sha1' => '<string>',
        'Status' => 'Creating|Active|Updating|Deleting|Failed',
        'StatusInformation' => '<string>',
        'Tags' => [
            [
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'TargetType' => '<string>',
        'VersionName' => '<string>',
    ],
]

Result Details

Members
DocumentDescription
Type: DocumentDescription structure

Information about the SSM document.

Errors

DocumentAlreadyExists:

The specified document already exists.

MaxDocumentSizeExceeded:

The size limit of a document is 64 KB.

InternalServerError:

An error occurred on the server side.

InvalidDocumentContent:

The content for the document isn't valid.

DocumentLimitExceeded:

You can have at most 500 active SSM documents.

InvalidDocumentSchemaVersion:

The version of the document schema isn't supported.

CreateMaintenanceWindow

$result = $client->createMaintenanceWindow([/* ... */]);
$promise = $client->createMaintenanceWindowAsync([/* ... */]);

Creates a new maintenance window.

The value you specify for Duration determines the specific end time for the maintenance window based on the time it begins. No maintenance window tasks are permitted to start after the resulting endtime minus the number of hours you specify for Cutoff. For example, if the maintenance window starts at 3 PM, the duration is three hours, and the value you specify for Cutoff is one hour, no maintenance window tasks can start after 5 PM.

Parameter Syntax

$result = $client->createMaintenanceWindow([
    'AllowUnassociatedTargets' => true || false, // REQUIRED
    'ClientToken' => '<string>',
    'Cutoff' => <integer>, // REQUIRED
    'Description' => '<string>',
    'Duration' => <integer>, // REQUIRED
    'EndDate' => '<string>',
    'Name' => '<string>', // REQUIRED
    'Schedule' => '<string>', // REQUIRED
    'ScheduleOffset' => <integer>,
    'ScheduleTimezone' => '<string>',
    'StartDate' => '<string>',
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
AllowUnassociatedTargets
Required: Yes
Type: boolean

Enables a maintenance window task to run on managed nodes, even if you haven't registered those nodes as targets. If enabled, then you must specify the unregistered managed nodes (by node ID) when you register a task with the maintenance window.

If you don't enable this option, then you must specify previously-registered targets when you register a task with the maintenance window.

ClientToken
Type: string

User-provided idempotency token.

Cutoff
Required: Yes
Type: int

The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.

Description
Type: string

An optional description for the maintenance window. We recommend specifying a description to help you organize your maintenance windows.

Duration
Required: Yes
Type: int

The duration of the maintenance window in hours.

EndDate
Type: string

The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become inactive. EndDate allows you to set a date and time in the future when the maintenance window will no longer run.

Name
Required: Yes
Type: string

The name of the maintenance window.

Schedule
Required: Yes
Type: string

The schedule of the maintenance window in the form of a cron or rate expression.

ScheduleOffset
Type: int

The number of days to wait after the date and time specified by a cron expression before running the maintenance window.

For example, the following cron expression schedules a maintenance window to run on the third Tuesday of every month at 11:30 PM.

cron(30 23 ? * TUE#3 *)

If the schedule offset is 2, the maintenance window won't run until two days later.

ScheduleTimezone
Type: string

The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.

StartDate
Type: string

The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become active. StartDate allows you to delay activation of the maintenance window until the specified future date.

When using a rate schedule, if you provide a start date that occurs in the past, the current date and time are used as the start date.

Tags
Type: Array of Tag structures

Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a maintenance window to identify the type of tasks it will run, the types of targets, and the environment it will run in. In this case, you could specify the following key-value pairs:

  • Key=TaskType,Value=AgentUpdate

  • Key=OS,Value=Windows

  • Key=Environment,Value=Production

To add tags to an existing maintenance window, use the AddTagsToResource operation.

Result Syntax

[
    'WindowId' => '<string>',
]

Result Details

Members
WindowId
Type: string

The ID of the created maintenance window.

Errors

IdempotentParameterMismatch:

Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.

ResourceLimitExceededException:

Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.

For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

CreateOpsItem

$result = $client->createOpsItem([/* ... */]);
$promise = $client->createOpsItemAsync([/* ... */]);

Creates a new OpsItem. You must have permission in Identity and Access Management (IAM) to create a new OpsItem. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.

Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.

Parameter Syntax

$result = $client->createOpsItem([
    'AccountId' => '<string>',
    'ActualEndTime' => <integer || string || DateTime>,
    'ActualStartTime' => <integer || string || DateTime>,
    'Category' => '<string>',
    'Description' => '<string>', // REQUIRED
    'Notifications' => [
        [
            'Arn' => '<string>',
        ],
        // ...
    ],
    'OperationalData' => [
        '<OpsItemDataKey>' => [
            'Type' => 'SearchableString|String',
            'Value' => '<string>',
        ],
        // ...
    ],
    'OpsItemType' => '<string>',
    'PlannedEndTime' => <integer || string || DateTime>,
    'PlannedStartTime' => <integer || string || DateTime>,
    'Priority' => <integer>,
    'RelatedOpsItems' => [
        [
            'OpsItemId' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'Severity' => '<string>',
    'Source' => '<string>', // REQUIRED
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'Title' => '<string>', // REQUIRED
]);

Parameter Details

Members
AccountId
Type: string

The target Amazon Web Services account where you want to create an OpsItem. To make this call, your account must be configured to work with OpsItems across accounts. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.

ActualEndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time a runbook workflow ended. Currently reported only for the OpsItem type /aws/changerequest.

ActualStartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time a runbook workflow started. Currently reported only for the OpsItem type /aws/changerequest.

Category
Type: string

Specify a category to assign to an OpsItem.

Description
Required: Yes
Type: string

User-defined text that contains information about the OpsItem, in Markdown format.

Provide enough information so that users viewing this OpsItem for the first time understand the issue.

Notifications
Type: Array of OpsItemNotification structures

The Amazon Resource Name (ARN) of an SNS topic where notifications are sent when this OpsItem is edited or changed.

OperationalData
Type: Associative array of custom strings keys (OpsItemDataKey) to OpsItemDataValue structures

Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.

Operational data keys can't begin with the following: amazon, aws, amzn, ssm, /amazon, /aws, /amzn, /ssm.

You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).

Use the /aws/resources key in OperationalData to specify a related resource in the request. Use the /aws/automations key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Create OpsItems manually in the Amazon Web Services Systems Manager User Guide.

OpsItemType
Type: string

The type of OpsItem to create. Systems Manager supports the following types of OpsItems:

  • /aws/issue

    This type of OpsItem is used for default OpsItems created by OpsCenter.

  • /aws/changerequest

    This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.

  • /aws/insight

    This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.

PlannedEndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest.

PlannedStartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type /aws/changerequest.

Priority
Type: int

The importance of this OpsItem in relation to other OpsItems in the system.

RelatedOpsItems
Type: Array of RelatedOpsItem structures

One or more OpsItems that share something in common with the current OpsItems. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.

Severity
Type: string

Specify a severity to assign to an OpsItem.

Source
Required: Yes
Type: string

The origin of the OpsItem, such as Amazon EC2 or Systems Manager.

The source name can't contain the following strings: aws, amazon, and amzn.

Tags
Type: Array of Tag structures

Optional metadata that you assign to a resource.

Tags use a key-value pair. For example:

Key=Department,Value=Finance

To add tags to a new OpsItem, a user must have IAM permissions for both the ssm:CreateOpsItems operation and the ssm:AddTagsToResource operation. To add tags to an existing OpsItem, use the AddTagsToResource operation.

Title
Required: Yes
Type: string

A short heading that describes the nature of the OpsItem and the impacted resource.

Result Syntax

[
    'OpsItemArn' => '<string>',
    'OpsItemId' => '<string>',
]

Result Details

Members
OpsItemArn
Type: string

The OpsItem Amazon Resource Name (ARN).

OpsItemId
Type: string

The ID of the OpsItem.

Errors

InternalServerError:

An error occurred on the server side.

OpsItemAlreadyExistsException:

The OpsItem already exists.

OpsItemLimitExceededException:

The request caused OpsItems to exceed one or more quotas.

OpsItemInvalidParameterException:

A specified parameter argument isn't valid. Verify the available arguments and try again.

OpsItemAccessDeniedException:

You don't have permission to view OpsItems in the specified account. Verify that your account is configured either as a Systems Manager delegated administrator or that you are logged into the Organizations management account.

CreateOpsMetadata

$result = $client->createOpsMetadata([/* ... */]);
$promise = $client->createOpsMetadataAsync([/* ... */]);

If you create a new application in Application Manager, Amazon Web Services Systems Manager calls this API operation to specify information about the new application, including the application type.

Parameter Syntax

$result = $client->createOpsMetadata([
    'Metadata' => [
        '<MetadataKey>' => [
            'Value' => '<string>',
        ],
        // ...
    ],
    'ResourceId' => '<string>', // REQUIRED
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
Metadata
Type: Associative array of custom strings keys (MetadataKey) to MetadataValue structures

Metadata for a new Application Manager application.

ResourceId
Required: Yes
Type: string

A resource ID for a new Application Manager application.

Tags
Type: Array of Tag structures

Optional metadata that you assign to a resource. You can specify a maximum of five tags for an OpsMetadata object. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an OpsMetadata object to identify an environment or target Amazon Web Services Region. In this case, you could specify the following key-value pairs:

  • Key=Environment,Value=Production

  • Key=Region,Value=us-east-2

Result Syntax

[
    'OpsMetadataArn' => '<string>',
]

Result Details

Members
OpsMetadataArn
Type: string

The Amazon Resource Name (ARN) of the OpsMetadata Object or blob created by the call.

Errors

OpsMetadataAlreadyExistsException:

An OpsMetadata object already exists for the selected resource.

OpsMetadataTooManyUpdatesException:

The system is processing too many concurrent updates. Wait a few moments and try again.

OpsMetadataInvalidArgumentException:

One of the arguments passed is invalid.

OpsMetadataLimitExceededException:

Your account reached the maximum number of OpsMetadata objects allowed by Application Manager. The maximum is 200 OpsMetadata objects. Delete one or more OpsMetadata object and try again.

InternalServerError:

An error occurred on the server side.

CreatePatchBaseline

$result = $client->createPatchBaseline([/* ... */]);
$promise = $client->createPatchBaselineAsync([/* ... */]);

Creates a patch baseline.

For information about valid key-value pairs in PatchFilters for each supported operating system type, see PatchFilter.

Parameter Syntax

$result = $client->createPatchBaseline([
    'ApprovalRules' => [
        'PatchRules' => [ // REQUIRED
            [
                'ApproveAfterDays' => <integer>,
                'ApproveUntilDate' => '<string>',
                'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED',
                'EnableNonSecurity' => true || false,
                'PatchFilterGroup' => [ // REQUIRED
                    'PatchFilters' => [ // REQUIRED
                        [
                            'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED
                            'Values' => ['<string>', ...], // REQUIRED
                        ],
                        // ...
                    ],
                ],
            ],
            // ...
        ],
    ],
    'ApprovedPatches' => ['<string>', ...],
    'ApprovedPatchesComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED',
    'ApprovedPatchesEnableNonSecurity' => true || false,
    'ClientToken' => '<string>',
    'Description' => '<string>',
    'GlobalFilters' => [
        'PatchFilters' => [ // REQUIRED
            [
                'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED
                'Values' => ['<string>', ...], // REQUIRED
            ],
            // ...
        ],
    ],
    'Name' => '<string>', // REQUIRED
    'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023',
    'RejectedPatches' => ['<string>', ...],
    'RejectedPatchesAction' => 'ALLOW_AS_DEPENDENCY|BLOCK',
    'Sources' => [
        [
            'Configuration' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
            'Products' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
ApprovalRules
Type: PatchRuleGroup structure

A set of rules used to include patches in the baseline.

ApprovedPatches
Type: Array of strings

A list of explicitly approved patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

ApprovedPatchesComplianceLevel
Type: string

Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is UNSPECIFIED.

ApprovedPatchesEnableNonSecurity
Type: boolean

Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is false. Applies to Linux managed nodes only.

ClientToken
Type: string

User-provided idempotency token.

Description
Type: string

A description of the patch baseline.

GlobalFilters
Type: PatchFilterGroup structure

A set of global filters used to include patches in the baseline.

Name
Required: Yes
Type: string

The name of the patch baseline.

OperatingSystem
Type: string

Defines the operating system the patch baseline applies to. The default value is WINDOWS.

RejectedPatches
Type: Array of strings

A list of explicitly rejected patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

RejectedPatchesAction
Type: string

The action for Patch Manager to take on patches included in the RejectedPackages list.

ALLOW_AS_DEPENDENCY

Linux and macOS: A package in the rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as INSTALLED_OTHER. This is the default action if no option is specified.

Windows Server: Windows Server doesn't support the concept of package dependencies. If a package in the rejected patches list and already installed on the node, its status is reported as INSTALLED_OTHER. Any package not already installed on the node is skipped. This is the default action if no option is specified.

BLOCK

All OSs: Packages in the rejected patches list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances. If a package was installed before it was added to the rejected patches list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as INSTALLED_REJECTED.

Sources
Type: Array of PatchSource structures

Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

Tags
Type: Array of Tag structures

Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to. In this case, you could specify the following key-value pairs:

  • Key=PatchSeverity,Value=Critical

  • Key=OS,Value=Windows

To add tags to an existing patch baseline, use the AddTagsToResource operation.

Result Syntax

[
    'BaselineId' => '<string>',
]

Result Details

Members
BaselineId
Type: string

The ID of the created patch baseline.

Errors

IdempotentParameterMismatch:

Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.

ResourceLimitExceededException:

Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.

For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

CreateResourceDataSync

$result = $client->createResourceDataSync([/* ... */]);
$promise = $client->createResourceDataSyncAsync([/* ... */]);

A resource data sync helps you view data from multiple sources in a single location. Amazon Web Services Systems Manager offers two types of resource data sync: SyncToDestination and SyncFromSource.

You can configure Systems Manager Inventory to use the SyncToDestination type to synchronize Inventory data from multiple Amazon Web Services Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Creatinga a resource data sync for Inventory in the Amazon Web Services Systems Manager User Guide.

You can configure Systems Manager Explorer to use the SyncFromSource type to synchronize operational work items (OpsItems) and operational data (OpsData) from multiple Amazon Web Services Regions to a single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple Amazon Web Services accounts and Amazon Web Services Regions or EntireOrganization by using Organizations. For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the Amazon Web Services Systems Manager User Guide.

A resource data sync is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data. To check the status of a sync, use the ListResourceDataSync.

By default, data isn't encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy.

Parameter Syntax

$result = $client->createResourceDataSync([
    'S3Destination' => [
        'AWSKMSKeyARN' => '<string>',
        'BucketName' => '<string>', // REQUIRED
        'DestinationDataSharing' => [
            'DestinationDataSharingType' => '<string>',
        ],
        'Prefix' => '<string>',
        'Region' => '<string>', // REQUIRED
        'SyncFormat' => 'JsonSerDe', // REQUIRED
    ],
    'SyncName' => '<string>', // REQUIRED
    'SyncSource' => [
        'AwsOrganizationsSource' => [
            'OrganizationSourceType' => '<string>', // REQUIRED
            'OrganizationalUnits' => [
                [
                    'OrganizationalUnitId' => '<string>',
                ],
                // ...
            ],
        ],
        'EnableAllOpsDataSources' => true || false,
        'IncludeFutureRegions' => true || false,
        'SourceRegions' => ['<string>', ...], // REQUIRED
        'SourceType' => '<string>', // REQUIRED
    ],
    'SyncType' => '<string>',
]);

Parameter Details

Members
S3Destination

Amazon S3 configuration details for the sync. This parameter is required if the SyncType value is SyncToDestination.

SyncName
Required: Yes
Type: string

A name for the configuration.

SyncSource
Type: ResourceDataSyncSource structure

Specify information about the data sources to synchronize. This parameter is required if the SyncType value is SyncFromSource.

SyncType
Type: string

Specify SyncToDestination to create a resource data sync that synchronizes data to an S3 bucket for Inventory. If you specify SyncToDestination, you must provide a value for S3Destination. Specify SyncFromSource to synchronize data from a single account and multiple Regions, or multiple Amazon Web Services accounts and Amazon Web Services Regions, as listed in Organizations for Explorer. If you specify SyncFromSource, you must provide a value for SyncSource. The default value is SyncToDestination.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerError:

An error occurred on the server side.

ResourceDataSyncCountExceededException:

You have exceeded the allowed maximum sync configurations.

ResourceDataSyncAlreadyExistsException:

A sync configuration with the same name already exists.

ResourceDataSyncInvalidConfigurationException:

The specified sync configuration is invalid.

DeleteActivation

$result = $client->deleteActivation([/* ... */]);
$promise = $client->deleteActivationAsync([/* ... */]);

Deletes an activation. You aren't required to delete an activation. If you delete an activation, you can no longer use it to register additional managed nodes. Deleting an activation doesn't de-register managed nodes. You must manually de-register managed nodes.

Parameter Syntax

$result = $client->deleteActivation([
    'ActivationId' => '<string>', // REQUIRED
]);

Parameter Details

Members
ActivationId
Required: Yes
Type: string

The ID of the activation that you want to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidActivationId:

The activation ID isn't valid. Verify the you entered the correct ActivationId or ActivationCode and try again.

InvalidActivation:

The activation isn't valid. The activation might have been deleted, or the ActivationId and the ActivationCode don't match.

InternalServerError:

An error occurred on the server side.

TooManyUpdates:

There are concurrent updates for a resource that supports one update at a time.

DeleteAssociation

$result = $client->deleteAssociation([/* ... */]);
$promise = $client->deleteAssociationAsync([/* ... */]);

Disassociates the specified Amazon Web Services Systems Manager document (SSM document) from the specified managed node. If you created the association by using the Targets parameter, then you must delete the association by using the association ID.

When you disassociate a document from a managed node, it doesn't change the configuration of the node. To change the configuration state of a managed node after you disassociate a document, you must create a new document with the desired configuration and associate it with the node.

Parameter Syntax

$result = $client->deleteAssociation([
    'AssociationId' => '<string>',
    'InstanceId' => '<string>',
    'Name' => '<string>',
]);

Parameter Details

Members
AssociationId
Type: string

The association ID that you want to delete.

InstanceId
Type: string

The managed node ID.

InstanceId has been deprecated. To specify a managed node ID for an association, use the Targets parameter. Requests that include the parameter InstanceID with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameter InstanceId, you can't use the parameters AssociationName, DocumentVersion, MaxErrors, MaxConcurrency, OutputLocation, or ScheduleExpression. To use these parameters, you must use the Targets parameter.

Name
Type: string

The name of the SSM document.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

AssociationDoesNotExist:

The specified association doesn't exist.

InternalServerError:

An error occurred on the server side.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

TooManyUpdates:

There are concurrent updates for a resource that supports one update at a time.

DeleteDocument

$result = $client->deleteDocument([/* ... */]);
$promise = $client->deleteDocumentAsync([/* ... */]);

Deletes the Amazon Web Services Systems Manager document (SSM document) and all managed node associations to the document.

Before you delete the document, we recommend that you use DeleteAssociation to disassociate all managed nodes that are associated with the document.

Parameter Syntax

$result = $client->deleteDocument([
    'DocumentVersion' => '<string>',
    'Force' => true || false,
    'Name' => '<string>', // REQUIRED
    'VersionName' => '<string>',
]);

Parameter Details

Members
DocumentVersion
Type: string

The version of the document that you want to delete. If not provided, all versions of the document are deleted.

Force
Type: boolean

Some SSM document types require that you specify a Force flag before you can delete the document. For example, you must specify a Force flag to delete a document of type ApplicationConfigurationSchema. You can restrict access to the Force flag in an Identity and Access Management (IAM) policy.

Name
Required: Yes
Type: string

The name of the document.

VersionName
Type: string

The version name of the document that you want to delete. If not provided, all versions of the document are deleted.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerError:

An error occurred on the server side.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidDocumentOperation:

You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.

AssociatedInstances:

You must disassociate a document from all managed nodes before you can delete it.

DeleteInventory

$result = $client->deleteInventory([/* ... */]);
$promise = $client->deleteInventoryAsync([/* ... */]);

Delete a custom inventory type or the data associated with a custom Inventory type. Deleting a custom inventory type is also referred to as deleting a custom inventory schema.

Parameter Syntax

$result = $client->deleteInventory([
    'ClientToken' => '<string>',
    'DryRun' => true || false,
    'SchemaDeleteOption' => 'DisableSchema|DeleteSchema',
    'TypeName' => '<string>', // REQUIRED
]);

Parameter Details

Members
ClientToken
Type: string

User-provided idempotency token.

DryRun
Type: boolean

Use this option to view a summary of the deletion request without deleting any data or the data type. This option is useful when you only want to understand what will be deleted. Once you validate that the data to be deleted is what you intend to delete, you can run the same command without specifying the DryRun option.

SchemaDeleteOption
Type: string

Use the SchemaDeleteOption to delete a custom inventory type (schema). If you don't choose this option, the system only deletes existing inventory data associated with the custom inventory type. Choose one of the following options:

DisableSchema: If you choose this option, the system ignores all inventory data for the specified version, and any earlier versions. To enable this schema again, you must call the PutInventory operation for a version greater than the disabled version.

DeleteSchema: This option deletes the specified custom type from the Inventory service. You can recreate the schema later, if you want.

TypeName
Required: Yes
Type: string

The name of the custom inventory type for which you want to delete either all previously collected data or the inventory type itself.

Result Syntax

[
    'DeletionId' => '<string>',
    'DeletionSummary' => [
        'RemainingCount' => <integer>,
        'SummaryItems' => [
            [
                'Count' => <integer>,
                'RemainingCount' => <integer>,
                'Version' => '<string>',
            ],
            // ...
        ],
        'TotalCount' => <integer>,
    ],
    'TypeName' => '<string>',
]

Result Details

Members
DeletionId
Type: string

Every DeleteInventory operation is assigned a unique ID. This option returns a unique ID. You can use this ID to query the status of a delete operation. This option is useful for ensuring that a delete operation has completed before you begin other operations.

DeletionSummary
Type: InventoryDeletionSummary structure

A summary of the delete operation. For more information about this summary, see Deleting custom inventory in the Amazon Web Services Systems Manager User Guide.

TypeName
Type: string

The name of the inventory data type specified in the request.

Errors

InternalServerError:

An error occurred on the server side.

InvalidTypeNameException:

The parameter type name isn't valid.

InvalidOptionException:

The delete inventory option specified isn't valid. Verify the option and try again.

InvalidDeleteInventoryParametersException:

One or more of the parameters specified for the delete operation isn't valid. Verify all parameters and try again.

InvalidInventoryRequestException:

The request isn't valid.

DeleteMaintenanceWindow

$result = $client->deleteMaintenanceWindow([/* ... */]);
$promise = $client->deleteMaintenanceWindowAsync([/* ... */]);

Deletes a maintenance window.

Parameter Syntax

$result = $client->deleteMaintenanceWindow([
    'WindowId' => '<string>', // REQUIRED
]);

Parameter Details

Members
WindowId
Required: Yes
Type: string

The ID of the maintenance window to delete.

Result Syntax

[
    'WindowId' => '<string>',
]

Result Details

Members
WindowId
Type: string

The ID of the deleted maintenance window.

Errors

InternalServerError:

An error occurred on the server side.

DeleteOpsItem

$result = $client->deleteOpsItem([/* ... */]);
$promise = $client->deleteOpsItemAsync([/* ... */]);

Delete an OpsItem. You must have permission in Identity and Access Management (IAM) to delete an OpsItem.

Note the following important information about this operation.

  • Deleting an OpsItem is irreversible. You can't restore a deleted OpsItem.

  • This operation uses an eventual consistency model, which means the system can take a few minutes to complete this operation. If you delete an OpsItem and immediately call, for example, GetOpsItem, the deleted OpsItem might still appear in the response.

  • This operation is idempotent. The system doesn't throw an exception if you repeatedly call this operation for the same OpsItem. If the first call is successful, all additional calls return the same successful response as the first call.

  • This operation doesn't support cross-account calls. A delegated administrator or management account can't delete OpsItems in other accounts, even if OpsCenter has been set up for cross-account administration. For more information about cross-account administration, see Setting up OpsCenter to centrally manage OpsItems across accounts in the Systems Manager User Guide.

Parameter Syntax

$result = $client->deleteOpsItem([
    'OpsItemId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OpsItemId
Required: Yes
Type: string

The ID of the OpsItem that you want to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerError:

An error occurred on the server side.

OpsItemInvalidParameterException:

A specified parameter argument isn't valid. Verify the available arguments and try again.

DeleteOpsMetadata

$result = $client->deleteOpsMetadata([/* ... */]);
$promise = $client->deleteOpsMetadataAsync([/* ... */]);

Delete OpsMetadata related to an application.

Parameter Syntax

$result = $client->deleteOpsMetadata([
    'OpsMetadataArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
OpsMetadataArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of an OpsMetadata Object to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

OpsMetadataNotFoundException:

The OpsMetadata object doesn't exist.

OpsMetadataInvalidArgumentException:

One of the arguments passed is invalid.

InternalServerError:

An error occurred on the server side.

DeleteParameter

$result = $client->deleteParameter([/* ... */]);
$promise = $client->deleteParameterAsync([/* ... */]);

Delete a parameter from the system. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.

Parameter Syntax

$result = $client->deleteParameter([
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
Name
Required: Yes
Type: string

The name of the parameter to delete.

You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerError:

An error occurred on the server side.

ParameterNotFound:

The parameter couldn't be found. Verify the name and try again.

DeleteParameters

$result = $client->deleteParameters([/* ... */]);
$promise = $client->deleteParametersAsync([/* ... */]);

Delete a list of parameters. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.

Parameter Syntax

$result = $client->deleteParameters([
    'Names' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
Names
Required: Yes
Type: Array of strings

The names of the parameters to delete. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.

You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.

Result Syntax

[
    'DeletedParameters' => ['<string>', ...],
    'InvalidParameters' => ['<string>', ...],
]

Result Details

Members
DeletedParameters
Type: Array of strings

The names of the deleted parameters.

InvalidParameters
Type: Array of strings

The names of parameters that weren't deleted because the parameters aren't valid.

Errors

InternalServerError:

An error occurred on the server side.

DeletePatchBaseline

$result = $client->deletePatchBaseline([/* ... */]);
$promise = $client->deletePatchBaselineAsync([/* ... */]);

Deletes a patch baseline.

Parameter Syntax

$result = $client->deletePatchBaseline([
    'BaselineId' => '<string>', // REQUIRED
]);

Parameter Details

Members
BaselineId
Required: Yes
Type: string

The ID of the patch baseline to delete.

Result Syntax

[
    'BaselineId' => '<string>',
]

Result Details

Members
BaselineId
Type: string

The ID of the deleted patch baseline.

Errors

ResourceInUseException:

Error returned if an attempt is made to delete a patch baseline that is registered for a patch group.

InternalServerError:

An error occurred on the server side.

DeleteResourceDataSync

$result = $client->deleteResourceDataSync([/* ... */]);
$promise = $client->deleteResourceDataSyncAsync([/* ... */]);

Deletes a resource data sync configuration. After the configuration is deleted, changes to data on managed nodes are no longer synced to or from the target. Deleting a sync configuration doesn't delete data.

Parameter Syntax

$result = $client->deleteResourceDataSync([
    'SyncName' => '<string>', // REQUIRED
    'SyncType' => '<string>',
]);

Parameter Details

Members
SyncName
Required: Yes
Type: string

The name of the configuration to delete.

SyncType
Type: string

Specify the type of resource data sync to delete.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerError:

An error occurred on the server side.

ResourceDataSyncNotFoundException:

The specified sync name wasn't found.

ResourceDataSyncInvalidConfigurationException:

The specified sync configuration is invalid.

DeleteResourcePolicy

$result = $client->deleteResourcePolicy([/* ... */]);
$promise = $client->deleteResourcePolicyAsync([/* ... */]);

Deletes a Systems Manager resource policy. A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. The following resources support Systems Manager resource policies.

  • OpsItemGroup - The resource policy for OpsItemGroup enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems).

  • Parameter - The resource policy is used to share a parameter with other accounts using Resource Access Manager (RAM). For more information about cross-account sharing of parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.

Parameter Syntax

$result = $client->deleteResourcePolicy([
    'PolicyHash' => '<string>', // REQUIRED
    'PolicyId' => '<string>', // REQUIRED
    'ResourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
PolicyHash
Required: Yes
Type: string

ID of the current policy version. The hash helps to prevent multiple calls from attempting to overwrite a policy.

PolicyId
Required: Yes
Type: string

The policy ID.

ResourceArn
Required: Yes
Type: string

Amazon Resource Name (ARN) of the resource to which the policies are attached.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerError:

An error occurred on the server side.

ResourcePolicyInvalidParameterException:

One or more parameters specified for the call aren't valid. Verify the parameters and their values and try again.

ResourcePolicyConflictException:

The hash provided in the call doesn't match the stored hash. This exception is thrown when trying to update an obsolete policy version or when multiple requests to update a policy are sent.

ResourceNotFoundException:

The specified parameter to be shared could not be found.

MalformedResourcePolicyDocumentException:

The specified policy document is malformed or invalid, or excessive PutResourcePolicy or DeleteResourcePolicy calls have been made.

ResourcePolicyNotFoundException:

No policies with the specified policy ID and hash could be found.

DeregisterManagedInstance

$result = $client->deregisterManagedInstance([/* ... */]);
$promise = $client->deregisterManagedInstanceAsync([/* ... */]);

Removes the server or virtual machine from the list of registered servers. You can reregister the node again at any time. If you don't plan to use Run Command on the server, we suggest uninstalling SSM Agent first.

Parameter Syntax

$result = $client->deregisterManagedInstance([
    'InstanceId' => '<string>', // REQUIRED
]);

Parameter Details

Members
InstanceId
Required: Yes
Type: string

The ID assigned to the managed node when you registered it using the activation process.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InternalServerError:

An error occurred on the server side.

DeregisterPatchBaselineForPatchGroup

$result = $client->deregisterPatchBaselineForPatchGroup([/* ... */]);
$promise = $client->deregisterPatchBaselineForPatchGroupAsync([/* ... */]);

Removes a patch group from a patch baseline.

Parameter Syntax

$result = $client->deregisterPatchBaselineForPatchGroup([
    'BaselineId' => '<string>', // REQUIRED
    'PatchGroup' => '<string>', // REQUIRED
]);

Parameter Details

Members
BaselineId
Required: Yes
Type: string

The ID of the patch baseline to deregister the patch group from.

PatchGroup
Required: Yes
Type: string

The name of the patch group that should be deregistered from the patch baseline.

Result Syntax

[
    'BaselineId' => '<string>',
    'PatchGroup' => '<string>',
]

Result Details

Members
BaselineId
Type: string

The ID of the patch baseline the patch group was deregistered from.

PatchGroup
Type: string

The name of the patch group deregistered from the patch baseline.

Errors

InvalidResourceId:

The resource ID isn't valid. Verify that you entered the correct ID and try again.

InternalServerError:

An error occurred on the server side.

DeregisterTargetFromMaintenanceWindow

$result = $client->deregisterTargetFromMaintenanceWindow([/* ... */]);
$promise = $client->deregisterTargetFromMaintenanceWindowAsync([/* ... */]);

Removes a target from a maintenance window.

Parameter Syntax

$result = $client->deregisterTargetFromMaintenanceWindow([
    'Safe' => true || false,
    'WindowId' => '<string>', // REQUIRED
    'WindowTargetId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Safe
Type: boolean

The system checks if the target is being referenced by a task. If the target is being referenced, the system returns an error and doesn't deregister the target from the maintenance window.

WindowId
Required: Yes
Type: string

The ID of the maintenance window the target should be removed from.

WindowTargetId
Required: Yes
Type: string

The ID of the target definition to remove.

Result Syntax

[
    'WindowId' => '<string>',
    'WindowTargetId' => '<string>',
]

Result Details

Members
WindowId
Type: string

The ID of the maintenance window the target was removed from.

WindowTargetId
Type: string

The ID of the removed target definition.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

TargetInUseException:

You specified the Safe option for the DeregisterTargetFromMaintenanceWindow operation, but the target is still referenced in a task.

DeregisterTaskFromMaintenanceWindow

$result = $client->deregisterTaskFromMaintenanceWindow([/* ... */]);
$promise = $client->deregisterTaskFromMaintenanceWindowAsync([/* ... */]);

Removes a task from a maintenance window.

Parameter Syntax

$result = $client->deregisterTaskFromMaintenanceWindow([
    'WindowId' => '<string>', // REQUIRED
    'WindowTaskId' => '<string>', // REQUIRED
]);

Parameter Details

Members
WindowId
Required: Yes
Type: string

The ID of the maintenance window the task should be removed from.

WindowTaskId
Required: Yes
Type: string

The ID of the task to remove from the maintenance window.

Result Syntax

[
    'WindowId' => '<string>',
    'WindowTaskId' => '<string>',
]

Result Details

Members
WindowId
Type: string

The ID of the maintenance window the task was removed from.

WindowTaskId
Type: string

The ID of the task removed from the maintenance window.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

DescribeActivations

$result = $client->describeActivations([/* ... */]);
$promise = $client->describeActivationsAsync([/* ... */]);

Describes details about the activation, such as the date and time the activation was created, its expiration date, the Identity and Access Management (IAM) role assigned to the managed nodes in the activation, and the number of nodes registered by using this activation.

Parameter Syntax

$result = $client->describeActivations([
    'Filters' => [
        [
            'FilterKey' => 'ActivationIds|DefaultInstanceName|IamRole',
            'FilterValues' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of DescribeActivationsFilter structures

A filter to view information about your activations.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

Result Syntax

[
    'ActivationList' => [
        [
            'ActivationId' => '<string>',
            'CreatedDate' => <DateTime>,
            'DefaultInstanceName' => '<string>',
            'Description' => '<string>',
            'ExpirationDate' => <DateTime>,
            'Expired' => true || false,
            'IamRole' => '<string>',
            'RegistrationLimit' => <integer>,
            'RegistrationsCount' => <integer>,
            'Tags' => [
                [
                    'Key' => '<string>',
                    'Value' => '<string>',
                ],
                // ...
            ],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
ActivationList
Type: Array of Activation structures

A list of activations for your Amazon Web Services account.

NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

Errors

InvalidFilter:

The filter name isn't valid. Verify the you entered the correct name and try again.

InvalidNextToken:

The specified token isn't valid.

InternalServerError:

An error occurred on the server side.

DescribeAssociation

$result = $client->describeAssociation([/* ... */]);
$promise = $client->describeAssociationAsync([/* ... */]);

Describes the association for the specified target or managed node. If you created the association by using the Targets parameter, then you must retrieve the association by using the association ID.

Parameter Syntax

$result = $client->describeAssociation([
    'AssociationId' => '<string>',
    'AssociationVersion' => '<string>',
    'InstanceId' => '<string>',
    'Name' => '<string>',
]);

Parameter Details

Members
AssociationId
Type: string

The association ID for which you want information.

AssociationVersion
Type: string

Specify the association version to retrieve. To view the latest version, either specify $LATEST for this parameter, or omit this parameter. To view a list of all associations for a managed node, use ListAssociations. To get a list of versions for a specific association, use ListAssociationVersions.

InstanceId
Type: string

The managed node ID.

Name
Type: string

The name of the SSM document.

Result Syntax

[
    'AssociationDescription' => [
        'AlarmConfiguration' => [
            'Alarms' => [
                [
                    'Name' => '<string>',
                ],
                // ...
            ],
            'IgnorePollAlarmFailure' => true || false,
        ],
        'ApplyOnlyAtCronInterval' => true || false,
        'AssociationId' => '<string>',
        'AssociationName' => '<string>',
        'AssociationVersion' => '<string>',
        'AutomationTargetParameterName' => '<string>',
        'CalendarNames' => ['<string>', ...],
        'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED',
        'Date' => <DateTime>,
        'DocumentVersion' => '<string>',
        'Duration' => <integer>,
        'InstanceId' => '<string>',
        'LastExecutionDate' => <DateTime>,
        'LastSuccessfulExecutionDate' => <DateTime>,
        'LastUpdateAssociationDate' => <DateTime>,
        'MaxConcurrency' => '<string>',
        'MaxErrors' => '<string>',
        'Name' => '<string>',
        'OutputLocation' => [
            'S3Location' => [
                'OutputS3BucketName' => '<string>',
                'OutputS3KeyPrefix' => '<string>',
                'OutputS3Region' => '<string>',
            ],
        ],
        'Overview' => [
            'AssociationStatusAggregatedCount' => [<integer>, ...],
            'DetailedStatus' => '<string>',
            'Status' => '<string>',
        ],
        'Parameters' => [
            '<ParameterName>' => ['<string>', ...],
            // ...
        ],
        'ScheduleExpression' => '<string>',
        'ScheduleOffset' => <integer>,
        'Status' => [
            'AdditionalInfo' => '<string>',
            'Date' => <DateTime>,
            'Message' => '<string>',
            'Name' => 'Pending|Success|Failed',
        ],
        'SyncCompliance' => 'AUTO|MANUAL',
        'TargetLocations' => [
            [
                'Accounts' => ['<string>', ...],
                'ExcludeAccounts' => ['<string>', ...],
                'ExecutionRoleName' => '<string>',
                'IncludeChildOrganizationUnits' => true || false,
                'Regions' => ['<string>', ...],
                'TargetLocationAlarmConfiguration' => [
                    'Alarms' => [
                        [
                            'Name' => '<string>',
                        ],
                        // ...
                    ],
                    'IgnorePollAlarmFailure' => true || false,
                ],
                'TargetLocationMaxConcurrency' => '<string>',
                'TargetLocationMaxErrors' => '<string>',
                'Targets' => [
                    [
                        'Key' => '<string>',
                        'Values' => ['<string>', ...],
                    ],
                    // ...
                ],
                'TargetsMaxConcurrency' => '<string>',
                'TargetsMaxErrors' => '<string>',
            ],
            // ...
        ],
        'TargetMaps' => [
            [
                '<TargetMapKey>' => ['<string>', ...],
                // ...
            ],
            // ...
        ],
        'Targets' => [
            [
                'Key' => '<string>',
                'Values' => ['<string>', ...],
            ],
            // ...
        ],
        'TriggeredAlarms' => [
            [
                'Name' => '<string>',
                'State' => 'UNKNOWN|ALARM',
            ],
            // ...
        ],
    ],
]

Result Details

Members
AssociationDescription
Type: AssociationDescription structure

Information about the association.

Errors

AssociationDoesNotExist:

The specified association doesn't exist.

InvalidAssociationVersion:

The version you specified isn't valid. Use ListAssociationVersions to view all versions of an association according to the association ID. Or, use the $LATEST parameter to view the latest version of the association.

InternalServerError:

An error occurred on the server side.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

DescribeAssociationExecutionTargets

$result = $client->describeAssociationExecutionTargets([/* ... */]);
$promise = $client->describeAssociationExecutionTargetsAsync([/* ... */]);

Views information about a specific execution of a specific association.

Parameter Syntax

$result = $client->describeAssociationExecutionTargets([
    'AssociationId' => '<string>', // REQUIRED
    'ExecutionId' => '<string>', // REQUIRED
    'Filters' => [
        [
            'Key' => 'Status|ResourceId|ResourceType', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
AssociationId
Required: Yes
Type: string

The association ID that includes the execution for which you want to view details.

ExecutionId
Required: Yes
Type: string

The execution ID for which you want to view details.

Filters
Type: Array of AssociationExecutionTargetsFilter structures

Filters for the request. You can specify the following filters and values.

Status (EQUAL)

ResourceId (EQUAL)

ResourceType (EQUAL)

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

Result Syntax

[
    'AssociationExecutionTargets' => [
        [
            'AssociationId' => '<string>',
            'AssociationVersion' => '<string>',
            'DetailedStatus' => '<string>',
            'ExecutionId' => '<string>',
            'LastExecutionDate' => <DateTime>,
            'OutputSource' => [
                'OutputSourceId' => '<string>',
                'OutputSourceType' => '<string>',
            ],
            'ResourceId' => '<string>',
            'ResourceType' => '<string>',
            'Status' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
AssociationExecutionTargets
Type: Array of AssociationExecutionTarget structures

Information about the execution.

NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

Errors

InternalServerError:

An error occurred on the server side.

AssociationDoesNotExist:

The specified association doesn't exist.

InvalidNextToken:

The specified token isn't valid.

AssociationExecutionDoesNotExist:

The specified execution ID doesn't exist. Verify the ID number and try again.

DescribeAssociationExecutions

$result = $client->describeAssociationExecutions([/* ... */]);
$promise = $client->describeAssociationExecutionsAsync([/* ... */]);

Views all executions for a specific association ID.

Parameter Syntax

$result = $client->describeAssociationExecutions([
    'AssociationId' => '<string>', // REQUIRED
    'Filters' => [
        [
            'Key' => 'ExecutionId|Status|CreatedTime', // REQUIRED
            'Type' => 'EQUAL|LESS_THAN|GREATER_THAN', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
AssociationId
Required: Yes
Type: string

The association ID for which you want to view execution history details.

Filters
Type: Array of AssociationExecutionFilter structures

Filters for the request. You can specify the following filters and values.

ExecutionId (EQUAL)

Status (EQUAL)

CreatedTime (EQUAL, GREATER_THAN, LESS_THAN)

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

Result Syntax

[
    'AssociationExecutions' => [
        [
            'AlarmConfiguration' => [
                'Alarms' => [
                    [
                        'Name' => '<string>',
                    ],
                    // ...
                ],
                'IgnorePollAlarmFailure' => true || false,
            ],
            'AssociationId' => '<string>',
            'AssociationVersion' => '<string>',
            'CreatedTime' => <DateTime>,
            'DetailedStatus' => '<string>',
            'ExecutionId' => '<string>',
            'LastExecutionDate' => <DateTime>,
            'ResourceCountByStatus' => '<string>',
            'Status' => '<string>',
            'TriggeredAlarms' => [
                [
                    'Name' => '<string>',
                    'State' => 'UNKNOWN|ALARM',
                ],
                // ...
            ],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
AssociationExecutions
Type: Array of AssociationExecution structures

A list of the executions for the specified association ID.

NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

Errors

InternalServerError:

An error occurred on the server side.

AssociationDoesNotExist:

The specified association doesn't exist.

InvalidNextToken:

The specified token isn't valid.

DescribeAutomationExecutions

$result = $client->describeAutomationExecutions([/* ... */]);
$promise = $client->describeAutomationExecutionsAsync([/* ... */]);

Provides details about all active and terminated Automation executions.

Parameter Syntax

$result = $client->describeAutomationExecutions([
    'Filters' => [
        [
            'Key' => 'DocumentNamePrefix|ExecutionStatus|ExecutionId|ParentExecutionId|CurrentAction|StartTimeBefore|StartTimeAfter|AutomationType|TagKey|TargetResourceGroup|AutomationSubtype|OpsItemId', // REQUIRED
            'Values' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of AutomationExecutionFilter structures

Filters used to limit the scope of executions that are requested.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'AutomationExecutionMetadataList' => [
        [
            'AlarmConfiguration' => [
                'Alarms' => [
                    [
                        'Name' => '<string>',
                    ],
                    // ...
                ],
                'IgnorePollAlarmFailure' => true || false,
            ],
            'AssociationId' => '<string>',
            'AutomationExecutionId' => '<string>',
            'AutomationExecutionStatus' => 'Pending|InProgress|Waiting|Success|TimedOut|Cancelling|Cancelled|Failed|PendingApproval|Approved|Rejected|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|CompletedWithSuccess|CompletedWithFailure|Exited',
            'AutomationSubtype' => 'ChangeRequest',
            'AutomationType' => 'CrossAccount|Local',
            'ChangeRequestName' => '<string>',
            'CurrentAction' => '<string>',
            'CurrentStepName' => '<string>',
            'DocumentName' => '<string>',
            'DocumentVersion' => '<string>',
            'ExecutedBy' => '<string>',
            'ExecutionEndTime' => <DateTime>,
            'ExecutionStartTime' => <DateTime>,
            'FailureMessage' => '<string>',
            'LogFile' => '<string>',
            'MaxConcurrency' => '<string>',
            'MaxErrors' => '<string>',
            'Mode' => 'Auto|Interactive',
            'OpsItemId' => '<string>',
            'Outputs' => [
                '<AutomationParameterKey>' => ['<string>', ...],
                // ...
            ],
            'ParentAutomationExecutionId' => '<string>',
            'ResolvedTargets' => [
                'ParameterValues' => ['<string>', ...],
                'Truncated' => true || false,
            ],
            'Runbooks' => [
                [
                    'DocumentName' => '<string>',
                    'DocumentVersion' => '<string>',
                    'MaxConcurrency' => '<string>',
                    'MaxErrors' => '<string>',
                    'Parameters' => [
                        '<AutomationParameterKey>' => ['<string>', ...],
                        // ...
                    ],
                    'TargetLocations' => [
                        [
                            'Accounts' => ['<string>', ...],
                            'ExcludeAccounts' => ['<string>', ...],
                            'ExecutionRoleName' => '<string>',
                            'IncludeChildOrganizationUnits' => true || false,
                            'Regions' => ['<string>', ...],
                            'TargetLocationAlarmConfiguration' => [
                                'Alarms' => [
                                    [
                                        'Name' => '<string>',
                                    ],
                                    // ...
                                ],
                                'IgnorePollAlarmFailure' => true || false,
                            ],
                            'TargetLocationMaxConcurrency' => '<string>',
                            'TargetLocationMaxErrors' => '<string>',
                            'Targets' => [
                                [
                                    'Key' => '<string>',
                                    'Values' => ['<string>', ...],
                                ],
                                // ...
                            ],
                            'TargetsMaxConcurrency' => '<string>',
                            'TargetsMaxErrors' => '<string>',
                        ],
                        // ...
                    ],
                    'TargetMaps' => [
                        [
                            '<TargetMapKey>' => ['<string>', ...],
                            // ...
                        ],
                        // ...
                    ],
                    'TargetParameterName' => '<string>',
                    'Targets' => [
                        [
                            'Key' => '<string>',
                            'Values' => ['<string>', ...],
                        ],
                        // ...
                    ],
                ],
                // ...
            ],
            'ScheduledTime' => <DateTime>,
            'Target' => '<string>',
            'TargetLocationsURL' => '<string>',
            'TargetMaps' => [
                [
                    '<TargetMapKey>' => ['<string>', ...],
                    // ...
                ],
                // ...
            ],
            'TargetParameterName' => '<string>',
            'Targets' => [
                [
                    'Key' => '<string>',
                    'Values' => ['<string>', ...],
                ],
                // ...
            ],
            'TriggeredAlarms' => [
                [
                    'Name' => '<string>',
                    'State' => 'UNKNOWN|ALARM',
                ],
                // ...
            ],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
AutomationExecutionMetadataList
Type: Array of AutomationExecutionMetadata structures

The list of details about each automation execution which has occurred which matches the filter specification, if any.

NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Errors

InvalidFilterKey:

The specified key isn't valid.

InvalidFilterValue:

The filter value isn't valid. Verify the value and try again.

InvalidNextToken:

The specified token isn't valid.

InternalServerError:

An error occurred on the server side.

DescribeAutomationStepExecutions

$result = $client->describeAutomationStepExecutions([/* ... */]);
$promise = $client->describeAutomationStepExecutionsAsync([/* ... */]);

Information about all active and terminated step executions in an Automation workflow.

Parameter Syntax

$result = $client->describeAutomationStepExecutions([
    'AutomationExecutionId' => '<string>', // REQUIRED
    'Filters' => [
        [
            'Key' => 'StartTimeBefore|StartTimeAfter|StepExecutionStatus|StepExecutionId|StepName|Action|ParentStepExecutionId|ParentStepIteration|ParentStepIteratorValue', // REQUIRED
            'Values' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'ReverseOrder' => true || false,
]);

Parameter Details

Members
AutomationExecutionId
Required: Yes
Type: string

The Automation execution ID for which you want step execution descriptions.

Filters
Type: Array of StepExecutionFilter structures

One or more filters to limit the number of step executions returned by the request.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

ReverseOrder
Type: boolean

Indicates whether to list step executions in reverse order by start time. The default value is 'false'.

Result Syntax

[
    'NextToken' => '<string>',
    'StepExecutions' => [
        [
            'Action' => '<string>',
            'ExecutionEndTime' => <DateTime>,
            'ExecutionStartTime' => <DateTime>,
            'FailureDetails' => [
                'Details' => [
                    '<AutomationParameterKey>' => ['<string>', ...],
                    // ...
                ],
                'FailureStage' => '<string>',
                'FailureType' => '<string>',
            ],
            'FailureMessage' => '<string>',
            'Inputs' => ['<string>', ...],
            'IsCritical' => true || false,
            'IsEnd' => true || false,
            'MaxAttempts' => <integer>,
            'NextStep' => '<string>',
            'OnFailure' => '<string>',
            'Outputs' => [
                '<AutomationParameterKey>' => ['<string>', ...],
                // ...
            ],
            'OverriddenParameters' => [
                '<AutomationParameterKey>' => ['<string>', ...],
                // ...
            ],
            'ParentStepDetails' => [
                'Action' => '<string>',
                'Iteration' => <integer>,
                'IteratorValue' => '<string>',
                'StepExecutionId' => '<string>',
                'StepName' => '<string>',
            ],
            'Response' => '<string>',
            'ResponseCode' => '<string>',
            'StepExecutionId' => '<string>',
            'StepName' => '<string>',
            'StepStatus' => 'Pending|InProgress|Waiting|Success|TimedOut|Cancelling|Cancelled|Failed|PendingApproval|Approved|Rejected|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|CompletedWithSuccess|CompletedWithFailure|Exited',
            'TargetLocation' => [
                'Accounts' => ['<string>', ...],
                'ExcludeAccounts' => ['<string>', ...],
                'ExecutionRoleName' => '<string>',
                'IncludeChildOrganizationUnits' => true || false,
                'Regions' => ['<string>', ...],
                'TargetLocationAlarmConfiguration' => [
                    'Alarms' => [
                        [
                            'Name' => '<string>',
                        ],
                        // ...
                    ],
                    'IgnorePollAlarmFailure' => true || false,
                ],
                'TargetLocationMaxConcurrency' => '<string>',
                'TargetLocationMaxErrors' => '<string>',
                'Targets' => [
                    [
                        'Key' => '<string>',
                        'Values' => ['<string>', ...],
                    ],
                    // ...
                ],
                'TargetsMaxConcurrency' => '<string>',
                'TargetsMaxErrors' => '<string>',
            ],
            'Targets' => [
                [
                    'Key' => '<string>',
                    'Values' => ['<string>', ...],
                ],
                // ...
            ],
            'TimeoutSeconds' => <integer>,
            'TriggeredAlarms' => [
                [
                    'Name' => '<string>',
                    'State' => 'UNKNOWN|ALARM',
                ],
                // ...
            ],
            'ValidNextSteps' => ['<string>', ...],
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

StepExecutions
Type: Array of StepExecution structures

A list of details about the current state of all steps that make up an execution.

Errors

AutomationExecutionNotFoundException:

There is no automation execution information for the requested automation execution ID.

InvalidNextToken:

The specified token isn't valid.

InvalidFilterKey:

The specified key isn't valid.

InvalidFilterValue:

The filter value isn't valid. Verify the value and try again.

InternalServerError:

An error occurred on the server side.

DescribeAvailablePatches

$result = $client->describeAvailablePatches([/* ... */]);
$promise = $client->describeAvailablePatchesAsync([/* ... */]);

Lists all patches eligible to be included in a patch baseline.

Currently, DescribeAvailablePatches supports only the Amazon Linux 1, Amazon Linux 2, and Windows Server operating systems.

Parameter Syntax

$result = $client->describeAvailablePatches([
    'Filters' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of PatchOrchestratorFilter structures

Each element in the array is a structure containing a key-value pair.

Windows Server

Supported keys for Windows Server managed node patches include the following:

  • PATCH_SET

    Sample values: OS | APPLICATION

  • PRODUCT

    Sample values: WindowsServer2012 | Office 2010 | MicrosoftDefenderAntivirus

  • PRODUCT_FAMILY

    Sample values: Windows | Office

  • MSRC_SEVERITY

    Sample values: ServicePacks | Important | Moderate

  • CLASSIFICATION

    Sample values: ServicePacks | SecurityUpdates | DefinitionUpdates

  • PATCH_ID

    Sample values: KB123456 | KB4516046

Linux

When specifying filters for Linux patches, you must specify a key-pair for PRODUCT. For example, using the Command Line Interface (CLI), the following command fails:

aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615

However, the following command succeeds:

aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615

Supported keys for Linux managed node patches include the following:

  • PRODUCT

    Sample values: AmazonLinux2018.03 | AmazonLinux2.0

  • NAME

    Sample values: kernel-headers | samba-python | php

  • SEVERITY

    Sample values: Critical | Important | Medium | Low

  • EPOCH

    Sample values: 0 | 1

  • VERSION

    Sample values: 78.6.1 | 4.10.16

  • RELEASE

    Sample values: 9.56.amzn1 | 1.amzn2

  • ARCH

    Sample values: i686 | x86_64

  • REPOSITORY

    Sample values: Core | Updates

  • ADVISORY_ID

    Sample values: ALAS-2018-1058 | ALAS2-2021-1594

  • CVE_ID

    Sample values: CVE-2018-3615 | CVE-2020-1472

  • BUGZILLA_ID

    Sample values: 1463241

MaxResults
Type: int

The maximum number of patches to return (per page).

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'NextToken' => '<string>',
    'Patches' => [
        [
            'AdvisoryIds' => ['<string>', ...],
            'Arch' => '<string>',
            'BugzillaIds' => ['<string>', ...],
            'CVEIds' => ['<string>', ...],
            'Classification' => '<string>',
            'ContentUrl' => '<string>',
            'Description' => '<string>',
            'Epoch' => <integer>,
            'Id' => '<string>',
            'KbNumber' => '<string>',
            'Language' => '<string>',
            'MsrcNumber' => '<string>',
            'MsrcSeverity' => '<string>',
            'Name' => '<string>',
            'Product' => '<string>',
            'ProductFamily' => '<string>',
            'Release' => '<string>',
            'ReleaseDate' => <DateTime>,
            'Repository' => '<string>',
            'Severity' => '<string>',
            'Title' => '<string>',
            'Vendor' => '<string>',
            'Version' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Patches
Type: Array of Patch structures

An array of patches. Each entry in the array is a patch structure.

Errors

InternalServerError:

An error occurred on the server side.

DescribeDocument

$result = $client->describeDocument([/* ... */]);
$promise = $client->describeDocumentAsync([/* ... */]);

Describes the specified Amazon Web Services Systems Manager document (SSM document).

Parameter Syntax

$result = $client->describeDocument([
    'DocumentVersion' => '<string>',
    'Name' => '<string>', // REQUIRED
    'VersionName' => '<string>',
]);

Parameter Details

Members
DocumentVersion
Type: string

The document version for which you want information. Can be a specific version or the default version.

Name
Required: Yes
Type: string

The name of the SSM document.

VersionName
Type: string

An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

Result Syntax

[
    'Document' => [
        'ApprovedVersion' => '<string>',
        'AttachmentsInformation' => [
            [
                'Name' => '<string>',
            ],
            // ...
        ],
        'Author' => '<string>',
        'Category' => ['<string>', ...],
        'CategoryEnum' => ['<string>', ...],
        'CreatedDate' => <DateTime>,
        'DefaultVersion' => '<string>',
        'Description' => '<string>',
        'DisplayName' => '<string>',
        'DocumentFormat' => 'YAML|JSON|TEXT',
        'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup',
        'DocumentVersion' => '<string>',
        'Hash' => '<string>',
        'HashType' => 'Sha256|Sha1',
        'LatestVersion' => '<string>',
        'Name' => '<string>',
        'Owner' => '<string>',
        'Parameters' => [
            [
                'DefaultValue' => '<string>',
                'Description' => '<string>',
                'Name' => '<string>',
                'Type' => 'String|StringList',
            ],
            // ...
        ],
        'PendingReviewVersion' => '<string>',
        'PlatformTypes' => ['<string>', ...],
        'Requires' => [
            [
                'Name' => '<string>',
                'RequireType' => '<string>',
                'Version' => '<string>',
                'VersionName' => '<string>',
            ],
            // ...
        ],
        'ReviewInformation' => [
            [
                'ReviewedTime' => <DateTime>,
                'Reviewer' => '<string>',
                'Status' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED',
            ],
            // ...
        ],
        'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED',
        'SchemaVersion' => '<string>',
        'Sha1' => '<string>',
        'Status' => 'Creating|Active|Updating|Deleting|Failed',
        'StatusInformation' => '<string>',
        'Tags' => [
            [
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'TargetType' => '<string>',
        'VersionName' => '<string>',
    ],
]

Result Details

Members
Document
Type: DocumentDescription structure

Information about the SSM document.

Errors

InternalServerError:

An error occurred on the server side.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidDocumentVersion:

The document version isn't valid or doesn't exist.

DescribeDocumentPermission

$result = $client->describeDocumentPermission([/* ... */]);
$promise = $client->describeDocumentPermissionAsync([/* ... */]);

Describes the permissions for a Amazon Web Services Systems Manager document (SSM document). If you created the document, you are the owner. If a document is shared, it can either be shared privately (by specifying a user's Amazon Web Services account ID) or publicly (All).

Parameter Syntax

$result = $client->describeDocumentPermission([
    'MaxResults' => <integer>,
    'Name' => '<string>', // REQUIRED
    'NextToken' => '<string>',
    'PermissionType' => 'Share', // REQUIRED
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

Name
Required: Yes
Type: string

The name of the document for which you are the owner.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

PermissionType
Required: Yes
Type: string

The permission type for the document. The permission type can be Share.

Result Syntax

[
    'AccountIds' => ['<string>', ...],
    'AccountSharingInfoList' => [
        [
            'AccountId' => '<string>',
            'SharedDocumentVersion' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
AccountIds
Type: Array of strings

The account IDs that have permission to use this document. The ID can be either an Amazon Web Services account or All.

AccountSharingInfoList
Type: Array of AccountSharingInfo structures

A list of Amazon Web Services accounts where the current document is shared and the version shared with each account.

NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

Errors

InternalServerError:

An error occurred on the server side.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidNextToken:

The specified token isn't valid.

InvalidPermissionType:

The permission type isn't supported. Share is the only supported permission type.

InvalidDocumentOperation:

You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.

DescribeEffectiveInstanceAssociations

$result = $client->describeEffectiveInstanceAssociations([/* ... */]);
$promise = $client->describeEffectiveInstanceAssociationsAsync([/* ... */]);

All associations for the managed nodes.

Parameter Syntax

$result = $client->describeEffectiveInstanceAssociations([
    'InstanceId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
InstanceId
Required: Yes
Type: string

The managed node ID for which you want to view all associations.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'Associations' => [
        [
            'AssociationId' => '<string>',
            'AssociationVersion' => '<string>',
            'Content' => '<string>',
            'InstanceId' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Associations
Type: Array of InstanceAssociation structures

The associations for the requested managed node.

NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Errors

InternalServerError:

An error occurred on the server side.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InvalidNextToken:

The specified token isn't valid.

DescribeEffectivePatchesForPatchBaseline

$result = $client->describeEffectivePatchesForPatchBaseline([/* ... */]);
$promise = $client->describeEffectivePatchesForPatchBaselineAsync([/* ... */]);

Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline. Applies to patch baselines for Windows only.

Parameter Syntax

$result = $client->describeEffectivePatchesForPatchBaseline([
    'BaselineId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
BaselineId
Required: Yes
Type: string

The ID of the patch baseline to retrieve the effective patches for.

MaxResults
Type: int

The maximum number of patches to return (per page).

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'EffectivePatches' => [
        [
            'Patch' => [
                'AdvisoryIds' => ['<string>', ...],
                'Arch' => '<string>',
                'BugzillaIds' => ['<string>', ...],
                'CVEIds' => ['<string>', ...],
                'Classification' => '<string>',
                'ContentUrl' => '<string>',
                'Description' => '<string>',
                'Epoch' => <integer>,
                'Id' => '<string>',
                'KbNumber' => '<string>',
                'Language' => '<string>',
                'MsrcNumber' => '<string>',
                'MsrcSeverity' => '<string>',
                'Name' => '<string>',
                'Product' => '<string>',
                'ProductFamily' => '<string>',
                'Release' => '<string>',
                'ReleaseDate' => <DateTime>,
                'Repository' => '<string>',
                'Severity' => '<string>',
                'Title' => '<string>',
                'Vendor' => '<string>',
                'Version' => '<string>',
            ],
            'PatchStatus' => [
                'ApprovalDate' => <DateTime>,
                'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED',
                'DeploymentStatus' => 'APPROVED|PENDING_APPROVAL|EXPLICIT_APPROVED|EXPLICIT_REJECTED',
            ],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
EffectivePatches
Type: Array of EffectivePatch structures

An array of patches and patch status.

NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Errors

InvalidResourceId:

The resource ID isn't valid. Verify that you entered the correct ID and try again.

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

UnsupportedOperatingSystem:

The operating systems you specified isn't supported, or the operation isn't supported for the operating system.

InternalServerError:

An error occurred on the server side.

DescribeInstanceAssociationsStatus

$result = $client->describeInstanceAssociationsStatus([/* ... */]);
$promise = $client->describeInstanceAssociationsStatusAsync([/* ... */]);

The status of the associations for the managed nodes.

Parameter Syntax

$result = $client->describeInstanceAssociationsStatus([
    'InstanceId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
InstanceId
Required: Yes
Type: string

The managed node IDs for which you want association status information.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'InstanceAssociationStatusInfos' => [
        [
            'AssociationId' => '<string>',
            'AssociationName' => '<string>',
            'AssociationVersion' => '<string>',
            'DetailedStatus' => '<string>',
            'DocumentVersion' => '<string>',
            'ErrorCode' => '<string>',
            'ExecutionDate' => <DateTime>,
            'ExecutionSummary' => '<string>',
            'InstanceId' => '<string>',
            'Name' => '<string>',
            'OutputUrl' => [
                'S3OutputUrl' => [
                    'OutputUrl' => '<string>',
                ],
            ],
            'Status' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
InstanceAssociationStatusInfos
Type: Array of InstanceAssociationStatusInfo structures

Status information about the association.

NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Errors

InternalServerError:

An error occurred on the server side.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InvalidNextToken:

The specified token isn't valid.

DescribeInstanceInformation

$result = $client->describeInstanceInformation([/* ... */]);
$promise = $client->describeInstanceInformationAsync([/* ... */]);

Provides information about one or more of your managed nodes, including the operating system platform, SSM Agent version, association status, and IP address. This operation does not return information for nodes that are either Stopped or Terminated.

If you specify one or more node IDs, the operation returns information for those managed nodes. If you don't specify node IDs, it returns information for all your managed nodes. If you specify a node ID that isn't valid or a node that you don't own, you receive an error.

The IamRole field returned for this API operation is the role assigned to an Amazon EC2 instance configured with a Systems Manager Quick Setup host management configuration or the role assigned to an on-premises managed node.

Parameter Syntax

$result = $client->describeInstanceInformation([
    'Filters' => [
        [
            'Key' => '<string>', // REQUIRED
            'Values' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'InstanceInformationFilterList' => [
        [
            'key' => 'InstanceIds|AgentVersion|PingStatus|PlatformTypes|ActivationIds|IamRole|ResourceType|AssociationStatus', // REQUIRED
            'valueSet' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of InstanceInformationStringFilter structures

One or more filters. Use a filter to return a more specific list of managed nodes. You can filter based on tags applied to your managed nodes. Tag filters can't be combined with other filter types. Use this Filters data type instead of InstanceInformationFilterList, which is deprecated.

InstanceInformationFilterList
Type: Array of InstanceInformationFilter structures

This is a legacy method. We recommend that you don't use this method. Instead, use the Filters data type. Filters enables you to return node information by filtering based on tags applied to managed nodes.

Attempting to use InstanceInformationFilterList and Filters leads to an exception error.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results. The default value is 10 items.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'InstanceInformationList' => [
        [
            'ActivationId' => '<string>',
            'AgentVersion' => '<string>',
            'AssociationOverview' => [
                'DetailedStatus' => '<string>',
                'InstanceAssociationStatusAggregatedCount' => [<integer>, ...],
            ],
            'AssociationStatus' => '<string>',
            'ComputerName' => '<string>',
            'IPAddress' => '<string>',
            'IamRole' => '<string>',
            'InstanceId' => '<string>',
            'IsLatestVersion' => true || false,
            'LastAssociationExecutionDate' => <DateTime>,
            'LastPingDateTime' => <DateTime>,
            'LastSuccessfulAssociationExecutionDate' => <DateTime>,
            'Name' => '<string>',
            'PingStatus' => 'Online|ConnectionLost|Inactive',
            'PlatformName' => '<string>',
            'PlatformType' => 'Windows|Linux|MacOS',
            'PlatformVersion' => '<string>',
            'RegistrationDate' => <DateTime>,
            'ResourceType' => 'ManagedInstance|EC2Instance',
            'SourceId' => '<string>',
            'SourceType' => 'AWS::EC2::Instance|AWS::IoT::Thing|AWS::SSM::ManagedInstance',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
InstanceInformationList
Type: Array of InstanceInformation structures

The managed node information list.

NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Errors

InternalServerError:

An error occurred on the server side.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InvalidNextToken:

The specified token isn't valid.

InvalidInstanceInformationFilterValue:

The specified filter value isn't valid.

InvalidFilterKey:

The specified key isn't valid.

DescribeInstancePatchStates

$result = $client->describeInstancePatchStates([/* ... */]);
$promise = $client->describeInstancePatchStatesAsync([/* ... */]);

Retrieves the high-level patch state of one or more managed nodes.

Parameter Syntax

$result = $client->describeInstancePatchStates([
    'InstanceIds' => ['<string>', ...], // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
InstanceIds
Required: Yes
Type: Array of strings

The ID of the managed node for which patch state information should be retrieved.

MaxResults
Type: int

The maximum number of managed nodes to return (per page).

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'InstancePatchStates' => [
        [
            'BaselineId' => '<string>',
            'CriticalNonCompliantCount' => <integer>,
            'FailedCount' => <integer>,
            'InstallOverrideList' => '<string>',
            'InstalledCount' => <integer>,
            'InstalledOtherCount' => <integer>,
            'InstalledPendingRebootCount' => <integer>,
            'InstalledRejectedCount' => <integer>,
            'InstanceId' => '<string>',
            'LastNoRebootInstallOperationTime' => <DateTime>,
            'MissingCount' => <integer>,
            'NotApplicableCount' => <integer>,
            'Operation' => 'Scan|Install',
            'OperationEndTime' => <DateTime>,
            'OperationStartTime' => <DateTime>,
            'OtherNonCompliantCount' => <integer>,
            'OwnerInformation' => '<string>',
            'PatchGroup' => '<string>',
            'RebootOption' => 'RebootIfNeeded|NoReboot',
            'SecurityNonCompliantCount' => <integer>,
            'SnapshotId' => '<string>',
            'UnreportedNotApplicableCount' => <integer>,
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
InstancePatchStates
Type: Array of InstancePatchState structures

The high-level patch state for the requested managed nodes.

NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Errors

InternalServerError:

An error occurred on the server side.

InvalidNextToken:

The specified token isn't valid.

DescribeInstancePatchStatesForPatchGroup

$result = $client->describeInstancePatchStatesForPatchGroup([/* ... */]);
$promise = $client->describeInstancePatchStatesForPatchGroupAsync([/* ... */]);

Retrieves the high-level patch state for the managed nodes in the specified patch group.

Parameter Syntax

$result = $client->describeInstancePatchStatesForPatchGroup([
    'Filters' => [
        [
            'Key' => '<string>', // REQUIRED
            'Type' => 'Equal|NotEqual|LessThan|GreaterThan', // REQUIRED
            'Values' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'PatchGroup' => '<string>', // REQUIRED
]);

Parameter Details

Members
Filters
Type: Array of InstancePatchStateFilter structures

Each entry in the array is a structure containing:

  • Key (string between 1 and 200 characters)

  • Values (array containing a single string)

  • Type (string "Equal", "NotEqual", "LessThan", "GreaterThan")

MaxResults
Type: int

The maximum number of patches to return (per page).

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

PatchGroup
Required: Yes
Type: string

The name of the patch group for which the patch state information should be retrieved.

Result Syntax

[
    'InstancePatchStates' => [
        [
            'BaselineId' => '<string>',
            'CriticalNonCompliantCount' => <integer>,
            'FailedCount' => <integer>,
            'InstallOverrideList' => '<string>',
            'InstalledCount' => <integer>,
            'InstalledOtherCount' => <integer>,
            'InstalledPendingRebootCount' => <integer>,
            'InstalledRejectedCount' => <integer>,
            'InstanceId' => '<string>',
            'LastNoRebootInstallOperationTime' => <DateTime>,
            'MissingCount' => <integer>,
            'NotApplicableCount' => <integer>,
            'Operation' => 'Scan|Install',
            'OperationEndTime' => <DateTime>,
            'OperationStartTime' => <DateTime>,
            'OtherNonCompliantCount' => <integer>,
            'OwnerInformation' => '<string>',
            'PatchGroup' => '<string>',
            'RebootOption' => 'RebootIfNeeded|NoReboot',
            'SecurityNonCompliantCount' => <integer>,
            'SnapshotId' => '<string>',
            'UnreportedNotApplicableCount' => <integer>,
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
InstancePatchStates
Type: Array of InstancePatchState structures

The high-level patch state for the requested managed nodes.

NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Errors

InternalServerError:

An error occurred on the server side.

InvalidFilter:

The filter name isn't valid. Verify the you entered the correct name and try again.

InvalidNextToken:

The specified token isn't valid.

DescribeInstancePatches

$result = $client->describeInstancePatches([/* ... */]);
$promise = $client->describeInstancePatchesAsync([/* ... */]);

Retrieves information about the patches on the specified managed node and their state relative to the patch baseline being used for the node.

Parameter Syntax

$result = $client->describeInstancePatches([
    'Filters' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'InstanceId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of PatchOrchestratorFilter structures

Each element in the array is a structure containing a key-value pair.

Supported keys for DescribeInstancePatchesinclude the following:

  • Classification

    Sample values: Security | SecurityUpdates

  • KBId

    Sample values: KB4480056 | java-1.7.0-openjdk.x86_64

  • Severity

    Sample values: Important | Medium | Low

  • State

    Sample values: Installed | InstalledOther | InstalledPendingReboot

    For lists of all State values, see Patch compliance state values in the Amazon Web Services Systems Manager User Guide.

InstanceId
Required: Yes
Type: string

The ID of the managed node whose patch state information should be retrieved.

MaxResults
Type: int

The maximum number of patches to return (per page).

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'NextToken' => '<string>',
    'Patches' => [
        [
            'CVEIds' => '<string>',
            'Classification' => '<string>',
            'InstalledTime' => <DateTime>,
            'KBId' => '<string>',
            'Severity' => '<string>',
            'State' => 'INSTALLED|INSTALLED_OTHER|INSTALLED_PENDING_REBOOT|INSTALLED_REJECTED|MISSING|NOT_APPLICABLE|FAILED',
            'Title' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Patches
Type: Array of PatchComplianceData structures

Each entry in the array is a structure containing:

  • Title (string)

  • KBId (string)

  • Classification (string)

  • Severity (string)

  • State (string, such as "INSTALLED" or "FAILED")

  • InstalledTime (DateTime)

  • InstalledBy (string)

Errors

InternalServerError:

An error occurred on the server side.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InvalidFilter:

The filter name isn't valid. Verify the you entered the correct name and try again.

InvalidNextToken:

The specified token isn't valid.

DescribeInstanceProperties

$result = $client->describeInstanceProperties([/* ... */]);
$promise = $client->describeInstancePropertiesAsync([/* ... */]);

An API operation used by the Systems Manager console to display information about Systems Manager managed nodes.

Parameter Syntax

$result = $client->describeInstanceProperties([
    'FiltersWithOperator' => [
        [
            'Key' => '<string>', // REQUIRED
            'Operator' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan',
            'Values' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'InstancePropertyFilterList' => [
        [
            'key' => 'InstanceIds|AgentVersion|PingStatus|PlatformTypes|DocumentName|ActivationIds|IamRole|ResourceType|AssociationStatus', // REQUIRED
            'valueSet' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
FiltersWithOperator
Type: Array of InstancePropertyStringFilter structures

The request filters to use with the operator.

InstancePropertyFilterList
Type: Array of InstancePropertyFilter structures

An array of instance property filters.

MaxResults
Type: int

The maximum number of items to return for the call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token provided by a previous request to use to return the next set of properties.

Result Syntax

[
    'InstanceProperties' => [
        [
            'ActivationId' => '<string>',
            'AgentVersion' => '<string>',
            'Architecture' => '<string>',
            'AssociationOverview' => [
                'DetailedStatus' => '<string>',
                'InstanceAssociationStatusAggregatedCount' => [<integer>, ...],
            ],
            'AssociationStatus' => '<string>',
            'ComputerName' => '<string>',
            'IPAddress' => '<string>',
            'IamRole' => '<string>',
            'InstanceId' => '<string>',
            'InstanceRole' => '<string>',
            'InstanceState' => '<string>',
            'InstanceType' => '<string>',
            'KeyName' => '<string>',
            'LastAssociationExecutionDate' => <DateTime>,
            'LastPingDateTime' => <DateTime>,
            'LastSuccessfulAssociationExecutionDate' => <DateTime>,
            'LaunchTime' => <DateTime>,
            'Name' => '<string>',
            'PingStatus' => 'Online|ConnectionLost|Inactive',
            'PlatformName' => '<string>',
            'PlatformType' => 'Windows|Linux|MacOS',
            'PlatformVersion' => '<string>',
            'RegistrationDate' => <DateTime>,
            'ResourceType' => '<string>',
            'SourceId' => '<string>',
            'SourceType' => 'AWS::EC2::Instance|AWS::IoT::Thing|AWS::SSM::ManagedInstance',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
InstanceProperties
Type: Array of InstanceProperty structures

Properties for the managed instances.

NextToken
Type: string

The token for the next set of properties to return. Use this token to get the next set of results.

Errors

InvalidNextToken:

The specified token isn't valid.

InvalidFilterKey:

The specified key isn't valid.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InvalidActivationId:

The activation ID isn't valid. Verify the you entered the correct ActivationId or ActivationCode and try again.

InvalidInstancePropertyFilterValue:

The specified filter value isn't valid.

InternalServerError:

An error occurred on the server side.

InvalidDocument:

The specified SSM document doesn't exist.

DescribeInventoryDeletions

$result = $client->describeInventoryDeletions([/* ... */]);
$promise = $client->describeInventoryDeletionsAsync([/* ... */]);

Describes a specific delete inventory operation.

Parameter Syntax

$result = $client->describeInventoryDeletions([
    'DeletionId' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
DeletionId
Type: string

Specify the delete inventory ID for which you want information. This ID was returned by the DeleteInventory operation.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

Result Syntax

[
    'InventoryDeletions' => [
        [
            'DeletionId' => '<string>',
            'DeletionStartTime' => <DateTime>,
            'DeletionSummary' => [
                'RemainingCount' => <integer>,
                'SummaryItems' => [
                    [
                        'Count' => <integer>,
                        'RemainingCount' => <integer>,
                        'Version' => '<string>',
                    ],
                    // ...
                ],
                'TotalCount' => <integer>,
            ],
            'LastStatus' => 'InProgress|Complete',
            'LastStatusMessage' => '<string>',
            'LastStatusUpdateTime' => <DateTime>,
            'TypeName' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
InventoryDeletions
Type: Array of InventoryDeletionStatusItem structures

A list of status items for deleted inventory.

NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

Errors

InternalServerError:

An error occurred on the server side.

InvalidDeletionIdException:

The ID specified for the delete operation doesn't exist or isn't valid. Verify the ID and try again.

InvalidNextToken:

The specified token isn't valid.

DescribeMaintenanceWindowExecutionTaskInvocations

$result = $client->describeMaintenanceWindowExecutionTaskInvocations([/* ... */]);
$promise = $client->describeMaintenanceWindowExecutionTaskInvocationsAsync([/* ... */]);

Retrieves the individual task executions (one per target) for a particular task run as part of a maintenance window execution.

Parameter Syntax

$result = $client->describeMaintenanceWindowExecutionTaskInvocations([
    'Filters' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'TaskId' => '<string>', // REQUIRED
    'WindowExecutionId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Filters
Type: Array of MaintenanceWindowFilter structures

Optional filters used to scope down the returned task invocations. The supported filter key is STATUS with the corresponding values PENDING, IN_PROGRESS, SUCCESS, FAILED, TIMED_OUT, CANCELLING, and CANCELLED.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

TaskId
Required: Yes
Type: string

The ID of the specific task in the maintenance window task that should be retrieved.

WindowExecutionId
Required: Yes
Type: string

The ID of the maintenance window execution the task is part of.

Result Syntax

[
    'NextToken' => '<string>',
    'WindowExecutionTaskInvocationIdentities' => [
        [
            'EndTime' => <DateTime>,
            'ExecutionId' => '<string>',
            'InvocationId' => '<string>',
            'OwnerInformation' => '<string>',
            'Parameters' => '<string>',
            'StartTime' => <DateTime>,
            'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING',
            'StatusDetails' => '<string>',
            'TaskExecutionId' => '<string>',
            'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA',
            'WindowExecutionId' => '<string>',
            'WindowTargetId' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

WindowExecutionTaskInvocationIdentities

Information about the task invocation results per invocation.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

DescribeMaintenanceWindowExecutionTasks

$result = $client->describeMaintenanceWindowExecutionTasks([/* ... */]);
$promise = $client->describeMaintenanceWindowExecutionTasksAsync([/* ... */]);

For a given maintenance window execution, lists the tasks that were run.

Parameter Syntax

$result = $client->describeMaintenanceWindowExecutionTasks([
    'Filters' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'WindowExecutionId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Filters
Type: Array of MaintenanceWindowFilter structures

Optional filters used to scope down the returned tasks. The supported filter key is STATUS with the corresponding values PENDING, IN_PROGRESS, SUCCESS, FAILED, TIMED_OUT, CANCELLING, and CANCELLED.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

WindowExecutionId
Required: Yes
Type: string

The ID of the maintenance window execution whose task executions should be retrieved.

Result Syntax

[
    'NextToken' => '<string>',
    'WindowExecutionTaskIdentities' => [
        [
            'AlarmConfiguration' => [
                'Alarms' => [
                    [
                        'Name' => '<string>',
                    ],
                    // ...
                ],
                'IgnorePollAlarmFailure' => true || false,
            ],
            'EndTime' => <DateTime>,
            'StartTime' => <DateTime>,
            'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING',
            'StatusDetails' => '<string>',
            'TaskArn' => '<string>',
            'TaskExecutionId' => '<string>',
            'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA',
            'TriggeredAlarms' => [
                [
                    'Name' => '<string>',
                    'State' => 'UNKNOWN|ALARM',
                ],
                // ...
            ],
            'WindowExecutionId' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

WindowExecutionTaskIdentities
Type: Array of MaintenanceWindowExecutionTaskIdentity structures

Information about the task executions.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

DescribeMaintenanceWindowExecutions

$result = $client->describeMaintenanceWindowExecutions([/* ... */]);
$promise = $client->describeMaintenanceWindowExecutionsAsync([/* ... */]);

Lists the executions of a maintenance window. This includes information about when the maintenance window was scheduled to be active, and information about tasks registered and run with the maintenance window.

Parameter Syntax

$result = $client->describeMaintenanceWindowExecutions([
    'Filters' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'WindowId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Filters
Type: Array of MaintenanceWindowFilter structures

Each entry in the array is a structure containing:

  • Key. A string between 1 and 128 characters. Supported keys include ExecutedBefore and ExecutedAfter.

  • Values. An array of strings, each between 1 and 256 characters. Supported values are date/time strings in a valid ISO 8601 date/time format, such as 2024-11-04T05:00:00Z.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

WindowId
Required: Yes
Type: string

The ID of the maintenance window whose executions should be retrieved.

Result Syntax

[
    'NextToken' => '<string>',
    'WindowExecutions' => [
        [
            'EndTime' => <DateTime>,
            'StartTime' => <DateTime>,
            'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING',
            'StatusDetails' => '<string>',
            'WindowExecutionId' => '<string>',
            'WindowId' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

WindowExecutions
Type: Array of MaintenanceWindowExecution structures

Information about the maintenance window executions.

Errors

InternalServerError:

An error occurred on the server side.

DescribeMaintenanceWindowSchedule

$result = $client->describeMaintenanceWindowSchedule([/* ... */]);
$promise = $client->describeMaintenanceWindowScheduleAsync([/* ... */]);

Retrieves information about upcoming executions of a maintenance window.

Parameter Syntax

$result = $client->describeMaintenanceWindowSchedule([
    'Filters' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'ResourceType' => 'INSTANCE|RESOURCE_GROUP',
    'Targets' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'WindowId' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of PatchOrchestratorFilter structures

Filters used to limit the range of results. For example, you can limit maintenance window executions to only those scheduled before or after a certain date and time.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

ResourceType
Type: string

The type of resource you want to retrieve information about. For example, INSTANCE.

Targets
Type: Array of Target structures

The managed node ID or key-value pair to retrieve information about.

WindowId
Type: string

The ID of the maintenance window to retrieve information about.

Result Syntax

[
    'NextToken' => '<string>',
    'ScheduledWindowExecutions' => [
        [
            'ExecutionTime' => '<string>',
            'Name' => '<string>',
            'WindowId' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token for the next set of items to return. (You use this token in the next call.)

ScheduledWindowExecutions
Type: Array of ScheduledWindowExecution structures

Information about maintenance window executions scheduled for the specified time range.

Errors

InternalServerError:

An error occurred on the server side.

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

DescribeMaintenanceWindowTargets

$result = $client->describeMaintenanceWindowTargets([/* ... */]);
$promise = $client->describeMaintenanceWindowTargetsAsync([/* ... */]);

Lists the targets registered with the maintenance window.

Parameter Syntax

$result = $client->describeMaintenanceWindowTargets([
    'Filters' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'WindowId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Filters
Type: Array of MaintenanceWindowFilter structures

Optional filters that can be used to narrow down the scope of the returned window targets. The supported filter keys are Type, WindowTargetId, and OwnerInformation.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

WindowId
Required: Yes
Type: string

The ID of the maintenance window whose targets should be retrieved.

Result Syntax

[
    'NextToken' => '<string>',
    'Targets' => [
        [
            'Description' => '<string>',
            'Name' => '<string>',
            'OwnerInformation' => '<string>',
            'ResourceType' => 'INSTANCE|RESOURCE_GROUP',
            'Targets' => [
                [
                    'Key' => '<string>',
                    'Values' => ['<string>', ...],
                ],
                // ...
            ],
            'WindowId' => '<string>',
            'WindowTargetId' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Targets
Type: Array of MaintenanceWindowTarget structures

Information about the targets in the maintenance window.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

DescribeMaintenanceWindowTasks

$result = $client->describeMaintenanceWindowTasks([/* ... */]);
$promise = $client->describeMaintenanceWindowTasksAsync([/* ... */]);

Lists the tasks in a maintenance window.

For maintenance window tasks without a specified target, you can't supply values for --max-errors and --max-concurrency. Instead, the system inserts a placeholder value of 1, which may be reported in the response to this command. These values don't affect the running of your task and can be ignored.

Parameter Syntax

$result = $client->describeMaintenanceWindowTasks([
    'Filters' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'WindowId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Filters
Type: Array of MaintenanceWindowFilter structures

Optional filters used to narrow down the scope of the returned tasks. The supported filter keys are WindowTaskId, TaskArn, Priority, and TaskType.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

WindowId
Required: Yes
Type: string

The ID of the maintenance window whose tasks should be retrieved.

Result Syntax

[
    'NextToken' => '<string>',
    'Tasks' => [
        [
            'AlarmConfiguration' => [
                'Alarms' => [
                    [
                        'Name' => '<string>',
                    ],
                    // ...
                ],
                'IgnorePollAlarmFailure' => true || false,
            ],
            'CutoffBehavior' => 'CONTINUE_TASK|CANCEL_TASK',
            'Description' => '<string>',
            'LoggingInfo' => [
                'S3BucketName' => '<string>',
                'S3KeyPrefix' => '<string>',
                'S3Region' => '<string>',
            ],
            'MaxConcurrency' => '<string>',
            'MaxErrors' => '<string>',
            'Name' => '<string>',
            'Priority' => <integer>,
            'ServiceRoleArn' => '<string>',
            'Targets' => [
                [
                    'Key' => '<string>',
                    'Values' => ['<string>', ...],
                ],
                // ...
            ],
            'TaskArn' => '<string>',
            'TaskParameters' => [
                '<MaintenanceWindowTaskParameterName>' => [
                    'Values' => ['<string>', ...],
                ],
                // ...
            ],
            'Type' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA',
            'WindowId' => '<string>',
            'WindowTaskId' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Tasks
Type: Array of MaintenanceWindowTask structures

Information about the tasks in the maintenance window.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

DescribeMaintenanceWindows

$result = $client->describeMaintenanceWindows([/* ... */]);
$promise = $client->describeMaintenanceWindowsAsync([/* ... */]);

Retrieves the maintenance windows in an Amazon Web Services account.

Parameter Syntax

$result = $client->describeMaintenanceWindows([
    'Filters' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of MaintenanceWindowFilter structures

Optional filters used to narrow down the scope of the returned maintenance windows. Supported filter keys are Name and Enabled. For example, Name=MyMaintenanceWindow and Enabled=True.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'NextToken' => '<string>',
    'WindowIdentities' => [
        [
            'Cutoff' => <integer>,
            'Description' => '<string>',
            'Duration' => <integer>,
            'Enabled' => true || false,
            'EndDate' => '<string>',
            'Name' => '<string>',
            'NextExecutionTime' => '<string>',
            'Schedule' => '<string>',
            'ScheduleOffset' => <integer>,
            'ScheduleTimezone' => '<string>',
            'StartDate' => '<string>',
            'WindowId' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

WindowIdentities
Type: Array of MaintenanceWindowIdentity structures

Information about the maintenance windows.

Errors

InternalServerError:

An error occurred on the server side.

DescribeMaintenanceWindowsForTarget

$result = $client->describeMaintenanceWindowsForTarget([/* ... */]);
$promise = $client->describeMaintenanceWindowsForTargetAsync([/* ... */]);

Retrieves information about the maintenance window targets or tasks that a managed node is associated with.

Parameter Syntax

$result = $client->describeMaintenanceWindowsForTarget([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'ResourceType' => 'INSTANCE|RESOURCE_GROUP', // REQUIRED
    'Targets' => [ // REQUIRED
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

ResourceType
Required: Yes
Type: string

The type of resource you want to retrieve information about. For example, INSTANCE.

Targets
Required: Yes
Type: Array of Target structures

The managed node ID or key-value pair to retrieve information about.

Result Syntax

[
    'NextToken' => '<string>',
    'WindowIdentities' => [
        [
            'Name' => '<string>',
            'WindowId' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token for the next set of items to return. (You use this token in the next call.)

WindowIdentities
Type: Array of MaintenanceWindowIdentityForTarget structures

Information about the maintenance window targets and tasks a managed node is associated with.

Errors

InternalServerError:

An error occurred on the server side.

DescribeOpsItems

$result = $client->describeOpsItems([/* ... */]);
$promise = $client->describeOpsItemsAsync([/* ... */]);

Query a set of OpsItems. You must have permission in Identity and Access Management (IAM) to query a list of OpsItems. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.

Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.

Parameter Syntax

$result = $client->describeOpsItems([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OpsItemFilters' => [
        [
            'Key' => 'Status|CreatedBy|Source|Priority|Title|OpsItemId|CreatedTime|LastModifiedTime|ActualStartTime|ActualEndTime|PlannedStartTime|PlannedEndTime|OperationalData|OperationalDataKey|OperationalDataValue|ResourceId|AutomationId|Category|Severity|OpsItemType|ChangeRequestByRequesterArn|ChangeRequestByRequesterName|ChangeRequestByApproverArn|ChangeRequestByApproverName|ChangeRequestByTemplate|ChangeRequestByTargetsResourceGroup|InsightByType|AccountId', // REQUIRED
            'Operator' => 'Equal|Contains|GreaterThan|LessThan', // REQUIRED
            'Values' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

OpsItemFilters
Type: Array of OpsItemFilter structures

One or more filters to limit the response.

  • Key: CreatedTime

    Operations: GreaterThan, LessThan

  • Key: LastModifiedBy

    Operations: Contains, Equals

  • Key: LastModifiedTime

    Operations: GreaterThan, LessThan

  • Key: Priority

    Operations: Equals

  • Key: Source

    Operations: Contains, Equals

  • Key: Status

    Operations: Equals

  • Key: Title*

    Operations: Equals,Contains

  • Key: OperationalData**

    Operations: Equals

  • Key: OperationalDataKey

    Operations: Equals

  • Key: OperationalDataValue

    Operations: Equals, Contains

  • Key: OpsItemId

    Operations: Equals

  • Key: ResourceId

    Operations: Contains

  • Key: AutomationId

    Operations: Equals

  • Key: AccountId

    Operations: Equals

*The Equals operator for Title matches the first 100 characters. If you specify more than 100 characters, they system returns an error that the filter value exceeds the length limit.

**If you filter the response by using the OperationalData operator, specify a key-value pair by using the following JSON format: {"key":"key_name","value":"a_value"}

Result Syntax

[
    'NextToken' => '<string>',
    'OpsItemSummaries' => [
        [
            'ActualEndTime' => <DateTime>,
            'ActualStartTime' => <DateTime>,
            'Category' => '<string>',
            'CreatedBy' => '<string>',
            'CreatedTime' => <DateTime>,
            'LastModifiedBy' => '<string>',
            'LastModifiedTime' => <DateTime>,
            'OperationalData' => [
                '<OpsItemDataKey>' => [
                    'Type' => 'SearchableString|String',
                    'Value' => '<string>',
                ],
                // ...
            ],
            'OpsItemId' => '<string>',
            'OpsItemType' => '<string>',
            'PlannedEndTime' => <DateTime>,
            'PlannedStartTime' => <DateTime>,
            'Priority' => <integer>,
            'Severity' => '<string>',
            'Source' => '<string>',
            'Status' => 'Open|InProgress|Resolved|Pending|TimedOut|Cancelling|Cancelled|Failed|CompletedWithSuccess|CompletedWithFailure|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|PendingApproval|Approved|Rejected|Closed',
            'Title' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

OpsItemSummaries
Type: Array of OpsItemSummary structures

A list of OpsItems.

Errors

InternalServerError:

An error occurred on the server side.

DescribeParameters

$result = $client->describeParameters([/* ... */]);
$promise = $client->describeParametersAsync([/* ... */]);

Lists the parameters in your Amazon Web Services account or the parameters shared with you when you enable the Shared option.

Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults. If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken. You can specify the NextToken in a subsequent call to get the next set of results.

If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must also update the key alias the parameter uses to reference KMS. Otherwise, DescribeParameters retrieves whatever the original key alias was referencing.

Parameter Syntax

$result = $client->describeParameters([
    'Filters' => [
        [
            'Key' => 'Name|Type|KeyId', // REQUIRED
            'Values' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'ParameterFilters' => [
        [
            'Key' => '<string>', // REQUIRED
            'Option' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'Shared' => true || false,
]);

Parameter Details

Members
Filters
Type: Array of ParametersFilter structures

This data type is deprecated. Instead, use ParameterFilters.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

ParameterFilters
Type: Array of ParameterStringFilter structures

Filters to limit the request results.

Shared
Type: boolean

Lists parameters that are shared with you.

By default when using this option, the command returns parameters that have been shared using a standard Resource Access Manager Resource Share. In order for a parameter that was shared using the PutResourcePolicy command to be returned, the associated RAM Resource Share Created From Policy must have been promoted to a standard Resource Share using the RAM PromoteResourceShareCreatedFromPolicy API operation.

For more information about sharing parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.

Result Syntax

[
    'NextToken' => '<string>',
    'Parameters' => [
        [
            'ARN' => '<string>',
            'AllowedPattern' => '<string>',
            'DataType' => '<string>',
            'Description' => '<string>',
            'KeyId' => '<string>',
            'LastModifiedDate' => <DateTime>,
            'LastModifiedUser' => '<string>',
            'Name' => '<string>',
            'Policies' => [
                [
                    'PolicyStatus' => '<string>',
                    'PolicyText' => '<string>',
                    'PolicyType' => '<string>',
                ],
                // ...
            ],
            'Tier' => 'Standard|Advanced|Intelligent-Tiering',
            'Type' => 'String|StringList|SecureString',
            'Version' => <integer>,
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use when requesting the next set of items.

Parameters
Type: Array of ParameterMetadata structures

Parameters returned by the request.

Errors

InternalServerError:

An error occurred on the server side.

InvalidFilterKey:

The specified key isn't valid.

InvalidFilterOption:

The specified filter option isn't valid. Valid options are Equals and BeginsWith. For Path filter, valid options are Recursive and OneLevel.

InvalidFilterValue:

The filter value isn't valid. Verify the value and try again.

InvalidNextToken:

The specified token isn't valid.

DescribePatchBaselines

$result = $client->describePatchBaselines([/* ... */]);
$promise = $client->describePatchBaselinesAsync([/* ... */]);

Lists the patch baselines in your Amazon Web Services account.

Parameter Syntax

$result = $client->describePatchBaselines([
    'Filters' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of PatchOrchestratorFilter structures

Each element in the array is a structure containing a key-value pair.

Supported keys for DescribePatchBaselines include the following:

  • NAME_PREFIX

    Sample values: AWS- | My-

  • OWNER

    Sample values: AWS | Self

  • OPERATING_SYSTEM

    Sample values: AMAZON_LINUX | SUSE | WINDOWS

MaxResults
Type: int

The maximum number of patch baselines to return (per page).

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'BaselineIdentities' => [
        [
            'BaselineDescription' => '<string>',
            'BaselineId' => '<string>',
            'BaselineName' => '<string>',
            'DefaultBaseline' => true || false,
            'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
BaselineIdentities
Type: Array of PatchBaselineIdentity structures

An array of PatchBaselineIdentity elements.

NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Errors

InternalServerError:

An error occurred on the server side.

DescribePatchGroupState

$result = $client->describePatchGroupState([/* ... */]);
$promise = $client->describePatchGroupStateAsync([/* ... */]);

Returns high-level aggregated patch compliance state information for a patch group.

Parameter Syntax

$result = $client->describePatchGroupState([
    'PatchGroup' => '<string>', // REQUIRED
]);

Parameter Details

Members
PatchGroup
Required: Yes
Type: string

The name of the patch group whose patch snapshot should be retrieved.

Result Syntax

[
    'Instances' => <integer>,
    'InstancesWithCriticalNonCompliantPatches' => <integer>,
    'InstancesWithFailedPatches' => <integer>,
    'InstancesWithInstalledOtherPatches' => <integer>,
    'InstancesWithInstalledPatches' => <integer>,
    'InstancesWithInstalledPendingRebootPatches' => <integer>,
    'InstancesWithInstalledRejectedPatches' => <integer>,
    'InstancesWithMissingPatches' => <integer>,
    'InstancesWithNotApplicablePatches' => <integer>,
    'InstancesWithOtherNonCompliantPatches' => <integer>,
    'InstancesWithSecurityNonCompliantPatches' => <integer>,
    'InstancesWithUnreportedNotApplicablePatches' => <integer>,
]

Result Details

Members
Instances
Type: int

The number of managed nodes in the patch group.

InstancesWithCriticalNonCompliantPatches
Type: int

The number of managed nodes where patches that are specified as Critical for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes is NON_COMPLIANT.

InstancesWithFailedPatches
Type: int

The number of managed nodes with patches from the patch baseline that failed to install.

InstancesWithInstalledOtherPatches
Type: int

The number of managed nodes with patches installed that aren't defined in the patch baseline.

InstancesWithInstalledPatches
Type: int

The number of managed nodes with installed patches.

InstancesWithInstalledPendingRebootPatches
Type: int

The number of managed nodes with patches installed by Patch Manager that haven't been rebooted after the patch installation. The status of these managed nodes is NON_COMPLIANT.

InstancesWithInstalledRejectedPatches
Type: int

The number of managed nodes with patches installed that are specified in a RejectedPatches list. Patches with a status of INSTALLED_REJECTED were typically installed before they were added to a RejectedPatches list.

If ALLOW_AS_DEPENDENCY is the specified option for RejectedPatchesAction, the value of InstancesWithInstalledRejectedPatches will always be 0 (zero).

InstancesWithMissingPatches
Type: int

The number of managed nodes with missing patches from the patch baseline.

InstancesWithNotApplicablePatches
Type: int

The number of managed nodes with patches that aren't applicable.

InstancesWithOtherNonCompliantPatches
Type: int

The number of managed nodes with patches installed that are specified as other than Critical or Security but aren't compliant with the patch baseline. The status of these managed nodes is NON_COMPLIANT.

InstancesWithSecurityNonCompliantPatches
Type: int

The number of managed nodes where patches that are specified as Security in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes is NON_COMPLIANT.

InstancesWithUnreportedNotApplicablePatches
Type: int

The number of managed nodes with NotApplicable patches beyond the supported limit, which aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.

Errors

InternalServerError:

An error occurred on the server side.

InvalidNextToken:

The specified token isn't valid.

DescribePatchGroups

$result = $client->describePatchGroups([/* ... */]);
$promise = $client->describePatchGroupsAsync([/* ... */]);

Lists all patch groups that have been registered with patch baselines.

Parameter Syntax

$result = $client->describePatchGroups([
    'Filters' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of PatchOrchestratorFilter structures

Each element in the array is a structure containing a key-value pair.

Supported keys for DescribePatchGroups include the following:

  • NAME_PREFIX

    Sample values: AWS- | My-.

  • OPERATING_SYSTEM

    Sample values: AMAZON_LINUX | SUSE | WINDOWS

MaxResults
Type: int

The maximum number of patch groups to return (per page).

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'Mappings' => [
        [
            'BaselineIdentity' => [
                'BaselineDescription' => '<string>',
                'BaselineId' => '<string>',
                'BaselineName' => '<string>',
                'DefaultBaseline' => true || false,
                'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023',
            ],
            'PatchGroup' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Mappings
Type: Array of PatchGroupPatchBaselineMapping structures

Each entry in the array contains:

  • PatchGroup: string (between 1 and 256 characters. Regex: ^([\p{L}\p{Z}\p{N}_.:/=+\-@]*)$)

  • PatchBaselineIdentity: A PatchBaselineIdentity element.

NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Errors

InternalServerError:

An error occurred on the server side.

DescribePatchProperties

$result = $client->describePatchProperties([/* ... */]);
$promise = $client->describePatchPropertiesAsync([/* ... */]);

Lists the properties of available patches organized by product, product family, classification, severity, and other properties of available patches. You can use the reported properties in the filters you specify in requests for operations such as CreatePatchBaseline, UpdatePatchBaseline, DescribeAvailablePatches, and DescribePatchBaselines.

The following section lists the properties that can be used in filters for each major operating system type:

AMAZON_LINUX

Valid properties: PRODUCT | CLASSIFICATION | SEVERITY

AMAZON_LINUX_2

Valid properties: PRODUCT | CLASSIFICATION | SEVERITY

AMAZON_LINUX_2023

Valid properties: PRODUCT | CLASSIFICATION | SEVERITY

CENTOS

Valid properties: PRODUCT | CLASSIFICATION | SEVERITY

DEBIAN

Valid properties: PRODUCT | PRIORITY

MACOS

Valid properties: PRODUCT | CLASSIFICATION

ORACLE_LINUX

Valid properties: PRODUCT | CLASSIFICATION | SEVERITY

REDHAT_ENTERPRISE_LINUX

Valid properties: PRODUCT | CLASSIFICATION | SEVERITY

SUSE

Valid properties: PRODUCT | CLASSIFICATION | SEVERITY

UBUNTU

Valid properties: PRODUCT | PRIORITY

WINDOWS

Valid properties: PRODUCT | PRODUCT_FAMILY | CLASSIFICATION | MSRC_SEVERITY

Parameter Syntax

$result = $client->describePatchProperties([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023', // REQUIRED
    'PatchSet' => 'OS|APPLICATION',
    'Property' => 'PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|MSRC_SEVERITY|PRIORITY|SEVERITY', // REQUIRED
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

OperatingSystem
Required: Yes
Type: string

The operating system type for which to list patches.

PatchSet
Type: string

Indicates whether to list patches for the Windows operating system or for applications released by Microsoft. Not applicable for the Linux or macOS operating systems.

Property
Required: Yes
Type: string

The patch property for which you want to view patch details.

Result Syntax

[
    'NextToken' => '<string>',
    'Properties' => [
        ['<string>', ...],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token for the next set of items to return. (You use this token in the next call.)

Properties
Type: Array of stringss

A list of the properties for patches matching the filter request parameters.

Errors

InternalServerError:

An error occurred on the server side.

DescribeSessions

$result = $client->describeSessions([/* ... */]);
$promise = $client->describeSessionsAsync([/* ... */]);

Retrieves a list of all active sessions (both connected and disconnected) or terminated sessions from the past 30 days.

Parameter Syntax

$result = $client->describeSessions([
    'Filters' => [
        [
            'key' => 'InvokedAfter|InvokedBefore|Target|Owner|Status|SessionId', // REQUIRED
            'value' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'State' => 'Active|History', // REQUIRED
]);

Parameter Details

Members
Filters
Type: Array of SessionFilter structures

One or more filters to limit the type of sessions returned by the request.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

State
Required: Yes
Type: string

The session status to retrieve a list of sessions for. For example, "Active".

Result Syntax

[
    'NextToken' => '<string>',
    'Sessions' => [
        [
            'Details' => '<string>',
            'DocumentName' => '<string>',
            'EndDate' => <DateTime>,
            'MaxSessionDuration' => '<string>',
            'OutputUrl' => [
                'CloudWatchOutputUrl' => '<string>',
                'S3OutputUrl' => '<string>',
            ],
            'Owner' => '<string>',
            'Reason' => '<string>',
            'SessionId' => '<string>',
            'StartDate' => <DateTime>,
            'Status' => 'Connected|Connecting|Disconnected|Terminated|Terminating|Failed',
            'Target' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Sessions
Type: Array of Session structures

A list of sessions meeting the request parameters.

Errors

InternalServerError:

An error occurred on the server side.

InvalidFilterKey:

The specified key isn't valid.

InvalidNextToken:

The specified token isn't valid.

DisassociateOpsItemRelatedItem

$result = $client->disassociateOpsItemRelatedItem([/* ... */]);
$promise = $client->disassociateOpsItemRelatedItemAsync([/* ... */]);

Deletes the association between an OpsItem and a related item. For example, this API operation can delete an Incident Manager incident from an OpsItem. Incident Manager is a capability of Amazon Web Services Systems Manager.

Parameter Syntax

$result = $client->disassociateOpsItemRelatedItem([
    'AssociationId' => '<string>', // REQUIRED
    'OpsItemId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AssociationId
Required: Yes
Type: string

The ID of the association for which you want to delete an association between the OpsItem and a related item.

OpsItemId
Required: Yes
Type: string

The ID of the OpsItem for which you want to delete an association between the OpsItem and a related item.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerError:

An error occurred on the server side.

OpsItemRelatedItemAssociationNotFoundException:

The association wasn't found using the parameters you specified in the call. Verify the information and try again.

OpsItemNotFoundException:

The specified OpsItem ID doesn't exist. Verify the ID and try again.

OpsItemInvalidParameterException:

A specified parameter argument isn't valid. Verify the available arguments and try again.

OpsItemConflictException:

The specified OpsItem is in the process of being deleted.

GetAutomationExecution

$result = $client->getAutomationExecution([/* ... */]);
$promise = $client->getAutomationExecutionAsync([/* ... */]);

Get detailed information about a particular Automation execution.

Parameter Syntax

$result = $client->getAutomationExecution([
    'AutomationExecutionId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AutomationExecutionId
Required: Yes
Type: string

The unique identifier for an existing automation execution to examine. The execution ID is returned by StartAutomationExecution when the execution of an Automation runbook is initiated.

Result Syntax

[
    'AutomationExecution' => [
        'AlarmConfiguration' => [
            'Alarms' => [
                [
                    'Name' => '<string>',
                ],
                // ...
            ],
            'IgnorePollAlarmFailure' => true || false,
        ],
        'AssociationId' => '<string>',
        'AutomationExecutionId' => '<string>',
        'AutomationExecutionStatus' => 'Pending|InProgress|Waiting|Success|TimedOut|Cancelling|Cancelled|Failed|PendingApproval|Approved|Rejected|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|CompletedWithSuccess|CompletedWithFailure|Exited',
        'AutomationSubtype' => 'ChangeRequest',
        'ChangeRequestName' => '<string>',
        'CurrentAction' => '<string>',
        'CurrentStepName' => '<string>',
        'DocumentName' => '<string>',
        'DocumentVersion' => '<string>',
        'ExecutedBy' => '<string>',
        'ExecutionEndTime' => <DateTime>,
        'ExecutionStartTime' => <DateTime>,
        'FailureMessage' => '<string>',
        'MaxConcurrency' => '<string>',
        'MaxErrors' => '<string>',
        'Mode' => 'Auto|Interactive',
        'OpsItemId' => '<string>',
        'Outputs' => [
            '<AutomationParameterKey>' => ['<string>', ...],
            // ...
        ],
        'Parameters' => [
            '<AutomationParameterKey>' => ['<string>', ...],
            // ...
        ],
        'ParentAutomationExecutionId' => '<string>',
        'ProgressCounters' => [
            'CancelledSteps' => <integer>,
            'FailedSteps' => <integer>,
            'SuccessSteps' => <integer>,
            'TimedOutSteps' => <integer>,
            'TotalSteps' => <integer>,
        ],
        'ResolvedTargets' => [
            'ParameterValues' => ['<string>', ...],
            'Truncated' => true || false,
        ],
        'Runbooks' => [
            [
                'DocumentName' => '<string>',
                'DocumentVersion' => '<string>',
                'MaxConcurrency' => '<string>',
                'MaxErrors' => '<string>',
                'Parameters' => [
                    '<AutomationParameterKey>' => ['<string>', ...],
                    // ...
                ],
                'TargetLocations' => [
                    [
                        'Accounts' => ['<string>', ...],
                        'ExcludeAccounts' => ['<string>', ...],
                        'ExecutionRoleName' => '<string>',
                        'IncludeChildOrganizationUnits' => true || false,
                        'Regions' => ['<string>', ...],
                        'TargetLocationAlarmConfiguration' => [
                            'Alarms' => [
                                [
                                    'Name' => '<string>',
                                ],
                                // ...
                            ],
                            'IgnorePollAlarmFailure' => true || false,
                        ],
                        'TargetLocationMaxConcurrency' => '<string>',
                        'TargetLocationMaxErrors' => '<string>',
                        'Targets' => [
                            [
                                'Key' => '<string>',
                                'Values' => ['<string>', ...],
                            ],
                            // ...
                        ],
                        'TargetsMaxConcurrency' => '<string>',
                        'TargetsMaxErrors' => '<string>',
                    ],
                    // ...
                ],
                'TargetMaps' => [
                    [
                        '<TargetMapKey>' => ['<string>', ...],
                        // ...
                    ],
                    // ...
                ],
                'TargetParameterName' => '<string>',
                'Targets' => [
                    [
                        'Key' => '<string>',
                        'Values' => ['<string>', ...],
                    ],
                    // ...
                ],
            ],
            // ...
        ],
        'ScheduledTime' => <DateTime>,
        'StepExecutions' => [
            [
                'Action' => '<string>',
                'ExecutionEndTime' => <DateTime>,
                'ExecutionStartTime' => <DateTime>,
                'FailureDetails' => [
                    'Details' => [
                        '<AutomationParameterKey>' => ['<string>', ...],
                        // ...
                    ],
                    'FailureStage' => '<string>',
                    'FailureType' => '<string>',
                ],
                'FailureMessage' => '<string>',
                'Inputs' => ['<string>', ...],
                'IsCritical' => true || false,
                'IsEnd' => true || false,
                'MaxAttempts' => <integer>,
                'NextStep' => '<string>',
                'OnFailure' => '<string>',
                'Outputs' => [
                    '<AutomationParameterKey>' => ['<string>', ...],
                    // ...
                ],
                'OverriddenParameters' => [
                    '<AutomationParameterKey>' => ['<string>', ...],
                    // ...
                ],
                'ParentStepDetails' => [
                    'Action' => '<string>',
                    'Iteration' => <integer>,
                    'IteratorValue' => '<string>',
                    'StepExecutionId' => '<string>',
                    'StepName' => '<string>',
                ],
                'Response' => '<string>',
                'ResponseCode' => '<string>',
                'StepExecutionId' => '<string>',
                'StepName' => '<string>',
                'StepStatus' => 'Pending|InProgress|Waiting|Success|TimedOut|Cancelling|Cancelled|Failed|PendingApproval|Approved|Rejected|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|CompletedWithSuccess|CompletedWithFailure|Exited',
                'TargetLocation' => [
                    'Accounts' => ['<string>', ...],
                    'ExcludeAccounts' => ['<string>', ...],
                    'ExecutionRoleName' => '<string>',
                    'IncludeChildOrganizationUnits' => true || false,
                    'Regions' => ['<string>', ...],
                    'TargetLocationAlarmConfiguration' => [
                        'Alarms' => [
                            [
                                'Name' => '<string>',
                            ],
                            // ...
                        ],
                        'IgnorePollAlarmFailure' => true || false,
                    ],
                    'TargetLocationMaxConcurrency' => '<string>',
                    'TargetLocationMaxErrors' => '<string>',
                    'Targets' => [
                        [
                            'Key' => '<string>',
                            'Values' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'TargetsMaxConcurrency' => '<string>',
                    'TargetsMaxErrors' => '<string>',
                ],
                'Targets' => [
                    [
                        'Key' => '<string>',
                        'Values' => ['<string>', ...],
                    ],
                    // ...
                ],
                'TimeoutSeconds' => <integer>,
                'TriggeredAlarms' => [
                    [
                        'Name' => '<string>',
                        'State' => 'UNKNOWN|ALARM',
                    ],
                    // ...
                ],
                'ValidNextSteps' => ['<string>', ...],
            ],
            // ...
        ],
        'StepExecutionsTruncated' => true || false,
        'Target' => '<string>',
        'TargetLocations' => [
            [
                'Accounts' => ['<string>', ...],
                'ExcludeAccounts' => ['<string>', ...],
                'ExecutionRoleName' => '<string>',
                'IncludeChildOrganizationUnits' => true || false,
                'Regions' => ['<string>', ...],
                'TargetLocationAlarmConfiguration' => [
                    'Alarms' => [
                        [
                            'Name' => '<string>',
                        ],
                        // ...
                    ],
                    'IgnorePollAlarmFailure' => true || false,
                ],
                'TargetLocationMaxConcurrency' => '<string>',
                'TargetLocationMaxErrors' => '<string>',
                'Targets' => [
                    [
                        'Key' => '<string>',
                        'Values' => ['<string>', ...],
                    ],
                    // ...
                ],
                'TargetsMaxConcurrency' => '<string>',
                'TargetsMaxErrors' => '<string>',
            ],
            // ...
        ],
        'TargetLocationsURL' => '<string>',
        'TargetMaps' => [
            [
                '<TargetMapKey>' => ['<string>', ...],
                // ...
            ],
            // ...
        ],
        'TargetParameterName' => '<string>',
        'Targets' => [
            [
                'Key' => '<string>',
                'Values' => ['<string>', ...],
            ],
            // ...
        ],
        'TriggeredAlarms' => [
            [
                'Name' => '<string>',
                'State' => 'UNKNOWN|ALARM',
            ],
            // ...
        ],
        'Variables' => [
            '<AutomationParameterKey>' => ['<string>', ...],
            // ...
        ],
    ],
]

Result Details

Members
AutomationExecution
Type: AutomationExecution structure

Detailed information about the current state of an automation execution.

Errors

AutomationExecutionNotFoundException:

There is no automation execution information for the requested automation execution ID.

InternalServerError:

An error occurred on the server side.

GetCalendarState

$result = $client->getCalendarState([/* ... */]);
$promise = $client->getCalendarStateAsync([/* ... */]);

Gets the state of a Amazon Web Services Systems Manager change calendar at the current time or a specified time. If you specify a time, GetCalendarState returns the state of the calendar at that specific time, and returns the next time that the change calendar state will transition. If you don't specify a time, GetCalendarState uses the current time. Change Calendar entries have two possible states: OPEN or CLOSED.

If you specify more than one calendar in a request, the command returns the status of OPEN only if all calendars in the request are open. If one or more calendars in the request are closed, the status returned is CLOSED.

For more information about Change Calendar, a capability of Amazon Web Services Systems Manager, see Amazon Web Services Systems Manager Change Calendar in the Amazon Web Services Systems Manager User Guide.

Parameter Syntax

$result = $client->getCalendarState([
    'AtTime' => '<string>',
    'CalendarNames' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
AtTime
Type: string

(Optional) The specific time for which you want to get calendar state information, in ISO 8601 format. If you don't specify a value or AtTime, the current time is used.

CalendarNames
Required: Yes
Type: Array of strings

The names or Amazon Resource Names (ARNs) of the Systems Manager documents (SSM documents) that represent the calendar entries for which you want to get the state.

Result Syntax

[
    'AtTime' => '<string>',
    'NextTransitionTime' => '<string>',
    'State' => 'OPEN|CLOSED',
]

Result Details

Members
AtTime
Type: string

The time, as an ISO 8601 string, that you specified in your command. If you don't specify a time, GetCalendarState uses the current time.

NextTransitionTime
Type: string

The time, as an ISO 8601 string, that the calendar state will change. If the current calendar state is OPEN, NextTransitionTime indicates when the calendar state changes to CLOSED, and vice-versa.

State
Type: string

The state of the calendar. An OPEN calendar indicates that actions are allowed to proceed, and a CLOSED calendar indicates that actions aren't allowed to proceed.

Errors

InternalServerError:

An error occurred on the server side.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidDocumentType:

The SSM document type isn't valid. Valid document types are described in the DocumentType property.

UnsupportedCalendarException:

The calendar entry contained in the specified SSM document isn't supported.

GetCommandInvocation

$result = $client->getCommandInvocation([/* ... */]);
$promise = $client->getCommandInvocationAsync([/* ... */]);

Returns detailed information about command execution for an invocation or plugin. The Run Command API follows an eventual consistency model, due to the distributed nature of the system supporting the API. This means that the result of an API command you run that affects your resources might not be immediately visible to all subsequent commands you run. You should keep this in mind when you carry out an API command that immediately follows a previous API command.

GetCommandInvocation only gives the execution status of a plugin in a document. To get the command execution status on a specific managed node, use ListCommandInvocations. To get the command execution status across managed nodes, use ListCommands.

Parameter Syntax

$result = $client->getCommandInvocation([
    'CommandId' => '<string>', // REQUIRED
    'InstanceId' => '<string>', // REQUIRED
    'PluginName' => '<string>',
]);

Parameter Details

Members
CommandId
Required: Yes
Type: string

(Required) The parent command ID of the invocation plugin.

InstanceId
Required: Yes
Type: string

(Required) The ID of the managed node targeted by the command. A managed node can be an Amazon Elastic Compute Cloud (Amazon EC2) instance, edge device, and on-premises server or VM in your hybrid environment that is configured for Amazon Web Services Systems Manager.

PluginName
Type: string

The name of the step for which you want detailed results. If the document contains only one step, you can omit the name and details for that step. If the document contains more than one step, you must specify the name of the step for which you want to view details. Be sure to specify the name of the step, not the name of a plugin like aws:RunShellScript.

To find the PluginName, check the document content and find the name of the step you want details for. Alternatively, use ListCommandInvocations with the CommandId and Details parameters. The PluginName is the Name attribute of the CommandPlugin object in the CommandPlugins list.

Result Syntax

[
    'CloudWatchOutputConfig' => [
        'CloudWatchLogGroupName' => '<string>',
        'CloudWatchOutputEnabled' => true || false,
    ],
    'CommandId' => '<string>',
    'Comment' => '<string>',
    'DocumentName' => '<string>',
    'DocumentVersion' => '<string>',
    'ExecutionElapsedTime' => '<string>',
    'ExecutionEndDateTime' => '<string>',
    'ExecutionStartDateTime' => '<string>',
    'InstanceId' => '<string>',
    'PluginName' => '<string>',
    'ResponseCode' => <integer>,
    'StandardErrorContent' => '<string>',
    'StandardErrorUrl' => '<string>',
    'StandardOutputContent' => '<string>',
    'StandardOutputUrl' => '<string>',
    'Status' => 'Pending|InProgress|Delayed|Success|Cancelled|TimedOut|Failed|Cancelling',
    'StatusDetails' => '<string>',
]

Result Details

Members
CloudWatchOutputConfig
Type: CloudWatchOutputConfig structure

Amazon CloudWatch Logs information where Systems Manager sent the command output.

CommandId
Type: string

The parent command ID of the invocation plugin.

Comment
Type: string

The comment text for the command.

DocumentName
Type: string

The name of the document that was run. For example, AWS-RunShellScript.

DocumentVersion
Type: string

The Systems Manager document (SSM document) version used in the request.

ExecutionElapsedTime
Type: string

Duration since ExecutionStartDateTime.

ExecutionEndDateTime
Type: string

The date and time the plugin finished running. Date and time are written in ISO 8601 format. For example, June 7, 2017 is represented as 2017-06-7. The following sample Amazon Web Services CLI command uses the InvokedAfter filter.

aws ssm list-commands --filters key=InvokedAfter,value=2017-06-07T00:00:00Z

If the plugin hasn't started to run, the string is empty.

ExecutionStartDateTime
Type: string

The date and time the plugin started running. Date and time are written in ISO 8601 format. For example, June 7, 2017 is represented as 2017-06-7. The following sample Amazon Web Services CLI command uses the InvokedBefore filter.

aws ssm list-commands --filters key=InvokedBefore,value=2017-06-07T00:00:00Z

If the plugin hasn't started to run, the string is empty.

InstanceId
Type: string

The ID of the managed node targeted by the command. A managed node can be an Amazon Elastic Compute Cloud (Amazon EC2) instance, edge device, or on-premises server or VM in your hybrid environment that is configured for Amazon Web Services Systems Manager.

PluginName
Type: string

The name of the plugin, or step name, for which details are reported. For example, aws:RunShellScript is a plugin.

ResponseCode
Type: int

The error level response code for the plugin script. If the response code is -1, then the command hasn't started running on the managed node, or it wasn't received by the node.

StandardErrorContent
Type: string

The first 8,000 characters written by the plugin to stderr. If the command hasn't finished running, then this string is empty.

StandardErrorUrl
Type: string

The URL for the complete text written by the plugin to stderr. If the command hasn't finished running, then this string is empty.

StandardOutputContent
Type: string

The first 24,000 characters written by the plugin to stdout. If the command hasn't finished running, if ExecutionStatus is neither Succeeded nor Failed, then this string is empty.

StandardOutputUrl
Type: string

The URL for the complete text written by the plugin to stdout in Amazon Simple Storage Service (Amazon S3). If an S3 bucket wasn't specified, then this string is empty.

Status
Type: string

The status of this invocation plugin. This status can be different than StatusDetails.

StatusDetails
Type: string

A detailed status of the command execution for an invocation. StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide. StatusDetails can be one of the following values:

  • Pending: The command hasn't been sent to the managed node.

  • In Progress: The command has been sent to the managed node but hasn't reached a terminal state.

  • Delayed: The system attempted to send the command to the target, but the target wasn't available. The managed node might not be available because of network issues, because the node was stopped, or for similar reasons. The system will try to send the command again.

  • Success: The command or plugin ran successfully. This is a terminal state.

  • Delivery Timed Out: The command wasn't delivered to the managed node before the delivery timeout expired. Delivery timeouts don't count against the parent command's MaxErrors limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state.

  • Execution Timed Out: The command started to run on the managed node, but the execution wasn't complete before the timeout expired. Execution timeouts count against the MaxErrors limit of the parent command. This is a terminal state.

  • Failed: The command wasn't run successfully on the managed node. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the MaxErrors limit of the parent command. This is a terminal state.

  • Cancelled: The command was terminated before it was completed. This is a terminal state.

  • Undeliverable: The command can't be delivered to the managed node. The node might not exist or might not be responding. Undeliverable invocations don't count against the parent command's MaxErrors limit and don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state.

  • Terminated: The parent command exceeded its MaxErrors limit and subsequent command invocations were canceled by the system. This is a terminal state.

Errors

InternalServerError:

An error occurred on the server side.

InvalidCommandId:

The specified command ID isn't valid. Verify the ID and try again.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InvalidPluginName:

The plugin name isn't valid.

InvocationDoesNotExist:

The command ID and managed node ID you specified didn't match any invocations. Verify the command ID and the managed node ID and try again.

GetConnectionStatus

$result = $client->getConnectionStatus([/* ... */]);
$promise = $client->getConnectionStatusAsync([/* ... */]);

Retrieves the Session Manager connection status for a managed node to determine whether it is running and ready to receive Session Manager connections.

Parameter Syntax

$result = $client->getConnectionStatus([
    'Target' => '<string>', // REQUIRED
]);

Parameter Details

Members
Target
Required: Yes
Type: string

The managed node ID.

Result Syntax

[
    'Status' => 'connected|notconnected',
    'Target' => '<string>',
]

Result Details

Members
Status
Type: string

The status of the connection to the managed node.

Target
Type: string

The ID of the managed node to check connection status.

Errors

InternalServerError:

An error occurred on the server side.

GetDefaultPatchBaseline

$result = $client->getDefaultPatchBaseline([/* ... */]);
$promise = $client->getDefaultPatchBaselineAsync([/* ... */]);

Retrieves the default patch baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.

If you don't specify an operating system value, the default patch baseline for Windows is returned.

Parameter Syntax

$result = $client->getDefaultPatchBaseline([
    'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023',
]);

Parameter Details

Members
OperatingSystem
Type: string

Returns the default patch baseline for the specified operating system.

Result Syntax

[
    'BaselineId' => '<string>',
    'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023',
]

Result Details

Members
BaselineId
Type: string

The ID of the default patch baseline.

OperatingSystem
Type: string

The operating system for the returned patch baseline.

Errors

InternalServerError:

An error occurred on the server side.

GetDeployablePatchSnapshotForInstance

$result = $client->getDeployablePatchSnapshotForInstance([/* ... */]);
$promise = $client->getDeployablePatchSnapshotForInstanceAsync([/* ... */]);

Retrieves the current snapshot for the patch baseline the managed node uses. This API is primarily used by the AWS-RunPatchBaseline Systems Manager document (SSM document).

If you run the command locally, such as with the Command Line Interface (CLI), the system attempts to use your local Amazon Web Services credentials and the operation fails. To avoid this, you can run the command in the Amazon Web Services Systems Manager console. Use Run Command, a capability of Amazon Web Services Systems Manager, with an SSM document that enables you to target a managed node with a script or command. For example, run the command using the AWS-RunShellScript document or the AWS-RunPowerShellScript document.

Parameter Syntax

$result = $client->getDeployablePatchSnapshotForInstance([
    'BaselineOverride' => [
        'ApprovalRules' => [
            'PatchRules' => [ // REQUIRED
                [
                    'ApproveAfterDays' => <integer>,
                    'ApproveUntilDate' => '<string>',
                    'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED',
                    'EnableNonSecurity' => true || false,
                    'PatchFilterGroup' => [ // REQUIRED
                        'PatchFilters' => [ // REQUIRED
                            [
                                'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED
                                'Values' => ['<string>', ...], // REQUIRED
                            ],
                            // ...
                        ],
                    ],
                ],
                // ...
            ],
        ],
        'ApprovedPatches' => ['<string>', ...],
        'ApprovedPatchesComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED',
        'ApprovedPatchesEnableNonSecurity' => true || false,
        'GlobalFilters' => [
            'PatchFilters' => [ // REQUIRED
                [
                    'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED
                    'Values' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
        ],
        'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023',
        'RejectedPatches' => ['<string>', ...],
        'RejectedPatchesAction' => 'ALLOW_AS_DEPENDENCY|BLOCK',
        'Sources' => [
            [
                'Configuration' => '<string>', // REQUIRED
                'Name' => '<string>', // REQUIRED
                'Products' => ['<string>', ...], // REQUIRED
            ],
            // ...
        ],
    ],
    'InstanceId' => '<string>', // REQUIRED
    'SnapshotId' => '<string>', // REQUIRED
]);

Parameter Details

Members
BaselineOverride
Type: BaselineOverride structure

Defines the basic information about a patch baseline override.

InstanceId
Required: Yes
Type: string

The ID of the managed node for which the appropriate patch snapshot should be retrieved.

SnapshotId
Required: Yes
Type: string

The snapshot ID provided by the user when running AWS-RunPatchBaseline.

Result Syntax

[
    'InstanceId' => '<string>',
    'Product' => '<string>',
    'SnapshotDownloadUrl' => '<string>',
    'SnapshotId' => '<string>',
]

Result Details

Members
InstanceId
Type: string

The managed node ID.

Product
Type: string

Returns the specific operating system (for example Windows Server 2012 or Amazon Linux 2015.09) on the managed node for the specified patch snapshot.

SnapshotDownloadUrl
Type: string

A pre-signed Amazon Simple Storage Service (Amazon S3) URL that can be used to download the patch snapshot.

SnapshotId
Type: string

The user-defined snapshot ID.

Errors

InternalServerError:

An error occurred on the server side.

UnsupportedOperatingSystem:

The operating systems you specified isn't supported, or the operation isn't supported for the operating system.

UnsupportedFeatureRequiredException:

Patching for applications released by Microsoft is only available on EC2 instances and advanced instances. To patch applications released by Microsoft on on-premises servers and VMs, you must enable advanced instances. For more information, see Turning on the advanced-instances tier in the Amazon Web Services Systems Manager User Guide.

GetDocument

$result = $client->getDocument([/* ... */]);
$promise = $client->getDocumentAsync([/* ... */]);

Gets the contents of the specified Amazon Web Services Systems Manager document (SSM document).

Parameter Syntax

$result = $client->getDocument([
    'DocumentFormat' => 'YAML|JSON|TEXT',
    'DocumentVersion' => '<string>',
    'Name' => '<string>', // REQUIRED
    'VersionName' => '<string>',
]);

Parameter Details

Members
DocumentFormat
Type: string

Returns the document in the specified format. The document format can be either JSON or YAML. JSON is the default format.

DocumentVersion
Type: string

The document version for which you want information.

Name
Required: Yes
Type: string

The name of the SSM document.

VersionName
Type: string

An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document and can't be changed.

Result Syntax

[
    'AttachmentsContent' => [
        [
            'Hash' => '<string>',
            'HashType' => 'Sha256',
            'Name' => '<string>',
            'Size' => <integer>,
            'Url' => '<string>',
        ],
        // ...
    ],
    'Content' => '<string>',
    'CreatedDate' => <DateTime>,
    'DisplayName' => '<string>',
    'DocumentFormat' => 'YAML|JSON|TEXT',
    'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup',
    'DocumentVersion' => '<string>',
    'Name' => '<string>',
    'Requires' => [
        [
            'Name' => '<string>',
            'RequireType' => '<string>',
            'Version' => '<string>',
            'VersionName' => '<string>',
        ],
        // ...
    ],
    'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED',
    'Status' => 'Creating|Active|Updating|Deleting|Failed',
    'StatusInformation' => '<string>',
    'VersionName' => '<string>',
]

Result Details

Members
AttachmentsContent
Type: Array of AttachmentContent structures

A description of the document attachments, including names, locations, sizes, and so on.

Content
Type: string

The contents of the SSM document.

CreatedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the SSM document was created.

DisplayName
Type: string

The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.

DocumentFormat
Type: string

The document format, either JSON or YAML.

DocumentType
Type: string

The document type.

DocumentVersion
Type: string

The document version.

Name
Type: string

The name of the SSM document.

Requires
Type: Array of DocumentRequires structures

A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.

ReviewStatus
Type: string

The current review status of a new custom Systems Manager document (SSM document) created by a member of your organization, or of the latest version of an existing SSM document.

Only one version of an SSM document can be in the APPROVED state at a time. When a new version is approved, the status of the previous version changes to REJECTED.

Only one version of an SSM document can be in review, or PENDING, at a time.

Status
Type: string

The status of the SSM document, such as Creating, Active, Updating, Failed, and Deleting.

StatusInformation
Type: string

A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."

VersionName
Type: string

The version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

Errors

InternalServerError:

An error occurred on the server side.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidDocumentVersion:

The document version isn't valid or doesn't exist.

GetInventory

$result = $client->getInventory([/* ... */]);
$promise = $client->getInventoryAsync([/* ... */]);

Query inventory information. This includes managed node status, such as Stopped or Terminated.

Parameter Syntax

$result = $client->getInventory([
    'Aggregators' => [
        [
            'Aggregators' => [...], // RECURSIVE
            'Expression' => '<string>',
            'Groups' => [
                [
                    'Filters' => [ // REQUIRED
                        [
                            'Key' => '<string>', // REQUIRED
                            'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists',
                            'Values' => ['<string>', ...], // REQUIRED
                        ],
                        // ...
                    ],
                    'Name' => '<string>', // REQUIRED
                ],
                // ...
            ],
        ],
        // ...
    ],
    'Filters' => [
        [
            'Key' => '<string>', // REQUIRED
            'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists',
            'Values' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'ResultAttributes' => [
        [
            'TypeName' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
Aggregators
Type: Array of InventoryAggregator structures

Returns counts of inventory types based on one or more expressions. For example, if you aggregate by using an expression that uses the AWS:InstanceInformation.PlatformType type, you can see a count of how many Windows and Linux managed nodes exist in your inventoried fleet.

Filters
Type: Array of InventoryFilter structures

One or more filters. Use a filter to return a more specific list of results.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

ResultAttributes
Type: Array of ResultAttribute structures

The list of inventory item types to return.

Result Syntax

[
    'Entities' => [
        [
            'Data' => [
                '<InventoryResultItemKey>' => [
                    'CaptureTime' => '<string>',
                    'Content' => [
                        ['<string>', ...],
                        // ...
                    ],
                    'ContentHash' => '<string>',
                    'SchemaVersion' => '<string>',
                    'TypeName' => '<string>',
                ],
                // ...
            ],
            'Id' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Entities
Type: Array of InventoryResultEntity structures

Collection of inventory entities such as a collection of managed node inventory.

NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Errors

InternalServerError:

An error occurred on the server side.

InvalidFilter:

The filter name isn't valid. Verify the you entered the correct name and try again.

InvalidInventoryGroupException:

The specified inventory group isn't valid.

InvalidNextToken:

The specified token isn't valid.

InvalidTypeNameException:

The parameter type name isn't valid.

InvalidAggregatorException:

The specified aggregator isn't valid for inventory groups. Verify that the aggregator uses a valid inventory type such as AWS:Application or AWS:InstanceInformation.

InvalidResultAttributeException:

The specified inventory item result attribute isn't valid.

GetInventorySchema

$result = $client->getInventorySchema([/* ... */]);
$promise = $client->getInventorySchemaAsync([/* ... */]);

Return a list of inventory type names for the account, or return a list of attribute names for a specific Inventory item type.

Parameter Syntax

$result = $client->getInventorySchema([
    'Aggregator' => true || false,
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'SubType' => true || false,
    'TypeName' => '<string>',
]);

Parameter Details

Members
Aggregator
Type: boolean

Returns inventory schemas that support aggregation. For example, this call returns the AWS:InstanceInformation type, because it supports aggregation based on the PlatformName, PlatformType, and PlatformVersion attributes.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

SubType
Type: boolean

Returns the sub-type schema for a specified inventory type.

TypeName
Type: string

The type of inventory item to return.

Result Syntax

[
    'NextToken' => '<string>',
    'Schemas' => [
        [
            'Attributes' => [
                [
                    'DataType' => 'string|number',
                    'Name' => '<string>',
                ],
                // ...
            ],
            'DisplayName' => '<string>',
            'TypeName' => '<string>',
            'Version' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Schemas
Type: Array of InventoryItemSchema structures

Inventory schemas returned by the request.

Errors

InternalServerError:

An error occurred on the server side.

InvalidTypeNameException:

The parameter type name isn't valid.

InvalidNextToken:

The specified token isn't valid.

GetMaintenanceWindow

$result = $client->getMaintenanceWindow([/* ... */]);
$promise = $client->getMaintenanceWindowAsync([/* ... */]);

Retrieves a maintenance window.

Parameter Syntax

$result = $client->getMaintenanceWindow([
    'WindowId' => '<string>', // REQUIRED
]);

Parameter Details

Members
WindowId
Required: Yes
Type: string

The ID of the maintenance window for which you want to retrieve information.

Result Syntax

[
    'AllowUnassociatedTargets' => true || false,
    'CreatedDate' => <DateTime>,
    'Cutoff' => <integer>,
    'Description' => '<string>',
    'Duration' => <integer>,
    'Enabled' => true || false,
    'EndDate' => '<string>',
    'ModifiedDate' => <DateTime>,
    'Name' => '<string>',
    'NextExecutionTime' => '<string>',
    'Schedule' => '<string>',
    'ScheduleOffset' => <integer>,
    'ScheduleTimezone' => '<string>',
    'StartDate' => '<string>',
    'WindowId' => '<string>',
]

Result Details

Members
AllowUnassociatedTargets
Type: boolean

Whether targets must be registered with the maintenance window before tasks can be defined for those targets.

CreatedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the maintenance window was created.

Cutoff
Type: int

The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.

Description
Type: string

The description of the maintenance window.

Duration
Type: int

The duration of the maintenance window in hours.

Enabled
Type: boolean

Indicates whether the maintenance window is enabled.

EndDate
Type: string

The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive. The maintenance window won't run after this specified time.

ModifiedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the maintenance window was last modified.

Name
Type: string

The name of the maintenance window.

NextExecutionTime
Type: string

The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive.

Schedule
Type: string

The schedule of the maintenance window in the form of a cron or rate expression.

ScheduleOffset
Type: int

The number of days to wait to run a maintenance window after the scheduled cron expression date and time.

ScheduleTimezone
Type: string

The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.

StartDate
Type: string

The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. The maintenance window won't run before this specified time.

WindowId
Type: string

The ID of the created maintenance window.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

GetMaintenanceWindowExecution

$result = $client->getMaintenanceWindowExecution([/* ... */]);
$promise = $client->getMaintenanceWindowExecutionAsync([/* ... */]);

Retrieves details about a specific a maintenance window execution.

Parameter Syntax

$result = $client->getMaintenanceWindowExecution([
    'WindowExecutionId' => '<string>', // REQUIRED
]);

Parameter Details

Members
WindowExecutionId
Required: Yes
Type: string

The ID of the maintenance window execution that includes the task.

Result Syntax

[
    'EndTime' => <DateTime>,
    'StartTime' => <DateTime>,
    'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING',
    'StatusDetails' => '<string>',
    'TaskIds' => ['<string>', ...],
    'WindowExecutionId' => '<string>',
]

Result Details

Members
EndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the maintenance window finished running.

StartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the maintenance window started running.

Status
Type: string

The status of the maintenance window execution.

StatusDetails
Type: string

The details explaining the status. Not available for all status values.

TaskIds
Type: Array of strings

The ID of the task executions from the maintenance window execution.

WindowExecutionId
Type: string

The ID of the maintenance window execution.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

GetMaintenanceWindowExecutionTask

$result = $client->getMaintenanceWindowExecutionTask([/* ... */]);
$promise = $client->getMaintenanceWindowExecutionTaskAsync([/* ... */]);

Retrieves the details about a specific task run as part of a maintenance window execution.

Parameter Syntax

$result = $client->getMaintenanceWindowExecutionTask([
    'TaskId' => '<string>', // REQUIRED
    'WindowExecutionId' => '<string>', // REQUIRED
]);

Parameter Details

Members
TaskId
Required: Yes
Type: string

The ID of the specific task execution in the maintenance window task that should be retrieved.

WindowExecutionId
Required: Yes
Type: string

The ID of the maintenance window execution that includes the task.

Result Syntax

[
    'AlarmConfiguration' => [
        'Alarms' => [
            [
                'Name' => '<string>',
            ],
            // ...
        ],
        'IgnorePollAlarmFailure' => true || false,
    ],
    'EndTime' => <DateTime>,
    'MaxConcurrency' => '<string>',
    'MaxErrors' => '<string>',
    'Priority' => <integer>,
    'ServiceRole' => '<string>',
    'StartTime' => <DateTime>,
    'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING',
    'StatusDetails' => '<string>',
    'TaskArn' => '<string>',
    'TaskExecutionId' => '<string>',
    'TaskParameters' => [
        [
            '<MaintenanceWindowTaskParameterName>' => [
                'Values' => ['<string>', ...],
            ],
            // ...
        ],
        // ...
    ],
    'TriggeredAlarms' => [
        [
            'Name' => '<string>',
            'State' => 'UNKNOWN|ALARM',
        ],
        // ...
    ],
    'Type' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA',
    'WindowExecutionId' => '<string>',
]

Result Details

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The details for the CloudWatch alarm you applied to your maintenance window task.

EndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the task execution completed.

MaxConcurrency
Type: string

The defined maximum number of task executions that could be run in parallel.

MaxErrors
Type: string

The defined maximum number of task execution errors allowed before scheduling of the task execution would have been stopped.

Priority
Type: int

The priority of the task.

ServiceRole
Type: string

The role that was assumed when running the task.

StartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the task execution started.

Status
Type: string

The status of the task.

StatusDetails
Type: string

The details explaining the status. Not available for all status values.

TaskArn
Type: string

The Amazon Resource Name (ARN) of the task that ran.

TaskExecutionId
Type: string

The ID of the specific task execution in the maintenance window task that was retrieved.

TaskParameters

The parameters passed to the task when it was run.

TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

The map has the following format:

  • Key: string, between 1 and 255 characters

  • Value: an array of strings, each between 1 and 255 characters

TriggeredAlarms
Type: Array of AlarmStateInformation structures

The CloudWatch alarms that were invoked by the maintenance window task.

Type
Type: string

The type of task that was run.

WindowExecutionId
Type: string

The ID of the maintenance window execution that includes the task.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

GetMaintenanceWindowExecutionTaskInvocation

$result = $client->getMaintenanceWindowExecutionTaskInvocation([/* ... */]);
$promise = $client->getMaintenanceWindowExecutionTaskInvocationAsync([/* ... */]);

Retrieves information about a specific task running on a specific target.

Parameter Syntax

$result = $client->getMaintenanceWindowExecutionTaskInvocation([
    'InvocationId' => '<string>', // REQUIRED
    'TaskId' => '<string>', // REQUIRED
    'WindowExecutionId' => '<string>', // REQUIRED
]);

Parameter Details

Members
InvocationId
Required: Yes
Type: string

The invocation ID to retrieve.

TaskId
Required: Yes
Type: string

The ID of the specific task in the maintenance window task that should be retrieved.

WindowExecutionId
Required: Yes
Type: string

The ID of the maintenance window execution for which the task is a part.

Result Syntax

[
    'EndTime' => <DateTime>,
    'ExecutionId' => '<string>',
    'InvocationId' => '<string>',
    'OwnerInformation' => '<string>',
    'Parameters' => '<string>',
    'StartTime' => <DateTime>,
    'Status' => 'PENDING|IN_PROGRESS|SUCCESS|FAILED|TIMED_OUT|CANCELLING|CANCELLED|SKIPPED_OVERLAPPING',
    'StatusDetails' => '<string>',
    'TaskExecutionId' => '<string>',
    'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA',
    'WindowExecutionId' => '<string>',
    'WindowTargetId' => '<string>',
]

Result Details

Members
EndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time that the task finished running on the target.

ExecutionId
Type: string

The execution ID.

InvocationId
Type: string

The invocation ID.

OwnerInformation
Type: string

User-provided value to be included in any Amazon CloudWatch Events or Amazon EventBridge events raised while running tasks for these targets in this maintenance window.

Parameters
Type: string

The parameters used at the time that the task ran.

StartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time that the task started running on the target.

Status
Type: string

The task status for an invocation.

StatusDetails
Type: string

The details explaining the status. Details are only available for certain status values.

TaskExecutionId
Type: string

The task execution ID.

TaskType
Type: string

Retrieves the task type for a maintenance window.

WindowExecutionId
Type: string

The maintenance window execution ID.

WindowTargetId
Type: string

The maintenance window target ID.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

GetMaintenanceWindowTask

$result = $client->getMaintenanceWindowTask([/* ... */]);
$promise = $client->getMaintenanceWindowTaskAsync([/* ... */]);

Retrieves the details of a maintenance window task.

For maintenance window tasks without a specified target, you can't supply values for --max-errors and --max-concurrency. Instead, the system inserts a placeholder value of 1, which may be reported in the response to this command. These values don't affect the running of your task and can be ignored.

To retrieve a list of tasks in a maintenance window, instead use the DescribeMaintenanceWindowTasks command.

Parameter Syntax

$result = $client->getMaintenanceWindowTask([
    'WindowId' => '<string>', // REQUIRED
    'WindowTaskId' => '<string>', // REQUIRED
]);

Parameter Details

Members
WindowId
Required: Yes
Type: string

The maintenance window ID that includes the task to retrieve.

WindowTaskId
Required: Yes
Type: string

The maintenance window task ID to retrieve.

Result Syntax

[
    'AlarmConfiguration' => [
        'Alarms' => [
            [
                'Name' => '<string>',
            ],
            // ...
        ],
        'IgnorePollAlarmFailure' => true || false,
    ],
    'CutoffBehavior' => 'CONTINUE_TASK|CANCEL_TASK',
    'Description' => '<string>',
    'LoggingInfo' => [
        'S3BucketName' => '<string>',
        'S3KeyPrefix' => '<string>',
        'S3Region' => '<string>',
    ],
    'MaxConcurrency' => '<string>',
    'MaxErrors' => '<string>',
    'Name' => '<string>',
    'Priority' => <integer>,
    'ServiceRoleArn' => '<string>',
    'Targets' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'TaskArn' => '<string>',
    'TaskInvocationParameters' => [
        'Automation' => [
            'DocumentVersion' => '<string>',
            'Parameters' => [
                '<AutomationParameterKey>' => ['<string>', ...],
                // ...
            ],
        ],
        'Lambda' => [
            'ClientContext' => '<string>',
            'Payload' => <string || resource || Psr\Http\Message\StreamInterface>,
            'Qualifier' => '<string>',
        ],
        'RunCommand' => [
            'CloudWatchOutputConfig' => [
                'CloudWatchLogGroupName' => '<string>',
                'CloudWatchOutputEnabled' => true || false,
            ],
            'Comment' => '<string>',
            'DocumentHash' => '<string>',
            'DocumentHashType' => 'Sha256|Sha1',
            'DocumentVersion' => '<string>',
            'NotificationConfig' => [
                'NotificationArn' => '<string>',
                'NotificationEvents' => ['<string>', ...],
                'NotificationType' => 'Command|Invocation',
            ],
            'OutputS3BucketName' => '<string>',
            'OutputS3KeyPrefix' => '<string>',
            'Parameters' => [
                '<ParameterName>' => ['<string>', ...],
                // ...
            ],
            'ServiceRoleArn' => '<string>',
            'TimeoutSeconds' => <integer>,
        ],
        'StepFunctions' => [
            'Input' => '<string>',
            'Name' => '<string>',
        ],
    ],
    'TaskParameters' => [
        '<MaintenanceWindowTaskParameterName>' => [
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA',
    'WindowId' => '<string>',
    'WindowTaskId' => '<string>',
]

Result Details

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The details for the CloudWatch alarm you applied to your maintenance window task.

CutoffBehavior
Type: string

The action to take on tasks when the maintenance window cutoff time is reached. CONTINUE_TASK means that tasks continue to run. For Automation, Lambda, Step Functions tasks, CANCEL_TASK means that currently running task invocations continue, but no new task invocations are started. For Run Command tasks, CANCEL_TASK means the system attempts to stop the task by sending a CancelCommand operation.

Description
Type: string

The retrieved task description.

LoggingInfo
Type: LoggingInfo structure

The location in Amazon Simple Storage Service (Amazon S3) where the task results are logged.

LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

MaxConcurrency
Type: string

The maximum number of targets allowed to run this task in parallel.

For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1, which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored.

MaxErrors
Type: string

The maximum number of errors allowed before the task stops being scheduled.

For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1, which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored.

Name
Type: string

The retrieved task name.

Priority
Type: int

The priority of the task when it runs. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.

ServiceRoleArn
Type: string

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

Targets
Type: Array of Target structures

The targets where the task should run.

TaskArn
Type: string

The resource that the task used during execution. For RUN_COMMAND and AUTOMATION task types, the value of TaskArn is the SSM document name/ARN. For LAMBDA tasks, the value is the function name/ARN. For STEP_FUNCTIONS tasks, the value is the state machine ARN.

TaskInvocationParameters

The parameters to pass to the task when it runs.

TaskParameters
Type: Associative array of custom strings keys (MaintenanceWindowTaskParameterName) to MaintenanceWindowTaskParameterValueExpression structures

The parameters to pass to the task when it runs.

TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

TaskType
Type: string

The type of task to run.

WindowId
Type: string

The retrieved maintenance window ID.

WindowTaskId
Type: string

The retrieved maintenance window task ID.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

GetOpsItem

$result = $client->getOpsItem([/* ... */]);
$promise = $client->getOpsItemAsync([/* ... */]);

Get information about an OpsItem by using the ID. You must have permission in Identity and Access Management (IAM) to view information about an OpsItem. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.

Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.

Parameter Syntax

$result = $client->getOpsItem([
    'OpsItemArn' => '<string>',
    'OpsItemId' => '<string>', // REQUIRED
]);

Parameter Details

Members
OpsItemArn
Type: string

The OpsItem Amazon Resource Name (ARN).

OpsItemId
Required: Yes
Type: string

The ID of the OpsItem that you want to get.

Result Syntax

[
    'OpsItem' => [
        'ActualEndTime' => <DateTime>,
        'ActualStartTime' => <DateTime>,
        'Category' => '<string>',
        'CreatedBy' => '<string>',
        'CreatedTime' => <DateTime>,
        'Description' => '<string>',
        'LastModifiedBy' => '<string>',
        'LastModifiedTime' => <DateTime>,
        'Notifications' => [
            [
                'Arn' => '<string>',
            ],
            // ...
        ],
        'OperationalData' => [
            '<OpsItemDataKey>' => [
                'Type' => 'SearchableString|String',
                'Value' => '<string>',
            ],
            // ...
        ],
        'OpsItemArn' => '<string>',
        'OpsItemId' => '<string>',
        'OpsItemType' => '<string>',
        'PlannedEndTime' => <DateTime>,
        'PlannedStartTime' => <DateTime>,
        'Priority' => <integer>,
        'RelatedOpsItems' => [
            [
                'OpsItemId' => '<string>',
            ],
            // ...
        ],
        'Severity' => '<string>',
        'Source' => '<string>',
        'Status' => 'Open|InProgress|Resolved|Pending|TimedOut|Cancelling|Cancelled|Failed|CompletedWithSuccess|CompletedWithFailure|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|PendingApproval|Approved|Rejected|Closed',
        'Title' => '<string>',
        'Version' => '<string>',
    ],
]

Result Details

Members
OpsItem
Type: OpsItem structure

The OpsItem.

Errors

InternalServerError:

An error occurred on the server side.

OpsItemNotFoundException:

The specified OpsItem ID doesn't exist. Verify the ID and try again.

OpsItemAccessDeniedException:

You don't have permission to view OpsItems in the specified account. Verify that your account is configured either as a Systems Manager delegated administrator or that you are logged into the Organizations management account.

GetOpsMetadata

$result = $client->getOpsMetadata([/* ... */]);
$promise = $client->getOpsMetadataAsync([/* ... */]);

View operational metadata related to an application in Application Manager.

Parameter Syntax

$result = $client->getOpsMetadata([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OpsMetadataArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

OpsMetadataArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of an OpsMetadata Object to view.

Result Syntax

[
    'Metadata' => [
        '<MetadataKey>' => [
            'Value' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
    'ResourceId' => '<string>',
]

Result Details

Members
Metadata
Type: Associative array of custom strings keys (MetadataKey) to MetadataValue structures

OpsMetadata for an Application Manager application.

NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

ResourceId
Type: string

The resource ID of the Application Manager application.

Errors

OpsMetadataNotFoundException:

The OpsMetadata object doesn't exist.

OpsMetadataInvalidArgumentException:

One of the arguments passed is invalid.

InternalServerError:

An error occurred on the server side.

GetOpsSummary

$result = $client->getOpsSummary([/* ... */]);
$promise = $client->getOpsSummaryAsync([/* ... */]);

View a summary of operations metadata (OpsData) based on specified filters and aggregators. OpsData can include information about Amazon Web Services Systems Manager OpsCenter operational workitems (OpsItems) as well as information about any Amazon Web Services resource or service configured to report OpsData to Amazon Web Services Systems Manager Explorer.

Parameter Syntax

$result = $client->getOpsSummary([
    'Aggregators' => [
        [
            'AggregatorType' => '<string>',
            'Aggregators' => [...], // RECURSIVE
            'AttributeName' => '<string>',
            'Filters' => [
                [
                    'Key' => '<string>', // REQUIRED
                    'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists',
                    'Values' => ['<string>', ...], // REQUIRED
                ],
                // ...
            ],
            'TypeName' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'Filters' => [
        [
            'Key' => '<string>', // REQUIRED
            'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists',
            'Values' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'ResultAttributes' => [
        [
            'TypeName' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'SyncName' => '<string>',
]);

Parameter Details

Members
Aggregators
Type: Array of OpsAggregator structures

Optional aggregators that return counts of OpsData based on one or more expressions.

Filters
Type: Array of OpsFilter structures

Optional filters used to scope down the returned OpsData.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

ResultAttributes
Type: Array of OpsResultAttribute structures

The OpsData data type to return.

SyncName
Type: string

Specify the name of a resource data sync to get.

Result Syntax

[
    'Entities' => [
        [
            'Data' => [
                '<OpsEntityItemKey>' => [
                    'CaptureTime' => '<string>',
                    'Content' => [
                        ['<string>', ...],
                        // ...
                    ],
                ],
                // ...
            ],
            'Id' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Entities
Type: Array of OpsEntity structures

The list of aggregated details and filtered OpsData.

NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

Errors

InternalServerError:

An error occurred on the server side.

ResourceDataSyncNotFoundException:

The specified sync name wasn't found.

InvalidFilter:

The filter name isn't valid. Verify the you entered the correct name and try again.

InvalidNextToken:

The specified token isn't valid.

InvalidTypeNameException:

The parameter type name isn't valid.

InvalidAggregatorException:

The specified aggregator isn't valid for inventory groups. Verify that the aggregator uses a valid inventory type such as AWS:Application or AWS:InstanceInformation.

GetParameter

$result = $client->getParameter([/* ... */]);
$promise = $client->getParameterAsync([/* ... */]);

Get information about a single parameter by specifying the parameter name.

To get information about more than one parameter at a time, use the GetParameters operation.

Parameter Syntax

$result = $client->getParameter([
    'Name' => '<string>', // REQUIRED
    'WithDecryption' => true || false,
]);

Parameter Details

Members
Name
Required: Yes
Type: string

The name or Amazon Resource Name (ARN) of the parameter that you want to query. For parameters shared with you from another account, you must use the full ARN.

To query by parameter label, use "Name": "name:label". To query by parameter version, use "Name": "name:version".

For more information about shared parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.

WithDecryption
Type: boolean

Return decrypted values for secure string parameters. This flag is ignored for String and StringList parameter types.

Result Syntax

[
    'Parameter' => [
        'ARN' => '<string>',
        'DataType' => '<string>',
        'LastModifiedDate' => <DateTime>,
        'Name' => '<string>',
        'Selector' => '<string>',
        'SourceResult' => '<string>',
        'Type' => 'String|StringList|SecureString',
        'Value' => '<string>',
        'Version' => <integer>,
    ],
]

Result Details

Members
Parameter
Type: Parameter structure

Information about a parameter.

Errors

InternalServerError:

An error occurred on the server side.

InvalidKeyId:

The query key ID isn't valid.

ParameterNotFound:

The parameter couldn't be found. Verify the name and try again.

ParameterVersionNotFound:

The specified parameter version wasn't found. Verify the parameter name and version, and try again.

GetParameterHistory

$result = $client->getParameterHistory([/* ... */]);
$promise = $client->getParameterHistoryAsync([/* ... */]);

Retrieves the history of all changes to a parameter.

If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must also update the key alias the parameter uses to reference KMS. Otherwise, GetParameterHistory retrieves whatever the original key alias was referencing.

Parameter Syntax

$result = $client->getParameterHistory([
    'MaxResults' => <integer>,
    'Name' => '<string>', // REQUIRED
    'NextToken' => '<string>',
    'WithDecryption' => true || false,
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

Name
Required: Yes
Type: string

The name or Amazon Resource Name (ARN) of the parameter for which you want to review history. For parameters shared with you from another account, you must use the full ARN.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

WithDecryption
Type: boolean

Return decrypted values for secure string parameters. This flag is ignored for String and StringList parameter types.

Result Syntax

[
    'NextToken' => '<string>',
    'Parameters' => [
        [
            'AllowedPattern' => '<string>',
            'DataType' => '<string>',
            'Description' => '<string>',
            'KeyId' => '<string>',
            'Labels' => ['<string>', ...],
            'LastModifiedDate' => <DateTime>,
            'LastModifiedUser' => '<string>',
            'Name' => '<string>',
            'Policies' => [
                [
                    'PolicyStatus' => '<string>',
                    'PolicyText' => '<string>',
                    'PolicyType' => '<string>',
                ],
                // ...
            ],
            'Tier' => 'Standard|Advanced|Intelligent-Tiering',
            'Type' => 'String|StringList|SecureString',
            'Value' => '<string>',
            'Version' => <integer>,
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Parameters
Type: Array of ParameterHistory structures

A list of parameters returned by the request.

Errors

InternalServerError:

An error occurred on the server side.

ParameterNotFound:

The parameter couldn't be found. Verify the name and try again.

InvalidNextToken:

The specified token isn't valid.

InvalidKeyId:

The query key ID isn't valid.

GetParameters

$result = $client->getParameters([/* ... */]);
$promise = $client->getParametersAsync([/* ... */]);

Get information about one or more parameters by specifying multiple parameter names.

To get information about a single parameter, you can use the GetParameter operation instead.

Parameter Syntax

$result = $client->getParameters([
    'Names' => ['<string>', ...], // REQUIRED
    'WithDecryption' => true || false,
]);

Parameter Details

Members
Names
Required: Yes
Type: Array of strings

The names or Amazon Resource Names (ARNs) of the parameters that you want to query. For parameters shared with you from another account, you must use the full ARNs.

To query by parameter label, use "Name": "name:label". To query by parameter version, use "Name": "name:version".

The results for GetParameters requests are listed in alphabetical order in query responses.

For information about shared parameters, see Working with shared parameters in the Amazon Web Services Systems Manager User Guide.

WithDecryption
Type: boolean

Return decrypted secure string value. Return decrypted values for secure string parameters. This flag is ignored for String and StringList parameter types.

Result Syntax

[
    'InvalidParameters' => ['<string>', ...],
    'Parameters' => [
        [
            'ARN' => '<string>',
            'DataType' => '<string>',
            'LastModifiedDate' => <DateTime>,
            'Name' => '<string>',
            'Selector' => '<string>',
            'SourceResult' => '<string>',
            'Type' => 'String|StringList|SecureString',
            'Value' => '<string>',
            'Version' => <integer>,
        ],
        // ...
    ],
]

Result Details

Members
InvalidParameters
Type: Array of strings

A list of parameters that aren't formatted correctly or don't run during an execution.

Parameters
Type: Array of Parameter structures

A list of details for a parameter.

Errors

InvalidKeyId:

The query key ID isn't valid.

InternalServerError:

An error occurred on the server side.

GetParametersByPath

$result = $client->getParametersByPath([/* ... */]);
$promise = $client->getParametersByPathAsync([/* ... */]);

Retrieve information about one or more parameters in a specific hierarchy.

Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults. If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken. You can specify the NextToken in a subsequent call to get the next set of results.

Parameter Syntax

$result = $client->getParametersByPath([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'ParameterFilters' => [
        [
            'Key' => '<string>', // REQUIRED
            'Option' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'Path' => '<string>', // REQUIRED
    'Recursive' => true || false,
    'WithDecryption' => true || false,
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

ParameterFilters
Type: Array of ParameterStringFilter structures

Filters to limit the request results.

The following Key values are supported for GetParametersByPath: Type, KeyId, and Label.

The following Key values aren't supported for GetParametersByPath: tag, DataType, Name, Path, and Tier.

Path
Required: Yes
Type: string

The hierarchy for the parameter. Hierarchies start with a forward slash (/). The hierarchy is the parameter name except the last part of the parameter. For the API call to succeed, the last part of the parameter name can't be in the path. A parameter name hierarchy can have a maximum of 15 levels. Here is an example of a hierarchy: /Finance/Prod/IAD/WinServ2016/license33

Recursive
Type: boolean

Retrieve all parameters within a hierarchy.

If a user has access to a path, then the user can access all levels of that path. For example, if a user has permission to access path /a, then the user can also access /a/b. Even if a user has explicitly been denied access in IAM for parameter /a/b, they can still call the GetParametersByPath API operation recursively for /a and view /a/b.

WithDecryption
Type: boolean

Retrieve all parameters in a hierarchy with their value decrypted.

Result Syntax

[
    'NextToken' => '<string>',
    'Parameters' => [
        [
            'ARN' => '<string>',
            'DataType' => '<string>',
            'LastModifiedDate' => <DateTime>,
            'Name' => '<string>',
            'Selector' => '<string>',
            'SourceResult' => '<string>',
            'Type' => 'String|StringList|SecureString',
            'Value' => '<string>',
            'Version' => <integer>,
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

Parameters
Type: Array of Parameter structures

A list of parameters found in the specified hierarchy.

Errors

InternalServerError:

An error occurred on the server side.

InvalidFilterKey:

The specified key isn't valid.

InvalidFilterOption:

The specified filter option isn't valid. Valid options are Equals and BeginsWith. For Path filter, valid options are Recursive and OneLevel.

InvalidFilterValue:

The filter value isn't valid. Verify the value and try again.

InvalidKeyId:

The query key ID isn't valid.

InvalidNextToken:

The specified token isn't valid.

GetPatchBaseline

$result = $client->getPatchBaseline([/* ... */]);
$promise = $client->getPatchBaselineAsync([/* ... */]);

Retrieves information about a patch baseline.

Parameter Syntax

$result = $client->getPatchBaseline([
    'BaselineId' => '<string>', // REQUIRED
]);

Parameter Details

Members
BaselineId
Required: Yes
Type: string

The ID of the patch baseline to retrieve.

To retrieve information about an Amazon Web Services managed patch baseline, specify the full Amazon Resource Name (ARN) of the baseline. For example, for the baseline AWS-AmazonLinuxDefaultPatchBaseline, specify arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0e392de35e7c563b7 instead of pb-0e392de35e7c563b7.

Result Syntax

[
    'ApprovalRules' => [
        'PatchRules' => [
            [
                'ApproveAfterDays' => <integer>,
                'ApproveUntilDate' => '<string>',
                'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED',
                'EnableNonSecurity' => true || false,
                'PatchFilterGroup' => [
                    'PatchFilters' => [
                        [
                            'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION',
                            'Values' => ['<string>', ...],
                        ],
                        // ...
                    ],
                ],
            ],
            // ...
        ],
    ],
    'ApprovedPatches' => ['<string>', ...],
    'ApprovedPatchesComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED',
    'ApprovedPatchesEnableNonSecurity' => true || false,
    'BaselineId' => '<string>',
    'CreatedDate' => <DateTime>,
    'Description' => '<string>',
    'GlobalFilters' => [
        'PatchFilters' => [
            [
                'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION',
                'Values' => ['<string>', ...],
            ],
            // ...
        ],
    ],
    'ModifiedDate' => <DateTime>,
    'Name' => '<string>',
    'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023',
    'PatchGroups' => ['<string>', ...],
    'RejectedPatches' => ['<string>', ...],
    'RejectedPatchesAction' => 'ALLOW_AS_DEPENDENCY|BLOCK',
    'Sources' => [
        [
            'Configuration' => '<string>',
            'Name' => '<string>',
            'Products' => ['<string>', ...],
        ],
        // ...
    ],
]

Result Details

Members
ApprovalRules
Type: PatchRuleGroup structure

A set of rules used to include patches in the baseline.

ApprovedPatches
Type: Array of strings

A list of explicitly approved patches for the baseline.

ApprovedPatchesComplianceLevel
Type: string

Returns the specified compliance severity level for approved patches in the patch baseline.

ApprovedPatchesEnableNonSecurity
Type: boolean

Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is false. Applies to Linux managed nodes only.

BaselineId
Type: string

The ID of the retrieved patch baseline.

CreatedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the patch baseline was created.

Description
Type: string

A description of the patch baseline.

GlobalFilters
Type: PatchFilterGroup structure

A set of global filters used to exclude patches from the baseline.

ModifiedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the patch baseline was last modified.

Name
Type: string

The name of the patch baseline.

OperatingSystem
Type: string

Returns the operating system specified for the patch baseline.

PatchGroups
Type: Array of strings

Patch groups included in the patch baseline.

RejectedPatches
Type: Array of strings

A list of explicitly rejected patches for the baseline.

RejectedPatchesAction
Type: string

The action specified to take on patches included in the RejectedPatches list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency.

Sources
Type: Array of PatchSource structures

Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InvalidResourceId:

The resource ID isn't valid. Verify that you entered the correct ID and try again.

InternalServerError:

An error occurred on the server side.

GetPatchBaselineForPatchGroup

$result = $client->getPatchBaselineForPatchGroup([/* ... */]);
$promise = $client->getPatchBaselineForPatchGroupAsync([/* ... */]);

Retrieves the patch baseline that should be used for the specified patch group.

Parameter Syntax

$result = $client->getPatchBaselineForPatchGroup([
    'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023',
    'PatchGroup' => '<string>', // REQUIRED
]);

Parameter Details

Members
OperatingSystem
Type: string

Returns the operating system rule specified for patch groups using the patch baseline.

PatchGroup
Required: Yes
Type: string

The name of the patch group whose patch baseline should be retrieved.

Result Syntax

[
    'BaselineId' => '<string>',
    'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023',
    'PatchGroup' => '<string>',
]

Result Details

Members
BaselineId
Type: string

The ID of the patch baseline that should be used for the patch group.

OperatingSystem
Type: string

The operating system rule specified for patch groups using the patch baseline.

PatchGroup
Type: string

The name of the patch group.

Errors

InternalServerError:

An error occurred on the server side.

GetResourcePolicies

$result = $client->getResourcePolicies([/* ... */]);
$promise = $client->getResourcePoliciesAsync([/* ... */]);

Returns an array of the Policy object.

Parameter Syntax

$result = $client->getResourcePolicies([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'ResourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

ResourceArn
Required: Yes
Type: string

Amazon Resource Name (ARN) of the resource to which the policies are attached.

Result Syntax

[
    'NextToken' => '<string>',
    'Policies' => [
        [
            'Policy' => '<string>',
            'PolicyHash' => '<string>',
            'PolicyId' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

Policies
Type: Array of GetResourcePoliciesResponseEntry structures

An array of the Policy object.

Errors

InternalServerError:

An error occurred on the server side.

ResourcePolicyInvalidParameterException:

One or more parameters specified for the call aren't valid. Verify the parameters and their values and try again.

ResourceNotFoundException:

The specified parameter to be shared could not be found.

GetServiceSetting

$result = $client->getServiceSetting([/* ... */]);
$promise = $client->getServiceSettingAsync([/* ... */]);

ServiceSetting is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of false. This means the user can't use this feature unless they change the setting to true and intentionally opt in for a paid feature.

Services map a SettingId object to a setting value. Amazon Web Services services teams define the default value for a SettingId. You can't create a new SettingId, but you can overwrite the default value if you have the ssm:UpdateServiceSetting permission for the setting. Use the UpdateServiceSetting API operation to change the default setting. Or use the ResetServiceSetting to change the value back to the original value defined by the Amazon Web Services service team.

Query the current service setting for the Amazon Web Services account.

Parameter Syntax

$result = $client->getServiceSetting([
    'SettingId' => '<string>', // REQUIRED
]);

Parameter Details

Members
SettingId
Required: Yes
Type: string

The ID of the service setting to get. The setting ID can be one of the following.

  • /ssm/managed-instance/default-ec2-instance-management-role

  • /ssm/automation/customer-script-log-destination

  • /ssm/automation/customer-script-log-group-name

  • /ssm/documents/console/public-sharing-permission

  • /ssm/managed-instance/activation-tier

  • /ssm/opsinsights/opscenter

  • /ssm/parameter-store/default-parameter-tier

  • /ssm/parameter-store/high-throughput-enabled

Result Syntax

[
    'ServiceSetting' => [
        'ARN' => '<string>',
        'LastModifiedDate' => <DateTime>,
        'LastModifiedUser' => '<string>',
        'SettingId' => '<string>',
        'SettingValue' => '<string>',
        'Status' => '<string>',
    ],
]

Result Details

Members
ServiceSetting
Type: ServiceSetting structure

The query result of the current service setting.

Errors

InternalServerError:

An error occurred on the server side.

ServiceSettingNotFound:

The specified service setting wasn't found. Either the service name or the setting hasn't been provisioned by the Amazon Web Services service team.

LabelParameterVersion

$result = $client->labelParameterVersion([/* ... */]);
$promise = $client->labelParameterVersionAsync([/* ... */]);

A parameter label is a user-defined alias to help you manage different versions of a parameter. When you modify a parameter, Amazon Web Services Systems Manager automatically saves a new version and increments the version number by one. A label can help you remember the purpose of a parameter when there are multiple versions.

Parameter labels have the following requirements and restrictions.

  • A version of a parameter can have a maximum of 10 labels.

  • You can't attach the same label to different versions of the same parameter. For example, if version 1 has the label Production, then you can't attach Production to version 2.

  • You can move a label from one version of a parameter to another.

  • You can't create a label when you create a new parameter. You must attach a label to a specific version of a parameter.

  • If you no longer want to use a parameter label, then you can either delete it or move it to a different version of a parameter.

  • A label can have a maximum of 100 characters.

  • Labels can contain letters (case sensitive), numbers, periods (.), hyphens (-), or underscores (_).

  • Labels can't begin with a number, "aws" or "ssm" (not case sensitive). If a label fails to meet these requirements, then the label isn't associated with a parameter and the system displays it in the list of InvalidLabels.

Parameter Syntax

$result = $client->labelParameterVersion([
    'Labels' => ['<string>', ...], // REQUIRED
    'Name' => '<string>', // REQUIRED
    'ParameterVersion' => <integer>,
]);

Parameter Details

Members
Labels
Required: Yes
Type: Array of strings

One or more labels to attach to the specified parameter version.

Name
Required: Yes
Type: string

The parameter name on which you want to attach one or more labels.

You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.

ParameterVersion
Type: long (int|float)

The specific version of the parameter on which you want to attach one or more labels. If no version is specified, the system attaches the label to the latest version.

Result Syntax

[
    'InvalidLabels' => ['<string>', ...],
    'ParameterVersion' => <integer>,
]

Result Details

Members
InvalidLabels
Type: Array of strings

The label doesn't meet the requirements. For information about parameter label requirements, see Working with parameter labels in the Amazon Web Services Systems Manager User Guide.

ParameterVersion
Type: long (int|float)

The version of the parameter that has been labeled.

Errors

InternalServerError:

An error occurred on the server side.

TooManyUpdates:

There are concurrent updates for a resource that supports one update at a time.

ParameterNotFound:

The parameter couldn't be found. Verify the name and try again.

ParameterVersionNotFound:

The specified parameter version wasn't found. Verify the parameter name and version, and try again.

ParameterVersionLabelLimitExceeded:

A parameter version can have a maximum of ten labels.

ListAssociationVersions

$result = $client->listAssociationVersions([/* ... */]);
$promise = $client->listAssociationVersionsAsync([/* ... */]);

Retrieves all versions of an association for a specific association ID.

Parameter Syntax

$result = $client->listAssociationVersions([
    'AssociationId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
AssociationId
Required: Yes
Type: string

The association ID for which you want to view all versions.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

Result Syntax

[
    'AssociationVersions' => [
        [
            'ApplyOnlyAtCronInterval' => true || false,
            'AssociationId' => '<string>',
            'AssociationName' => '<string>',
            'AssociationVersion' => '<string>',
            'CalendarNames' => ['<string>', ...],
            'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED',
            'CreatedDate' => <DateTime>,
            'DocumentVersion' => '<string>',
            'Duration' => <integer>,
            'MaxConcurrency' => '<string>',
            'MaxErrors' => '<string>',
            'Name' => '<string>',
            'OutputLocation' => [
                'S3Location' => [
                    'OutputS3BucketName' => '<string>',
                    'OutputS3KeyPrefix' => '<string>',
                    'OutputS3Region' => '<string>',
                ],
            ],
            'Parameters' => [
                '<ParameterName>' => ['<string>', ...],
                // ...
            ],
            'ScheduleExpression' => '<string>',
            'ScheduleOffset' => <integer>,
            'SyncCompliance' => 'AUTO|MANUAL',
            'TargetLocations' => [
                [
                    'Accounts' => ['<string>', ...],
                    'ExcludeAccounts' => ['<string>', ...],
                    'ExecutionRoleName' => '<string>',
                    'IncludeChildOrganizationUnits' => true || false,
                    'Regions' => ['<string>', ...],
                    'TargetLocationAlarmConfiguration' => [
                        'Alarms' => [
                            [
                                'Name' => '<string>',
                            ],
                            // ...
                        ],
                        'IgnorePollAlarmFailure' => true || false,
                    ],
                    'TargetLocationMaxConcurrency' => '<string>',
                    'TargetLocationMaxErrors' => '<string>',
                    'Targets' => [
                        [
                            'Key' => '<string>',
                            'Values' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'TargetsMaxConcurrency' => '<string>',
                    'TargetsMaxErrors' => '<string>',
                ],
                // ...
            ],
            'TargetMaps' => [
                [
                    '<TargetMapKey>' => ['<string>', ...],
                    // ...
                ],
                // ...
            ],
            'Targets' => [
                [
                    'Key' => '<string>',
                    'Values' => ['<string>', ...],
                ],
                // ...
            ],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
AssociationVersions
Type: Array of AssociationVersionInfo structures

Information about all versions of the association for the specified association ID.

NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

Errors

InternalServerError:

An error occurred on the server side.

InvalidNextToken:

The specified token isn't valid.

AssociationDoesNotExist:

The specified association doesn't exist.

ListAssociations

$result = $client->listAssociations([/* ... */]);
$promise = $client->listAssociationsAsync([/* ... */]);

Returns all State Manager associations in the current Amazon Web Services account and Amazon Web Services Region. You can limit the results to a specific State Manager association document or managed node by specifying a filter. State Manager is a capability of Amazon Web Services Systems Manager.

Parameter Syntax

$result = $client->listAssociations([
    'AssociationFilterList' => [
        [
            'key' => 'InstanceId|Name|AssociationId|AssociationStatusName|LastExecutedBefore|LastExecutedAfter|AssociationName|ResourceGroupName', // REQUIRED
            'value' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
AssociationFilterList
Type: Array of AssociationFilter structures

One or more filters. Use a filter to return a more specific list of results.

Filtering associations using the InstanceID attribute only returns legacy associations created using the InstanceID attribute. Associations targeting the managed node that are part of the Target Attributes ResourceGroup or Tags aren't returned.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'Associations' => [
        [
            'AssociationId' => '<string>',
            'AssociationName' => '<string>',
            'AssociationVersion' => '<string>',
            'DocumentVersion' => '<string>',
            'Duration' => <integer>,
            'InstanceId' => '<string>',
            'LastExecutionDate' => <DateTime>,
            'Name' => '<string>',
            'Overview' => [
                'AssociationStatusAggregatedCount' => [<integer>, ...],
                'DetailedStatus' => '<string>',
                'Status' => '<string>',
            ],
            'ScheduleExpression' => '<string>',
            'ScheduleOffset' => <integer>,
            'TargetMaps' => [
                [
                    '<TargetMapKey>' => ['<string>', ...],
                    // ...
                ],
                // ...
            ],
            'Targets' => [
                [
                    'Key' => '<string>',
                    'Values' => ['<string>', ...],
                ],
                // ...
            ],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Associations
Type: Array of Association structures

The associations.

NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Errors

InternalServerError:

An error occurred on the server side.

InvalidNextToken:

The specified token isn't valid.

ListCommandInvocations

$result = $client->listCommandInvocations([/* ... */]);
$promise = $client->listCommandInvocationsAsync([/* ... */]);

An invocation is copy of a command sent to a specific managed node. A command can apply to one or more managed nodes. A command invocation applies to one managed node. For example, if a user runs SendCommand against three managed nodes, then a command invocation is created for each requested managed node ID. ListCommandInvocations provide status about command execution.

Parameter Syntax

$result = $client->listCommandInvocations([
    'CommandId' => '<string>',
    'Details' => true || false,
    'Filters' => [
        [
            'key' => 'InvokedAfter|InvokedBefore|Status|ExecutionStage|DocumentName', // REQUIRED
            'value' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'InstanceId' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
CommandId
Type: string

(Optional) The invocations for a specific command ID.

Details
Type: boolean

(Optional) If set this returns the response of the command executions and any command output. The default value is false.

Filters
Type: Array of CommandFilter structures

(Optional) One or more filters. Use a filter to return a more specific list of results.

InstanceId
Type: string

(Optional) The command execution details for a specific managed node ID.

MaxResults
Type: int

(Optional) The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

(Optional) The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'CommandInvocations' => [
        [
            'CloudWatchOutputConfig' => [
                'CloudWatchLogGroupName' => '<string>',
                'CloudWatchOutputEnabled' => true || false,
            ],
            'CommandId' => '<string>',
            'CommandPlugins' => [
                [
                    'Name' => '<string>',
                    'Output' => '<string>',
                    'OutputS3BucketName' => '<string>',
                    'OutputS3KeyPrefix' => '<string>',
                    'OutputS3Region' => '<string>',
                    'ResponseCode' => <integer>,
                    'ResponseFinishDateTime' => <DateTime>,
                    'ResponseStartDateTime' => <DateTime>,
                    'StandardErrorUrl' => '<string>',
                    'StandardOutputUrl' => '<string>',
                    'Status' => 'Pending|InProgress|Success|TimedOut|Cancelled|Failed',
                    'StatusDetails' => '<string>',
                ],
                // ...
            ],
            'Comment' => '<string>',
            'DocumentName' => '<string>',
            'DocumentVersion' => '<string>',
            'InstanceId' => '<string>',
            'InstanceName' => '<string>',
            'NotificationConfig' => [
                'NotificationArn' => '<string>',
                'NotificationEvents' => ['<string>', ...],
                'NotificationType' => 'Command|Invocation',
            ],
            'RequestedDateTime' => <DateTime>,
            'ServiceRole' => '<string>',
            'StandardErrorUrl' => '<string>',
            'StandardOutputUrl' => '<string>',
            'Status' => 'Pending|InProgress|Delayed|Success|Cancelled|TimedOut|Failed|Cancelling',
            'StatusDetails' => '<string>',
            'TraceOutput' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
CommandInvocations
Type: Array of CommandInvocation structures

(Optional) A list of all invocations.

NextToken
Type: string

(Optional) The token for the next set of items to return. (You received this token from a previous call.)

Errors

InternalServerError:

An error occurred on the server side.

InvalidCommandId:

The specified command ID isn't valid. Verify the ID and try again.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InvalidFilterKey:

The specified key isn't valid.

InvalidNextToken:

The specified token isn't valid.

ListCommands

$result = $client->listCommands([/* ... */]);
$promise = $client->listCommandsAsync([/* ... */]);

Lists the commands requested by users of the Amazon Web Services account.

Parameter Syntax

$result = $client->listCommands([
    'CommandId' => '<string>',
    'Filters' => [
        [
            'key' => 'InvokedAfter|InvokedBefore|Status|ExecutionStage|DocumentName', // REQUIRED
            'value' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'InstanceId' => '<string>',
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
CommandId
Type: string

(Optional) If provided, lists only the specified command.

Filters
Type: Array of CommandFilter structures

(Optional) One or more filters. Use a filter to return a more specific list of results.

InstanceId
Type: string

(Optional) Lists commands issued against this managed node ID.

You can't specify a managed node ID in the same command that you specify Status = Pending. This is because the command hasn't reached the managed node yet.

MaxResults
Type: int

(Optional) The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

(Optional) The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'Commands' => [
        [
            'AlarmConfiguration' => [
                'Alarms' => [
                    [
                        'Name' => '<string>',
                    ],
                    // ...
                ],
                'IgnorePollAlarmFailure' => true || false,
            ],
            'CloudWatchOutputConfig' => [
                'CloudWatchLogGroupName' => '<string>',
                'CloudWatchOutputEnabled' => true || false,
            ],
            'CommandId' => '<string>',
            'Comment' => '<string>',
            'CompletedCount' => <integer>,
            'DeliveryTimedOutCount' => <integer>,
            'DocumentName' => '<string>',
            'DocumentVersion' => '<string>',
            'ErrorCount' => <integer>,
            'ExpiresAfter' => <DateTime>,
            'InstanceIds' => ['<string>', ...],
            'MaxConcurrency' => '<string>',
            'MaxErrors' => '<string>',
            'NotificationConfig' => [
                'NotificationArn' => '<string>',
                'NotificationEvents' => ['<string>', ...],
                'NotificationType' => 'Command|Invocation',
            ],
            'OutputS3BucketName' => '<string>',
            'OutputS3KeyPrefix' => '<string>',
            'OutputS3Region' => '<string>',
            'Parameters' => [
                '<ParameterName>' => ['<string>', ...],
                // ...
            ],
            'RequestedDateTime' => <DateTime>,
            'ServiceRole' => '<string>',
            'Status' => 'Pending|InProgress|Success|Cancelled|Failed|TimedOut|Cancelling',
            'StatusDetails' => '<string>',
            'TargetCount' => <integer>,
            'Targets' => [
                [
                    'Key' => '<string>',
                    'Values' => ['<string>', ...],
                ],
                // ...
            ],
            'TimeoutSeconds' => <integer>,
            'TriggeredAlarms' => [
                [
                    'Name' => '<string>',
                    'State' => 'UNKNOWN|ALARM',
                ],
                // ...
            ],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
Commands
Type: Array of Command structures

(Optional) The list of commands requested by the user.

NextToken
Type: string

(Optional) The token for the next set of items to return. (You received this token from a previous call.)

Errors

InternalServerError:

An error occurred on the server side.

InvalidCommandId:

The specified command ID isn't valid. Verify the ID and try again.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InvalidFilterKey:

The specified key isn't valid.

InvalidNextToken:

The specified token isn't valid.

ListComplianceItems

$result = $client->listComplianceItems([/* ... */]);
$promise = $client->listComplianceItemsAsync([/* ... */]);

For a specified resource ID, this API operation returns a list of compliance statuses for different resource types. Currently, you can only specify one resource ID per call. List results depend on the criteria specified in the filter.

Parameter Syntax

$result = $client->listComplianceItems([
    'Filters' => [
        [
            'Key' => '<string>',
            'Type' => 'EQUAL|NOT_EQUAL|BEGIN_WITH|LESS_THAN|GREATER_THAN',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'ResourceIds' => ['<string>', ...],
    'ResourceTypes' => ['<string>', ...],
]);

Parameter Details

Members
Filters
Type: Array of ComplianceStringFilter structures

One or more compliance filters. Use a filter to return a more specific list of results.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

ResourceIds
Type: Array of strings

The ID for the resources from which to get compliance information. Currently, you can only specify one resource ID.

ResourceTypes
Type: Array of strings

The type of resource from which to get compliance information. Currently, the only supported resource type is ManagedInstance.

Result Syntax

[
    'ComplianceItems' => [
        [
            'ComplianceType' => '<string>',
            'Details' => ['<string>', ...],
            'ExecutionSummary' => [
                'ExecutionId' => '<string>',
                'ExecutionTime' => <DateTime>,
                'ExecutionType' => '<string>',
            ],
            'Id' => '<string>',
            'ResourceId' => '<string>',
            'ResourceType' => '<string>',
            'Severity' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED',
            'Status' => 'COMPLIANT|NON_COMPLIANT',
            'Title' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
ComplianceItems
Type: Array of ComplianceItem structures

A list of compliance information for the specified resource ID.

NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

Errors

InvalidResourceType:

The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.

InvalidResourceId:

The resource ID isn't valid. Verify that you entered the correct ID and try again.

InternalServerError:

An error occurred on the server side.

InvalidFilter:

The filter name isn't valid. Verify the you entered the correct name and try again.

InvalidNextToken:

The specified token isn't valid.

ListComplianceSummaries

$result = $client->listComplianceSummaries([/* ... */]);
$promise = $client->listComplianceSummariesAsync([/* ... */]);

Returns a summary count of compliant and non-compliant resources for a compliance type. For example, this call can return State Manager associations, patches, or custom compliance types according to the filter criteria that you specify.

Parameter Syntax

$result = $client->listComplianceSummaries([
    'Filters' => [
        [
            'Key' => '<string>',
            'Type' => 'EQUAL|NOT_EQUAL|BEGIN_WITH|LESS_THAN|GREATER_THAN',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of ComplianceStringFilter structures

One or more compliance or inventory filters. Use a filter to return a more specific list of results.

MaxResults
Type: int

The maximum number of items to return for this call. Currently, you can specify null or 50. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

Result Syntax

[
    'ComplianceSummaryItems' => [
        [
            'ComplianceType' => '<string>',
            'CompliantSummary' => [
                'CompliantCount' => <integer>,
                'SeveritySummary' => [
                    'CriticalCount' => <integer>,
                    'HighCount' => <integer>,
                    'InformationalCount' => <integer>,
                    'LowCount' => <integer>,
                    'MediumCount' => <integer>,
                    'UnspecifiedCount' => <integer>,
                ],
            ],
            'NonCompliantSummary' => [
                'NonCompliantCount' => <integer>,
                'SeveritySummary' => [
                    'CriticalCount' => <integer>,
                    'HighCount' => <integer>,
                    'InformationalCount' => <integer>,
                    'LowCount' => <integer>,
                    'MediumCount' => <integer>,
                    'UnspecifiedCount' => <integer>,
                ],
            ],
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
ComplianceSummaryItems
Type: Array of ComplianceSummaryItem structures

A list of compliant and non-compliant summary counts based on compliance types. For example, this call returns State Manager associations, patches, or custom compliance types according to the filter criteria that you specified.

NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

Errors

InvalidFilter:

The filter name isn't valid. Verify the you entered the correct name and try again.

InvalidNextToken:

The specified token isn't valid.

InternalServerError:

An error occurred on the server side.

ListDocumentMetadataHistory

$result = $client->listDocumentMetadataHistory([/* ... */]);
$promise = $client->listDocumentMetadataHistoryAsync([/* ... */]);

Information about approval reviews for a version of a change template in Change Manager.

Parameter Syntax

$result = $client->listDocumentMetadataHistory([
    'DocumentVersion' => '<string>',
    'MaxResults' => <integer>,
    'Metadata' => 'DocumentReviews', // REQUIRED
    'Name' => '<string>', // REQUIRED
    'NextToken' => '<string>',
]);

Parameter Details

Members
DocumentVersion
Type: string

The version of the change template.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

Metadata
Required: Yes
Type: string

The type of data for which details are being requested. Currently, the only supported value is DocumentReviews.

Name
Required: Yes
Type: string

The name of the change template.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'Author' => '<string>',
    'DocumentVersion' => '<string>',
    'Metadata' => [
        'ReviewerResponse' => [
            [
                'Comment' => [
                    [
                        'Content' => '<string>',
                        'Type' => 'Comment',
                    ],
                    // ...
                ],
                'CreateTime' => <DateTime>,
                'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED',
                'Reviewer' => '<string>',
                'UpdatedTime' => <DateTime>,
            ],
            // ...
        ],
    ],
    'Name' => '<string>',
    'NextToken' => '<string>',
]

Result Details

Members
Author
Type: string

The user ID of the person in the organization who requested the review of the change template.

DocumentVersion
Type: string

The version of the change template.

Metadata

Information about the response to the change template approval request.

Name
Type: string

The name of the change template.

NextToken
Type: string

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

Errors

InternalServerError:

An error occurred on the server side.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidDocumentVersion:

The document version isn't valid or doesn't exist.

InvalidNextToken:

The specified token isn't valid.

ListDocumentVersions

$result = $client->listDocumentVersions([/* ... */]);
$promise = $client->listDocumentVersionsAsync([/* ... */]);

List all versions for a document.

Parameter Syntax

$result = $client->listDocumentVersions([
    'MaxResults' => <integer>,
    'Name' => '<string>', // REQUIRED
    'NextToken' => '<string>',
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

Name
Required: Yes
Type: string

The name of the document. You can specify an Amazon Resource Name (ARN).

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'DocumentVersions' => [
        [
            'CreatedDate' => <DateTime>,
            'DisplayName' => '<string>',
            'DocumentFormat' => 'YAML|JSON|TEXT',
            'DocumentVersion' => '<string>',
            'IsDefaultVersion' => true || false,
            'Name' => '<string>',
            'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED',
            'Status' => 'Creating|Active|Updating|Deleting|Failed',
            'StatusInformation' => '<string>',
            'VersionName' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
DocumentVersions
Type: Array of DocumentVersionInfo structures

The document versions.

NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Errors

InternalServerError:

An error occurred on the server side.

InvalidNextToken:

The specified token isn't valid.

InvalidDocument:

The specified SSM document doesn't exist.

ListDocuments

$result = $client->listDocuments([/* ... */]);
$promise = $client->listDocumentsAsync([/* ... */]);

Returns all Systems Manager (SSM) documents in the current Amazon Web Services account and Amazon Web Services Region. You can limit the results of this request by using a filter.

Parameter Syntax

$result = $client->listDocuments([
    'DocumentFilterList' => [
        [
            'key' => 'Name|Owner|PlatformTypes|DocumentType', // REQUIRED
            'value' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'Filters' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
DocumentFilterList
Type: Array of DocumentFilter structures

This data type is deprecated. Instead, use Filters.

Filters
Type: Array of DocumentKeyValuesFilter structures

One or more DocumentKeyValuesFilter objects. Use a filter to return a more specific list of results. For keys, you can specify one or more key-value pair tags that have been applied to a document. Other valid keys include Owner, Name, PlatformTypes, DocumentType, and TargetType. For example, to return documents you own use Key=Owner,Values=Self. To specify a custom key-value pair, use the format Key=tag:tagName,Values=valueName.

This API operation only supports filtering documents by using a single tag key and one or more tag values. For example: Key=tag:tagName,Values=valueName1,valueName2

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

Result Syntax

[
    'DocumentIdentifiers' => [
        [
            'Author' => '<string>',
            'CreatedDate' => <DateTime>,
            'DisplayName' => '<string>',
            'DocumentFormat' => 'YAML|JSON|TEXT',
            'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup',
            'DocumentVersion' => '<string>',
            'Name' => '<string>',
            'Owner' => '<string>',
            'PlatformTypes' => ['<string>', ...],
            'Requires' => [
                [
                    'Name' => '<string>',
                    'RequireType' => '<string>',
                    'Version' => '<string>',
                    'VersionName' => '<string>',
                ],
                // ...
            ],
            'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED',
            'SchemaVersion' => '<string>',
            'Tags' => [
                [
                    'Key' => '<string>',
                    'Value' => '<string>',
                ],
                // ...
            ],
            'TargetType' => '<string>',
            'VersionName' => '<string>',
        ],
        // ...
    ],
    'NextToken' => '<string>',
]

Result Details

Members
DocumentIdentifiers
Type: Array of DocumentIdentifier structures

The names of the SSM documents.

NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

Errors

InternalServerError:

An error occurred on the server side.

InvalidNextToken:

The specified token isn't valid.

InvalidFilterKey:

The specified key isn't valid.

ListInventoryEntries

$result = $client->listInventoryEntries([/* ... */]);
$promise = $client->listInventoryEntriesAsync([/* ... */]);

A list of inventory items returned by the request.

Parameter Syntax

$result = $client->listInventoryEntries([
    'Filters' => [
        [
            'Key' => '<string>', // REQUIRED
            'Type' => 'Equal|NotEqual|BeginWith|LessThan|GreaterThan|Exists',
            'Values' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'InstanceId' => '<string>', // REQUIRED
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'TypeName' => '<string>', // REQUIRED
]);

Parameter Details

Members
Filters
Type: Array of InventoryFilter structures

One or more filters. Use a filter to return a more specific list of results.

InstanceId
Required: Yes
Type: string

The managed node ID for which you want inventory information.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

TypeName
Required: Yes
Type: string

The type of inventory item for which you want information.

Result Syntax

[
    'CaptureTime' => '<string>',
    'Entries' => [
        ['<string>', ...],
        // ...
    ],
    'InstanceId' => '<string>',
    'NextToken' => '<string>',
    'SchemaVersion' => '<string>',
    'TypeName' => '<string>',
]

Result Details

Members
CaptureTime
Type: string

The time that inventory information was collected for the managed nodes.

Entries
Type: Array of stringss

A list of inventory items on the managed nodes.

InstanceId
Type: string

The managed node ID targeted by the request to query inventory information.

NextToken
Type: string

The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

SchemaVersion
Type: string

The inventory schema version used by the managed nodes.

TypeName
Type: string

The type of inventory item returned by the request.

Errors

InternalServerError:

An error occurred on the server side.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InvalidTypeNameException:

The parameter type name isn't valid.

InvalidFilter:

The filter name isn't valid. Verify the you entered the correct name and try again.

InvalidNextToken:

The specified token isn't valid.

ListOpsItemEvents

$result = $client->listOpsItemEvents([/* ... */]);
$promise = $client->listOpsItemEventsAsync([/* ... */]);

Returns a list of all OpsItem events in the current Amazon Web Services Region and Amazon Web Services account. You can limit the results to events associated with specific OpsItems by specifying a filter.

Parameter Syntax

$result = $client->listOpsItemEvents([
    'Filters' => [
        [
            'Key' => 'OpsItemId', // REQUIRED
            'Operator' => 'Equal', // REQUIRED
            'Values' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of OpsItemEventFilter structures

One or more OpsItem filters. Use a filter to return a more specific list of results.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

Result Syntax

[
    'NextToken' => '<string>',
    'Summaries' => [
        [
            'CreatedBy' => [
                'Arn' => '<string>',
            ],
            'CreatedTime' => <DateTime>,
            'Detail' => '<string>',
            'DetailType' => '<string>',
            'EventId' => '<string>',
            'OpsItemId' => '<string>',
            'Source' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

Summaries
Type: Array of OpsItemEventSummary structures

A list of event information for the specified OpsItems.

Errors

InternalServerError:

An error occurred on the server side.

OpsItemNotFoundException:

The specified OpsItem ID doesn't exist. Verify the ID and try again.

OpsItemLimitExceededException:

The request caused OpsItems to exceed one or more quotas.

OpsItemInvalidParameterException:

A specified parameter argument isn't valid. Verify the available arguments and try again.

ListOpsItemRelatedItems

$result = $client->listOpsItemRelatedItems([/* ... */]);
$promise = $client->listOpsItemRelatedItemsAsync([/* ... */]);

Lists all related-item resources associated with a Systems Manager OpsCenter OpsItem. OpsCenter is a capability of Amazon Web Services Systems Manager.

Parameter Syntax

$result = $client->listOpsItemRelatedItems([
    'Filters' => [
        [
            'Key' => 'ResourceType|AssociationId|ResourceUri', // REQUIRED
            'Operator' => 'Equal', // REQUIRED
            'Values' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'OpsItemId' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of OpsItemRelatedItemsFilter structures

One or more OpsItem filters. Use a filter to return a more specific list of results.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

The token for the next set of items to return. (You received this token from a previous call.)

OpsItemId
Type: string

The ID of the OpsItem for which you want to list all related-item resources.

Result Syntax

[
    'NextToken' => '<string>',
    'Summaries' => [
        [
            'AssociationId' => '<string>',
            'AssociationType' => '<string>',
            'CreatedBy' => [
                'Arn' => '<string>',
            ],
            'CreatedTime' => <DateTime>,
            'LastModifiedBy' => [
                'Arn' => '<string>',
            ],
            'LastModifiedTime' => <DateTime>,
            'OpsItemId' => '<string>',
            'ResourceType' => '<string>',
            'ResourceUri' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

Summaries
Type: Array of OpsItemRelatedItemSummary structures

A list of related-item resources for the specified OpsItem.

Errors

InternalServerError:

An error occurred on the server side.

OpsItemInvalidParameterException:

A specified parameter argument isn't valid. Verify the available arguments and try again.

ListOpsMetadata

$result = $client->listOpsMetadata([/* ... */]);
$promise = $client->listOpsMetadataAsync([/* ... */]);

Amazon Web Services Systems Manager calls this API operation when displaying all Application Manager OpsMetadata objects or blobs.

Parameter Syntax

$result = $client->listOpsMetadata([
    'Filters' => [
        [
            'Key' => '<string>', // REQUIRED
            'Values' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of OpsMetadataFilter structures

One or more filters to limit the number of OpsMetadata objects returned by the call.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

Result Syntax

[
    'NextToken' => '<string>',
    'OpsMetadataList' => [
        [
            'CreationDate' => <DateTime>,
            'LastModifiedDate' => <DateTime>,
            'LastModifiedUser' => '<string>',
            'OpsMetadataArn' => '<string>',
            'ResourceId' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

OpsMetadataList
Type: Array of OpsMetadata structures

Returns a list of OpsMetadata objects.

Errors

OpsMetadataInvalidArgumentException:

One of the arguments passed is invalid.

InternalServerError:

An error occurred on the server side.

ListResourceComplianceSummaries

$result = $client->listResourceComplianceSummaries([/* ... */]);
$promise = $client->listResourceComplianceSummariesAsync([/* ... */]);

Returns a resource-level summary count. The summary includes information about compliant and non-compliant statuses and detailed compliance-item severity counts, according to the filter criteria you specify.

Parameter Syntax

$result = $client->listResourceComplianceSummaries([
    'Filters' => [
        [
            'Key' => '<string>',
            'Type' => 'EQUAL|NOT_EQUAL|BEGIN_WITH|LESS_THAN|GREATER_THAN',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
]);

Parameter Details

Members
Filters
Type: Array of ComplianceStringFilter structures

One or more filters. Use a filter to return a more specific list of results.

MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

Result Syntax

[
    'NextToken' => '<string>',
    'ResourceComplianceSummaryItems' => [
        [
            'ComplianceType' => '<string>',
            'CompliantSummary' => [
                'CompliantCount' => <integer>,
                'SeveritySummary' => [
                    'CriticalCount' => <integer>,
                    'HighCount' => <integer>,
                    'InformationalCount' => <integer>,
                    'LowCount' => <integer>,
                    'MediumCount' => <integer>,
                    'UnspecifiedCount' => <integer>,
                ],
            ],
            'ExecutionSummary' => [
                'ExecutionId' => '<string>',
                'ExecutionTime' => <DateTime>,
                'ExecutionType' => '<string>',
            ],
            'NonCompliantSummary' => [
                'NonCompliantCount' => <integer>,
                'SeveritySummary' => [
                    'CriticalCount' => <integer>,
                    'HighCount' => <integer>,
                    'InformationalCount' => <integer>,
                    'LowCount' => <integer>,
                    'MediumCount' => <integer>,
                    'UnspecifiedCount' => <integer>,
                ],
            ],
            'OverallSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED',
            'ResourceId' => '<string>',
            'ResourceType' => '<string>',
            'Status' => 'COMPLIANT|NON_COMPLIANT',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

ResourceComplianceSummaryItems
Type: Array of ResourceComplianceSummaryItem structures

A summary count for specified or targeted managed nodes. Summary count includes information about compliant and non-compliant State Manager associations, patch status, or custom items according to the filter criteria that you specify.

Errors

InvalidFilter:

The filter name isn't valid. Verify the you entered the correct name and try again.

InvalidNextToken:

The specified token isn't valid.

InternalServerError:

An error occurred on the server side.

ListResourceDataSync

$result = $client->listResourceDataSync([/* ... */]);
$promise = $client->listResourceDataSyncAsync([/* ... */]);

Lists your resource data sync configurations. Includes information about the last time a sync attempted to start, the last sync status, and the last time a sync successfully completed.

The number of sync configurations might be too large to return using a single call to ListResourceDataSync. You can limit the number of sync configurations returned by using the MaxResults parameter. To determine whether there are more sync configurations to list, check the value of NextToken in the output. If there are more sync configurations to list, you can request them by specifying the NextToken returned in the call to the parameter of a subsequent call.

Parameter Syntax

$result = $client->listResourceDataSync([
    'MaxResults' => <integer>,
    'NextToken' => '<string>',
    'SyncType' => '<string>',
]);

Parameter Details

Members
MaxResults
Type: int

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

NextToken
Type: string

A token to start the list. Use this token to get the next set of results.

SyncType
Type: string

View a list of resource data syncs according to the sync type. Specify SyncToDestination to view resource data syncs that synchronize data to an Amazon S3 bucket. Specify SyncFromSource to view resource data syncs from Organizations or from multiple Amazon Web Services Regions.

Result Syntax

[
    'NextToken' => '<string>',
    'ResourceDataSyncItems' => [
        [
            'LastStatus' => 'Successful|Failed|InProgress',
            'LastSuccessfulSyncTime' => <DateTime>,
            'LastSyncStatusMessage' => '<string>',
            'LastSyncTime' => <DateTime>,
            'S3Destination' => [
                'AWSKMSKeyARN' => '<string>',
                'BucketName' => '<string>',
                'DestinationDataSharing' => [
                    'DestinationDataSharingType' => '<string>',
                ],
                'Prefix' => '<string>',
                'Region' => '<string>',
                'SyncFormat' => 'JsonSerDe',
            ],
            'SyncCreatedTime' => <DateTime>,
            'SyncLastModifiedTime' => <DateTime>,
            'SyncName' => '<string>',
            'SyncSource' => [
                'AwsOrganizationsSource' => [
                    'OrganizationSourceType' => '<string>',
                    'OrganizationalUnits' => [
                        [
                            'OrganizationalUnitId' => '<string>',
                        ],
                        // ...
                    ],
                ],
                'EnableAllOpsDataSources' => true || false,
                'IncludeFutureRegions' => true || false,
                'SourceRegions' => ['<string>', ...],
                'SourceType' => '<string>',
                'State' => '<string>',
            ],
            'SyncType' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
NextToken
Type: string

The token for the next set of items to return. Use this token to get the next set of results.

ResourceDataSyncItems
Type: Array of ResourceDataSyncItem structures

A list of your current resource data sync configurations and their statuses.

Errors

ResourceDataSyncInvalidConfigurationException:

The specified sync configuration is invalid.

InternalServerError:

An error occurred on the server side.

InvalidNextToken:

The specified token isn't valid.

ListTagsForResource

$result = $client->listTagsForResource([/* ... */]);
$promise = $client->listTagsForResourceAsync([/* ... */]);

Returns a list of the tags assigned to the specified resource.

For information about the ID format for each supported resource type, see AddTagsToResource.

Parameter Syntax

$result = $client->listTagsForResource([
    'ResourceId' => '<string>', // REQUIRED
    'ResourceType' => 'Document|ManagedInstance|MaintenanceWindow|Parameter|PatchBaseline|OpsItem|OpsMetadata|Automation|Association', // REQUIRED
]);

Parameter Details

Members
ResourceId
Required: Yes
Type: string

The resource ID for which you want to see a list of tags.

ResourceType
Required: Yes
Type: string

Returns a list of tags for a specific resource type.

Result Syntax

[
    'TagList' => [
        [
            'Key' => '<string>',
            'Value' => '<string>',
        ],
        // ...
    ],
]

Result Details

Members
TagList
Type: Array of Tag structures

A list of tags.

Errors

InvalidResourceType:

The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.

InvalidResourceId:

The resource ID isn't valid. Verify that you entered the correct ID and try again.

InternalServerError:

An error occurred on the server side.

ModifyDocumentPermission

$result = $client->modifyDocumentPermission([/* ... */]);
$promise = $client->modifyDocumentPermissionAsync([/* ... */]);

Shares a Amazon Web Services Systems Manager document (SSM document)publicly or privately. If you share a document privately, you must specify the Amazon Web Services user IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.

Parameter Syntax

$result = $client->modifyDocumentPermission([
    'AccountIdsToAdd' => ['<string>', ...],
    'AccountIdsToRemove' => ['<string>', ...],
    'Name' => '<string>', // REQUIRED
    'PermissionType' => 'Share', // REQUIRED
    'SharedDocumentVersion' => '<string>',
]);

Parameter Details

Members
AccountIdsToAdd
Type: Array of strings

The Amazon Web Services users that should have access to the document. The account IDs can either be a group of account IDs or All.

AccountIdsToRemove
Type: Array of strings

The Amazon Web Services users that should no longer have access to the document. The Amazon Web Services user can either be a group of account IDs or All. This action has a higher priority than AccountIdsToAdd. If you specify an ID to add and the same ID to remove, the system removes access to the document.

Name
Required: Yes
Type: string

The name of the document that you want to share.

PermissionType
Required: Yes
Type: string

The permission type for the document. The permission type can be Share.

SharedDocumentVersion
Type: string

(Optional) The version of the document to share. If it isn't specified, the system choose the Default version to share.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerError:

An error occurred on the server side.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidPermissionType:

The permission type isn't supported. Share is the only supported permission type.

DocumentPermissionLimit:

The document can't be shared with more Amazon Web Services accounts. You can specify a maximum of 20 accounts per API operation to share a private document.

By default, you can share a private document with a maximum of 1,000 accounts and publicly share up to five documents.

If you need to increase the quota for privately or publicly shared Systems Manager documents, contact Amazon Web Services Support.

DocumentLimitExceeded:

You can have at most 500 active SSM documents.

PutComplianceItems

$result = $client->putComplianceItems([/* ... */]);
$promise = $client->putComplianceItemsAsync([/* ... */]);

Registers a compliance type and other compliance details on a designated resource. This operation lets you register custom compliance details with a resource. This call overwrites existing compliance information on the resource, so you must provide a full list of compliance items each time that you send the request.

ComplianceType can be one of the following:

  • ExecutionId: The execution ID when the patch, association, or custom compliance item was applied.

  • ExecutionType: Specify patch, association, or Custom:string.

  • ExecutionTime. The time the patch, association, or custom compliance item was applied to the managed node.

  • Id: The patch, association, or custom compliance ID.

  • Title: A title.

  • Status: The status of the compliance item. For example, approved for patches, or Failed for associations.

  • Severity: A patch severity. For example, Critical.

  • DocumentName: An SSM document name. For example, AWS-RunPatchBaseline.

  • DocumentVersion: An SSM document version number. For example, 4.

  • Classification: A patch classification. For example, security updates.

  • PatchBaselineId: A patch baseline ID.

  • PatchSeverity: A patch severity. For example, Critical.

  • PatchState: A patch state. For example, InstancesWithFailedPatches.

  • PatchGroup: The name of a patch group.

  • InstalledTime: The time the association, patch, or custom compliance item was applied to the resource. Specify the time by using the following format: yyyy-MM-dd'T'HH:mm:ss'Z'

Parameter Syntax

$result = $client->putComplianceItems([
    'ComplianceType' => '<string>', // REQUIRED
    'ExecutionSummary' => [ // REQUIRED
        'ExecutionId' => '<string>',
        'ExecutionTime' => <integer || string || DateTime>, // REQUIRED
        'ExecutionType' => '<string>',
    ],
    'ItemContentHash' => '<string>',
    'Items' => [ // REQUIRED
        [
            'Details' => ['<string>', ...],
            'Id' => '<string>',
            'Severity' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED', // REQUIRED
            'Status' => 'COMPLIANT|NON_COMPLIANT', // REQUIRED
            'Title' => '<string>',
        ],
        // ...
    ],
    'ResourceId' => '<string>', // REQUIRED
    'ResourceType' => '<string>', // REQUIRED
    'UploadType' => 'COMPLETE|PARTIAL',
]);

Parameter Details

Members
ComplianceType
Required: Yes
Type: string

Specify the compliance type. For example, specify Association (for a State Manager association), Patch, or Custom:string.

ExecutionSummary
Required: Yes
Type: ComplianceExecutionSummary structure

A summary of the call execution that includes an execution ID, the type of execution (for example, Command), and the date/time of the execution using a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'

ItemContentHash
Type: string

MD5 or SHA-256 content hash. The content hash is used to determine if existing information should be overwritten or ignored. If the content hashes match, the request to put compliance information is ignored.

Items
Required: Yes
Type: Array of ComplianceItemEntry structures

Information about the compliance as defined by the resource type. For example, for a patch compliance type, Items includes information about the PatchSeverity, Classification, and so on.

ResourceId
Required: Yes
Type: string

Specify an ID for this resource. For a managed node, this is the node ID.

ResourceType
Required: Yes
Type: string

Specify the type of resource. ManagedInstance is currently the only supported resource type.

UploadType
Type: string

The mode for uploading compliance items. You can specify COMPLETE or PARTIAL. In COMPLETE mode, the system overwrites all existing compliance information for the resource. You must provide a full list of compliance items each time you send the request.

In PARTIAL mode, the system overwrites compliance information for a specific association. The association must be configured with SyncCompliance set to MANUAL. By default, all requests use COMPLETE mode.

This attribute is only valid for association compliance.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerError:

An error occurred on the server side.

InvalidItemContentException:

One or more content items isn't valid.

TotalSizeLimitExceededException:

The size of inventory data has exceeded the total size limit for the resource.

ItemSizeLimitExceededException:

The inventory item size has exceeded the size limit.

ComplianceTypeCountLimitExceededException:

You specified too many custom compliance types. You can specify a maximum of 10 different types.

InvalidResourceType:

The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.

InvalidResourceId:

The resource ID isn't valid. Verify that you entered the correct ID and try again.

PutInventory

$result = $client->putInventory([/* ... */]);
$promise = $client->putInventoryAsync([/* ... */]);

Bulk update custom inventory items on one or more managed nodes. The request adds an inventory item, if it doesn't already exist, or updates an inventory item, if it does exist.

Parameter Syntax

$result = $client->putInventory([
    'InstanceId' => '<string>', // REQUIRED
    'Items' => [ // REQUIRED
        [
            'CaptureTime' => '<string>', // REQUIRED
            'Content' => [
                ['<string>', ...],
                // ...
            ],
            'ContentHash' => '<string>',
            'Context' => ['<string>', ...],
            'SchemaVersion' => '<string>', // REQUIRED
            'TypeName' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
InstanceId
Required: Yes
Type: string

An managed node ID where you want to add or update inventory items.

Items
Required: Yes
Type: Array of InventoryItem structures

The inventory items that you want to add or update on managed nodes.

Result Syntax

[
    'Message' => '<string>',
]

Result Details

Members
Message
Type: string

Information about the request.

Errors

InternalServerError:

An error occurred on the server side.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InvalidTypeNameException:

The parameter type name isn't valid.

InvalidItemContentException:

One or more content items isn't valid.

TotalSizeLimitExceededException:

The size of inventory data has exceeded the total size limit for the resource.

ItemSizeLimitExceededException:

The inventory item size has exceeded the size limit.

ItemContentMismatchException:

The inventory item has invalid content.

CustomSchemaCountLimitExceededException:

You have exceeded the limit for custom schemas. Delete one or more custom schemas and try again.

UnsupportedInventorySchemaVersionException:

Inventory item type schema version has to match supported versions in the service. Check output of GetInventorySchema to see the available schema version for each type.

UnsupportedInventoryItemContextException:

The Context attribute that you specified for the InventoryItem isn't allowed for this inventory type. You can only use the Context attribute with inventory types like AWS:ComplianceItem.

InvalidInventoryItemContextException:

You specified invalid keys or values in the Context attribute for InventoryItem. Verify the keys and values, and try again.

SubTypeCountLimitExceededException:

The sub-type count exceeded the limit for the inventory type.

PutParameter

$result = $client->putParameter([/* ... */]);
$promise = $client->putParameterAsync([/* ... */]);

Add a parameter to the system.

Parameter Syntax

$result = $client->putParameter([
    'AllowedPattern' => '<string>',
    'DataType' => '<string>',
    'Description' => '<string>',
    'KeyId' => '<string>',
    'Name' => '<string>', // REQUIRED
    'Overwrite' => true || false,
    'Policies' => '<string>',
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'Tier' => 'Standard|Advanced|Intelligent-Tiering',
    'Type' => 'String|StringList|SecureString',
    'Value' => '<string>', // REQUIRED
]);

Parameter Details

Members
AllowedPattern
Type: string

A regular expression used to validate the parameter value. For example, for String types with values restricted to numbers, you can specify the following: AllowedPattern=^\d+$

DataType
Type: string

The data type for a String parameter. Supported data types include plain text and Amazon Machine Image (AMI) IDs.

The following data type values are supported.

  • text

  • aws:ec2:image

  • aws:ssm:integration

When you create a String parameter and specify aws:ec2:image, Amazon Web Services Systems Manager validates the parameter value is in the required format, such as ami-12345abcdeEXAMPLE, and that the specified AMI is available in your Amazon Web Services account.

If the action is successful, the service sends back an HTTP 200 response which indicates a successful PutParameter call for all cases except for data type aws:ec2:image. If you call PutParameter with aws:ec2:image data type, a successful HTTP 200 response does not guarantee that your parameter was successfully created or updated. The aws:ec2:image value is validated asynchronously, and the PutParameter call returns before the validation is complete. If you submit an invalid AMI value, the PutParameter operation will return success, but the asynchronous validation will fail and the parameter will not be created or updated. To monitor whether your aws:ec2:image parameters are created successfully, see Setting up notifications or trigger actions based on Parameter Store events. For more information about AMI format validation , see Native parameter support for Amazon Machine Image IDs.

Description
Type: string

Information about the parameter that you want to add to the system. Optional but recommended.

Don't enter personally identifiable information in this field.

KeyId
Type: string

The Key Management Service (KMS) ID that you want to use to encrypt a parameter. Use a custom key for better security. Required for parameters that use the SecureString data type.

If you don't specify a key ID, the system uses the default key associated with your Amazon Web Services account which is not as secure as using a custom key.

  • To use a custom KMS key, choose the SecureString data type with the Key ID parameter.

Name
Required: Yes
Type: string

The fully qualified name of the parameter that you want to add to the system.

You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.

The fully qualified name includes the complete hierarchy of the parameter path and name. For parameters in a hierarchy, you must include a leading forward slash character (/) when you create or reference a parameter. For example: /Dev/DBServer/MySQL/db-string13

Naming Constraints:

  • Parameter names are case sensitive.

  • A parameter name must be unique within an Amazon Web Services Region

  • A parameter name can't be prefixed with "aws" or "ssm" (case-insensitive).

  • Parameter names can include only the following symbols and letters: a-zA-Z0-9_.-

    In addition, the slash character ( / ) is used to delineate hierarchies in parameter names. For example: /Dev/Production/East/Project-ABC/MyParameter

  • A parameter name can't include spaces.

  • Parameter hierarchies are limited to a maximum depth of fifteen levels.

For additional information about valid values for parameter names, see Creating Systems Manager parameters in the Amazon Web Services Systems Manager User Guide.

The maximum length constraint of 2048 characters listed below includes 1037 characters reserved for internal use by Systems Manager. The maximum length for a parameter name that you create is 1011 characters. This includes the characters in the ARN that precede the name you specify, such as arn:aws:ssm:us-east-2:111122223333:parameter/.

Overwrite
Type: boolean

Overwrite an existing parameter. The default value is false.

Policies
Type: string

One or more policies to apply to a parameter. This operation takes a JSON array. Parameter Store, a capability of Amazon Web Services Systems Manager supports the following policy types:

Expiration: This policy deletes the parameter after it expires. When you create the policy, you specify the expiration date. You can update the expiration date and time by updating the policy. Updating the parameter doesn't affect the expiration date and time. When the expiration time is reached, Parameter Store deletes the parameter.

ExpirationNotification: This policy initiates an event in Amazon CloudWatch Events that notifies you about the expiration. By using this policy, you can receive notification before or after the expiration time is reached, in units of days or hours.

NoChangeNotification: This policy initiates a CloudWatch Events event if a parameter hasn't been modified for a specified period of time. This policy type is useful when, for example, a secret needs to be changed within a period of time, but it hasn't been changed.

All existing policies are preserved until you send new policies or an empty policy. For more information about parameter policies, see Assigning parameter policies.

Tags
Type: Array of Tag structures

Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Systems Manager parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter. In this case, you could specify the following key-value pairs:

  • Key=Resource,Value=S3bucket

  • Key=OS,Value=Windows

  • Key=ParameterType,Value=LicenseKey

To add tags to an existing Systems Manager parameter, use the AddTagsToResource operation.

Tier
Type: string

The parameter tier to assign to a parameter.

Parameter Store offers a standard tier and an advanced tier for parameters. Standard parameters have a content size limit of 4 KB and can't be configured to use parameter policies. You can create a maximum of 10,000 standard parameters for each Region in an Amazon Web Services account. Standard parameters are offered at no additional cost.

Advanced parameters have a content size limit of 8 KB and can be configured to use parameter policies. You can create a maximum of 100,000 advanced parameters for each Region in an Amazon Web Services account. Advanced parameters incur a charge. For more information, see Managing parameter tiers in the Amazon Web Services Systems Manager User Guide.

You can change a standard parameter to an advanced parameter any time. But you can't revert an advanced parameter to a standard parameter. Reverting an advanced parameter to a standard parameter would result in data loss because the system would truncate the size of the parameter from 8 KB to 4 KB. Reverting would also remove any policies attached to the parameter. Lastly, advanced parameters use a different form of encryption than standard parameters.

If you no longer need an advanced parameter, or if you no longer want to incur charges for an advanced parameter, you must delete it and recreate it as a new standard parameter.

Using the Default Tier Configuration

In PutParameter requests, you can specify the tier to create the parameter in. Whenever you specify a tier in the request, Parameter Store creates or updates the parameter according to that request. However, if you don't specify a tier in a request, Parameter Store assigns the tier based on the current Parameter Store default tier configuration.

The default tier when you begin using Parameter Store is the standard-parameter tier. If you use the advanced-parameter tier, you can specify one of the following as the default:

  • Advanced: With this option, Parameter Store evaluates all requests as advanced parameters.

  • Intelligent-Tiering: With this option, Parameter Store evaluates each request to determine if the parameter is standard or advanced.

    If the request doesn't include any options that require an advanced parameter, the parameter is created in the standard-parameter tier. If one or more options requiring an advanced parameter are included in the request, Parameter Store create a parameter in the advanced-parameter tier.

    This approach helps control your parameter-related costs by always creating standard parameters unless an advanced parameter is necessary.

Options that require an advanced parameter include the following:

  • The content size of the parameter is more than 4 KB.

  • The parameter uses a parameter policy.

  • More than 10,000 parameters already exist in your Amazon Web Services account in the current Amazon Web Services Region.

For more information about configuring the default tier option, see Specifying a default parameter tier in the Amazon Web Services Systems Manager User Guide.

Type
Type: string

The type of parameter that you want to add to the system.

SecureString isn't currently supported for CloudFormation templates.

Items in a StringList must be separated by a comma (,). You can't use other punctuation or special character to escape items in the list. If you have a parameter value that requires a comma, then use the String data type.

Specifying a parameter type isn't required when updating a parameter. You must specify a parameter type when creating a parameter.

Value
Required: Yes
Type: string

The parameter value that you want to add to the system. Standard parameters have a value limit of 4 KB. Advanced parameters have a value limit of 8 KB.

Parameters can't be referenced or nested in the values of other parameters. You can't include {{}} or {{ssm:parameter-name}} in a parameter value.

Result Syntax

[
    'Tier' => 'Standard|Advanced|Intelligent-Tiering',
    'Version' => <integer>,
]

Result Details

Members
Tier
Type: string

The tier assigned to the parameter.

Version
Type: long (int|float)

The new version number of a parameter. If you edit a parameter value, Parameter Store automatically creates a new version and assigns this new version a unique ID. You can reference a parameter version ID in API operations or in Systems Manager documents (SSM documents). By default, if you don't specify a specific version, the system returns the latest parameter value when a parameter is called.

Errors

InternalServerError:

An error occurred on the server side.

InvalidKeyId:

The query key ID isn't valid.

ParameterLimitExceeded:

You have exceeded the number of parameters for this Amazon Web Services account. Delete one or more parameters and try again.

TooManyUpdates:

There are concurrent updates for a resource that supports one update at a time.

ParameterAlreadyExists:

The parameter already exists. You can't create duplicate parameters.

HierarchyLevelLimitExceededException:

A hierarchy can have a maximum of 15 levels. For more information, see Requirements and constraints for parameter names in the Amazon Web Services Systems Manager User Guide.

HierarchyTypeMismatchException:

Parameter Store doesn't support changing a parameter type in a hierarchy. For example, you can't change a parameter from a String type to a SecureString type. You must create a new, unique parameter.

InvalidAllowedPatternException:

The request doesn't meet the regular expression requirement.

ParameterMaxVersionLimitExceeded:

Parameter Store retains the 100 most recently created versions of a parameter. After this number of versions has been created, Parameter Store deletes the oldest version when a new one is created. However, if the oldest version has a label attached to it, Parameter Store won't delete the version and instead presents this error message:

An error occurred (ParameterMaxVersionLimitExceeded) when calling the PutParameter operation: You attempted to create a new version of parameter-name by calling the PutParameter API with the overwrite flag. Version version-number, the oldest version, can't be deleted because it has a label associated with it. Move the label to another version of the parameter, and try again.

This safeguard is to prevent parameter versions with mission critical labels assigned to them from being deleted. To continue creating new parameters, first move the label from the oldest version of the parameter to a newer one for use in your operations. For information about moving parameter labels, see Move a parameter label (console) or Move a parameter label (CLI) in the Amazon Web Services Systems Manager User Guide.

ParameterPatternMismatchException:

The parameter name isn't valid.

UnsupportedParameterType:

The parameter type isn't supported.

PoliciesLimitExceededException:

You specified more than the maximum number of allowed policies for the parameter. The maximum is 10.

InvalidPolicyTypeException:

The policy type isn't supported. Parameter Store supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.

InvalidPolicyAttributeException:

A policy attribute or its value is invalid.

IncompatiblePolicyException:

There is a conflict in the policies specified for this parameter. You can't, for example, specify two Expiration policies for a parameter. Review your policies, and try again.

PutResourcePolicy

$result = $client->putResourcePolicy([/* ... */]);
$promise = $client->putResourcePolicyAsync([/* ... */]);

Creates or updates a Systems Manager resource policy. A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. The following resources support Systems Manager resource policies.

  • OpsItemGroup - The resource policy for OpsItemGroup enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems).

  • Parameter - The resource policy is used to share a parameter with other accounts using Resource Access Manager (RAM).

    To share a parameter, it must be in the advanced parameter tier. For information about parameter tiers, see Managing parameter tiers. For information about changing an existing standard parameter to an advanced parameter, see Changing a standard parameter to an advanced parameter.

    To share a SecureString parameter, it must be encrypted with a customer managed key, and you must share the key separately through Key Management Service. Amazon Web Services managed keys cannot be shared. Parameters encrypted with the default Amazon Web Services managed key can be updated to use a customer managed key instead. For KMS key definitions, see KMS concepts in the Key Management Service Developer Guide.

    While you can share a parameter using the Systems Manager PutResourcePolicy operation, we recommend using Resource Access Manager (RAM) instead. This is because using PutResourcePolicy requires the extra step of promoting the parameter to a standard RAM Resource Share using the RAM PromoteResourceShareCreatedFromPolicy API operation. Otherwise, the parameter won't be returned by the Systems Manager DescribeParameters API operation using the --shared option.

    For more information, see Sharing a parameter in the Amazon Web Services Systems Manager User Guide

Parameter Syntax

$result = $client->putResourcePolicy([
    'Policy' => '<string>', // REQUIRED
    'PolicyHash' => '<string>',
    'PolicyId' => '<string>',
    'ResourceArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
Policy
Required: Yes
Type: string

A policy you want to associate with a resource.

PolicyHash
Type: string

ID of the current policy version. The hash helps to prevent a situation where multiple users attempt to overwrite a policy. You must provide this hash when updating or deleting a policy.

PolicyId
Type: string

The policy ID.

ResourceArn
Required: Yes
Type: string

Amazon Resource Name (ARN) of the resource to which you want to attach a policy.

Result Syntax

[
    'PolicyHash' => '<string>',
    'PolicyId' => '<string>',
]

Result Details

Members
PolicyHash
Type: string

ID of the current policy version.

PolicyId
Type: string

The policy ID. To update a policy, you must specify PolicyId and PolicyHash.

Errors

InternalServerError:

An error occurred on the server side.

ResourcePolicyInvalidParameterException:

One or more parameters specified for the call aren't valid. Verify the parameters and their values and try again.

ResourcePolicyLimitExceededException:

The PutResourcePolicy API action enforces two limits. A policy can't be greater than 1024 bytes in size. And only one policy can be attached to OpsItemGroup. Verify these limits and try again.

ResourcePolicyConflictException:

The hash provided in the call doesn't match the stored hash. This exception is thrown when trying to update an obsolete policy version or when multiple requests to update a policy are sent.

ResourceNotFoundException:

The specified parameter to be shared could not be found.

MalformedResourcePolicyDocumentException:

The specified policy document is malformed or invalid, or excessive PutResourcePolicy or DeleteResourcePolicy calls have been made.

ResourcePolicyNotFoundException:

No policies with the specified policy ID and hash could be found.

RegisterDefaultPatchBaseline

$result = $client->registerDefaultPatchBaseline([/* ... */]);
$promise = $client->registerDefaultPatchBaselineAsync([/* ... */]);

Defines the default patch baseline for the relevant operating system.

To reset the Amazon Web Services-predefined patch baseline as the default, specify the full patch baseline Amazon Resource Name (ARN) as the baseline ID value. For example, for CentOS, specify arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed instead of pb-0574b43a65ea646ed.

Parameter Syntax

$result = $client->registerDefaultPatchBaseline([
    'BaselineId' => '<string>', // REQUIRED
]);

Parameter Details

Members
BaselineId
Required: Yes
Type: string

The ID of the patch baseline that should be the default patch baseline.

Result Syntax

[
    'BaselineId' => '<string>',
]

Result Details

Members
BaselineId
Type: string

The ID of the default patch baseline.

Errors

InvalidResourceId:

The resource ID isn't valid. Verify that you entered the correct ID and try again.

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

RegisterPatchBaselineForPatchGroup

$result = $client->registerPatchBaselineForPatchGroup([/* ... */]);
$promise = $client->registerPatchBaselineForPatchGroupAsync([/* ... */]);

Registers a patch baseline for a patch group.

Parameter Syntax

$result = $client->registerPatchBaselineForPatchGroup([
    'BaselineId' => '<string>', // REQUIRED
    'PatchGroup' => '<string>', // REQUIRED
]);

Parameter Details

Members
BaselineId
Required: Yes
Type: string

The ID of the patch baseline to register with the patch group.

PatchGroup
Required: Yes
Type: string

The name of the patch group to be registered with the patch baseline.

Result Syntax

[
    'BaselineId' => '<string>',
    'PatchGroup' => '<string>',
]

Result Details

Members
BaselineId
Type: string

The ID of the patch baseline the patch group was registered with.

PatchGroup
Type: string

The name of the patch group registered with the patch baseline.

Errors

AlreadyExistsException:

Error returned if an attempt is made to register a patch group with a patch baseline that is already registered with a different patch baseline.

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InvalidResourceId:

The resource ID isn't valid. Verify that you entered the correct ID and try again.

ResourceLimitExceededException:

Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.

For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

RegisterTargetWithMaintenanceWindow

$result = $client->registerTargetWithMaintenanceWindow([/* ... */]);
$promise = $client->registerTargetWithMaintenanceWindowAsync([/* ... */]);

Registers a target with a maintenance window.

Parameter Syntax

$result = $client->registerTargetWithMaintenanceWindow([
    'ClientToken' => '<string>',
    'Description' => '<string>',
    'Name' => '<string>',
    'OwnerInformation' => '<string>',
    'ResourceType' => 'INSTANCE|RESOURCE_GROUP', // REQUIRED
    'Targets' => [ // REQUIRED
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'WindowId' => '<string>', // REQUIRED
]);

Parameter Details

Members
ClientToken
Type: string

User-provided idempotency token.

Description
Type: string

An optional description for the target.

Name
Type: string

An optional name for the target.

OwnerInformation
Type: string

User-provided value that will be included in any Amazon CloudWatch Events events raised while running tasks for these targets in this maintenance window.

ResourceType
Required: Yes
Type: string

The type of target being registered with the maintenance window.

Targets
Required: Yes
Type: Array of Target structures

The targets to register with the maintenance window. In other words, the managed nodes to run commands on when the maintenance window runs.

If a single maintenance window task is registered with multiple targets, its task invocations occur sequentially and not in parallel. If your task must run on multiple targets at the same time, register a task for each target individually and assign each task the same priority level.

You can specify targets using managed node IDs, resource group names, or tags that have been applied to managed nodes.

Example 1: Specify managed node IDs

Key=InstanceIds,Values=<instance-id-1>,<instance-id-2>,<instance-id-3>

Example 2: Use tag key-pairs applied to managed nodes

Key=tag:<my-tag-key>,Values=<my-tag-value-1>,<my-tag-value-2>

Example 3: Use tag-keys applied to managed nodes

Key=tag-key,Values=<my-tag-key-1>,<my-tag-key-2>

Example 4: Use resource group names

Key=resource-groups:Name,Values=<resource-group-name>

Example 5: Use filters for resource group types

Key=resource-groups:ResourceTypeFilters,Values=<resource-type-1>,<resource-type-2>

For Key=resource-groups:ResourceTypeFilters, specify resource types in the following format

Key=resource-groups:ResourceTypeFilters,Values=AWS::EC2::INSTANCE,AWS::EC2::VPC

For more information about these examples formats, including the best use case for each one, see Examples: Register targets with a maintenance window in the Amazon Web Services Systems Manager User Guide.

WindowId
Required: Yes
Type: string

The ID of the maintenance window the target should be registered with.

Result Syntax

[
    'WindowTargetId' => '<string>',
]

Result Details

Members
WindowTargetId
Type: string

The ID of the target definition in this maintenance window.

Errors

IdempotentParameterMismatch:

Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

ResourceLimitExceededException:

Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.

For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

RegisterTaskWithMaintenanceWindow

$result = $client->registerTaskWithMaintenanceWindow([/* ... */]);
$promise = $client->registerTaskWithMaintenanceWindowAsync([/* ... */]);

Adds a new task to a maintenance window.

Parameter Syntax

$result = $client->registerTaskWithMaintenanceWindow([
    'AlarmConfiguration' => [
        'Alarms' => [ // REQUIRED
            [
                'Name' => '<string>', // REQUIRED
            ],
            // ...
        ],
        'IgnorePollAlarmFailure' => true || false,
    ],
    'ClientToken' => '<string>',
    'CutoffBehavior' => 'CONTINUE_TASK|CANCEL_TASK',
    'Description' => '<string>',
    'LoggingInfo' => [
        'S3BucketName' => '<string>', // REQUIRED
        'S3KeyPrefix' => '<string>',
        'S3Region' => '<string>', // REQUIRED
    ],
    'MaxConcurrency' => '<string>',
    'MaxErrors' => '<string>',
    'Name' => '<string>',
    'Priority' => <integer>,
    'ServiceRoleArn' => '<string>',
    'Targets' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'TaskArn' => '<string>', // REQUIRED
    'TaskInvocationParameters' => [
        'Automation' => [
            'DocumentVersion' => '<string>',
            'Parameters' => [
                '<AutomationParameterKey>' => ['<string>', ...],
                // ...
            ],
        ],
        'Lambda' => [
            'ClientContext' => '<string>',
            'Payload' => <string || resource || Psr\Http\Message\StreamInterface>,
            'Qualifier' => '<string>',
        ],
        'RunCommand' => [
            'CloudWatchOutputConfig' => [
                'CloudWatchLogGroupName' => '<string>',
                'CloudWatchOutputEnabled' => true || false,
            ],
            'Comment' => '<string>',
            'DocumentHash' => '<string>',
            'DocumentHashType' => 'Sha256|Sha1',
            'DocumentVersion' => '<string>',
            'NotificationConfig' => [
                'NotificationArn' => '<string>',
                'NotificationEvents' => ['<string>', ...],
                'NotificationType' => 'Command|Invocation',
            ],
            'OutputS3BucketName' => '<string>',
            'OutputS3KeyPrefix' => '<string>',
            'Parameters' => [
                '<ParameterName>' => ['<string>', ...],
                // ...
            ],
            'ServiceRoleArn' => '<string>',
            'TimeoutSeconds' => <integer>,
        ],
        'StepFunctions' => [
            'Input' => '<string>',
            'Name' => '<string>',
        ],
    ],
    'TaskParameters' => [
        '<MaintenanceWindowTaskParameterName>' => [
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'TaskType' => 'RUN_COMMAND|AUTOMATION|STEP_FUNCTIONS|LAMBDA', // REQUIRED
    'WindowId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The CloudWatch alarm you want to apply to your maintenance window task.

ClientToken
Type: string

User-provided idempotency token.

CutoffBehavior
Type: string

Indicates whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.

  • CONTINUE_TASK: When the cutoff time is reached, any tasks that are running continue. The default value.

  • CANCEL_TASK:

    • For Automation, Lambda, Step Functions tasks: When the cutoff time is reached, any task invocations that are already running continue, but no new task invocations are started.

    • For Run Command tasks: When the cutoff time is reached, the system sends a CancelCommand operation that attempts to cancel the command associated with the task. However, there is no guarantee that the command will be terminated and the underlying process stopped.

    The status for tasks that are not completed is TIMED_OUT.

Description
Type: string

An optional description for the task.

LoggingInfo
Type: LoggingInfo structure

A structure containing information about an Amazon Simple Storage Service (Amazon S3) bucket to write managed node-level logs to.

LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

MaxConcurrency
Type: string

The maximum number of targets this task can be run for, in parallel.

Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.

For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1. This value doesn't affect the running of your task.

MaxErrors
Type: string

The maximum number of errors allowed before this task stops being scheduled.

Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.

For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1. This value doesn't affect the running of your task.

Name
Type: string

An optional name for the task.

Priority
Type: int

The priority of the task in the maintenance window, the lower the number the higher the priority. Tasks in a maintenance window are scheduled in priority order with tasks that have the same priority scheduled in parallel.

ServiceRoleArn
Type: string

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

Targets
Type: Array of Target structures

The targets (either managed nodes or maintenance window targets).

One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.

Specify managed nodes using the following format:

Key=InstanceIds,Values=<instance-id-1>,<instance-id-2>

Specify maintenance window targets using the following format:

Key=WindowTargetIds,Values=<window-target-id-1>,<window-target-id-2>

TaskArn
Required: Yes
Type: string

The ARN of the task to run.

TaskInvocationParameters

The parameters that the task should use during execution. Populate only the fields that match the task type. All other fields should be empty.

TaskParameters
Type: Associative array of custom strings keys (MaintenanceWindowTaskParameterName) to MaintenanceWindowTaskParameterValueExpression structures

The parameters that should be passed to the task when it is run.

TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

TaskType
Required: Yes
Type: string

The type of task being registered.

WindowId
Required: Yes
Type: string

The ID of the maintenance window the task should be added to.

Result Syntax

[
    'WindowTaskId' => '<string>',
]

Result Details

Members
WindowTaskId
Type: string

The ID of the task in the maintenance window.

Errors

IdempotentParameterMismatch:

Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

ResourceLimitExceededException:

Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.

For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

FeatureNotAvailableException:

You attempted to register a LAMBDA or STEP_FUNCTIONS task in a region where the corresponding service isn't available.

InternalServerError:

An error occurred on the server side.

RemoveTagsFromResource

$result = $client->removeTagsFromResource([/* ... */]);
$promise = $client->removeTagsFromResourceAsync([/* ... */]);

Removes tag keys from the specified resource.

Parameter Syntax

$result = $client->removeTagsFromResource([
    'ResourceId' => '<string>', // REQUIRED
    'ResourceType' => 'Document|ManagedInstance|MaintenanceWindow|Parameter|PatchBaseline|OpsItem|OpsMetadata|Automation|Association', // REQUIRED
    'TagKeys' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
ResourceId
Required: Yes
Type: string

The ID of the resource from which you want to remove tags. For example:

ManagedInstance: mi-012345abcde

MaintenanceWindow: mw-012345abcde

Automation: example-c160-4567-8519-012345abcde

PatchBaseline: pb-012345abcde

OpsMetadata object: ResourceID for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically, ResourceID is created from the strings that come after the word opsmetadata in the ARN. For example, an OpsMetadata object with an ARN of arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager has a ResourceID of either aws/ssm/MyGroup/appmanager or /aws/ssm/MyGroup/appmanager.

For the Document and Parameter values, use the name of the resource.

The ManagedInstance type for this API operation is only for on-premises managed nodes. Specify the name of the managed node in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f.

ResourceType
Required: Yes
Type: string

The type of resource from which you want to remove a tag.

The ManagedInstance type for this API operation is only for on-premises managed nodes. Specify the name of the managed node in the following format: mi-ID_number . For example, mi-1a2b3c4d5e6f.

TagKeys
Required: Yes
Type: Array of strings

Tag keys that you want to remove from the specified resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidResourceType:

The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.

InvalidResourceId:

The resource ID isn't valid. Verify that you entered the correct ID and try again.

InternalServerError:

An error occurred on the server side.

TooManyUpdates:

There are concurrent updates for a resource that supports one update at a time.

ResetServiceSetting

$result = $client->resetServiceSetting([/* ... */]);
$promise = $client->resetServiceSettingAsync([/* ... */]);

ServiceSetting is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.

Services map a SettingId object to a setting value. Amazon Web Services services teams define the default value for a SettingId. You can't create a new SettingId, but you can overwrite the default value if you have the ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting API operation to view the current value. Use the UpdateServiceSetting API operation to change the default setting.

Reset the service setting for the account to the default value as provisioned by the Amazon Web Services service team.

Parameter Syntax

$result = $client->resetServiceSetting([
    'SettingId' => '<string>', // REQUIRED
]);

Parameter Details

Members
SettingId
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the service setting to reset. The setting ID can be one of the following.

  • /ssm/managed-instance/default-ec2-instance-management-role

  • /ssm/automation/customer-script-log-destination

  • /ssm/automation/customer-script-log-group-name

  • /ssm/documents/console/public-sharing-permission

  • /ssm/managed-instance/activation-tier

  • /ssm/opsinsights/opscenter

  • /ssm/parameter-store/default-parameter-tier

  • /ssm/parameter-store/high-throughput-enabled

Result Syntax

[
    'ServiceSetting' => [
        'ARN' => '<string>',
        'LastModifiedDate' => <DateTime>,
        'LastModifiedUser' => '<string>',
        'SettingId' => '<string>',
        'SettingValue' => '<string>',
        'Status' => '<string>',
    ],
]

Result Details

Members
ServiceSetting
Type: ServiceSetting structure

The current, effective service setting after calling the ResetServiceSetting API operation.

Errors

InternalServerError:

An error occurred on the server side.

ServiceSettingNotFound:

The specified service setting wasn't found. Either the service name or the setting hasn't been provisioned by the Amazon Web Services service team.

TooManyUpdates:

There are concurrent updates for a resource that supports one update at a time.

ResumeSession

$result = $client->resumeSession([/* ... */]);
$promise = $client->resumeSessionAsync([/* ... */]);

Reconnects a session to a managed node after it has been disconnected. Connections can be resumed for disconnected sessions, but not terminated sessions.

This command is primarily for use by client machines to automatically reconnect during intermittent network issues. It isn't intended for any other use.

Parameter Syntax

$result = $client->resumeSession([
    'SessionId' => '<string>', // REQUIRED
]);

Parameter Details

Members
SessionId
Required: Yes
Type: string

The ID of the disconnected session to resume.

Result Syntax

[
    'SessionId' => '<string>',
    'StreamUrl' => '<string>',
    'TokenValue' => '<string>',
]

Result Details

Members
SessionId
Type: string

The ID of the session.

StreamUrl
Type: string

A URL back to SSM Agent on the managed node that the Session Manager client uses to send commands and receive output from the managed node. Format: wss://ssmmessages.region.amazonaws.com/v1/data-channel/session-id?stream=(input|output).

region represents the Region identifier for an Amazon Web Services Region supported by Amazon Web Services Systems Manager, such as us-east-2 for the US East (Ohio) Region. For a list of supported region values, see the Region column in Systems Manager service endpoints in the Amazon Web Services General Reference.

session-id represents the ID of a Session Manager session, such as 1a2b3c4dEXAMPLE.

TokenValue
Type: string

An encrypted token value containing session and caller information. Used to authenticate the connection to the managed node.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

SendAutomationSignal

$result = $client->sendAutomationSignal([/* ... */]);
$promise = $client->sendAutomationSignalAsync([/* ... */]);

Sends a signal to an Automation execution to change the current behavior or status of the execution.

Parameter Syntax

$result = $client->sendAutomationSignal([
    'AutomationExecutionId' => '<string>', // REQUIRED
    'Payload' => [
        '<AutomationParameterKey>' => ['<string>', ...],
        // ...
    ],
    'SignalType' => 'Approve|Reject|StartStep|StopStep|Resume', // REQUIRED
]);

Parameter Details

Members
AutomationExecutionId
Required: Yes
Type: string

The unique identifier for an existing Automation execution that you want to send the signal to.

Payload
Type: Associative array of custom strings keys (AutomationParameterKey) to stringss

The data sent with the signal. The data schema depends on the type of signal used in the request.

For Approve and Reject signal types, the payload is an optional comment that you can send with the signal type. For example:

Comment="Looks good"

For StartStep and Resume signal types, you must send the name of the Automation step to start or resume as the payload. For example:

StepName="step1"

For the StopStep signal type, you must send the step execution ID as the payload. For example:

StepExecutionId="97fff367-fc5a-4299-aed8-0123456789ab"

SignalType
Required: Yes
Type: string

The type of signal to send to an Automation execution.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

AutomationExecutionNotFoundException:

There is no automation execution information for the requested automation execution ID.

AutomationStepNotFoundException:

The specified step name and execution ID don't exist. Verify the information and try again.

InvalidAutomationSignalException:

The signal isn't valid for the current Automation execution.

InternalServerError:

An error occurred on the server side.

SendCommand

$result = $client->sendCommand([/* ... */]);
$promise = $client->sendCommandAsync([/* ... */]);

Runs commands on one or more managed nodes.

Parameter Syntax

$result = $client->sendCommand([
    'AlarmConfiguration' => [
        'Alarms' => [ // REQUIRED
            [
                'Name' => '<string>', // REQUIRED
            ],
            // ...
        ],
        'IgnorePollAlarmFailure' => true || false,
    ],
    'CloudWatchOutputConfig' => [
        'CloudWatchLogGroupName' => '<string>',
        'CloudWatchOutputEnabled' => true || false,
    ],
    'Comment' => '<string>',
    'DocumentHash' => '<string>',
    'DocumentHashType' => 'Sha256|Sha1',
    'DocumentName' => '<string>', // REQUIRED
    'DocumentVersion' => '<string>',
    'InstanceIds' => ['<string>', ...],
    'MaxConcurrency' => '<string>',
    'MaxErrors' => '<string>',
    'NotificationConfig' => [
        'NotificationArn' => '<string>',
        'NotificationEvents' => ['<string>', ...],
        'NotificationType' => 'Command|Invocation',
    ],
    'OutputS3BucketName' => '<string>',
    'OutputS3KeyPrefix' => '<string>',
    'OutputS3Region' => '<string>',
    'Parameters' => [
        '<ParameterName>' => ['<string>', ...],
        // ...
    ],
    'ServiceRoleArn' => '<string>',
    'Targets' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'TimeoutSeconds' => <integer>,
]);

Parameter Details

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The CloudWatch alarm you want to apply to your command.

CloudWatchOutputConfig
Type: CloudWatchOutputConfig structure

Enables Amazon Web Services Systems Manager to send Run Command output to Amazon CloudWatch Logs. Run Command is a capability of Amazon Web Services Systems Manager.

Comment
Type: string

User-specified information about the command, such as a brief description of what the command should do.

DocumentHash
Type: string

The Sha256 or Sha1 hash created by the system when the document was created.

Sha1 hashes have been deprecated.

DocumentHashType
Type: string

Sha256 or Sha1.

Sha1 hashes have been deprecated.

DocumentName
Required: Yes
Type: string

The name of the Amazon Web Services Systems Manager document (SSM document) to run. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document Amazon Resource Name (ARN). For more information about how to use shared documents, see Sharing SSM documents in the Amazon Web Services Systems Manager User Guide.

If you specify a document name or ARN that hasn't been shared with your account, you receive an InvalidDocument error.

DocumentVersion
Type: string

The SSM document version to use in the request. You can specify $DEFAULT, $LATEST, or a specific version number. If you run commands by using the Command Line Interface (Amazon Web Services CLI), then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:

--document-version "\$DEFAULT"

--document-version "\$LATEST"

--document-version "3"

InstanceIds
Type: Array of strings

The IDs of the managed nodes where the command should run. Specifying managed node IDs is most useful when you are targeting a limited number of managed nodes, though you can specify up to 50 IDs.

To target a larger number of managed nodes, or if you prefer not to list individual node IDs, we recommend using the Targets option instead. Using Targets, which accepts tag key-value pairs to identify the managed nodes to send commands to, you can a send command to tens, hundreds, or thousands of nodes at once.

For more information about how to use targets, see Run commands at scale in the Amazon Web Services Systems Manager User Guide.

MaxConcurrency
Type: string

(Optional) The maximum number of managed nodes that are allowed to run the command at the same time. You can specify a number such as 10 or a percentage such as 10%. The default value is 50. For more information about how to use MaxConcurrency, see Using concurrency controls in the Amazon Web Services Systems Manager User Guide.

MaxErrors
Type: string

The maximum number of errors allowed without the command failing. When the command fails one more time beyond the value of MaxErrors, the systems stops sending the command to additional targets. You can specify a number like 10 or a percentage like 10%. The default value is 0. For more information about how to use MaxErrors, see Using error controls in the Amazon Web Services Systems Manager User Guide.

NotificationConfig
Type: NotificationConfig structure

Configurations for sending notifications.

OutputS3BucketName
Type: string

The name of the S3 bucket where command execution responses should be stored.

OutputS3KeyPrefix
Type: string

The directory structure within the S3 bucket where the responses should be stored.

OutputS3Region
Type: string

(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Amazon Web Services Region of the S3 bucket.

Parameters
Type: Associative array of custom strings keys (ParameterName) to stringss

The required and optional parameters specified in the document being run.

ServiceRoleArn
Type: string

The ARN of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for Run Command commands.

This role must provide the sns:Publish permission for your notification topic. For information about creating and using this service role, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.

Targets
Type: Array of Target structures

An array of search criteria that targets managed nodes using a Key,Value combination that you specify. Specifying targets is most useful when you want to send a command to a large number of managed nodes at once. Using Targets, which accepts tag key-value pairs to identify managed nodes, you can send a command to tens, hundreds, or thousands of nodes at once.

To send a command to a smaller number of managed nodes, you can use the InstanceIds option instead.

For more information about how to use targets, see Run commands at scale in the Amazon Web Services Systems Manager User Guide.

TimeoutSeconds
Type: int

If this time is reached and the command hasn't already started running, it won't run.

Result Syntax

[
    'Command' => [
        'AlarmConfiguration' => [
            'Alarms' => [
                [
                    'Name' => '<string>',
                ],
                // ...
            ],
            'IgnorePollAlarmFailure' => true || false,
        ],
        'CloudWatchOutputConfig' => [
            'CloudWatchLogGroupName' => '<string>',
            'CloudWatchOutputEnabled' => true || false,
        ],
        'CommandId' => '<string>',
        'Comment' => '<string>',
        'CompletedCount' => <integer>,
        'DeliveryTimedOutCount' => <integer>,
        'DocumentName' => '<string>',
        'DocumentVersion' => '<string>',
        'ErrorCount' => <integer>,
        'ExpiresAfter' => <DateTime>,
        'InstanceIds' => ['<string>', ...],
        'MaxConcurrency' => '<string>',
        'MaxErrors' => '<string>',
        'NotificationConfig' => [
            'NotificationArn' => '<string>',
            'NotificationEvents' => ['<string>', ...],
            'NotificationType' => 'Command|Invocation',
        ],
        'OutputS3BucketName' => '<string>',
        'OutputS3KeyPrefix' => '<string>',
        'OutputS3Region' => '<string>',
        'Parameters' => [
            '<ParameterName>' => ['<string>', ...],
            // ...
        ],
        'RequestedDateTime' => <DateTime>,
        'ServiceRole' => '<string>',
        'Status' => 'Pending|InProgress|Success|Cancelled|Failed|TimedOut|Cancelling',
        'StatusDetails' => '<string>',
        'TargetCount' => <integer>,
        'Targets' => [
            [
                'Key' => '<string>',
                'Values' => ['<string>', ...],
            ],
            // ...
        ],
        'TimeoutSeconds' => <integer>,
        'TriggeredAlarms' => [
            [
                'Name' => '<string>',
                'State' => 'UNKNOWN|ALARM',
            ],
            // ...
        ],
    ],
]

Result Details

Members
Command
Type: Command structure

The request as it was received by Systems Manager. Also provides the command ID which can be used future references to this request.

Errors

DuplicateInstanceId:

You can't specify a managed node ID in more than one association.

InternalServerError:

An error occurred on the server side.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidDocumentVersion:

The document version isn't valid or doesn't exist.

InvalidOutputFolder:

The S3 bucket doesn't exist.

InvalidParameters:

You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.

UnsupportedPlatformType:

The document doesn't support the platform type of the given managed node IDs. For example, you sent an document for a Windows managed node to a Linux node.

MaxDocumentSizeExceeded:

The size limit of a document is 64 KB.

InvalidRole:

The role name can't contain invalid characters. Also verify that you specified an IAM role for notifications that includes the required trust policy. For information about configuring the IAM role for Run Command notifications, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.

InvalidNotificationConfig:

One or more configuration items isn't valid. Verify that a valid Amazon Resource Name (ARN) was provided for an Amazon Simple Notification Service topic.

StartAssociationsOnce

$result = $client->startAssociationsOnce([/* ... */]);
$promise = $client->startAssociationsOnceAsync([/* ... */]);

Runs an association immediately and only one time. This operation can be helpful when troubleshooting associations.

Parameter Syntax

$result = $client->startAssociationsOnce([
    'AssociationIds' => ['<string>', ...], // REQUIRED
]);

Parameter Details

Members
AssociationIds
Required: Yes
Type: Array of strings

The association IDs that you want to run immediately and only one time.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidAssociation:

The association isn't valid or doesn't exist.

AssociationDoesNotExist:

The specified association doesn't exist.

StartAutomationExecution

$result = $client->startAutomationExecution([/* ... */]);
$promise = $client->startAutomationExecutionAsync([/* ... */]);

Initiates execution of an Automation runbook.

Parameter Syntax

$result = $client->startAutomationExecution([
    'AlarmConfiguration' => [
        'Alarms' => [ // REQUIRED
            [
                'Name' => '<string>', // REQUIRED
            ],
            // ...
        ],
        'IgnorePollAlarmFailure' => true || false,
    ],
    'ClientToken' => '<string>',
    'DocumentName' => '<string>', // REQUIRED
    'DocumentVersion' => '<string>',
    'MaxConcurrency' => '<string>',
    'MaxErrors' => '<string>',
    'Mode' => 'Auto|Interactive',
    'Parameters' => [
        '<AutomationParameterKey>' => ['<string>', ...],
        // ...
    ],
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'TargetLocations' => [
        [
            'Accounts' => ['<string>', ...],
            'ExcludeAccounts' => ['<string>', ...],
            'ExecutionRoleName' => '<string>',
            'IncludeChildOrganizationUnits' => true || false,
            'Regions' => ['<string>', ...],
            'TargetLocationAlarmConfiguration' => [
                'Alarms' => [ // REQUIRED
                    [
                        'Name' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'IgnorePollAlarmFailure' => true || false,
            ],
            'TargetLocationMaxConcurrency' => '<string>',
            'TargetLocationMaxErrors' => '<string>',
            'Targets' => [
                [
                    'Key' => '<string>',
                    'Values' => ['<string>', ...],
                ],
                // ...
            ],
            'TargetsMaxConcurrency' => '<string>',
            'TargetsMaxErrors' => '<string>',
        ],
        // ...
    ],
    'TargetLocationsURL' => '<string>',
    'TargetMaps' => [
        [
            '<TargetMapKey>' => ['<string>', ...],
            // ...
        ],
        // ...
    ],
    'TargetParameterName' => '<string>',
    'Targets' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
]);

Parameter Details

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The CloudWatch alarm you want to apply to your automation.

ClientToken
Type: string

User-provided idempotency token. The token must be unique, is case insensitive, enforces the UUID format, and can't be reused.

DocumentName
Required: Yes
Type: string

The name of the SSM document to run. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document ARN. For more information about how to use shared documents, see Sharing SSM documents in the Amazon Web Services Systems Manager User Guide.

DocumentVersion
Type: string

The version of the Automation runbook to use for this execution.

MaxConcurrency
Type: string

The maximum number of targets allowed to run this task in parallel. You can specify a number, such as 10, or a percentage, such as 10%. The default value is 10.

If both this parameter and the TargetLocation:TargetsMaxConcurrency are supplied, TargetLocation:TargetsMaxConcurrency takes precedence.

MaxErrors
Type: string

The number of errors that are allowed before the system stops running the automation on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops running the automation when the fourth error is received. If you specify 0, then the system stops running the automation on additional targets after the first error result is returned. If you run an automation on 50 resources and set max-errors to 10%, then the system stops running the automation on additional targets when the sixth error is received.

Executions that are already running an automation when max-errors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one at a time.

If this parameter and the TargetLocation:TargetsMaxErrors parameter are both supplied, TargetLocation:TargetsMaxErrors takes precedence.

Mode
Type: string

The execution mode of the automation. Valid modes include the following: Auto and Interactive. The default mode is Auto.

Parameters
Type: Associative array of custom strings keys (AutomationParameterKey) to stringss

A key-value map of execution parameters, which match the declared parameters in the Automation runbook.

Tags
Type: Array of Tag structures

Optional metadata that you assign to a resource. You can specify a maximum of five tags for an automation. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an automation to identify an environment or operating system. In this case, you could specify the following key-value pairs:

  • Key=environment,Value=test

  • Key=OS,Value=Windows

To add tags to an existing automation, use the AddTagsToResource operation.

TargetLocations
Type: Array of TargetLocation structures

A location is a combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the automation. Use this operation to start an automation in multiple Amazon Web Services Regions and multiple Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the Amazon Web Services Systems Manager User Guide.

TargetLocationsURL
Type: string

Specify a publicly accessible URL for a file that contains the TargetLocations body. Currently, only files in presigned Amazon S3 buckets are supported.

TargetMaps
Type: Array of maps

A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.

TargetParameterName
Type: string

The name of the parameter used as the target resource for the rate-controlled execution. Required if you specify targets.

Targets
Type: Array of Target structures

A key-value mapping to target resources. Required if you specify TargetParameterName.

If both this parameter and the TargetLocation:Targets parameter are supplied, TargetLocation:Targets takes precedence.

Result Syntax

[
    'AutomationExecutionId' => '<string>',
]

Result Details

Members
AutomationExecutionId
Type: string

The unique ID of a newly scheduled automation execution.

Errors

AutomationDefinitionNotFoundException:

An Automation runbook with the specified name couldn't be found.

InvalidAutomationExecutionParametersException:

The supplied parameters for invoking the specified Automation runbook are incorrect. For example, they may not match the set of parameters permitted for the specified Automation document.

AutomationExecutionLimitExceededException:

The number of simultaneously running Automation executions exceeded the allowable limit.

AutomationDefinitionVersionNotFoundException:

An Automation runbook with the specified name and version couldn't be found.

IdempotentParameterMismatch:

Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.

InvalidTarget:

The target isn't valid or doesn't exist. It might not be configured for Systems Manager or you might not have permission to perform the operation.

InternalServerError:

An error occurred on the server side.

StartChangeRequestExecution

$result = $client->startChangeRequestExecution([/* ... */]);
$promise = $client->startChangeRequestExecutionAsync([/* ... */]);

Creates a change request for Change Manager. The Automation runbooks specified in the change request run only after all required approvals for the change request have been received.

Parameter Syntax

$result = $client->startChangeRequestExecution([
    'AutoApprove' => true || false,
    'ChangeDetails' => '<string>',
    'ChangeRequestName' => '<string>',
    'ClientToken' => '<string>',
    'DocumentName' => '<string>', // REQUIRED
    'DocumentVersion' => '<string>',
    'Parameters' => [
        '<AutomationParameterKey>' => ['<string>', ...],
        // ...
    ],
    'Runbooks' => [ // REQUIRED
        [
            'DocumentName' => '<string>', // REQUIRED
            'DocumentVersion' => '<string>',
            'MaxConcurrency' => '<string>',
            'MaxErrors' => '<string>',
            'Parameters' => [
                '<AutomationParameterKey>' => ['<string>', ...],
                // ...
            ],
            'TargetLocations' => [
                [
                    'Accounts' => ['<string>', ...],
                    'ExcludeAccounts' => ['<string>', ...],
                    'ExecutionRoleName' => '<string>',
                    'IncludeChildOrganizationUnits' => true || false,
                    'Regions' => ['<string>', ...],
                    'TargetLocationAlarmConfiguration' => [
                        'Alarms' => [ // REQUIRED
                            [
                                'Name' => '<string>', // REQUIRED
                            ],
                            // ...
                        ],
                        'IgnorePollAlarmFailure' => true || false,
                    ],
                    'TargetLocationMaxConcurrency' => '<string>',
                    'TargetLocationMaxErrors' => '<string>',
                    'Targets' => [
                        [
                            'Key' => '<string>',
                            'Values' => ['<string>', ...],
                        ],
                        // ...
                    ],
                    'TargetsMaxConcurrency' => '<string>',
                    'TargetsMaxErrors' => '<string>',
                ],
                // ...
            ],
            'TargetMaps' => [
                [
                    '<TargetMapKey>' => ['<string>', ...],
                    // ...
                ],
                // ...
            ],
            'TargetParameterName' => '<string>',
            'Targets' => [
                [
                    'Key' => '<string>',
                    'Values' => ['<string>', ...],
                ],
                // ...
            ],
        ],
        // ...
    ],
    'ScheduledEndTime' => <integer || string || DateTime>,
    'ScheduledTime' => <integer || string || DateTime>,
    'Tags' => [
        [
            'Key' => '<string>', // REQUIRED
            'Value' => '<string>', // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
AutoApprove
Type: boolean

Indicates whether the change request can be approved automatically without the need for manual approvals.

If AutoApprovable is enabled in a change template, then setting AutoApprove to true in StartChangeRequestExecution creates a change request that bypasses approver review.

Change Calendar restrictions are not bypassed in this scenario. If the state of an associated calendar is CLOSED, change freeze approvers must still grant permission for this change request to run. If they don't, the change won't be processed until the calendar state is again OPEN.

ChangeDetails
Type: string

User-provided details about the change. If no details are provided, content specified in the Template information section of the associated change template is added.

ChangeRequestName
Type: string

The name of the change request associated with the runbook workflow to be run.

ClientToken
Type: string

The user-provided idempotency token. The token must be unique, is case insensitive, enforces the UUID format, and can't be reused.

DocumentName
Required: Yes
Type: string

The name of the change template document to run during the runbook workflow.

DocumentVersion
Type: string

The version of the change template document to run during the runbook workflow.

Parameters
Type: Associative array of custom strings keys (AutomationParameterKey) to stringss

A key-value map of parameters that match the declared parameters in the change template document.

Runbooks
Required: Yes
Type: Array of Runbook structures

Information about the Automation runbooks that are run during the runbook workflow.

The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.

ScheduledEndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time that the requester expects the runbook workflow related to the change request to complete. The time is an estimate only that the requester provides for reviewers.

ScheduledTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time specified in the change request to run the Automation runbooks.

The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.

Tags
Type: Array of Tag structures

Optional metadata that you assign to a resource. You can specify a maximum of five tags for a change request. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a change request to identify an environment or target Amazon Web Services Region. In this case, you could specify the following key-value pairs:

  • Key=Environment,Value=Production

  • Key=Region,Value=us-east-2

Result Syntax

[
    'AutomationExecutionId' => '<string>',
]

Result Details

Members
AutomationExecutionId
Type: string

The unique ID of a runbook workflow operation. (A runbook workflow is a type of Automation operation.)

Errors

AutomationDefinitionNotFoundException:

An Automation runbook with the specified name couldn't be found.

InvalidAutomationExecutionParametersException:

The supplied parameters for invoking the specified Automation runbook are incorrect. For example, they may not match the set of parameters permitted for the specified Automation document.

AutomationExecutionLimitExceededException:

The number of simultaneously running Automation executions exceeded the allowable limit.

AutomationDefinitionVersionNotFoundException:

An Automation runbook with the specified name and version couldn't be found.

IdempotentParameterMismatch:

Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.

InternalServerError:

An error occurred on the server side.

AutomationDefinitionNotApprovedException:

Indicates that the Change Manager change template used in the change request was rejected or is still in a pending state.

StartSession

$result = $client->startSession([/* ... */]);
$promise = $client->startSessionAsync([/* ... */]);

Initiates a connection to a target (for example, a managed node) for a Session Manager session. Returns a URL and token that can be used to open a WebSocket connection for sending input and receiving outputs.

Amazon Web Services CLI usage: start-session is an interactive command that requires the Session Manager plugin to be installed on the client machine making the call. For information, see Install the Session Manager plugin for the Amazon Web Services CLI in the Amazon Web Services Systems Manager User Guide.

Amazon Web Services Tools for PowerShell usage: Start-SSMSession isn't currently supported by Amazon Web Services Tools for PowerShell on Windows local machines.

Parameter Syntax

$result = $client->startSession([
    'DocumentName' => '<string>',
    'Parameters' => [
        '<SessionManagerParameterName>' => ['<string>', ...],
        // ...
    ],
    'Reason' => '<string>',
    'Target' => '<string>', // REQUIRED
]);

Parameter Details

Members
DocumentName
Type: string

The name of the SSM document you want to use to define the type of session, input parameters, or preferences for the session. For example, SSM-SessionManagerRunShell. You can call the GetDocument API to verify the document exists before attempting to start a session. If no document name is provided, a shell to the managed node is launched by default. For more information, see Start a session in the Amazon Web Services Systems Manager User Guide.

Parameters
Type: Associative array of custom strings keys (SessionManagerParameterName) to stringss

The values you want to specify for the parameters defined in the Session document.

Reason
Type: string

The reason for connecting to the instance. This value is included in the details for the Amazon CloudWatch Events event created when you start the session.

Target
Required: Yes
Type: string

The managed node to connect to for the session.

Result Syntax

[
    'SessionId' => '<string>',
    'StreamUrl' => '<string>',
    'TokenValue' => '<string>',
]

Result Details

Members
SessionId
Type: string

The ID of the session.

StreamUrl
Type: string

A URL back to SSM Agent on the managed node that the Session Manager client uses to send commands and receive output from the node. Format: wss://ssmmessages.region.amazonaws.com/v1/data-channel/session-id?stream=(input|output)

region represents the Region identifier for an Amazon Web Services Region supported by Amazon Web Services Systems Manager, such as us-east-2 for the US East (Ohio) Region. For a list of supported region values, see the Region column in Systems Manager service endpoints in the Amazon Web Services General Reference.

session-id represents the ID of a Session Manager session, such as 1a2b3c4dEXAMPLE.

TokenValue
Type: string

An encrypted token value containing session and caller information. This token is used to authenticate the connection to the managed node, and is valid only long enough to ensure the connection is successful. Never share your session's token.

Errors

InvalidDocument:

The specified SSM document doesn't exist.

TargetNotConnected:

The specified target managed node for the session isn't fully configured for use with Session Manager. For more information, see Setting up Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you attempt to start a session on a managed node that is located in a different account or Region

InternalServerError:

An error occurred on the server side.

StopAutomationExecution

$result = $client->stopAutomationExecution([/* ... */]);
$promise = $client->stopAutomationExecutionAsync([/* ... */]);

Stop an Automation that is currently running.

Parameter Syntax

$result = $client->stopAutomationExecution([
    'AutomationExecutionId' => '<string>', // REQUIRED
    'Type' => 'Complete|Cancel',
]);

Parameter Details

Members
AutomationExecutionId
Required: Yes
Type: string

The execution ID of the Automation to stop.

Type
Type: string

The stop request type. Valid types include the following: Cancel and Complete. The default type is Cancel.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

AutomationExecutionNotFoundException:

There is no automation execution information for the requested automation execution ID.

InvalidAutomationStatusUpdateException:

The specified update status operation isn't valid.

InternalServerError:

An error occurred on the server side.

TerminateSession

$result = $client->terminateSession([/* ... */]);
$promise = $client->terminateSessionAsync([/* ... */]);

Permanently ends a session and closes the data connection between the Session Manager client and SSM Agent on the managed node. A terminated session can't be resumed.

Parameter Syntax

$result = $client->terminateSession([
    'SessionId' => '<string>', // REQUIRED
]);

Parameter Details

Members
SessionId
Required: Yes
Type: string

The ID of the session to terminate.

Result Syntax

[
    'SessionId' => '<string>',
]

Result Details

Members
SessionId
Type: string

The ID of the session that has been terminated.

Errors

InternalServerError:

An error occurred on the server side.

UnlabelParameterVersion

$result = $client->unlabelParameterVersion([/* ... */]);
$promise = $client->unlabelParameterVersionAsync([/* ... */]);

Remove a label or labels from a parameter.

Parameter Syntax

$result = $client->unlabelParameterVersion([
    'Labels' => ['<string>', ...], // REQUIRED
    'Name' => '<string>', // REQUIRED
    'ParameterVersion' => <integer>, // REQUIRED
]);

Parameter Details

Members
Labels
Required: Yes
Type: Array of strings

One or more labels to delete from the specified parameter version.

Name
Required: Yes
Type: string

The name of the parameter from which you want to delete one or more labels.

You can't enter the Amazon Resource Name (ARN) for a parameter, only the parameter name itself.

ParameterVersion
Required: Yes
Type: long (int|float)

The specific version of the parameter which you want to delete one or more labels from. If it isn't present, the call will fail.

Result Syntax

[
    'InvalidLabels' => ['<string>', ...],
    'RemovedLabels' => ['<string>', ...],
]

Result Details

Members
InvalidLabels
Type: Array of strings

The labels that aren't attached to the given parameter version.

RemovedLabels
Type: Array of strings

A list of all labels deleted from the parameter.

Errors

InternalServerError:

An error occurred on the server side.

TooManyUpdates:

There are concurrent updates for a resource that supports one update at a time.

ParameterNotFound:

The parameter couldn't be found. Verify the name and try again.

ParameterVersionNotFound:

The specified parameter version wasn't found. Verify the parameter name and version, and try again.

UpdateAssociation

$result = $client->updateAssociation([/* ... */]);
$promise = $client->updateAssociationAsync([/* ... */]);

Updates an association. You can update the association name and version, the document version, schedule, parameters, and Amazon Simple Storage Service (Amazon S3) output. When you call UpdateAssociation, the system removes all optional parameters from the request and overwrites the association with null values for those parameters. This is by design. You must specify all optional parameters in the call, even if you are not changing the parameters. This includes the Name parameter. Before calling this API action, we recommend that you call the DescribeAssociation API operation and make a note of all optional parameters required for your UpdateAssociation call.

In order to call this API operation, a user, group, or role must be granted permission to call the DescribeAssociation API operation. If you don't have permission to call DescribeAssociation, then you receive the following error: An error occurred (AccessDeniedException) when calling the UpdateAssociation operation: User: <user_arn> isn't authorized to perform: ssm:DescribeAssociation on resource: <resource_arn>

When you update an association, the association immediately runs against the specified targets. You can add the ApplyOnlyAtCronInterval parameter to run the association during the next schedule run.

Parameter Syntax

$result = $client->updateAssociation([
    'AlarmConfiguration' => [
        'Alarms' => [ // REQUIRED
            [
                'Name' => '<string>', // REQUIRED
            ],
            // ...
        ],
        'IgnorePollAlarmFailure' => true || false,
    ],
    'ApplyOnlyAtCronInterval' => true || false,
    'AssociationId' => '<string>', // REQUIRED
    'AssociationName' => '<string>',
    'AssociationVersion' => '<string>',
    'AutomationTargetParameterName' => '<string>',
    'CalendarNames' => ['<string>', ...],
    'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED',
    'DocumentVersion' => '<string>',
    'Duration' => <integer>,
    'MaxConcurrency' => '<string>',
    'MaxErrors' => '<string>',
    'Name' => '<string>',
    'OutputLocation' => [
        'S3Location' => [
            'OutputS3BucketName' => '<string>',
            'OutputS3KeyPrefix' => '<string>',
            'OutputS3Region' => '<string>',
        ],
    ],
    'Parameters' => [
        '<ParameterName>' => ['<string>', ...],
        // ...
    ],
    'ScheduleExpression' => '<string>',
    'ScheduleOffset' => <integer>,
    'SyncCompliance' => 'AUTO|MANUAL',
    'TargetLocations' => [
        [
            'Accounts' => ['<string>', ...],
            'ExcludeAccounts' => ['<string>', ...],
            'ExecutionRoleName' => '<string>',
            'IncludeChildOrganizationUnits' => true || false,
            'Regions' => ['<string>', ...],
            'TargetLocationAlarmConfiguration' => [
                'Alarms' => [ // REQUIRED
                    [
                        'Name' => '<string>', // REQUIRED
                    ],
                    // ...
                ],
                'IgnorePollAlarmFailure' => true || false,
            ],
            'TargetLocationMaxConcurrency' => '<string>',
            'TargetLocationMaxErrors' => '<string>',
            'Targets' => [
                [
                    'Key' => '<string>',
                    'Values' => ['<string>', ...],
                ],
                // ...
            ],
            'TargetsMaxConcurrency' => '<string>',
            'TargetsMaxErrors' => '<string>',
        ],
        // ...
    ],
    'TargetMaps' => [
        [
            '<TargetMapKey>' => ['<string>', ...],
            // ...
        ],
        // ...
    ],
    'Targets' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
]);

Parameter Details

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The details for the CloudWatch alarm you want to apply to an automation or command.

ApplyOnlyAtCronInterval
Type: boolean

By default, when you update an association, the system runs it immediately after it is updated and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you update it. This parameter isn't supported for rate expressions.

If you chose this option when you created an association and later you edit that association or you make changes to the SSM document on which that association is based (by using the Documents page in the console), State Manager applies the association at the next specified cron interval. For example, if you chose the Latest version of an SSM document when you created an association and you edit the association by choosing a different document version on the Documents page, State Manager applies the association at the next specified cron interval if you previously selected this option. If this option wasn't selected, State Manager immediately runs the association.

You can reset this option. To do so, specify the no-apply-only-at-cron-interval parameter when you update the association from the command line. This parameter forces the association to run immediately after updating it and according to the interval specified.

AssociationId
Required: Yes
Type: string

The ID of the association you want to update.

AssociationName
Type: string

The name of the association that you want to update.

AssociationVersion
Type: string

This parameter is provided for concurrency control purposes. You must specify the latest association version in the service. If you want to ensure that this request succeeds, either specify $LATEST, or omit this parameter.

AutomationTargetParameterName
Type: string

Choose the parameter that will define how your automation will branch out. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.

CalendarNames
Type: Array of strings

The names or Amazon Resource Names (ARNs) of the Change Calendar type documents you want to gate your associations under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.

ComplianceSeverity
Type: string

The severity level to assign to the association.

DocumentVersion
Type: string

The document version you want update for the association.

State Manager doesn't support running associations that use a new version of a document if that document is shared from another account. State Manager always runs the default version of a document if shared from another account, even though the Systems Manager console shows that a new version was processed. If you want to run an association using a new version of a document shared form another account, you must set the document version to default.

Duration
Type: int

The number of hours the association can run before it is canceled. Duration applies to associations that are currently running, and any pending and in progress commands on all targets. If a target was taken offline for the association to run, it is made available again immediately, without a reboot.

The Duration parameter applies only when both these conditions are true:

  • The association for which you specify a duration is cancelable according to the parameters of the SSM command document or Automation runbook associated with this execution.

  • The command specifies the ApplyOnlyAtCronInterval parameter, which means that the association doesn't run immediately after it is updated, but only according to the specified schedule.

MaxConcurrency
Type: string

The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.

If a new managed node starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for MaxConcurrency.

MaxErrors
Type: string

The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set MaxError to 10%, then the system stops sending the request when the sixth error is received.

Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.

Name
Type: string

The name of the SSM Command document or Automation runbook that contains the configuration information for the managed node.

You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.

For Systems Manager document (SSM document) that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:

arn:aws:ssm:region:account-id:document/document-name

For example:

arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document

For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS-ApplyPatchBaseline or My-Document.

OutputLocation

An S3 bucket where you want to store the results of this request.

Parameters
Type: Associative array of custom strings keys (ParameterName) to stringss

The parameters you want to update for the association. If you create a parameter using Parameter Store, a capability of Amazon Web Services Systems Manager, you can reference the parameter using {{ssm:parameter-name}}.

ScheduleExpression
Type: string

The cron expression used to schedule the association that you want to update.

ScheduleOffset
Type: int

Number of days to wait after the scheduled day to run an association. For example, if you specified a cron schedule of cron(0 0 ? * THU#2 *), you could specify an offset of 3 to run the association each Sunday after the second Thursday of the month. For more information about cron schedules for associations, see Reference: Cron and rate expressions for Systems Manager in the Amazon Web Services Systems Manager User Guide.

To use offsets, you must specify the ApplyOnlyAtCronInterval parameter. This option tells the system not to run an association immediately after you create it.

SyncCompliance
Type: string

The mode for generating association compliance. You can specify AUTO or MANUAL. In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT. If the association execution doesn't run successfully, the association is NON-COMPLIANT.

In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.

By default, all associations use AUTO mode.

TargetLocations
Type: Array of TargetLocation structures

A location is a combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association. Use this action to update an association in multiple Regions and multiple accounts.

TargetMaps
Type: Array of maps

A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.

Targets
Type: Array of Target structures

The targets of the association.

Result Syntax

[
    'AssociationDescription' => [
        'AlarmConfiguration' => [
            'Alarms' => [
                [
                    'Name' => '<string>',
                ],
                // ...
            ],
            'IgnorePollAlarmFailure' => true || false,
        ],
        'ApplyOnlyAtCronInterval' => true || false,
        'AssociationId' => '<string>',
        'AssociationName' => '<string>',
        'AssociationVersion' => '<string>',
        'AutomationTargetParameterName' => '<string>',
        'CalendarNames' => ['<string>', ...],
        'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED',
        'Date' => <DateTime>,
        'DocumentVersion' => '<string>',
        'Duration' => <integer>,
        'InstanceId' => '<string>',
        'LastExecutionDate' => <DateTime>,
        'LastSuccessfulExecutionDate' => <DateTime>,
        'LastUpdateAssociationDate' => <DateTime>,
        'MaxConcurrency' => '<string>',
        'MaxErrors' => '<string>',
        'Name' => '<string>',
        'OutputLocation' => [
            'S3Location' => [
                'OutputS3BucketName' => '<string>',
                'OutputS3KeyPrefix' => '<string>',
                'OutputS3Region' => '<string>',
            ],
        ],
        'Overview' => [
            'AssociationStatusAggregatedCount' => [<integer>, ...],
            'DetailedStatus' => '<string>',
            'Status' => '<string>',
        ],
        'Parameters' => [
            '<ParameterName>' => ['<string>', ...],
            // ...
        ],
        'ScheduleExpression' => '<string>',
        'ScheduleOffset' => <integer>,
        'Status' => [
            'AdditionalInfo' => '<string>',
            'Date' => <DateTime>,
            'Message' => '<string>',
            'Name' => 'Pending|Success|Failed',
        ],
        'SyncCompliance' => 'AUTO|MANUAL',
        'TargetLocations' => [
            [
                'Accounts' => ['<string>', ...],
                'ExcludeAccounts' => ['<string>', ...],
                'ExecutionRoleName' => '<string>',
                'IncludeChildOrganizationUnits' => true || false,
                'Regions' => ['<string>', ...],
                'TargetLocationAlarmConfiguration' => [
                    'Alarms' => [
                        [
                            'Name' => '<string>',
                        ],
                        // ...
                    ],
                    'IgnorePollAlarmFailure' => true || false,
                ],
                'TargetLocationMaxConcurrency' => '<string>',
                'TargetLocationMaxErrors' => '<string>',
                'Targets' => [
                    [
                        'Key' => '<string>',
                        'Values' => ['<string>', ...],
                    ],
                    // ...
                ],
                'TargetsMaxConcurrency' => '<string>',
                'TargetsMaxErrors' => '<string>',
            ],
            // ...
        ],
        'TargetMaps' => [
            [
                '<TargetMapKey>' => ['<string>', ...],
                // ...
            ],
            // ...
        ],
        'Targets' => [
            [
                'Key' => '<string>',
                'Values' => ['<string>', ...],
            ],
            // ...
        ],
        'TriggeredAlarms' => [
            [
                'Name' => '<string>',
                'State' => 'UNKNOWN|ALARM',
            ],
            // ...
        ],
    ],
]

Result Details

Members
AssociationDescription
Type: AssociationDescription structure

The description of the association that was updated.

Errors

InternalServerError:

An error occurred on the server side.

InvalidSchedule:

The schedule is invalid. Verify your cron or rate expression and try again.

InvalidParameters:

You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.

InvalidOutputLocation:

The output location isn't valid or doesn't exist.

InvalidDocumentVersion:

The document version isn't valid or doesn't exist.

AssociationDoesNotExist:

The specified association doesn't exist.

InvalidUpdate:

The update isn't valid.

TooManyUpdates:

There are concurrent updates for a resource that supports one update at a time.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidTarget:

The target isn't valid or doesn't exist. It might not be configured for Systems Manager or you might not have permission to perform the operation.

InvalidAssociationVersion:

The version you specified isn't valid. Use ListAssociationVersions to view all versions of an association according to the association ID. Or, use the $LATEST parameter to view the latest version of the association.

AssociationVersionLimitExceeded:

You have reached the maximum number versions allowed for an association. Each association has a limit of 1,000 versions.

InvalidTargetMaps:

TargetMap parameter isn't valid.

UpdateAssociationStatus

$result = $client->updateAssociationStatus([/* ... */]);
$promise = $client->updateAssociationStatusAsync([/* ... */]);

Updates the status of the Amazon Web Services Systems Manager document (SSM document) associated with the specified managed node.

UpdateAssociationStatus is primarily used by the Amazon Web Services Systems Manager Agent (SSM Agent) to report status updates about your associations and is only used for associations created with the InstanceId legacy parameter.

Parameter Syntax

$result = $client->updateAssociationStatus([
    'AssociationStatus' => [ // REQUIRED
        'AdditionalInfo' => '<string>',
        'Date' => <integer || string || DateTime>, // REQUIRED
        'Message' => '<string>', // REQUIRED
        'Name' => 'Pending|Success|Failed', // REQUIRED
    ],
    'InstanceId' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
AssociationStatus
Required: Yes
Type: AssociationStatus structure

The association status.

InstanceId
Required: Yes
Type: string

The managed node ID.

Name
Required: Yes
Type: string

The name of the SSM document.

Result Syntax

[
    'AssociationDescription' => [
        'AlarmConfiguration' => [
            'Alarms' => [
                [
                    'Name' => '<string>',
                ],
                // ...
            ],
            'IgnorePollAlarmFailure' => true || false,
        ],
        'ApplyOnlyAtCronInterval' => true || false,
        'AssociationId' => '<string>',
        'AssociationName' => '<string>',
        'AssociationVersion' => '<string>',
        'AutomationTargetParameterName' => '<string>',
        'CalendarNames' => ['<string>', ...],
        'ComplianceSeverity' => 'CRITICAL|HIGH|MEDIUM|LOW|UNSPECIFIED',
        'Date' => <DateTime>,
        'DocumentVersion' => '<string>',
        'Duration' => <integer>,
        'InstanceId' => '<string>',
        'LastExecutionDate' => <DateTime>,
        'LastSuccessfulExecutionDate' => <DateTime>,
        'LastUpdateAssociationDate' => <DateTime>,
        'MaxConcurrency' => '<string>',
        'MaxErrors' => '<string>',
        'Name' => '<string>',
        'OutputLocation' => [
            'S3Location' => [
                'OutputS3BucketName' => '<string>',
                'OutputS3KeyPrefix' => '<string>',
                'OutputS3Region' => '<string>',
            ],
        ],
        'Overview' => [
            'AssociationStatusAggregatedCount' => [<integer>, ...],
            'DetailedStatus' => '<string>',
            'Status' => '<string>',
        ],
        'Parameters' => [
            '<ParameterName>' => ['<string>', ...],
            // ...
        ],
        'ScheduleExpression' => '<string>',
        'ScheduleOffset' => <integer>,
        'Status' => [
            'AdditionalInfo' => '<string>',
            'Date' => <DateTime>,
            'Message' => '<string>',
            'Name' => 'Pending|Success|Failed',
        ],
        'SyncCompliance' => 'AUTO|MANUAL',
        'TargetLocations' => [
            [
                'Accounts' => ['<string>', ...],
                'ExcludeAccounts' => ['<string>', ...],
                'ExecutionRoleName' => '<string>',
                'IncludeChildOrganizationUnits' => true || false,
                'Regions' => ['<string>', ...],
                'TargetLocationAlarmConfiguration' => [
                    'Alarms' => [
                        [
                            'Name' => '<string>',
                        ],
                        // ...
                    ],
                    'IgnorePollAlarmFailure' => true || false,
                ],
                'TargetLocationMaxConcurrency' => '<string>',
                'TargetLocationMaxErrors' => '<string>',
                'Targets' => [
                    [
                        'Key' => '<string>',
                        'Values' => ['<string>', ...],
                    ],
                    // ...
                ],
                'TargetsMaxConcurrency' => '<string>',
                'TargetsMaxErrors' => '<string>',
            ],
            // ...
        ],
        'TargetMaps' => [
            [
                '<TargetMapKey>' => ['<string>', ...],
                // ...
            ],
            // ...
        ],
        'Targets' => [
            [
                'Key' => '<string>',
                'Values' => ['<string>', ...],
            ],
            // ...
        ],
        'TriggeredAlarms' => [
            [
                'Name' => '<string>',
                'State' => 'UNKNOWN|ALARM',
            ],
            // ...
        ],
    ],
]

Result Details

Members
AssociationDescription
Type: AssociationDescription structure

Information about the association.

Errors

InternalServerError:

An error occurred on the server side.

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InvalidDocument:

The specified SSM document doesn't exist.

AssociationDoesNotExist:

The specified association doesn't exist.

StatusUnchanged:

The updated status is the same as the current status.

TooManyUpdates:

There are concurrent updates for a resource that supports one update at a time.

UpdateDocument

$result = $client->updateDocument([/* ... */]);
$promise = $client->updateDocumentAsync([/* ... */]);

Updates one or more values for an SSM document.

Parameter Syntax

$result = $client->updateDocument([
    'Attachments' => [
        [
            'Key' => 'SourceUrl|S3FileUrl|AttachmentReference',
            'Name' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'Content' => '<string>', // REQUIRED
    'DisplayName' => '<string>',
    'DocumentFormat' => 'YAML|JSON|TEXT',
    'DocumentVersion' => '<string>',
    'Name' => '<string>', // REQUIRED
    'TargetType' => '<string>',
    'VersionName' => '<string>',
]);

Parameter Details

Members
Attachments
Type: Array of AttachmentsSource structures

A list of key-value pairs that describe attachments to a version of a document.

Content
Required: Yes
Type: string

A valid JSON or YAML string.

DisplayName
Type: string

The friendly name of the SSM document that you want to update. This value can differ for each version of the document. If you don't specify a value for this parameter in your request, the existing value is applied to the new document version.

DocumentFormat
Type: string

Specify the document format for the new document version. Systems Manager supports JSON and YAML documents. JSON is the default format.

DocumentVersion
Type: string

The version of the document that you want to update. Currently, Systems Manager supports updating only the latest version of the document. You can specify the version number of the latest version or use the $LATEST variable.

If you change a document version for a State Manager association, Systems Manager immediately runs the association unless you previously specifed the apply-only-at-cron-interval parameter.

Name
Required: Yes
Type: string

The name of the SSM document that you want to update.

TargetType
Type: string

Specify a new target type for the document.

VersionName
Type: string

An optional field specifying the version of the artifact you are updating with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

Result Syntax

[
    'DocumentDescription' => [
        'ApprovedVersion' => '<string>',
        'AttachmentsInformation' => [
            [
                'Name' => '<string>',
            ],
            // ...
        ],
        'Author' => '<string>',
        'Category' => ['<string>', ...],
        'CategoryEnum' => ['<string>', ...],
        'CreatedDate' => <DateTime>,
        'DefaultVersion' => '<string>',
        'Description' => '<string>',
        'DisplayName' => '<string>',
        'DocumentFormat' => 'YAML|JSON|TEXT',
        'DocumentType' => 'Command|Policy|Automation|Session|Package|ApplicationConfiguration|ApplicationConfigurationSchema|DeploymentStrategy|ChangeCalendar|Automation.ChangeTemplate|ProblemAnalysis|ProblemAnalysisTemplate|CloudFormation|ConformancePackTemplate|QuickSetup',
        'DocumentVersion' => '<string>',
        'Hash' => '<string>',
        'HashType' => 'Sha256|Sha1',
        'LatestVersion' => '<string>',
        'Name' => '<string>',
        'Owner' => '<string>',
        'Parameters' => [
            [
                'DefaultValue' => '<string>',
                'Description' => '<string>',
                'Name' => '<string>',
                'Type' => 'String|StringList',
            ],
            // ...
        ],
        'PendingReviewVersion' => '<string>',
        'PlatformTypes' => ['<string>', ...],
        'Requires' => [
            [
                'Name' => '<string>',
                'RequireType' => '<string>',
                'Version' => '<string>',
                'VersionName' => '<string>',
            ],
            // ...
        ],
        'ReviewInformation' => [
            [
                'ReviewedTime' => <DateTime>,
                'Reviewer' => '<string>',
                'Status' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED',
            ],
            // ...
        ],
        'ReviewStatus' => 'APPROVED|NOT_REVIEWED|PENDING|REJECTED',
        'SchemaVersion' => '<string>',
        'Sha1' => '<string>',
        'Status' => 'Creating|Active|Updating|Deleting|Failed',
        'StatusInformation' => '<string>',
        'Tags' => [
            [
                'Key' => '<string>',
                'Value' => '<string>',
            ],
            // ...
        ],
        'TargetType' => '<string>',
        'VersionName' => '<string>',
    ],
]

Result Details

Members
DocumentDescription
Type: DocumentDescription structure

A description of the document that was updated.

Errors

MaxDocumentSizeExceeded:

The size limit of a document is 64 KB.

DocumentVersionLimitExceeded:

The document has too many versions. Delete one or more document versions and try again.

InternalServerError:

An error occurred on the server side.

DuplicateDocumentContent:

The content of the association document matches another document. Change the content of the document and try again.

DuplicateDocumentVersionName:

The version name has already been used in this document. Specify a different version name, and then try again.

InvalidDocumentContent:

The content for the document isn't valid.

InvalidDocumentVersion:

The document version isn't valid or doesn't exist.

InvalidDocumentSchemaVersion:

The version of the document schema isn't supported.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidDocumentOperation:

You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.

UpdateDocumentDefaultVersion

$result = $client->updateDocumentDefaultVersion([/* ... */]);
$promise = $client->updateDocumentDefaultVersionAsync([/* ... */]);

Set the default version of a document.

If you change a document version for a State Manager association, Systems Manager immediately runs the association unless you previously specifed the apply-only-at-cron-interval parameter.

Parameter Syntax

$result = $client->updateDocumentDefaultVersion([
    'DocumentVersion' => '<string>', // REQUIRED
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
DocumentVersion
Required: Yes
Type: string

The version of a custom document that you want to set as the default version.

Name
Required: Yes
Type: string

The name of a custom document that you want to set as the default version.

Result Syntax

[
    'Description' => [
        'DefaultVersion' => '<string>',
        'DefaultVersionName' => '<string>',
        'Name' => '<string>',
    ],
]

Result Details

Members
Description

The description of a custom document that you want to set as the default version.

Errors

InternalServerError:

An error occurred on the server side.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidDocumentVersion:

The document version isn't valid or doesn't exist.

InvalidDocumentSchemaVersion:

The version of the document schema isn't supported.

UpdateDocumentMetadata

$result = $client->updateDocumentMetadata([/* ... */]);
$promise = $client->updateDocumentMetadataAsync([/* ... */]);

Updates information related to approval reviews for a specific version of a change template in Change Manager.

Parameter Syntax

$result = $client->updateDocumentMetadata([
    'DocumentReviews' => [ // REQUIRED
        'Action' => 'SendForReview|UpdateReview|Approve|Reject', // REQUIRED
        'Comment' => [
            [
                'Content' => '<string>',
                'Type' => 'Comment',
            ],
            // ...
        ],
    ],
    'DocumentVersion' => '<string>',
    'Name' => '<string>', // REQUIRED
]);

Parameter Details

Members
DocumentReviews
Required: Yes
Type: DocumentReviews structure

The change template review details to update.

DocumentVersion
Type: string

The version of a change template in which to update approval metadata.

Name
Required: Yes
Type: string

The name of the change template for which a version's metadata is to be updated.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerError:

An error occurred on the server side.

InvalidDocument:

The specified SSM document doesn't exist.

InvalidDocumentOperation:

You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.

InvalidDocumentVersion:

The document version isn't valid or doesn't exist.

UpdateMaintenanceWindow

$result = $client->updateMaintenanceWindow([/* ... */]);
$promise = $client->updateMaintenanceWindowAsync([/* ... */]);

Updates an existing maintenance window. Only specified parameters are modified.

The value you specify for Duration determines the specific end time for the maintenance window based on the time it begins. No maintenance window tasks are permitted to start after the resulting endtime minus the number of hours you specify for Cutoff. For example, if the maintenance window starts at 3 PM, the duration is three hours, and the value you specify for Cutoff is one hour, no maintenance window tasks can start after 5 PM.

Parameter Syntax

$result = $client->updateMaintenanceWindow([
    'AllowUnassociatedTargets' => true || false,
    'Cutoff' => <integer>,
    'Description' => '<string>',
    'Duration' => <integer>,
    'Enabled' => true || false,
    'EndDate' => '<string>',
    'Name' => '<string>',
    'Replace' => true || false,
    'Schedule' => '<string>',
    'ScheduleOffset' => <integer>,
    'ScheduleTimezone' => '<string>',
    'StartDate' => '<string>',
    'WindowId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AllowUnassociatedTargets
Type: boolean

Whether targets must be registered with the maintenance window before tasks can be defined for those targets.

Cutoff
Type: int

The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.

Description
Type: string

An optional description for the update request.

Duration
Type: int

The duration of the maintenance window in hours.

Enabled
Type: boolean

Whether the maintenance window is enabled.

EndDate
Type: string

The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become inactive. EndDate allows you to set a date and time in the future when the maintenance window will no longer run.

Name
Type: string

The name of the maintenance window.

Replace
Type: boolean

If True, then all fields that are required by the CreateMaintenanceWindow operation are also required for this API request. Optional fields that aren't specified are set to null.

Schedule
Type: string

The schedule of the maintenance window in the form of a cron or rate expression.

ScheduleOffset
Type: int

The number of days to wait after the date and time specified by a cron expression before running the maintenance window.

For example, the following cron expression schedules a maintenance window to run the third Tuesday of every month at 11:30 PM.

cron(30 23 ? * TUE#3 *)

If the schedule offset is 2, the maintenance window won't run until two days later.

ScheduleTimezone
Type: string

The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.

StartDate
Type: string

The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become active. StartDate allows you to delay activation of the maintenance window until the specified future date.

When using a rate schedule, if you provide a start date that occurs in the past, the current date and time are used as the start date.

WindowId
Required: Yes
Type: string

The ID of the maintenance window to update.

Result Syntax

[
    'AllowUnassociatedTargets' => true || false,
    'Cutoff' => <integer>,
    'Description' => '<string>',
    'Duration' => <integer>,
    'Enabled' => true || false,
    'EndDate' => '<string>',
    'Name' => '<string>',
    'Schedule' => '<string>',
    'ScheduleOffset' => <integer>,
    'ScheduleTimezone' => '<string>',
    'StartDate' => '<string>',
    'WindowId' => '<string>',
]

Result Details

Members
AllowUnassociatedTargets
Type: boolean

Whether targets must be registered with the maintenance window before tasks can be defined for those targets.

Cutoff
Type: int

The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.

Description
Type: string

An optional description of the update.

Duration
Type: int

The duration of the maintenance window in hours.

Enabled
Type: boolean

Whether the maintenance window is enabled.

EndDate
Type: string

The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive. The maintenance window won't run after this specified time.

Name
Type: string

The name of the maintenance window.

Schedule
Type: string

The schedule of the maintenance window in the form of a cron or rate expression.

ScheduleOffset
Type: int

The number of days to wait to run a maintenance window after the scheduled cron expression date and time.

ScheduleTimezone
Type: string

The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.

StartDate
Type: string

The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. The maintenance window won't run before this specified time.

WindowId
Type: string

The ID of the created maintenance window.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

UpdateMaintenanceWindowTarget

$result = $client->updateMaintenanceWindowTarget([/* ... */]);
$promise = $client->updateMaintenanceWindowTargetAsync([/* ... */]);

Modifies the target of an existing maintenance window. You can change the following:

  • Name

  • Description

  • Owner

  • IDs for an ID target

  • Tags for a Tag target

  • From any supported tag type to another. The three supported tag types are ID target, Tag target, and resource group. For more information, see Target.

If a parameter is null, then the corresponding field isn't modified.

Parameter Syntax

$result = $client->updateMaintenanceWindowTarget([
    'Description' => '<string>',
    'Name' => '<string>',
    'OwnerInformation' => '<string>',
    'Replace' => true || false,
    'Targets' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'WindowId' => '<string>', // REQUIRED
    'WindowTargetId' => '<string>', // REQUIRED
]);

Parameter Details

Members
Description
Type: string

An optional description for the update.

Name
Type: string

A name for the update.

OwnerInformation
Type: string

User-provided value that will be included in any Amazon CloudWatch Events events raised while running tasks for these targets in this maintenance window.

Replace
Type: boolean

If True, then all fields that are required by the RegisterTargetWithMaintenanceWindow operation are also required for this API request. Optional fields that aren't specified are set to null.

Targets
Type: Array of Target structures

The targets to add or replace.

WindowId
Required: Yes
Type: string

The maintenance window ID with which to modify the target.

WindowTargetId
Required: Yes
Type: string

The target ID to modify.

Result Syntax

[
    'Description' => '<string>',
    'Name' => '<string>',
    'OwnerInformation' => '<string>',
    'Targets' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'WindowId' => '<string>',
    'WindowTargetId' => '<string>',
]

Result Details

Members
Description
Type: string

The updated description.

Name
Type: string

The updated name.

OwnerInformation
Type: string

The updated owner.

Targets
Type: Array of Target structures

The updated targets.

WindowId
Type: string

The maintenance window ID specified in the update request.

WindowTargetId
Type: string

The target ID specified in the update request.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

UpdateMaintenanceWindowTask

$result = $client->updateMaintenanceWindowTask([/* ... */]);
$promise = $client->updateMaintenanceWindowTaskAsync([/* ... */]);

Modifies a task assigned to a maintenance window. You can't change the task type, but you can change the following values:

  • TaskARN. For example, you can change a RUN_COMMAND task from AWS-RunPowerShellScript to AWS-RunShellScript.

  • ServiceRoleArn

  • TaskInvocationParameters

  • Priority

  • MaxConcurrency

  • MaxErrors

One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.

If the value for a parameter in UpdateMaintenanceWindowTask is null, then the corresponding field isn't modified. If you set Replace to true, then all fields required by the RegisterTaskWithMaintenanceWindow operation are required for this request. Optional fields that aren't specified are set to null.

When you update a maintenance window task that has options specified in TaskInvocationParameters, you must provide again all the TaskInvocationParameters values that you want to retain. The values you don't specify again are removed. For example, suppose that when you registered a Run Command task, you specified TaskInvocationParameters values for Comment, NotificationConfig, and OutputS3BucketName. If you update the maintenance window task and specify only a different OutputS3BucketName value, the values for Comment and NotificationConfig are removed.

Parameter Syntax

$result = $client->updateMaintenanceWindowTask([
    'AlarmConfiguration' => [
        'Alarms' => [ // REQUIRED
            [
                'Name' => '<string>', // REQUIRED
            ],
            // ...
        ],
        'IgnorePollAlarmFailure' => true || false,
    ],
    'CutoffBehavior' => 'CONTINUE_TASK|CANCEL_TASK',
    'Description' => '<string>',
    'LoggingInfo' => [
        'S3BucketName' => '<string>', // REQUIRED
        'S3KeyPrefix' => '<string>',
        'S3Region' => '<string>', // REQUIRED
    ],
    'MaxConcurrency' => '<string>',
    'MaxErrors' => '<string>',
    'Name' => '<string>',
    'Priority' => <integer>,
    'Replace' => true || false,
    'ServiceRoleArn' => '<string>',
    'Targets' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'TaskArn' => '<string>',
    'TaskInvocationParameters' => [
        'Automation' => [
            'DocumentVersion' => '<string>',
            'Parameters' => [
                '<AutomationParameterKey>' => ['<string>', ...],
                // ...
            ],
        ],
        'Lambda' => [
            'ClientContext' => '<string>',
            'Payload' => <string || resource || Psr\Http\Message\StreamInterface>,
            'Qualifier' => '<string>',
        ],
        'RunCommand' => [
            'CloudWatchOutputConfig' => [
                'CloudWatchLogGroupName' => '<string>',
                'CloudWatchOutputEnabled' => true || false,
            ],
            'Comment' => '<string>',
            'DocumentHash' => '<string>',
            'DocumentHashType' => 'Sha256|Sha1',
            'DocumentVersion' => '<string>',
            'NotificationConfig' => [
                'NotificationArn' => '<string>',
                'NotificationEvents' => ['<string>', ...],
                'NotificationType' => 'Command|Invocation',
            ],
            'OutputS3BucketName' => '<string>',
            'OutputS3KeyPrefix' => '<string>',
            'Parameters' => [
                '<ParameterName>' => ['<string>', ...],
                // ...
            ],
            'ServiceRoleArn' => '<string>',
            'TimeoutSeconds' => <integer>,
        ],
        'StepFunctions' => [
            'Input' => '<string>',
            'Name' => '<string>',
        ],
    ],
    'TaskParameters' => [
        '<MaintenanceWindowTaskParameterName>' => [
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'WindowId' => '<string>', // REQUIRED
    'WindowTaskId' => '<string>', // REQUIRED
]);

Parameter Details

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The CloudWatch alarm you want to apply to your maintenance window task.

CutoffBehavior
Type: string

Indicates whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.

  • CONTINUE_TASK: When the cutoff time is reached, any tasks that are running continue. The default value.

  • CANCEL_TASK:

    • For Automation, Lambda, Step Functions tasks: When the cutoff time is reached, any task invocations that are already running continue, but no new task invocations are started.

    • For Run Command tasks: When the cutoff time is reached, the system sends a CancelCommand operation that attempts to cancel the command associated with the task. However, there is no guarantee that the command will be terminated and the underlying process stopped.

    The status for tasks that are not completed is TIMED_OUT.

Description
Type: string

The new task description to specify.

LoggingInfo
Type: LoggingInfo structure

The new logging location in Amazon S3 to specify.

LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

MaxConcurrency
Type: string

The new MaxConcurrency value you want to specify. MaxConcurrency is the number of targets that are allowed to run this task, in parallel.

Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.

For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1. This value doesn't affect the running of your task.

MaxErrors
Type: string

The new MaxErrors value to specify. MaxErrors is the maximum number of errors that are allowed before the task stops being scheduled.

Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.

For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1. This value doesn't affect the running of your task.

Name
Type: string

The new task name to specify.

Priority
Type: int

The new task priority to specify. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.

Replace
Type: boolean

If True, then all fields that are required by the RegisterTaskWithMaintenanceWindow operation are also required for this API request. Optional fields that aren't specified are set to null.

ServiceRoleArn
Type: string

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

Targets
Type: Array of Target structures

The targets (either managed nodes or tags) to modify. Managed nodes are specified using the format Key=instanceids,Values=instanceID_1,instanceID_2. Tags are specified using the format Key=tag_name,Values=tag_value.

One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.

TaskArn
Type: string

The task ARN to modify.

TaskInvocationParameters

The parameters that the task should use during execution. Populate only the fields that match the task type. All other fields should be empty.

When you update a maintenance window task that has options specified in TaskInvocationParameters, you must provide again all the TaskInvocationParameters values that you want to retain. The values you don't specify again are removed. For example, suppose that when you registered a Run Command task, you specified TaskInvocationParameters values for Comment, NotificationConfig, and OutputS3BucketName. If you update the maintenance window task and specify only a different OutputS3BucketName value, the values for Comment and NotificationConfig are removed.

TaskParameters
Type: Associative array of custom strings keys (MaintenanceWindowTaskParameterName) to MaintenanceWindowTaskParameterValueExpression structures

The parameters to modify.

TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

The map has the following format:

Key: string, between 1 and 255 characters

Value: an array of strings, each string is between 1 and 255 characters

WindowId
Required: Yes
Type: string

The maintenance window ID that contains the task to modify.

WindowTaskId
Required: Yes
Type: string

The task ID to modify.

Result Syntax

[
    'AlarmConfiguration' => [
        'Alarms' => [
            [
                'Name' => '<string>',
            ],
            // ...
        ],
        'IgnorePollAlarmFailure' => true || false,
    ],
    'CutoffBehavior' => 'CONTINUE_TASK|CANCEL_TASK',
    'Description' => '<string>',
    'LoggingInfo' => [
        'S3BucketName' => '<string>',
        'S3KeyPrefix' => '<string>',
        'S3Region' => '<string>',
    ],
    'MaxConcurrency' => '<string>',
    'MaxErrors' => '<string>',
    'Name' => '<string>',
    'Priority' => <integer>,
    'ServiceRoleArn' => '<string>',
    'Targets' => [
        [
            'Key' => '<string>',
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'TaskArn' => '<string>',
    'TaskInvocationParameters' => [
        'Automation' => [
            'DocumentVersion' => '<string>',
            'Parameters' => [
                '<AutomationParameterKey>' => ['<string>', ...],
                // ...
            ],
        ],
        'Lambda' => [
            'ClientContext' => '<string>',
            'Payload' => <string || resource || Psr\Http\Message\StreamInterface>,
            'Qualifier' => '<string>',
        ],
        'RunCommand' => [
            'CloudWatchOutputConfig' => [
                'CloudWatchLogGroupName' => '<string>',
                'CloudWatchOutputEnabled' => true || false,
            ],
            'Comment' => '<string>',
            'DocumentHash' => '<string>',
            'DocumentHashType' => 'Sha256|Sha1',
            'DocumentVersion' => '<string>',
            'NotificationConfig' => [
                'NotificationArn' => '<string>',
                'NotificationEvents' => ['<string>', ...],
                'NotificationType' => 'Command|Invocation',
            ],
            'OutputS3BucketName' => '<string>',
            'OutputS3KeyPrefix' => '<string>',
            'Parameters' => [
                '<ParameterName>' => ['<string>', ...],
                // ...
            ],
            'ServiceRoleArn' => '<string>',
            'TimeoutSeconds' => <integer>,
        ],
        'StepFunctions' => [
            'Input' => '<string>',
            'Name' => '<string>',
        ],
    ],
    'TaskParameters' => [
        '<MaintenanceWindowTaskParameterName>' => [
            'Values' => ['<string>', ...],
        ],
        // ...
    ],
    'WindowId' => '<string>',
    'WindowTaskId' => '<string>',
]

Result Details

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The details for the CloudWatch alarm you applied to your maintenance window task.

CutoffBehavior
Type: string

The specification for whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.

Description
Type: string

The updated task description.

LoggingInfo
Type: LoggingInfo structure

The updated logging information in Amazon S3.

LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

MaxConcurrency
Type: string

The updated MaxConcurrency value.

MaxErrors
Type: string

The updated MaxErrors value.

Name
Type: string

The updated task name.

Priority
Type: int

The updated priority value.

ServiceRoleArn
Type: string

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

Targets
Type: Array of Target structures

The updated target values.

TaskArn
Type: string

The updated task ARN value.

TaskInvocationParameters

The updated parameter values.

TaskParameters
Type: Associative array of custom strings keys (MaintenanceWindowTaskParameterName) to MaintenanceWindowTaskParameterValueExpression structures

The updated parameter values.

TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

WindowId
Type: string

The ID of the maintenance window that was updated.

WindowTaskId
Type: string

The task ID of the maintenance window that was updated.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

UpdateManagedInstanceRole

$result = $client->updateManagedInstanceRole([/* ... */]);
$promise = $client->updateManagedInstanceRoleAsync([/* ... */]);

Changes the Identity and Access Management (IAM) role that is assigned to the on-premises server, edge device, or virtual machines (VM). IAM roles are first assigned to these hybrid nodes during the activation process. For more information, see CreateActivation.

Parameter Syntax

$result = $client->updateManagedInstanceRole([
    'IamRole' => '<string>', // REQUIRED
    'InstanceId' => '<string>', // REQUIRED
]);

Parameter Details

Members
IamRole
Required: Yes
Type: string

The name of the Identity and Access Management (IAM) role that you want to assign to the managed node. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com. For more information, see Create the IAM service role required for Systems Manager in hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.

You can't specify an IAM service-linked role for this parameter. You must create a unique role.

InstanceId
Required: Yes
Type: string

The ID of the managed node where you want to update the role.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InvalidInstanceId:

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

InternalServerError:

An error occurred on the server side.

UpdateOpsItem

$result = $client->updateOpsItem([/* ... */]);
$promise = $client->updateOpsItemAsync([/* ... */]);

Edit or change an OpsItem. You must have permission in Identity and Access Management (IAM) to update an OpsItem. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.

Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.

Parameter Syntax

$result = $client->updateOpsItem([
    'ActualEndTime' => <integer || string || DateTime>,
    'ActualStartTime' => <integer || string || DateTime>,
    'Category' => '<string>',
    'Description' => '<string>',
    'Notifications' => [
        [
            'Arn' => '<string>',
        ],
        // ...
    ],
    'OperationalData' => [
        '<OpsItemDataKey>' => [
            'Type' => 'SearchableString|String',
            'Value' => '<string>',
        ],
        // ...
    ],
    'OperationalDataToDelete' => ['<string>', ...],
    'OpsItemArn' => '<string>',
    'OpsItemId' => '<string>', // REQUIRED
    'PlannedEndTime' => <integer || string || DateTime>,
    'PlannedStartTime' => <integer || string || DateTime>,
    'Priority' => <integer>,
    'RelatedOpsItems' => [
        [
            'OpsItemId' => '<string>', // REQUIRED
        ],
        // ...
    ],
    'Severity' => '<string>',
    'Status' => 'Open|InProgress|Resolved|Pending|TimedOut|Cancelling|Cancelled|Failed|CompletedWithSuccess|CompletedWithFailure|Scheduled|RunbookInProgress|PendingChangeCalendarOverride|ChangeCalendarOverrideApproved|ChangeCalendarOverrideRejected|PendingApproval|Approved|Rejected|Closed',
    'Title' => '<string>',
]);

Parameter Details

Members
ActualEndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time a runbook workflow ended. Currently reported only for the OpsItem type /aws/changerequest.

ActualStartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time a runbook workflow started. Currently reported only for the OpsItem type /aws/changerequest.

Category
Type: string

Specify a new category for an OpsItem.

Description
Type: string

User-defined text that contains information about the OpsItem, in Markdown format.

Notifications
Type: Array of OpsItemNotification structures

The Amazon Resource Name (ARN) of an SNS topic where notifications are sent when this OpsItem is edited or changed.

OperationalData
Type: Associative array of custom strings keys (OpsItemDataKey) to OpsItemDataValue structures

Add new keys or edit existing key-value pairs of the OperationalData map in the OpsItem object.

Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.

Operational data keys can't begin with the following: amazon, aws, amzn, ssm, /amazon, /aws, /amzn, /ssm.

You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).

Use the /aws/resources key in OperationalData to specify a related resource in the request. Use the /aws/automations key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Creating OpsItems manually in the Amazon Web Services Systems Manager User Guide.

OperationalDataToDelete
Type: Array of strings

Keys that you want to remove from the OperationalData map.

OpsItemArn
Type: string

The OpsItem Amazon Resource Name (ARN).

OpsItemId
Required: Yes
Type: string

The ID of the OpsItem.

PlannedEndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest.

PlannedStartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type /aws/changerequest.

Priority
Type: int

The importance of this OpsItem in relation to other OpsItems in the system.

RelatedOpsItems
Type: Array of RelatedOpsItem structures

One or more OpsItems that share something in common with the current OpsItems. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.

Severity
Type: string

Specify a new severity for an OpsItem.

Status
Type: string

The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.

Title
Type: string

A short heading that describes the nature of the OpsItem and the impacted resource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerError:

An error occurred on the server side.

OpsItemNotFoundException:

The specified OpsItem ID doesn't exist. Verify the ID and try again.

OpsItemAlreadyExistsException:

The OpsItem already exists.

OpsItemLimitExceededException:

The request caused OpsItems to exceed one or more quotas.

OpsItemInvalidParameterException:

A specified parameter argument isn't valid. Verify the available arguments and try again.

OpsItemAccessDeniedException:

You don't have permission to view OpsItems in the specified account. Verify that your account is configured either as a Systems Manager delegated administrator or that you are logged into the Organizations management account.

OpsItemConflictException:

The specified OpsItem is in the process of being deleted.

UpdateOpsMetadata

$result = $client->updateOpsMetadata([/* ... */]);
$promise = $client->updateOpsMetadataAsync([/* ... */]);

Amazon Web Services Systems Manager calls this API operation when you edit OpsMetadata in Application Manager.

Parameter Syntax

$result = $client->updateOpsMetadata([
    'KeysToDelete' => ['<string>', ...],
    'MetadataToUpdate' => [
        '<MetadataKey>' => [
            'Value' => '<string>',
        ],
        // ...
    ],
    'OpsMetadataArn' => '<string>', // REQUIRED
]);

Parameter Details

Members
KeysToDelete
Type: Array of strings

The metadata keys to delete from the OpsMetadata object.

MetadataToUpdate
Type: Associative array of custom strings keys (MetadataKey) to MetadataValue structures

Metadata to add to an OpsMetadata object.

OpsMetadataArn
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the OpsMetadata Object to update.

Result Syntax

[
    'OpsMetadataArn' => '<string>',
]

Result Details

Members
OpsMetadataArn
Type: string

The Amazon Resource Name (ARN) of the OpsMetadata Object that was updated.

Errors

OpsMetadataNotFoundException:

The OpsMetadata object doesn't exist.

OpsMetadataInvalidArgumentException:

One of the arguments passed is invalid.

OpsMetadataKeyLimitExceededException:

The OpsMetadata object exceeds the maximum number of OpsMetadata keys that you can assign to an application in Application Manager.

OpsMetadataTooManyUpdatesException:

The system is processing too many concurrent updates. Wait a few moments and try again.

InternalServerError:

An error occurred on the server side.

UpdatePatchBaseline

$result = $client->updatePatchBaseline([/* ... */]);
$promise = $client->updatePatchBaselineAsync([/* ... */]);

Modifies an existing patch baseline. Fields not specified in the request are left unchanged.

For information about valid key-value pairs in PatchFilters for each supported operating system type, see PatchFilter.

Parameter Syntax

$result = $client->updatePatchBaseline([
    'ApprovalRules' => [
        'PatchRules' => [ // REQUIRED
            [
                'ApproveAfterDays' => <integer>,
                'ApproveUntilDate' => '<string>',
                'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED',
                'EnableNonSecurity' => true || false,
                'PatchFilterGroup' => [ // REQUIRED
                    'PatchFilters' => [ // REQUIRED
                        [
                            'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED
                            'Values' => ['<string>', ...], // REQUIRED
                        ],
                        // ...
                    ],
                ],
            ],
            // ...
        ],
    ],
    'ApprovedPatches' => ['<string>', ...],
    'ApprovedPatchesComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED',
    'ApprovedPatchesEnableNonSecurity' => true || false,
    'BaselineId' => '<string>', // REQUIRED
    'Description' => '<string>',
    'GlobalFilters' => [
        'PatchFilters' => [ // REQUIRED
            [
                'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION', // REQUIRED
                'Values' => ['<string>', ...], // REQUIRED
            ],
            // ...
        ],
    ],
    'Name' => '<string>',
    'RejectedPatches' => ['<string>', ...],
    'RejectedPatchesAction' => 'ALLOW_AS_DEPENDENCY|BLOCK',
    'Replace' => true || false,
    'Sources' => [
        [
            'Configuration' => '<string>', // REQUIRED
            'Name' => '<string>', // REQUIRED
            'Products' => ['<string>', ...], // REQUIRED
        ],
        // ...
    ],
]);

Parameter Details

Members
ApprovalRules
Type: PatchRuleGroup structure

A set of rules used to include patches in the baseline.

ApprovedPatches
Type: Array of strings

A list of explicitly approved patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

ApprovedPatchesComplianceLevel
Type: string

Assigns a new compliance severity level to an existing patch baseline.

ApprovedPatchesEnableNonSecurity
Type: boolean

Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is false. Applies to Linux managed nodes only.

BaselineId
Required: Yes
Type: string

The ID of the patch baseline to update.

Description
Type: string

A description of the patch baseline.

GlobalFilters
Type: PatchFilterGroup structure

A set of global filters used to include patches in the baseline.

Name
Type: string

The name of the patch baseline.

RejectedPatches
Type: Array of strings

A list of explicitly rejected patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

RejectedPatchesAction
Type: string

The action for Patch Manager to take on patches included in the RejectedPackages list.

ALLOW_AS_DEPENDENCY

Linux and macOS: A package in the rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as INSTALLED_OTHER. This is the default action if no option is specified.

Windows Server: Windows Server doesn't support the concept of package dependencies. If a package in the rejected patches list and already installed on the node, its status is reported as INSTALLED_OTHER. Any package not already installed on the node is skipped. This is the default action if no option is specified.

BLOCK

All OSs: Packages in the rejected patches list, and packages that include them as dependencies, aren't installed by Patch Manager under any circumstances. If a package was installed before it was added to the rejected patches list, or is installed outside of Patch Manager afterward, it's considered noncompliant with the patch baseline and its status is reported as INSTALLED_REJECTED.

Replace
Type: boolean

If True, then all fields that are required by the CreatePatchBaseline operation are also required for this API request. Optional fields that aren't specified are set to null.

Sources
Type: Array of PatchSource structures

Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

Result Syntax

[
    'ApprovalRules' => [
        'PatchRules' => [
            [
                'ApproveAfterDays' => <integer>,
                'ApproveUntilDate' => '<string>',
                'ComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED',
                'EnableNonSecurity' => true || false,
                'PatchFilterGroup' => [
                    'PatchFilters' => [
                        [
                            'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION',
                            'Values' => ['<string>', ...],
                        ],
                        // ...
                    ],
                ],
            ],
            // ...
        ],
    ],
    'ApprovedPatches' => ['<string>', ...],
    'ApprovedPatchesComplianceLevel' => 'CRITICAL|HIGH|MEDIUM|LOW|INFORMATIONAL|UNSPECIFIED',
    'ApprovedPatchesEnableNonSecurity' => true || false,
    'BaselineId' => '<string>',
    'CreatedDate' => <DateTime>,
    'Description' => '<string>',
    'GlobalFilters' => [
        'PatchFilters' => [
            [
                'Key' => 'ARCH|ADVISORY_ID|BUGZILLA_ID|PATCH_SET|PRODUCT|PRODUCT_FAMILY|CLASSIFICATION|CVE_ID|EPOCH|MSRC_SEVERITY|NAME|PATCH_ID|SECTION|PRIORITY|REPOSITORY|RELEASE|SEVERITY|SECURITY|VERSION',
                'Values' => ['<string>', ...],
            ],
            // ...
        ],
    ],
    'ModifiedDate' => <DateTime>,
    'Name' => '<string>',
    'OperatingSystem' => 'WINDOWS|AMAZON_LINUX|AMAZON_LINUX_2|AMAZON_LINUX_2022|UBUNTU|REDHAT_ENTERPRISE_LINUX|SUSE|CENTOS|ORACLE_LINUX|DEBIAN|MACOS|RASPBIAN|ROCKY_LINUX|ALMA_LINUX|AMAZON_LINUX_2023',
    'RejectedPatches' => ['<string>', ...],
    'RejectedPatchesAction' => 'ALLOW_AS_DEPENDENCY|BLOCK',
    'Sources' => [
        [
            'Configuration' => '<string>',
            'Name' => '<string>',
            'Products' => ['<string>', ...],
        ],
        // ...
    ],
]

Result Details

Members
ApprovalRules
Type: PatchRuleGroup structure

A set of rules used to include patches in the baseline.

ApprovedPatches
Type: Array of strings

A list of explicitly approved patches for the baseline.

ApprovedPatchesComplianceLevel
Type: string

The compliance severity level assigned to the patch baseline after the update completed.

ApprovedPatchesEnableNonSecurity
Type: boolean

Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is false. Applies to Linux managed nodes only.

BaselineId
Type: string

The ID of the deleted patch baseline.

CreatedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the patch baseline was created.

Description
Type: string

A description of the patch baseline.

GlobalFilters
Type: PatchFilterGroup structure

A set of global filters used to exclude patches from the baseline.

ModifiedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the patch baseline was last modified.

Name
Type: string

The name of the patch baseline.

OperatingSystem
Type: string

The operating system rule used by the updated patch baseline.

RejectedPatches
Type: Array of strings

A list of explicitly rejected patches for the baseline.

RejectedPatchesAction
Type: string

The action specified to take on patches included in the RejectedPatches list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency.

Sources
Type: Array of PatchSource structures

Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

Errors

DoesNotExistException:

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

InternalServerError:

An error occurred on the server side.

UpdateResourceDataSync

$result = $client->updateResourceDataSync([/* ... */]);
$promise = $client->updateResourceDataSyncAsync([/* ... */]);

Update a resource data sync. After you create a resource data sync for a Region, you can't change the account options for that sync. For example, if you create a sync in the us-east-2 (Ohio) Region and you choose the Include only the current account option, you can't edit that sync later and choose the Include all accounts from my Organizations configuration option. Instead, you must delete the first resource data sync, and create a new one.

This API operation only supports a resource data sync that was created with a SyncFromSource SyncType.

Parameter Syntax

$result = $client->updateResourceDataSync([
    'SyncName' => '<string>', // REQUIRED
    'SyncSource' => [ // REQUIRED
        'AwsOrganizationsSource' => [
            'OrganizationSourceType' => '<string>', // REQUIRED
            'OrganizationalUnits' => [
                [
                    'OrganizationalUnitId' => '<string>',
                ],
                // ...
            ],
        ],
        'EnableAllOpsDataSources' => true || false,
        'IncludeFutureRegions' => true || false,
        'SourceRegions' => ['<string>', ...], // REQUIRED
        'SourceType' => '<string>', // REQUIRED
    ],
    'SyncType' => '<string>', // REQUIRED
]);

Parameter Details

Members
SyncName
Required: Yes
Type: string

The name of the resource data sync you want to update.

SyncSource
Required: Yes
Type: ResourceDataSyncSource structure

Specify information about the data sources to synchronize.

SyncType
Required: Yes
Type: string

The type of resource data sync. The supported SyncType is SyncFromSource.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

ResourceDataSyncNotFoundException:

The specified sync name wasn't found.

ResourceDataSyncInvalidConfigurationException:

The specified sync configuration is invalid.

ResourceDataSyncConflictException:

Another UpdateResourceDataSync request is being processed. Wait a few minutes and try again.

InternalServerError:

An error occurred on the server side.

UpdateServiceSetting

$result = $client->updateServiceSetting([/* ... */]);
$promise = $client->updateServiceSettingAsync([/* ... */]);

ServiceSetting is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.

Services map a SettingId object to a setting value. Amazon Web Services services teams define the default value for a SettingId. You can't create a new SettingId, but you can overwrite the default value if you have the ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting API operation to view the current value. Or, use the ResetServiceSetting to change the value back to the original value defined by the Amazon Web Services service team.

Update the service setting for the account.

Parameter Syntax

$result = $client->updateServiceSetting([
    'SettingId' => '<string>', // REQUIRED
    'SettingValue' => '<string>', // REQUIRED
]);

Parameter Details

Members
SettingId
Required: Yes
Type: string

The Amazon Resource Name (ARN) of the service setting to update. For example, arn:aws:ssm:us-east-1:111122223333:servicesetting/ssm/parameter-store/high-throughput-enabled. The setting ID can be one of the following.

  • /ssm/managed-instance/default-ec2-instance-management-role

  • /ssm/automation/customer-script-log-destination

  • /ssm/automation/customer-script-log-group-name

  • /ssm/documents/console/public-sharing-permission

  • /ssm/managed-instance/activation-tier

  • /ssm/opsinsights/opscenter

  • /ssm/parameter-store/default-parameter-tier

  • /ssm/parameter-store/high-throughput-enabled

Permissions to update the /ssm/managed-instance/default-ec2-instance-management-role setting should only be provided to administrators. Implement least privilege access when allowing individuals to configure or modify the Default Host Management Configuration.

SettingValue
Required: Yes
Type: string

The new value to specify for the service setting. The following list specifies the available values for each setting.

  • For /ssm/managed-instance/default-ec2-instance-management-role, enter the name of an IAM role.

  • For /ssm/automation/customer-script-log-destination, enter CloudWatch.

  • For /ssm/automation/customer-script-log-group-name, enter the name of an Amazon CloudWatch Logs log group.

  • For /ssm/documents/console/public-sharing-permission, enter Enable or Disable.

  • For /ssm/managed-instance/activation-tier, enter standard or advanced.

  • For /ssm/opsinsights/opscenter, enter Enabled or Disabled.

  • For /ssm/parameter-store/default-parameter-tier, enter Standard, Advanced, or Intelligent-Tiering

  • For /ssm/parameter-store/high-throughput-enabled, enter true or false.

Result Syntax

[]

Result Details

The results for this operation are always empty.

Errors

InternalServerError:

An error occurred on the server side.

ServiceSettingNotFound:

The specified service setting wasn't found. Either the service name or the setting hasn't been provisioned by the Amazon Web Services service team.

TooManyUpdates:

There are concurrent updates for a resource that supports one update at a time.

Shapes

AccountSharingInfo

Description

Information includes the Amazon Web Services account ID where the current document is shared and the version shared with that account.

Members
AccountId
Type: string

The Amazon Web Services account ID where the current document is shared.

SharedDocumentVersion
Type: string

The version of the current document shared with the account.

Activation

Description

An activation registers one or more on-premises servers or virtual machines (VMs) with Amazon Web Services so that you can configure those servers or VMs using Run Command. A server or VM that has been registered with Amazon Web Services Systems Manager is called a managed node.

Members
ActivationId
Type: string

The ID created by Systems Manager when you submitted the activation.

CreatedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the activation was created.

DefaultInstanceName
Type: string

A name for the managed node when it is created.

Description
Type: string

A user defined description of the activation.

ExpirationDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when this activation can no longer be used to register managed nodes.

Expired
Type: boolean

Whether or not the activation is expired.

IamRole
Type: string

The Identity and Access Management (IAM) role to assign to the managed node.

RegistrationLimit
Type: int

The maximum number of managed nodes that can be registered using this activation.

RegistrationsCount
Type: int

The number of managed nodes already registered with this activation.

Tags
Type: Array of Tag structures

Tags assigned to the activation.

Alarm

Description

A CloudWatch alarm you apply to an automation or command.

Members
Name
Required: Yes
Type: string

The name of your CloudWatch alarm.

AlarmConfiguration

Description

The details for the CloudWatch alarm you want to apply to an automation or command.

Members
Alarms
Required: Yes
Type: Array of Alarm structures

The name of the CloudWatch alarm specified in the configuration.

IgnorePollAlarmFailure
Type: boolean

When this value is true, your automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.

AlarmStateInformation

Description

The details about the state of your CloudWatch alarm.

Members
Name
Required: Yes
Type: string

The name of your CloudWatch alarm.

State
Required: Yes
Type: string

The state of your CloudWatch alarm.

AlreadyExistsException

Description

Error returned if an attempt is made to register a patch group with a patch baseline that is already registered with a different patch baseline.

Members
Message
Type: string

AssociatedInstances

Description

You must disassociate a document from all managed nodes before you can delete it.

Members

Association

Description

Describes an association of a Amazon Web Services Systems Manager document (SSM document) and a managed node.

Members
AssociationId
Type: string

The ID created by the system when you create an association. An association is a binding between a document and a set of targets with a schedule.

AssociationName
Type: string

The association name.

AssociationVersion
Type: string

The association version.

DocumentVersion
Type: string

The version of the document used in the association. If you change a document version for a State Manager association, Systems Manager immediately runs the association unless you previously specifed the apply-only-at-cron-interval parameter.

State Manager doesn't support running associations that use a new version of a document if that document is shared from another account. State Manager always runs the default version of a document if shared from another account, even though the Systems Manager console shows that a new version was processed. If you want to run an association using a new version of a document shared form another account, you must set the document version to default.

Duration
Type: int

The number of hours that an association can run on specified targets. After the resulting cutoff time passes, associations that are currently running are cancelled, and no pending executions are started on remaining targets.

InstanceId
Type: string

The managed node ID.

LastExecutionDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date on which the association was last run.

Name
Type: string

The name of the SSM document.

Overview
Type: AssociationOverview structure

Information about the association.

ScheduleExpression
Type: string

A cron expression that specifies a schedule when the association runs. The schedule runs in Coordinated Universal Time (UTC).

ScheduleOffset
Type: int

Number of days to wait after the scheduled day to run an association.

TargetMaps
Type: Array of maps

A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.

Targets
Type: Array of Target structures

The managed nodes targeted by the request to create an association. You can target all managed nodes in an Amazon Web Services account by specifying the InstanceIds key with a value of *.

AssociationAlreadyExists

Description

The specified association already exists.

Members

AssociationDescription

Description

Describes the parameters for a document.

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The details for the CloudWatch alarm you want to apply to an automation or command.

ApplyOnlyAtCronInterval
Type: boolean

By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.

AssociationId
Type: string

The association ID.

AssociationName
Type: string

The association name.

AssociationVersion
Type: string

The association version.

AutomationTargetParameterName
Type: string

Choose the parameter that will define how your automation will branch out. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.

CalendarNames
Type: Array of strings

The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.

ComplianceSeverity
Type: string

The severity level that is assigned to the association.

Date
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the association was made.

DocumentVersion
Type: string

The document version.

Duration
Type: int

The number of hours that an association can run on specified targets. After the resulting cutoff time passes, associations that are currently running are cancelled, and no pending executions are started on remaining targets.

InstanceId
Type: string

The managed node ID.

LastExecutionDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date on which the association was last run.

LastSuccessfulExecutionDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The last date on which the association was successfully run.

LastUpdateAssociationDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the association was last updated.

MaxConcurrency
Type: string

The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.

If a new managed node starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for MaxConcurrency.

MaxErrors
Type: string

The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set MaxError to 10%, then the system stops sending the request when the sixth error is received.

Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.

Name
Type: string

The name of the SSM document.

OutputLocation

An S3 bucket where you want to store the output details of the request.

Overview
Type: AssociationOverview structure

Information about the association.

Parameters
Type: Associative array of custom strings keys (ParameterName) to stringss

A description of the parameters for a document.

ScheduleExpression
Type: string

A cron expression that specifies a schedule when the association runs.

ScheduleOffset
Type: int

Number of days to wait after the scheduled day to run an association.

Status
Type: AssociationStatus structure

The association status.

SyncCompliance
Type: string

The mode for generating association compliance. You can specify AUTO or MANUAL. In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT. If the association execution doesn't run successfully, the association is NON-COMPLIANT.

In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.

By default, all associations use AUTO mode.

TargetLocations
Type: Array of TargetLocation structures

The combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association.

TargetMaps
Type: Array of maps

A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.

Targets
Type: Array of Target structures

The managed nodes targeted by the request.

TriggeredAlarms
Type: Array of AlarmStateInformation structures

The CloudWatch alarm that was invoked during the association.

AssociationDoesNotExist

Description

The specified association doesn't exist.

Members
Message
Type: string

AssociationExecution

Description

Includes information about the specified association.

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The details for the CloudWatch alarm you want to apply to an automation or command.

AssociationId
Type: string

The association ID.

AssociationVersion
Type: string

The association version.

CreatedTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the execution started.

DetailedStatus
Type: string

Detailed status information about the execution.

ExecutionId
Type: string

The execution ID for the association.

LastExecutionDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date of the last execution.

ResourceCountByStatus
Type: string

An aggregate status of the resources in the execution based on the status type.

Status
Type: string

The status of the association execution.

TriggeredAlarms
Type: Array of AlarmStateInformation structures

The CloudWatch alarms that were invoked by the association.

AssociationExecutionDoesNotExist

Description

The specified execution ID doesn't exist. Verify the ID number and try again.

Members
Message
Type: string

AssociationExecutionFilter

Description

Filters used in the request.

Members
Key
Required: Yes
Type: string

The key value used in the request.

Type
Required: Yes
Type: string

The filter type specified in the request.

Value
Required: Yes
Type: string

The value specified for the key.

AssociationExecutionTarget

Description

Includes information about the specified association execution.

Members
AssociationId
Type: string

The association ID.

AssociationVersion
Type: string

The association version.

DetailedStatus
Type: string

Detailed information about the execution status.

ExecutionId
Type: string

The execution ID.

LastExecutionDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date of the last execution.

OutputSource
Type: OutputSource structure

The location where the association details are saved.

ResourceId
Type: string

The resource ID, for example, the managed node ID where the association ran.

ResourceType
Type: string

The resource type, for example, EC2.

Status
Type: string

The association execution status.

AssociationExecutionTargetsFilter

Description

Filters for the association execution.

Members
Key
Required: Yes
Type: string

The key value used in the request.

Value
Required: Yes
Type: string

The value specified for the key.

AssociationFilter

Description

Describes a filter.

Members
key
Required: Yes
Type: string

The name of the filter.

InstanceId has been deprecated.

value
Required: Yes
Type: string

The filter value.

AssociationLimitExceeded

Description

You can have at most 2,000 active associations.

Members

AssociationOverview

Description

Information about the association.

Members
AssociationStatusAggregatedCount
Type: Associative array of custom strings keys (StatusName) to ints

Returns the number of targets for the association status. For example, if you created an association with two managed nodes, and one of them was successful, this would return the count of managed nodes by status.

DetailedStatus
Type: string

A detailed status of the association.

Status
Type: string

The status of the association. Status can be: Pending, Success, or Failed.

AssociationStatus

Description

Describes an association status.

Members
AdditionalInfo
Type: string

A user-defined string.

Date
Required: Yes
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the status changed.

Message
Required: Yes
Type: string

The reason for the status.

Name
Required: Yes
Type: string

The status.

AssociationVersionInfo

Description

Information about the association version.

Members
ApplyOnlyAtCronInterval
Type: boolean

By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.

AssociationId
Type: string

The ID created by the system when the association was created.

AssociationName
Type: string

The name specified for the association version when the association version was created.

AssociationVersion
Type: string

The association version.

CalendarNames
Type: Array of strings

The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations for this version only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.

ComplianceSeverity
Type: string

The severity level that is assigned to the association.

CreatedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the association version was created.

DocumentVersion
Type: string

The version of an Amazon Web Services Systems Manager document (SSM document) used when the association version was created.

Duration
Type: int

The number of hours that an association can run on specified targets. After the resulting cutoff time passes, associations that are currently running are cancelled, and no pending executions are started on remaining targets.

MaxConcurrency
Type: string

The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.

If a new managed node starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for MaxConcurrency.

MaxErrors
Type: string

The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set MaxError to 10%, then the system stops sending the request when the sixth error is received.

Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.

Name
Type: string

The name specified when the association was created.

OutputLocation

The location in Amazon S3 specified for the association when the association version was created.

Parameters
Type: Associative array of custom strings keys (ParameterName) to stringss

Parameters specified when the association version was created.

ScheduleExpression
Type: string

The cron or rate schedule specified for the association when the association version was created.

ScheduleOffset
Type: int

Number of days to wait after the scheduled day to run an association.

SyncCompliance
Type: string

The mode for generating association compliance. You can specify AUTO or MANUAL. In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT. If the association execution doesn't run successfully, the association is NON-COMPLIANT.

In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.

By default, all associations use AUTO mode.

TargetLocations
Type: Array of TargetLocation structures

The combination of Amazon Web Services Regions and Amazon Web Services accounts where you wanted to run the association when this association version was created.

TargetMaps
Type: Array of maps

A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.

Targets
Type: Array of Target structures

The targets specified for the association when the association version was created.

AssociationVersionLimitExceeded

Description

You have reached the maximum number versions allowed for an association. Each association has a limit of 1,000 versions.

Members
Message
Type: string

AttachmentContent

Description

A structure that includes attributes that describe a document attachment.

Members
Hash
Type: string

The cryptographic hash value of the document content.

HashType
Type: string

The hash algorithm used to calculate the hash value.

Name
Type: string

The name of an attachment.

Size
Type: long (int|float)

The size of an attachment in bytes.

Url
Type: string

The URL location of the attachment content.

AttachmentInformation

Description

An attribute of an attachment, such as the attachment name.

Members
Name
Type: string

The name of the attachment.

AttachmentsSource

Description

Identifying information about a document attachment, including the file name and a key-value pair that identifies the location of an attachment to a document.

Members
Key
Type: string

The key of a key-value pair that identifies the location of an attachment to a document.

Name
Type: string

The name of the document attachment file.

Values
Type: Array of strings

The value of a key-value pair that identifies the location of an attachment to a document. The format for Value depends on the type of key you specify.

  • For the key SourceUrl, the value is an S3 bucket location. For example:

    "Values": [ "s3://amzn-s3-demo-bucket/my-prefix" ]

  • For the key S3FileUrl, the value is a file in an S3 bucket. For example:

    "Values": [ "s3://amzn-s3-demo-bucket/my-prefix/my-file.py" ]

  • For the key AttachmentReference, the value is constructed from the name of another SSM document in your account, a version number of that document, and a file attached to that document version that you want to reuse. For example:

    "Values": [ "MyOtherDocument/3/my-other-file.py" ]

    However, if the SSM document is shared with you from another account, the full SSM document ARN must be specified instead of the document name only. For example:

    "Values": [ "arn:aws:ssm:us-east-2:111122223333:document/OtherAccountDocument/3/their-file.py" ]

AutomationDefinitionNotApprovedException

Description

Indicates that the Change Manager change template used in the change request was rejected or is still in a pending state.

Members
Message
Type: string

AutomationDefinitionNotFoundException

Description

An Automation runbook with the specified name couldn't be found.

Members
Message
Type: string

AutomationDefinitionVersionNotFoundException

Description

An Automation runbook with the specified name and version couldn't be found.

Members
Message
Type: string

AutomationExecution

Description

Detailed information about the current state of an individual Automation execution.

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The details for the CloudWatch alarm applied to your automation.

AssociationId
Type: string

The ID of a State Manager association used in the Automation operation.

AutomationExecutionId
Type: string

The execution ID.

AutomationExecutionStatus
Type: string

The execution status of the Automation.

AutomationSubtype
Type: string

The subtype of the Automation operation. Currently, the only supported value is ChangeRequest.

ChangeRequestName
Type: string

The name of the Change Manager change request.

CurrentAction
Type: string

The action of the step that is currently running.

CurrentStepName
Type: string

The name of the step that is currently running.

DocumentName
Type: string

The name of the Automation runbook used during the execution.

DocumentVersion
Type: string

The version of the document to use during execution.

ExecutedBy
Type: string

The Amazon Resource Name (ARN) of the user who ran the automation.

ExecutionEndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the execution finished.

ExecutionStartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the execution started.

FailureMessage
Type: string

A message describing why an execution has failed, if the status is set to Failed.

MaxConcurrency
Type: string

The MaxConcurrency value specified by the user when the execution started.

MaxErrors
Type: string

The MaxErrors value specified by the user when the execution started.

Mode
Type: string

The automation execution mode.

OpsItemId
Type: string

The ID of an OpsItem that is created to represent a Change Manager change request.

Outputs
Type: Associative array of custom strings keys (AutomationParameterKey) to stringss

The list of execution outputs as defined in the Automation runbook.

Parameters
Type: Associative array of custom strings keys (AutomationParameterKey) to stringss

The key-value map of execution parameters, which were supplied when calling StartAutomationExecution.

ParentAutomationExecutionId
Type: string

The AutomationExecutionId of the parent automation.

ProgressCounters
Type: ProgressCounters structure

An aggregate of step execution statuses displayed in the Amazon Web Services Systems Manager console for a multi-Region and multi-account Automation execution.

ResolvedTargets
Type: ResolvedTargets structure

A list of resolved targets in the rate control execution.

Runbooks
Type: Array of Runbook structures

Information about the Automation runbooks that are run as part of a runbook workflow.

The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.

ScheduledTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the Automation operation is scheduled to start.

StepExecutions
Type: Array of StepExecution structures

A list of details about the current state of all steps that comprise an execution. An Automation runbook contains a list of steps that are run in order.

StepExecutionsTruncated
Type: boolean

A boolean value that indicates if the response contains the full list of the Automation step executions. If true, use the DescribeAutomationStepExecutions API operation to get the full list of step executions.

Target
Type: string

The target of the execution.

TargetLocations
Type: Array of TargetLocation structures

The combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the Automation.

TargetLocationsURL
Type: string

A publicly accessible URL for a file that contains the TargetLocations body. Currently, only files in presigned Amazon S3 buckets are supported

TargetMaps
Type: Array of maps

The specified key-value mapping of document parameters to target resources.

TargetParameterName
Type: string

The parameter name.

Targets
Type: Array of Target structures

The specified targets.

TriggeredAlarms
Type: Array of AlarmStateInformation structures

The CloudWatch alarm that was invoked by the automation.

Variables
Type: Associative array of custom strings keys (AutomationParameterKey) to stringss

Variables defined for the automation.

AutomationExecutionFilter

Description

A filter used to match specific automation executions. This is used to limit the scope of Automation execution information returned.

Members
Key
Required: Yes
Type: string

One or more keys to limit the results.

Values
Required: Yes
Type: Array of strings

The values used to limit the execution information associated with the filter's key.

AutomationExecutionLimitExceededException

Description

The number of simultaneously running Automation executions exceeded the allowable limit.

Members
Message
Type: string

AutomationExecutionMetadata

Description

Details about a specific Automation execution.

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The details for the CloudWatch alarm applied to your automation.

AssociationId
Type: string

The ID of a State Manager association used in the Automation operation.

AutomationExecutionId
Type: string

The execution ID.

AutomationExecutionStatus
Type: string

The status of the execution.

AutomationSubtype
Type: string

The subtype of the Automation operation. Currently, the only supported value is ChangeRequest.

AutomationType
Type: string

Use this filter with DescribeAutomationExecutions. Specify either Local or CrossAccount. CrossAccount is an Automation that runs in multiple Amazon Web Services Regions and Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the Amazon Web Services Systems Manager User Guide.

ChangeRequestName
Type: string

The name of the Change Manager change request.

CurrentAction
Type: string

The action of the step that is currently running.

CurrentStepName
Type: string

The name of the step that is currently running.

DocumentName
Type: string

The name of the Automation runbook used during execution.

DocumentVersion
Type: string

The document version used during the execution.

ExecutedBy
Type: string

The IAM role ARN of the user who ran the automation.

ExecutionEndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the execution finished. This isn't populated if the execution is still in progress.

ExecutionStartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the execution started.

FailureMessage
Type: string

The list of execution outputs as defined in the Automation runbook.

LogFile
Type: string

An S3 bucket where execution information is stored.

MaxConcurrency
Type: string

The MaxConcurrency value specified by the user when starting the automation.

MaxErrors
Type: string

The MaxErrors value specified by the user when starting the automation.

Mode
Type: string

The Automation execution mode.

OpsItemId
Type: string

The ID of an OpsItem that is created to represent a Change Manager change request.

Outputs
Type: Associative array of custom strings keys (AutomationParameterKey) to stringss

The list of execution outputs as defined in the Automation runbook.

ParentAutomationExecutionId
Type: string

The execution ID of the parent automation.

ResolvedTargets
Type: ResolvedTargets structure

A list of targets that resolved during the execution.

Runbooks
Type: Array of Runbook structures

Information about the Automation runbooks that are run during a runbook workflow in Change Manager.

The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.

ScheduledTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the Automation operation is scheduled to start.

Target
Type: string

The list of execution outputs as defined in the Automation runbook.

TargetLocationsURL
Type: string

A publicly accessible URL for a file that contains the TargetLocations body. Currently, only files in presigned Amazon S3 buckets are supported

TargetMaps
Type: Array of maps

The specified key-value mapping of document parameters to target resources.

TargetParameterName
Type: string

The list of execution outputs as defined in the Automation runbook.

Targets
Type: Array of Target structures

The targets defined by the user when starting the automation.

TriggeredAlarms
Type: Array of AlarmStateInformation structures

The CloudWatch alarm that was invoked by the automation.

AutomationExecutionNotFoundException

Description

There is no automation execution information for the requested automation execution ID.

Members
Message
Type: string

AutomationStepNotFoundException

Description

The specified step name and execution ID don't exist. Verify the information and try again.

Members
Message
Type: string

BaselineOverride

Description

Defines the basic information about a patch baseline override.

Members
ApprovalRules
Type: PatchRuleGroup structure

A set of rules defining the approval rules for a patch baseline.

ApprovedPatches
Type: Array of strings

A list of explicitly approved patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

ApprovedPatchesComplianceLevel
Type: string

Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation.

ApprovedPatchesEnableNonSecurity
Type: boolean

Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is false. Applies to Linux managed nodes only.

GlobalFilters
Type: PatchFilterGroup structure

A set of patch filters, typically used for approval rules.

OperatingSystem
Type: string

The operating system rule used by the patch baseline override.

RejectedPatches
Type: Array of strings

A list of explicitly rejected patches for the baseline.

For information about accepted formats for lists of approved patches and rejected patches, see Package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.

RejectedPatchesAction
Type: string

The action for Patch Manager to take on patches included in the RejectedPackages list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency.

Sources
Type: Array of PatchSource structures

Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

CloudWatchOutputConfig

Description

Configuration options for sending command output to Amazon CloudWatch Logs.

Members
CloudWatchLogGroupName
Type: string

The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:

aws/ssm/SystemsManagerDocumentName

CloudWatchOutputEnabled
Type: boolean

Enables Systems Manager to send command output to CloudWatch Logs.

Command

Description

Describes a command request.

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The details for the CloudWatch alarm applied to your command.

CloudWatchOutputConfig
Type: CloudWatchOutputConfig structure

Amazon CloudWatch Logs information where you want Amazon Web Services Systems Manager to send the command output.

CommandId
Type: string

A unique identifier for this command.

Comment
Type: string

User-specified information about the command, such as a brief description of what the command should do.

CompletedCount
Type: int

The number of targets for which the command invocation reached a terminal state. Terminal states include the following: Success, Failed, Execution Timed Out, Delivery Timed Out, Cancelled, Terminated, or Undeliverable.

DeliveryTimedOutCount
Type: int

The number of targets for which the status is Delivery Timed Out.

DocumentName
Type: string

The name of the document requested for execution.

DocumentVersion
Type: string

The Systems Manager document (SSM document) version.

ErrorCount
Type: int

The number of targets for which the status is Failed or Execution Timed Out.

ExpiresAfter
Type: timestamp (string|DateTime or anything parsable by strtotime)

If a command expires, it changes status to DeliveryTimedOut for all invocations that have the status InProgress, Pending, or Delayed. ExpiresAfter is calculated based on the total timeout for the overall command. For more information, see Understanding command timeout values in the Amazon Web Services Systems Manager User Guide.

InstanceIds
Type: Array of strings

The managed node IDs against which this command was requested.

MaxConcurrency
Type: string

The maximum number of managed nodes that are allowed to run the command at the same time. You can specify a number of managed nodes, such as 10, or a percentage of nodes, such as 10%. The default value is 50. For more information about how to use MaxConcurrency, see Amazon Web Services Systems Manager Run Command in the Amazon Web Services Systems Manager User Guide.

MaxErrors
Type: string

The maximum number of errors allowed before the system stops sending the command to additional targets. You can specify a number of errors, such as 10, or a percentage or errors, such as 10%. The default value is 0. For more information about how to use MaxErrors, see Amazon Web Services Systems Manager Run Command in the Amazon Web Services Systems Manager User Guide.

NotificationConfig
Type: NotificationConfig structure

Configurations for sending notifications about command status changes.

OutputS3BucketName
Type: string

The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command.

OutputS3KeyPrefix
Type: string

The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command.

OutputS3Region
Type: string

(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Amazon Web Services Region of the S3 bucket.

Parameters
Type: Associative array of custom strings keys (ParameterName) to stringss

The parameter values to be inserted in the document when running the command.

RequestedDateTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the command was requested.

ServiceRole
Type: string

The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes.

Status
Type: string

The status of the command.

StatusDetails
Type: string

A detailed status of the command execution. StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide. StatusDetails can be one of the following values:

  • Pending: The command hasn't been sent to any managed nodes.

  • In Progress: The command has been sent to at least one managed node but hasn't reached a final state on all managed nodes.

  • Success: The command successfully ran on all invocations. This is a terminal state.

  • Delivery Timed Out: The value of MaxErrors or more command invocations shows a status of Delivery Timed Out. This is a terminal state.

  • Execution Timed Out: The value of MaxErrors or more command invocations shows a status of Execution Timed Out. This is a terminal state.

  • Failed: The value of MaxErrors or more command invocations shows a status of Failed. This is a terminal state.

  • Incomplete: The command was attempted on all managed nodes and one or more invocations doesn't have a value of Success but not enough invocations failed for the status to be Failed. This is a terminal state.

  • Cancelled: The command was terminated before it was completed. This is a terminal state.

  • Rate Exceeded: The number of managed nodes targeted by the command exceeded the account limit for pending invocations. The system has canceled the command before running it on any managed node. This is a terminal state.

  • Delayed: The system attempted to send the command to the managed node but wasn't successful. The system retries again.

TargetCount
Type: int

The number of targets for the command.

Targets
Type: Array of Target structures

An array of search criteria that targets managed nodes using a Key,Value combination that you specify. Targets is required if you don't provide one or more managed node IDs in the call.

TimeoutSeconds
Type: int

The TimeoutSeconds value specified for a command.

TriggeredAlarms
Type: Array of AlarmStateInformation structures

The CloudWatch alarm that was invoked by the command.

CommandFilter

Description

Describes a command filter.

A managed node ID can't be specified when a command status is Pending because the command hasn't run on the node yet.

Members
key
Required: Yes
Type: string

The name of the filter.

The ExecutionStage filter can't be used with the ListCommandInvocations operation, only with ListCommands.

value
Required: Yes
Type: string

The filter value. Valid values for each filter key are as follows:

  • InvokedAfter: Specify a timestamp to limit your results. For example, specify 2024-07-07T00:00:00Z to see a list of command executions occurring July 7, 2021, and later.

  • InvokedBefore: Specify a timestamp to limit your results. For example, specify 2024-07-07T00:00:00Z to see a list of command executions from before July 7, 2021.

  • Status: Specify a valid command status to see a list of all command executions with that status. The status choices depend on the API you call.

    The status values you can specify for ListCommands are:

    • Pending

    • InProgress

    • Success

    • Cancelled

    • Failed

    • TimedOut (this includes both Delivery and Execution time outs)

    • AccessDenied

    • DeliveryTimedOut

    • ExecutionTimedOut

    • Incomplete

    • NoInstancesInTag

    • LimitExceeded

    The status values you can specify for ListCommandInvocations are:

    • Pending

    • InProgress

    • Delayed

    • Success

    • Cancelled

    • Failed

    • TimedOut (this includes both Delivery and Execution time outs)

    • AccessDenied

    • DeliveryTimedOut

    • ExecutionTimedOut

    • Undeliverable

    • InvalidPlatform

    • Terminated

  • DocumentName: Specify name of the Amazon Web Services Systems Manager document (SSM document) for which you want to see command execution results. For example, specify AWS-RunPatchBaseline to see command executions that used this SSM document to perform security patching operations on managed nodes.

  • ExecutionStage: Specify one of the following values (ListCommands operations only):

    • Executing: Returns a list of command executions that are currently still running.

    • Complete: Returns a list of command executions that have already completed.

CommandInvocation

Description

An invocation is a copy of a command sent to a specific managed node. A command can apply to one or more managed nodes. A command invocation applies to one managed node. For example, if a user runs SendCommand against three managed nodes, then a command invocation is created for each requested managed node ID. A command invocation returns status and detail information about a command you ran.

Members
CloudWatchOutputConfig
Type: CloudWatchOutputConfig structure

Amazon CloudWatch Logs information where you want Amazon Web Services Systems Manager to send the command output.

CommandId
Type: string

The command against which this invocation was requested.

CommandPlugins
Type: Array of CommandPlugin structures

Plugins processed by the command.

Comment
Type: string

User-specified information about the command, such as a brief description of what the command should do.

DocumentName
Type: string

The document name that was requested for execution.

DocumentVersion
Type: string

The Systems Manager document (SSM document) version.

InstanceId
Type: string

The managed node ID in which this invocation was requested.

InstanceName
Type: string

The fully qualified host name of the managed node.

NotificationConfig
Type: NotificationConfig structure

Configurations for sending notifications about command status changes on a per managed node basis.

RequestedDateTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time and date the request was sent to this managed node.

ServiceRole
Type: string

The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes on a per managed node basis.

StandardErrorUrl
Type: string

The URL to the plugin's StdErr file in Amazon Simple Storage Service (Amazon S3), if the S3 bucket was defined for the parent command. For an invocation, StandardErrorUrl is populated if there is just one plugin defined for the command, and the S3 bucket was defined for the command.

StandardOutputUrl
Type: string

The URL to the plugin's StdOut file in Amazon Simple Storage Service (Amazon S3), if the S3 bucket was defined for the parent command. For an invocation, StandardOutputUrl is populated if there is just one plugin defined for the command, and the S3 bucket was defined for the command.

Status
Type: string

Whether or not the invocation succeeded, failed, or is pending.

StatusDetails
Type: string

A detailed status of the command execution for each invocation (each managed node targeted by the command). StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide. StatusDetails can be one of the following values:

  • Pending: The command hasn't been sent to the managed node.

  • In Progress: The command has been sent to the managed node but hasn't reached a terminal state.

  • Success: The execution of the command or plugin was successfully completed. This is a terminal state.

  • Delivery Timed Out: The command wasn't delivered to the managed node before the delivery timeout expired. Delivery timeouts don't count against the parent command's MaxErrors limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state.

  • Execution Timed Out: Command execution started on the managed node, but the execution wasn't complete before the execution timeout expired. Execution timeouts count against the MaxErrors limit of the parent command. This is a terminal state.

  • Failed: The command wasn't successful on the managed node. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the MaxErrors limit of the parent command. This is a terminal state.

  • Cancelled: The command was terminated before it was completed. This is a terminal state.

  • Undeliverable: The command can't be delivered to the managed node. The managed node might not exist or might not be responding. Undeliverable invocations don't count against the parent command's MaxErrors limit and don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state.

  • Terminated: The parent command exceeded its MaxErrors limit and subsequent command invocations were canceled by the system. This is a terminal state.

  • Delayed: The system attempted to send the command to the managed node but wasn't successful. The system retries again.

TraceOutput
Type: string

Gets the trace output sent by the agent.

CommandPlugin

Description

Describes plugin details.

Members
Name
Type: string

The name of the plugin. Must be one of the following: aws:updateAgent, aws:domainjoin, aws:applications, aws:runPowerShellScript, aws:psmodule, aws:cloudWatch, aws:runShellScript, or aws:updateSSMAgent.

Output
Type: string

Output of the plugin execution.

OutputS3BucketName
Type: string

The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:

amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript

amzn-s3-demo-bucket is the name of the S3 bucket;

my-prefix is the name of the S3 prefix;

i-02573cafcfEXAMPLE is the managed node ID;

awsrunShellScript is the name of the plugin.

OutputS3KeyPrefix
Type: string

The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:

amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript

amzn-s3-demo-bucket is the name of the S3 bucket;

my-prefix is the name of the S3 prefix;

i-02573cafcfEXAMPLE is the managed node ID;

awsrunShellScript is the name of the plugin.

OutputS3Region
Type: string

(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the S3 bucket region.

ResponseCode
Type: int

A numeric response code generated after running the plugin.

ResponseFinishDateTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the plugin stopped running. Could stop prematurely if, for example, a cancel command was sent.

ResponseStartDateTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the plugin started running.

StandardErrorUrl
Type: string

The URL for the complete text written by the plugin to stderr. If execution isn't yet complete, then this string is empty.

StandardOutputUrl
Type: string

The URL for the complete text written by the plugin to stdout in Amazon S3. If the S3 bucket for the command wasn't specified, then this string is empty.

Status
Type: string

The status of this plugin. You can run a document with multiple plugins.

StatusDetails
Type: string

A detailed status of the plugin execution. StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide. StatusDetails can be one of the following values:

  • Pending: The command hasn't been sent to the managed node.

  • In Progress: The command has been sent to the managed node but hasn't reached a terminal state.

  • Success: The execution of the command or plugin was successfully completed. This is a terminal state.

  • Delivery Timed Out: The command wasn't delivered to the managed node before the delivery timeout expired. Delivery timeouts don't count against the parent command's MaxErrors limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state.

  • Execution Timed Out: Command execution started on the managed node, but the execution wasn't complete before the execution timeout expired. Execution timeouts count against the MaxErrors limit of the parent command. This is a terminal state.

  • Failed: The command wasn't successful on the managed node. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the MaxErrors limit of the parent command. This is a terminal state.

  • Cancelled: The command was terminated before it was completed. This is a terminal state.

  • Undeliverable: The command can't be delivered to the managed node. The managed node might not exist, or it might not be responding. Undeliverable invocations don't count against the parent command's MaxErrors limit, and they don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state.

  • Terminated: The parent command exceeded its MaxErrors limit and subsequent command invocations were canceled by the system. This is a terminal state.

ComplianceExecutionSummary

Description

A summary of the call execution that includes an execution ID, the type of execution (for example, Command), and the date/time of the execution using a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'

Members
ExecutionId
Type: string

An ID created by the system when PutComplianceItems was called. For example, CommandID is a valid execution ID. You can use this ID in subsequent calls.

ExecutionTime
Required: Yes
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the execution ran as a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'

ExecutionType
Type: string

The type of execution. For example, Command is a valid execution type.

ComplianceItem

Description

Information about the compliance as defined by the resource type. For example, for a patch resource type, Items includes information about the PatchSeverity, Classification, and so on.

Members
ComplianceType
Type: string

The compliance type. For example, Association (for a State Manager association), Patch, or Custom:string are all valid compliance types.

Details
Type: Associative array of custom strings keys (AttributeName) to strings

A "Key": "Value" tag combination for the compliance item.

ExecutionSummary
Type: ComplianceExecutionSummary structure

A summary for the compliance item. The summary includes an execution ID, the execution type (for example, command), and the execution time.

Id
Type: string

An ID for the compliance item. For example, if the compliance item is a Windows patch, the ID could be the number of the KB article; for example: KB4010320.

ResourceId
Type: string

An ID for the resource. For a managed node, this is the node ID.

ResourceType
Type: string

The type of resource. ManagedInstance is currently the only supported resource type.

Severity
Type: string

The severity of the compliance status. Severity can be one of the following: Critical, High, Medium, Low, Informational, Unspecified.

Status
Type: string

The status of the compliance item. An item is either COMPLIANT, NON_COMPLIANT, or an empty string (for Windows patches that aren't applicable).

Title
Type: string

A title for the compliance item. For example, if the compliance item is a Windows patch, the title could be the title of the KB article for the patch; for example: Security Update for Active Directory Federation Services.

ComplianceItemEntry

Description

Information about a compliance item.

Members
Details
Type: Associative array of custom strings keys (AttributeName) to strings

A "Key": "Value" tag combination for the compliance item.

Id
Type: string

The compliance item ID. For example, if the compliance item is a Windows patch, the ID could be the number of the KB article.

Severity
Required: Yes
Type: string

The severity of the compliance status. Severity can be one of the following: Critical, High, Medium, Low, Informational, Unspecified.

Status
Required: Yes
Type: string

The status of the compliance item. An item is either COMPLIANT or NON_COMPLIANT.

Title
Type: string

The title of the compliance item. For example, if the compliance item is a Windows patch, the title could be the title of the KB article for the patch; for example: Security Update for Active Directory Federation Services.

ComplianceStringFilter

Description

One or more filters. Use a filter to return a more specific list of results.

Members
Key
Type: string

The name of the filter.

Type
Type: string

The type of comparison that should be performed for the value: Equal, NotEqual, BeginWith, LessThan, or GreaterThan.

Values
Type: Array of strings

The value for which to search.

ComplianceSummaryItem

Description

A summary of compliance information by compliance type.

Members
ComplianceType
Type: string

The type of compliance item. For example, the compliance type can be Association, Patch, or Custom:string.

CompliantSummary
Type: CompliantSummary structure

A list of COMPLIANT items for the specified compliance type.

NonCompliantSummary
Type: NonCompliantSummary structure

A list of NON_COMPLIANT items for the specified compliance type.

ComplianceTypeCountLimitExceededException

Description

You specified too many custom compliance types. You can specify a maximum of 10 different types.

Members
Message
Type: string

CompliantSummary

Description

A summary of resources that are compliant. The summary is organized according to the resource count for each compliance type.

Members
CompliantCount
Type: int

The total number of resources that are compliant.

SeveritySummary
Type: SeveritySummary structure

A summary of the compliance severity by compliance type.

CreateAssociationBatchRequestEntry

Description

Describes the association of a Amazon Web Services Systems Manager document (SSM document) and a managed node.

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The details for the CloudWatch alarm you want to apply to an automation or command.

ApplyOnlyAtCronInterval
Type: boolean

By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.

AssociationName
Type: string

Specify a descriptive name for the association.

AutomationTargetParameterName
Type: string

Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.

CalendarNames
Type: Array of strings

The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.

ComplianceSeverity
Type: string

The severity level to assign to the association.

DocumentVersion
Type: string

The document version.

Duration
Type: int

The number of hours the association can run before it is canceled. Duration applies to associations that are currently running, and any pending and in progress commands on all targets. If a target was taken offline for the association to run, it is made available again immediately, without a reboot.

The Duration parameter applies only when both these conditions are true:

  • The association for which you specify a duration is cancelable according to the parameters of the SSM command document or Automation runbook associated with this execution.

  • The command specifies the ApplyOnlyAtCronInterval parameter, which means that the association doesn't run immediately after it is created, but only according to the specified schedule.

InstanceId
Type: string

The managed node ID.

InstanceId has been deprecated. To specify a managed node ID for an association, use the Targets parameter. Requests that include the parameter InstanceID with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameter InstanceId, you can't use the parameters AssociationName, DocumentVersion, MaxErrors, MaxConcurrency, OutputLocation, or ScheduleExpression. To use these parameters, you must use the Targets parameter.

MaxConcurrency
Type: string

The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.

If a new managed node starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for MaxConcurrency.

MaxErrors
Type: string

The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set MaxError to 10%, then the system stops sending the request when the sixth error is received.

Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.

Name
Required: Yes
Type: string

The name of the SSM document that contains the configuration information for the managed node. You can specify Command or Automation runbooks.

You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.

For SSM documents that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:

arn:aws:ssm:region:account-id:document/document-name

For example:

arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document

For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS-ApplyPatchBaseline or My-Document.

OutputLocation

An S3 bucket where you want to store the results of this request.

Parameters
Type: Associative array of custom strings keys (ParameterName) to stringss

A description of the parameters for a document.

ScheduleExpression
Type: string

A cron expression that specifies a schedule when the association runs.

ScheduleOffset
Type: int

Number of days to wait after the scheduled day to run an association.

SyncCompliance
Type: string

The mode for generating association compliance. You can specify AUTO or MANUAL. In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT. If the association execution doesn't run successfully, the association is NON-COMPLIANT.

In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.

By default, all associations use AUTO mode.

TargetLocations
Type: Array of TargetLocation structures

Use this action to create an association in multiple Regions and multiple accounts.

TargetMaps
Type: Array of maps

A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.

Targets
Type: Array of Target structures

The managed nodes targeted by the request.

CustomSchemaCountLimitExceededException

Description

You have exceeded the limit for custom schemas. Delete one or more custom schemas and try again.

Members
Message
Type: string

DescribeActivationsFilter

Description

Filter for the DescribeActivation API.

Members
FilterKey
Type: string

The name of the filter.

FilterValues
Type: Array of strings

The filter values.

DocumentAlreadyExists

Description

The specified document already exists.

Members
Message
Type: string

DocumentDefaultVersionDescription

Description

A default version of a document.

Members
DefaultVersion
Type: string

The default version of the document.

DefaultVersionName
Type: string

The default version of the artifact associated with the document.

Name
Type: string

The name of the document.

DocumentDescription

Description

Describes an Amazon Web Services Systems Manager document (SSM document).

Members
ApprovedVersion
Type: string

The version of the document currently approved for use in the organization.

AttachmentsInformation
Type: Array of AttachmentInformation structures

Details about the document attachments, including names, locations, sizes, and so on.

Author
Type: string

The user in your organization who created the document.

Category
Type: Array of strings

The classification of a document to help you identify and categorize its use.

CategoryEnum
Type: Array of strings

The value that identifies a document's category.

CreatedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date when the document was created.

DefaultVersion
Type: string

The default version.

Description
Type: string

A description of the document.

DisplayName
Type: string

The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.

DocumentFormat
Type: string

The document format, either JSON or YAML.

DocumentType
Type: string

The type of document.

DocumentVersion
Type: string

The document version.

Hash
Type: string

The Sha256 or Sha1 hash created by the system when the document was created.

Sha1 hashes have been deprecated.

HashType
Type: string

The hash type of the document. Valid values include Sha256 or Sha1.

Sha1 hashes have been deprecated.

LatestVersion
Type: string

The latest version of the document.

Name
Type: string

The name of the SSM document.

Owner
Type: string

The Amazon Web Services user that created the document.

Parameters
Type: Array of DocumentParameter structures

A description of the parameters for a document.

PendingReviewVersion
Type: string

The version of the document that is currently under review.

PlatformTypes
Type: Array of strings

The list of operating system (OS) platforms compatible with this SSM document.

Requires
Type: Array of DocumentRequires structures

A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.

ReviewInformation
Type: Array of ReviewInformation structures

Details about the review of a document.

ReviewStatus
Type: string

The current status of the review.

SchemaVersion
Type: string

The schema version.

Sha1
Type: string

The SHA1 hash of the document, which you can use for verification.

Status
Type: string

The status of the SSM document.

StatusInformation
Type: string

A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."

Tags
Type: Array of Tag structures

The tags, or metadata, that have been applied to the document.

TargetType
Type: string

The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.

VersionName
Type: string

The version of the artifact associated with the document.

DocumentFilter

Description

This data type is deprecated. Instead, use DocumentKeyValuesFilter.

Members
key
Required: Yes
Type: string

The name of the filter.

value
Required: Yes
Type: string

The value of the filter.

DocumentIdentifier

Description

Describes the name of a SSM document.

Members
Author
Type: string

The user in your organization who created the document.

CreatedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the SSM document was created.

DisplayName
Type: string

An optional field where you can specify a friendly name for the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.

DocumentFormat
Type: string

The document format, either JSON or YAML.

DocumentType
Type: string

The document type.

DocumentVersion
Type: string

The document version.

Name
Type: string

The name of the SSM document.

Owner
Type: string

The Amazon Web Services user that created the document.

PlatformTypes
Type: Array of strings

The operating system platform.

Requires
Type: Array of DocumentRequires structures

A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.

ReviewStatus
Type: string

The current status of a document review.

SchemaVersion
Type: string

The schema version.

Tags
Type: Array of Tag structures

The tags, or metadata, that have been applied to the document.

TargetType
Type: string

The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.

VersionName
Type: string

An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

DocumentKeyValuesFilter

Description

One or more filters. Use a filter to return a more specific list of documents.

For keys, you can specify one or more tags that have been applied to a document.

You can also use Amazon Web Services-provided keys, some of which have specific allowed values. These keys and their associated values are as follows:

DocumentType
  • ApplicationConfiguration

  • ApplicationConfigurationSchema

  • Automation

  • ChangeCalendar

  • Command

  • Package

  • Policy

  • Session

Owner

Note that only one Owner can be specified in a request. For example: Key=Owner,Values=Self.

  • Amazon

  • Private

  • Public

  • Self

  • ThirdParty

PlatformTypes
  • Linux

  • Windows

Name is another Amazon Web Services-provided key. If you use Name as a key, you can use a name prefix to return a list of documents. For example, in the Amazon Web Services CLI, to return a list of all documents that begin with Te, run the following command:

aws ssm list-documents --filters Key=Name,Values=Te

You can also use the TargetType Amazon Web Services-provided key. For a list of valid resource type values that can be used with this key, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.

If you specify more than two keys, only documents that are identified by all the tags are returned in the results. If you specify more than two values for a key, documents that are identified by any of the values are returned in the results.

To specify a custom key-value pair, use the format Key=tag:tagName,Values=valueName.

For example, if you created a key called region and are using the Amazon Web Services CLI to call the list-documents command:

aws ssm list-documents --filters Key=tag:region,Values=east,west Key=Owner,Values=Self

Members
Key
Type: string

The name of the filter key.

Values
Type: Array of strings

The value for the filter key.

DocumentLimitExceeded

Description

You can have at most 500 active SSM documents.

Members
Message
Type: string

DocumentMetadataResponseInfo

Description

Details about the response to a document review request.

Members
ReviewerResponse
Type: Array of DocumentReviewerResponseSource structures

Details about a reviewer's response to a document review request.

DocumentParameter

Description

Parameters specified in a Systems Manager document that run on the server when the command is run.

Members
DefaultValue
Type: string

If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.

Description
Type: string

A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.

Name
Type: string

The name of the parameter.

Type
Type: string

The type of parameter. The type can be either String or StringList.

DocumentPermissionLimit

Description

The document can't be shared with more Amazon Web Services accounts. You can specify a maximum of 20 accounts per API operation to share a private document.

By default, you can share a private document with a maximum of 1,000 accounts and publicly share up to five documents.

If you need to increase the quota for privately or publicly shared Systems Manager documents, contact Amazon Web Services Support.

Members
Message
Type: string

DocumentRequires

Description

An SSM document required by the current document.

Members
Name
Required: Yes
Type: string

The name of the required SSM document. The name can be an Amazon Resource Name (ARN).

RequireType
Type: string

The document type of the required SSM document.

Version
Type: string

The document version required by the current document.

VersionName
Type: string

An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

DocumentReviewCommentSource

Description

Information about comments added to a document review request.

Members
Content
Type: string

The content of a comment entered by a user who requests a review of a new document version, or who reviews the new version.

Type
Type: string

The type of information added to a review request. Currently, only the value Comment is supported.

DocumentReviewerResponseSource

Description

Information about a reviewer's response to a document review request.

Members
Comment
Type: Array of DocumentReviewCommentSource structures

The comment entered by a reviewer as part of their document review response.

CreateTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time that a reviewer entered a response to a document review request.

ReviewStatus
Type: string

The current review status of a new custom SSM document created by a member of your organization, or of the latest version of an existing SSM document.

Only one version of a document can be in the APPROVED state at a time. When a new version is approved, the status of the previous version changes to REJECTED.

Only one version of a document can be in review, or PENDING, at a time.

Reviewer
Type: string

The user in your organization assigned to review a document request.

UpdatedTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time that a reviewer last updated a response to a document review request.

DocumentReviews

Description

Information about a document approval review.

Members
Action
Required: Yes
Type: string

The action to take on a document approval review request.

Comment
Type: Array of DocumentReviewCommentSource structures

A comment entered by a user in your organization about the document review request.

DocumentVersionInfo

Description

Version information about the document.

Members
CreatedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the document was created.

DisplayName
Type: string

The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.

DocumentFormat
Type: string

The document format, either JSON or YAML.

DocumentVersion
Type: string

The document version.

IsDefaultVersion
Type: boolean

An identifier for the default version of the document.

Name
Type: string

The document name.

ReviewStatus
Type: string

The current status of the approval review for the latest version of the document.

Status
Type: string

The status of the SSM document, such as Creating, Active, Failed, and Deleting.

StatusInformation
Type: string

A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."

VersionName
Type: string

The version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

DocumentVersionLimitExceeded

Description

The document has too many versions. Delete one or more document versions and try again.

Members
Message
Type: string

DoesNotExistException

Description

Error returned when the ID specified for a resource, such as a maintenance window or patch baseline, doesn't exist.

For information about resource quotas in Amazon Web Services Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

Members
Message
Type: string

DuplicateDocumentContent

Description

The content of the association document matches another document. Change the content of the document and try again.

Members
Message
Type: string

DuplicateDocumentVersionName

Description

The version name has already been used in this document. Specify a different version name, and then try again.

Members
Message
Type: string

DuplicateInstanceId

Description

You can't specify a managed node ID in more than one association.

Members

EffectivePatch

Description

The EffectivePatch structure defines metadata about a patch along with the approval state of the patch in a particular patch baseline. The approval state includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.

Members
Patch
Type: Patch structure

Provides metadata for a patch, including information such as the KB ID, severity, classification and a URL for where more information can be obtained about the patch.

PatchStatus
Type: PatchStatus structure

The status of the patch in a patch baseline. This includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.

FailedCreateAssociation

Description

Describes a failed association.

Members
Entry

The association.

Fault
Type: string

The source of the failure.

Message
Type: string

A description of the failure.

FailureDetails

Description

Information about an Automation failure.

Members
Details
Type: Associative array of custom strings keys (AutomationParameterKey) to stringss

Detailed information about the Automation step failure.

FailureStage
Type: string

The stage of the Automation execution when the failure occurred. The stages include the following: InputValidation, PreVerification, Invocation, PostVerification.

FailureType
Type: string

The type of Automation failure. Failure types include the following: Action, Permission, Throttling, Verification, Internal.

FeatureNotAvailableException

Description

You attempted to register a LAMBDA or STEP_FUNCTIONS task in a region where the corresponding service isn't available.

Members
Message
Type: string

GetResourcePoliciesResponseEntry

Description

A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. Currently, OpsItemGroup is the only resource that supports Systems Manager resource policies. The resource policy for OpsItemGroup enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems).

Members
Policy
Type: string

A resource policy helps you to define the IAM entity (for example, an Amazon Web Services account) that can manage your Systems Manager resources. Currently, OpsItemGroup is the only resource that supports Systems Manager resource policies. The resource policy for OpsItemGroup enables Amazon Web Services accounts to view and interact with OpsCenter operational work items (OpsItems).

PolicyHash
Type: string

ID of the current policy version. The hash helps to prevent a situation where multiple users attempt to overwrite a policy. You must provide this hash when updating or deleting a policy.

PolicyId
Type: string

A policy ID.

HierarchyTypeMismatchException

Description

Parameter Store doesn't support changing a parameter type in a hierarchy. For example, you can't change a parameter from a String type to a SecureString type. You must create a new, unique parameter.

Members
message
Type: string

Parameter Store doesn't support changing a parameter type in a hierarchy. For example, you can't change a parameter from a String type to a SecureString type. You must create a new, unique parameter.

IdempotentParameterMismatch

Description

Error returned when an idempotent operation is retried and the parameters don't match the original call to the API with the same idempotency token.

Members
Message
Type: string

IncompatiblePolicyException

Description

There is a conflict in the policies specified for this parameter. You can't, for example, specify two Expiration policies for a parameter. Review your policies, and try again.

Members
message
Type: string

InstanceAggregatedAssociationOverview

Description

Status information about the aggregated associations.

Members
DetailedStatus
Type: string

Detailed status information about the aggregated associations.

InstanceAssociationStatusAggregatedCount
Type: Associative array of custom strings keys (StatusName) to ints

The number of associations for the managed nodes.

InstanceAssociation

Description

One or more association documents on the managed node.

Members
AssociationId
Type: string

The association ID.

AssociationVersion
Type: string

Version information for the association on the managed node.

Content
Type: string

The content of the association document for the managed nodes.

InstanceId
Type: string

The managed node ID.

InstanceAssociationOutputLocation

Description

An S3 bucket where you want to store the results of this request.

For the minimal permissions required to enable Amazon S3 output for an association, see Create an association (console) in the Systems Manager User Guide.

Members
S3Location
Type: S3OutputLocation structure

An S3 bucket where you want to store the results of this request.

InstanceAssociationOutputUrl

Description

The URL of S3 bucket where you want to store the results of this request.

Members
S3OutputUrl
Type: S3OutputUrl structure

The URL of S3 bucket where you want to store the results of this request.

InstanceAssociationStatusInfo

Description

Status information about the association.

Members
AssociationId
Type: string

The association ID.

AssociationName
Type: string

The name of the association applied to the managed node.

AssociationVersion
Type: string

The version of the association applied to the managed node.

DetailedStatus
Type: string

Detailed status information about the association.

DocumentVersion
Type: string

The association document versions.

ErrorCode
Type: string

An error code returned by the request to create the association.

ExecutionDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the association ran.

ExecutionSummary
Type: string

Summary information about association execution.

InstanceId
Type: string

The managed node ID where the association was created.

Name
Type: string

The name of the association.

OutputUrl

A URL for an S3 bucket where you want to store the results of this request.

Status
Type: string

Status information about the association.

InstanceInformation

Description

Describes a filter for a specific list of managed nodes.

Members
ActivationId
Type: string

The activation ID created by Amazon Web Services Systems Manager when the server or virtual machine (VM) was registered.

AgentVersion
Type: string

The version of SSM Agent running on your Linux managed node.

AssociationOverview

Information about the association.

AssociationStatus
Type: string

The status of the association.

ComputerName
Type: string

The fully qualified host name of the managed node.

IPAddress
Type: string

The IP address of the managed node.

IamRole
Type: string

The role assigned to an Amazon EC2 instance configured with a Systems Manager Quick Setup host management configuration or the role assigned to an on-premises managed node.

This call doesn't return the IAM role for unmanaged Amazon EC2 instances (instances not configured for Systems Manager). To retrieve the role for an unmanaged instance, use the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.

InstanceId
Type: string

The managed node ID.

IsLatestVersion
Type: boolean

Indicates whether the latest version of SSM Agent is running on your Linux managed node. This field doesn't indicate whether or not the latest version is installed on Windows managed nodes, because some older versions of Windows Server use the EC2Config service to process Systems Manager requests.

LastAssociationExecutionDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the association was last run.

LastPingDateTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the agent last pinged the Systems Manager service.

LastSuccessfulAssociationExecutionDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The last date the association was successfully run.

Name
Type: string

The name assigned to an on-premises server, edge device, or virtual machine (VM) when it is activated as a Systems Manager managed node. The name is specified as the DefaultInstanceName property using the CreateActivation command. It is applied to the managed node by specifying the Activation Code and Activation ID when you install SSM Agent on the node, as explained in How to install SSM Agent on hybrid Linux nodes and How to install SSM Agent on hybrid Windows Server nodes. To retrieve the Name tag of an EC2 instance, use the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.

PingStatus
Type: string

Connection status of SSM Agent.

The status Inactive has been deprecated and is no longer in use.

PlatformName
Type: string

The name of the operating system platform running on your managed node.

PlatformType
Type: string

The operating system platform type.

PlatformVersion
Type: string

The version of the OS platform running on your managed node.

RegistrationDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the server or VM was registered with Amazon Web Services as a managed node.

ResourceType
Type: string

The type of instance. Instances are either EC2 instances or managed instances.

SourceId
Type: string

The ID of the source resource. For IoT Greengrass devices, SourceId is the Thing name.

SourceType
Type: string

The type of the source resource. For IoT Greengrass devices, SourceType is AWS::IoT::Thing.

InstanceInformationFilter

Description

Describes a filter for a specific list of managed nodes. You can filter node information by using tags. You specify tags by using a key-value mapping.

Use this operation instead of the DescribeInstanceInformationRequest$InstanceInformationFilterList method. The InstanceInformationFilterList method is a legacy method and doesn't support tags.

Members
key
Required: Yes
Type: string

The name of the filter.

valueSet
Required: Yes
Type: Array of strings

The filter values.

InstanceInformationStringFilter

Description

The filters to describe or get information about your managed nodes.

Members
Key
Required: Yes
Type: string

The filter key name to describe your managed nodes.

Valid filter key values: ActivationIds | AgentVersion | AssociationStatus | IamRole | InstanceIds | PingStatus | PlatformTypes | ResourceType | SourceIds | SourceTypes | "tag-key" | "tag:{keyname}

  • Valid values for the AssociationStatus filter key: Success | Pending | Failed

  • Valid values for the PingStatus filter key: Online | ConnectionLost | Inactive (deprecated)

  • Valid values for the PlatformType filter key: Windows | Linux | MacOS

  • Valid values for the ResourceType filter key: EC2Instance | ManagedInstance

  • Valid values for the SourceType filter key: AWS::EC2::Instance | AWS::SSM::ManagedInstance | AWS::IoT::Thing

  • Valid tag examples: Key=tag-key,Values=Purpose | Key=tag:Purpose,Values=Test.

Values
Required: Yes
Type: Array of strings

The filter values.

InstancePatchState

Description

Defines the high-level patch compliance state for a managed node, providing information about the number of installed, missing, not applicable, and failed patches along with metadata about the operation when this information was gathered for the managed node.

Members
BaselineId
Required: Yes
Type: string

The ID of the patch baseline used to patch the managed node.

CriticalNonCompliantCount
Type: int

The number of patches per node that are specified as Critical for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes is NON_COMPLIANT.

FailedCount
Type: int

The number of patches from the patch baseline that were attempted to be installed during the last patching operation, but failed to install.

InstallOverrideList
Type: string

An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document AWS-RunPatchBaseline, overrides the patches specified by the default patch baseline.

For more information about the InstallOverrideList parameter, see SSM Command document for patching: AWS-RunPatchBaseline in the Amazon Web Services Systems Manager User Guide.

InstalledCount
Type: int

The number of patches from the patch baseline that are installed on the managed node.

InstalledOtherCount
Type: int

The number of patches not specified in the patch baseline that are installed on the managed node.

InstalledPendingRebootCount
Type: int

The number of patches installed by Patch Manager since the last time the managed node was rebooted.

InstalledRejectedCount
Type: int

The number of patches installed on a managed node that are specified in a RejectedPatches list. Patches with a status of InstalledRejected were typically installed before they were added to a RejectedPatches list.

If ALLOW_AS_DEPENDENCY is the specified option for RejectedPatchesAction, the value of InstalledRejectedCount will always be 0 (zero).

InstanceId
Required: Yes
Type: string

The ID of the managed node the high-level patch compliance information was collected for.

LastNoRebootInstallOperationTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time of the last attempt to patch the managed node with NoReboot specified as the reboot option.

MissingCount
Type: int

The number of patches from the patch baseline that are applicable for the managed node but aren't currently installed.

NotApplicableCount
Type: int

The number of patches from the patch baseline that aren't applicable for the managed node and therefore aren't installed on the node. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in UnreportedNotApplicableCount.

Operation
Required: Yes
Type: string

The type of patching operation that was performed: or

  • SCAN assesses the patch compliance state.

  • INSTALL installs missing patches.

OperationEndTime
Required: Yes
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the most recent patching operation completed on the managed node.

OperationStartTime
Required: Yes
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the most recent patching operation was started on the managed node.

OtherNonCompliantCount
Type: int

The number of patches per node that are specified as other than Critical or Security but aren't compliant with the patch baseline. The status of these managed nodes is NON_COMPLIANT.

OwnerInformation
Type: string

Placeholder information. This field will always be empty in the current release of the service.

PatchGroup
Required: Yes
Type: string

The name of the patch group the managed node belongs to.

RebootOption
Type: string

Indicates the reboot option specified in the patch baseline.

Reboot options apply to Install operations only. Reboots aren't attempted for Patch Manager Scan operations.

  • RebootIfNeeded: Patch Manager tries to reboot the managed node if it installed any patches, or if any patches are detected with a status of InstalledPendingReboot.

  • NoReboot: Patch Manager attempts to install missing packages without trying to reboot the system. Patches installed with this option are assigned a status of InstalledPendingReboot. These patches might not be in effect until a reboot is performed.

SecurityNonCompliantCount
Type: int

The number of patches per node that are specified as Security in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required managed node reboot. The status of these managed nodes is NON_COMPLIANT.

SnapshotId
Type: string

The ID of the patch baseline snapshot used during the patching operation when this compliance data was collected.

UnreportedNotApplicableCount
Type: int

The number of patches beyond the supported limit of NotApplicableCount that aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.

InstancePatchStateFilter

Description

Defines a filter used in DescribeInstancePatchStatesForPatchGroup to scope down the information returned by the API.

Example: To filter for all managed nodes in a patch group having more than three patches with a FailedCount status, use the following for the filter:

  • Value for Key: FailedCount

  • Value for Type: GreaterThan

  • Value for Values: 3

Members
Key
Required: Yes
Type: string

The key for the filter. Supported values include the following:

  • InstalledCount

  • InstalledOtherCount

  • InstalledPendingRebootCount

  • InstalledRejectedCount

  • MissingCount

  • FailedCount

  • UnreportedNotApplicableCount

  • NotApplicableCount

Type
Required: Yes
Type: string

The type of comparison that should be performed for the value.

Values
Required: Yes
Type: Array of strings

The value for the filter. Must be an integer greater than or equal to 0.

InstanceProperty

Description

An object containing various properties of a managed node.

Members
ActivationId
Type: string

The activation ID created by Systems Manager when the server or virtual machine (VM) was registered

AgentVersion
Type: string

The version of SSM Agent running on your managed node.

Architecture
Type: string

The CPU architecture of the node. For example, x86_64.

AssociationOverview

Status information about the aggregated associations.

AssociationStatus
Type: string

The status of the State Manager association applied to the managed node.

ComputerName
Type: string

The fully qualified host name of the managed node.

IPAddress
Type: string

The public IPv4 address assigned to the node. If a public IPv4 address isn't assigned to the node, this value is blank.

IamRole
Type: string

The IAM role used in the hybrid activation to register the node with Systems Manager.

InstanceId
Type: string

The ID of the managed node.

InstanceRole
Type: string

The instance profile attached to the node. If an instance profile isn't attached to the node, this value is blank.

InstanceState
Type: string

The current state of the node.

InstanceType
Type: string

The instance type of the managed node. For example, t3.large.

KeyName
Type: string

The name of the key pair associated with the node. If a key pair isnt't associated with the node, this value is blank.

LastAssociationExecutionDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the association was last run.

LastPingDateTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time when the SSM Agent last pinged the Systems Manager service.

LastSuccessfulAssociationExecutionDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The last date the association was successfully run.

LaunchTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The timestamp for when the node was launched.

Name
Type: string

The value of the EC2 Name tag associated with the node. If a Name tag hasn't been applied to the node, this value is blank.

PingStatus
Type: string

Connection status of the SSM Agent on the managed node.

PlatformName
Type: string

The name of the operating system platform running on your managed node.

PlatformType
Type: string

The operating system platform type of the managed node. For example, Windows.

PlatformVersion
Type: string

The version of the OS platform running on your managed node.

RegistrationDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the node was registered with Systems Manager.

ResourceType
Type: string

The type of managed node.

SourceId
Type: string

The ID of the source resource.

SourceType
Type: string

The type of the source resource.

InstancePropertyFilter

Description

Describes a filter for a specific list of managed nodes. You can filter node information by using tags. You specify tags by using a key-value mapping.

Members
key
Required: Yes
Type: string

The name of the filter.

valueSet
Required: Yes
Type: Array of strings

The filter values.

InstancePropertyStringFilter

Description

The filters to describe or get information about your managed nodes.

Members
Key
Required: Yes
Type: string

The filter key name to describe your managed nodes.

Operator
Type: string

The operator used by the filter call.

Values
Required: Yes
Type: Array of strings

The filter key name to describe your managed nodes.

InternalServerError

Description

An error occurred on the server side.

Members
Message
Type: string

InvalidActivation

Description

The activation isn't valid. The activation might have been deleted, or the ActivationId and the ActivationCode don't match.

Members
Message
Type: string

InvalidActivationId

Description

The activation ID isn't valid. Verify the you entered the correct ActivationId or ActivationCode and try again.

Members
Message
Type: string

InvalidAggregatorException

Description

The specified aggregator isn't valid for inventory groups. Verify that the aggregator uses a valid inventory type such as AWS:Application or AWS:InstanceInformation.

Members
Message
Type: string

InvalidAllowedPatternException

Description

The request doesn't meet the regular expression requirement.

Members
message
Type: string

The request doesn't meet the regular expression requirement.

InvalidAssociation

Description

The association isn't valid or doesn't exist.

Members
Message
Type: string

InvalidAssociationVersion

Description

The version you specified isn't valid. Use ListAssociationVersions to view all versions of an association according to the association ID. Or, use the $LATEST parameter to view the latest version of the association.

Members
Message
Type: string

InvalidAutomationExecutionParametersException

Description

The supplied parameters for invoking the specified Automation runbook are incorrect. For example, they may not match the set of parameters permitted for the specified Automation document.

Members
Message
Type: string

InvalidAutomationSignalException

Description

The signal isn't valid for the current Automation execution.

Members
Message
Type: string

InvalidAutomationStatusUpdateException

Description

The specified update status operation isn't valid.

Members
Message
Type: string

InvalidCommandId

Description

The specified command ID isn't valid. Verify the ID and try again.

Members

InvalidDeleteInventoryParametersException

Description

One or more of the parameters specified for the delete operation isn't valid. Verify all parameters and try again.

Members
Message
Type: string

InvalidDeletionIdException

Description

The ID specified for the delete operation doesn't exist or isn't valid. Verify the ID and try again.

Members
Message
Type: string

InvalidDocument

Description

The specified SSM document doesn't exist.

Members
Message
Type: string

The SSM document doesn't exist or the document isn't available to the user. This exception can be issued by various API operations.

InvalidDocumentContent

Description

The content for the document isn't valid.

Members
Message
Type: string

A description of the validation error.

InvalidDocumentOperation

Description

You attempted to delete a document while it is still shared. You must stop sharing the document before you can delete it.

Members
Message
Type: string

InvalidDocumentSchemaVersion

Description

The version of the document schema isn't supported.

Members
Message
Type: string

InvalidDocumentType

Description

The SSM document type isn't valid. Valid document types are described in the DocumentType property.

Members
Message
Type: string

InvalidDocumentVersion

Description

The document version isn't valid or doesn't exist.

Members
Message
Type: string

InvalidFilter

Description

The filter name isn't valid. Verify the you entered the correct name and try again.

Members
Message
Type: string

InvalidFilterKey

Description

The specified key isn't valid.

Members

InvalidFilterOption

Description

The specified filter option isn't valid. Valid options are Equals and BeginsWith. For Path filter, valid options are Recursive and OneLevel.

Members
message
Type: string

The specified filter option isn't valid. Valid options are Equals and BeginsWith. For Path filter, valid options are Recursive and OneLevel.

InvalidFilterValue

Description

The filter value isn't valid. Verify the value and try again.

Members
Message
Type: string

InvalidInstanceId

Description

The following problems can cause this exception:

  • You don't have permission to access the managed node.

  • Amazon Web Services Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.

  • SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.

  • The managed node isn't in a valid state. Valid states are: Running, Pending, Stopped, and Stopping. Invalid states are: Shutting-down and Terminated.

Members
Message
Type: string

InvalidInstanceInformationFilterValue

Description

The specified filter value isn't valid.

Members
message
Type: string

InvalidInstancePropertyFilterValue

Description

The specified filter value isn't valid.

Members
message
Type: string

InvalidInventoryGroupException

Description

The specified inventory group isn't valid.

Members
Message
Type: string

InvalidInventoryItemContextException

Description

You specified invalid keys or values in the Context attribute for InventoryItem. Verify the keys and values, and try again.

Members
Message
Type: string

InvalidInventoryRequestException

Description

The request isn't valid.

Members
Message
Type: string

InvalidItemContentException

Description

One or more content items isn't valid.

Members
Message
Type: string
TypeName
Type: string

InvalidKeyId

Description

The query key ID isn't valid.

Members
message
Type: string

InvalidNextToken

Description

The specified token isn't valid.

Members
Message
Type: string

InvalidNotificationConfig

Description

One or more configuration items isn't valid. Verify that a valid Amazon Resource Name (ARN) was provided for an Amazon Simple Notification Service topic.

Members
Message
Type: string

InvalidOptionException

Description

The delete inventory option specified isn't valid. Verify the option and try again.

Members
Message
Type: string

InvalidOutputFolder

Description

The S3 bucket doesn't exist.

Members

InvalidOutputLocation

Description

The output location isn't valid or doesn't exist.

Members

InvalidParameters

Description

You must specify values for all required parameters in the Amazon Web Services Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.

Members
Message
Type: string

InvalidPermissionType

Description

The permission type isn't supported. Share is the only supported permission type.

Members
Message
Type: string

InvalidPluginName

Description

The plugin name isn't valid.

Members

InvalidPolicyAttributeException

Description

A policy attribute or its value is invalid.

Members
message
Type: string

InvalidPolicyTypeException

Description

The policy type isn't supported. Parameter Store supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.

Members
message
Type: string

InvalidResourceId

Description

The resource ID isn't valid. Verify that you entered the correct ID and try again.

Members

InvalidResourceType

Description

The resource type isn't valid. For example, if you are attempting to tag an EC2 instance, the instance must be a registered managed node.

Members

InvalidResultAttributeException

Description

The specified inventory item result attribute isn't valid.

Members
Message
Type: string

InvalidRole

Description

The role name can't contain invalid characters. Also verify that you specified an IAM role for notifications that includes the required trust policy. For information about configuring the IAM role for Run Command notifications, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.

Members
Message
Type: string

InvalidSchedule

Description

The schedule is invalid. Verify your cron or rate expression and try again.

Members
Message
Type: string

InvalidTag

Description

The specified tag key or value isn't valid.

Members
Message
Type: string

InvalidTarget

Description

The target isn't valid or doesn't exist. It might not be configured for Systems Manager or you might not have permission to perform the operation.

Members
Message
Type: string

InvalidTargetMaps

Description

TargetMap parameter isn't valid.

Members
Message
Type: string

InvalidTypeNameException

Description

The parameter type name isn't valid.

Members
Message
Type: string

InvalidUpdate

Description

The update isn't valid.

Members
Message
Type: string

InventoryAggregator

Description

Specifies the inventory type and attribute for the aggregation execution.

Members
Aggregators
Type: Array of InventoryAggregator structures

Nested aggregators to further refine aggregation for an inventory type.

Expression
Type: string

The inventory type and attribute name for aggregation.

Groups
Type: Array of InventoryGroup structures

A user-defined set of one or more filters on which to aggregate inventory data. Groups return a count of resources that match and don't match the specified criteria.

InventoryDeletionStatusItem

Description

Status information returned by the DeleteInventory operation.

Members
DeletionId
Type: string

The deletion ID returned by the DeleteInventory operation.

DeletionStartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The UTC timestamp when the delete operation started.

DeletionSummary
Type: InventoryDeletionSummary structure

Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the Amazon Web Services Systems Manager User Guide.

LastStatus
Type: string

The status of the operation. Possible values are InProgress and Complete.

LastStatusMessage
Type: string

Information about the status.

LastStatusUpdateTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The UTC timestamp of when the last status report.

TypeName
Type: string

The name of the inventory data type.

InventoryDeletionSummary

Description

Information about the delete operation.

Members
RemainingCount
Type: int

Remaining number of items to delete.

SummaryItems
Type: Array of InventoryDeletionSummaryItem structures

A list of counts and versions for deleted items.

TotalCount
Type: int

The total number of items to delete. This count doesn't change during the delete operation.

InventoryDeletionSummaryItem

Description

Either a count, remaining count, or a version number in a delete inventory summary.

Members
Count
Type: int

A count of the number of deleted items.

RemainingCount
Type: int

The remaining number of items to delete.

Version
Type: string

The inventory type version.

InventoryFilter

Description

One or more filters. Use a filter to return a more specific list of results.

Members
Key
Required: Yes
Type: string

The name of the filter key.

Type
Type: string

The type of filter.

The Exists filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide.

Values
Required: Yes
Type: Array of strings

Inventory filter values. Example: inventory filter where managed node IDs are specified as values Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal.

InventoryGroup

Description

A user-defined set of one or more filters on which to aggregate inventory data. Groups return a count of resources that match and don't match the specified criteria.

Members
Filters
Required: Yes
Type: Array of InventoryFilter structures

Filters define the criteria for the group. The matchingCount field displays the number of resources that match the criteria. The notMatchingCount field displays the number of resources that don't match the criteria.

Name
Required: Yes
Type: string

The name of the group.

InventoryItem

Description

Information collected from managed nodes based on your inventory policy document

Members
CaptureTime
Required: Yes
Type: string

The time the inventory information was collected.

Content
Type: Array of stringss

The inventory data of the inventory type.

ContentHash
Type: string

MD5 hash of the inventory item type contents. The content hash is used to determine whether to update inventory information. The PutInventory API doesn't update the inventory item type contents if the MD5 hash hasn't changed since last update.

Context
Type: Associative array of custom strings keys (AttributeName) to strings

A map of associated properties for a specified inventory type. For example, with this attribute, you can specify the ExecutionId, ExecutionType, ComplianceType properties of the AWS:ComplianceItem type.

SchemaVersion
Required: Yes
Type: string

The schema version for the inventory item.

TypeName
Required: Yes
Type: string

The name of the inventory type. Default inventory item type names start with AWS. Custom inventory type names will start with Custom. Default inventory item types include the following: AWS:AWSComponent, AWS:Application, AWS:InstanceInformation, AWS:Network, and AWS:WindowsUpdate.

InventoryItemAttribute

Description

Attributes are the entries within the inventory item content. It contains name and value.

Members
DataType
Required: Yes
Type: string

The data type of the inventory item attribute.

Name
Required: Yes
Type: string

Name of the inventory item attribute.

InventoryItemSchema

Description

The inventory item schema definition. Users can use this to compose inventory query filters.

Members
Attributes
Required: Yes
Type: Array of InventoryItemAttribute structures

The schema attributes for inventory. This contains data type and attribute name.

DisplayName
Type: string

The alias name of the inventory type. The alias name is used for display purposes.

TypeName
Required: Yes
Type: string

The name of the inventory type. Default inventory item type names start with Amazon Web Services. Custom inventory type names will start with Custom. Default inventory item types include the following: AWS:AWSComponent, AWS:Application, AWS:InstanceInformation, AWS:Network, and AWS:WindowsUpdate.

Version
Type: string

The schema version for the inventory item.

InventoryResultEntity

Description

Inventory query results.

Members
Data
Type: Associative array of custom strings keys (InventoryResultItemKey) to InventoryResultItem structures

The data section in the inventory result entity JSON.

Id
Type: string

ID of the inventory result entity. For example, for managed node inventory the result will be the managed node ID. For EC2 instance inventory, the result will be the instance ID.

InventoryResultItem

Description

The inventory result item.

Members
CaptureTime
Type: string

The time inventory item data was captured.

Content
Required: Yes
Type: Array of stringss

Contains all the inventory data of the item type. Results include attribute names and values.

ContentHash
Type: string

MD5 hash of the inventory item type contents. The content hash is used to determine whether to update inventory information. The PutInventory API doesn't update the inventory item type contents if the MD5 hash hasn't changed since last update.

SchemaVersion
Required: Yes
Type: string

The schema version for the inventory result item/

TypeName
Required: Yes
Type: string

The name of the inventory result item type.

InvocationDoesNotExist

Description

The command ID and managed node ID you specified didn't match any invocations. Verify the command ID and the managed node ID and try again.

Members

ItemContentMismatchException

Description

The inventory item has invalid content.

Members
Message
Type: string
TypeName
Type: string

ItemSizeLimitExceededException

Description

The inventory item size has exceeded the size limit.

Members
Message
Type: string
TypeName
Type: string

LoggingInfo

Description

Information about an Amazon Simple Storage Service (Amazon S3) bucket to write managed node-level logs to.

LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

Members
S3BucketName
Required: Yes
Type: string

The name of an S3 bucket where execution logs are stored.

S3KeyPrefix
Type: string

(Optional) The S3 bucket subfolder.

S3Region
Required: Yes
Type: string

The Amazon Web Services Region where the S3 bucket is located.

MaintenanceWindowAutomationParameters

Description

The parameters for an AUTOMATION task type.

Members
DocumentVersion
Type: string

The version of an Automation runbook to use during task execution.

Parameters
Type: Associative array of custom strings keys (AutomationParameterKey) to stringss

The parameters for the AUTOMATION task.

For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.

LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

For AUTOMATION task types, Amazon Web Services Systems Manager ignores any values specified for these parameters.

MaintenanceWindowExecution

Description

Describes the information about an execution of a maintenance window.

Members
EndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the execution finished.

StartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the execution started.

Status
Type: string

The status of the execution.

StatusDetails
Type: string

The details explaining the status. Not available for all status values.

WindowExecutionId
Type: string

The ID of the maintenance window execution.

WindowId
Type: string

The ID of the maintenance window.

MaintenanceWindowExecutionTaskIdentity

Description

Information about a task execution performed as part of a maintenance window execution.

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The details for the CloudWatch alarm applied to your maintenance window task.

EndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the task execution finished.

StartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the task execution started.

Status
Type: string

The status of the task execution.

StatusDetails
Type: string

The details explaining the status of the task execution. Not available for all status values.

TaskArn
Type: string

The Amazon Resource Name (ARN) of the task that ran.

TaskExecutionId
Type: string

The ID of the specific task execution in the maintenance window execution.

TaskType
Type: string

The type of task that ran.

TriggeredAlarms
Type: Array of AlarmStateInformation structures

The CloudWatch alarm that was invoked by the maintenance window task.

WindowExecutionId
Type: string

The ID of the maintenance window execution that ran the task.

MaintenanceWindowExecutionTaskInvocationIdentity

Description

Describes the information about a task invocation for a particular target as part of a task execution performed as part of a maintenance window execution.

Members
EndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the invocation finished.

ExecutionId
Type: string

The ID of the action performed in the service that actually handled the task invocation. If the task type is RUN_COMMAND, this value is the command ID.

InvocationId
Type: string

The ID of the task invocation.

OwnerInformation
Type: string

User-provided value that was specified when the target was registered with the maintenance window. This was also included in any Amazon CloudWatch Events events raised during the task invocation.

Parameters
Type: string

The parameters that were provided for the invocation when it was run.

StartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the invocation started.

Status
Type: string

The status of the task invocation.

StatusDetails
Type: string

The details explaining the status of the task invocation. Not available for all status values.

TaskExecutionId
Type: string

The ID of the specific task execution in the maintenance window execution.

TaskType
Type: string

The task type.

WindowExecutionId
Type: string

The ID of the maintenance window execution that ran the task.

WindowTargetId
Type: string

The ID of the target definition in this maintenance window the invocation was performed for.

MaintenanceWindowFilter

Description

Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:

Members
Key
Type: string

The name of the filter.

Values
Type: Array of strings

The filter values.

MaintenanceWindowIdentity

Description

Information about the maintenance window.

Members
Cutoff
Type: int

The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.

Description
Type: string

A description of the maintenance window.

Duration
Type: int

The duration of the maintenance window in hours.

Enabled
Type: boolean

Indicates whether the maintenance window is enabled.

EndDate
Type: string

The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive.

Name
Type: string

The name of the maintenance window.

NextExecutionTime
Type: string

The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive.

Schedule
Type: string

The schedule of the maintenance window in the form of a cron or rate expression.

ScheduleOffset
Type: int

The number of days to wait to run a maintenance window after the scheduled cron expression date and time.

ScheduleTimezone
Type: string

The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.

StartDate
Type: string

The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active.

WindowId
Type: string

The ID of the maintenance window.

MaintenanceWindowIdentityForTarget

Description

The maintenance window to which the specified target belongs.

Members
Name
Type: string

The name of the maintenance window.

WindowId
Type: string

The ID of the maintenance window.

MaintenanceWindowLambdaParameters

Description

The parameters for a LAMBDA task type.

For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.

LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

For Lambda tasks, Systems Manager ignores any values specified for TaskParameters and LoggingInfo.

Members
ClientContext
Type: string

Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.

Payload
Type: blob (string|resource|Psr\Http\Message\StreamInterface)

JSON to provide to your Lambda function as input.

Qualifier
Type: string

(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.

MaintenanceWindowRunCommandParameters

Description

The parameters for a RUN_COMMAND task type.

For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.

LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

For RUN_COMMAND tasks, Systems Manager uses specified values for TaskParameters and LoggingInfo only if no values are specified for TaskInvocationParameters.

Members
CloudWatchOutputConfig
Type: CloudWatchOutputConfig structure

Configuration options for sending command output to Amazon CloudWatch Logs.

Comment
Type: string

Information about the commands to run.

DocumentHash
Type: string

The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.

DocumentHashType
Type: string

SHA-256 or SHA-1. SHA-1 hashes have been deprecated.

DocumentVersion
Type: string

The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify $DEFAULT, $LATEST, or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:

--document-version "\$DEFAULT"

--document-version "\$LATEST"

--document-version "3"

NotificationConfig
Type: NotificationConfig structure

Configurations for sending notifications about command status changes on a per-managed node basis.

OutputS3BucketName
Type: string

The name of the Amazon Simple Storage Service (Amazon S3) bucket.

OutputS3KeyPrefix
Type: string

The S3 bucket subfolder.

Parameters
Type: Associative array of custom strings keys (ParameterName) to stringss

The parameters for the RUN_COMMAND task execution.

ServiceRoleArn
Type: string

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

TimeoutSeconds
Type: int

If this time is reached and the command hasn't already started running, it doesn't run.

MaintenanceWindowStepFunctionsParameters

Description

The parameters for a STEP_FUNCTIONS task.

For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.

LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

For Step Functions tasks, Systems Manager ignores any values specified for TaskParameters and LoggingInfo.

Members
Input
Type: string

The inputs for the STEP_FUNCTIONS task.

Name
Type: string

The name of the STEP_FUNCTIONS task.

MaintenanceWindowTarget

Description

The target registered with the maintenance window.

Members
Description
Type: string

A description for the target.

Name
Type: string

The name for the maintenance window target.

OwnerInformation
Type: string

A user-provided value that will be included in any Amazon CloudWatch Events events that are raised while running tasks for these targets in this maintenance window.

ResourceType
Type: string

The type of target that is being registered with the maintenance window.

Targets
Type: Array of Target structures

The targets, either managed nodes or tags.

Specify managed nodes using the following format:

Key=instanceids,Values=<instanceid1>,<instanceid2>

Tags are specified using the following format:

Key=<tag name>,Values=<tag value>.

WindowId
Type: string

The ID of the maintenance window to register the target with.

WindowTargetId
Type: string

The ID of the target.

MaintenanceWindowTask

Description

Information about a task defined for a maintenance window.

Members
AlarmConfiguration
Type: AlarmConfiguration structure

The details for the CloudWatch alarm applied to your maintenance window task.

CutoffBehavior
Type: string

The specification for whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.

Description
Type: string

A description of the task.

LoggingInfo
Type: LoggingInfo structure

Information about an S3 bucket to write task-level logs to.

LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

MaxConcurrency
Type: string

The maximum number of targets this task can be run for, in parallel.

Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.

For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1. This value doesn't affect the running of your task.

MaxErrors
Type: string

The maximum number of errors allowed before this task stops being scheduled.

Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a targetless task You must provide a value in all other cases.

For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1. This value doesn't affect the running of your task.

Name
Type: string

The task name.

Priority
Type: int

The priority of the task in the maintenance window. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.

ServiceRoleArn
Type: string

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the Amazon Web Services Systems Manager User Guide.

Targets
Type: Array of Target structures

The targets (either managed nodes or tags). Managed nodes are specified using Key=instanceids,Values=<instanceid1>,<instanceid2>. Tags are specified using Key=<tag name>,Values=<tag value>.

TaskArn
Type: string

The resource that the task uses during execution. For RUN_COMMAND and AUTOMATION task types, TaskArn is the Amazon Web Services Systems Manager (SSM document) name or ARN. For LAMBDA tasks, it's the function name or ARN. For STEP_FUNCTIONS tasks, it's the state machine ARN.

TaskParameters
Type: Associative array of custom strings keys (MaintenanceWindowTaskParameterName) to MaintenanceWindowTaskParameterValueExpression structures

The parameters that should be passed to the task when it is run.

TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.

Type
Type: string

The type of task.

WindowId
Type: string

The ID of the maintenance window where the task is registered.

WindowTaskId
Type: string

The task ID.

MaintenanceWindowTaskInvocationParameters

Description

The parameters for task execution.

Members
Automation

The parameters for an AUTOMATION task type.

Lambda

The parameters for a LAMBDA task type.

RunCommand

The parameters for a RUN_COMMAND task type.

StepFunctions

The parameters for a STEP_FUNCTIONS task type.

MaintenanceWindowTaskParameterValueExpression

Description

Defines the values for a task parameter.

Members
Values
Type: Array of strings

This field contains an array of 0 or more strings, each 1 to 255 characters in length.

MalformedResourcePolicyDocumentException

Description

The specified policy document is malformed or invalid, or excessive PutResourcePolicy or DeleteResourcePolicy calls have been made.

Members
Message
Type: string

MaxDocumentSizeExceeded

Description

The size limit of a document is 64 KB.

Members
Message
Type: string

MetadataValue

Description

Metadata to assign to an Application Manager application.

Members
Value
Type: string

Metadata value to assign to an Application Manager application.

NonCompliantSummary

Description

A summary of resources that aren't compliant. The summary is organized according to resource type.

Members
NonCompliantCount
Type: int

The total number of compliance items that aren't compliant.

SeveritySummary
Type: SeveritySummary structure

A summary of the non-compliance severity by compliance type

NotificationConfig

Description

Configurations for sending notifications.

Members
NotificationArn
Type: string

An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.

NotificationEvents
Type: Array of strings

The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.

NotificationType
Type: string

The type of notification.

  • Command: Receive notification when the status of a command changes.

  • Invocation: For commands sent to multiple managed nodes, receive notification on a per-node basis when the status of a command changes.

OpsAggregator

Description

One or more aggregators for viewing counts of OpsData using different dimensions such as Source, CreatedTime, or Source and CreatedTime, to name a few.

Members
AggregatorType
Type: string

Either a Range or Count aggregator for limiting an OpsData summary.

Aggregators
Type: Array of OpsAggregator structures

A nested aggregator for viewing counts of OpsData.

AttributeName
Type: string

The name of an OpsData attribute on which to limit the count of OpsData.

Filters
Type: Array of OpsFilter structures

The aggregator filters.

TypeName
Type: string

The data type name to use for viewing counts of OpsData.

Values
Type: Associative array of custom strings keys (OpsAggregatorValueKey) to strings

The aggregator value.

OpsEntity

Description

The result of the query.

Members
Data
Type: Associative array of custom strings keys (OpsEntityItemKey) to OpsEntityItem structures

The data returned by the query.

Id
Type: string

The query ID.

OpsEntityItem

Description

The OpsData summary.

Members
CaptureTime
Type: string

The time the OpsData was captured.

Content
Type: Array of stringss

The details of an OpsData summary.

OpsFilter

Description

A filter for viewing OpsData summaries.

Members
Key
Required: Yes
Type: string

The name of the filter.

Type
Type: string

The type of filter.

Values
Required: Yes
Type: Array of strings

The filter value.

OpsItem

Description

Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational work items (OpsItems) impacting the performance and health of their Amazon Web Services resources. OpsCenter is integrated with Amazon EventBridge and Amazon CloudWatch. This means you can configure these services to automatically create an OpsItem in OpsCenter when a CloudWatch alarm enters the ALARM state or when EventBridge processes an event from any Amazon Web Services service that publishes events. Configuring Amazon CloudWatch alarms and EventBridge events to automatically create OpsItems allows you to quickly diagnose and remediate issues with Amazon Web Services resources from a single console.

To help you diagnose issues, each OpsItem includes contextually relevant information such as the name and ID of the Amazon Web Services resource that generated the OpsItem, alarm or event details, alarm history, and an alarm timeline graph. For the Amazon Web Services resource, OpsCenter aggregates information from Config, CloudTrail logs, and EventBridge, so you don't have to navigate across multiple console pages during your investigation. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.

Members
ActualEndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time a runbook workflow ended. Currently reported only for the OpsItem type /aws/changerequest.

ActualStartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time a runbook workflow started. Currently reported only for the OpsItem type /aws/changerequest.

Category
Type: string

An OpsItem category. Category options include: Availability, Cost, Performance, Recovery, Security.

CreatedBy
Type: string

The ARN of the Amazon Web Services account that created the OpsItem.

CreatedTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the OpsItem was created.

Description
Type: string

The OpsItem description.

LastModifiedBy
Type: string

The ARN of the Amazon Web Services account that last updated the OpsItem.

LastModifiedTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the OpsItem was last updated.

Notifications
Type: Array of OpsItemNotification structures

The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.

OperationalData
Type: Associative array of custom strings keys (OpsItemDataKey) to OpsItemDataValue structures

Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.

Operational data keys can't begin with the following: amazon, aws, amzn, ssm, /amazon, /aws, /amzn, /ssm.

You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).

Use the /aws/resources key in OperationalData to specify a related resource in the request. Use the /aws/automations key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Creating OpsItems manually in the Amazon Web Services Systems Manager User Guide.

OpsItemArn
Type: string

The OpsItem Amazon Resource Name (ARN).

OpsItemId
Type: string

The ID of the OpsItem.

OpsItemType
Type: string

The type of OpsItem. Systems Manager supports the following types of OpsItems:

  • /aws/issue

    This type of OpsItem is used for default OpsItems created by OpsCenter.

  • /aws/changerequest

    This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.

  • /aws/insight

    This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.

PlannedEndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest.

PlannedStartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type /aws/changerequest.

Priority
Type: int

The importance of this OpsItem in relation to other OpsItems in the system.

RelatedOpsItems
Type: Array of RelatedOpsItem structures

One or more OpsItems that share something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.

Severity
Type: string

The severity of the OpsItem. Severity options range from 1 to 4.

Source
Type: string

The origin of the OpsItem, such as Amazon EC2 or Systems Manager. The impacted resource is a subset of source.

Status
Type: string

The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.

Title
Type: string

A short heading that describes the nature of the OpsItem and the impacted resource.

Version
Type: string

The version of this OpsItem. Each time the OpsItem is edited the version number increments by one.

OpsItemAccessDeniedException

Description

You don't have permission to view OpsItems in the specified account. Verify that your account is configured either as a Systems Manager delegated administrator or that you are logged into the Organizations management account.

Members
Message
Type: string

OpsItemAlreadyExistsException

Description

The OpsItem already exists.

Members
Message
Type: string
OpsItemId
Type: string

OpsItemConflictException

Description

The specified OpsItem is in the process of being deleted.

Members
Message
Type: string

OpsItemDataValue

Description

An object that defines the value of the key and its type in the OperationalData map.

Members
Type
Type: string

The type of key-value pair. Valid types include SearchableString and String.

Value
Type: string

The value of the OperationalData key.

OpsItemEventFilter

Description

Describes a filter for a specific list of OpsItem events. You can filter event information by using tags. You specify tags by using a key-value pair mapping.

Members
Key
Required: Yes
Type: string

The name of the filter key. Currently, the only supported value is OpsItemId.

Operator
Required: Yes
Type: string

The operator used by the filter call. Currently, the only supported value is Equal.

Values
Required: Yes
Type: Array of strings

The values for the filter, consisting of one or more OpsItem IDs.

OpsItemEventSummary

Description

Summary information about an OpsItem event or that associated an OpsItem with a related item.

Members
CreatedBy
Type: OpsItemIdentity structure

Information about the user or resource that created the OpsItem event.

CreatedTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the OpsItem event was created.

Detail
Type: string

Specific information about the OpsItem event.

DetailType
Type: string

The type of information provided as a detail.

EventId
Type: string

The ID of the OpsItem event.

OpsItemId
Type: string

The ID of the OpsItem.

Source
Type: string

The source of the OpsItem event.

OpsItemFilter

Description

Describes an OpsItem filter.

Members
Key
Required: Yes
Type: string

The name of the filter.

Operator
Required: Yes
Type: string

The operator used by the filter call.

Values
Required: Yes
Type: Array of strings

The filter value.

OpsItemIdentity

Description

Information about the user or resource that created an OpsItem event.

Members
Arn
Type: string

The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem event.

OpsItemInvalidParameterException

Description

A specified parameter argument isn't valid. Verify the available arguments and try again.

Members
Message
Type: string
ParameterNames
Type: Array of strings

OpsItemLimitExceededException

Description

The request caused OpsItems to exceed one or more quotas.

Members
Limit
Type: int
LimitType
Type: string
Message
Type: string
ResourceTypes
Type: Array of strings

OpsItemNotFoundException

Description

The specified OpsItem ID doesn't exist. Verify the ID and try again.

Members
Message
Type: string

OpsItemNotification

Description

A notification about the OpsItem.

Members
Arn
Type: string

The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.

OpsItemRelatedItemAlreadyExistsException

Description

The Amazon Resource Name (ARN) is already associated with the OpsItem.

Members
Message
Type: string
OpsItemId
Type: string
ResourceUri
Type: string

OpsItemRelatedItemAssociationNotFoundException

Description

The association wasn't found using the parameters you specified in the call. Verify the information and try again.

Members
Message
Type: string

OpsItemRelatedItemSummary

Description

Summary information about related-item resources for an OpsItem.

Members
AssociationId
Type: string

The association ID.

AssociationType
Type: string

The association type.

CreatedBy
Type: OpsItemIdentity structure

Information about the user or resource that created an OpsItem event.

CreatedTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the related-item association was created.

LastModifiedBy
Type: OpsItemIdentity structure

Information about the user or resource that created an OpsItem event.

LastModifiedTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time the related-item association was last updated.

OpsItemId
Type: string

The OpsItem ID.

ResourceType
Type: string

The resource type.

ResourceUri
Type: string

The Amazon Resource Name (ARN) of the related-item resource.

OpsItemRelatedItemsFilter

Description

Describes a filter for a specific list of related-item resources.

Members
Key
Required: Yes
Type: string

The name of the filter key. Supported values include ResourceUri, ResourceType, or AssociationId.

Operator
Required: Yes
Type: string

The operator used by the filter call. The only supported operator is EQUAL.

Values
Required: Yes
Type: Array of strings

The values for the filter.

OpsItemSummary

Description

A count of OpsItems.

Members
ActualEndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time a runbook workflow ended. Currently reported only for the OpsItem type /aws/changerequest.

ActualStartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time a runbook workflow started. Currently reported only for the OpsItem type /aws/changerequest.

Category
Type: string

A list of OpsItems by category.

CreatedBy
Type: string

The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem.

CreatedTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the OpsItem was created.

LastModifiedBy
Type: string

The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem.

LastModifiedTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the OpsItem was last updated.

OperationalData
Type: Associative array of custom strings keys (OpsItemDataKey) to OpsItemDataValue structures

Operational data is custom data that provides useful reference details about the OpsItem.

OpsItemId
Type: string

The ID of the OpsItem.

OpsItemType
Type: string

The type of OpsItem. Systems Manager supports the following types of OpsItems:

  • /aws/issue

    This type of OpsItem is used for default OpsItems created by OpsCenter.

  • /aws/changerequest

    This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.

  • /aws/insight

    This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.

PlannedEndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest.

PlannedStartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type /aws/changerequest.

Priority
Type: int

The importance of this OpsItem in relation to other OpsItems in the system.

Severity
Type: string

A list of OpsItems by severity.

Source
Type: string

The impacted Amazon Web Services resource.

Status
Type: string

The OpsItem status.

Title
Type: string

A short heading that describes the nature of the OpsItem and the impacted resource.

OpsMetadata

Description

Operational metadata for an application in Application Manager.

Members
CreationDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the OpsMetadata objects was created.

LastModifiedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the OpsMetadata object was last updated.

LastModifiedUser
Type: string

The user name who last updated the OpsMetadata object.

OpsMetadataArn
Type: string

The Amazon Resource Name (ARN) of the OpsMetadata Object or blob.

ResourceId
Type: string

The ID of the Application Manager application.

OpsMetadataAlreadyExistsException

Description

An OpsMetadata object already exists for the selected resource.

Members
message
Type: string

OpsMetadataFilter

Description

A filter to limit the number of OpsMetadata objects displayed.

Members
Key
Required: Yes
Type: string

A filter key.

Values
Required: Yes
Type: Array of strings

A filter value.

OpsMetadataInvalidArgumentException

Description

One of the arguments passed is invalid.

Members
message
Type: string

OpsMetadataKeyLimitExceededException

Description

The OpsMetadata object exceeds the maximum number of OpsMetadata keys that you can assign to an application in Application Manager.

Members
message
Type: string

OpsMetadataLimitExceededException

Description

Your account reached the maximum number of OpsMetadata objects allowed by Application Manager. The maximum is 200 OpsMetadata objects. Delete one or more OpsMetadata object and try again.

Members
message
Type: string

OpsMetadataNotFoundException

Description

The OpsMetadata object doesn't exist.

Members
message
Type: string

OpsMetadataTooManyUpdatesException

Description

The system is processing too many concurrent updates. Wait a few moments and try again.

Members
message
Type: string

OpsResultAttribute

Description

The OpsItem data type to return.

Members
TypeName
Required: Yes
Type: string

Name of the data type. Valid value: AWS:OpsItem, AWS:EC2InstanceInformation, AWS:OpsItemTrendline, or AWS:ComplianceSummary.

OutputSource

Description

Information about the source where the association execution details are stored.

Members
OutputSourceId
Type: string

The ID of the output source, for example the URL of an S3 bucket.

OutputSourceType
Type: string

The type of source where the association execution details are stored, for example, Amazon S3.

Parameter

Description

An Amazon Web Services Systems Manager parameter in Parameter Store.

Members
ARN
Type: string

The Amazon Resource Name (ARN) of the parameter.

DataType
Type: string

The data type of the parameter, such as text or aws:ec2:image. The default is text.

LastModifiedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

Date the parameter was last changed or updated and the parameter version was created.

Name
Type: string

The name of the parameter.

Selector
Type: string

Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:

parameter_name:version

parameter_name:label

SourceResult
Type: string

Applies to parameters that reference information in other Amazon Web Services services. SourceResult is the raw result or response from the source.

Type
Type: string

The type of parameter. Valid values include the following: String, StringList, and SecureString.

If type is StringList, the system returns a comma-separated string with no spaces between commas in the Value field.

Value
Type: string

The parameter value.

If type is StringList, the system returns a comma-separated string with no spaces between commas in the Value field.

Version
Type: long (int|float)

The parameter version.

ParameterAlreadyExists

Description

The parameter already exists. You can't create duplicate parameters.

Members
message
Type: string

ParameterHistory

Description

Information about parameter usage.

Members
AllowedPattern
Type: string

Parameter names can include the following letters and symbols.

a-zA-Z0-9_.-

DataType
Type: string

The data type of the parameter, such as text or aws:ec2:image. The default is text.

Description
Type: string

Information about the parameter.

KeyId
Type: string

The alias of the Key Management Service (KMS) key used to encrypt the parameter. Applies to SecureString parameters only

Labels
Type: Array of strings

Labels assigned to the parameter version.

LastModifiedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

Date the parameter was last changed or updated.

LastModifiedUser
Type: string

Amazon Resource Name (ARN) of the Amazon Web Services user who last changed the parameter.

Name
Type: string

The name of the parameter.

Policies
Type: Array of ParameterInlinePolicy structures

Information about the policies assigned to a parameter.

Assigning parameter policies in the Amazon Web Services Systems Manager User Guide.

Tier
Type: string

The parameter tier.

Type
Type: string

The type of parameter used.

Value
Type: string

The parameter value.

Version
Type: long (int|float)

The parameter version.

ParameterInlinePolicy

Description

One or more policies assigned to a parameter.

Members
PolicyStatus
Type: string

The status of the policy. Policies report the following statuses: Pending (the policy hasn't been enforced or applied yet), Finished (the policy was applied), Failed (the policy wasn't applied), or InProgress (the policy is being applied now).

PolicyText
Type: string

The JSON text of the policy.

PolicyType
Type: string

The type of policy. Parameter Store, a capability of Amazon Web Services Systems Manager, supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.

ParameterLimitExceeded

Description

You have exceeded the number of parameters for this Amazon Web Services account. Delete one or more parameters and try again.

Members
message
Type: string

ParameterMaxVersionLimitExceeded

Description

Parameter Store retains the 100 most recently created versions of a parameter. After this number of versions has been created, Parameter Store deletes the oldest version when a new one is created. However, if the oldest version has a label attached to it, Parameter Store won't delete the version and instead presents this error message:

An error occurred (ParameterMaxVersionLimitExceeded) when calling the PutParameter operation: You attempted to create a new version of parameter-name by calling the PutParameter API with the overwrite flag. Version version-number, the oldest version, can't be deleted because it has a label associated with it. Move the label to another version of the parameter, and try again.

This safeguard is to prevent parameter versions with mission critical labels assigned to them from being deleted. To continue creating new parameters, first move the label from the oldest version of the parameter to a newer one for use in your operations. For information about moving parameter labels, see Move a parameter label (console) or Move a parameter label (CLI) in the Amazon Web Services Systems Manager User Guide.

Members
message
Type: string

ParameterMetadata

Description

Metadata includes information like the Amazon Resource Name (ARN) of the last user to update the parameter and the date and time the parameter was last used.

Members
ARN
Type: string

The (ARN) of the last user to update the parameter.

AllowedPattern
Type: string

A parameter name can include only the following letters and symbols.

a-zA-Z0-9_.-

DataType
Type: string

The data type of the parameter, such as text or aws:ec2:image. The default is text.

Description
Type: string

Description of the parameter actions.

KeyId
Type: string

The alias of the Key Management Service (KMS) key used to encrypt the parameter. Applies to SecureString parameters only.

LastModifiedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

Date the parameter was last changed or updated.

LastModifiedUser
Type: string

Amazon Resource Name (ARN) of the Amazon Web Services user who last changed the parameter.

Name
Type: string

The parameter name.

Policies
Type: Array of ParameterInlinePolicy structures

A list of policies associated with a parameter.

Tier
Type: string

The parameter tier.

Type
Type: string

The type of parameter. Valid parameter types include the following: String, StringList, and SecureString.

Version
Type: long (int|float)

The parameter version.

ParameterNotFound

Description

The parameter couldn't be found. Verify the name and try again.

Members
message
Type: string

ParameterPatternMismatchException

Description

The parameter name isn't valid.

Members
message
Type: string

The parameter name isn't valid.

ParameterStringFilter

Description

One or more filters. Use a filter to return a more specific list of results.

Members
Key
Required: Yes
Type: string

The name of the filter.

The ParameterStringFilter object is used by the DescribeParameters and GetParametersByPath API operations. However, not all of the pattern values listed for Key can be used with both operations.

For DescribeParameters, all of the listed patterns are valid except Label.

For GetParametersByPath, the following patterns listed for Key aren't valid: tag, DataType, Name, Path, and Tier.

For examples of Amazon Web Services CLI commands demonstrating valid parameter filter constructions, see Searching for Systems Manager parameters in the Amazon Web Services Systems Manager User Guide.

Option
Type: string

For all filters used with DescribeParameters, valid options include Equals and BeginsWith. The Name filter additionally supports the Contains option. (Exception: For filters using the key Path, valid options include Recursive and OneLevel.)

For filters used with GetParametersByPath, valid options include Equals and BeginsWith. (Exception: For filters using Label as the Key name, the only valid option is Equals.)

Values
Type: Array of strings

The value you want to search for.

ParameterVersionLabelLimitExceeded

Description

A parameter version can have a maximum of ten labels.

Members
message
Type: string

ParameterVersionNotFound

Description

The specified parameter version wasn't found. Verify the parameter name and version, and try again.

Members
message
Type: string

ParametersFilter

Description

This data type is deprecated. Instead, use ParameterStringFilter.

Members
Key
Required: Yes
Type: string

The name of the filter.

Values
Required: Yes
Type: Array of strings

The filter values.

ParentStepDetails

Description

A detailed status of the parent step.

Members
Action
Type: string

The name of the automation action.

Iteration
Type: int

The current repetition of the loop represented by an integer.

IteratorValue
Type: string

The current value of the specified iterator in the loop.

StepExecutionId
Type: string

The unique ID of a step execution.

StepName
Type: string

The name of the step.

Patch

Description

Represents metadata about a patch.

Members
AdvisoryIds
Type: Array of strings

The Advisory ID of the patch. For example, RHSA-2020:3779. Applies to Linux-based managed nodes only.

Arch
Type: string

The architecture of the patch. For example, in example-pkg-0.710.10-2.7.abcd.x86_64, the architecture is indicated by x86_64. Applies to Linux-based managed nodes only.

BugzillaIds
Type: Array of strings

The Bugzilla ID of the patch. For example, 1600646. Applies to Linux-based managed nodes only.

CVEIds
Type: Array of strings

The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example, CVE-2011-3192. Applies to Linux-based managed nodes only.

Classification
Type: string

The classification of the patch. For example, SecurityUpdates, Updates, or CriticalUpdates.

ContentUrl
Type: string

The URL where more information can be obtained about the patch.

Description
Type: string

The description of the patch.

Epoch
Type: int

The epoch of the patch. For example in pkg-example-EE-20180914-2.2.amzn1.noarch, the epoch value is 20180914-2. Applies to Linux-based managed nodes only.

Id
Type: string

The ID of the patch. Applies to Windows patches only.

This ID isn't the same as the Microsoft Knowledge Base ID.

KbNumber
Type: string

The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.

Language
Type: string

The language of the patch if it's language-specific.

MsrcNumber
Type: string

The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example, MS14-045. Applies to Windows patches only.

MsrcSeverity
Type: string

The severity of the patch, such as Critical, Important, or Moderate. Applies to Windows patches only.

Name
Type: string

The name of the patch. Applies to Linux-based managed nodes only.

Product
Type: string

The specific product the patch is applicable for. For example, WindowsServer2016 or AmazonLinux2018.03.

ProductFamily
Type: string

The product family the patch is applicable for. For example, Windows or Amazon Linux 2.

Release
Type: string

The particular release of a patch. For example, in pkg-example-EE-20180914-2.2.amzn1.noarch, the release is 2.amaz1. Applies to Linux-based managed nodes only.

ReleaseDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the patch was released.

Repository
Type: string

The source patch repository for the operating system and version, such as trusty-security for Ubuntu Server 14.04 LTE and focal-security for Ubuntu Server 20.04 LTE. Applies to Linux-based managed nodes only.

Severity
Type: string

The severity level of the patch. For example, CRITICAL or MODERATE.

Title
Type: string

The title of the patch.

Vendor
Type: string

The name of the vendor providing the patch.

Version
Type: string

The version number of the patch. For example, in example-pkg-1.710.10-2.7.abcd.x86_64, the version number is indicated by -1. Applies to Linux-based managed nodes only.

PatchBaselineIdentity

Description

Defines the basic information about a patch baseline.

Members
BaselineDescription
Type: string

The description of the patch baseline.

BaselineId
Type: string

The ID of the patch baseline.

BaselineName
Type: string

The name of the patch baseline.

DefaultBaseline
Type: boolean

Indicates whether this is the default baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.

OperatingSystem
Type: string

Defines the operating system the patch baseline applies to. The default value is WINDOWS.

PatchComplianceData

Description

Information about the state of a patch on a particular managed node as it relates to the patch baseline used to patch the node.

Members
CVEIds
Type: string

The IDs of one or more Common Vulnerabilities and Exposure (CVE) issues that are resolved by the patch.

Currently, CVE ID values are reported only for patches with a status of Missing or Failed.

Classification
Required: Yes
Type: string

The classification of the patch, such as SecurityUpdates, Updates, and CriticalUpdates.

InstalledTime
Required: Yes
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date/time the patch was installed on the managed node. Not all operating systems provide this level of information.

KBId
Required: Yes
Type: string

The operating system-specific ID of the patch.

Severity
Required: Yes
Type: string

The severity of the patch such as Critical, Important, and Moderate.

State
Required: Yes
Type: string

The state of the patch on the managed node, such as INSTALLED or FAILED.

For descriptions of each patch state, see About patch compliance in the Amazon Web Services Systems Manager User Guide.

Title
Required: Yes
Type: string

The title of the patch.

PatchFilter

Description

Defines which patches should be included in a patch baseline.

A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET, PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, and MSRC_SEVERITY.

The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"], then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.

You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties.

Members
Key
Required: Yes
Type: string

The key for the filter.

Run the DescribePatchProperties command to view lists of valid keys for each operating system type.

Values
Required: Yes
Type: Array of strings

The value for the filter key.

Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.

PatchFilterGroup

Description

A set of patch filters, typically used for approval rules.

Members
PatchFilters
Required: Yes
Type: Array of PatchFilter structures

The set of patch filters that make up the group.

PatchGroupPatchBaselineMapping

Description

The mapping between a patch group and the patch baseline the patch group is registered with.

Members
BaselineIdentity
Type: PatchBaselineIdentity structure

The patch baseline the patch group is registered with.

PatchGroup
Type: string

The name of the patch group registered with the patch baseline.

PatchOrchestratorFilter

Description

Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:

Members
Key
Type: string

The key for the filter.

Values
Type: Array of strings

The value for the filter.

PatchRule

Description

Defines an approval rule for a patch baseline.

Members
ApproveAfterDays
Type: int

The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released.

This parameter is marked as Required: No, but your request must include a value for either ApproveAfterDays or ApproveUntilDate.

Not supported for Debian Server or Ubuntu Server.

Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.

ApproveUntilDate
Type: string

The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically.

Enter dates in the format YYYY-MM-DD. For example, 2024-12-31.

This parameter is marked as Required: No, but your request must include a value for either ApproveUntilDate or ApproveAfterDays.

Not supported for Debian Server or Ubuntu Server.

Use caution when setting this value for Windows Server patch baselines. Because patch updates that are replaced by later updates are removed, setting too broad a value for this parameter can result in crucial patches not being installed. For more information, see the Windows Server tab in the topic How security patches are selected in the Amazon Web Services Systems Manager User Guide.

ComplianceLevel
Type: string

A compliance severity level for all approved patches in a patch baseline.

EnableNonSecurity
Type: boolean

For managed nodes identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false. Applies to Linux managed nodes only.

PatchFilterGroup
Required: Yes
Type: PatchFilterGroup structure

The patch filter group that defines the criteria for the rule.

PatchRuleGroup

Description

A set of rules defining the approval rules for a patch baseline.

Members
PatchRules
Required: Yes
Type: Array of PatchRule structures

The rules that make up the rule group.

PatchSource

Description

Information about the patches to use to update the managed nodes, including target operating systems and source repository. Applies to Linux managed nodes only.

Members
Configuration
Required: Yes
Type: string

The value of the yum repo configuration. For example:

[main]

name=MyCustomRepository

baseurl=https://my-custom-repository

enabled=1

For information about other options available for your yum repository configuration, see dnf.conf(5).

Name
Required: Yes
Type: string

The name specified to identify the patch source.

Products
Required: Yes
Type: Array of strings

The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.

PatchStatus

Description

Information about the approval status of a patch.

Members
ApprovalDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date the patch was approved (or will be approved if the status is PENDING_APPROVAL).

ComplianceLevel
Type: string

The compliance severity level for a patch.

DeploymentStatus
Type: string

The approval status of a patch.

PoliciesLimitExceededException

Description

You specified more than the maximum number of allowed policies for the parameter. The maximum is 10.

Members
message
Type: string

ProgressCounters

Description

An aggregate of step execution statuses displayed in the Amazon Web Services Systems Manager console for a multi-Region and multi-account Automation execution.

Members
CancelledSteps
Type: int

The total number of steps that the system cancelled in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.

FailedSteps
Type: int

The total number of steps that failed to run in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.

SuccessSteps
Type: int

The total number of steps that successfully completed in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.

TimedOutSteps
Type: int

The total number of steps that timed out in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.

TotalSteps
Type: int

The total number of steps run in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.

RegistrationMetadataItem

Description

Reserved for internal use.

Members
Key
Required: Yes
Type: string

Reserved for internal use.

Value
Required: Yes
Type: string

Reserved for internal use.

RelatedOpsItem

Description

An OpsItems that shares something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.

Members
OpsItemId
Required: Yes
Type: string

The ID of an OpsItem related to the current OpsItem.

ResolvedTargets

Description

Information about targets that resolved during the Automation execution.

Members
ParameterValues
Type: Array of strings

A list of parameter values sent to targets that resolved during the Automation execution.

Truncated
Type: boolean

A boolean value indicating whether the resolved target list is truncated.

ResourceComplianceSummaryItem

Description

Compliance summary information for a specific resource.

Members
ComplianceType
Type: string

The compliance type.

CompliantSummary
Type: CompliantSummary structure

A list of items that are compliant for the resource.

ExecutionSummary
Type: ComplianceExecutionSummary structure

Information about the execution.

NonCompliantSummary
Type: NonCompliantSummary structure

A list of items that aren't compliant for the resource.

OverallSeverity
Type: string

The highest severity item found for the resource. The resource is compliant for this item.

ResourceId
Type: string

The resource ID.

ResourceType
Type: string

The resource type.

Status
Type: string

The compliance status for the resource.

ResourceDataSyncAlreadyExistsException

Description

A sync configuration with the same name already exists.

Members
SyncName
Type: string

ResourceDataSyncAwsOrganizationsSource

Description

Information about the AwsOrganizationsSource resource data sync source. A sync source of this type can synchronize data from Organizations or, if an Amazon Web Services organization isn't present, from multiple Amazon Web Services Regions.

Members
OrganizationSourceType
Required: Yes
Type: string

If an Amazon Web Services organization is present, this is either OrganizationalUnits or EntireOrganization. For OrganizationalUnits, the data is aggregated from a set of organization units. For EntireOrganization, the data is aggregated from the entire Amazon Web Services organization.

OrganizationalUnits
Type: Array of ResourceDataSyncOrganizationalUnit structures

The Organizations organization units included in the sync.

ResourceDataSyncConflictException

Description

Another UpdateResourceDataSync request is being processed. Wait a few minutes and try again.

Members
Message
Type: string

ResourceDataSyncCountExceededException

Description

You have exceeded the allowed maximum sync configurations.

Members
Message
Type: string

ResourceDataSyncDestinationDataSharing

Description

Synchronize Amazon Web Services Systems Manager Inventory data from multiple Amazon Web Services accounts defined in Organizations to a centralized Amazon S3 bucket. Data is synchronized to individual key prefixes in the central bucket. Each key prefix represents a different Amazon Web Services account ID.

Members
DestinationDataSharingType
Type: string

The sharing data type. Only Organization is supported.

ResourceDataSyncInvalidConfigurationException

Description

The specified sync configuration is invalid.

Members
Message
Type: string

ResourceDataSyncItem

Description

Information about a resource data sync configuration, including its current status and last successful sync.

Members
LastStatus
Type: string

The status reported by the last sync.

LastSuccessfulSyncTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The last time the sync operations returned a status of SUCCESSFUL (UTC).

LastSyncStatusMessage
Type: string

The status message details reported by the last sync.

LastSyncTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The last time the configuration attempted to sync (UTC).

S3Destination

Configuration information for the target S3 bucket.

SyncCreatedTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the configuration was created (UTC).

SyncLastModifiedTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time the resource data sync was changed.

SyncName
Type: string

The name of the resource data sync.

SyncSource

Information about the source where the data was synchronized.

SyncType
Type: string

The type of resource data sync. If SyncType is SyncToDestination, then the resource data sync synchronizes data to an S3 bucket. If the SyncType is SyncFromSource then the resource data sync synchronizes data from Organizations or from multiple Amazon Web Services Regions.

ResourceDataSyncNotFoundException

Description

The specified sync name wasn't found.

Members
Message
Type: string
SyncName
Type: string
SyncType
Type: string

ResourceDataSyncOrganizationalUnit

Description

The Organizations organizational unit data source for the sync.

Members
OrganizationalUnitId
Type: string

The Organizations unit ID data source for the sync.

ResourceDataSyncS3Destination

Description

Information about the target S3 bucket for the resource data sync.

Members
AWSKMSKeyARN
Type: string

The ARN of an encryption key for a destination in Amazon S3. Must belong to the same Region as the destination S3 bucket.

BucketName
Required: Yes
Type: string

The name of the S3 bucket where the aggregated data is stored.

DestinationDataSharing

Enables destination data sharing. By default, this field is null.

Prefix
Type: string

An Amazon S3 prefix for the bucket.

Region
Required: Yes
Type: string

The Amazon Web Services Region with the S3 bucket targeted by the resource data sync.

SyncFormat
Required: Yes
Type: string

A supported sync format. The following format is currently supported: JsonSerDe

ResourceDataSyncSource

Description

Information about the source of the data included in the resource data sync.

Members
AwsOrganizationsSource

Information about the AwsOrganizationsSource resource data sync source. A sync source of this type can synchronize data from Organizations.

EnableAllOpsDataSources
Type: boolean

When you create a resource data sync, if you choose one of the Organizations options, then Systems Manager automatically enables all OpsData sources in the selected Amazon Web Services Regions for all Amazon Web Services accounts in your organization (or in the selected organization units). For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the Amazon Web Services Systems Manager User Guide.

IncludeFutureRegions
Type: boolean

Whether to automatically synchronize and aggregate data from new Amazon Web Services Regions when those Regions come online.

SourceRegions
Required: Yes
Type: Array of strings

The SyncSource Amazon Web Services Regions included in the resource data sync.

SourceType
Required: Yes
Type: string

The type of data source for the resource data sync. SourceType is either AwsOrganizations (if an organization is present in Organizations) or SingleAccountMultiRegions.

ResourceDataSyncSourceWithState

Description

The data type name for including resource data sync state. There are four sync states:

OrganizationNotExists (Your organization doesn't exist)

NoPermissions (The system can't locate the service-linked role. This role is automatically created when a user creates a resource data sync in Amazon Web Services Systems Manager Explorer.)

InvalidOrganizationalUnit (You specified or selected an invalid unit in the resource data sync configuration.)

TrustedAccessDisabled (You disabled Systems Manager access in the organization in Organizations.)

Members
AwsOrganizationsSource

The field name in SyncSource for the ResourceDataSyncAwsOrganizationsSource type.

EnableAllOpsDataSources
Type: boolean

When you create a resource data sync, if you choose one of the Organizations options, then Systems Manager automatically enables all OpsData sources in the selected Amazon Web Services Regions for all Amazon Web Services accounts in your organization (or in the selected organization units). For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the Amazon Web Services Systems Manager User Guide.

IncludeFutureRegions
Type: boolean

Whether to automatically synchronize and aggregate data from new Amazon Web Services Regions when those Regions come online.

SourceRegions
Type: Array of strings

The SyncSource Amazon Web Services Regions included in the resource data sync.

SourceType
Type: string

The type of data source for the resource data sync. SourceType is either AwsOrganizations (if an organization is present in Organizations) or singleAccountMultiRegions.

State
Type: string

The data type name for including resource data sync state. There are four sync states:

OrganizationNotExists: Your organization doesn't exist.

NoPermissions: The system can't locate the service-linked role. This role is automatically created when a user creates a resource data sync in Explorer.

InvalidOrganizationalUnit: You specified or selected an invalid unit in the resource data sync configuration.

TrustedAccessDisabled: You disabled Systems Manager access in the organization in Organizations.

ResourceInUseException

Description

Error returned if an attempt is made to delete a patch baseline that is registered for a patch group.

Members
Message
Type: string

ResourceLimitExceededException

Description

Error returned when the caller has exceeded the default resource quotas. For example, too many maintenance windows or patch baselines have been created.

For information about resource quotas in Systems Manager, see Systems Manager service quotas in the Amazon Web Services General Reference.

Members
Message
Type: string

ResourceNotFoundException

Description

The specified parameter to be shared could not be found.

Members
Message
Type: string

ResourcePolicyConflictException

Description

The hash provided in the call doesn't match the stored hash. This exception is thrown when trying to update an obsolete policy version or when multiple requests to update a policy are sent.

Members
Message
Type: string

ResourcePolicyInvalidParameterException

Description

One or more parameters specified for the call aren't valid. Verify the parameters and their values and try again.

Members
Message
Type: string
ParameterNames
Type: Array of strings

ResourcePolicyLimitExceededException

Description

The PutResourcePolicy API action enforces two limits. A policy can't be greater than 1024 bytes in size. And only one policy can be attached to OpsItemGroup. Verify these limits and try again.

Members
Limit
Type: int
LimitType
Type: string
Message
Type: string

ResourcePolicyNotFoundException

Description

No policies with the specified policy ID and hash could be found.

Members
Message
Type: string

ResultAttribute

Description

The inventory item result attribute.

Members
TypeName
Required: Yes
Type: string

Name of the inventory item type. Valid value: AWS:InstanceInformation. Default Value: AWS:InstanceInformation.

ReviewInformation

Description

Information about the result of a document review request.

Members
ReviewedTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

The time that the reviewer took action on the document review request.

Reviewer
Type: string

The reviewer assigned to take action on the document review request.

Status
Type: string

The current status of the document review request.

Runbook

Description

Information about an Automation runbook used in a runbook workflow in Change Manager.

The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.

Members
DocumentName
Required: Yes
Type: string

The name of the Automation runbook used in a runbook workflow.

DocumentVersion
Type: string

The version of the Automation runbook used in a runbook workflow.

MaxConcurrency
Type: string

The MaxConcurrency value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time.

MaxErrors
Type: string

The MaxErrors value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back.

Parameters
Type: Associative array of custom strings keys (AutomationParameterKey) to stringss

The key-value map of execution parameters, which were supplied when calling StartChangeRequestExecution.

TargetLocations
Type: Array of TargetLocation structures

Information about the Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Runbook operation.

TargetMaps
Type: Array of maps

A key-value mapping of runbook parameters to target resources. Both Targets and TargetMaps can't be specified together.

TargetParameterName
Type: string

The name of the parameter used as the target resource for the rate-controlled runbook workflow. Required if you specify Targets.

Targets
Type: Array of Target structures

A key-value mapping to target resources that the runbook operation performs tasks on. Required if you specify TargetParameterName.

S3OutputLocation

Description

An S3 bucket where you want to store the results of this request.

Members
OutputS3BucketName
Type: string

The name of the S3 bucket.

OutputS3KeyPrefix
Type: string

The S3 bucket subfolder.

OutputS3Region
Type: string

The Amazon Web Services Region of the S3 bucket.

S3OutputUrl

Description

A URL for the Amazon Web Services Systems Manager (Systems Manager) bucket where you want to store the results of this request.

Members
OutputUrl
Type: string

A URL for an S3 bucket where you want to store the results of this request.

ScheduledWindowExecution

Description

Information about a scheduled execution for a maintenance window.

Members
ExecutionTime
Type: string

The time, in ISO-8601 Extended format, that the maintenance window is scheduled to be run.

Name
Type: string

The name of the maintenance window to be run.

WindowId
Type: string

The ID of the maintenance window to be run.

ServiceSetting

Description

The service setting data structure.

ServiceSetting is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.

Services map a SettingId object to a setting value. Amazon Web Services services teams define the default value for a SettingId. You can't create a new SettingId, but you can overwrite the default value if you have the ssm:UpdateServiceSetting permission for the setting. Use the UpdateServiceSetting API operation to change the default setting. Or, use the ResetServiceSetting to change the value back to the original value defined by the Amazon Web Services service team.

Members
ARN
Type: string

The ARN of the service setting.

LastModifiedDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The last time the service setting was modified.

LastModifiedUser
Type: string

The ARN of the last modified user. This field is populated only if the setting value was overwritten.

SettingId
Type: string

The ID of the service setting.

SettingValue
Type: string

The value of the service setting.

Status
Type: string

The status of the service setting. The value can be Default, Customized or PendingUpdate.

  • Default: The current setting uses a default value provisioned by the Amazon Web Services service team.

  • Customized: The current setting use a custom value specified by the customer.

  • PendingUpdate: The current setting uses a default or custom value, but a setting change request is pending approval.

ServiceSettingNotFound

Description

The specified service setting wasn't found. Either the service name or the setting hasn't been provisioned by the Amazon Web Services service team.

Members
Message
Type: string

Session

Description

Information about a Session Manager connection to a managed node.

Members
Details
Type: string

Reserved for future use.

DocumentName
Type: string

The name of the Session Manager SSM document used to define the parameters and plugin settings for the session. For example, SSM-SessionManagerRunShell.

EndDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in ISO-8601 Extended format, when the session was terminated.

MaxSessionDuration
Type: string

The maximum duration of a session before it terminates.

OutputUrl
Type: SessionManagerOutputUrl structure

Reserved for future use.

Owner
Type: string

The ID of the Amazon Web Services user that started the session.

Reason
Type: string

The reason for connecting to the instance.

SessionId
Type: string

The ID of the session.

StartDate
Type: timestamp (string|DateTime or anything parsable by strtotime)

The date and time, in ISO-8601 Extended format, when the session began.

Status
Type: string

The status of the session. For example, "Connected" or "Terminated".

Target
Type: string

The managed node that the Session Manager session connected to.

SessionFilter

Description

Describes a filter for Session Manager information.

Members
key
Required: Yes
Type: string

The name of the filter.

value
Required: Yes
Type: string

The filter value. Valid values for each filter key are as follows:

  • InvokedAfter: Specify a timestamp to limit your results. For example, specify 2024-08-29T00:00:00Z to see sessions that started August 29, 2024, and later.

  • InvokedBefore: Specify a timestamp to limit your results. For example, specify 2024-08-29T00:00:00Z to see sessions that started before August 29, 2024.

  • Target: Specify a managed node to which session connections have been made.

  • Owner: Specify an Amazon Web Services user to see a list of sessions started by that user.

  • Status: Specify a valid session status to see a list of all sessions with that status. Status values you can specify include:

    • Connected

    • Connecting

    • Disconnected

    • Terminated

    • Terminating

    • Failed

  • SessionId: Specify a session ID to return details about the session.

SessionManagerOutputUrl

Description

Reserved for future use.

Members
CloudWatchOutputUrl
Type: string

Reserved for future use.

S3OutputUrl
Type: string

Reserved for future use.

SeveritySummary

Description

The number of managed nodes found for each patch severity level defined in the request filter.

Members
CriticalCount
Type: int

The total number of resources or compliance items that have a severity level of Critical. Critical severity is determined by the organization that published the compliance items.

HighCount
Type: int

The total number of resources or compliance items that have a severity level of high. High severity is determined by the organization that published the compliance items.

InformationalCount
Type: int

The total number of resources or compliance items that have a severity level of informational. Informational severity is determined by the organization that published the compliance items.

LowCount
Type: int

The total number of resources or compliance items that have a severity level of low. Low severity is determined by the organization that published the compliance items.

MediumCount
Type: int

The total number of resources or compliance items that have a severity level of medium. Medium severity is determined by the organization that published the compliance items.

UnspecifiedCount
Type: int

The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.

StatusUnchanged

Description

The updated status is the same as the current status.

Members

StepExecution

Description

Detailed information about an the execution state of an Automation step.

Members
Action
Type: string

The action this step performs. The action determines the behavior of the step.

ExecutionEndTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

If a step has finished execution, this contains the time the execution ended. If the step hasn't yet concluded, this field isn't populated.

ExecutionStartTime
Type: timestamp (string|DateTime or anything parsable by strtotime)

If a step has begun execution, this contains the time the step started. If the step is in Pending status, this field isn't populated.

FailureDetails
Type: FailureDetails structure

Information about the Automation failure.

FailureMessage
Type: string

If a step failed, this message explains why the execution failed.

Inputs
Type: Associative array of custom strings keys (String) to strings

Fully-resolved values passed into the step before execution.

IsCritical
Type: boolean

The flag which can be used to help decide whether the failure of current step leads to the Automation failure.

IsEnd
Type: boolean

The flag which can be used to end automation no matter whether the step succeeds or fails.

MaxAttempts
Type: int

The maximum number of tries to run the action of the step. The default value is 1.

NextStep
Type: string

The next step after the step succeeds.

OnFailure
Type: string

The action to take if the step fails. The default value is Abort.

Outputs
Type: Associative array of custom strings keys (AutomationParameterKey) to stringss

Returned values from the execution of the step.

OverriddenParameters
Type: Associative array of custom strings keys (AutomationParameterKey) to stringss

A user-specified list of parameters to override when running a step.

ParentStepDetails
Type: ParentStepDetails structure

Information about the parent step.

Response
Type: string

A message associated with the response code for an execution.

ResponseCode
Type: string

The response code returned by the execution of the step.

StepExecutionId
Type: string

The unique ID of a step execution.

StepName
Type: string

The name of this execution step.

StepStatus
Type: string

The execution status for this step.

TargetLocation
Type: TargetLocation structure

The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation execution.

Targets
Type: Array of Target structures

The targets for the step execution.

TimeoutSeconds
Type: long (int|float)

The timeout seconds of the step.

TriggeredAlarms
Type: Array of AlarmStateInformation structures

The CloudWatch alarms that were invoked by the automation.

ValidNextSteps
Type: Array of strings

Strategies used when step fails, we support Continue and Abort. Abort will fail the automation when the step fails. Continue will ignore the failure of current step and allow automation to run the next step. With conditional branching, we add step:stepName to support the automation to go to another specific step.

StepExecutionFilter

Description

A filter to limit the amount of step execution information returned by the call.

Members
Key
Required: Yes
Type: string

One or more keys to limit the results.

Values
Required: Yes
Type: Array of strings

The values of the filter key.

SubTypeCountLimitExceededException

Description

The sub-type count exceeded the limit for the inventory type.

Members
Message
Type: string

Tag

Description

Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed nodes, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.

Members
Key
Required: Yes
Type: string

The name of the tag.

Value
Required: Yes
Type: string

The value of the tag.

Target

Description

An array of search criteria that targets managed nodes using a key-value pair that you specify.

One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.

Supported formats include the following.

For all Systems Manager capabilities:

  • Key=tag-key,Values=tag-value-1,tag-value-2

For Automation and Change Manager:

  • Key=tag:tag-key,Values=tag-value

  • Key=ResourceGroup,Values=resource-group-name

  • Key=ParameterValues,Values=value-1,value-2,value-3

  • To target all instances in the Amazon Web Services Region:

    • Key=AWS::EC2::Instance,Values=*

    • Key=InstanceIds,Values=*

For Run Command and Maintenance Windows:

  • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

  • Key=tag:tag-key,Values=tag-value-1,tag-value-2

  • Key=resource-groups:Name,Values=resource-group-name

  • Additionally, Maintenance Windows support targeting resource types:

    • Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2

For State Manager:

  • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

  • Key=tag:tag-key,Values=tag-value-1,tag-value-2

  • To target all instances in the Amazon Web Services Region:

    • Key=InstanceIds,Values=*

For more information about how to send commands that target managed nodes using Key,Value parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.

Members
Key
Type: string

User-defined criteria for sending commands that target managed nodes that meet the criteria.

Values
Type: Array of strings

User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.

Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.

TargetInUseException

Description

You specified the Safe option for the DeregisterTargetFromMaintenanceWindow operation, but the target is still referenced in a task.

Members
Message
Type: string

TargetLocation

Description

The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation execution.

Members
Accounts
Type: Array of strings

The Amazon Web Services accounts targeted by the current Automation execution.

ExcludeAccounts
Type: Array of strings

Amazon Web Services accounts or organizational units to exclude as expanded targets.

ExecutionRoleName
Type: string

The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole.

IncludeChildOrganizationUnits
Type: boolean

Indicates whether to include child organizational units (OUs) that are children of the targeted OUs. The default is false.

Regions
Type: Array of strings

The Amazon Web Services Regions targeted by the current Automation execution.

TargetLocationAlarmConfiguration
Type: AlarmConfiguration structure

The details for the CloudWatch alarm you want to apply to an automation or command.

TargetLocationMaxConcurrency
Type: string

The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.

TargetLocationMaxErrors
Type: string

The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.

Targets
Type: Array of Target structures

A list of key-value mappings to target resources. If you specify values for this data type, you must also specify a value for TargetParameterName.

This Targets parameter takes precedence over the StartAutomationExecution:Targets parameter if both are supplied.

TargetsMaxConcurrency
Type: string

The maximum number of targets allowed to run this task in parallel. This TargetsMaxConcurrency takes precedence over the StartAutomationExecution:MaxConcurrency parameter if both are supplied.

TargetsMaxErrors
Type: string

The maximum number of errors that are allowed before the system stops running the automation on additional targets. This TargetsMaxErrors parameter takes precedence over the StartAutomationExecution:MaxErrors parameter if both are supplied.

TargetNotConnected

Description

The specified target managed node for the session isn't fully configured for use with Session Manager. For more information, see Setting up Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you attempt to start a session on a managed node that is located in a different account or Region

Members
Message
Type: string

TooManyTagsError

Description

The Targets parameter includes too many tags. Remove one or more tags and try the command again.

Members

TooManyUpdates

Description

There are concurrent updates for a resource that supports one update at a time.

Members
Message
Type: string

TotalSizeLimitExceededException

Description

The size of inventory data has exceeded the total size limit for the resource.

Members
Message
Type: string

UnsupportedCalendarException

Description

The calendar entry contained in the specified SSM document isn't supported.

Members
Message
Type: string

UnsupportedFeatureRequiredException

Description

Patching for applications released by Microsoft is only available on EC2 instances and advanced instances. To patch applications released by Microsoft on on-premises servers and VMs, you must enable advanced instances. For more information, see Turning on the advanced-instances tier in the Amazon Web Services Systems Manager User Guide.

Members
Message
Type: string

UnsupportedInventoryItemContextException

Description

The Context attribute that you specified for the InventoryItem isn't allowed for this inventory type. You can only use the Context attribute with inventory types like AWS:ComplianceItem.

Members
Message
Type: string
TypeName
Type: string

UnsupportedInventorySchemaVersionException

Description

Inventory item type schema version has to match supported versions in the service. Check output of GetInventorySchema to see the available schema version for each type.

Members
Message
Type: string

UnsupportedOperatingSystem

Description

The operating systems you specified isn't supported, or the operation isn't supported for the operating system.

Members
Message
Type: string

UnsupportedParameterType

Description

The parameter type isn't supported.

Members
message
Type: string

UnsupportedPlatformType

Description

The document doesn't support the platform type of the given managed node IDs. For example, you sent an document for a Windows managed node to a Linux node.

Members
Message
Type: string