使用 Systems Manager 範例 AWS CLI - AWS Command Line Interface

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

使用 Systems Manager 範例 AWS CLI

下列程式碼範例會示範如何使用 AWS Command Line Interface 搭配 Systems Manager 來執行動作及實作常見案例。

Actions 是大型程式的程式碼摘錄,必須在內容中執行。雖然動作會告訴您如何呼叫個別服務函數,但您可以在其相關情境和跨服務範例中查看內容中的動作。

Scenarios (案例) 是向您展示如何呼叫相同服務中的多個函數來完成特定任務的程式碼範例。

每個範例都包含一個連結 GitHub,您可以在其中找到如何在內容中設定和執行程式碼的指示。

主題

動作

下列程式碼範例會示範如何使用add-tags-to-resource

AWS CLI

範例 1:將標籤新增至維護時段

下列add-tags-to-resource範例會將標籤新增至指定的維護時段。

aws ssm add-tags-to-resource \ --resource-type "MaintenanceWindow" \ --resource-id "mw-03eb9db428EXAMPLE" \ --tags "Key=Stack,Value=Production"

此命令不會產生輸出。

範例 2:將標籤新增至參數

下列add-tags-to-resource範例會將兩個標籤加入至指定的參數。

aws ssm add-tags-to-resource \ --resource-type "Parameter" \ --resource-id "My-Parameter" \ --tags '[{"Key":"Region","Value":"East"},{"Key":"Environment", "Value":"Production"}]'

此命令不會產生輸出。

範例 3:若要將標籤新增至 SSM 文件

下列add-tags-to-resource範例會將標籤加入至指定的文件。

aws ssm add-tags-to-resource \ --resource-type "Document" \ --resource-id "My-Document" \ --tags "Key=Quarter,Value=Q322"

此命令不會產生輸出。

若要取得更多資訊,請參閱〈Systems Manager 使用指南〉中的〈標記AWS Systems Manager

下列程式碼範例會示範如何使用associate-ops-item-related-item

AWS CLI

若要關聯相關料號

下列associate-ops-item-related-item範例會將相關項目與的相關聯 OpsItem。

aws ssm associate-ops-item-related-item \ --ops-item-id "oi-649fExample" \ --association-type "RelatesTo" \ --resource-type "AWS::SSMIncidents::IncidentRecord" \ --resource-uri "arn:aws:ssm-incidents::111122223333:incident-record/Example-Response-Plan/c2bde883-f7d5-343a-b13a-bf5fe9ea689f"

輸出:

{ "AssociationId": "61d7178d-a30d-4bc5-9b4e-a9e74EXAMPLE" }

如需詳細資訊,請參閱《AWS 系統管理員使用指南》 OpsCenter中的 < 處理事件管理員事件 >。

下列程式碼範例會示範如何使用cancel-command

AWS CLI

範例 1:取消所有例證的指令

下列cancel-command範例會嘗試取消已針對所有執行個體執行的指定命令。

aws ssm cancel-command \ --command-id "662add3d-5831-4a10-b64a-f2ff3EXAMPLE"

此命令不會產生輸出。

範例 2:取消特定例證的指令

下列cancel-command範例只會嘗試取消指定執行個體的命令。

aws ssm cancel-command \ --command-id "662add3d-5831-4a10-b64a-f2ff3EXAMPLE" --instance-ids "i-02573cafcfEXAMPLE"

此命令不會產生輸出。

若要取得更多資訊,請參閱〈Systems Manager 使用指南〉中的〈為AWS Systems Manager

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考CancelCommand中的。

下列程式碼範例會示範如何使用cancel-maintenance-window-execution

AWS CLI

若要取消維護時段執行

cancel-maintenance-window-execution範例會停止已在進行中的指定維護時段執行。

aws ssm cancel-maintenance-window-execution \ --window-execution-id j2l8d5b5c-mw66-tk4d-r3g9-1d4d1EXAMPLE

輸出:

{ "WindowExecutionId": "j2l8d5b5c-mw66-tk4d-r3g9-1d4d1EXAMPLE" }

如需詳細資訊,請參閱 Systems Manager 使用指南中的AWS Systems Manager 維護 Windows 教學課程 (AWS CLI)

下列程式碼範例會示範如何使用create-activation

AWS CLI

建立代管執行個體啟動

下列create-activation範例會建立代管執行個體啟動。

aws ssm create-activation \ --default-instance-name "HybridWebServers" \ --iam-role "HybridWebServersRole" \ --registration-limit 5

輸出:

{ "ActivationId": "5743558d-563b-4457-8682-d16c3EXAMPLE", "ActivationCode": "dRmgnYaFv567vEXAMPLE" }

如需詳細資訊,請參閱《AWS 系統管理員使用指南》中的步驟 4:針對混合式環境建立受管執行個體啟動

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考CreateActivation中的。

下列程式碼範例會示範如何使用create-association-batch

AWS CLI

若要建立多個關聯

此範例將組態文件與多個實例相關聯。如果適用,輸出會傳回成功和失敗作業的清單。

命令:

aws ssm create-association-batch --entries "Name=AWS-UpdateSSMAgent,InstanceId=i-1234567890abcdef0" "Name=AWS-UpdateSSMAgent,InstanceId=i-9876543210abcdef0"

輸出:

{ "Successful": [ { "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-1234567890abcdef0", "AssociationVersion": "1", "Date": 1550504725.007, "LastUpdateAssociationDate": 1550504725.007, "Status": { "Date": 1550504725.007, "Name": "Associated", "Message": "Associated with AWS-UpdateSSMAgent" }, "Overview": { "Status": "Pending", "DetailedStatus": "Creating" }, "DocumentVersion": "$DEFAULT", "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "Targets": [ { "Key": "InstanceIds", "Values": [ "i-1234567890abcdef0" ] } ] }, { "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-9876543210abcdef0", "AssociationVersion": "1", "Date": 1550504725.057, "LastUpdateAssociationDate": 1550504725.057, "Status": { "Date": 1550504725.057, "Name": "Associated", "Message": "Associated with AWS-UpdateSSMAgent" }, "Overview": { "Status": "Pending", "DetailedStatus": "Creating" }, "DocumentVersion": "$DEFAULT", "AssociationId": "9c9f7f20-5154-4fed-a83e-0123456789ab", "Targets": [ { "Key": "InstanceIds", "Values": [ "i-9876543210abcdef0" ] } ] } ], "Failed": [] }

下列程式碼範例會示範如何使用create-association

AWS CLI

範例 1:使用實例 ID 建立文件關聯

此範例使用實例 ID 將組態文件與實例產生關聯。

aws ssm create-association \ --instance-id "i-0cb2b964d3e14fd9f" \ --name "AWS-UpdateSSMAgent"

輸出:

{ "AssociationDescription": { "Status": { "Date": 1487875500.33, "Message": "Associated with AWS-UpdateSSMAgent", "Name": "Associated" }, "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-0cb2b964d3e14fd9f", "Overview": { "Status": "Pending", "DetailedStatus": "Creating" }, "AssociationId": "b7c3266e-a544-44db-877e-b20d3a108189", "DocumentVersion": "$DEFAULT", "LastUpdateAssociationDate": 1487875500.33, "Date": 1487875500.33, "Targets": [ { "Values": [ "i-0cb2b964d3e14fd9f" ], "Key": "InstanceIds" } ] } }

如需詳細資訊,請參閱 Sy AWS stems Manager API 參考CreateAssociation中的。

範例 2:使用目標建立文件關聯

此範例使用目標將組態文件與實例相關聯。

aws ssm create-association \ --name "AWS-UpdateSSMAgent" \ --targets "Key=instanceids,Values=i-0cb2b964d3e14fd9f"

輸出:

{ "AssociationDescription": { "Status": { "Date": 1487875500.33, "Message": "Associated with AWS-UpdateSSMAgent", "Name": "Associated" }, "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-0cb2b964d3e14fd9f", "Overview": { "Status": "Pending", "DetailedStatus": "Creating" }, "AssociationId": "b7c3266e-a544-44db-877e-b20d3a108189", "DocumentVersion": "$DEFAULT", "LastUpdateAssociationDate": 1487875500.33, "Date": 1487875500.33, "Targets": [ { "Values": [ "i-0cb2b964d3e14fd9f" ], "Key": "InstanceIds" } ] } }

如需詳細資訊,請參閱 Sy AWS stems Manager API 參考CreateAssociation中的。

範例 3:建立僅執行一次的關聯

此範例會建立只在指定日期和時間執行一次的新關聯。以過去或現在的日期建立的關聯 (依處理日期的時間為過去的日期) 會立即執行。

aws ssm create-association \ --name "AWS-UpdateSSMAgent" \ --targets "Key=instanceids,Values=i-0cb2b964d3e14fd9f" \ --schedule-expression "at(2020-05-14T15:55:00)" \ --apply-only-at-cron-interval

輸出:

{ "AssociationDescription": { "Status": { "Date": 1487875500.33, "Message": "Associated with AWS-UpdateSSMAgent", "Name": "Associated" }, "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-0cb2b964d3e14fd9f", "Overview": { "Status": "Pending", "DetailedStatus": "Creating" }, "AssociationId": "b7c3266e-a544-44db-877e-b20d3a108189", "DocumentVersion": "$DEFAULT", "LastUpdateAssociationDate": 1487875500.33, "Date": 1487875500.33, "Targets": [ { "Values": [ "i-0cb2b964d3e14fd9f" ], "Key": "InstanceIds" } ] } }

如需詳細資訊,請參閱 CreateAssociationAWS Systems Manager API 參考」或「參考:系統管理員使用指南」AWS 中的「Systems Manager Cron 和速率運算式」。

下列程式碼範例會示範如何使用create-document

AWS CLI

建立文件的步驟

下列create-document範例會建立 Systems Manager 文件。

aws ssm create-document \ --content file://exampleDocument.yml \ --name "Example" \ --document-type "Automation" \ --document-format YAML

輸出:

{ "DocumentDescription": { "Hash": "fc2410281f40779e694a8b95975d0f9f316da8a153daa94e3d9921102EXAMPLE", "HashType": "Sha256", "Name": "Example", "Owner": "29884EXAMPLE", "CreatedDate": 1583256349.452, "Status": "Creating", "DocumentVersion": "1", "Description": "Document Example", "Parameters": [ { "Name": "AutomationAssumeRole", "Type": "String", "Description": "(Required) The ARN of the role that allows Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses your IAM permissions to execute this document.", "DefaultValue": "" }, { "Name": "InstanceId", "Type": "String", "Description": "(Required) The ID of the Amazon EC2 instance.", "DefaultValue": "" } ], "PlatformTypes": [ "Windows", "Linux" ], "DocumentType": "Automation", "SchemaVersion": "0.3", "LatestVersion": "1", "DefaultVersion": "1", "DocumentFormat": "YAML", "Tags": [] } }

如需詳細資訊,請參閱《Systems Manager 使用指南》中的〈建立AWS Systems Manager 文件

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考CreateDocument中的。

下列程式碼範例會示範如何使用create-maintenance-window

AWS CLI

範例 1:建立維護時段

下列create-maintenance-window範例會建立一個新的維護時段,每五分鐘最多兩小時 (視需要而定)、防止新工作在維護時段執行結束後一小時內開始、允許未關聯的目標 (您尚未在維護時段中註冊的執行個體),以及透過使用其建立者打算在教學課程中使用的自訂標籤來指出。

aws ssm create-maintenance-window \ --name "My-Tutorial-Maintenance-Window" \ --schedule "rate(5 minutes)" \ --duration 2 --cutoff 1 \ --allow-unassociated-targets \ --tags "Key=Purpose,Value=Tutorial"

輸出:

{ "WindowId": "mw-0c50858d01EXAMPLE" }

範例 2:建立僅執行一次的維護時段

下列create-maintenance-window範例會建立只在指定日期和時間執行一次的新維護時段。

aws ssm create-maintenance-window \ --name My-One-Time-Maintenance-Window \ --schedule "at(2020-05-14T15:55:00)" \ --duration 5 \ --cutoff 2 \ --allow-unassociated-targets \ --tags "Key=Environment,Value=Production"

輸出:

{ "WindowId": "mw-01234567890abcdef" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈維護視窗

下列程式碼範例會示範如何使用create-ops-item

AWS CLI

若要建立 OpsItems

下列create-ops-item範例使用中的 /aws/資源鍵 OperationalData 來建立具有Amazon DynamoDB OpsItem 相關資源的資源。

aws ssm create-ops-item \ --title "EC2 instance disk full" \ --description "Log clean up may have failed which caused the disk to be full" \ --priority 2 \ --source ec2 \ --operational-data '{"/aws/resources":{"Value":"[{\"arn\": \"arn:aws:dynamodb:us-west-2:12345678:table/OpsItems\"}]","Type":"SearchableString"}}' \ --notifications Arn="arn:aws:sns:us-west-2:12345678:TestUser"

輸出:

{ "OpsItemId": "oi-1a2b3c4d5e6f" }

如需詳細資訊,請參閱AWS Systems Manager 使用指南 OpsItems中的建立。

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考CreateOpsItem中的。

下列程式碼範例會示範如何使用create-patch-baseline

AWS CLI

範例 1:建立具有自動核准的修補程式基準

下列create-patch-baseline範例會為 Windows Server 建立修補程式基準,該修補程式基準會在 Microsoft 發行七天後核准生產環境的修補程式。

aws ssm create-patch-baseline \ --name "Windows-Production-Baseline-AutoApproval" \ --operating-system "WINDOWS" \ --approval-rules "PatchRules=[{PatchFilterGroup={PatchFilters=[{Key=MSRC_SEVERITY,Values=[Critical,Important,Moderate]},{Key=CLASSIFICATION,Values=[SecurityUpdates,Updates,UpdateRollups,CriticalUpdates]}]},ApproveAfterDays=7}]" \ --description "Baseline containing all updates approved for Windows Server production systems"

輸出:

{ "BaselineId": "pb-045f10b4f3EXAMPLE" }

範例 2:建立具有核准截止日期的修補程式基準

下列create-patch-baseline範例會為 Windows Server 建立修補程式基準,該基準會核准 2020 年 7 月 7 日或之前發行之生產環境的所有修補程式。

aws ssm create-patch-baseline \ --name "Windows-Production-Baseline-AutoApproval" \ --operating-system "WINDOWS" \ --approval-rules "PatchRules=[{PatchFilterGroup={PatchFilters=[{Key=MSRC_SEVERITY,Values=[Critical,Important,Moderate]},{Key=CLASSIFICATION,Values=[SecurityUpdates,Updates,UpdateRollups,CriticalUpdates]}]},ApproveUntilDate=2020-07-07}]" \ --description "Baseline containing all updates approved for Windows Server production systems"

輸出:

{ "BaselineId": "pb-045f10b4f3EXAMPLE" }

範例 3:使用儲存在 JSON 檔案中的核准規則建立修補程式基準

以下create-patch-baseline範例為 Amazon Linux 2017.09 建立修補程式基準,該修補程式基準會在生產環境發行七天後核准生產環境、指定修補程式基準的核准規則,以及為修補程式指定自訂存放庫。

aws ssm create-patch-baseline \ --cli-input-json file://my-amazon-linux-approval-rules-and-repo.json

my-amazon-linux-approval-rules-and-repo.json 的內容:

{ "Name": "Amazon-Linux-2017.09-Production-Baseline", "Description": "My approval rules patch baseline for Amazon Linux 2017.09 instances", "OperatingSystem": "AMAZON_LINUX", "Tags": [ { "Key": "Environment", "Value": "Production" } ], "ApprovalRules": { "PatchRules": [ { "ApproveAfterDays": 7, "EnableNonSecurity": true, "PatchFilterGroup": { "PatchFilters": [ { "Key": "SEVERITY", "Values": [ "Important", "Critical" ] }, { "Key": "CLASSIFICATION", "Values": [ "Security", "Bugfix" ] }, { "Key": "PRODUCT", "Values": [ "AmazonLinux2017.09" ] } ] } } ] }, "Sources": [ { "Name": "My-AL2017.09", "Products": [ "AmazonLinux2017.09" ], "Configuration": "[amzn-main] \nname=amzn-main-Base\nmirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list //nmirrorlist_expire=300//nmetadata_expire=300 \npriority=10 \nfailovermethod=priority \nfastestmirror_enabled=0 \ngpgcheck=1 \ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga \nenabled=1 \nretries=3 \ntimeout=5\nreport_instanceid=yes" } ] }

範例 4:建立指定已核准和拒絕的修補程式的修補程式基準

下列create-patch-baseline範例明確指定要核准和拒絕的修補程式,作為預設核准規則的例外狀況。

aws ssm create-patch-baseline \ --name "Amazon-Linux-2017.09-Alpha-Baseline" \ --description "My custom approve/reject patch baseline for Amazon Linux 2017.09 instances" \ --operating-system "AMAZON_LINUX" \ --approved-patches "CVE-2018-1234567,example-pkg-EE-2018*.amzn1.noarch" \ --approved-patches-compliance-level "HIGH" \ --approved-patches-enable-non-security \ --tags "Key=Environment,Value=Alpha"

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的建立自訂修補程式基準

下列程式碼範例會示範如何使用create-resource-data-sync

AWS CLI

若要建立資源資料同步

此範例會建立資源資料同步。如果命令成功,則無輸出訊息。

命令:

aws ssm create-resource-data-sync --sync-name "ssm-resource-data-sync" --s3-destination "BucketName=ssm-bucket,Prefix=inventory,SyncFormat=JsonSerDe,Region=us-east-1"

下列程式碼範例會示範如何使用delete-activation

AWS CLI

刪除代管執行個體啟動

下列delete-activation範例會刪除代管執行個體啟動。

aws ssm delete-activation \ --activation-id "aa673477-d926-42c1-8757-1358cEXAMPLE"

此命令不會產生輸出。

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈設定混合式環境AWS Systems Manager〉

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考DeleteActivation中的。

下列程式碼範例會示範如何使用delete-association

AWS CLI

範例 1:若要使用關聯 ID 刪除關聯

下列delete-association範例會刪除指定關聯 ID 的關聯。如果命令成功,則無輸出訊息。

aws ssm delete-association \ --association-id "8dfe3659-4309-493a-8755-0123456789ab"

此命令不會產生輸出。

若要取得更多資訊,請參閱《AWS Systems Manager 使用指南》中的〈編輯和建立關聯的新版本

範例 2:刪除關聯

下列delete-association範例會刪除執行個體與文件之間的關聯。如果命令成功,則無輸出訊息。

aws ssm delete-association \ --instance-id "i-1234567890abcdef0" \ --name "AWS-UpdateSSMAgent"

此命令不會產生輸出。

如需詳細資訊,請參閱《Systems Manager 理員使用指南》中的〈AWS Systems Manager〉中的使用關聯

下列程式碼範例會示範如何使用delete-document

AWS CLI

若要刪除文件

下列delete-document範例會刪除系 Systems Manager 文件。

aws ssm delete-document \ --name "Example"

此命令不會產生輸出。

如需詳細資訊,請參閱《Systems Manager 使用指南》中的〈建立AWS Systems Manager 文件

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考DeleteDocument中的。

下列程式碼範例會示範如何使用delete-inventory

AWS CLI

若要刪除自訂庫存類型

此範例會刪除自訂詳細目錄結構描述。

命令:

aws ssm delete-inventory --type-name "Custom:RackInfo" --schema-delete-option "DeleteSchema"

輸出:

{ "DeletionId": "d72ac9e8-1f60-4d40-b1c6-bf8c78c68c4d", "TypeName": "Custom:RackInfo", "DeletionSummary": { "TotalCount": 1, "RemainingCount": 1, "SummaryItems": [ { "Version": "1.0", "Count": 1, "RemainingCount": 1 } ] } }

若要停用自訂庫存類型

此範例會停用自訂詳細目錄結構描述。

命令:

aws ssm delete-inventory --type-name "Custom:RackInfo" --schema-delete-option "DisableSchema"

輸出:

{ "DeletionId": "6961492a-8163-44ec-aa1e-923364dd0850", "TypeName": "Custom:RackInformation", "DeletionSummary": { "TotalCount": 0, "RemainingCount": 0, "SummaryItems": [] } }
  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考DeleteInventory中的。

下列程式碼範例會示範如何使用delete-maintenance-window

AWS CLI

若要刪除維護時段

delete-maintenance-window範例會移除指定的維護時段。

aws ssm delete-maintenance-window \ --window-id "mw-1a2b3c4d5e6f7g8h9"

輸出:

{ "WindowId":"mw-1a2b3c4d5e6f7g8h9" }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的刪除維護時段 (AWS CLI)

下列程式碼範例會示範如何使用delete-parameter

AWS CLI

刪除參數的步驟

下列delete-parameter範例會刪除指定的單一參數。

aws ssm delete-parameter \ --name "MyParameter"

此命令不會產生輸出。

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈使用參數存放區

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考DeleteParameter中的。

下列程式碼範例會示範如何使用delete-parameters

AWS CLI

刪除參數清單的步驟

下列delete-parameters範例會刪除指定的參數。

aws ssm delete-parameters \ --names "MyFirstParameter" "MySecondParameter" "MyInvalidParameterName"

輸出:

{ "DeletedParameters": [ "MyFirstParameter", "MySecondParameter" ], "InvalidParameters": [ "MyInvalidParameterName" ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈使用參數存放區

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考DeleteParameters中的。

下列程式碼範例會示範如何使用delete-patch-baseline

AWS CLI

刪除修補程式基準

下列delete-patch-baseline範例會刪除指定的修補程式基準。

aws ssm delete-patch-baseline \ --baseline-id "pb-045f10b4f382baeda"

輸出:

{ "BaselineId": "pb-045f10b4f382baeda" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的更新或刪除修補程式基準 (主控台)

下列程式碼範例會示範如何使用delete-resource-data-sync

AWS CLI

若要刪除資源資料同步

此範例會刪除資源資料同步。如果命令成功,則無輸出訊息。

命令:

aws ssm delete-resource-data-sync --sync-name "ssm-resource-data-sync"

下列程式碼範例會示範如何使用deregister-managed-instance

AWS CLI

取消註冊代管執行個體

下列deregister-managed-instance範例會取消註冊指定的代管執行個體。

aws ssm deregister-managed-instance --instance-id "mi-08ab247cdfEXAMPLE"

此命令不會產生輸出。

如需詳細資訊,請參閱 AWS Systems Manager 使用者指南中的在混合式環境中取消註冊代管執行個體。

下列程式碼範例會示範如何使用deregister-patch-baseline-for-patch-group

AWS CLI

從修補程式基準中取消註冊修補程式群組

下列deregister-patch-baseline-for-patch-group範例會從指定的修補程式基準取消註冊指定的修補程式群組。

aws ssm deregister-patch-baseline-for-patch-group \ --patch-group "Production" \ --baseline-id "pb-0ca44a362fEXAMPLE"

輸出:

{ "PatchGroup":"Production", "BaselineId":"pb-0ca44a362fEXAMPLE" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》的將修補程式群組新增至修補程式基準。

下列程式碼範例會示範如何使用deregister-target-from-maintenance-window

AWS CLI

若要從維護時段移除目標

下列deregister-target-from-maintenance-window範例會從指定的維護時段移除指定的目標。

aws ssm deregister-target-from-maintenance-window \ --window-id "mw-ab12cd34ef56gh78" \ --window-target-id "1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d-1a2"

輸出:

{ "WindowId":"mw-ab12cd34ef56gh78", "WindowTargetId":"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d-1a2" }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的更新維護時段 (AWS CLI)

下列程式碼範例會示範如何使用deregister-task-from-maintenance-window

AWS CLI

若要從維護視窗中移除工作

下列deregister-task-from-maintenance-window範例會從指定的維護時段中移除指定的工作。

aws ssm deregister-task-from-maintenance-window \ --window-id "mw-ab12cd34ef56gh78" \ --window-task-id "1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d5e6c"

輸出:

{ "WindowTaskId":"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d5e6c", "WindowId":"mw-ab12cd34ef56gh78" }

如需詳細資訊,請參閱 Systems Manager 使用指南中的AWS Systems Manager 維護 Windows 教學課程 (AWS CLI)

下列程式碼範例會示範如何使用describe-activations

AWS CLI

描述啟動

下列describe-activations範例會列出您 AWS 帳戶中啟用的相關詳細資訊。

aws ssm describe-activations

輸出:

{ "ActivationList": [ { "ActivationId": "5743558d-563b-4457-8682-d16c3EXAMPLE", "Description": "Example1", "IamRole": "HybridWebServersRole, "RegistrationLimit": 5, "RegistrationsCount": 5, "ExpirationDate": 1584316800.0, "Expired": false, "CreatedDate": 1581954699.792 }, { "ActivationId": "3ee0322b-f62d-40eb-b672-13ebfEXAMPLE", "Description": "Example2", "IamRole": "HybridDatabaseServersRole", "RegistrationLimit": 5, "RegistrationsCount": 5, "ExpirationDate": 1580515200.0, "Expired": true, "CreatedDate": 1578064132.002 }, ] }

如需詳細資訊,請參閱《AWS 系統管理員使用指南》中的步驟 4:針對混合式環境建立受管執行個體啟動

下列程式碼範例會示範如何使用describe-association-execution-targets

AWS CLI

若要取得關聯執行的詳細資訊

下列describe-association-execution-targets範例說明指定的關聯執行。

aws ssm describe-association-execution-targets \ --association-id "8dfe3659-4309-493a-8755-0123456789ab" \ --execution-id "7abb6378-a4a5-4f10-8312-0123456789ab"

輸出:

{ "AssociationExecutionTargets": [ { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "ExecutionId": "7abb6378-a4a5-4f10-8312-0123456789ab", "ResourceId": "i-1234567890abcdef0", "ResourceType": "ManagedInstance", "Status": "Success", "DetailedStatus": "Success", "LastExecutionDate": 1550505538.497, "OutputSource": { "OutputSourceId": "97fff367-fc5a-4299-aed8-0123456789ab", "OutputSourceType": "RunCommand" } } ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的檢視關聯歷程記錄。

下列程式碼範例會示範如何使用describe-association-executions

AWS CLI

範例 1:取得關聯之所有執行項目的詳細資訊

下列describe-association-executions範例說明指定關聯的所有執行。

aws ssm describe-association-executions \ --association-id "8dfe3659-4309-493a-8755-0123456789ab"

輸出:

{ "AssociationExecutions": [ { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "ExecutionId": "474925ef-1249-45a2-b93d-0123456789ab", "Status": "Success", "DetailedStatus": "Success", "CreatedTime": 1550505827.119, "ResourceCountByStatus": "{Success=1}" }, { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "ExecutionId": "7abb6378-a4a5-4f10-8312-0123456789ab", "Status": "Success", "DetailedStatus": "Success", "CreatedTime": 1550505536.843, "ResourceCountByStatus": "{Success=1}" }, ... ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的檢視關聯歷程記錄。

示例 2:獲取特定日期和時間之後關聯的所有執行詳細信息

下列describe-association-executions範例說明指定日期和時間之後的所有關聯執行。

aws ssm describe-association-executions \ --association-id "8dfe3659-4309-493a-8755-0123456789ab" \ --filters "Key=CreatedTime,Value=2019-02-18T16:00:00Z,Type=GREATER_THAN"

輸出:

{ "AssociationExecutions": [ { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "ExecutionId": "474925ef-1249-45a2-b93d-0123456789ab", "Status": "Success", "DetailedStatus": "Success", "CreatedTime": 1550505827.119, "ResourceCountByStatus": "{Success=1}" }, { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "ExecutionId": "7abb6378-a4a5-4f10-8312-0123456789ab", "Status": "Success", "DetailedStatus": "Success", "CreatedTime": 1550505536.843, "ResourceCountByStatus": "{Success=1}" }, ... ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的檢視關聯歷程記錄。

下列程式碼範例會示範如何使用describe-association

AWS CLI

範例 1:若要取得關聯的詳細資訊

下列describe-association範例說明指定關聯 ID 的關聯。

aws ssm describe-association \ --association-id "8dfe3659-4309-493a-8755-0123456789ab"

輸出:

{ "AssociationDescription": { "Name": "AWS-GatherSoftwareInventory", "AssociationVersion": "1", "Date": 1534864780.995, "LastUpdateAssociationDate": 1543235759.81, "Overview": { "Status": "Success", "AssociationStatusAggregatedCount": { "Success": 2 } }, "DocumentVersion": "$DEFAULT", "Parameters": { "applications": [ "Enabled" ], "awsComponents": [ "Enabled" ], "customInventory": [ "Enabled" ], "files": [ "" ], "instanceDetailedInformation": [ "Enabled" ], "networkConfig": [ "Enabled" ], "services": [ "Enabled" ], "windowsRegistry": [ "" ], "windowsRoles": [ "Enabled" ], "windowsUpdates": [ "Enabled" ] }, "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "Targets": [ { "Key": "InstanceIds", "Values": [ "*" ] } ], "ScheduleExpression": "rate(24 hours)", "LastExecutionDate": 1550501886.0, "LastSuccessfulExecutionDate": 1550501886.0, "AssociationName": "Inventory-Association" } }

若要取得更多資訊,請參閱《AWS Systems Manager 使用指南》中的〈編輯和建立關聯的新版本

範例 2:若要取得特定實例和文件的關聯詳細資訊

下列describe-association範例說明執行個體與文件之間的關聯性。

aws ssm describe-association \ --instance-id "i-1234567890abcdef0" \ --name "AWS-UpdateSSMAgent"

輸出:

{ "AssociationDescription": { "Status": { "Date": 1487876122.564, "Message": "Associated with AWS-UpdateSSMAgent", "Name": "Associated" }, "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-1234567890abcdef0", "Overview": { "Status": "Pending", "DetailedStatus": "Associated", "AssociationStatusAggregatedCount": { "Pending": 1 } }, "AssociationId": "d8617c07-2079-4c18-9847-1234567890ab", "DocumentVersion": "$DEFAULT", "LastUpdateAssociationDate": 1487876122.564, "Date": 1487876122.564, "Targets": [ { "Values": [ "i-1234567890abcdef0" ], "Key": "InstanceIds" } ] } }

若要取得更多資訊,請參閱《AWS Systems Manager 使用指南》中的〈編輯和建立關聯的新版本

下列程式碼範例會示範如何使用describe-automation-executions

AWS CLI

描述自動化執行

下列describe-automation-executions範例顯示有關自動化執行的詳細資訊。

aws ssm describe-automation-executions \ --filters Key=ExecutionId,Values=73c8eef8-f4ee-4a05-820c-e354fEXAMPLE

輸出:

{ "AutomationExecutionMetadataList": [ { "AutomationExecutionId": "73c8eef8-f4ee-4a05-820c-e354fEXAMPLE", "DocumentName": "AWS-StartEC2Instance", "DocumentVersion": "1", "AutomationExecutionStatus": "Success", "ExecutionStartTime": 1583737233.748, "ExecutionEndTime": 1583737234.719, "ExecutedBy": "arn:aws:sts::29884EXAMPLE:assumed-role/mw_service_role/OrchestrationService", "LogFile": "", "Outputs": {}, "Mode": "Auto", "Targets": [], "ResolvedTargets": { "ParameterValues": [], "Truncated": false }, "AutomationType": "Local" } ] }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的執行簡單自動化工作流程

下列程式碼範例會示範如何使用describe-automation-step-executions

AWS CLI

範例 1:描述自動化執行的所有步驟

下列describe-automation-step-executions範例會顯示有關自動化執行步驟的詳細資訊。

aws ssm describe-automation-step-executions \ --automation-execution-id 73c8eef8-f4ee-4a05-820c-e354fEXAMPLE

輸出:

{ "StepExecutions": [ { "StepName": "startInstances", "Action": "aws:changeInstanceState", "ExecutionStartTime": 1583737234.134, "ExecutionEndTime": 1583737234.672, "StepStatus": "Success", "Inputs": { "DesiredState": "\"running\"", "InstanceIds": "[\"i-0cb99161f6EXAMPLE\"]" }, "Outputs": { "InstanceStates": [ "running" ] }, "StepExecutionId": "95e70479-cf20-4d80-8018-7e4e2EXAMPLE", "OverriddenParameters": {} } ] }

範例 2:描述自動化執行的特定步驟

下列describe-automation-step-executions範例會顯示有關自動化執行之特定步驟的詳細資訊。

aws ssm describe-automation-step-executions \ --automation-execution-id 73c8eef8-f4ee-4a05-820c-e354fEXAMPLE \ --filters Key=StepExecutionId,Values=95e70479-cf20-4d80-8018-7e4e2EXAMPLE

若要取得更多資訊,請參閱《AWS Systems Manager 使用指南》中的逐步執行自動化工作流程 (指令行)

下列程式碼範例會示範如何使用describe-available-patches

AWS CLI

取得可用的修補程式

下列describe-available-patches範例會擷取 MSRC 嚴重性為嚴重性之 Windows 伺服器 2019 的所有可用修補程式的詳細資料。

aws ssm describe-available-patches \ --filters "Key=PRODUCT,Values=WindowsServer2019" "Key=MSRC_SEVERITY,Values=Critical"

輸出:

{ "Patches": [ { "Id": "fe6bd8c2-3752-4c8b-ab3e-1a7ed08767ba", "ReleaseDate": 1544047205.0, "Title": "2018-11 Update for Windows Server 2019 for x64-based Systems (KB4470788)", "Description": "Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.", "ContentUrl": "https://support.microsoft.com/en-us/kb/4470788", "Vendor": "Microsoft", "ProductFamily": "Windows", "Product": "WindowsServer2019", "Classification": "SecurityUpdates", "MsrcSeverity": "Critical", "KbNumber": "KB4470788", "MsrcNumber": "", "Language": "All" }, { "Id": "c96115e1-5587-4115-b851-22baa46a3f11", "ReleaseDate": 1549994410.0, "Title": "2019-02 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4487038)", "Description": "A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.", "ContentUrl": "https://support.microsoft.com/en-us/kb/4487038", "Vendor": "Microsoft", "ProductFamily": "Windows", "Product": "WindowsServer2019", "Classification": "SecurityUpdates", "MsrcSeverity": "Critical", "KbNumber": "KB4487038", "MsrcNumber": "", "Language": "All" }, ... ] }

取得特定修補程式的詳細資訊

下列describe-available-patches範例會擷取有關指定修補程式的詳細資料。

aws ssm describe-available-patches \ --filters "Key=PATCH_ID,Values=KB4480979"

輸出:

{ "Patches": [ { "Id": "680861e3-fb75-432e-818e-d72e5f2be719", "ReleaseDate": 1546970408.0, "Title": "2019-01 Security Update for Adobe Flash Player for Windows Server 2016 for x64-based Systems (KB4480979)", "Description": "A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.", "ContentUrl": "https://support.microsoft.com/en-us/kb/4480979", "Vendor": "Microsoft", "ProductFamily": "Windows", "Product": "WindowsServer2016", "Classification": "SecurityUpdates", "MsrcSeverity": "Critical", "KbNumber": "KB4480979", "MsrcNumber": "", "Language": "All" } ] }

若要取得更多資訊,請參閱AWS 系統管理員使用指南》中的〈修補程式管理員

下列程式碼範例會示範如何使用describe-document-permission

AWS CLI

描述文件權限

下列describe-document-permission範例會顯示有關公開共用之 Systems Manager 文件的權限詳細資料。

aws ssm describe-document-permission \ --name "Example" \ --permission-type "Share"

輸出:

{ "AccountIds": [ "all" ], "AccountSharingInfoList": [ { "AccountId": "all", "SharedDocumentVersion": "$DEFAULT" } ] }

如需詳細資訊,請參閱「Systems Manager 使用指南」中的「共用AWS Systems Manager 文件」。

下列程式碼範例會示範如何使用describe-document

AWS CLI

若要顯示文件的詳細資訊

下列describe-document範例會顯示您 AWS 帳戶中「Systems Manager」文件的詳細資料。

aws ssm describe-document \ --name "Example"

輸出:

{ "Document": { "Hash": "fc2410281f40779e694a8b95975d0f9f316da8a153daa94e3d9921102EXAMPLE", "HashType": "Sha256", "Name": "Example", "Owner": "29884EXAMPLE", "CreatedDate": 1583257938.266, "Status": "Active", "DocumentVersion": "1", "Description": "Document Example", "Parameters": [ { "Name": "AutomationAssumeRole", "Type": "String", "Description": "(Required) The ARN of the role that allows Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses your IAM permissions to execute this document.", "DefaultValue": "" }, { "Name": "InstanceId", "Type": "String", "Description": "(Required) The ID of the Amazon EC2 instance.", "DefaultValue": "" } ], "PlatformTypes": [ "Windows", "Linux" ], "DocumentType": "Automation", "SchemaVersion": "0.3", "LatestVersion": "1", "DefaultVersion": "1", "DocumentFormat": "YAML", "Tags": [] } }

如需詳細資訊,請參閱《Systems Manager 使用指南》中的〈建立AWS Systems Manager 文件

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考DescribeDocument中的。

下列程式碼範例會示範如何使用describe-effective-instance-associations

AWS CLI

若要取得執行環境之有效關聯的詳細資訊

下列describe-effective-instance-associations範例會擷取執行處理之有效關聯的詳細資訊。

命令:

aws ssm describe-effective-instance-associations --instance-id "i-1234567890abcdef0"

輸出:

{ "Associations": [ { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "InstanceId": "i-1234567890abcdef0", "Content": "{\n \"schemaVersion\": \"1.2\",\n \"description\": \"Update the Amazon SSM Agent to the latest version or specified version.\",\n \"parameters\": {\n \"version\": {\n \"default\": \"\",\n \"description\": \"(Optional) A specific version of the Amazon SSM Agent to install. If not specified, the agent will be updated to the latest version.\",\n \"type\": \"String\"\n },\n \"allowDowngrade\": {\n \"default\": \"false\",\n \"description\": \"(Optional) Allow the Amazon SSM Agent service to be downgraded to an earlier version. If set to false, the service can be upgraded to newer versions only (default). If set to true, specify the earlier version.\",\n \"type\": \"String\",\n \"allowedValues\": [\n \"true\",\n \"false\"\n ]\n }\n },\n \"runtimeConfig\": {\n \"aws:updateSsmAgent\": {\n \"properties\": [\n {\n \"agentName\": \"amazon-ssm-agent\",\n \"source\": \"https://s3.{Region}.amazonaws.com/amazon-ssm-{Region}/ssm-agent-manifest.json\",\n \"allowDowngrade\": \"{{ allowDowngrade }}\",\n \"targetVersion\": \"{{ version }}\"\n }\n ]\n }\n }\n}\n", "AssociationVersion": "1" } ] }

下列程式碼範例會示範如何使用describe-effective-patches-for-patch-baseline

AWS CLI

範例 1:取得由自訂修補程式基準定義的所有修補程式

下列describe-effective-patches-for-patch-baseline範例會傳回目前 AWS 帳戶中由自訂修補程式基準定義的修補程式。請注意,對於自訂基準,只需要的 ID --baseline-id

aws ssm describe-effective-patches-for-patch-baseline \ --baseline-id "pb-08b654cf9b9681f04"

輸出:

{ "EffectivePatches": [ { "Patch": { "Id": "fe6bd8c2-3752-4c8b-ab3e-1a7ed08767ba", "ReleaseDate": 1544047205.0, "Title": "2018-11 Update for Windows Server 2019 for x64-based Systems (KB4470788)", "Description": "Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.", "ContentUrl": "https://support.microsoft.com/en-us/kb/4470788", "Vendor": "Microsoft", "ProductFamily": "Windows", "Product": "WindowsServer2019", "Classification": "SecurityUpdates", "MsrcSeverity": "Critical", "KbNumber": "KB4470788", "MsrcNumber": "", "Language": "All" }, "PatchStatus": { "DeploymentStatus": "APPROVED", "ComplianceLevel": "CRITICAL", "ApprovalDate": 1544047205.0 } }, { "Patch": { "Id": "915a6b1a-f556-4d83-8f50-b2e75a9a7e58", "ReleaseDate": 1549994400.0, "Title": "2019-02 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 for x64 (KB4483452)", "Description": "A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.", "ContentUrl": "https://support.microsoft.com/en-us/kb/4483452", "Vendor": "Microsoft", "ProductFamily": "Windows", "Product": "WindowsServer2019", "Classification": "SecurityUpdates", "MsrcSeverity": "Important", "KbNumber": "KB4483452", "MsrcNumber": "", "Language": "All" }, "PatchStatus": { "DeploymentStatus": "APPROVED", "ComplianceLevel": "CRITICAL", "ApprovalDate": 1549994400.0 } }, ... ], "NextToken": "--token string truncated--" }

範例 2:取得 AWS 受管理的修補程式基準定義的所有修補程式

下列describe-effective-patches-for-patch-baseline範例會傳回 AWS 受管理的修補程式基準定義的修補程式。請注意,對於 AWS 管理基準線,需要完整基準 ARN --baseline-id

aws ssm describe-effective-patches-for-patch-baseline \ --baseline-id "arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-020d361a05defe4ed"

如需範例輸出,請參閱範例 1。

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的如何選取安全性修補程式

下列程式碼範例會示範如何使用describe-instance-associations-status

AWS CLI

說明執行處理關聯的狀態

此範例顯示執行處理的關聯詳細資訊。

命令:

aws ssm describe-instance-associations-status --instance-id "i-1234567890abcdef0"

輸出:

{ "InstanceAssociationStatusInfos": [ { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "Name": "AWS-GatherSoftwareInventory", "DocumentVersion": "1", "AssociationVersion": "1", "InstanceId": "i-1234567890abcdef0", "ExecutionDate": 1550501886.0, "Status": "Success", "ExecutionSummary": "1 out of 1 plugin processed, 1 success, 0 failed, 0 timedout, 0 skipped. ", "AssociationName": "Inventory-Association" }, { "AssociationId": "5c5a31f6-6dae-46f9-944c-0123456789ab", "Name": "AWS-UpdateSSMAgent", "DocumentVersion": "1", "AssociationVersion": "1", "InstanceId": "i-1234567890abcdef0", "ExecutionDate": 1550505828.548, "Status": "Success", "DetailedStatus": "Success", "AssociationName": "UpdateSSMAgent" } ] }

下列程式碼範例會示範如何使用describe-instance-information

AWS CLI

範例 1:說明代管執行個體資訊

下列describe-instance-information範例會擷取每個代管執行個體的詳細資訊。

aws ssm describe-instance-information

範例 2:說明特定代管執行個體的相關資訊

下列describe-instance-information範例顯示代管執行個體的詳細資訊i-028ea792daEXAMPLE

aws ssm describe-instance-information \ --filters "Key=InstanceIds,Values=i-028ea792daEXAMPLE"

範例 3:使用特定標籤金鑰描述代管執行個體的相關資訊

下列describe-instance-information範例顯示具有標籤金鑰的代管執行個體的詳細資訊DEV

aws ssm describe-instance-information \ --filters "Key=tag-key,Values=DEV"

輸出:

{ "InstanceInformationList": [ { "InstanceId": "i-028ea792daEXAMPLE", "PingStatus": "Online", "LastPingDateTime": 1582221233.421, "AgentVersion": "2.3.842.0", "IsLatestVersion": true, "PlatformType": "Linux", "PlatformName": "SLES", "PlatformVersion": "15.1", "ResourceType": "EC2Instance", "IPAddress": "192.0.2.0", "ComputerName": "ip-198.51.100.0.us-east-2.compute.internal", "AssociationStatus": "Success", "LastAssociationExecutionDate": 1582220806.0, "LastSuccessfulAssociationExecutionDate": 1582220806.0, "AssociationOverview": { "DetailedStatus": "Success", "InstanceAssociationStatusAggregatedCount": { "Success": 2 } } } ] }

如需詳細資訊,請參閱AWS 系統管理員使用指南中的受控執行個體

下列程式碼範例會示範如何使用describe-instance-patch-states-for-patch-group

AWS CLI

範例 1:取得修補程式群組的執行處理狀態

下列describe-instance-patch-states-for-patch-group範例會擷取指定修補程式群組之每個執行個體之修補程式摘要狀態的詳細資料。

aws ssm describe-instance-patch-states-for-patch-group \ --patch-group "Production"

輸出:

{ "InstancePatchStates": [ { "InstanceId": "i-02573cafcfEXAMPLE", "PatchGroup": "Production", "BaselineId": "pb-0c10e65780EXAMPLE", "SnapshotId": "a3f5ff34-9bc4-4d2c-a665-4d1c1EXAMPLE", "OwnerInformation": "", "InstalledCount": 32, "InstalledOtherCount": 1, "InstalledPendingRebootCount": 0, "InstalledRejectedCount": 0, "MissingCount": 2, "FailedCount": 0, "UnreportedNotApplicableCount": 2671, "NotApplicableCount": 400, "OperationStartTime": "2021-08-04T11:03:50.590000-07:00", "OperationEndTime": "2021-08-04T11:04:21.555000-07:00", "Operation": "Scan", "RebootOption": "NoReboot", "CriticalNonCompliantCount": 0, "SecurityNonCompliantCount": 1, "OtherNonCompliantCount": 0 }, { "InstanceId": "i-0471e04240EXAMPLE", "PatchGroup": "Production", "BaselineId": "pb-09ca3fb51fEXAMPLE", "SnapshotId": "05d8ffb0-1bbe-4812-ba2d-d9b7bEXAMPLE", "OwnerInformation": "", "InstalledCount": 32, "InstalledOtherCount": 1, "InstalledPendingRebootCount": 0, "InstalledRejectedCount": 0, "MissingCount": 2, "FailedCount": 0, "UnreportedNotApplicableCount": 2671, "NotApplicableCount": 400, "OperationStartTime": "2021-08-04T22:06:20.340000-07:00", "OperationEndTime": "2021-08-04T22:07:11.220000-07:00", "Operation": "Scan", "RebootOption": "NoReboot", "CriticalNonCompliantCount": 0, "SecurityNonCompliantCount": 1, "OtherNonCompliantCount": 0 } ] }

範例 2:取得遺失五個以上修補程式之修補程式群組的執行個體狀態

下列describe-instance-patch-states-for-patch-group範例會針對有五個以上遺失修補程式的執行個體,擷取指定修補程式群組的修補程式摘要狀態詳細資料。

aws ssm describe-instance-patch-states-for-patch-group \ --filters Key=MissingCount,Type=GreaterThan,Values=5 \ --patch-group "Production"

輸出:

{ "InstancePatchStates": [ { "InstanceId": "i-02573cafcfEXAMPLE", "PatchGroup": "Production", "BaselineId": "pb-0c10e65780EXAMPLE", "SnapshotId": "a3f5ff34-9bc4-4d2c-a665-4d1c1EXAMPLE", "OwnerInformation": "", "InstalledCount": 46, "InstalledOtherCount": 4, "InstalledPendingRebootCount": 1, "InstalledRejectedCount": 1, "MissingCount": 7, "FailedCount": 0, "UnreportedNotApplicableCount": 232, "NotApplicableCount": 654, "OperationStartTime": "2021-08-04T11:03:50.590000-07:00", "OperationEndTime": "2021-08-04T11:04:21.555000-07:00", "Operation": "Scan", "RebootOption": "NoReboot", "CriticalNonCompliantCount": 0, "SecurityNonCompliantCount": 1, "OtherNonCompliantCount": 1 } ] }

範例 3:取得需要重新開機之執行個體少於十個執行個體之修補程式群組的執行個體狀態

下列describe-instance-patch-states-for-patch-group範例會針對需要重新開機的執行個體少於十個執行個體,擷取指定修補程式群組的修補程式摘要狀態詳細資料。

aws ssm describe-instance-patch-states-for-patch-group \ --filters Key=InstalledPendingRebootCount,Type=LessThan,Values=10 \ --patch-group "Production"

輸出:

{ "InstancePatchStates": [ { "InstanceId": "i-02573cafcfEXAMPLE", "BaselineId": "pb-0c10e65780EXAMPLE", "SnapshotId": "a3f5ff34-9bc4-4d2c-a665-4d1c1EXAMPLE", "PatchGroup": "Production", "OwnerInformation": "", "InstalledCount": 32, "InstalledOtherCount": 1, "InstalledPendingRebootCount": 4, "InstalledRejectedCount": 0, "MissingCount": 2, "FailedCount": 0, "UnreportedNotApplicableCount": 846, "NotApplicableCount": 212, "OperationStartTime": "2021-08-046T11:03:50.590000-07:00", "OperationEndTime": "2021-08-06T11:04:21.555000-07:00", "Operation": "Scan", "RebootOption": "NoReboot", "CriticalNonCompliantCount": 0, "SecurityNonCompliantCount": 1, "OtherNonCompliantCount": 0 } ] }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的瞭解修補程式符合性狀態值

下列程式碼範例會示範如何使用describe-instance-patch-states

AWS CLI

取得執行處理的修補程式摘要狀態

describe-instance-patch-states範例會取得執行個體的修補程式摘要狀態。

aws ssm describe-instance-patch-states \ --instance-ids "i-1234567890abcdef0"

輸出:

{ "InstancePatchStates": [ { "InstanceId": "i-1234567890abcdef0", "PatchGroup": "my-patch-group", "BaselineId": "pb-0713accee01234567", "SnapshotId": "521c3536-930c-4aa9-950e-01234567abcd", "CriticalNonCompliantCount": 2, "SecurityNonCompliantCount": 2, "OtherNonCompliantCount": 1, "InstalledCount": 123, "InstalledOtherCount": 334, "InstalledPendingRebootCount": 0, "InstalledRejectedCount": 0, "MissingCount": 1, "FailedCount": 2, "UnreportedNotApplicableCount": 11, "NotApplicableCount": 2063, "OperationStartTime": "2021-05-03T11:00:56-07:00", "OperationEndTime": "2021-05-03T11:01:09-07:00", "Operation": "Scan", "LastNoRebootInstallOperationTime": "2020-06-14T12:17:41-07:00", "RebootOption": "RebootIfNeeded" } ] }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的關於修補程式符合性

下列程式碼範例會示範如何使用describe-instance-patches

AWS CLI

範例 1:取得執行處理的修正程式狀態詳細資訊

下列describe-instance-patches範例會擷取有關指定執行個體之修補程式的詳細資訊。

aws ssm describe-instance-patches \ --instance-id "i-1234567890abcdef0"

輸出:

{ "Patches": [ { "Title": "2019-01 Security Update for Adobe Flash Player for Windows Server 2016 for x64-based Systems (KB4480979)", "KBId": "KB4480979", "Classification": "SecurityUpdates", "Severity": "Critical", "State": "Installed", "InstalledTime": "2019-01-09T00:00:00+00:00" }, { "Title": "", "KBId": "KB4481031", "Classification": "", "Severity": "", "State": "InstalledOther", "InstalledTime": "2019-02-08T00:00:00+00:00" }, ... ], "NextToken": "--token string truncated--" }

範例 2:取得執行處於「遺失」狀態的修補程式清單

下列describe-instance-patches範例會擷取指定執行個體處於 [遺失] 狀態之修補程式的相關資訊。

aws ssm describe-instance-patches \ --instance-id "i-1234567890abcdef0" \ --filters Key=State,Values=Missing

輸出:

{ "Patches": [ { "Title": "Windows Malicious Software Removal Tool x64 - February 2019 (KB890830)", "KBId": "KB890830", "Classification": "UpdateRollups", "Severity": "Unspecified", "State": "Missing", "InstalledTime": "1970-01-01T00:00:00+00:00" }, ... ], "NextToken": "--token string truncated--" }

如需詳細資訊,請參閱 AWS Systems Manager 使用者指南中的關於修補程式符合性狀態

範例 3:取得自 InstalledTime 針對執行個體指定後所安裝的修補程式清單

下列describe-instance-patches範例會結合使用--filters和,擷取指定執行個體自指定時間後所安裝之修補程式的相關資訊--query

aws ssm describe-instance-patches \ --instance-id "i-1234567890abcdef0" \ --filters Key=State,Values=Installed \ --query "Patches[?InstalledTime >= `2023-01-01T16:00:00`]"

輸出:

{ "Patches": [ { "Title": "2023-03 Cumulative Update for Windows Server 2019 (1809) for x64-based Systems (KB5023702)", "KBId": "KB5023702", "Classification": "SecurityUpdates", "Severity": "Critical", "State": "Installed", "InstalledTime": "2023-03-16T11:00:00+00:00" }, ... ], "NextToken": "--token string truncated--" }

下列程式碼範例會示範如何使用describe-inventory-deletions

AWS CLI

取得庫存刪除

此範例會擷取庫存刪除作業的詳細資訊。

命令:

aws ssm describe-inventory-deletions

輸出:

{ "InventoryDeletions": [ { "DeletionId": "6961492a-8163-44ec-aa1e-01234567850", "TypeName": "Custom:RackInformation", "DeletionStartTime": 1550254911.0, "LastStatus": "InProgress", "LastStatusMessage": "The Delete is in progress", "DeletionSummary": { "TotalCount": 0, "RemainingCount": 0, "SummaryItems": [] }, "LastStatusUpdateTime": 1550254911.0 }, { "DeletionId": "d72ac9e8-1f60-4d40-b1c6-987654321c4d", "TypeName": "Custom:RackInfo", "DeletionStartTime": 1550254859.0, "LastStatus": "InProgress", "LastStatusMessage": "The Delete is in progress", "DeletionSummary": { "TotalCount": 1, "RemainingCount": 1, "SummaryItems": [ { "Version": "1.0", "Count": 1, "RemainingCount": 1 } ] }, "LastStatusUpdateTime": 1550254859.0 } ] }

若要取得特定庫存刪除的詳細資訊

此範例會擷取特定庫存刪除作業的詳細資訊。

命令:

aws ssm describe-inventory-deletions --deletion-id "d72ac9e8-1f60-4d40-b1c6-987654321c4d"

輸出:

{ "InventoryDeletions": [ { "DeletionId": "d72ac9e8-1f60-4d40-b1c6-987654321c4d", "TypeName": "Custom:RackInfo", "DeletionStartTime": 1550254859.0, "LastStatus": "InProgress", "LastStatusMessage": "The Delete is in progress", "DeletionSummary": { "TotalCount": 1, "RemainingCount": 1, "SummaryItems": [ { "Version": "1.0", "Count": 1, "RemainingCount": 1 } ] }, "LastStatusUpdateTime": 1550254859.0 } ] }

下列程式碼範例會示範如何使用describe-maintenance-window-execution-task-invocations

AWS CLI

若要取得針對維護視窗工作執行所執行的特定作業呼叫

下列describe-maintenance-window-execution-task-invocations範例會列出在指定維護時段執行時所執行之指定工作的呼叫。

aws ssm describe-maintenance-window-execution-task-invocations \ --window-execution-id "518d5565-5969-4cca-8f0e-da3b2a638355" \ --task-id "ac0c6ae1-daa3-4a89-832e-d384503b6586"

輸出:

{ "WindowExecutionTaskInvocationIdentities": [ { "Status": "SUCCESS", "Parameters": "{\"documentName\":\"AWS-RunShellScript\",\"instanceIds\":[\"i-0000293ffd8c57862\"],\"parameters\":{\"commands\":[\"df\"]},\"maxConcurrency\":\"1\",\"maxErrors\":\"1\"}", "InvocationId": "e274b6e1-fe56-4e32-bd2a-8073c6381d8b", "StartTime": 1487692834.723, "EndTime": 1487692834.871, "WindowExecutionId": "518d5565-5969-4cca-8f0e-da3b2a638355", "TaskExecutionId": "ac0c6ae1-daa3-4a89-832e-d384503b6586" } ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈檢視工作和工作執行 (AWS CLI) 的相關資訊。

下列程式碼範例會示範如何使用describe-maintenance-window-execution-tasks

AWS CLI

列出與維護時段執行相關聯的所有作業

下列ssm describe-maintenance-window-execution-tasks範例會列出與指定維護時段執行相關聯的工作。

aws ssm describe-maintenance-window-execution-tasks \ --window-execution-id "518d5565-5969-4cca-8f0e-da3b2EXAMPLE"

輸出:

{ "WindowExecutionTaskIdentities": [ { "Status": "SUCCESS", "TaskArn": "AWS-RunShellScript", "StartTime": 1487692834.684, "TaskType": "RUN_COMMAND", "EndTime": 1487692835.005, "WindowExecutionId": "518d5565-5969-4cca-8f0e-da3b2EXAMPLE", "TaskExecutionId": "ac0c6ae1-daa3-4a89-832e-d3845EXAMPLE" } ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈檢視工作和工作執行 (AWS CLI) 的相關資訊。

下列程式碼範例會示範如何使用describe-maintenance-window-executions

AWS CLI

範例 1:列出維護時段的所有執行項目

下列describe-maintenance-window-executions範例會列出指定維護時段的所有執行項目。

aws ssm describe-maintenance-window-executions \ --window-id "mw-ab12cd34eEXAMPLE"

輸出:

{ "WindowExecutions": [ { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowExecutionId": "6027b513-64fe-4cf0-be7d-1191aEXAMPLE", "Status": "IN_PROGRESS", "StartTime": "2021-08-04T11:00:00.000000-07:00" }, { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowExecutionId": "ff75b750-4834-4377-8f61-b3cadEXAMPLE", "Status": "SUCCESS", "StartTime": "2021-08-03T11:00:00.000000-07:00", "EndTime": "2021-08-03T11:37:21.450000-07:00" }, { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowExecutionId": "9fac7dd9-ff21-42a5-96ad-bbc4bEXAMPLE", "Status": "FAILED", "StatusDetails": "One or more tasks in the orchestration failed.", "StartTime": "2021-08-02T11:00:00.000000-07:00", "EndTime": "2021-08-02T11:22:36.190000-07:00" } ] }

範例 2:列出指定日期之前維護時段的所有執行項目

下列describe-maintenance-window-executions範例會列出指定之維護時段在指定日期之前的所有執行項目。

aws ssm describe-maintenance-window-executions \ --window-id "mw-ab12cd34eEXAMPLE" \ --filters "Key=ExecutedBefore,Values=2021-08-03T00:00:00Z"

輸出:

{ "WindowExecutions": [ { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowExecutionId": "9fac7dd9-ff21-42a5-96ad-bbc4bEXAMPLE", "Status": "FAILED", "StatusDetails": "One or more tasks in the orchestration failed.", "StartTime": "2021-08-02T11:00:00.000000-07:00", "EndTime": "2021-08-02T11:22:36.190000-07:00" } ] }

範例 3:列出指定日期之後維護時段的所有執行項目

下列describe-maintenance-window-executions範例會列出指定之維護時段在指定日期之後的所有執行項目。

aws ssm describe-maintenance-window-executions \ --window-id "mw-ab12cd34eEXAMPLE" \ --filters "Key=ExecutedAfter,Values=2021-08-04T00:00:00Z"

輸出:

{ "WindowExecutions": [ { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowExecutionId": "6027b513-64fe-4cf0-be7d-1191aEXAMPLE", "Status": "IN_PROGRESS", "StartTime": "2021-08-04T11:00:00.000000-07:00" } ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的檢視工作和工作執行 (AWS CLI) 的相關資訊。

下列程式碼範例會示範如何使用describe-maintenance-window-schedule

AWS CLI

範例 1:列出維護時段即將執行的執行

下列describe-maintenance-window-schedule範例會列出指定維護時段的所有即將執行的執行項目。

aws ssm describe-maintenance-window-schedule \ --window-id mw-ab12cd34eEXAMPLE

輸出:

{ "ScheduledWindowExecutions": [ { "WindowId": "mw-ab12cd34eEXAMPLE", "Name": "My-First-Maintenance-Window", "ExecutionTime": "2020-02-19T16:00Z" }, { "WindowId": "mw-ab12cd34eEXAMPLE", "Name": "My-First-Maintenance-Window", "ExecutionTime": "2020-02-26T16:00Z" }, ... ] }

範例 2:列出指定日期之前維護時段的所有即將執行的執行項目

下列describe-maintenance-window-schedule範例會列出在指定日期之前發生之指定維護時段的所有即將執行的執行項目。

aws ssm describe-maintenance-window-schedule \ --window-id mw-0ecb1226dd7b2e9a6 \ --filters "Key=ScheduledBefore,Values=2020-02-15T06:00:00Z"

示例 3:列出在指定日期之後對維護時段進行的所有即將執行的操作

下列describe-maintenance-window-schedule範例會列出在指定日期之後發生之指定維護時段的所有即將執行的執行項目。

aws ssm describe-maintenance-window-schedule \ --window-id mw-0ecb1226dd7b2e9a6 \ --filters "Key=ScheduledAfter,Values=2020-02-15T06:00:00Z"

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的 < 檢視維護視窗 (AWS CLI) 的相關資訊 >。

下列程式碼範例會示範如何使用describe-maintenance-window-targets

AWS CLI

範例 1:列出「維護時段」的所有目標

下列describe-maintenance-window-targets範例會列出維護時段的所有目標。

aws ssm describe-maintenance-window-targets \ --window-id "mw-06cf17cbefEXAMPLE"

輸出:

{ "Targets": [ { "ResourceType": "INSTANCE", "OwnerInformation": "Single instance", "WindowId": "mw-06cf17cbefEXAMPLE", "Targets": [ { "Values": [ "i-0000293ffdEXAMPLE" ], "Key": "InstanceIds" } ], "WindowTargetId": "350d44e6-28cc-44e2-951f-4b2c9EXAMPLE" }, { "ResourceType": "INSTANCE", "OwnerInformation": "Two instances in a list", "WindowId": "mw-06cf17cbefEXAMPLE", "Targets": [ { "Values": [ "i-0000293ffdEXAMPLE", "i-0cb2b964d3EXAMPLE" ], "Key": "InstanceIds" } ], "WindowTargetId": "e078a987-2866-47be-bedd-d9cf4EXAMPLE" } ] }

範例 2:列出符合特定擁有者資訊值之維護時段的所有目標

describe-maintenance-window-targets範例會列出具有特定值之維護時段的所有目標。

aws ssm describe-maintenance-window-targets \ --window-id "mw-0ecb1226ddEXAMPLE" \ --filters "Key=OwnerInformation,Values=CostCenter1"

輸出:

{ "Targets": [ { "WindowId": "mw-0ecb1226ddEXAMPLE", "WindowTargetId": "da89dcc3-7f9c-481d-ba2b-edcb7d0057f9", "ResourceType": "INSTANCE", "Targets": [ { "Key": "tag:Environment", "Values": [ "Prod" ] } ], "OwnerInformation": "CostCenter1", "Name": "ProdTarget1" } ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的 < 檢視維護視窗 (AWS CLI) 的相關資訊 >。

下列程式碼範例會示範如何使用describe-maintenance-window-tasks

AWS CLI

範例 1:列出維護時段的所有作業

下列describe-maintenance-window-tasks範例會列出指定維護時段的所有工作。

aws ssm describe-maintenance-window-tasks \ --window-id "mw-06cf17cbefEXAMPLE"

輸出:

{ "Tasks": [ { "WindowId": "mw-06cf17cbefEXAMPLE", "WindowTaskId": "018b31c3-2d77-4b9e-bd48-c91edEXAMPLE", "TaskArn": "AWS-RestartEC2Instance", "TaskParameters": {}, "Type": "AUTOMATION", "Description": "Restarting EC2 Instance for maintenance", "MaxConcurrency": "1", "MaxErrors": "1", "Name": "My-Automation-Example-Task", "Priority": 0, "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "Targets": [ { "Key": "WindowTargetIds", "Values": [ "da89dcc3-7f9c-481d-ba2b-edcb7EXAMPLE" ] } ] }, { "WindowId": "mw-06cf17cbefEXAMPLE", "WindowTaskId": "1943dee0-0a17-4978-9bf4-3cc2fEXAMPLE", "TaskArn": "AWS-DisableS3BucketPublicReadWrite", "TaskParameters": {}, "Type": "AUTOMATION", "Description": "Automation task to disable read/write access on public S3 buckets", "MaxConcurrency": "10", "MaxErrors": "5", "Name": "My-Disable-S3-Public-Read-Write-Access-Automation-Task", "Priority": 0, "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "Targets": [ { "Key": "WindowTargetIds", "Values": [ "da89dcc3-7f9c-481d-ba2b-edcb7EXAMPLE" ] } ] } ] }

範例 2:列出呼叫 AWS-RunPowerShellScript 指令文件之維護視窗的所有工作

下列describe-maintenance-window-tasks範例會列出呼叫AWS-RunPowerShellScript命令文件之指定維護時段的所有工作。

aws ssm describe-maintenance-window-tasks \ --window-id "mw-ab12cd34eEXAMPLE" \ --filters "Key=TaskArn,Values=AWS-RunPowerShellScript"

輸出:

{ "Tasks": [ { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowTaskId": "0d36e6b4-3a4f-411e-adcb-3558eEXAMPLE", "TaskArn": "AWS-RunPowerShellScript", "Type": "RUN_COMMAND", "Targets": [ { "Key": "WindowTargetIds", "Values": [ "da89dcc3-7f9c-481d-ba2b-edcb7EXAMPLE" ] } ], "TaskParameters": {}, "Priority": 1, "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "MaxConcurrency": "1", "MaxErrors": "1", "Name": "MyTask" } ] }

範例 3:列出優先順序為 3 之維護時段的所有作業

下列describe-maintenance-window-tasks範例會列出具有 of 之指定維護時段的所有作Priority3

aws ssm describe-maintenance-window-tasks \ --window-id "mw-ab12cd34eEXAMPLE" \ --filters "Key=Priority,Values=3"

輸出:

{ "Tasks": [ { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowTaskId": "0d36e6b4-3a4f-411e-adcb-3558eEXAMPLE", "TaskArn": "AWS-RunPowerShellScript", "Type": "RUN_COMMAND", "Targets": [ { "Key": "WindowTargetIds", "Values": [ "da89dcc3-7f9c-481d-ba2b-edcb7EXAMPLE" ] } ], "TaskParameters": {}, "Priority": 3, "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "MaxConcurrency": "1", "MaxErrors": "1", "Name": "MyRunCommandTask" }, { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowTaskId": "ee45feff-ad65-4a6c-b478-5cab8EXAMPLE", "TaskArn": "AWS-RestartEC2Instance", "Type": "AUTOMATION", "Targets": [ { "Key": "WindowTargetIds", "Values": [ "da89dcc3-7f9c-481d-ba2b-edcb7EXAMPLE" ] } ], "TaskParameters": {}, "Priority": 3, "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "MaxConcurrency": "10", "MaxErrors": "5", "Name": "My-Automation-Task", "Description": "A description for my Automation task" } ] }

範例 4:列出優先順序為 1 的維護時段的所有工作,並使用執行命令

describe-maintenance-window-tasks範例會列出指定維護時段 (具有 of 1 和使用) Priority 的所有作業Run Command

aws ssm describe-maintenance-window-tasks \ --window-id "mw-ab12cd34eEXAMPLE" \ --filters "Key=Priority,Values=1" "Key=TaskType,Values=RUN_COMMAND"

輸出:

{ "Tasks": [ { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowTaskId": "0d36e6b4-3a4f-411e-adcb-3558eEXAMPLE", "TaskArn": "AWS-RunPowerShellScript", "Type": "RUN_COMMAND", "Targets": [ { "Key": "WindowTargetIds", "Values": [ "da89dcc3-7f9c-481d-ba2b-edcb7EXAMPLE" ] } ], "TaskParameters": {}, "Priority": 1, "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "MaxConcurrency": "1", "MaxErrors": "1", "Name": "MyRunCommandTask" } ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的檢視維護時段 (AWS CLI) 的相關資訊。

下列程式碼範例會示範如何使用describe-maintenance-windows-for-target

AWS CLI

列出與特定執行處理相關聯的所有維護時段

下列describe-maintenance-windows-for-target範例會列出具有與指定執行處理相關聯之目標或工作的維護時段。

aws ssm describe-maintenance-windows-for-target \ --targets Key=InstanceIds,Values=i-1234567890EXAMPLE \ --resource-type INSTANCE

輸出:

{ "WindowIdentities": [ { "WindowId": "mw-0c5ed765acEXAMPLE", "Name": "My-First-Maintenance-Window" } ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的 < 檢視維護視窗 (AWS CLI) 的相關資訊 >。

下列程式碼範例會示範如何使用describe-maintenance-windows

AWS CLI

範例 1:列出所有維護時段

下列describe-maintenance-windows範例會列出您 AWS 帳戶中目前「區域」中的所有維護時段。

aws ssm describe-maintenance-windows

輸出:

{ "WindowIdentities": [ { "WindowId": "mw-0ecb1226ddEXAMPLE", "Name": "MyMaintenanceWindow-1", "Enabled": true, "Duration": 2, "Cutoff": 1, "Schedule": "rate(180 minutes)", "NextExecutionTime": "2020-02-12T23:19:20.596Z" }, { "WindowId": "mw-03eb9db428EXAMPLE", "Name": "MyMaintenanceWindow-2", "Enabled": true, "Duration": 3, "Cutoff": 1, "Schedule": "rate(7 days)", "NextExecutionTime": "2020-02-17T23:22:00.956Z" }, ] }

範例 2:列出所有已啟用的維護時段

下列describe-maintenance-windows範例會列出所有已啟用的維護時段。

aws ssm describe-maintenance-windows \ --filters "Key=Enabled,Values=true"

範例 3:列出符合特定名稱的維護時段

describe-maintenance-windows範例會列出具有指定名稱的所有維護時段。

aws ssm describe-maintenance-windows \ --filters "Key=Name,Values=MyMaintenanceWindow"

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的 < 檢視維護視窗 (AWS CLI) 的相關資訊 >。

下列程式碼範例會示範如何使用describe-ops-items

AWS CLI

若要列出一組 OpsItems

下列describe-ops-items範例會顯示您 AWS 帳戶 OpsItems 中所有開啟的清單。

aws ssm describe-ops-items \ --ops-item-filters "Key=Status,Values=Open,Operator=Equal"

輸出:

{ "OpsItemSummaries": [ { "CreatedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "CreatedTime": "2020-03-14T17:02:46.375000-07:00", "LastModifiedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "LastModifiedTime": "2020-03-14T17:02:46.375000-07:00", "Source": "SSM", "Status": "Open", "OpsItemId": "oi-7cfc5EXAMPLE", "Title": "SSM Maintenance Window execution failed", "OperationalData": { "/aws/dedup": { "Value": "{\"dedupString\":\"SSMOpsItems-SSM-maintenance-window-execution-failed\"}", "Type": "SearchableString" }, "/aws/resources": { "Value": "[{\"arn\":\"arn:aws:ssm:us-east-2:111222333444:maintenancewindow/mw-034093d322EXAMPLE\"}]", "Type": "SearchableString" } }, "Category": "Availability", "Severity": "3" }, { "CreatedBy": "arn:aws:sts::1112223233444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "CreatedTime": "2020-02-26T11:43:15.426000-08:00", "LastModifiedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "LastModifiedTime": "2020-02-26T11:43:15.426000-08:00", "Source": "EC2", "Status": "Open", "OpsItemId": "oi-6f966EXAMPLE", "Title": "EC2 instance stopped", "OperationalData": { "/aws/automations": { "Value": "[ { \"automationType\": \"AWS:SSM:Automation\", \"automationId\": \"AWS-RestartEC2Instance\" } ]", "Type": "SearchableString" }, "/aws/dedup": { "Value": "{\"dedupString\":\"SSMOpsItems-EC2-instance-stopped\"}", "Type": "SearchableString" }, "/aws/resources": { "Value": "[{\"arn\":\"arn:aws:ec2:us-east-2:111222333444:instance/i-0beccfbc02EXAMPLE\"}]", "Type": "SearchableString" } }, "Category": "Availability", "Severity": "3" } ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》 OpsItems中的〈使用〉

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考DescribeOpsItems中的。

下列程式碼範例會示範如何使用describe-parameters

AWS CLI

範例 1:列出所有參數

下列describe-parameters範例會列出目前 AWS 帳戶與區域中的所有參數。

aws ssm describe-parameters

輸出:

{ "Parameters": [ { "Name": "MySecureStringParameter", "Type": "SecureString", "KeyId": "alias/aws/ssm", "LastModifiedDate": 1582155479.205, "LastModifiedUser": "arn:aws:sts::111222333444:assumed-role/Admin/Richard-Roe-Managed", "Description": "This is a SecureString parameter", "Version": 2, "Tier": "Advanced", "Policies": [ { "PolicyText": "{\"Type\":\"Expiration\",\"Version\":\"1.0\",\"Attributes\":{\"Timestamp\":\"2020-07-07T22:30:00Z\"}}", "PolicyType": "Expiration", "PolicyStatus": "Pending" }, { "PolicyText": "{\"Type\":\"ExpirationNotification\",\"Version\":\"1.0\",\"Attributes\":{\"Before\":\"12\",\"Unit\":\"Hours\"}}", "PolicyType": "ExpirationNotification", "PolicyStatus": "Pending" } ] }, { "Name": "MyStringListParameter", "Type": "StringList", "LastModifiedDate": 1582154764.222, "LastModifiedUser": "arn:aws:iam::111222333444:user/Mary-Major", "Description": "This is a StringList parameter", "Version": 1, "Tier": "Standard", "Policies": [] }, { "Name": "MyStringParameter", "Type": "String", "LastModifiedDate": 1582154711.976, "LastModifiedUser": "arn:aws:iam::111222333444:user/Alejandro-Rosalez", "Description": "This is a String parameter", "Version": 1, "Tier": "Standard", "Policies": [] }, { "Name": "latestAmi", "Type": "String", "LastModifiedDate": 1580862415.521, "LastModifiedUser": "arn:aws:sts::111222333444:assumed-role/lambda-ssm-role/Automation-UpdateSSM-Param", "Version": 3, "Tier": "Standard", "Policies": [] } ] }

範例 2:列出符合特定中繼資料的所有參數

describe-parameters範例會列出符合篩選條件的所有參數。

aws ssm 描述-參數-過濾器「鍵 = 類型,值 =」StringList

輸出:

{ "Parameters": [ { "Name": "MyStringListParameter", "Type": "StringList", "LastModifiedDate": 1582154764.222, "LastModifiedUser": "arn:aws:iam::111222333444:user/Mary-Major", "Description": "This is a StringList parameter", "Version": 1, "Tier": "Standard", "Policies": [] } ] }

若要取得更多資訊,請參閱〈Systems Manager 使用指南〉中的〈搜尋AWS Systems Manager 參數

下列程式碼範例會示範如何使用describe-patch-baselines

AWS CLI

範例 1:列出所有修補程式基準

下列describe-patch-baselines範例會擷取目前區域中帳戶中所有修補程式基準的詳細資料。

aws ssm describe-patch-baselines

輸出:

{ "BaselineIdentities": [ { "BaselineName": "AWS-SuseDefaultPatchBaseline", "DefaultBaseline": true, "BaselineDescription": "Default Patch Baseline for Suse Provided by AWS.", "BaselineId": "arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0123fdb36e334a3b2", "OperatingSystem": "SUSE" }, { "BaselineName": "AWS-DefaultPatchBaseline", "DefaultBaseline": false, "BaselineDescription": "Default Patch Baseline Provided by AWS.", "BaselineId": "arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-020d361a05defe4ed", "OperatingSystem": "WINDOWS" }, ... { "BaselineName": "MyWindowsPatchBaseline", "DefaultBaseline": true, "BaselineDescription": "My patch baseline for EC2 instances for Windows Server", "BaselineId": "pb-0ad00e0dd7EXAMPLE", "OperatingSystem": "WINDOWS" } ] }

範例 2:列出由提供的所有修補程式基準 AWS

下列describe-patch-baselines範例列出由提供的所有修補程式基準 AWS。

aws ssm describe-patch-baselines \ --filters "Key=OWNER,Values=[AWS]"

範例 3:列出您擁有的所有修補程式基準

下列describe-patch-baselines範例列出在您帳戶中在目前區域中建立的所有自訂修補程式基準。

aws ssm describe-patch-baselines \ --filters "Key=OWNER,Values=[Self]"

如需詳細資訊,請參閱 AWS Systems Manager 使用者指南中的關於預先定義和自訂修補程式基準

下列程式碼範例會示範如何使用describe-patch-group-state

AWS CLI

取得修補程式群組的狀態

下列describe-patch-group-state範例會擷取修補程式群組的高階修補程式符合性摘要。

aws ssm describe-patch-group-state \ --patch-group "Production"

輸出:

{ "Instances": 21, "InstancesWithCriticalNonCompliantPatches": 1, "InstancesWithFailedPatches": 2, "InstancesWithInstalledOtherPatches": 3, "InstancesWithInstalledPatches": 21, "InstancesWithInstalledPendingRebootPatches": 2, "InstancesWithInstalledRejectedPatches": 1, "InstancesWithMissingPatches": 3, "InstancesWithNotApplicablePatches": 4, "InstancesWithOtherNonCompliantPatches": 1, "InstancesWithSecurityNonCompliantPatches": 1, "InstancesWithUnreportedNotApplicablePatches": 2 }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的關於修補程式群組 < https://docs.aws.amazon.com/systems-manager/latest/userguide/ sysman-patch-patchgroups .html>__ 和瞭解修補程式符合性狀態值

下列程式碼範例會示範如何使用describe-patch-groups

AWS CLI

顯示修補程式群組註冊

下列describe-patch-groups範例列出修補程式群組註冊。

aws ssm describe-patch-groups

輸出:

{ "Mappings": [ { "PatchGroup": "Production", "BaselineIdentity": { "BaselineId": "pb-0123456789abcdef0", "BaselineName": "ProdPatching", "OperatingSystem": "WINDOWS", "BaselineDescription": "Patches for Production", "DefaultBaseline": false } }, { "PatchGroup": "Development", "BaselineIdentity": { "BaselineId": "pb-0713accee01234567", "BaselineName": "DevPatching", "OperatingSystem": "WINDOWS", "BaselineDescription": "Patches for Development", "DefaultBaseline": true } }, ... ] }

如需詳細資訊,請參閱《AWS Systems Manager 理員使用指南》中的建立修補程式群組 < https://docs.aws.amazon.com/systems-manager/latest/userguide/ sysman-patch-group-tagging .html>__ 和將修補程式群組新增至修補程式基準

下列程式碼範例會示範如何使用describe-patch-properties

AWS CLI

列出 Amazon Linux 修補程式可用性

下列describe-patch-properties範例顯示您的 AWS 帳戶中有可用修補程式的 Amazon Linux 產品清單。

aws ssm describe-patch-properties \ --operating-system AMAZON_LINUX \ --property PRODUCT

輸出:

{ "Properties": [ { "Name": "AmazonLinux2012.03" }, { "Name": "AmazonLinux2012.09" }, { "Name": "AmazonLinux2013.03" }, { "Name": "AmazonLinux2013.09" }, { "Name": "AmazonLinux2014.03" }, { "Name": "AmazonLinux2014.09" }, { "Name": "AmazonLinux2015.03" }, { "Name": "AmazonLinux2015.09" }, { "Name": "AmazonLinux2016.03" }, { "Name": "AmazonLinux2016.09" }, { "Name": "AmazonLinux2017.03" }, { "Name": "AmazonLinux2017.09" }, { "Name": "AmazonLinux2018.03" } ] }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的關於修補程式基準

下列程式碼範例會示範如何使用describe-sessions

AWS CLI

範例 1:列出所有作用中的階段作業管理員階段

describe-sessions範例會擷取指定使用者啟動過去 30 天內最近建立的作用中工作階段 (連線和中斷連線的工作階段) 的清單。此命令只會傳回使用工作階段管理員所起始之目標的連線結果。它不會列出透過其他方式建立的連線,例如遠端桌面連線或 SSH。

aws ssm describe-sessions \ --state "Active" \ --filters "key=Owner,value=arn:aws:sts::123456789012:assumed-role/Administrator/Shirley-Rodriguez"

輸出:

{ "Sessions": [ { "SessionId": "John-07a16060613c408b5", "Target": "i-1234567890abcdef0", "Status": "Connected", "StartDate": 1550676938.352, "Owner": "arn:aws:sts::123456789012:assumed-role/Administrator/Shirley-Rodriguez", "OutputUrl": {} }, { "SessionId": "John-01edf534b8b56e8eb", "Target": "i-9876543210abcdef0", "Status": "Connected", "StartDate": 1550676842.194, "Owner": "arn:aws:sts::123456789012:assumed-role/Administrator/Shirley-Rodriguez", "OutputUrl": {} } ] }

範例 2:列出所有已終止的階段作業管理員階段

describe-sessions範例會為所有使用者擷取過去 30 天內最近終止的工作階段清單。

aws ssm describe-sessions \ --state "History"

輸出:

{ "Sessions": [ { "SessionId": "Mary-Major-0022b1eb2b0d9e3bd", "Target": "i-1234567890abcdef0", "Status": "Terminated", "StartDate": 1550520701.256, "EndDate": 1550521931.563, "Owner": "arn:aws:sts::123456789012:assumed-role/Administrator/Mary-Major" }, { "SessionId": "Jane-Roe-0db53f487931ed9d4", "Target": "i-9876543210abcdef0", "Status": "Terminated", "StartDate": 1550161369.149, "EndDate": 1550162580.329, "Owner": "arn:aws:sts::123456789012:assumed-role/Administrator/Jane-Roe" }, ... ], "NextToken": "--token string truncated--" }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的檢視工作階段歷程記錄

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考DescribeSessions中的。

下列程式碼範例會示範如何使用disassociate-ops-item-related-item

AWS CLI

刪除相關料號關聯的步驟

下列disassociate-ops-item-related-item範例會刪除 OpsItem 和相關項目之間的關聯。

aws ssm disassociate-ops-item-related-item \ --ops-item-id "oi-f99f2EXAMPLE" \ --association-id "e2036148-cccb-490e-ac2a-390e5EXAMPLE"

此命令不會產生輸出。

如需詳細資訊,請參閱《AWS 系統管理員使用指南》 OpsCenter中的 < 處理事件管理員事件 >。

下列程式碼範例會示範如何使用get-automation-execution

AWS CLI

顯示有關自動化執行的詳細資訊

下列get-automation-execution範例會顯示有關自動化執行的詳細資訊。

aws ssm get-automation-execution \ --automation-execution-id 73c8eef8-f4ee-4a05-820c-e354fEXAMPLE

輸出:

{ "AutomationExecution": { "AutomationExecutionId": "73c8eef8-f4ee-4a05-820c-e354fEXAMPLE", "DocumentName": "AWS-StartEC2Instance", "DocumentVersion": "1", "ExecutionStartTime": 1583737233.748, "ExecutionEndTime": 1583737234.719, "AutomationExecutionStatus": "Success", "StepExecutions": [ { "StepName": "startInstances", "Action": "aws:changeInstanceState", "ExecutionStartTime": 1583737234.134, "ExecutionEndTime": 1583737234.672, "StepStatus": "Success", "Inputs": { "DesiredState": "\"running\"", "InstanceIds": "[\"i-0cb99161f6EXAMPLE\"]" }, "Outputs": { "InstanceStates": [ "running" ] }, "StepExecutionId": "95e70479-cf20-4d80-8018-7e4e2EXAMPLE", "OverriddenParameters": {} } ], "StepExecutionsTruncated": false, "Parameters": { "AutomationAssumeRole": [ "" ], "InstanceId": [ "i-0cb99161f6EXAMPLE" ] }, "Outputs": {}, "Mode": "Auto", "ExecutedBy": "arn:aws:sts::29884EXAMPLE:assumed-role/mw_service_role/OrchestrationService", "Targets": [], "ResolvedTargets": { "ParameterValues": [], "Truncated": false } } }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的逐步解說:修補 Linux AMI (AWS CLI)

下列程式碼範例會示範如何使用get-calendar-state

AWS CLI

範例 1:取得變更行事曆的目前狀態

get-calendar-state範例會傳回目前時間行事曆的狀態。由於範例未指定時間,因此會報告行事曆的目前狀態。

aws ssm get-calendar-state \ --calendar-names "MyCalendar"

輸出:

{ "State": "OPEN", "AtTime": "2020-02-19T22:28:51Z", "NextTransitionTime": "2020-02-24T21:15:19Z" }

範例 2:在指定時間取得變更行事曆的狀態

get-calendar-state範例會傳回指定時間的行事曆狀態。

aws ssm get-calendar-state \ --calendar-names "MyCalendar" \ --at-time "2020-07-19T21:15:19Z"

輸出:

{ "State": "CLOSED", "AtTime": "2020-07-19T21:15:19Z" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的 < 取得變更行事曆的狀態 >。

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考GetCalendarState中的。

下列程式碼範例會示範如何使用get-command-invocation

AWS CLI

若要顯示命令叫用的詳細資訊

下列get-command-invocation範例會列出指定執行個體上指定命令的所有叫用。

aws ssm get-command-invocation \ --command-id "ef7fdfd8-9b57-4151-a15c-db9a12345678" \ --instance-id "i-1234567890abcdef0"

輸出:

{ "CommandId": "ef7fdfd8-9b57-4151-a15c-db9a12345678", "InstanceId": "i-1234567890abcdef0", "Comment": "b48291dd-ba76-43e0-b9df-13e11ddaac26:6960febb-2907-4b59-8e1a-d6ce8EXAMPLE", "DocumentName": "AWS-UpdateSSMAgent", "DocumentVersion": "", "PluginName": "aws:updateSsmAgent", "ResponseCode": 0, "ExecutionStartDateTime": "2020-02-19T18:18:03.419Z", "ExecutionElapsedTime": "PT0.091S", "ExecutionEndDateTime": "2020-02-19T18:18:03.419Z", "Status": "Success", "StatusDetails": "Success", "StandardOutputContent": "Updating amazon-ssm-agent from 2.3.842.0 to latest\nSuccessfully downloaded https://s3.us-east-2.amazonaws.com/amazon-ssm-us-east-2/ssm-agent-manifest.json\namazon-ssm-agent 2.3.842.0 has already been installed, update skipped\n", "StandardOutputUrl": "", "StandardErrorContent": "", "StandardErrorUrl": "", "CloudWatchOutputConfig": { "CloudWatchLogGroupName": "", "CloudWatchOutputEnabled": false } }

若要取得更多資訊,請參閱AWS Systems Manager 使用指南〉中的〈認識指令狀

下列程式碼範例會示範如何使用get-connection-status

AWS CLI

顯示代管執行個體的連線狀態

get-connection-status範例會傳回指定代管執行個體的連線狀態。

aws ssm get-connection-status \ --target i-1234567890abcdef0

輸出:

{ "Target": "i-1234567890abcdef0", "Status": "connected" }

下列程式碼範例會示範如何使用get-default-patch-baseline

AWS CLI

範例 1:若要顯示預設的 Windows 修補程式基準

下列get-default-patch-baseline範例會擷取 Windows Server 預設修補程式基準的詳細資料。

aws ssm get-default-patch-baseline

輸出:

{ "BaselineId": "pb-0713accee01612345", "OperatingSystem": "WINDOWS" }

範例 2:若要顯示 Amazon Linux 的預設修補程式基準

下列get-default-patch-baseline範例會擷取 Amazon Linux 預設修補程式基準的詳細資料。

aws ssm get-default-patch-baseline \ --operating-system AMAZON_LINUX

輸出:

{ "BaselineId": "pb-047c6eb9c8fc12345", "OperatingSystem": "AMAZON_LINUX" }

如需詳細資訊,請參閱關於預先定義和自訂修補程式基準 < https://docs.aws.amazon.com/systems-manager/latest/userguide/ sysman-patch-baselines .html>__,並在 AWS Systems Manager 使用指南中將現有的修補程式基準設定為預設值。

下列程式碼範例會示範如何使用get-deployable-patch-snapshot-for-instance

AWS CLI

擷取執行處理所使用之修正程式基準的目前快照

下列get-deployable-patch-snapshot-for-instance範例會針對執行處理所使用的指定修補程式基準,擷取目前快照的詳細資訊。此命令必須使用執行個體認證從執行個體執行。若要確保其使用執行個體認證,請僅執行aws configure並指定執行個體的區域。將Access KeySecret Key欄位保留空白。

提示:使uuidgen用生成一個snapshot-id.

aws ssm get-deployable-patch-snapshot-for-instance \ --instance-id "i-1234567890abcdef0" \ --snapshot-id "521c3536-930c-4aa9-950e-01234567abcd"

輸出:

{ "InstanceId": "i-1234567890abcdef0", "SnapshotId": "521c3536-930c-4aa9-950e-01234567abcd", "Product": "AmazonLinux2018.03", "SnapshotDownloadUrl": "https://patch-baseline-snapshot-us-east-1.s3.amazonaws.com/ed85194ef27214f5984f28b4d664d14f7313568fea7d4b6ac6c10ad1f729d7e7-773304212436/AMAZON_LINUX-521c3536-930c-4aa9-950e-01234567abcd?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20190215T164031Z&X-Amz-SignedHeaders=host&X-Amz-Expires=86400&X-Amz-Credential=AKIAJ5C56P35AEBRX2QQ%2F20190215%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=efaaaf6e3878e77f48a6697e015efdbda9c426b09c5822055075c062f6ad2149" }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的參數名稱:快照 ID

下列程式碼範例會示範如何使用get-document

AWS CLI

取得文件內容

下列get-document範例會顯示 Systems Manager 文件的內容。

aws ssm get-document \ --name "AWS-RunShellScript"

輸出:

{ "Name": "AWS-RunShellScript", "DocumentVersion": "1", "Status": "Active", "Content": "{\n \"schemaVersion\":\"1.2\",\n \"description\":\"Run a shell script or specify the commands to run.\",\n \"parameters\":{\n \"commands\":{\n \"type\":\"StringList\",\n \"description\":\"(Required) Specify a shell script or a command to run.\",\n \"minItems\":1,\n \"displayType\":\"textarea\"\n },\n \"workingDirectory\":{\n \"type\":\"String\",\n \"default\":\"\",\n \"description\":\"(Optional) The path to the working directory on your instance.\",\n \"maxChars\":4096\n },\n \"executionTimeout\":{\n \"type\":\"String\",\n \"default\":\"3600\",\n \"description\":\"(Optional) The time in seconds for a command to complete before it is considered to have failed. Default is 3600 (1 hour). Maximum is 172800 (48 hours).\",\n \"allowedPattern\":\"([1-9][0-9]{0,4})|(1[0-6][0-9]{4})|(17[0-1][0-9]{3})|(172[0-7][0-9]{2})|(172800)\"\n }\n },\n \"runtimeConfig\":{\n \"aws:runShellScript\":{\n \"properties\":[\n {\n \"id\":\"0.aws:runShellScript\",\n \"runCommand\":\"{{ commands }}\",\n \"workingDirectory\":\"{{ workingDirectory }}\",\n \"timeoutSeconds\":\"{{ executionTimeout }}\"\n }\n ]\n }\n }\n}\n", "DocumentType": "Command", "DocumentFormat": "JSON" }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的AWS Systems Manager 文件

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考GetDocument中的。

下列程式碼範例會示範如何使用get-inventory-schema

AWS CLI

若要檢視您的庫存結構描

此範例會傳回帳戶的詳細目錄類型名稱清單。

命令:

aws ssm get-inventory-schema

輸出:

{ "Schemas": [ { "TypeName": "AWS:AWSComponent", "Version": "1.0", "Attributes": [ { "Name": "Name", "DataType": "STRING" }, { "Name": "ApplicationType", "DataType": "STRING" }, { "Name": "Publisher", "DataType": "STRING" }, { "Name": "Version", "DataType": "STRING" }, { "Name": "InstalledTime", "DataType": "STRING" }, { "Name": "Architecture", "DataType": "STRING" }, { "Name": "URL", "DataType": "STRING" } ] }, ... ], "NextToken": "--token string truncated--" }

若要檢視特定詳細目錄類型的詳細目錄結構描述

此範例會傳回 AWS:AWS元件存貨型態的存貨綱要。

命令:

aws ssm get-inventory-schema --type-name "AWS:AWSComponent"

下列程式碼範例會示範如何使用get-inventory

AWS CLI

若要檢視您的庫存

此範例會取得詳細目錄的自訂中繼資料。

命令:

aws ssm get-inventory

輸出:

{ "Entities": [ { "Data": { "AWS:InstanceInformation": { "Content": [ { "ComputerName": "ip-172-31-44-222.us-west-2.compute.internal", "InstanceId": "i-0cb2b964d3e14fd9f", "IpAddress": "172.31.44.222", "AgentType": "amazon-ssm-agent", "ResourceType": "EC2Instance", "AgentVersion": "2.0.672.0", "PlatformVersion": "2016.09", "PlatformName": "Amazon Linux AMI", "PlatformType": "Linux" } ], "TypeName": "AWS:InstanceInformation", "SchemaVersion": "1.0", "CaptureTime": "2017-02-20T18:03:58Z" } }, "Id": "i-0cb2b964d3e14fd9f" } ] }
  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考GetInventory中的。

下列程式碼範例會示範如何使用get-maintenance-window-execution-task-invocation

AWS CLI

取得維護時段工作呼叫的相關資訊

下列get-maintenance-window-execution-task-invocation範例會列出指定作業呼叫 (屬於指定維護時段執行的一部分) 的相關資訊。

aws ssm get-maintenance-window-execution-task-invocation \ --window-execution-id "bc494bfa-e63b-49f6-8ad1-aa9f2EXAMPLE" \ --task-id "96f2ad59-97e3-461d-a63d-40c8aEXAMPLE" \ --invocation-id "a5273e2c-d2c6-4880-b3e1-5e550EXAMPLE"

輸出:

{ "Status": "SUCCESS", "Parameters": "{\"comment\":\"\",\"documentName\":\"AWS-RunPowerShellScript\",\"instanceIds\":[\"i-1234567890EXAMPLE\"],\"maxConcurrency\":\"1\",\"maxErrors\":\"1\",\"parameters\":{\"executionTimeout\":[\"3600\"],\"workingDirectory\":[\"\"],\"commands\":[\"echo Hello\"]},\"timeoutSeconds\":600}", "ExecutionId": "03b6baa0-5460-4e15-83f2-ea685EXAMPLE", "InvocationId": "a5273e2c-d2c6-4880-b3e1-5e550EXAMPLE", "StartTime": 1549998326.421, "TaskType": "RUN_COMMAND", "EndTime": 1550001931.784, "WindowExecutionId": "bc494bfa-e63b-49f6-8ad1-aa9f2EXAMPLE", "StatusDetails": "Failed", "TaskExecutionId": "96f2ad59-97e3-461d-a63d-40c8aEXAMPLE" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈檢視工作和工作執行 (AWS CLI) 的相關資訊。

下列程式碼範例會示範如何使用get-maintenance-window-execution-task

AWS CLI

取得維護視窗工作執行的相關資訊

下列get-maintenance-window-execution-task範例會列出屬於指定維護時段執行一部份之工作的相關資訊。

aws ssm get-maintenance-window-execution-task \ --window-execution-id "518d5565-5969-4cca-8f0e-da3b2EXAMPLE" \ --task-id "ac0c6ae1-daa3-4a89-832e-d3845EXAMPLE"

輸出:

{ "WindowExecutionId": "518d5565-5969-4cca-8f0e-da3b2EXAMPLE", "TaskExecutionId": "ac0c6ae1-daa3-4a89-832e-d3845EXAMPLE", "TaskArn": "AWS-RunPatchBaseline", "ServiceRole": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "Type": "RUN_COMMAND", "TaskParameters": [ { "BaselineOverride": { "Values": [ "" ] }, "InstallOverrideList": { "Values": [ "" ] }, "Operation": { "Values": [ "Scan" ] }, "RebootOption": { "Values": [ "RebootIfNeeded" ] }, "SnapshotId": { "Values": [ "{{ aws:ORCHESTRATION_ID }}" ] }, "aws:InstanceId": { "Values": [ "i-02573cafcfEXAMPLE", "i-0471e04240EXAMPLE", "i-07782c72faEXAMPLE" ] } } ], "Priority": 1, "MaxConcurrency": "1", "MaxErrors": "3", "Status": "SUCCESS", "StartTime": "2021-08-04T11:45:35.088000-07:00", "EndTime": "2021-08-04T11:53:09.079000-07:00" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的檢視工作和工作執行 (AWS CLI) 的相關資訊。

下列程式碼範例會示範如何使用get-maintenance-window-execution

AWS CLI

取得維護視窗工作執行的相關資訊

下列get-maintenance-window-execution範例會列出在指定維護時段執行過程中所執行之工作的相關資訊。

aws ssm get-maintenance-window-execution \ --window-execution-id "518d5565-5969-4cca-8f0e-da3b2EXAMPLE"

輸出:

{ "Status": "SUCCESS", "TaskIds": [ "ac0c6ae1-daa3-4a89-832e-d3845EXAMPLE" ], "StartTime": 1487692834.595, "EndTime": 1487692835.051, "WindowExecutionId": "518d5565-5969-4cca-8f0e-da3b2EXAMPLE", }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈檢視工作和工作執行 (AWS CLI) 的相關資訊。

下列程式碼範例會示範如何使用get-maintenance-window-task

AWS CLI

取得維護時段作業的相關資訊

下列get-maintenance-window-task範例會重建有關指定維護時段作業的詳細資訊。

aws ssm get-maintenance-window-task \ --window-id mw-0c5ed765acEXAMPLE \ --window-task-id 0e842a8d-2d44-4886-bb62-af8dcEXAMPLE

輸出:

{ "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "MaxErrors": "1", "TaskArn": "AWS-RunPowerShellScript", "MaxConcurrency": "1", "WindowTaskId": "0e842a8d-2d44-4886-bb62-af8dcEXAMPLE", "TaskParameters": {}, "Priority": 1, "TaskInvocationParameters": { "RunCommand": { "Comment": "", "TimeoutSeconds": 600, "Parameters": { "commands": [ "echo Hello" ], "executionTimeout": [ "3600" ], "workingDirectory": [ "" ] } } }, "WindowId": "mw-0c5ed765acEXAMPLE", "TaskType": "RUN_COMMAND", "Targets": [ { "Values": [ "84c818da-b619-4d3d-9651-946f3EXAMPLE" ], "Key": "WindowTargetIds" } ], "Name": "ExampleTask" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的 < 檢視維護視窗 (AWS CLI) 的相關資訊 >。

下列程式碼範例會示範如何使用get-maintenance-window

AWS CLI

若要取得維護時段的相關資訊

下列get-maintenance-window範例會擷取有關指定維護時段的詳細資訊。

aws ssm get-maintenance-window \ --window-id "mw-03eb9db428EXAMPLE"

輸出:

{ "AllowUnassociatedTargets": true, "CreatedDate": 1515006912.957, "Cutoff": 1, "Duration": 6, "Enabled": true, "ModifiedDate": 2020-01-01T10:04:04.099Z, "Name": "My-Maintenance-Window", "Schedule": "rate(3 days)", "WindowId": "mw-03eb9db428EXAMPLE", "NextExecutionTime": "2020-02-25T00:08:15.099Z" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的檢視維護時段 (AWS CLI) 的相關資訊。

下列程式碼範例會示範如何使用get-ops-item

AWS CLI

若要檢視有關的資訊 OpsItem

下列get-ops-item範例會顯示有關指定項目的詳細資訊 OpsItem。

aws ssm get-ops-item \ --ops-item-id oi-0b725EXAMPLE

輸出:

{ "OpsItem": { "CreatedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "CreatedTime": "2019-12-04T15:52:16.793000-08:00", "Description": "CloudWatch Event Rule SSMOpsItems-EC2-instance-terminated was triggered. Your EC2 instance has terminated. See below for more details.", "LastModifiedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "LastModifiedTime": "2019-12-04T15:52:16.793000-08:00", "Notifications": [], "RelatedOpsItems": [], "Status": "Open", "OpsItemId": "oi-0b725EXAMPLE", "Title": "EC2 instance terminated", "Source": "EC2", "OperationalData": { "/aws/automations": { "Value": "[ { \"automationType\": \"AWS:SSM:Automation\", \"automationId\": \"AWS-CreateManagedWindowsInstance\" }, { \"automationType\": \"AWS:SSM:Automation\", \"automationId\": \"AWS-CreateManagedLinuxInstance\" } ]", "Type": "SearchableString" }, "/aws/dedup": { "Value": "{\"dedupString\":\"SSMOpsItems-EC2-instance-terminated\"}", "Type": "SearchableString" }, "/aws/resources": { "Value": "[{\"arn\":\"arn:aws:ec2:us-east-2:111222333444:instance/i-05adec7e97EXAMPLE\"}]", "Type": "SearchableString" }, "event-time": { "Value": "2019-12-04T23:52:16Z", "Type": "String" }, "instance-state": { "Value": "terminated", "Type": "String" } }, "Category": "Availability", "Severity": "4" } }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》 OpsItems中的〈使用〉

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考GetOpsItem中的。

下列程式碼範例會示範如何使用get-ops-summary

AWS CLI

若要檢視全部的摘要 OpsItems

下列get-ops-summary範例會顯示您 AWS 帳戶 OpsItems 中所有項目的摘要。

aws ssm get-ops-summary

輸出:

{ "Entities": [ { "Id": "oi-4309fEXAMPLE", "Data": { "AWS:OpsItem": { "CaptureTime": "2020-02-26T18:58:32.918Z", "Content": [ { "AccountId": "111222333444", "Category": "Availability", "CreatedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "CreatedTime": "2020-02-26T19:10:44.149Z", "Description": "CloudWatch Event Rule SSMOpsItems-EC2-instance-terminated was triggered. Your EC2 instance has terminated. See below for more details.", "LastModifiedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "LastModifiedTime": "2020-02-26T19:10:44.149Z", "Notifications": "", "OperationalData": "{\"/aws/automations\":{\"type\":\"SearchableString\",\"value\":\"[ { \\\"automationType\\\": \\\"AWS:SSM:Automation\\\", \\\"automationId\\\": \\\"AWS-CreateManagedWindowsInstance\\\" }, { \\\"automationType\\\": \\\"AWS:SSM:Automation\\\", \\\"automationId\\\": \\\"AWS-CreateManagedLinuxInstance\\\" } ]\"},\"/aws/resources\":{\"type\":\"SearchableString\",\"value\":\"[{\\\"arn\\\":\\\"arn:aws:ec2:us-east-2:111222333444:instance/i-0acbd0800fEXAMPLE\\\"}]\"},\"/aws/dedup\":{\"type\":\"SearchableString\",\"value\":\"{\\\"dedupString\\\":\\\"SSMOpsItems-EC2-instance-terminated\\\"}\"}}", "OpsItemId": "oi-4309fEXAMPLE", "RelatedItems": "", "Severity": "3", "Source": "EC2", "Status": "Open", "Title": "EC2 instance terminated" } ] } } }, { "Id": "oi-bb2a0e6a4541", "Data": { "AWS:OpsItem": { "CaptureTime": "2019-11-26T19:20:06.161Z", "Content": [ { "AccountId": "111222333444", "Category": "Availability", "CreatedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "CreatedTime": "2019-11-26T20:00:07.237Z", "Description": "CloudWatch Event Rule SSMOpsItems-SSM-maintenance-window-execution-failed was triggered. Your SSM Maintenance Window execution has failed. See below for more details.", "LastModifiedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "LastModifiedTime": "2019-11-26T20:00:07.237Z", "Notifications": "", "OperationalData": "{\"/aws/resources\":{\"type\":\"SearchableString\",\"value\":\"[{\\\"arn\\\":\\\"arn:aws:ssm:us-east-2:111222333444:maintenancewindow/mw-0e83ba440dEXAMPLE\\\"}]\"},\"/aws/dedup\":{\"type\":\"SearchableString\",\"value\":\"{\\\"dedupString\\\":\\\"SSMOpsItems-SSM-maintenance-window-execution-failed\\\"}\"}}", "OpsItemId": "oi-bb2a0EXAMPLE", "RelatedItems": "", "Severity": "3", "Source": "SSM", "Status": "Open", "Title": "SSM Maintenance Window execution failed" } ] } } } ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》 OpsItems中的〈使用〉

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考GetOpsSummary中的。

下列程式碼範例會示範如何使用get-parameter-history

AWS CLI

若要取得參數的值歷程記錄

下列get-parameter-history範例會列出指定參數的變更記錄,包括其值。

aws ssm get-parameter-history \ --name "MyStringParameter"

輸出:

{ "Parameters": [ { "Name": "MyStringParameter", "Type": "String", "LastModifiedDate": 1582154711.976, "LastModifiedUser": "arn:aws:iam::111222333444:user/Mary-Major", "Description": "This is the first version of my String parameter", "Value": "Veni", "Version": 1, "Labels": [], "Tier": "Standard", "Policies": [] }, { "Name": "MyStringParameter", "Type": "String", "LastModifiedDate": 1582156093.471, "LastModifiedUser": "arn:aws:iam::111222333444:user/Mary-Major", "Description": "This is the second version of my String parameter", "Value": "Vidi", "Version": 2, "Labels": [], "Tier": "Standard", "Policies": [] }, { "Name": "MyStringParameter", "Type": "String", "LastModifiedDate": 1582156117.545, "LastModifiedUser": "arn:aws:iam::111222333444:user/Mary-Major", "Description": "This is the third version of my String parameter", "Value": "Vici", "Version": 3, "Labels": [], "Tier": "Standard", "Policies": [] } ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈使用參數版本

下列程式碼範例會示範如何使用get-parameter

AWS CLI

範例 1:顯示參數值

下列get-parameter範例會列出指定之單一參數的值。

aws ssm get-parameter \ --name "MyStringParameter"

輸出:

{ "Parameter": { "Name": "MyStringParameter", "Type": "String", "Value": "Veni", "Version": 1, "LastModifiedDate": 1530018761.888, "ARN": "arn:aws:ssm:us-east-2:111222333444:parameter/MyStringParameter" "DataType": "text" } }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈使用參數存放區

範例 2:解密 SecureString 參數值

下列get-parameter範例會解密指定SecureString參數的值。

aws ssm get-parameter \ --name "MySecureStringParameter" \ --with-decryption

輸出:

{ "Parameter": { "Name": "MySecureStringParameter", "Type": "SecureString", "Value": "16679b88-310b-4895-a943-e0764EXAMPLE", "Version": 2, "LastModifiedDate": 1582155479.205, "ARN": "arn:aws:ssm:us-east-2:111222333444:parameter/MySecureStringParameter" "DataType": "text" } }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈使用參數存放區

範例 3:使用標籤顯示參數值

下列get-parameter範例會列出具有指定標籤之指定單一參數的值。

aws ssm get-parameter \ --name "MyParameter:label"

輸出:

{ "Parameter": { "Name": "MyParameter", "Type": "String", "Value": "parameter version 2", "Version": 2, "Selector": ":label", "LastModifiedDate": "2021-07-12T09:49:15.865000-07:00", "ARN": "arn:aws:ssm:us-west-2:786973925828:parameter/MyParameter", "DataType": "text" } }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈使用參數標示

範例 4:若要使用版本顯示參數值

下列get-parameter範例會列出指定之單一參數版本的值。

aws ssm get-parameter \ --name "MyParameter:2"

輸出:

{ "Parameter": { "Name": "MyParameter", "Type": "String", "Value": "parameter version 2", "Version": 2, "Selector": ":2", "LastModifiedDate": "2021-07-12T09:49:15.865000-07:00", "ARN": "arn:aws:ssm:us-west-2:786973925828:parameter/MyParameter", "DataType": "text" } }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈使用參數標示

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考GetParameter中的。

下列程式碼範例會示範如何使用get-parameters-by-path

AWS CLI

列示特定路徑中參數的步驟

下列get-parameters-by-path範例會列出指定階層內的參數。

aws ssm get-parameters-by-path \ --path "/site/newyork/department/"

輸出:

{ "Parameters": [ { "Name": "/site/newyork/department/marketing", "Type": "String", "Value": "Floor 2", "Version": 1, "LastModifiedDate": 1530018761.888, "ARN": "arn:aws:ssm:us-east-1:111222333444:parameter/site/newyork/department/marketing" }, { "Name": "/site/newyork/department/infotech", "Type": "String", "Value": "Floor 3", "Version": 1, "LastModifiedDate": 1530018823.429, "ARN": "arn:aws:ssm:us-east-1:111222333444:parameter/site/newyork/department/infotech" }, ... ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈使用參數階層

下列程式碼範例會示範如何使用get-parameters

AWS CLI

範例 1:列出參數值

下列get-parameters範例會列出三個指定參數的值。

aws ssm get-parameters \ --names "MyStringParameter" "MyStringListParameter" "MyInvalidParameterName"

輸出:

{ "Parameters": [ { "Name": "MyStringListParameter", "Type": "StringList", "Value": "alpha,beta,gamma", "Version": 1, "LastModifiedDate": 1582154764.222, "ARN": "arn:aws:ssm:us-east-2:111222333444:parameter/MyStringListParameter" "DataType": "text" }, { "Name": "MyStringParameter", "Type": "String", "Value": "Vici", "Version": 3, "LastModifiedDate": 1582156117.545, "ARN": "arn:aws:ssm:us-east-2:111222333444:parameter/MyStringParameter" "DataType": "text" } ], "InvalidParameters": [ "MyInvalidParameterName" ] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈使用參數存放區

實施例 2:使用 ``-query`` 選項列出多個參數的名稱和值

下列get-parameters範例會列出指定參數的名稱和值。

aws ssm get-parameters \ --names MyStringParameter MyStringListParameter \ --query "Parameters[*].{Name:Name,Value:Value}"

輸出:

[ { "Name": "MyStringListParameter", "Value": "alpha,beta,gamma" }, { "Name": "MyStringParameter", "Value": "Vidi" } ]

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈使用參數存放區

範例 3:使用標籤顯示參數值

下列get-parameter範例會列出具有指定標籤之指定單一參數的值。

aws ssm get-parameter \ --name "MyParameter:label"

輸出:

{ "Parameters": [ { "Name": "MyLabelParameter", "Type": "String", "Value": "parameter by label", "Version": 1, "Selector": ":label", "LastModifiedDate": "2021-07-12T09:49:15.865000-07:00", "ARN": "arn:aws:ssm:us-west-2:786973925828:parameter/MyParameter", "DataType": "text" }, { "Name": "MyVersionParameter", "Type": "String", "Value": "parameter by version", "Version": 2, "Selector": ":2", "LastModifiedDate": "2021-03-24T16:20:28.236000-07:00", "ARN": "arn:aws:ssm:us-west-2:786973925828:parameter/unlabel-param", "DataType": "text" } ], "InvalidParameters": [] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈使用參數標示

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考GetParameters中的。

下列程式碼範例會示範如何使用get-patch-baseline-for-patch-group

AWS CLI

顯示修補程式群組的修補程式基準

下列get-patch-baseline-for-patch-group範例會擷取有關指定修補程式群組之修補程式基準的詳細資料。

aws ssm get-patch-baseline-for-patch-group \ --patch-group "DEV"

輸出:

{ "PatchGroup": "DEV", "BaselineId": "pb-0123456789abcdef0", "OperatingSystem": "WINDOWS" }

如需詳細資訊,請參閱《AWS Systems Manager 理員使用指南》中的建立修補程式群組 < https://docs.aws.amazon.com/systems-manager/latest/userguide/ sysman-patch-group-tagging .html>__ 和將修補程式群組新增至修補程式基準

下列程式碼範例會示範如何使用get-patch-baseline

AWS CLI

顯示修補程式基準

下列get-patch-baseline範例會擷取指定修補程式基準的詳細資料。

aws ssm get-patch-baseline \ --baseline-id "pb-0123456789abcdef0"

輸出:

{ "BaselineId": "pb-0123456789abcdef0", "Name": "WindowsPatching", "OperatingSystem": "WINDOWS", "GlobalFilters": { "PatchFilters": [] }, "ApprovalRules": { "PatchRules": [ { "PatchFilterGroup": { "PatchFilters": [ { "Key": "PRODUCT", "Values": [ "WindowsServer2016" ] } ] }, "ComplianceLevel": "CRITICAL", "ApproveAfterDays": 0, "EnableNonSecurity": false } ] }, "ApprovedPatches": [], "ApprovedPatchesComplianceLevel": "UNSPECIFIED", "ApprovedPatchesEnableNonSecurity": false, "RejectedPatches": [], "RejectedPatchesAction": "ALLOW_AS_DEPENDENCY", "PatchGroups": [ "QA", "DEV" ], "CreatedDate": 1550244180.465, "ModifiedDate": 1550244180.465, "Description": "Patches for Windows Servers", "Sources": [] }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的關於修補程式基準

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考GetPatchBaseline中的。

下列程式碼範例會示範如何使用get-service-setting

AWS CLI

擷取參數存放區輸送量的服務設定

下列get-service-setting此範例會擷取指定區域中參數存放區輸送量的目前服務設定。

aws ssm get-service-setting \ --setting-id arn:aws:ssm:us-east-1:123456789012:servicesetting/ssm/parameter-store/high-throughput-enabled

輸出:

{ "ServiceSetting": { "SettingId": "/ssm/parameter-store/high-throughput-enabled", "SettingValue": "false", "LastModifiedDate": 1555532818.578, "LastModifiedUser": "System", "ARN": "arn:aws:ssm:us-east-1:123456789012:servicesetting/ssm/parameter-store/high-throughput-enabled", "Status": "Default" } }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的增加參數存放區輸送量

下列程式碼範例會示範如何使用label-parameter-version

AWS CLI

範例 1:將標籤新增至參數的最新版本

下列label-parameter-version範例會將標籤新增至指定參數的最新版本。

aws ssm label-parameter-version \ --name "MyStringParameter" \ --labels "ProductionReady"

輸出:

{ "InvalidLabels": [], "ParameterVersion": 3 }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈使用參數標示

範例 2:將標籤新增至參數的特定版本

下列label-parameter-version範例會將標籤新增至參數的指定版本。

aws ssm label-parameter-version \ --name "MyStringParameter" \ --labels "ProductionReady" \ --parameter-version "2" --labels "DevelopmentReady"

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈使用參數標示

下列程式碼範例會示範如何使用list-association-versions

AWS CLI

若要列出特定關聯 ID 的所有關聯版本

下列list-association-versions範例會列出指定關聯的所有版本。

aws ssm list-association-versions \ --association-id "8dfe3659-4309-493a-8755-0123456789ab"

輸出:

{ "AssociationVersions": [ { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "CreatedDate": 1550505536.726, "Name": "AWS-UpdateSSMAgent", "Parameters": { "allowDowngrade": [ "false" ], "version": [ "" ] }, "Targets": [ { "Key": "InstanceIds", "Values": [ "i-1234567890abcdef0" ] } ], "ScheduleExpression": "cron(0 00 12 ? * SUN *)", "AssociationName": "UpdateSSMAgent" } ] }

如需詳細資訊,請參閱《Systems Manager 理員使用指南》中的〈AWS Systems Manager〉中的使用關聯

下列程式碼範例會示範如何使用list-associations

AWS CLI

範例 1:列出特定執行環境的關聯

下面的列表關聯示例列出了所有的關聯 AssociationName,更新。

aws ssm list-associations / --association-filter-list "key=AssociationName,value=UpdateSSMAgent"

輸出:

{ "Associations": [ { "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-1234567890abcdef0", "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "Targets": [ { "Key": "InstanceIds", "Values": [ "i-016648b75dd622dab" ] } ], "Overview": { "Status": "Pending", "DetailedStatus": "Associated", "AssociationStatusAggregatedCount": { "Pending": 1 } }, "ScheduleExpression": "cron(0 00 12 ? * SUN *)", "AssociationName": "UpdateSSMAgent" } ] }

如需詳細資訊,請參閱《Systems Manager 理員使用指南》中的〈Systems Manager〉中的使用關聯

範例 2:列出特定文件的關聯

下列清單關聯範例會列出指定文件的所有關聯。

aws ssm list-associations / --association-filter-list "key=Name,value=AWS-UpdateSSMAgent"

輸出:

{ "Associations": [ { "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-1234567890abcdef0", "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "Targets": [ { "Key": "InstanceIds", "Values": [ "i-1234567890abcdef0" ] } ], "LastExecutionDate": 1550505828.548, "Overview": { "Status": "Success", "DetailedStatus": "Success", "AssociationStatusAggregatedCount": { "Success": 1 } }, "ScheduleExpression": "cron(0 00 12 ? * SUN *)", "AssociationName": "UpdateSSMAgent" }, { "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-9876543210abcdef0", "AssociationId": "fbc07ef7-b985-4684-b82b-0123456789ab", "AssociationVersion": "1", "Targets": [ { "Key": "InstanceIds", "Values": [ "i-9876543210abcdef0" ] } ], "LastExecutionDate": 1550507531.0, "Overview": { "Status": "Success", "AssociationStatusAggregatedCount": { "Success": 1 } } } ] }

如需詳細資訊,請參閱《Systems Manager 理員使用指南》中的〈Systems Manager〉中的使用關聯

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考ListAssociations中的。

下列程式碼範例會示範如何使用list-command-invocations

AWS CLI

若要列出特定指令的呼叫

下面的list-command-invocations例子列出了一個命令的所有調用。

aws ssm list-command-invocations \ --command-id "ef7fdfd8-9b57-4151-a15c-db9a12345678" \ --details

輸出:

{ "CommandInvocations": [ { "CommandId": "ef7fdfd8-9b57-4151-a15c-db9a12345678", "InstanceId": "i-02573cafcfEXAMPLE", "InstanceName": "", "Comment": "b48291dd-ba76-43e0-b9df-13e11ddaac26:6960febb-2907-4b59-8e1a-d6ce8EXAMPLE", "DocumentName": "AWS-UpdateSSMAgent", "DocumentVersion": "", "RequestedDateTime": 1582136283.089, "Status": "Success", "StatusDetails": "Success", "StandardOutputUrl": "", "StandardErrorUrl": "", "CommandPlugins": [ { "Name": "aws:updateSsmAgent", "Status": "Success", "StatusDetails": "Success", "ResponseCode": 0, "ResponseStartDateTime": 1582136283.419, "ResponseFinishDateTime": 1582136283.51, "Output": "Updating amazon-ssm-agent from 2.3.842.0 to latest\nSuccessfully downloaded https://s3.us-east-2.amazonaws.com/amazon-ssm-us-east-2/ssm-agent-manifest.json\namazon-ssm-agent 2.3.842.0 has already been installed, update skipped\n", "StandardOutputUrl": "", "StandardErrorUrl": "", "OutputS3Region": "us-east-2", "OutputS3BucketName": "", "OutputS3KeyPrefix": "" } ], "ServiceRole": "", "NotificationConfig": { "NotificationArn": "", "NotificationEvents": [], "NotificationType": "" }, "CloudWatchOutputConfig": { "CloudWatchLogGroupName": "", "CloudWatchOutputEnabled": false } }, { "CommandId": "ef7fdfd8-9b57-4151-a15c-db9a12345678", "InstanceId": "i-0471e04240EXAMPLE", "InstanceName": "", "Comment": "b48291dd-ba76-43e0-b9df-13e11ddaac26:6960febb-2907-4b59-8e1a-d6ce8EXAMPLE", "DocumentName": "AWS-UpdateSSMAgent", "DocumentVersion": "", "RequestedDateTime": 1582136283.02, "Status": "Success", "StatusDetails": "Success", "StandardOutputUrl": "", "StandardErrorUrl": "", "CommandPlugins": [ { "Name": "aws:updateSsmAgent", "Status": "Success", "StatusDetails": "Success", "ResponseCode": 0, "ResponseStartDateTime": 1582136283.812, "ResponseFinishDateTime": 1582136295.031, "Output": "Updating amazon-ssm-agent from 2.3.672.0 to latest\nSuccessfully downloaded https://s3.us-east-2.amazonaws.com/amazon-ssm-us-east-2/ssm-agent-manifest.json\nSuccessfully downloaded https://s3.us-east-2.amazonaws.com/amazon-ssm-us-east-2/amazon-ssm-agent-updater/2.3.842.0/amazon-ssm-agent-updater-snap-amd64.tar.gz\nSuccessfully downloaded https://s3.us-east-2.amazonaws.com/amazon-ssm-us-east-2/amazon-ssm-agent/2.3.672.0/amazon-ssm-agent-snap-amd64.tar.gz\nSuccessfully downloaded https://s3.us-east-2.amazonaws.com/amazon-ssm-us-east-2/amazon-ssm-agent/2.3.842.0/amazon-ssm-agent-snap-amd64.tar.gz\nInitiating amazon-ssm-agent update to 2.3.842.0\namazon-ssm-agent updated successfully to 2.3.842.0", "StandardOutputUrl": "", "StandardErrorUrl": "", "OutputS3Region": "us-east-2", "OutputS3BucketName": "", "OutputS3KeyPrefix": "8bee3135-398c-4d31-99b6-e42d2EXAMPLE/i-0471e04240EXAMPLE/awsupdateSsmAgent" } ], "ServiceRole": "", "NotificationConfig": { "NotificationArn": "", "NotificationEvents": [], "NotificationType": "" }, "CloudWatchOutputConfig": { "CloudWatchLogGroupName": "", "CloudWatchOutputEnabled": false } } ] }

若要取得更多資訊,請參閱AWS Systems Manager 使用指南〉中的〈認識指令狀

下列程式碼範例會示範如何使用list-commands

AWS CLI

範例 1:取得特定指令的狀態

下列list-commands範例會擷取並顯示指定命令的狀態。

aws ssm list-commands \ --command-id "0831e1a8-a1ac-4257-a1fd-c831bEXAMPLE"

示例 2:獲取特定日期之後請求的命令的狀態

下列list-commands範例會擷取指定日期之後所要求之命令的詳細資訊。

aws ssm list-commands \ --filter "key=InvokedAfter,value=2020-02-01T00:00:00Z"

示例 3:列出 AWS 帳戶中請求的所有命令

下列list-commands範例會列出目前 AWS 帳戶和 Region 中使用者要求的所有命令。

aws ssm list-commands

輸出:

{ "Commands": [ { "CommandId": "8bee3135-398c-4d31-99b6-e42d2EXAMPLE", "DocumentName": "AWS-UpdateSSMAgent", "DocumentVersion": "", "Comment": "b48291dd-ba76-43e0-b9df-13e11ddaac26:6960febb-2907-4b59-8e1a-d6ce8EXAMPLE", "ExpiresAfter": "2020-02-19T11:28:02.500000-08:00", "Parameters": {}, "InstanceIds": [ "i-028ea792daEXAMPLE", "i-02feef8c46EXAMPLE", "i-038613f3f0EXAMPLE", "i-03a530a2d4EXAMPLE", "i-083b678d37EXAMPLE", "i-0dee81debaEXAMPLE" ], "Targets": [], "RequestedDateTime": "2020-02-19T10:18:02.500000-08:00", "Status": "Success", "StatusDetails": "Success", "OutputS3BucketName": "", "OutputS3KeyPrefix": "", "MaxConcurrency": "50", "MaxErrors": "100%", "TargetCount": 6, "CompletedCount": 6, "ErrorCount": 0, "DeliveryTimedOutCount": 0, "ServiceRole": "", "NotificationConfig": { "NotificationArn": "", "NotificationEvents": [], "NotificationType": "" }, "CloudWatchOutputConfig": { "CloudWatchLogGroupName": "", "CloudWatchOutputEnabled": false } } { "CommandId": "e9ade581-c03d-476b-9b07-26667EXAMPLE", "DocumentName": "AWS-FindWindowsUpdates", "DocumentVersion": "1", "Comment": "", "ExpiresAfter": "2020-01-24T12:37:31.874000-08:00", "Parameters": { "KbArticleIds": [ "" ], "UpdateLevel": [ "All" ] }, "InstanceIds": [], "Targets": [ { "Key": "InstanceIds", "Values": [ "i-00ec29b21eEXAMPLE", "i-09911ddd90EXAMPLE" ] } ], "RequestedDateTime": "2020-01-24T11:27:31.874000-08:00", "Status": "Success", "StatusDetails": "Success", "OutputS3BucketName": "my-us-east-2-bucket", "OutputS3KeyPrefix": "my-rc-output", "MaxConcurrency": "50", "MaxErrors": "0", "TargetCount": 2, "CompletedCount": 2, "ErrorCount": 0, "DeliveryTimedOutCount": 0, "ServiceRole": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "NotificationConfig": { "NotificationArn": "arn:aws:sns:us-east-2:111222333444:my-us-east-2-notification-arn", "NotificationEvents": [ "All" ], "NotificationType": "Invocation" }, "CloudWatchOutputConfig": { "CloudWatchLogGroupName": "", "CloudWatchOutputEnabled": false } } { "CommandId": "d539b6c3-70e8-4853-80e5-0ce4fEXAMPLE", "DocumentName": "AWS-RunPatchBaseline", "DocumentVersion": "1", "Comment": "", "ExpiresAfter": "2020-01-24T12:21:04.350000-08:00", "Parameters": { "InstallOverrideList": [ "" ], "Operation": [ "Install" ], "RebootOption": [ "RebootIfNeeded" ], "SnapshotId": [ "" ] }, "InstanceIds": [], "Targets": [ { "Key": "InstanceIds", "Values": [ "i-00ec29b21eEXAMPLE", "i-09911ddd90EXAMPLE" ] } ], "RequestedDateTime": "2020-01-24T11:11:04.350000-08:00", "Status": "Success", "StatusDetails": "Success", "OutputS3BucketName": "my-us-east-2-bucket", "OutputS3KeyPrefix": "my-rc-output", "MaxConcurrency": "50", "MaxErrors": "0", "TargetCount": 2, "CompletedCount": 2, "ErrorCount": 0, "DeliveryTimedOutCount": 0, "ServiceRole": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "NotificationConfig": { "NotificationArn": "arn:aws:sns:us-east-2:111222333444:my-us-east-2-notification-arn", "NotificationEvents": [ "All" ], "NotificationType": "Invocation" }, "CloudWatchOutputConfig": { "CloudWatchLogGroupName": "", "CloudWatchOutputEnabled": false } } ] }

若要取得更多資訊,請參閱《Systems Manager 使用指南》中的〈使用 AWS Systems Manager 執行指〉執

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考ListCommands中的。

下列程式碼範例會示範如何使用list-compliance-items

AWS CLI

若要列出特定執行個體的符合性項目

此範例會列出指定執行個體的所有符合性項目。

命令:

aws ssm list-compliance-items --resource-ids "i-1234567890abcdef0" --resource-types "ManagedInstance"

輸出:

{ "ComplianceItems": [ { "ComplianceType": "Association", "ResourceType": "ManagedInstance", "ResourceId": "i-1234567890abcdef0", "Id": "8dfe3659-4309-493a-8755-0123456789ab", "Title": "", "Status": "COMPLIANT", "Severity": "UNSPECIFIED", "ExecutionSummary": { "ExecutionTime": 1550408470.0 }, "Details": { "DocumentName": "AWS-GatherSoftwareInventory", "DocumentVersion": "1" } }, { "ComplianceType": "Association", "ResourceType": "ManagedInstance", "ResourceId": "i-1234567890abcdef0", "Id": "e4c2ed6d-516f-41aa-aa2a-0123456789ab", "Title": "", "Status": "COMPLIANT", "Severity": "UNSPECIFIED", "ExecutionSummary": { "ExecutionTime": 1550508475.0 }, "Details": { "DocumentName": "AWS-UpdateSSMAgent", "DocumentVersion": "1" } }, ... ], "NextToken": "--token string truncated--" }

列出特定執行個體和關聯 ID 的符合性項目

此範例會列出指定執行個體和關聯 ID 的所有符合性項目。

命令:

aws ssm list-compliance-items --resource-ids "i-1234567890abcdef0" --resource-types "ManagedInstance" --filters "Key=ComplianceType,Values=Association,Type=EQUAL" "Key=Id,Values=e4c2ed6d-516f-41aa-aa2a-0123456789ab,Type=EQUAL"

列出特定日期和時間之後執行個體的符合性項目

此範例會列出指定日期和時間之後執行個體的所有符合性項目。

命令:

aws ssm list-compliance-items --resource-ids "i-1234567890abcdef0" --resource-types "ManagedInstance" --filters "Key=ExecutionTime,Values=2019-02-18T16:00:00Z,Type=GREATER_THAN"

下列程式碼範例會示範如何使用list-compliance-summaries

AWS CLI

若要列出所有規範遵循類型的符合性摘要

此範例會列出您帳戶中所有規範遵循類型的合規摘要。

命令:

aws ssm list-compliance-summaries

輸出:

{ "ComplianceSummaryItems": [ { "ComplianceType": "Association", "CompliantSummary": { "CompliantCount": 2, "SeveritySummary": { "CriticalCount": 0, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 2 } }, "NonCompliantSummary": { "NonCompliantCount": 0, "SeveritySummary": { "CriticalCount": 0, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 0 } } }, { "ComplianceType": "Patch", "CompliantSummary": { "CompliantCount": 1, "SeveritySummary": { "CriticalCount": 0, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 1 } }, "NonCompliantSummary": { "NonCompliantCount": 1, "SeveritySummary": { "CriticalCount": 1, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 0 } } }, ... ], "NextToken": "eyJOZXh0VG9rZW4iOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiOiAyfQ==" }

列出特定符合性類型的符合性摘要

此範例列出修補程式符合性類型的符合性摘要。

命令:

aws ssm list-compliance-summaries --filters "Key=ComplianceType,Values=Patch,Type=EQUAL"

下列程式碼範例會示範如何使用list-document-metadata-history

AWS CLI

範例:若要檢視變更樣版的核准歷史記錄與狀態

下列list-document-metadata-history範例會傳回指定變更管理員變更範本的核准記錄。

aws ssm list-document-metadata-history \ --name MyChangeManageTemplate \ --metadata DocumentReviews

輸出:

{ "Name": "MyChangeManagerTemplate", "DocumentVersion": "1", "Author": "arn:aws:iam::111222333444;:user/JohnDoe", "Metadata": { "ReviewerResponse": [ { "CreateTime": "2021-07-30T11:58:28.025000-07:00", "UpdatedTime": "2021-07-30T12:01:19.274000-07:00", "ReviewStatus": "APPROVED", "Comment": [ { "Type": "COMMENT", "Content": "I approve this template version" } ], "Reviewer": "arn:aws:iam::111222333444;:user/ShirleyRodriguez" }, { "CreateTime": "2021-07-30T11:58:28.025000-07:00", "UpdatedTime": "2021-07-30T11:58:28.025000-07:00", "ReviewStatus": "PENDING" } ] } }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的 < 檢閱與核准或拒絕變更範本 >。

下列程式碼範例會示範如何使用list-document-versions

AWS CLI

列出文件版本

下列list-document-versions範例會列出 Systems Manager 文件的所有版本。

aws ssm list-document-versions \ --name "Example"

輸出:

{ "DocumentVersions": [ { "Name": "Example", "DocumentVersion": "1", "CreatedDate": 1583257938.266, "IsDefaultVersion": true, "DocumentFormat": "YAML", "Status": "Active" } ] }

若要取得更多資訊,請參閱〈AWS Systems Manager 使用指南〉中的〈傳送使用文件版本參數的指〉。

下列程式碼範例會示範如何使用list-documents

AWS CLI

範例 1:列出文件

下列list-documents範例會列出要求帳戶所擁有的文件,並加上自訂標籤。

aws ssm list-documents \ --filters Key=Owner,Values=Self Key=tag:DocUse,Values=Testing

輸出:

{ "DocumentIdentifiers": [ { "Name": "Example", "Owner": "29884EXAMPLE", "PlatformTypes": [ "Windows", "Linux" ], "DocumentVersion": "1", "DocumentType": "Automation", "SchemaVersion": "0.3", "DocumentFormat": "YAML", "Tags": [ { "Key": "DocUse", "Value": "Testing" } ] } ] }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的AWS Systems Manager 文件

範例 2:列出共用文件

下列list-documents範例會列出共用文件,包括非擁有的私人共用文件 AWS。

aws ssm list-documents \ --filters Key=Name,Values=sharedDocNamePrefix Key=Owner,Values=Private

輸出:

{ "DocumentIdentifiers": [ { "Name": "Example", "Owner": "12345EXAMPLE", "PlatformTypes": [ "Windows", "Linux" ], "DocumentVersion": "1", "DocumentType": "Command", "SchemaVersion": "0.3", "DocumentFormat": "YAML", "Tags": [] } ] }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的AWS Systems Manager 文件

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考ListDocuments中的。

下列程式碼範例會示範如何使用list-inventory-entries

AWS CLI

範例 1:若要檢視執行環境的特定存貨型態項目

下列list-inventory-entries範例列出特定執行環境上:應用程式 AWS庫存類型的詳細目錄項目。

aws ssm list-inventory-entries \ --instance-id "i-1234567890abcdef0" \ --type-name "AWS:Application"

輸出:

{ "TypeName": "AWS:Application", "InstanceId": "i-1234567890abcdef0", "SchemaVersion": "1.1", "CaptureTime": "2019-02-15T12:17:55Z", "Entries": [ { "Architecture": "i386", "Name": "Amazon SSM Agent", "PackageId": "{88a60be2-89a1-4df8-812a-80863c2a2b68}", "Publisher": "Amazon Web Services", "Version": "2.3.274.0" }, { "Architecture": "x86_64", "InstalledTime": "2018-05-03T13:42:34Z", "Name": "AmazonCloudWatchAgent", "Publisher": "", "Version": "1.200442.0" } ] }

範例 2:若要檢視指派給執行環境的自訂庫存項目

下列list-inventory-entries範例會列出指派給執行個體的自訂詳細目錄項目。

aws ssm list-inventory-entries \ --instance-id "i-1234567890abcdef0" \ --type-name "Custom:RackInfo"

輸出:

{ "TypeName": "Custom:RackInfo", "InstanceId": "i-1234567890abcdef0", "SchemaVersion": "1.0", "CaptureTime": "2021-05-22T10:01:01Z", "Entries": [ { "RackLocation": "Bay B/Row C/Rack D/Shelf E" } ] }

下列程式碼範例會示範如何使用list-ops-item-related-items

AWS CLI

若要列出的相關項目資源 OpsItem

下列list-ops-item-related-items範例會列出的相關項目資源。 OpsItem

aws ssm list-ops-item-related-items \ --ops-item-id "oi-f99f2EXAMPLE"

輸出:

{ "Summaries": [ { "OpsItemId": "oi-f99f2EXAMPLE", "AssociationId": "e2036148-cccb-490e-ac2a-390e5EXAMPLE", "ResourceType": "AWS::SSMIncidents::IncidentRecord", "AssociationType": "IsParentOf", "ResourceUri": "arn:aws:ssm-incidents::111122223333:incident-record/example-response/64bd9b45-1d0e-2622-840d-03a87a1451fa", "CreatedBy": { "Arn": "arn:aws:sts::111122223333:assumed-role/AWSServiceRoleForIncidentManager/IncidentResponse" }, "CreatedTime": "2021-08-11T18:47:14.994000+00:00", "LastModifiedBy": { "Arn": "arn:aws:sts::111122223333:assumed-role/AWSServiceRoleForIncidentManager/IncidentResponse" }, "LastModifiedTime": "2021-08-11T18:47:14.994000+00:00" } ] }

如需詳細資訊,請參閱《AWS 系統管理員使用指南》 OpsCenter中的 < 處理事件管理員事件 >。

下列程式碼範例會示範如何使用list-resource-compliance-summaries

AWS CLI

若要列出資源層級符合性摘要計數

此範例列出資源層級符合性摘要計數。

命令:

aws ssm list-resource-compliance-summaries

輸出:

{ "ResourceComplianceSummaryItems": [ { "ComplianceType": "Association", "ResourceType": "ManagedInstance", "ResourceId": "i-1234567890abcdef0", "Status": "COMPLIANT", "OverallSeverity": "UNSPECIFIED", "ExecutionSummary": { "ExecutionTime": 1550509273.0 }, "CompliantSummary": { "CompliantCount": 2, "SeveritySummary": { "CriticalCount": 0, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 2 } }, "NonCompliantSummary": { "NonCompliantCount": 0, "SeveritySummary": { "CriticalCount": 0, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 0 } } }, { "ComplianceType": "Patch", "ResourceType": "ManagedInstance", "ResourceId": "i-9876543210abcdef0", "Status": "COMPLIANT", "OverallSeverity": "UNSPECIFIED", "ExecutionSummary": { "ExecutionTime": 1550248550.0, "ExecutionId": "7abb6378-a4a5-4f10-8312-0123456789ab", "ExecutionType": "Command" }, "CompliantSummary": { "CompliantCount": 397, "SeveritySummary": { "CriticalCount": 0, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 397 } }, "NonCompliantSummary": { "NonCompliantCount": 0, "SeveritySummary": { "CriticalCount": 0, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 0 } } } ], "NextToken": "--token string truncated--" }

若要列出特定符合性類型的資源層級符合性摘要

此範例列出修補程式符合性類型的資源層級符合性摘要。

命令:

aws ssm list-resource-compliance-summaries --filters "Key=ComplianceType,Values=Patch,Type=EQUAL"

下列程式碼範例會示範如何使用list-resource-data-sync

AWS CLI

列出您的資源資料同步配置

此範例會擷取有關資源資料同步配置的資訊。

aws ssm list-resource-data-sync

輸出:

{ "ResourceDataSyncItems": [ { "SyncName": "MyResourceDataSync", "S3Destination": { "BucketName": "ssm-resource-data-sync", "SyncFormat": "JsonSerDe", "Region": "us-east-1" }, "LastSyncTime": 1550261472.003, "LastSuccessfulSyncTime": 1550261472.003, "LastStatus": "Successful", "SyncCreatedTime": 1543235736.72, "LastSyncStatusMessage": "The sync was successfully completed" } ] }

下列程式碼範例會示範如何使用list-tags-for-resource

AWS CLI

列出套用至修補程式基準的標籤

下列list-tags-for-resource範例列出修補程式基準的標籤。

aws ssm list-tags-for-resource \ --resource-type "PatchBaseline" \ --resource-id "pb-0123456789abcdef0"

輸出:

{ "TagList": [ { "Key": "Environment", "Value": "Production" }, { "Key": "Region", "Value": "EMEA" } ] }

如需詳細資訊,請參閱AWS 一般參考中的標記 AWS 資源

下列程式碼範例會示範如何使用modify-document-permission

AWS CLI

修改文件權限

下列modify-document-permission範例會公開共用 Systems Manager 文件。

aws ssm modify-document-permission \ --name "Example" \ --permission-type "Share" \ --account-ids-to-add "All"

此命令不會產生輸出。

如需詳細資訊,請參閱「Systems Manager 使用指南」中的「共用AWS Systems Manager 文件」。

下列程式碼範例會示範如何使用put-compliance-items

AWS CLI

向指定的執行個體註冊符合性類型和符合性詳細資訊

此範例會將符合性類型註冊Custom:AVCheck到指定的代管執行個體。如果命令成功,則無輸出訊息。

命令:

aws ssm put-compliance-items --resource-id "i-1234567890abcdef0" --resource-type "ManagedInstance" --compliance-type "Custom:AVCheck" --execution-summary "ExecutionTime=2019-02-18T16:00:00Z" --items "Id=Version2.0,Title=ScanHost,Severity=CRITICAL,Status=COMPLIANT"

下列程式碼範例會示範如何使用put-inventory

AWS CLI

若要指派客戶中繼資料給執行個體

此範例會將機架位置資訊指派給執行個體。如果命令成功,則無輸出訊息。

命令:

aws ssm put-inventory --instance-id "i-016648b75dd622dab" --items '[{"TypeName": "Custom:RackInfo","SchemaVersion": "1.0","CaptureTime": "2019-01-22T10:01:01Z","Content":[{"RackLocation": "Bay B/Row C/Rack D/Shelf E"}]}]'

指令 (視窗):

aws ssm put-inventory --instance-id "i-016648b75dd622dab" --items "TypeName=Custom:RackInfo,SchemaVersion=1.0,CaptureTime=2019-01-22T10:01:01Z,Content=[{RackLocation='Bay B/Row C/Rack D/Shelf F'}]"
  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考PutInventory中的。

下列程式碼範例會示範如何使用put-parameter

AWS CLI

範例 1:變更參數值

下列put-parameter範例會變更指定參數的值。

aws ssm put-parameter \ --name "MyStringParameter" \ --type "String" \ --value "Vici" \ --overwrite

輸出:

{ "Version": 2, "Tier": "Standard" }

如需詳細資訊,請參閱「Systems Manager 使用者指南」中的「建立系統管理員參數 (AWS CLI)」、「管理參數層 < https://docs.aws.amazon.com/systems-manager/latest/userguide/ parameter-store-advanced-parameters .html>`__」和「使用參數原則」。AWS

範例 2:建立進階參數

下列put-parameter範例會建立進階參數。

aws ssm put-parameter \ --name "MyAdvancedParameter" \ --description "This is an advanced parameter" \ --value "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat [truncated]" \ --type "String" \ --tier Advanced

輸出:

{ "Version": 1, "Tier": "Advanced" }

如需詳細資訊,請參閱「Systems Manager 使用者指南」中的「建立系統管理員參數 (AWS CLI)」、「管理參數層 < https://docs.aws.amazon.com/systems-manager/latest/userguide/ parameter-store-advanced-parameters .html>`__」和「使用參數原則」。AWS

範例 3:將標準參數轉換為進階參數

下列put-parameter範例會將現有的標準參數轉換為進階參數。

aws ssm put-parameter \ --name "MyConvertedParameter" \ --value "abc123" \ --type "String" \ --tier Advanced \ --overwrite

輸出:

{ "Version": 2, "Tier": "Advanced" }

如需詳細資訊,請參閱「Systems Manager 使用者指南」中的「建立系統管理員參數 (AWS CLI)」、「管理參數層 < https://docs.aws.amazon.com/systems-manager/latest/userguide/ parameter-store-advanced-parameters .html>`__」和「使用參數原則」。AWS

範例 4:建立附加原則的參數

下列put-parameter範例會建立附加參數原則的進階參數。

aws ssm put-parameter \ --name "/Finance/Payroll/q2accesskey" \ --value "P@sSwW)rd" \ --type "SecureString" \ --tier Advanced \ --policies "[{\"Type\":\"Expiration\",\"Version\":\"1.0\",\"Attributes\":{\"Timestamp\":\"2020-06-30T00:00:00.000Z\"}},{\"Type\":\"ExpirationNotification\",\"Version\":\"1.0\",\"Attributes\":{\"Before\":\"5\",\"Unit\":\"Days\"}},{\"Type\":\"NoChangeNotification\",\"Version\":\"1.0\",\"Attributes\":{\"After\":\"60\",\"Unit\":\"Days\"}}]"

輸出:

{ "Version": 1, "Tier": "Advanced" }

如需詳細資訊,請參閱「Systems Manager 使用者指南」中的「建立系統管理員參數 (AWS CLI)」、「管理參數層 < https://docs.aws.amazon.com/systems-manager/latest/userguide/ parameter-store-advanced-parameters .html>`__」和「使用參數原則」。AWS

範例 5:將原則新增至現有參數

下列put-parameter範例會將原則附加至現有的進階參數。

aws ssm put-parameter \ --name "/Finance/Payroll/q2accesskey" \ --value "N3wP@sSwW)rd" \ --type "SecureString" \ --tier Advanced \ --policies "[{\"Type\":\"Expiration\",\"Version\":\"1.0\",\"Attributes\":{\"Timestamp\":\"2020-06-30T00:00:00.000Z\"}},{\"Type\":\"ExpirationNotification\",\"Version\":\"1.0\",\"Attributes\":{\"Before\":\"5\",\"Unit\":\"Days\"}},{\"Type\":\"NoChangeNotification\",\"Version\":\"1.0\",\"Attributes\":{\"After\":\"60\",\"Unit\":\"Days\"}}]" --overwrite

輸出:

{ "Version": 2, "Tier": "Advanced" }

如需詳細資訊,請參閱「Systems Manager 使用者指南」中的「建立系統管理員參數 (AWS CLI)」、「管理參數層 < https://docs.aws.amazon.com/systems-manager/latest/userguide/ parameter-store-advanced-parameters .html>`__」和「使用參數原則」。AWS

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考PutParameter中的。

下列程式碼範例會示範如何使用register-default-patch-baseline

AWS CLI

設定預設修補程式基準

下列register-default-patch-baseline範例會將指定的自訂修補程式基準註冊為其支援之作業系統類型的預設修補程式基準。

aws ssm register-default-patch-baseline \ --baseline-id "pb-abc123cf9bEXAMPLE"

輸出:

{ "BaselineId":"pb-abc123cf9bEXAMPLE" }

下列register-default-patch-baseline範例會將 CentOS 提供的預設修補程式基準註冊為預設修補程式基準。 AWS

aws ssm register-default-patch-baseline \ --baseline-id "arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed"

輸出:

{ "BaselineId":"pb-abc123cf9bEXAMPLE" }

如需詳細資訊,請參閱 AWS Systems Manager 使用者指南中的關於預先定義和自訂修補程式基準

下列程式碼範例會示範如何使用register-patch-baseline-for-patch-group

AWS CLI

註冊修補程式群組的修補程式基準

下列register-patch-baseline-for-patch-group範例會註冊修補程式群組的修補程式基準。

aws ssm register-patch-baseline-for-patch-group \ --baseline-id "pb-045f10b4f382baeda" \ --patch-group "Production"

輸出:

{ "BaselineId": "pb-045f10b4f382baeda", "PatchGroup": "Production" }

如需詳細資訊,請參閱《AWS Systems Manager 理員使用指南》中的建立修補程式群組 < https://docs.aws.amazon.com/systems-manager/latest/userguide/ sysman-patch-group-tagging .html>__ 和將修補程式群組新增至修補程式基準

下列程式碼範例會示範如何使用register-target-with-maintenance-window

AWS CLI

範例 1:在維護時段中註冊單一目標

下列register-target-with-maintenance-window範例會在維護時段中註冊執行個體。

aws ssm register-target-with-maintenance-window \ --window-id "mw-ab12cd34ef56gh78" \ --target "Key=InstanceIds,Values=i-0000293ffd8c57862" \ --owner-information "Single instance" \ --resource-type "INSTANCE"

輸出:

{ "WindowTargetId":"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d-1a2" }

範例 2:使用執行個體 ID 在維護時段中註冊多個目標

下列register-target-with-maintenance-window範例會指定兩個執行個體 ID,以維護時段註冊兩個執行個體。

aws ssm register-target-with-maintenance-window \ --window-id "mw-ab12cd34ef56gh78" \ --target "Key=InstanceIds,Values=i-0000293ffd8c57862,i-0cb2b964d3e14fd9f" \ --owner-information "Two instances in a list" \ --resource-type "INSTANCE"

輸出:

{ "WindowTargetId":"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d-1a2" }

範例 3:使用資源標記將目標註冊至維護時段

下列register-target-with-maintenance-window範例會指定已套用至執行處理的資源標記,以維護時段註冊執行處理。

aws ssm register-target-with-maintenance-window \ --window-id "mw-06cf17cbefcb4bf4f" \ --targets "Key=tag:Environment,Values=Prod" "Key=Role,Values=Web" \ --owner-information "Production Web Servers" \ --resource-type "INSTANCE"

輸出:

{ "WindowTargetId":"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d-1a2" }

範例 4:使用一組標籤鍵註冊目標

下列register-target-with-maintenance-window範例會註冊全部具有指派一或多個標籤鍵的執行個體,而不論其索引鍵值為何。

aws ssm register-target-with-maintenance-window \ --window-id "mw-0c50858d01EXAMPLE" \ --resource-type "INSTANCE" \ --target "Key=tag-key,Values=Name,Instance-Type,CostCenter"

輸出:

{ "WindowTargetId":"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d-1a2" }

範例 5:使用資源群組名稱註冊目標

下列register-target-with-maintenance-window範例會註冊指定的資源群組,不論其包含的資源類型為何。

aws ssm register-target-with-maintenance-window \ --window-id "mw-0c50858d01EXAMPLE" \ --resource-type "RESOURCE_GROUP" \ --target "Key=resource-groups:Name,Values=MyResourceGroup"

輸出:

{ "WindowTargetId":"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d-1a2" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的使用維護時段 (AWS CLI) 註冊目標執行個體。

下列程式碼範例會示範如何使用register-task-with-maintenance-window

AWS CLI

範例 1:在維護時段中註冊自動化工作

下列register-task-with-maintenance-window範例會使用以執行個體為目標的維護時段來註冊「自動化」工作。

aws ssm register-task-with-maintenance-window \ --window-id "mw-082dcd7649EXAMPLE" \ --targets Key=InstanceIds,Values=i-1234520122EXAMPLE \ --task-arn AWS-RestartEC2Instance \ --service-role-arn arn:aws:iam::111222333444:role/SSM --task-type AUTOMATION \ --task-invocation-parameters "{\"Automation\":{\"DocumentVersion\":\"\$LATEST\",\"Parameters\":{\"InstanceId\":[\"{{RESOURCE_ID}}\"]}}}" \ --priority 0 \ --max-concurrency 1 \ --max-errors 1 \ --name "AutomationExample" \ --description "Restarting EC2 Instance for maintenance"

輸出:

{ "WindowTaskId":"11144444-5555-6666-7777-88888888" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的使用維護視窗 (AWS CLI) 註冊工作。

範例 2:若要在維護時段中註冊 Lambda 工作

下列register-task-with-maintenance-window範例會在執行個體鎖定的維護時段中註冊 Lambda 工作。

aws ssm register-task-with-maintenance-window \ --window-id "mw-082dcd7649dee04e4" \ --targets Key=InstanceIds,Values=i-12344d305eEXAMPLE \ --task-arn arn:aws:lambda:us-east-1:111222333444:function:SSMTestLAMBDA \ --service-role-arn arn:aws:iam::111222333444:role/SSM \ --task-type LAMBDA \ --task-invocation-parameters '{"Lambda":{"Payload":"{\"InstanceId\":\"{{RESOURCE_ID}}\",\"targetType\":\"{{TARGET_TYPE}}\"}","Qualifier":"$LATEST"}}' \ --priority 0 \ --max-concurrency 10 \ --max-errors 5 \ --name "Lambda_Example" \ --description "My Lambda Example"

輸出:

{ "WindowTaskId":"22244444-5555-6666-7777-88888888" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的使用維護視窗 (AWS CLI) 註冊工作。

範例 3:在維護視窗中註冊執行命令工作

下列register-task-with-maintenance-window範例會以執行個體為目標的維護時段,註冊執行命令工作。

aws ssm register-task-with-maintenance-window \ --window-id "mw-082dcd7649dee04e4" \ --targets "Key=InstanceIds,Values=i-12344d305eEXAMPLE" \ --service-role-arn "arn:aws:iam::111222333444:role/SSM" \ --task-type "RUN_COMMAND" \ --name "SSMInstallPowerShellModule" \ --task-arn "AWS-InstallPowerShellModule" \ --task-invocation-parameters "{\"RunCommand\":{\"Comment\":\"\",\"OutputS3BucketName\":\"runcommandlogs\",\"Parameters\":{\"commands\":[\"Get-Module -ListAvailable\"],\"executionTimeout\":[\"3600\"],\"source\":[\"https:\/\/gallery.technet.microsoft.com\/EZOut-33ae0fb7\/file\/110351\/1\/EZOut.zip\"],\"workingDirectory\":[\"\\\\\"]},\"TimeoutSeconds\":600}}" \ --max-concurrency 1 \ --max-errors 1 \ --priority 10

輸出:

{ "WindowTaskId":"33344444-5555-6666-7777-88888888" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的使用維護視窗 (AWS CLI) 註冊工作。

範例 4:將「Step Functions」作業註冊至維護時段

下列register-task-with-maintenance-window範例會使用以執行個體為目標的維護時段來註冊 Step Functions 工作。

aws ssm register-task-with-maintenance-window \ --window-id "mw-1234d787d6EXAMPLE" \ --targets Key=WindowTargetIds,Values=12347414-69c3-49f8-95b8-ed2dcEXAMPLE \ --task-arn arn:aws:states:us-east-1:111222333444:stateMachine:SSMTestStateMachine \ --service-role-arn arn:aws:iam::111222333444:role/MaintenanceWindows \ --task-type STEP_FUNCTIONS \ --task-invocation-parameters '{"StepFunctions":{"Input":"{\"InstanceId\":\"{{RESOURCE_ID}}\"}"}}' \ --priority 0 \ --max-concurrency 10 \ --max-errors 5 \ --name "Step_Functions_Example" \ --description "My Step Functions Example"

輸出:

{ "WindowTaskId":"44444444-5555-6666-7777-88888888" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的使用維護視窗 (AWS CLI) 註冊工作。

範例 5:使用維護時段目標識別碼註冊工作

下列register-task-with-maintenance-window範例會使用維護時段目標 ID 來註冊工作。維護時段目標 ID 位於命aws ssm register-target-with-maintenance-window令的輸出中。您也可以從aws ssm describe-maintenance-window-targets命令的輸出中檢索它。

aws ssm register-task-with-maintenance-window \ --targets "Key=WindowTargetIds,Values=350d44e6-28cc-44e2-951f-4b2c9EXAMPLE" \ --task-arn "AWS-RunShellScript" \ --service-role-arn "arn:aws:iam::111222333444:role/MaintenanceWindowsRole" \ --window-id "mw-ab12cd34eEXAMPLE" \ --task-type "RUN_COMMAND" \ --task-parameters "{\"commands\":{\"Values\":[\"df\"]}}" \ --max-concurrency 1 \ --max-errors 1 \ --priority 10

輸出:

{ "WindowTaskId":"33344444-5555-6666-7777-88888888" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的使用維護視窗 (AWS CLI) 註冊工作。

下列程式碼範例會示範如何使用remove-tags-from-resource

AWS CLI

從修補程式基準移除標籤

下列remove-tags-from-resource範例會從修補程式基準移除標籤。

aws ssm remove-tags-from-resource \ --resource-type "PatchBaseline" \ --resource-id "pb-0123456789abcdef0" \ --tag-keys "Region"

此命令不會產生輸出。

如需詳細資訊,請參閱AWS 一般參考中的標記 AWS 資源

下列程式碼範例會示範如何使用reset-service-setting

AWS CLI

重設參數存放區輸送量的服務設定

下列reset-service-setting範例會將指定區域中參數存放區輸送量的服務設定重設為不再使用增加的輸送量。

aws ssm reset-service-setting \ --setting-id arn:aws:ssm:us-east-1:123456789012:servicesetting/ssm/parameter-store/high-throughput-enabled

輸出:

{ "ServiceSetting": { "SettingId": "/ssm/parameter-store/high-throughput-enabled", "SettingValue": "false", "LastModifiedDate": 1555532818.578, "LastModifiedUser": "System", "ARN": "arn:aws:ssm:us-east-1:123456789012:servicesetting/ssm/parameter-store/high-throughput-enabled", "Status": "Default" } }

有關詳情,請參閱《AWS Systems Manager 使用指南》中的〈增加參數存放區輸送量

下列程式碼範例會示範如何使用resume-session

AWS CLI

繼續階段作業管理員階段作業

resume-session範例會在中斷連線後繼續執行個體的工作階段管理員工作階段。請注意,此互動式命令需要在進行呼叫的用戶端電腦上安裝工作階段管理員外掛程式。

aws ssm resume-session \ --session-id Mary-Major-07a16060613c408b5

輸出:

{ "SessionId": "Mary-Major-07a16060613c408b5", "TokenValue": "AAEAAVbTGsaOnyvcUoNGqifbv5r/8lgxuQljCuY8qVcvOnoBAAAAAFxtd3jIXAFUUXGTJ7zF/AWJPwDviOlF5p3dlAgrqVIVO6IEXhkHLz0/1gXKRKEME71E6TLOplLDJAMZ+kREejkZu4c5AxMkrQjMF+gtHP1bYJKTwtHQd1wjulPLexO8SHl7g5R/wekrj6WsDUpnEegFBfGftpAIz2GXQVfTJXKfkc5qepQ11C11DOIT2dozOqXgHwfQHfAKLErM5dWDZqKwyT1Z3iw7unQdm3p5qsbrugiOZ7CRANTE+ihfGa6MEJJ97Jmat/a2TspEnOjNn9Mvu5iwXIW2yCvWZrGUj+/QI5Xr7s1XJBEnSKR54o4fN0GV9RWl0RZsZm1m1ki0JJtiwwgZ", "StreamUrl": "wss://ssmmessages.us-east-2.amazonaws.com/v1/data-channel/Mary-Major-07a16060613c408b5?role=publish_subscribe" }

如需詳細資訊,請參閱《AWS 系統管理員使用指南》中的 AWS CLI 安裝工作階段管理員外掛程式

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考ResumeSession中的。

下列程式碼範例會示範如何使用send-automation-signal

AWS CLI

若要將訊號傳送至自動化執行

下列send-automation-signal範例會將「核准」訊號傳送至「自動化」執行。

aws ssm send-automation-signal \ --automation-execution-id 73c8eef8-f4ee-4a05-820c-e354fEXAMPLE \ --signal-type "Approve"

此命令不會產生輸出。

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》的以核准人執行自動化工作流程

下列程式碼範例會示範如何使用send-command

AWS CLI

範例 1:若要在一或多個遠端執行個體上執行指令

下列send-command範例會在目標執行個體上執行echo命令。

aws ssm send-command \ --document-name "AWS-RunShellScript" \ --parameters 'commands=["echo HelloWorld"]' \ --targets "Key=instanceids,Values=i-1234567890abcdef0" \ --comment "echo HelloWorld"

輸出:

{ "Command": { "CommandId": "92853adf-ba41-4cd6-9a88-142d1EXAMPLE", "DocumentName": "AWS-RunShellScript", "DocumentVersion": "", "Comment": "echo HelloWorld", "ExpiresAfter": 1550181014.717, "Parameters": { "commands": [ "echo HelloWorld" ] }, "InstanceIds": [ "i-0f00f008a2dcbefe2" ], "Targets": [], "RequestedDateTime": 1550173814.717, "Status": "Pending", "StatusDetails": "Pending", "OutputS3BucketName": "", "OutputS3KeyPrefix": "", "MaxConcurrency": "50", "MaxErrors": "0", "TargetCount": 1, "CompletedCount": 0, "ErrorCount": 0, "DeliveryTimedOutCount": 0, "ServiceRole": "", "NotificationConfig": { "NotificationArn": "", "NotificationEvents": [], "NotificationType": "" }, "CloudWatchOutputConfig": { "CloudWatchLogGroupName": "", "CloudWatchOutputEnabled": false } } }

若要取得更多資訊,請參閱《Systems Manager 使用指南》中的〈使用 AWS Systems Manager 執行指〉執

範例 2:取得執行個體的 IP 資訊

下列send-command範例會擷取執行個體的 IP 資訊。

aws ssm send-command \ --instance-ids "i-1234567890abcdef0" \ --document-name "AWS-RunShellScript" \ --comment "IP config" \ --parameters "commands=ifconfig"

如需範例輸出,請參閱範例 1。

若要取得更多資訊,請參閱《Systems Manager 使用指南》中的〈使用 AWS Systems Manager 執行指〉執

範例 3:若要在具有特定標籤的執行個體上執行指令

下列send-command範例會在具有標籤索引鍵「ENV」和值「Dev」的執行個體上執行命令。

aws ssm send-command \ --targets "Key=tag:ENV,Values=Dev" \ --document-name "AWS-RunShellScript" \ --parameters "commands=ifconfig"

如需範例輸出,請參閱範例 1。

若要取得更多資訊,請參閱《Systems Manager 使用指南》中的〈使用 AWS Systems Manager 執行指〉執

範例 4:執行傳送 SNS 通知的命令

下列send-command範例會執行傳送所有通知事件和通知類型的 SNS Command 通知的命令。

aws ssm send-command \ --instance-ids "i-1234567890abcdef0" \ --document-name "AWS-RunShellScript" \ --comment "IP config" \ --parameters "commands=ifconfig" \ --service-role-arn "arn:aws:iam::123456789012:role/SNS_Role" \ --notification-config "NotificationArn=arn:aws:sns:us-east-1:123456789012:SNSTopicName,NotificationEvents=All,NotificationType=Command"

如需範例輸出,請參閱範例 1。

若要取得更多資訊,請參閱《Systems Manager 使用指南》中的〈使用 AWS Systems Manager 執行指〉執

範例 5:執行輸出至 S3 和的命令 CloudWatch

下列send-command範例會執行將命令詳細資訊輸出至 S3 儲存貯體和 CloudWatch 記錄日誌群組的命令。

aws ssm send-command \ --instance-ids "i-1234567890abcdef0" \ --document-name "AWS-RunShellScript" \ --comment "IP config" \ --parameters "commands=ifconfig" \ --output-s3-bucket-name "s3-bucket-name" \ --output-s3-key-prefix "runcommand" \ --cloud-watch-output-config "CloudWatchOutputEnabled=true,CloudWatchLogGroupName=CWLGroupName"

如需範例輸出,請參閱範例 1。

若要取得更多資訊,請參閱《Systems Manager 使用指南》中的〈使用 AWS Systems Manager 執行指〉執

範例 6:若要在具有不同標籤的多個執行個體上執行指令

下列send-command範例會在具有兩個不同標籤鍵和值的執行個體上執行命令。

aws ssm send-command \ --document-name "AWS-RunPowerShellScript" \ --parameters commands=["echo helloWorld"] \ --targets Key=tag:Env,Values=Dev Key=tag:Role,Values=WebServers

如需範例輸出,請參閱範例 1。

若要取得更多資訊,請參閱《Systems Manager 使用指南》中的〈使用 AWS Systems Manager 執行指〉執

範例 7:使用相同標籤鍵定位多個執行個體

下列send-command範例會針對具有相同標籤鍵但值不同的執行個體執行命令。

aws ssm send-command \ --document-name "AWS-RunPowerShellScript" \ --parameters commands=["echo helloWorld"] \ --targets Key=tag:Env,Values=Dev,Test

如需範例輸出,請參閱範例 1。

若要取得更多資訊,請參閱《Systems Manager 使用指南》中的〈使用 AWS Systems Manager 執行指〉執

範例 8:若要執行使用共用文件的命令

下列send-command範例會在目標執行個體上執行共用文件。

aws ssm send-command \ --document-name "arn:aws:ssm:us-east-1:123456789012:document/ExampleDocument" \ --targets "Key=instanceids,Values=i-1234567890abcdef0"

如需範例輸出,請參閱範例 1。

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的使用共用 SSM 文件

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考SendCommand中的。

下列程式碼範例會示範如何使用start-associations-once

AWS CLI

若要立即且只執行一次關聯

下列start-associations-once範例會立即執行指定的關聯,且只執行一次。如果命令成功,則無輸出訊息。

aws ssm start-associations-once \ --association-id "8dfe3659-4309-493a-8755-0123456789ab"

此命令不會產生輸出。

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的檢視關聯歷程記錄。

下列程式碼範例會示範如何使用start-automation-execution

AWS CLI

範例 1:執行自動化文件

下列start-automation-execution範例會執行自動化文件。

aws ssm start-automation-execution \ --document-name "AWS-UpdateLinuxAmi" \ --parameters "AutomationAssumeRole=arn:aws:iam::123456789012:role/SSMAutomationRole,SourceAmiId=ami-EXAMPLE,IamInstanceProfileName=EC2InstanceRole"

輸出:

{ "AutomationExecutionId": "4105a4fc-f944-11e6-9d32-0a1b2EXAMPLE" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的手動執行自動化工作流程

範例 2:若要執行共用的自動化文件

下列start-automation-execution範例會執行共用的自動化文件。

aws ssm start-automation-execution \ --document-name "arn:aws:ssm:us-east-1:123456789012:document/ExampleDocument"

輸出:

{ "AutomationExecutionId": "4105a4fc-f944-11e6-9d32-0a1b2EXAMPLE" }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的使用共用 SSM 文件

下列程式碼範例會示範如何使用start-change-request-execution

AWS CLI

範例 1:啟動變更請求

下列start-change-request-execution範例會以指定的最少選項啟動變更請求。

aws ssm start-change-request-execution \ --change-request-name MyChangeRequest \ --document-name AWS-HelloWorldChangeTemplate \ --runbooks '[{"DocumentName": "AWS-HelloWorld","Parameters": {"AutomationAssumeRole": ["arn:aws:iam:us-east-2:1112223233444:role/MyChangeManagerAssumeRole"]}}]' \ --parameters Approver="JohnDoe",ApproverType="IamUser",ApproverSnsTopicArn="arn:aws:sns:us-east-2:1112223233444:MyNotificationTopic"

輸出:

{ "AutomationExecutionId": "9d32a4fc-f944-11e6-4105-0a1b2EXAMPLE" }

範例 2:使用外部 JSON 檔案啟動變更請求

下列start-automation-execution範例會以 JSON 檔案中指定的多個選項來啟動變更請求。

aws ssm start-change-request-execution \ --cli-input-json file://MyChangeRequest.json

MyChangeRequest.json 的內容:

{ "ChangeRequestName": "MyChangeRequest", "DocumentName": "AWS-HelloWorldChangeTemplate", "DocumentVersion": "$DEFAULT", "ScheduledTime": "2021-12-30T03:00:00", "ScheduledEndTime": "2021-12-30T03:05:00", "Tags": [ { "Key": "Purpose", "Value": "Testing" } ], "Parameters": { "Approver": [ "JohnDoe" ], "ApproverType": [ "IamUser" ], "ApproverSnsTopicArn": [ "arn:aws:sns:us-east-2:111222333444;:MyNotificationTopic ] }, "Runbooks": [ { "DocumentName": "AWS-HelloWorld", "DocumentVersion": "1", "MaxConcurrency": "1", "MaxErrors": "1", "Parameters": { "AutomationAssumeRole": [ "arn:aws:iam::111222333444:role/MyChangeManagerAssumeRole" ] } } ], "ChangeDetails": "### Document Name: HelloWorldChangeTemplate\n\n## What does this document do?\nThis change template demonstrates the feature set available for creating change templates for Change Manager. This template starts a Runbook workflow for the Automation document called AWS-HelloWorld.\n\n## Input Parameters\n* ApproverSnsTopicArn: (Required) Amazon Simple Notification Service ARN for approvers.\n* Approver: (Required) The name of the approver to send this request to.\n* ApproverType: (Required) The type of reviewer.\n * Allowed Values: IamUser, IamGroup, IamRole, SSOGroup, SSOUser\n\n## Output Parameters\nThis document has no outputs \n" }

輸出:

{ "AutomationExecutionId": "9d32a4fc-f944-11e6-4105-0a1b2EXAMPLE" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的建立變更請求

下列程式碼範例會示範如何使用start-session

AWS CLI

範例 1:啟動階段作業管理員階段作業

start-session範例會建立與工作階段管理員工作階段執行個體的連線。請注意,此互動式命令需要在進行呼叫的用戶端電腦上安裝工作階段管理員外掛程式。

aws ssm start-session \ --target "i-1234567890abcdef0"

輸出:

Starting session with SessionId: Jane-Roe-07a16060613c408b5

範例 2:若要使用 SSH 啟動工作階段管理員工作階段

start-session範例會使用 SSH 建立工作階段管理員工作階段的執行個體連線。請注意,此互動式命令需要在進行呼叫的用戶端機器上安裝工作階段管理員外掛程式,並且該命令使用執行個體上的預設使用者,例如ec2-user適用於 Linux 的 EC2 執行個體。

ssh -i /path/my-key-pair.pem ec2-user@i-02573cafcfEXAMPLE

輸出:

Starting session with SessionId: ec2-user-07a16060613c408b5

如需詳細資訊,請參閱系統管理員使用指南中的啟動工作階段和安裝 AWS CLI 的工作階段AWS Systems Manager 外掛程式

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考StartSession中的。

下列程式碼範例會示範如何使用stop-automation-execution

AWS CLI

若要停止自動化執行

下列stop-automation-execution範例會停止自動化文件。

aws ssm stop-automation-execution --automation-execution-id "4105a4fc-f944-11e6-9d32-0a1b2EXAMPLE"

此命令不會產生輸出。

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的手動執行自動化工作流程

下列程式碼範例會示範如何使用terminate-session

AWS CLI

結束階段作業管理員階段作業

terminate-session範例會永久結束使用者「Shirley-Rodriguez」所建立的工作階段,並關閉工作階段管理員用戶端與執行個體上的 SSM 代理程式之間的資料連線。

aws ssm terminate-session \ --session-id "Shirley-Rodriguez-07a16060613c408b5"

輸出:

{ "SessionId": "Shirley-Rodriguez-07a16060613c408b5" }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的終止工作階段

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考TerminateSession中的。

下列程式碼範例會示範如何使用unlabel-parameter-version

AWS CLI

刪除參數標示的步驟

下列unlabel-parameter-version範例會從指定的參數版本中刪除指定的標籤。

aws ssm unlabel-parameter-version \ --name "parameterName" \ --parameter-version "version" \ --labels "label_1" "label_2" "label_3"

輸出:

{ "RemovedLabels": [ "label_1" "label_2" "label_3" ], "InvalidLabels": [] }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的刪除參數標籤 (AWS CLI)

下列程式碼範例會示範如何使用update-association-status

AWS CLI

若要更新關聯狀態

下列update-association-status範例會更新實例與文件之間關聯的關聯狀態。

aws ssm update-association-status \ --name "AWS-UpdateSSMAgent" \ --instance-id "i-1234567890abcdef0" \ --association-status "Date=1424421071.939,Name=Pending,Message=temp_status_change,AdditionalInfo=Additional-Config-Needed"

輸出:

{ "AssociationDescription": { "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-1234567890abcdef0", "AssociationVersion": "1", "Date": 1550507529.604, "LastUpdateAssociationDate": 1550507806.974, "Status": { "Date": 1424421071.0, "Name": "Pending", "Message": "temp_status_change", "AdditionalInfo": "Additional-Config-Needed" }, "Overview": { "Status": "Success", "AssociationStatusAggregatedCount": { "Success": 1 } }, "DocumentVersion": "$DEFAULT", "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "Targets": [ { "Key": "InstanceIds", "Values": [ "i-1234567890abcdef0" ] } ], "LastExecutionDate": 1550507808.0, "LastSuccessfulExecutionDate": 1550507808.0 } }

如需詳細資訊,請參閱《Systems Manager 理員使用指南》中的〈AWS Systems Manager〉中的使用關聯

下列程式碼範例會示範如何使用update-association

AWS CLI

範例 1:更新文件關聯

下列update-association範例會更新與新文件版本的關聯。

aws ssm update-association \ --association-id "8dfe3659-4309-493a-8755-0123456789ab" \ --document-version "\$LATEST"

輸出:

{ "AssociationDescription": { "Name": "AWS-UpdateSSMAgent", "AssociationVersion": "2", "Date": 1550508093.293, "LastUpdateAssociationDate": 1550508106.596, "Overview": { "Status": "Pending", "DetailedStatus": "Creating" }, "DocumentVersion": "$LATEST", "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "Targets": [ { "Key": "tag:Name", "Values": [ "Linux" ] } ], "LastExecutionDate": 1550508094.879, "LastSuccessfulExecutionDate": 1550508094.879 } }

若要取得更多資訊,請參閱《AWS Systems Manager 使用指南》中的〈編輯和建立關聯的新版本

範例 2:更新關聯的排程表示式

下列update-association範例會更新指定關聯的排程運算式。

aws ssm update-association \ --association-id "8dfe3659-4309-493a-8755-0123456789ab" \ --schedule-expression "cron(0 0 0/4 1/1 * ? *)"

輸出:

{ "AssociationDescription": { "Name": "AWS-HelloWorld", "AssociationVersion": "2", "Date": "2021-02-08T13:54:19.203000-08:00", "LastUpdateAssociationDate": "2021-06-29T11:51:07.933000-07:00", "Overview": { "Status": "Pending", "DetailedStatus": "Creating" }, "DocumentVersion": "$DEFAULT", "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "Targets": [ { "Key": "aws:NoOpAutomationTag", "Values": [ "AWS-NoOpAutomationTarget-Value" ] } ], "ScheduleExpression": "cron(0 0 0/4 1/1 * ? *)", "LastExecutionDate": "2021-06-26T19:00:48.110000-07:00", "ApplyOnlyAtCronInterval": false } }

若要取得更多資訊,請參閱《AWS Systems Manager 使用指南》中的〈編輯和建立關聯的新版本

下列程式碼範例會示範如何使用update-document-default-version

AWS CLI

更新文件預設版本的步驟

下列update-document-default-version範例會更新系 Systems Manager 文件的預設版本。

aws ssm update-document-default-version \ --name "Example" \ --document-version "2"

輸出:

{ "Description": { "Name": "Example", "DefaultVersion": "2" } }

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的〈撰寫 SSM 文件內容〉。

下列程式碼範例會示範如何使用update-document-metadata

AWS CLI

範例:若要核准變更範本的最新版本

以下內容update-document-metadata提供已提交審核之最新版變更範本的核准。

aws ssm update-document-metadata \ --name MyChangeManagerTemplate \ --document-reviews 'Action=Approve,Comment=[{Type=Comment,Content=Approved!}]'

此命令不會產生輸出。

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》中的 < 檢閱與核准或拒絕變更範本 >。

下列程式碼範例會示範如何使用update-document

AWS CLI

若要建立文件的新版本

下列update-document範例會在 Windows 電腦上執行時建立文件的新版本。指定的文件--document必須為 JSON 格式。請注意,file://必須在後面加上內容檔案的路徑參考。因為$--document-version參數的開頭,在 Windows 上,您必須用雙引號括住值。在 Linux、MacOS 或出現提 PowerShell 示時,您必須以單引號括住該值。

視窗版本

aws ssm update-document \ --name "RunShellScript" \ --content "file://RunShellScript.json" \ --document-version "$LATEST"

Linux/Mac 版本:

aws ssm update-document \ --name "RunShellScript" \ --content "file://RunShellScript.json" \ --document-version '$LATEST'

輸出:

{ "DocumentDescription": { "Status": "Updating", "Hash": "f775e5df4904c6fa46686c4722fae9de1950dace25cd9608ff8d622046b68d9b", "Name": "RunShellScript", "Parameters": [ { "Type": "StringList", "Name": "commands", "Description": "(Required) Specify a shell script or a command to run." } ], "DocumentType": "Command", "PlatformTypes": [ "Linux" ], "DocumentVersion": "2", "HashType": "Sha256", "CreatedDate": 1487899655.152, "Owner": "809632081692", "SchemaVersion": "2.0", "DefaultVersion": "1", "LatestVersion": "2", "Description": "Run an updated script" } }
  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考UpdateDocument中的。

下列程式碼範例會示範如何使用update-maintenance-window-target

AWS CLI

更新維護時段目標

下列update-maintenance-window-target範例只會更新維護時段目標的名稱。

aws ssm update-maintenance-window-target \ --window-id "mw-0c5ed765acEXAMPLE" \ --window-target-id "57e8344e-fe64-4023-8191-6bf05EXAMPLE" \ --name "NewName" \ --no-replace

輸出:

{ "Description": "", "OwnerInformation": "", "WindowTargetId": "57e8344e-fe64-4023-8191-6bf05EXAMPLE", "WindowId": "mw-0c5ed765acEXAMPLE", "Targets": [ { "Values": [ "i-1234567890EXAMPLE" ], "Key": "InstanceIds" } ], "Name": "NewName" }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的更新維護時段 (AWS CLI)

下列程式碼範例會示範如何使用update-maintenance-window-task

AWS CLI

若要更新維護時段作業

下列update-maintenance-window-task範例會更新維護時段作業的服務角色。

aws ssm update-maintenance-window-task \ --window-id "mw-0c5ed765acEXAMPLE" \ --window-task-id "23d3809e-9fbe-4ddf-b41a-b49d7EXAMPLE" \ --service-role-arn "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM"

輸出:

{ "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "MaxErrors": "1", "TaskArn": "AWS-UpdateEC2Config", "MaxConcurrency": "1", "WindowTaskId": "23d3809e-9fbe-4ddf-b41a-b49d7EXAMPLE", "TaskParameters": {}, "Priority": 1, "TaskInvocationParameters": { "RunCommand": { "TimeoutSeconds": 600, "Parameters": { "allowDowngrade": [ "false" ] } } }, "WindowId": "mw-0c5ed765acEXAMPLE", "Description": "UpdateEC2Config", "Targets": [ { "Values": [ "57e8344e-fe64-4023-8191-6bf05EXAMPLE" ], "Key": "WindowTargetIds" } ], "Name": "UpdateEC2Config" }

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的更新維護時段 (AWS CLI)

下列程式碼範例會示範如何使用update-maintenance-window

AWS CLI

範例 1:更新維護時段

下列update-maintenance-window範例會更新維護時段的名稱。

aws ssm update-maintenance-window \ --window-id "mw-1a2b3c4d5e6f7g8h9" \ --name "My-Renamed-MW"

輸出:

{ "Cutoff": 1, "Name": "My-Renamed-MW", "Schedule": "cron(0 16 ? * TUE *)", "Enabled": true, "AllowUnassociatedTargets": true, "WindowId": "mw-1a2b3c4d5e6f7g8h9", "Duration": 4 }

範例 2:停用維護時段

下列update-maintenance-window範例會停用維護時段。

aws ssm update-maintenance-window \ --window-id "mw-1a2b3c4d5e6f7g8h9" \ --no-enabled

範例 3:啟用維護時段

下列update-maintenance-window範例會啟用維護時段。

aws ssm update-maintenance-window \ --window-id "mw-1a2b3c4d5e6f7g8h9" \ --enabled

如需詳細資訊,請參閱 AWS Systems Manager 使用指南中的更新維護時段 (AWS CLI)

下列程式碼範例會示範如何使用update-managed-instance-role

AWS CLI

更新代管執行個體的 IAM 角色

下列update-managed-instance-role範例會更新代管執行個體的 IAM 執行個體設定檔。

aws ssm update-managed-instance-role \ --instance-id "mi-08ab247cdfEXAMPLE" \ --iam-role "ExampleRole"

此命令不會產生輸出。

如需詳細資訊,請參閱系統管理員使用指南中的步驟 4:為 Systems Manager 建立 IAM 執行個體設定檔。AWS

下列程式碼範例會示範如何使用update-ops-item

AWS CLI

若要更新 OpsItem

下列update-ops-item範例會更新的描述、優先順序和類別 OpsItem。此外,該命令還指定 SNS 主題,在編輯或變更 OpsItem 時傳送通知。

aws ssm update-ops-item \ --ops-item-id "oi-287b5EXAMPLE" \ --description "Primary OpsItem for failover event 2020-01-01-fh398yf" \ --priority 2 \ --category "Security" \ --notifications "Arn=arn:aws:sns:us-east-2:111222333444:my-us-east-2-topic"

輸出:

This command produces no output.

如需詳細資訊,請參閱《AWS Systems Manager 使用指南》 OpsItems中的〈使用〉

  • 如需 API 詳細資訊,請參閱AWS CLI 命令參考UpdateOpsItem中的。

下列程式碼範例會示範如何使用update-patch-baseline

AWS CLI

範例 1:更新修補程式基準

下列update-patch-baseline範例會將指定的兩個修補程式新增為已拒絕,將一個修補程式新增為已核准至指定的修補程式

aws ssm update-patch-baseline \ --baseline-id "pb-0123456789abcdef0" \ --rejected-patches "KB2032276" "MS10-048" \ --approved-patches "KB2124261"

輸出:

{ "BaselineId": "pb-0123456789abcdef0", "Name": "WindowsPatching", "OperatingSystem": "WINDOWS", "GlobalFilters": { "PatchFilters": [] }, "ApprovalRules": { "PatchRules": [ { "PatchFilterGroup": { "PatchFilters": [ { "Key": "PRODUCT", "Values": [ "WindowsServer2016" ] } ] }, "ComplianceLevel": "CRITICAL", "ApproveAfterDays": 0, "EnableNonSecurity": false } ] }, "ApprovedPatches": [ "KB2124261" ], "ApprovedPatchesComplianceLevel": "UNSPECIFIED", "ApprovedPatchesEnableNonSecurity": false, "RejectedPatches": [ "KB2032276", "MS10-048" ], "RejectedPatchesAction": "ALLOW_AS_DEPENDENCY", "CreatedDate": 1550244180.465, "ModifiedDate": 1550244180.465, "Description": "Patches for Windows Servers", "Sources": [] }

範例 2:重新命名修補程式基準

下列update-patch-baseline範例會重新命名指定的修補程式基準。

aws ssm update-patch-baseline \ --baseline-id "pb-0713accee01234567" \ --name "Windows-Server-2012-R2-Important-and-Critical-Security-Updates"

如需詳細資訊,請參閱 Systems Manager 使用指南中的更新或刪除修補程式基準 < https://docs.aws.amazon.com/systems-manager/latest/userguide/ patch-baseline-update-or-delete .html>`__。AWS

下列程式碼範例會示範如何使用update-resource-data-sync

AWS CLI

若要更新資源資料同步

下列update-resource-data-sync範例會更新資 SyncFromSource 源資料同步。

aws ssm update-resource-data-sync \ --sync-name exampleSync \ --sync-type SyncFromSource \ --sync-source '{"SourceType":"SingleAccountMultiRegions", "SourceRegions":["us-east-1", "us-west-2"]}'

此命令不會產生輸出。

如需詳細資訊,請參閱《Systems Manager 使用指南》中的〈設定系 Sy AWS stems Manager 以顯示來自多個帳戶和區域的資料

下列程式碼範例會示範如何使用update-service-setting

AWS CLI

更新參數存放區輸送量的服務設定

下列update-service-setting範例會更新指定區域中參數存放區輸送量的目前服務設定,以使用增加的輸送量。

aws ssm update-service-setting \ --setting-id arn:aws:ssm:us-east-1:123456789012:servicesetting/ssm/parameter-store/high-throughput-enabled \ --setting-value true

此命令不會產生輸出。

有關詳情,請參閱《AWS Systems Manager 使用指南》中的〈增加參數存放區輸送量