使用命令列工具建立變更範本 - AWS Systems Manager

使用命令列工具建立變更範本

下列程序說明如何使用 AWS Command Line Interface(AWS CLI) (位於 Linux、macOS 或 Windows) 或 AWS Tools for Windows PowerShell 在 Change Manager (AWS Systems Manager 的功能) 中建立變更請求。

若要建立變更範本

  1. 如果您尚未安裝並設定 AWS CLI 或 AWS Tools for PowerShell,請進行相應的操作。

    如需相關資訊,請參閱安裝或升級 AWS 命令列工具

  2. 在您的本機電腦建立名稱如 MyChangeTemplate.json 的 JSON 檔案,然後將您變更範本中的內容貼至其中。

    注意

    變更範本會使用 0.3 版本的結構描述,其中並不包含與自動化 Runbook 相同的所有支援。

    以下是範例。

    注意

    此範例會示範兩個核准層級。您最多可以指定五個核准層級,但只需要一個層級。

    { "description": "This change template demonstrates the feature set available for creating change templates for Change Manager. This template starts a Runbook workflow for the Automation runbook called AWS-HelloWorld", "templateInformation": "### Document Name: HelloWorldChangeTemplate\n\n ## What does this document do?\n This change template demonstrates the feature set available for creating change templates for Change Manager. This template starts a Runbook workflow for the Automation runbook called AWS-HelloWorld.\n\n ## Input Parameters\n* ApproverSnsTopicArn: (Required) Amazon Simple Notification Service ARN for approvers.\n * Approver: (Required) The name of the approver to send this request to.\n * ApproverType: (Required) The type of reviewer. * Allowed Values: IamUser, IamGroup, IamRole, SSOGroup, SSOUser\n\n ## Output Parameters\nThis document has no outputs\n", "schemaVersion": "0.3", "parameters": { "ApproverSnsTopicArn": { "type": "String", "description": "Amazon Simple Notification Service ARN for approvers." }, "Approver": { "type": "String", "description": "IAM approver" }, "ApproverType": { "type": "String", "description": "Approver types for the request. Allowed values include IamUser, IamGroup, IamRole, SSOGroup, and SSOUser." } }, "executableRunBooks": [ { "name": "AWS-HelloWorld", "version": "1" } ], "emergencyChange": false, "autoApprove": false, "mainSteps": [ { "name": "ApproveAction1", "action": "aws:approve", "timeoutSeconds": 3600, "inputs": { "Message": "A sample change request has been submitted for your review in Change Manager. You can approve or reject this request.", "EnhancedApprovals": { "NotificationArn": "{{ ApproverSnsTopicArn }}", "Approvers": [ { "approver": "{{ Approver }}", "type": "{{ ApproverType }}", "minRequiredApprovals": 1 } ] } } }, { "name": "ApproveAction2", "action": "aws:approve", "timeoutSeconds": 3600, "inputs": { "Message": "A sample change request has been submitted for your review in Change Manager. You can approve or reject this request.", "EnhancedApprovals": { "NotificationArn": "{{ ApproverSnsTopicArn }}", "Approvers": [ { "approver": "{{ Approver }}", "type": "{{ ApproverType }}", "minRequiredApprovals": 1 } ] } } } ] }
  3. 執行以下命令來建立變更範本。

    Linux & macOS
    aws ssm create-document \ --name MyChangeTemplate \ --document-format JSON \ --document-type Automation.ChangeTemplate \ --content file://MyChangeTemplate.json \ --tags Key=tag-key,Value=tag-value
    Windows
    aws ssm create-document ^ --name MyChangeTemplate ^ --document-format JSON ^ --document-type Automation.ChangeTemplate ^ --content file://MyChangeTemplate.json ^ --tags Key=tag-key,Value=tag-value
    PowerShell
    $json = Get-Content -Path "C:\path\to\file\MyChangeTemplate.json" | Out-String New-SSMDocument ` -Content $json ` -Name "MyChangeTemplate" ` -DocumentType "Automation.ChangeTemplate" ` -Tags "Key=tag-key,Value=tag-value"

    如需您可以指定的其他選項的詳細資訊,請參閱 create-document

    系統會傳回相關資訊,如下所示。

    {
       "DocumentDescription":{
          "CreatedDate":1.585061751738E9,
          "DefaultVersion":"1",
          "Description":"Use this template to update an EC2 Linux AMI. Requires one
          approver specified in the template and an approver specified in the request.",
          "DocumentFormat":"JSON",
          "DocumentType":"Automation",
          "DocumentVersion":"1",
          "Hash":"0d3d879b3ca072e03c12638d0255ebd004d2c65bd318f8354fcde820dEXAMPLE",
          "HashType":"Sha256",
          "LatestVersion":"1",
          "Name":"MyChangeTemplate",
          "Owner":"123456789012",
          "Parameters":[
             {
                "DefaultValue":"",
                "Description":"Level one approvers",
                "Name":"LevelOneApprovers",
                "Type":"String"
             },
             {
                "DefaultValue":"",
                "Description":"Level one approver type",
                "Name":"LevelOneApproverType",
                "Type":"String"
             },
       "cloudWatchMonitors": {
          "monitors": [
             "my-cloudwatch-alarm"
          ]
       }
          ],
          "PlatformTypes":[
             "Windows",
             "Linux"
          ],
          "SchemaVersion":"0.3",
          "Status":"Creating",
          "Tags":[
    
          ]
       }
    }

您組織或帳戶中已在 Change Manager 中的 Settings (設定) 標籤上指定為範本檢閱者的使用者會收到通知:新的變更範本正待其檢閱。

如果已為變更範本指定 Amazon Simple Notification Service (Amazon SNS) 主題,則會在變更範本遭到拒絕或獲得核准時傳送通知。如果您沒有收到與此變更範本相關的通知,您可以稍後返回 Change Manager,以檢查其狀態。