AWS Systems Manager
User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Working with Automation Documents

A Systems Manager Automation document defines the actions that Systems Manager performs on your managed instances and AWS resources. Documents use JavaScript Object Notation (JSON) or YAML, and they include steps and parameters that you specify. Steps run in sequential order.

Automation documents are Systems Manager documents of type Automation, as opposed to Command and Policy documents. Automation documents currently support schema version 0.3. Command documents use schema version 1.2, 2.0, or 2.2. Policy documents use schema version 2.0 or later.

To view information about the actions or plugins that you can specify in a Systems Manager Automation document, see Systems Manager Automation Actions Reference. To view information about the plugins for all other SSM documents, see SSM Document Plugin Reference.


If you run an automation that invokes other services by using an AWS Identity and Access Management (IAM) service role, be aware that the service role must be configured with permission to invoke those services. This requirement applies to all AWS Automation documents (AWS-* documents) such as the AWS-ConfigureS3BucketLogging, AWS-CreateDynamoDBBackup, and AWS-RestartEC2Instance documents, to name a few. This requirement also applies to any custom Automation documents you create that invoke other AWS services by using actions that call other services. For example, if you use the aws:executeAwsApi, aws:CreateStack, or aws:copyImage actions, to name a few, then you must configure the service role with permission to invoke those services. You can enable permissions to other AWS services by adding an IAM inline policy to the role. For more information, see (Optional) Add an Automation Inline Policy to Invoke Other AWS Services.