Class: AWS.SSM
- Inherits:
-
AWS.Service
- Object
- AWS.Service
- AWS.SSM
- Identifier:
- ssm
- API Version:
- 2014-11-06
- Defined in:
- (unknown)
Overview
Constructs a service interface object. Each API operation is exposed as a function on service.
Service Description
Amazon Web Services Systems Manager is a collection of capabilities that helps you automate management tasks such as collecting system inventory, applying operating system (OS) patches, automating the creation of Amazon Machine Images (AMIs), and configuring operating systems (OSs) and applications at scale. Systems Manager lets you remotely and securely manage the configuration of your managed instances. A managed instance is any Amazon Elastic Compute Cloud instance (EC2 instance), or any on-premises server or virtual machine (VM) in your hybrid environment that has been configured for Systems Manager.
This reference is intended to be used with the Amazon Web Services Systems Manager User Guide.
To get started, verify prerequisites and configure managed instances. For more information, see Setting up Amazon Web Services Systems Manager in the Amazon Web Services Systems Manager User Guide.
Related resources
-
For information about how to use a Query API, see Making API requests.
-
For information about other API operations you can perform on EC2 instances, see the Amazon EC2 API Reference.
-
For information about AppConfig, a capability of Systems Manager, see the AppConfig User Guide and the AppConfig API Reference.
-
For information about Incident Manager, a capability of Systems Manager, see the Incident Manager User Guide and the Incident Manager API Reference.
Sending a Request Using SSM
var ssm = new AWS.SSM();
ssm.deregisterTargetFromMaintenanceWindow(params, function (err, data) {
if (err) console.log(err, err.stack); // an error occurred
else console.log(data); // successful response
});
Locking the API Version
In order to ensure that the SSM object uses this specific API, you can
construct the object by passing the apiVersion
option to the constructor:
var ssm = new AWS.SSM({apiVersion: '2014-11-06'});
You can also set the API version globally in AWS.config.apiVersions
using
the ssm service identifier:
AWS.config.apiVersions = {
ssm: '2014-11-06',
// other service API versions
};
var ssm = new AWS.SSM();
Version:
-
2014-11-06
Waiter Resource States
This service supports a list of resource states that can be polled using the waitFor() method. The resource states are:
Constructor Summary collapse
-
new AWS.SSM(options = {}) ⇒ Object
constructor
Constructs a service object.
Property Summary collapse
-
endpoint ⇒ AWS.Endpoint
readwrite
An Endpoint object representing the endpoint URL for service requests.
Properties inherited from AWS.Service
Method Summary collapse
-
addTagsToResource(params = {}, callback) ⇒ AWS.Request
Adds or overwrites one or more tags for the specified resource.
-
associateOpsItemRelatedItem(params = {}, callback) ⇒ AWS.Request
Associates a related item to a Systems Manager OpsCenter OpsItem.
-
cancelCommand(params = {}, callback) ⇒ AWS.Request
Attempts to cancel the command specified by the Command ID.
-
cancelMaintenanceWindowExecution(params = {}, callback) ⇒ AWS.Request
Stops a maintenance window execution that is already in progress and cancels any tasks in the window that haven't already starting running.
-
createActivation(params = {}, callback) ⇒ AWS.Request
Generates an activation code and activation ID you can use to register your on-premises server or virtual machine (VM) with Amazon Web Services Systems Manager.
-
createAssociation(params = {}, callback) ⇒ AWS.Request
A State Manager association defines the state that you want to maintain on your instances.
-
createAssociationBatch(params = {}, callback) ⇒ AWS.Request
Associates the specified Amazon Web Services Systems Manager document (SSM document) with the specified instances or targets.
When you associate a document with one or more instances using instance IDs or tags, Amazon Web Services Systems Manager Agent (SSM Agent) running on the instance processes the document and configures the instance as specified.
If you associate a document with an instance that already has an associated document, the system returns the AssociationAlreadyExists exception.
. -
createDocument(params = {}, callback) ⇒ AWS.Request
Creates a Amazon Web Services Systems Manager (SSM document).
-
createMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Creates a new maintenance window.
Note: The value you specify forDuration
determines the specific end time for the maintenance window based on the time it begins.- createOpsItem(params = {}, callback) ⇒ AWS.Request
Creates a new OpsItem.
- createOpsMetadata(params = {}, callback) ⇒ AWS.Request
If you create a new application in Application Manager, Amazon Web Services Systems Manager calls this API operation to specify information about the new application, including the application type.
.
- createPatchBaseline(params = {}, callback) ⇒ AWS.Request
Creates a patch baseline.
Note: For information about valid key-value pairs inPatchFilters
for each supported operating system type, see PatchFilter.- createResourceDataSync(params = {}, callback) ⇒ AWS.Request
A resource data sync helps you view data from multiple sources in a single location.
- deleteActivation(params = {}, callback) ⇒ AWS.Request
Deletes an activation.
- deleteAssociation(params = {}, callback) ⇒ AWS.Request
Disassociates the specified Amazon Web Services Systems Manager document (SSM document) from the specified instance.
- deleteDocument(params = {}, callback) ⇒ AWS.Request
Deletes the Amazon Web Services Systems Manager document (SSM document) and all instance associations to the document.
Before you delete the document, we recommend that you use DeleteAssociation to disassociate all instances that are associated with the document.
.- deleteInventory(params = {}, callback) ⇒ AWS.Request
Delete a custom inventory type or the data associated with a custom Inventory type.
- deleteMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Deletes a maintenance window.
.
- deleteOpsMetadata(params = {}, callback) ⇒ AWS.Request
Delete OpsMetadata related to an application.
.
- deleteParameter(params = {}, callback) ⇒ AWS.Request
Delete a parameter from the system.
- deleteParameters(params = {}, callback) ⇒ AWS.Request
Delete a list of parameters.
- deletePatchBaseline(params = {}, callback) ⇒ AWS.Request
Deletes a patch baseline.
.
- deleteResourceDataSync(params = {}, callback) ⇒ AWS.Request
Deletes a resource data sync configuration.
- deregisterManagedInstance(params = {}, callback) ⇒ AWS.Request
Removes the server or virtual machine from the list of registered servers.
- deregisterPatchBaselineForPatchGroup(params = {}, callback) ⇒ AWS.Request
Removes a patch group from a patch baseline.
.
- deregisterTargetFromMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Removes a target from a maintenance window.
.
- deregisterTaskFromMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Removes a task from a maintenance window.
.
- describeActivations(params = {}, callback) ⇒ AWS.Request
Describes details about the activation, such as the date and time the activation was created, its expiration date, the Identity and Access Management (IAM) role assigned to the instances in the activation, and the number of instances registered by using this activation.
.
- describeAssociation(params = {}, callback) ⇒ AWS.Request
Describes the association for the specified target or instance.
- describeAssociationExecutions(params = {}, callback) ⇒ AWS.Request
Views all executions for a specific association ID.
- describeAssociationExecutionTargets(params = {}, callback) ⇒ AWS.Request
Views information about a specific execution of a specific association.
.
- describeAutomationExecutions(params = {}, callback) ⇒ AWS.Request
Provides details about all active and terminated Automation executions.
.
- describeAutomationStepExecutions(params = {}, callback) ⇒ AWS.Request
Information about all active and terminated step executions in an Automation workflow.
.
- describeAvailablePatches(params = {}, callback) ⇒ AWS.Request
Lists all patches eligible to be included in a patch baseline.
.
- describeDocument(params = {}, callback) ⇒ AWS.Request
Describes the specified Amazon Web Services Systems Manager document (SSM document).
.
- describeDocumentPermission(params = {}, callback) ⇒ AWS.Request
Describes the permissions for a Amazon Web Services Systems Manager document (SSM document).
- describeEffectiveInstanceAssociations(params = {}, callback) ⇒ AWS.Request
All associations for the instance(s).
.
- describeEffectivePatchesForPatchBaseline(params = {}, callback) ⇒ AWS.Request
Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline.
- describeInstanceAssociationsStatus(params = {}, callback) ⇒ AWS.Request
The status of the associations for the instance(s).
.
- describeInstanceInformation(params = {}, callback) ⇒ AWS.Request
Describes one or more of your instances, including information about the operating system platform, the version of SSM Agent installed on the instance, instance status, and so on.
If you specify one or more instance IDs, it returns information for those instances.
- describeInstancePatches(params = {}, callback) ⇒ AWS.Request
Retrieves information about the patches on the specified instance and their state relative to the patch baseline being used for the instance.
.
- describeInstancePatchStates(params = {}, callback) ⇒ AWS.Request
Retrieves the high-level patch state of one or more instances.
.
- describeInstancePatchStatesForPatchGroup(params = {}, callback) ⇒ AWS.Request
Retrieves the high-level patch state for the instances in the specified patch group.
.
- describeInventoryDeletions(params = {}, callback) ⇒ AWS.Request
Describes a specific delete inventory operation.
.
- describeMaintenanceWindowExecutions(params = {}, callback) ⇒ AWS.Request
Lists the executions of a maintenance window.
- describeMaintenanceWindowExecutionTaskInvocations(params = {}, callback) ⇒ AWS.Request
Retrieves the individual task executions (one per target) for a particular task run as part of a maintenance window execution.
.
- describeMaintenanceWindowExecutionTasks(params = {}, callback) ⇒ AWS.Request
For a given maintenance window execution, lists the tasks that were run.
.
- describeMaintenanceWindows(params = {}, callback) ⇒ AWS.Request
Retrieves the maintenance windows in an Amazon Web Services account.
.
- describeMaintenanceWindowSchedule(params = {}, callback) ⇒ AWS.Request
Retrieves information about upcoming executions of a maintenance window.
.
- describeMaintenanceWindowsForTarget(params = {}, callback) ⇒ AWS.Request
Retrieves information about the maintenance window targets or tasks that an instance is associated with.
.
- describeMaintenanceWindowTargets(params = {}, callback) ⇒ AWS.Request
Lists the targets registered with the maintenance window.
.
- describeMaintenanceWindowTasks(params = {}, callback) ⇒ AWS.Request
Lists the tasks in a maintenance window.
Note: For maintenance window tasks without a specified target, you can't supply values for--max-errors
and--max-concurrency
.- describeOpsItems(params = {}, callback) ⇒ AWS.Request
Query a set of OpsItems.
- describeParameters(params = {}, callback) ⇒ AWS.Request
Get information about a parameter.
Request results are returned on a best-effort basis.
- describePatchBaselines(params = {}, callback) ⇒ AWS.Request
Lists the patch baselines in your Amazon Web Services account.
.
- describePatchGroups(params = {}, callback) ⇒ AWS.Request
Lists all patch groups that have been registered with patch baselines.
.
- describePatchGroupState(params = {}, callback) ⇒ AWS.Request
Returns high-level aggregated patch compliance state information for a patch group.
.
- describePatchProperties(params = {}, callback) ⇒ AWS.Request
Lists the properties of available patches organized by product, product family, classification, severity, and other properties of available patches.
- describeSessions(params = {}, callback) ⇒ AWS.Request
Retrieves a list of all active sessions (both connected and disconnected) or terminated sessions from the past 30 days.
.
- disassociateOpsItemRelatedItem(params = {}, callback) ⇒ AWS.Request
Deletes the association between an OpsItem and a related item.
- getAutomationExecution(params = {}, callback) ⇒ AWS.Request
Get detailed information about a particular Automation execution.
.
- getCalendarState(params = {}, callback) ⇒ AWS.Request
Gets the state of a Amazon Web Services Systems Manager change calendar at the current time or a specified time.
- getCommandInvocation(params = {}, callback) ⇒ AWS.Request
Returns detailed information about command execution for an invocation or plugin.
GetCommandInvocation
only gives the execution status of a plugin in a document.- getConnectionStatus(params = {}, callback) ⇒ AWS.Request
Retrieves the Session Manager connection status for an instance to determine whether it is running and ready to receive Session Manager connections.
.
- getDefaultPatchBaseline(params = {}, callback) ⇒ AWS.Request
Retrieves the default patch baseline.
- getDeployablePatchSnapshotForInstance(params = {}, callback) ⇒ AWS.Request
Retrieves the current snapshot for the patch baseline the instance uses.
- getDocument(params = {}, callback) ⇒ AWS.Request
Gets the contents of the specified Amazon Web Services Systems Manager document (SSM document).
.
- getInventory(params = {}, callback) ⇒ AWS.Request
Query inventory information.
- getInventorySchema(params = {}, callback) ⇒ AWS.Request
Return a list of inventory type names for the account, or return a list of attribute names for a specific Inventory item type.
.
- getMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Retrieves a maintenance window.
.
- getMaintenanceWindowExecution(params = {}, callback) ⇒ AWS.Request
Retrieves details about a specific a maintenance window execution.
.
- getMaintenanceWindowExecutionTask(params = {}, callback) ⇒ AWS.Request
Retrieves the details about a specific task run as part of a maintenance window execution.
.
- getMaintenanceWindowExecutionTaskInvocation(params = {}, callback) ⇒ AWS.Request
Retrieves information about a specific task running on a specific target.
.
- getMaintenanceWindowTask(params = {}, callback) ⇒ AWS.Request
Lists the tasks in a maintenance window.
Note: For maintenance window tasks without a specified target, you can't supply values for--max-errors
and--max-concurrency
.- getOpsItem(params = {}, callback) ⇒ AWS.Request
Get information about an OpsItem by using the ID.
- getOpsMetadata(params = {}, callback) ⇒ AWS.Request
View operational metadata related to an application in Application Manager.
.
- getOpsSummary(params = {}, callback) ⇒ AWS.Request
View a summary of operations metadata (OpsData) based on specified filters and aggregators.
- getParameter(params = {}, callback) ⇒ AWS.Request
Get information about a single parameter by specifying the parameter name.
Note: To get information about more than one parameter at a time, use the GetParameters operation.- getParameterHistory(params = {}, callback) ⇒ AWS.Request
Retrieves the history of all changes to a parameter.
If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must also update the key alias the parameter uses to reference KMS.
- getParameters(params = {}, callback) ⇒ AWS.Request
Get information about one or more parameters by specifying multiple parameter names.
Note: To get information about a single parameter, you can use the GetParameter operation instead.- getParametersByPath(params = {}, callback) ⇒ AWS.Request
Retrieve information about one or more parameters in a specific hierarchy.
- getPatchBaseline(params = {}, callback) ⇒ AWS.Request
Retrieves information about a patch baseline.
.
- getPatchBaselineForPatchGroup(params = {}, callback) ⇒ AWS.Request
Retrieves the patch baseline that should be used for the specified patch group.
.
- getServiceSetting(params = {}, callback) ⇒ AWS.Request
ServiceSetting
is an account-level setting for an Amazon Web Services service.- labelParameterVersion(params = {}, callback) ⇒ AWS.Request
A parameter label is a user-defined alias to help you manage different versions of a parameter.
- listAssociations(params = {}, callback) ⇒ AWS.Request
Returns all State Manager associations in the current Amazon Web Services account and Amazon Web Services Region.
- listAssociationVersions(params = {}, callback) ⇒ AWS.Request
Retrieves all versions of an association for a specific association ID.
.
- listCommandInvocations(params = {}, callback) ⇒ AWS.Request
An invocation is copy of a command sent to a specific instance.
- listCommands(params = {}, callback) ⇒ AWS.Request
Lists the commands requested by users of the Amazon Web Services account.
.
- listComplianceItems(params = {}, callback) ⇒ AWS.Request
For a specified resource ID, this API operation returns a list of compliance statuses for different resource types.
- listComplianceSummaries(params = {}, callback) ⇒ AWS.Request
Returns a summary count of compliant and non-compliant resources for a compliance type.
- listDocumentMetadataHistory(params = {}, callback) ⇒ AWS.Request
Information about approval reviews for a version of a change template in Change Manager.
.
- listDocuments(params = {}, callback) ⇒ AWS.Request
Returns all Systems Manager (SSM) documents in the current Amazon Web Services account and Amazon Web Services Region.
- listDocumentVersions(params = {}, callback) ⇒ AWS.Request
List all versions for a document.
.
- listInventoryEntries(params = {}, callback) ⇒ AWS.Request
A list of inventory items returned by the request.
.
- listOpsItemEvents(params = {}, callback) ⇒ AWS.Request
Returns a list of all OpsItem events in the current Amazon Web Services Region and Amazon Web Services account.
- listOpsItemRelatedItems(params = {}, callback) ⇒ AWS.Request
Lists all related-item resources associated with a Systems Manager OpsCenter OpsItem.
- listOpsMetadata(params = {}, callback) ⇒ AWS.Request
Amazon Web Services Systems Manager calls this API operation when displaying all Application Manager OpsMetadata objects or blobs.
.
- listResourceComplianceSummaries(params = {}, callback) ⇒ AWS.Request
Returns a resource-level summary count.
- listResourceDataSync(params = {}, callback) ⇒ AWS.Request
Lists your resource data sync configurations.
- listTagsForResource(params = {}, callback) ⇒ AWS.Request
Returns a list of the tags assigned to the specified resource.
For information about the ID format for each supported resource type, see AddTagsToResource.
.- modifyDocumentPermission(params = {}, callback) ⇒ AWS.Request
Shares a Amazon Web Services Systems Manager document (SSM document)publicly or privately.
- putComplianceItems(params = {}, callback) ⇒ AWS.Request
Registers a compliance type and other compliance details on a designated resource.
- putInventory(params = {}, callback) ⇒ AWS.Request
Bulk update custom inventory items on one more instance.
- putParameter(params = {}, callback) ⇒ AWS.Request
Add a parameter to the system.
.
- registerDefaultPatchBaseline(params = {}, callback) ⇒ AWS.Request
Defines the default patch baseline for the relevant operating system.
To reset the Amazon Web Services-predefined patch baseline as the default, specify the full patch baseline Amazon Resource Name (ARN) as the baseline ID value.
- registerPatchBaselineForPatchGroup(params = {}, callback) ⇒ AWS.Request
Registers a patch baseline for a patch group.
.
- registerTargetWithMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Registers a target with a maintenance window.
.
- registerTaskWithMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Adds a new task to a maintenance window.
.
- removeTagsFromResource(params = {}, callback) ⇒ AWS.Request
Removes tag keys from the specified resource.
.
- resetServiceSetting(params = {}, callback) ⇒ AWS.Request
ServiceSetting
is an account-level setting for an Amazon Web Services service.- resumeSession(params = {}, callback) ⇒ AWS.Request
Reconnects a session to an instance after it has been disconnected.
- sendAutomationSignal(params = {}, callback) ⇒ AWS.Request
Sends a signal to an Automation execution to change the current behavior or status of the execution.
- sendCommand(params = {}, callback) ⇒ AWS.Request
Runs commands on one or more managed instances.
.
- startAssociationsOnce(params = {}, callback) ⇒ AWS.Request
Runs an association immediately and only one time.
- startAutomationExecution(params = {}, callback) ⇒ AWS.Request
Initiates execution of an Automation runbook.
.
- startChangeRequestExecution(params = {}, callback) ⇒ AWS.Request
Creates a change request for Change Manager.
- startSession(params = {}, callback) ⇒ AWS.Request
Initiates a connection to a target (for example, an instance) for a Session Manager session.
- stopAutomationExecution(params = {}, callback) ⇒ AWS.Request
Stop an Automation that is currently running.
.
- terminateSession(params = {}, callback) ⇒ AWS.Request
Permanently ends a session and closes the data connection between the Session Manager client and SSM Agent on the instance.
- unlabelParameterVersion(params = {}, callback) ⇒ AWS.Request
Remove a label or labels from a parameter.
.
- updateAssociation(params = {}, callback) ⇒ AWS.Request
Updates an association.
- updateAssociationStatus(params = {}, callback) ⇒ AWS.Request
Updates the status of the Amazon Web Services Systems Manager document (SSM document) associated with the specified instance.
UpdateAssociationStatus
is primarily used by the Amazon Web Services Systems Manager Agent (SSM Agent) to report status updates about your associations and is only used for associations created with theInstanceId
legacy parameter.- updateDocument(params = {}, callback) ⇒ AWS.Request
Updates one or more values for an SSM document.
.
- updateDocumentDefaultVersion(params = {}, callback) ⇒ AWS.Request
Set the default version of a document.
- updateDocumentMetadata(params = {}, callback) ⇒ AWS.Request
Updates information related to approval reviews for a specific version of a change template in Change Manager.
.
- updateMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Updates an existing maintenance window.
- updateMaintenanceWindowTarget(params = {}, callback) ⇒ AWS.Request
Modifies the target of an existing maintenance window.
- updateMaintenanceWindowTask(params = {}, callback) ⇒ AWS.Request
Modifies a task assigned to a maintenance window.
- updateManagedInstanceRole(params = {}, callback) ⇒ AWS.Request
Changes the Identity and Access Management (IAM) role that is assigned to the on-premises instance or virtual machines (VM).
- updateOpsItem(params = {}, callback) ⇒ AWS.Request
Edit or change an OpsItem.
- updateOpsMetadata(params = {}, callback) ⇒ AWS.Request
Amazon Web Services Systems Manager calls this API operation when you edit OpsMetadata in Application Manager.
.
- updatePatchBaseline(params = {}, callback) ⇒ AWS.Request
Modifies an existing patch baseline.
- updateResourceDataSync(params = {}, callback) ⇒ AWS.Request
Update a resource data sync.
- updateServiceSetting(params = {}, callback) ⇒ AWS.Request
ServiceSetting
is an account-level setting for an Amazon Web Services service.- waitFor(state, params = {}, callback) ⇒ AWS.Request
Waits for a given SSM resource.
Methods inherited from AWS.Service
makeRequest, makeUnauthenticatedRequest, setupRequestListeners, defineService
Constructor Details
new AWS.SSM(options = {}) ⇒ Object
Constructs a service object. This object has one method for each API operation.
Examples:
Constructing a SSM object
var ssm = new AWS.SSM({apiVersion: '2014-11-06'});
Options Hash (options):
-
params
(map)
—
An optional map of parameters to bind to every request sent by this service object. For more information on bound parameters, see "Working with Services" in the Getting Started Guide.
-
endpoint
(String|AWS.Endpoint)
—
The endpoint URI to send requests to. The default endpoint is built from the configured
region
. The endpoint should be a string like'https://{service}.{region}.amazonaws.com'
or an Endpoint object. -
accessKeyId
(String)
—
your AWS access key ID.
-
secretAccessKey
(String)
—
your AWS secret access key.
-
sessionToken
(AWS.Credentials)
—
the optional AWS session token to sign requests with.
-
credentials
(AWS.Credentials)
—
the AWS credentials to sign requests with. You can either specify this object, or specify the accessKeyId and secretAccessKey options directly.
-
credentialProvider
(AWS.CredentialProviderChain)
—
the provider chain used to resolve credentials if no static
credentials
property is set. -
region
(String)
—
the region to send service requests to. See AWS.SSM.region for more information.
-
maxRetries
(Integer)
—
the maximum amount of retries to attempt with a request. See AWS.SSM.maxRetries for more information.
-
maxRedirects
(Integer)
—
the maximum amount of redirects to follow with a request. See AWS.SSM.maxRedirects for more information.
-
sslEnabled
(Boolean)
—
whether to enable SSL for requests.
-
paramValidation
(Boolean|map)
—
whether input parameters should be validated against the operation description before sending the request. Defaults to true. Pass a map to enable any of the following specific validation features:
- min [Boolean] — Validates that a value meets the min
constraint. This is enabled by default when paramValidation is set
to
true
. - max [Boolean] — Validates that a value meets the max constraint.
- pattern [Boolean] — Validates that a string value matches a regular expression.
- enum [Boolean] — Validates that a string value matches one of the allowable enum values.
- min [Boolean] — Validates that a value meets the min
constraint. This is enabled by default when paramValidation is set
to
-
computeChecksums
(Boolean)
—
whether to compute checksums for payload bodies when the service accepts it (currently supported in S3 only)
-
convertResponseTypes
(Boolean)
—
whether types are converted when parsing response data. Currently only supported for JSON based services. Turning this off may improve performance on large response payloads. Defaults to
true
. -
correctClockSkew
(Boolean)
—
whether to apply a clock skew correction and retry requests that fail because of an skewed client clock. Defaults to
false
. -
s3ForcePathStyle
(Boolean)
—
whether to force path style URLs for S3 objects.
-
s3BucketEndpoint
(Boolean)
—
whether the provided endpoint addresses an individual bucket (false if it addresses the root API endpoint). Note that setting this configuration option requires an
endpoint
to be provided explicitly to the service constructor. -
s3DisableBodySigning
(Boolean)
—
whether S3 body signing should be disabled when using signature version
v4
. Body signing can only be disabled when using https. Defaults totrue
. -
s3UsEast1RegionalEndpoint
('legacy'|'regional')
—
when region is set to 'us-east-1', whether to send s3 request to global endpoints or 'us-east-1' regional endpoints. This config is only applicable to S3 client. Defaults to
legacy
-
s3UseArnRegion
(Boolean)
—
whether to override the request region with the region inferred from requested resource's ARN. Only available for S3 buckets Defaults to
true
-
retryDelayOptions
(map)
—
A set of options to configure the retry delay on retryable errors. Currently supported options are:
- base [Integer] — The base number of milliseconds to use in the exponential backoff for operation retries. Defaults to 100 ms for all services except DynamoDB, where it defaults to 50ms.
- customBackoff [function] — A custom function that accepts a
retry count and error and returns the amount of time to delay in
milliseconds. If the result is a non-zero negative value, no further
retry attempts will be made. The
base
option will be ignored if this option is supplied. The function is only called for retryable errors.
-
httpOptions
(map)
—
A set of options to pass to the low-level HTTP request. Currently supported options are:
- proxy [String] — the URL to proxy requests through
- agent [http.Agent, https.Agent] — the Agent object to perform
HTTP requests with. Used for connection pooling. Defaults to the global
agent (
http.globalAgent
) for non-SSL connections. Note that for SSL connections, a special Agent object is used in order to enable peer certificate verification. This feature is only available in the Node.js environment. - connectTimeout [Integer] — Sets the socket to timeout after
failing to establish a connection with the server after
connectTimeout
milliseconds. This timeout has no effect once a socket connection has been established. - timeout [Integer] — Sets the socket to timeout after timeout milliseconds of inactivity on the socket. Defaults to two minutes (120000).
- xhrAsync [Boolean] — Whether the SDK will send asynchronous HTTP requests. Used in the browser environment only. Set to false to send requests synchronously. Defaults to true (async on).
- xhrWithCredentials [Boolean] — Sets the "withCredentials" property of an XMLHttpRequest object. Used in the browser environment only. Defaults to false.
-
apiVersion
(String, Date)
—
a String in YYYY-MM-DD format (or a date) that represents the latest possible API version that can be used in all services (unless overridden by
apiVersions
). Specify 'latest' to use the latest possible version. -
apiVersions
(map<String, String|Date>)
—
a map of service identifiers (the lowercase service class name) with the API version to use when instantiating a service. Specify 'latest' for each individual that can use the latest available version.
-
logger
(#write, #log)
—
an object that responds to .write() (like a stream) or .log() (like the console object) in order to log information about requests
-
systemClockOffset
(Number)
—
an offset value in milliseconds to apply to all signing times. Use this to compensate for clock skew when your system may be out of sync with the service time. Note that this configuration option can only be applied to the global
AWS.config
object and cannot be overridden in service-specific configuration. Defaults to 0 milliseconds. -
signatureVersion
(String)
—
the signature version to sign requests with (overriding the API configuration). Possible values are: 'v2', 'v3', 'v4'.
-
signatureCache
(Boolean)
—
whether the signature to sign requests with (overriding the API configuration) is cached. Only applies to the signature version 'v4'. Defaults to
true
. -
dynamoDbCrc32
(Boolean)
—
whether to validate the CRC32 checksum of HTTP response bodies returned by DynamoDB. Default:
true
. -
useAccelerateEndpoint
(Boolean)
—
Whether to use the S3 Transfer Acceleration endpoint with the S3 service. Default:
false
. -
clientSideMonitoring
(Boolean)
—
whether to collect and publish this client's performance metrics of all its API requests.
-
endpointDiscoveryEnabled
(Boolean|undefined)
—
whether to call operations with endpoints given by service dynamically. Setting this
-
endpointCacheSize
(Number)
—
the size of the global cache storing endpoints from endpoint discovery operations. Once endpoint cache is created, updating this setting cannot change existing cache size. Defaults to 1000
-
hostPrefixEnabled
(Boolean)
—
whether to marshal request parameters to the prefix of hostname. Defaults to
true
. -
stsRegionalEndpoints
('legacy'|'regional')
—
whether to send sts request to global endpoints or regional endpoints. Defaults to 'legacy'.
Property Details
Method Details
addTagsToResource(params = {}, callback) ⇒ AWS.Request
Adds or overwrites one or more tags for the specified resource. Tags are metadata that you can assign to your documents, managed instances, maintenance windows, Parameter Store parameters, and patch baselines. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. For example, you could define a set of tags for your account's managed instances that helps you track each instance's owner and stack level. For example:
-
Key=Owner,Value=DbAdmin
-
Key=Owner,Value=SysAdmin
-
Key=Owner,Value=Dev
-
Key=Stack,Value=Production
-
Key=Stack,Value=Pre-Production
-
Key=Stack,Value=Test
Each resource can have a maximum of 50 tags.
We recommend that you devise a set of tag keys that meets your needs for each resource type. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags you add. Tags don't have any semantic meaning to and are interpreted strictly as a string of characters.
For more information about using tags with Amazon Elastic Compute Cloud (Amazon EC2) instances, see Tagging your Amazon EC2 resources in the Amazon EC2 User Guide.
Service Reference:
Examples:
Calling the addTagsToResource operation
var params = { ResourceId: 'STRING_VALUE', /* required */ ResourceType: Document | ManagedInstance | MaintenanceWindow | Parameter | PatchBaseline | OpsItem | OpsMetadata, /* required */ Tags: [ /* required */ { Key: 'STRING_VALUE', /* required */ Value: 'STRING_VALUE' /* required */ }, /* more items */ ] }; ssm.addTagsToResource(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
ResourceType
— (String
)Specifies the type of resource you are tagging.
Note: ThePossible values include:ManagedInstance
type for this API operation is for on-premises managed instances. You must specify the name of the managed instance in the following format:mi-ID_number
. For example,mi-1a2b3c4d5e6f
."Document"
"ManagedInstance"
"MaintenanceWindow"
"Parameter"
"PatchBaseline"
"OpsItem"
"OpsMetadata"
ResourceId
— (String
)The resource ID you want to tag.
Use the ID of the resource. Here are some examples:
MaintenanceWindow
:mw-012345abcde
PatchBaseline
:pb-012345abcde
OpsMetadata
object:ResourceID
for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically,ResourceID
is created from the strings that come after the wordopsmetadata
in the ARN. For example, an OpsMetadata object with an ARN ofarn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager
has aResourceID
of eitheraws/ssm/MyGroup/appmanager
or/aws/ssm/MyGroup/appmanager
.For the
Document
andParameter
values, use the name of the resource.ManagedInstance
:mi-012345abcde
Note: TheManagedInstance
type for this API operation is only for on-premises managed instances. You must specify the name of the managed instance in the following format:mi-ID_number
. For example,mi-1a2b3c4d5e6f
.Tags
— (Array<map>
)One or more tags. The value parameter is required.
Don't enter personally identifiable information in this field.
Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
associateOpsItemRelatedItem(params = {}, callback) ⇒ AWS.Request
Associates a related item to a Systems Manager OpsCenter OpsItem. For example, you can associate an Incident Manager incident or analysis with an OpsItem. Incident Manager and OpsCenter are capabilities of Amazon Web Services Systems Manager.
Service Reference:
Examples:
Calling the associateOpsItemRelatedItem operation
var params = { AssociationType: 'STRING_VALUE', /* required */ OpsItemId: 'STRING_VALUE', /* required */ ResourceType: 'STRING_VALUE', /* required */ ResourceUri: 'STRING_VALUE' /* required */ }; ssm.associateOpsItemRelatedItem(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
OpsItemId
— (String
)The ID of the OpsItem to which you want to associate a resource as a related item.
AssociationType
— (String
)The type of association that you want to create between an OpsItem and a resource. OpsCenter supports
IsParentOf
andRelatesTo
association types.ResourceType
— (String
)The type of resource that you want to associate with an OpsItem. OpsCenter supports the following types:
AWS::SSMIncidents::IncidentRecord
: an Incident Manager incident.AWS::SSM::Document
: a Systems Manager (SSM) document.ResourceUri
— (String
)The Amazon Resource Name (ARN) of the Amazon Web Services resource that you want to associate with the OpsItem.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:AssociationId
— (String
)The association ID.
-
(AWS.Response)
—
Returns:
cancelCommand(params = {}, callback) ⇒ AWS.Request
Attempts to cancel the command specified by the Command ID. There is no guarantee that the command will be terminated and the underlying process stopped.
Service Reference:
Examples:
Calling the cancelCommand operation
var params = { CommandId: 'STRING_VALUE', /* required */ InstanceIds: [ 'STRING_VALUE', /* more items */ ] }; ssm.cancelCommand(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
CommandId
— (String
)The ID of the command you want to cancel.
InstanceIds
— (Array<String>
)(Optional) A list of instance IDs on which you want to cancel the command. If not provided, the command is canceled on every instance on which it was requested.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
cancelMaintenanceWindowExecution(params = {}, callback) ⇒ AWS.Request
Stops a maintenance window execution that is already in progress and cancels any tasks in the window that haven't already starting running. Tasks already in progress will continue to completion.
Service Reference:
Examples:
Calling the cancelMaintenanceWindowExecution operation
var params = { WindowExecutionId: 'STRING_VALUE' /* required */ }; ssm.cancelMaintenanceWindowExecution(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowExecutionId
— (String
)The ID of the maintenance window execution to stop.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowExecutionId
— (String
)The ID of the maintenance window execution that has been stopped.
-
(AWS.Response)
—
Returns:
createActivation(params = {}, callback) ⇒ AWS.Request
Generates an activation code and activation ID you can use to register your on-premises server or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and ID when installing SSM Agent on machines in your hybrid environment. For more information about requirements for managing on-premises instances and VMs using Systems Manager, see Setting up Amazon Web Services Systems Manager for hybrid environments in the Amazon Web Services Systems Manager User Guide.
Note: On-premises servers or VMs that are registered with Systems Manager and Amazon Elastic Compute Cloud (Amazon EC2) instances that you manage with Systems Manager are all called managed instances.Service Reference:
Examples:
Calling the createActivation operation
var params = { IamRole: 'STRING_VALUE', /* required */ DefaultInstanceName: 'STRING_VALUE', Description: 'STRING_VALUE', ExpirationDate: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789, RegistrationLimit: 'NUMBER_VALUE', Tags: [ { Key: 'STRING_VALUE', /* required */ Value: 'STRING_VALUE' /* required */ }, /* more items */ ] }; ssm.createActivation(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Description
— (String
)A user-defined description of the resource that you want to register with Systems Manager.
Don't enter personally identifiable information in this field.
DefaultInstanceName
— (String
)The name of the registered, managed instance as it will appear in the Amazon Web Services Systems Manager console or when you use the Amazon Web Services command line tools to list Systems Manager resources.
Don't enter personally identifiable information in this field.
IamRole
— (String
)The name of the Identity and Access Management (IAM) role that you want to assign to the managed instance. This IAM role must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal
ssm.amazonaws.com
. For more information, see Create an IAM service role for a hybrid environment in the Amazon Web Services Systems Manager User Guide.RegistrationLimit
— (Integer
)Specify the maximum number of managed instances you want to register. The default value is
1
.ExpirationDate
— (Date
)The date by which this activation request should expire, in timestamp format, such as "2021-07-07T00:00:00". You can specify a date up to 30 days in advance. If you don't provide an expiration date, the activation code expires in 24 hours.
Tags
— (Array<map>
)Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an activation to identify which servers or virtual machines (VMs) in your on-premises environment you intend to activate. In this case, you could specify the following key-value pairs:
-
Key=OS,Value=Windows
-
Key=Environment,Value=Production
When you install SSM Agent on your on-premises servers and VMs, you specify an activation ID and code. When you specify the activation ID and code, tags assigned to the activation are automatically applied to the on-premises servers or VMs.
You can't add tags to or delete tags from an existing activation. You can tag your on-premises servers and VMs after they connect to Systems Manager for the first time and are assigned a managed instance ID. This means they are listed in the Amazon Web Services Systems Manager console with an ID that is prefixed with "mi-". For information about how to add tags to your managed instances, see AddTagsToResource. For information about how to remove tags from your managed instances, see RemoveTagsFromResource.
Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
-
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:ActivationId
— (String
)The ID number generated by the system when it processed the activation. The activation ID functions like a user name.
ActivationCode
— (String
)The code the system generates when it processes the activation. The activation code functions like a password to validate the activation ID.
-
(AWS.Response)
—
Returns:
createAssociation(params = {}, callback) ⇒ AWS.Request
A State Manager association defines the state that you want to maintain on your instances. For example, an association can specify that anti-virus software must be installed and running on your instances, or that certain ports must be closed. For static targets, the association specifies a schedule for when the configuration is reapplied. For dynamic targets, such as an Amazon Web Services resource group or an Amazon Web Services autoscaling group, State Manager, a capability of Amazon Web Services Systems Manager applies the configuration when new instances are added to the group. The association also specifies actions to take when applying the configuration. For example, an association for anti-virus software might run once a day. If the software isn't installed, then State Manager installs it. If the software is installed, but the service isn't running, then the association might instruct State Manager to start the service.
Service Reference:
Examples:
Calling the createAssociation operation
var params = { Name: 'STRING_VALUE', /* required */ ApplyOnlyAtCronInterval: true || false, AssociationName: 'STRING_VALUE', AutomationTargetParameterName: 'STRING_VALUE', CalendarNames: [ 'STRING_VALUE', /* more items */ ], ComplianceSeverity: CRITICAL | HIGH | MEDIUM | LOW | UNSPECIFIED, DocumentVersion: 'STRING_VALUE', InstanceId: 'STRING_VALUE', MaxConcurrency: 'STRING_VALUE', MaxErrors: 'STRING_VALUE', OutputLocation: { S3Location: { OutputS3BucketName: 'STRING_VALUE', OutputS3KeyPrefix: 'STRING_VALUE', OutputS3Region: 'STRING_VALUE' } }, Parameters: { '<ParameterName>': [ 'STRING_VALUE', /* more items */ ], /* '<ParameterName>': ... */ }, ScheduleExpression: 'STRING_VALUE', SyncCompliance: AUTO | MANUAL, TargetLocations: [ { Accounts: [ 'STRING_VALUE', /* more items */ ], ExecutionRoleName: 'STRING_VALUE', Regions: [ 'STRING_VALUE', /* more items */ ], TargetLocationMaxConcurrency: 'STRING_VALUE', TargetLocationMaxErrors: 'STRING_VALUE' }, /* more items */ ], Targets: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }; ssm.createAssociation(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the SSM Command document or Automation runbook that contains the configuration information for the instance.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.
For Systems Manager documents (SSM documents) that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:
arn:partition:ssm:region:account-id:document/document-name
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example,
AWS-ApplyPatchBaseline
orMy-Document
.DocumentVersion
— (String
)The document version you want to associate with the target(s). Can be a specific version or the default version.
InstanceId
— (String
)The instance ID.
Note:InstanceId
has been deprecated. To specify an instance ID for an association, use theTargets
parameter. Requests that include the parameterInstanceID
with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameterInstanceId
, you can't use the parametersAssociationName
,DocumentVersion
,MaxErrors
,MaxConcurrency
,OutputLocation
, orScheduleExpression
. To use these parameters, you must use theTargets
parameter.Parameters
— (map<Array<String>>
)The parameters for the runtime configuration of the document.
Targets
— (Array<map>
)The targets for the association. You can target instances by using tags, Amazon Web Services resource groups, all instances in an Amazon Web Services account, or individual instance IDs. You can target all instances in an Amazon Web Services account by specifying the
InstanceIds
key with a value of*
. For more information about choosing targets for an association, see Using targets and rate controls with State Manager associations in the Amazon Web Services Systems Manager User Guide.Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression
— (String
)A cron expression when the association will be applied to the target(s).
OutputLocation
— (map
)An Amazon Simple Storage Service (Amazon S3) bucket where you want to store the output details of the request.
S3Location
— (map
)An S3 bucket where you want to store the results of this request.
OutputS3Region
— (String
)The Amazon Web Services Region of the S3 bucket.
OutputS3BucketName
— (String
)The name of the S3 bucket.
OutputS3KeyPrefix
— (String
)The S3 bucket subfolder.
AssociationName
— (String
)Specify a descriptive name for the association.
AutomationTargetParameterName
— (String
)Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
MaxErrors
— (String
)The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time.MaxConcurrency
— (String
)The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified forMaxConcurrency
.ComplianceSeverity
— (String
)The severity level to assign to the association.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"UNSPECIFIED"
SyncCompliance
— (String
)The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
Possible values include:AUTO
mode."AUTO"
"MANUAL"
ApplyOnlyAtCronInterval
— (Boolean
)By default, when you create a new association, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames
— (Array<String>
)The names or Amazon Resource Names (ARNs) of the Change Calendar type documents you want to gate your associations under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
TargetLocations
— (Array<map>
)A location is a combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association. Use this action to create an association in multiple Regions and multiple accounts.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:AssociationDescription
— (map
)Information about the association.
Name
— (String
)The name of the SSM document.
InstanceId
— (String
)The instance ID.
AssociationVersion
— (String
)The association version.
Date
— (Date
)The date when the association was made.
LastUpdateAssociationDate
— (Date
)The date when the association was last updated.
Status
— (map
)The association status.
Date
— required — (Date
)The date when the status changed.
Name
— required — (String
)The status.
Possible values include:"Pending"
"Success"
"Failed"
Message
— required — (String
)The reason for the status.
AdditionalInfo
— (String
)A user-defined string.
Overview
— (map
)Information about the association.
Status
— (String
)The status of the association. Status can be: Pending, Success, or Failed.
DetailedStatus
— (String
)A detailed status of the association.
AssociationStatusAggregatedCount
— (map<Integer>
)Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
DocumentVersion
— (String
)The document version.
AutomationTargetParameterName
— (String
)Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
Parameters
— (map<Array<String>>
)A description of the parameters for a document.
AssociationId
— (String
)The association ID.
Targets
— (Array<map>
)The instances targeted by the request.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression
— (String
)A cron expression that specifies a schedule when the association runs.
OutputLocation
— (map
)An S3 bucket where you want to store the output details of the request.
S3Location
— (map
)An S3 bucket where you want to store the results of this request.
OutputS3Region
— (String
)The Amazon Web Services Region of the S3 bucket.
OutputS3BucketName
— (String
)The name of the S3 bucket.
OutputS3KeyPrefix
— (String
)The S3 bucket subfolder.
LastExecutionDate
— (Date
)The date on which the association was last run.
LastSuccessfulExecutionDate
— (Date
)The last date on which the association was successfully run.
AssociationName
— (String
)The association name.
MaxErrors
— (String
)The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time.MaxConcurrency
— (String
)The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified forMaxConcurrency
.ComplianceSeverity
— (String
)The severity level that is assigned to the association.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"UNSPECIFIED"
SyncCompliance
— (String
)The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
Possible values include:AUTO
mode."AUTO"
"MANUAL"
ApplyOnlyAtCronInterval
— (Boolean
)By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames
— (Array<String>
)The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
TargetLocations
— (Array<map>
)The combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
-
(AWS.Response)
—
Returns:
createAssociationBatch(params = {}, callback) ⇒ AWS.Request
Associates the specified Amazon Web Services Systems Manager document (SSM document) with the specified instances or targets.
When you associate a document with one or more instances using instance IDs or tags, Amazon Web Services Systems Manager Agent (SSM Agent) running on the instance processes the document and configures the instance as specified.
If you associate a document with an instance that already has an associated document, the system returns the AssociationAlreadyExists exception.
Service Reference:
Examples:
Calling the createAssociationBatch operation
var params = { Entries: [ /* required */ { Name: 'STRING_VALUE', /* required */ ApplyOnlyAtCronInterval: true || false, AssociationName: 'STRING_VALUE', AutomationTargetParameterName: 'STRING_VALUE', CalendarNames: [ 'STRING_VALUE', /* more items */ ], ComplianceSeverity: CRITICAL | HIGH | MEDIUM | LOW | UNSPECIFIED, DocumentVersion: 'STRING_VALUE', InstanceId: 'STRING_VALUE', MaxConcurrency: 'STRING_VALUE', MaxErrors: 'STRING_VALUE', OutputLocation: { S3Location: { OutputS3BucketName: 'STRING_VALUE', OutputS3KeyPrefix: 'STRING_VALUE', OutputS3Region: 'STRING_VALUE' } }, Parameters: { '<ParameterName>': [ 'STRING_VALUE', /* more items */ ], /* '<ParameterName>': ... */ }, ScheduleExpression: 'STRING_VALUE', SyncCompliance: AUTO | MANUAL, TargetLocations: [ { Accounts: [ 'STRING_VALUE', /* more items */ ], ExecutionRoleName: 'STRING_VALUE', Regions: [ 'STRING_VALUE', /* more items */ ], TargetLocationMaxConcurrency: 'STRING_VALUE', TargetLocationMaxErrors: 'STRING_VALUE' }, /* more items */ ], Targets: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }, /* more items */ ] }; ssm.createAssociationBatch(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Entries
— (Array<map>
)One or more associations.
Name
— required — (String
)The name of the SSM document that contains the configuration information for the instance. You can specify Command or Automation runbooks.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.
For SSM documents that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:
arn:aws:ssm:region:account-id:document/document-name
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example,
AWS-ApplyPatchBaseline
orMy-Document
.InstanceId
— (String
)The instance ID.
Note:InstanceId
has been deprecated. To specify an instance ID for an association, use theTargets
parameter. Requests that include the parameterInstanceID
with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameterInstanceId
, you can't use the parametersAssociationName
,DocumentVersion
,MaxErrors
,MaxConcurrency
,OutputLocation
, orScheduleExpression
. To use these parameters, you must use theTargets
parameter.Parameters
— (map<Array<String>>
)A description of the parameters for a document.
AutomationTargetParameterName
— (String
)Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
DocumentVersion
— (String
)The document version.
Targets
— (Array<map>
)The instances targeted by the request.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression
— (String
)A cron expression that specifies a schedule when the association runs.
OutputLocation
— (map
)An S3 bucket where you want to store the results of this request.
S3Location
— (map
)An S3 bucket where you want to store the results of this request.
OutputS3Region
— (String
)The Amazon Web Services Region of the S3 bucket.
OutputS3BucketName
— (String
)The name of the S3 bucket.
OutputS3KeyPrefix
— (String
)The S3 bucket subfolder.
AssociationName
— (String
)Specify a descriptive name for the association.
MaxErrors
— (String
)The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time.MaxConcurrency
— (String
)The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified forMaxConcurrency
.ComplianceSeverity
— (String
)The severity level to assign to the association.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"UNSPECIFIED"
SyncCompliance
— (String
)The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
Possible values include:AUTO
mode."AUTO"
"MANUAL"
ApplyOnlyAtCronInterval
— (Boolean
)By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames
— (Array<String>
)The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
TargetLocations
— (Array<map>
)Use this action to create an association in multiple Regions and multiple accounts.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Successful
— (Array<map>
)Information about the associations that succeeded.
Name
— (String
)The name of the SSM document.
InstanceId
— (String
)The instance ID.
AssociationVersion
— (String
)The association version.
Date
— (Date
)The date when the association was made.
LastUpdateAssociationDate
— (Date
)The date when the association was last updated.
Status
— (map
)The association status.
Date
— required — (Date
)The date when the status changed.
Name
— required — (String
)The status.
Possible values include:"Pending"
"Success"
"Failed"
Message
— required — (String
)The reason for the status.
AdditionalInfo
— (String
)A user-defined string.
Overview
— (map
)Information about the association.
Status
— (String
)The status of the association. Status can be: Pending, Success, or Failed.
DetailedStatus
— (String
)A detailed status of the association.
AssociationStatusAggregatedCount
— (map<Integer>
)Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
DocumentVersion
— (String
)The document version.
AutomationTargetParameterName
— (String
)Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
Parameters
— (map<Array<String>>
)A description of the parameters for a document.
AssociationId
— (String
)The association ID.
Targets
— (Array<map>
)The instances targeted by the request.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression
— (String
)A cron expression that specifies a schedule when the association runs.
OutputLocation
— (map
)An S3 bucket where you want to store the output details of the request.
S3Location
— (map
)An S3 bucket where you want to store the results of this request.
OutputS3Region
— (String
)The Amazon Web Services Region of the S3 bucket.
OutputS3BucketName
— (String
)The name of the S3 bucket.
OutputS3KeyPrefix
— (String
)The S3 bucket subfolder.
LastExecutionDate
— (Date
)The date on which the association was last run.
LastSuccessfulExecutionDate
— (Date
)The last date on which the association was successfully run.
AssociationName
— (String
)The association name.
MaxErrors
— (String
)The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time.MaxConcurrency
— (String
)The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified forMaxConcurrency
.ComplianceSeverity
— (String
)The severity level that is assigned to the association.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"UNSPECIFIED"
SyncCompliance
— (String
)The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
Possible values include:AUTO
mode."AUTO"
"MANUAL"
ApplyOnlyAtCronInterval
— (Boolean
)By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames
— (Array<String>
)The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
TargetLocations
— (Array<map>
)The combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
Failed
— (Array<map>
)Information about the associations that failed.
Entry
— (map
)The association.
Name
— required — (String
)The name of the SSM document that contains the configuration information for the instance. You can specify Command or Automation runbooks.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.
For SSM documents that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:
arn:aws:ssm:region:account-id:document/document-name
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example,
AWS-ApplyPatchBaseline
orMy-Document
.InstanceId
— (String
)The instance ID.
Note:InstanceId
has been deprecated. To specify an instance ID for an association, use theTargets
parameter. Requests that include the parameterInstanceID
with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameterInstanceId
, you can't use the parametersAssociationName
,DocumentVersion
,MaxErrors
,MaxConcurrency
,OutputLocation
, orScheduleExpression
. To use these parameters, you must use theTargets
parameter.Parameters
— (map<Array<String>>
)A description of the parameters for a document.
AutomationTargetParameterName
— (String
)Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
DocumentVersion
— (String
)The document version.
Targets
— (Array<map>
)The instances targeted by the request.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression
— (String
)A cron expression that specifies a schedule when the association runs.
OutputLocation
— (map
)An S3 bucket where you want to store the results of this request.
S3Location
— (map
)An S3 bucket where you want to store the results of this request.
OutputS3Region
— (String
)The Amazon Web Services Region of the S3 bucket.
OutputS3BucketName
— (String
)The name of the S3 bucket.
OutputS3KeyPrefix
— (String
)The S3 bucket subfolder.
AssociationName
— (String
)Specify a descriptive name for the association.
MaxErrors
— (String
)The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time.MaxConcurrency
— (String
)The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified forMaxConcurrency
.ComplianceSeverity
— (String
)The severity level to assign to the association.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"UNSPECIFIED"
SyncCompliance
— (String
)The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
Possible values include:AUTO
mode."AUTO"
"MANUAL"
ApplyOnlyAtCronInterval
— (Boolean
)By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames
— (Array<String>
)The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
TargetLocations
— (Array<map>
)Use this action to create an association in multiple Regions and multiple accounts.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
Message
— (String
)A description of the failure.
Fault
— (String
)The source of the failure.
Possible values include:"Client"
"Server"
"Unknown"
-
(AWS.Response)
—
Returns:
createDocument(params = {}, callback) ⇒ AWS.Request
Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs on your managed instances. For more information about SSM documents, including information about supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the Amazon Web Services Systems Manager User Guide.
Service Reference:
Examples:
Calling the createDocument operation
var params = { Content: 'STRING_VALUE', /* required */ Name: 'STRING_VALUE', /* required */ Attachments: [ { Key: SourceUrl | S3FileUrl | AttachmentReference, Name: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], DisplayName: 'STRING_VALUE', DocumentFormat: YAML | JSON | TEXT, DocumentType: Command | Policy | Automation | Session | Package | ApplicationConfiguration | ApplicationConfigurationSchema | DeploymentStrategy | ChangeCalendar | Automation.ChangeTemplate | ProblemAnalysis | ProblemAnalysisTemplate, Requires: [ { Name: 'STRING_VALUE', /* required */ Version: 'STRING_VALUE' }, /* more items */ ], Tags: [ { Key: 'STRING_VALUE', /* required */ Value: 'STRING_VALUE' /* required */ }, /* more items */ ], TargetType: 'STRING_VALUE', VersionName: 'STRING_VALUE' }; ssm.createDocument(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Content
— (String
)The content for the new SSM document in JSON or YAML format. We recommend storing the contents for your new document in an external JSON or YAML file and referencing the file in a command.
For examples, see the following topics in the Amazon Web Services Systems Manager User Guide.
Requires
— (Array<map>
)A list of SSM documents required by a document. This parameter is used exclusively by AppConfig. When a user creates an AppConfig configuration in an SSM document, the user must also specify a required document for validation purposes. In this case, an
ApplicationConfiguration
document requires anApplicationConfigurationSchema
document for validation purposes. For more information, see What is AppConfig? in the AppConfig User Guide.Name
— required — (String
)The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version
— (String
)The document version required by the current document.
Attachments
— (Array<map>
)A list of key-value pairs that describe attachments to a version of a document.
Key
— (String
)The key of a key-value pair that identifies the location of an attachment to a document.
Possible values include:"SourceUrl"
"S3FileUrl"
"AttachmentReference"
Values
— (Array<String>
)The value of a key-value pair that identifies the location of an attachment to a document. The format for Value depends on the type of key you specify.
-
For the key SourceUrl, the value is an S3 bucket location. For example:
"Values": [ "s3://doc-example-bucket/my-folder" ]
-
For the key S3FileUrl, the value is a file in an S3 bucket. For example:
"Values": [ "s3://doc-example-bucket/my-folder/my-file.py" ]
-
For the key AttachmentReference, the value is constructed from the name of another SSM document in your account, a version number of that document, and a file attached to that document version that you want to reuse. For example:
"Values": [ "MyOtherDocument/3/my-other-file.py" ]
However, if the SSM document is shared with you from another account, the full SSM document ARN must be specified instead of the document name only. For example:
"Values": [ "arn:aws:ssm:us-east-2:111122223333:document/OtherAccountDocument/3/their-file.py" ]
-
Name
— (String
)The name of the document attachment file.
Name
— (String
)A name for the SSM document.
You can't use the following strings as document name prefixes. These are reserved by Amazon Web Services for use as document name prefixes:
-
aws-
-
amazon
-
amzn
-
DisplayName
— (String
)An optional field where you can specify a friendly name for the SSM document. This value can differ for each version of the document. You can update this value at a later time using the UpdateDocument operation.
VersionName
— (String
)An optional field specifying the version of the artifact you are creating with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document, and can't be changed.
DocumentType
— (String
)The type of document to create.
Possible values include:"Command"
"Policy"
"Automation"
"Session"
"Package"
"ApplicationConfiguration"
"ApplicationConfigurationSchema"
"DeploymentStrategy"
"ChangeCalendar"
"Automation.ChangeTemplate"
"ProblemAnalysis"
"ProblemAnalysisTemplate"
DocumentFormat
— (String
)Specify the document format for the request. The document format can be JSON, YAML, or TEXT. JSON is the default format.
Possible values include:"YAML"
"JSON"
"TEXT"
TargetType
— (String
)Specify a target type to define the kinds of resources the document can run on. For example, to run a document on EC2 instances, specify the following value:
/AWS::EC2::Instance
. If you specify a value of '/' the document can run on all types of resources. If you don't specify a value, the document can't run on any resources. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.Tags
— (Array<map>
)Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an SSM document to identify the types of targets or the environment where it will run. In this case, you could specify the following key-value pairs:
-
Key=OS,Value=Windows
-
Key=Environment,Value=Production
Note: To add tags to an existing SSM document, use the AddTagsToResource operation.Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
-
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:DocumentDescription
— (map
)Information about the SSM document.
Sha1
— (String
)The SHA1 hash of the document, which you can use for verification.
Hash
— (String
)The Sha256 or Sha1 hash created by the system when the document was created.
Note: Sha1 hashes have been deprecated.HashType
— (String
)The hash type of the document. Valid values include
Sha256
orSha1
.Note: Sha1 hashes have been deprecated.Possible values include:"Sha256"
"Sha1"
Name
— (String
)The name of the SSM document.
DisplayName
— (String
)The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.
VersionName
— (String
)The version of the artifact associated with the document.
Owner
— (String
)The Amazon Web Services user account that created the document.
CreatedDate
— (Date
)The date when the document was created.
Status
— (String
)The status of the SSM document.
Possible values include:"Creating"
"Active"
"Updating"
"Deleting"
"Failed"
StatusInformation
— (String
)A message returned by Amazon Web Services Systems Manager that explains the
Status
value. For example, aFailed
status might be explained by theStatusInformation
message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."DocumentVersion
— (String
)The document version.
Description
— (String
)A description of the document.
Parameters
— (Array<map>
)A description of the parameters for a document.
Name
— (String
)The name of the parameter.
Type
— (String
)The type of parameter. The type can be either String or StringList.
Possible values include:"String"
"StringList"
Description
— (String
)A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.
DefaultValue
— (String
)If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.
PlatformTypes
— (Array<String>
)The list of OS platforms compatible with this SSM document.
DocumentType
— (String
)The type of document.
Possible values include:"Command"
"Policy"
"Automation"
"Session"
"Package"
"ApplicationConfiguration"
"ApplicationConfigurationSchema"
"DeploymentStrategy"
"ChangeCalendar"
"Automation.ChangeTemplate"
"ProblemAnalysis"
"ProblemAnalysisTemplate"
SchemaVersion
— (String
)The schema version.
LatestVersion
— (String
)The latest version of the document.
DefaultVersion
— (String
)The default version.
DocumentFormat
— (String
)The document format, either JSON or YAML.
Possible values include:"YAML"
"JSON"
"TEXT"
TargetType
— (String
)The target type which defines the kinds of resources the document can run on. For example,
/AWS::EC2::Instance
. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.Tags
— (Array<map>
)The tags, or metadata, that have been applied to the document.
Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
AttachmentsInformation
— (Array<map>
)Details about the document attachments, including names, locations, sizes, and so on.
Name
— (String
)The name of the attachment.
Requires
— (Array<map>
)A list of SSM documents required by a document. For example, an
ApplicationConfiguration
document requires anApplicationConfigurationSchema
document.Name
— required — (String
)The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version
— (String
)The document version required by the current document.
Author
— (String
)The user in your organization who created the document.
ReviewInformation
— (Array<map>
)Details about the review of a document.
ReviewedTime
— (Date
)The time that the reviewer took action on the document review request.
Status
— (String
)The current status of the document review request.
Possible values include:"APPROVED"
"NOT_REVIEWED"
"PENDING"
"REJECTED"
Reviewer
— (String
)The reviewer assigned to take action on the document review request.
ApprovedVersion
— (String
)The version of the document currently approved for use in the organization.
PendingReviewVersion
— (String
)The version of the document that is currently under review.
ReviewStatus
— (String
)The current status of the review.
Possible values include:"APPROVED"
"NOT_REVIEWED"
"PENDING"
"REJECTED"
-
(AWS.Response)
—
Returns:
createMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Creates a new maintenance window.
Note: The value you specify forDuration
determines the specific end time for the maintenance window based on the time it begins. No maintenance window tasks are permitted to start after the resulting endtime minus the number of hours you specify forCutoff
. For example, if the maintenance window starts at 3 PM, the duration is three hours, and the value you specify forCutoff
is one hour, no maintenance window tasks can start after 5 PM.Service Reference:
Examples:
Calling the createMaintenanceWindow operation
var params = { AllowUnassociatedTargets: true || false, /* required */ Cutoff: 'NUMBER_VALUE', /* required */ Duration: 'NUMBER_VALUE', /* required */ Name: 'STRING_VALUE', /* required */ Schedule: 'STRING_VALUE', /* required */ ClientToken: 'STRING_VALUE', Description: 'STRING_VALUE', EndDate: 'STRING_VALUE', ScheduleOffset: 'NUMBER_VALUE', ScheduleTimezone: 'STRING_VALUE', StartDate: 'STRING_VALUE', Tags: [ { Key: 'STRING_VALUE', /* required */ Value: 'STRING_VALUE' /* required */ }, /* more items */ ] }; ssm.createMaintenanceWindow(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the maintenance window.
Description
— (String
)An optional description for the maintenance window. We recommend specifying a description to help you organize your maintenance windows.
StartDate
— (String
)The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become active.
StartDate
allows you to delay activation of the maintenance window until the specified future date.EndDate
— (String
)The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become inactive.
EndDate
allows you to set a date and time in the future when the maintenance window will no longer run.Schedule
— (String
)The schedule of the maintenance window in the form of a cron or rate expression.
ScheduleTimezone
— (String
)The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
ScheduleOffset
— (Integer
)The number of days to wait after the date and time specified by a cron expression before running the maintenance window.
For example, the following cron expression schedules a maintenance window to run on the third Tuesday of every month at 11:30 PM.
cron(30 23 ? * TUE#3 *)
If the schedule offset is
2
, the maintenance window won't run until two days later.Duration
— (Integer
)The duration of the maintenance window in hours.
Cutoff
— (Integer
)The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
AllowUnassociatedTargets
— (Boolean
)Enables a maintenance window task to run on managed instances, even if you haven't registered those instances as targets. If enabled, then you must specify the unregistered instances (by instance ID) when you register a task with the maintenance window.
If you don't enable this option, then you must specify previously-registered targets when you register a task with the maintenance window.
ClientToken
— (String
)User-provided idempotency token.
If a token is not provided, the SDK will use a version 4 UUID.Tags
— (Array<map>
)Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a maintenance window to identify the type of tasks it will run, the types of targets, and the environment it will run in. In this case, you could specify the following key-value pairs:
-
Key=TaskType,Value=AgentUpdate
-
Key=OS,Value=Windows
-
Key=Environment,Value=Production
Note: To add tags to an existing maintenance window, use the AddTagsToResource operation.Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
-
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowId
— (String
)The ID of the created maintenance window.
-
(AWS.Response)
—
Returns:
createOpsItem(params = {}, callback) ⇒ AWS.Request
Creates a new OpsItem. You must have permission in Identity and Access Management (IAM) to create a new OpsItem. For more information, see Getting started with OpsCenter in the Amazon Web Services Systems Manager User Guide.
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.
Service Reference:
Examples:
Calling the createOpsItem operation
var params = { Description: 'STRING_VALUE', /* required */ Source: 'STRING_VALUE', /* required */ Title: 'STRING_VALUE', /* required */ ActualEndTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789, ActualStartTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789, Category: 'STRING_VALUE', Notifications: [ { Arn: 'STRING_VALUE' }, /* more items */ ], OperationalData: { '<OpsItemDataKey>': { Type: SearchableString | String, Value: 'STRING_VALUE' }, /* '<OpsItemDataKey>': ... */ }, OpsItemType: 'STRING_VALUE', PlannedEndTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789, PlannedStartTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789, Priority: 'NUMBER_VALUE', RelatedOpsItems: [ { OpsItemId: 'STRING_VALUE' /* required */ }, /* more items */ ], Severity: 'STRING_VALUE', Tags: [ { Key: 'STRING_VALUE', /* required */ Value: 'STRING_VALUE' /* required */ }, /* more items */ ] }; ssm.createOpsItem(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Description
— (String
)Information about the OpsItem.
OpsItemType
— (String
)The type of OpsItem to create. Currently, the only valid values are
/aws/changerequest
and/aws/issue
.OperationalData
— (map<map>
)Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.
Operational data keys can't begin with the following:
amazon
,aws
,amzn
,ssm
,/amazon
,/aws
,/amzn
,/ssm
.You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).
Use the
/aws/resources
key in OperationalData to specify a related resource in the request. Use the/aws/automations
key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Creating OpsItems manually in the Amazon Web Services Systems Manager User Guide.Value
— (String
)The value of the OperationalData key.
Type
— (String
)The type of key-value pair. Valid types include
Possible values include:SearchableString
andString
."SearchableString"
"String"
Notifications
— (Array<map>
)The Amazon Resource Name (ARN) of an SNS topic where notifications are sent when this OpsItem is edited or changed.
Arn
— (String
)The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.
Priority
— (Integer
)The importance of this OpsItem in relation to other OpsItems in the system.
RelatedOpsItems
— (Array<map>
)One or more OpsItems that share something in common with the current OpsItems. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
OpsItemId
— required — (String
)The ID of an OpsItem related to the current OpsItem.
Source
— (String
)The origin of the OpsItem, such as Amazon EC2 or Systems Manager.
Note: The source name can't contain the following strings:aws
,amazon
, andamzn
.Title
— (String
)A short heading that describes the nature of the OpsItem and the impacted resource.
Tags
— (Array<map>
)Optional metadata that you assign to a resource. You can restrict access to OpsItems by using an inline IAM policy that specifies tags. For more information, see Getting started with OpsCenter in the Amazon Web Services Systems Manager User Guide.
Tags use a key-value pair. For example:
Key=Department,Value=Finance
To add tags to a new OpsItem, a user must have IAM permissions for both the
ssm:CreateOpsItems
operation and thessm:AddTagsToResource
operation. To add tags to an existing OpsItem, use the AddTagsToResource operation.Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
Category
— (String
)Specify a category to assign to an OpsItem.
Severity
— (String
)Specify a severity to assign to an OpsItem.
ActualStartTime
— (Date
)The time a runbook workflow started. Currently reported only for the OpsItem type
/aws/changerequest
.ActualEndTime
— (Date
)The time a runbook workflow ended. Currently reported only for the OpsItem type
/aws/changerequest
.PlannedStartTime
— (Date
)The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type
/aws/changerequest
.PlannedEndTime
— (Date
)The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type
/aws/changerequest
.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:OpsItemId
— (String
)The ID of the OpsItem.
-
(AWS.Response)
—
Returns:
createOpsMetadata(params = {}, callback) ⇒ AWS.Request
If you create a new application in Application Manager, Amazon Web Services Systems Manager calls this API operation to specify information about the new application, including the application type.
Service Reference:
Examples:
Calling the createOpsMetadata operation
var params = { ResourceId: 'STRING_VALUE', /* required */ Metadata: { '<MetadataKey>': { Value: 'STRING_VALUE' }, /* '<MetadataKey>': ... */ }, Tags: [ { Key: 'STRING_VALUE', /* required */ Value: 'STRING_VALUE' /* required */ }, /* more items */ ] }; ssm.createOpsMetadata(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
ResourceId
— (String
)A resource ID for a new Application Manager application.
Metadata
— (map<map>
)Metadata for a new Application Manager application.
Value
— (String
)Metadata value to assign to an Application Manager application.
Tags
— (Array<map>
)Optional metadata that you assign to a resource. You can specify a maximum of five tags for an OpsMetadata object. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an OpsMetadata object to identify an environment or target Amazon Web Services Region. In this case, you could specify the following key-value pairs:
-
Key=Environment,Value=Production
-
Key=Region,Value=us-east-2
Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
-
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:OpsMetadataArn
— (String
)The Amazon Resource Name (ARN) of the OpsMetadata Object or blob created by the call.
-
(AWS.Response)
—
Returns:
createPatchBaseline(params = {}, callback) ⇒ AWS.Request
Creates a patch baseline.
Note: For information about valid key-value pairs inPatchFilters
for each supported operating system type, see PatchFilter.Service Reference:
Examples:
Calling the createPatchBaseline operation
var params = { Name: 'STRING_VALUE', /* required */ ApprovalRules: { PatchRules: [ /* required */ { PatchFilterGroup: { /* required */ PatchFilters: [ /* required */ { Key: ARCH | ADVISORY_ID | BUGZILLA_ID | PATCH_SET | PRODUCT | PRODUCT_FAMILY | CLASSIFICATION | CVE_ID | EPOCH | MSRC_SEVERITY | NAME | PATCH_ID | SECTION | PRIORITY | REPOSITORY | RELEASE | SEVERITY | SECURITY | VERSION, /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }, ApproveAfterDays: 'NUMBER_VALUE', ApproveUntilDate: 'STRING_VALUE', ComplianceLevel: CRITICAL | HIGH | MEDIUM | LOW | INFORMATIONAL | UNSPECIFIED, EnableNonSecurity: true || false }, /* more items */ ] }, ApprovedPatches: [ 'STRING_VALUE', /* more items */ ], ApprovedPatchesComplianceLevel: CRITICAL | HIGH | MEDIUM | LOW | INFORMATIONAL | UNSPECIFIED, ApprovedPatchesEnableNonSecurity: true || false, ClientToken: 'STRING_VALUE', Description: 'STRING_VALUE', GlobalFilters: { PatchFilters: [ /* required */ { Key: ARCH | ADVISORY_ID | BUGZILLA_ID | PATCH_SET | PRODUCT | PRODUCT_FAMILY | CLASSIFICATION | CVE_ID | EPOCH | MSRC_SEVERITY | NAME | PATCH_ID | SECTION | PRIORITY | REPOSITORY | RELEASE | SEVERITY | SECURITY | VERSION, /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }, OperatingSystem: WINDOWS | AMAZON_LINUX | AMAZON_LINUX_2 | UBUNTU | REDHAT_ENTERPRISE_LINUX | SUSE | CENTOS | ORACLE_LINUX | DEBIAN | MACOS, RejectedPatches: [ 'STRING_VALUE', /* more items */ ], RejectedPatchesAction: ALLOW_AS_DEPENDENCY | BLOCK, Sources: [ { Configuration: 'STRING_VALUE', /* required */ Name: 'STRING_VALUE', /* required */ Products: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], Tags: [ { Key: 'STRING_VALUE', /* required */ Value: 'STRING_VALUE' /* required */ }, /* more items */ ] }; ssm.createPatchBaseline(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
OperatingSystem
— (String
)Defines the operating system the patch baseline applies to. The default value is
Possible values include:WINDOWS
."WINDOWS"
"AMAZON_LINUX"
"AMAZON_LINUX_2"
"UBUNTU"
"REDHAT_ENTERPRISE_LINUX"
"SUSE"
"CENTOS"
"ORACLE_LINUX"
"DEBIAN"
"MACOS"
Name
— (String
)The name of the patch baseline.
GlobalFilters
— (map
)A set of global filters used to include patches in the baseline.
PatchFilters
— required — (Array<map>
)The set of patch filters that make up the group.
Key
— required — (String
)The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
Possible values include:"ARCH"
"ADVISORY_ID"
"BUGZILLA_ID"
"PATCH_SET"
"PRODUCT"
"PRODUCT_FAMILY"
"CLASSIFICATION"
"CVE_ID"
"EPOCH"
"MSRC_SEVERITY"
"NAME"
"PATCH_ID"
"SECTION"
"PRIORITY"
"REPOSITORY"
"RELEASE"
"SEVERITY"
"SECURITY"
"VERSION"
Values
— required — (Array<String>
)The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
ApprovalRules
— (map
)A set of rules used to include patches in the baseline.
PatchRules
— required — (Array<map>
)The rules that make up the rule group.
PatchFilterGroup
— required — (map
)The patch filter group that defines the criteria for the rule.
PatchFilters
— required — (Array<map>
)The set of patch filters that make up the group.
Key
— required — (String
)The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
Possible values include:"ARCH"
"ADVISORY_ID"
"BUGZILLA_ID"
"PATCH_SET"
"PRODUCT"
"PRODUCT_FAMILY"
"CLASSIFICATION"
"CVE_ID"
"EPOCH"
"MSRC_SEVERITY"
"NAME"
"PATCH_ID"
"SECTION"
"PRIORITY"
"REPOSITORY"
"RELEASE"
"SEVERITY"
"SECURITY"
"VERSION"
Values
— required — (Array<String>
)The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
ComplianceLevel
— (String
)A compliance severity level for all approved patches in a patch baseline.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"INFORMATIONAL"
"UNSPECIFIED"
ApproveAfterDays
— (Integer
)The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7
means that patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu Server.ApproveUntilDate
— (String
)The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
Enter dates in the format
YYYY-MM-DD
. For example,2021-12-31
.EnableNonSecurity
— (Boolean
)For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false
. Applies to Linux instances only.
ApprovedPatches
— (Array<String>
)A list of explicitly approved patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
ApprovedPatchesComplianceLevel
— (String
)Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is
Possible values include:UNSPECIFIED
."CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"INFORMATIONAL"
"UNSPECIFIED"
ApprovedPatchesEnableNonSecurity
— (Boolean
)Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is
false
. Applies to Linux instances only.RejectedPatches
— (Array<String>
)A list of explicitly rejected patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
RejectedPatchesAction
— (String
)The action for Patch Manager to take on patches included in the
RejectedPackages
list.-
ALLOW_AS_DEPENDENCY
: A package in theRejected
patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported asInstalledOther
. This is the default action if no option is specified. -
BLOCK
: Packages in theRejectedPatches
list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported asInstalledRejected
.
"ALLOW_AS_DEPENDENCY"
"BLOCK"
-
Description
— (String
)A description of the patch baseline.
Sources
— (Array<map>
)Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
Name
— required — (String
)The name specified to identify the patch source.
Products
— required — (Array<String>
)The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
Configuration
— required — (String
)The value of the yum repo configuration. For example:
[main]
name=MyCustomRepository
baseurl=https://my-custom-repository
enabled=1
Note: For information about other options available for your yum repository configuration, see dnf.conf(5).
ClientToken
— (String
)User-provided idempotency token.
If a token is not provided, the SDK will use a version 4 UUID.Tags
— (Array<map>
)Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to. In this case, you could specify the following key-value pairs:
-
Key=PatchSeverity,Value=Critical
-
Key=OS,Value=Windows
Note: To add tags to an existing patch baseline, use the AddTagsToResource operation.Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
-
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:BaselineId
— (String
)The ID of the created patch baseline.
-
(AWS.Response)
—
Returns:
createResourceDataSync(params = {}, callback) ⇒ AWS.Request
A resource data sync helps you view data from multiple sources in a single location. Amazon Web Services Systems Manager offers two types of resource data sync:
SyncToDestination
andSyncFromSource
.You can configure Systems Manager Inventory to use the
SyncToDestination
type to synchronize Inventory data from multiple Amazon Web Services Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Configuring resource data sync for Inventory in the Amazon Web Services Systems Manager User Guide.You can configure Systems Manager Explorer to use the
SyncFromSource
type to synchronize operational work items (OpsItems) and operational data (OpsData) from multiple Amazon Web Services Regions to a single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple Amazon Web Services accounts and Amazon Web Services Regions orEntireOrganization
by using Organizations. For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the Amazon Web Services Systems Manager User Guide.A resource data sync is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data. To check the status of a sync, use the ListResourceDataSync.
Note: By default, data isn't encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy.Service Reference:
Examples:
Calling the createResourceDataSync operation
var params = { SyncName: 'STRING_VALUE', /* required */ S3Destination: { BucketName: 'STRING_VALUE', /* required */ Region: 'STRING_VALUE', /* required */ SyncFormat: JsonSerDe, /* required */ AWSKMSKeyARN: 'STRING_VALUE', DestinationDataSharing: { DestinationDataSharingType: 'STRING_VALUE' }, Prefix: 'STRING_VALUE' }, SyncSource: { SourceRegions: [ /* required */ 'STRING_VALUE', /* more items */ ], SourceType: 'STRING_VALUE', /* required */ AwsOrganizationsSource: { OrganizationSourceType: 'STRING_VALUE', /* required */ OrganizationalUnits: [ { OrganizationalUnitId: 'STRING_VALUE' }, /* more items */ ] }, EnableAllOpsDataSources: true || false, IncludeFutureRegions: true || false }, SyncType: 'STRING_VALUE' }; ssm.createResourceDataSync(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
SyncName
— (String
)A name for the configuration.
S3Destination
— (map
)Amazon S3 configuration details for the sync. This parameter is required if the
SyncType
value is SyncToDestination.BucketName
— required — (String
)The name of the S3 bucket where the aggregated data is stored.
Prefix
— (String
)An Amazon S3 prefix for the bucket.
SyncFormat
— required — (String
)A supported sync format. The following format is currently supported: JsonSerDe
Possible values include:"JsonSerDe"
Region
— required — (String
)The Amazon Web Services Region with the S3 bucket targeted by the resource data sync.
AWSKMSKeyARN
— (String
)The ARN of an encryption key for a destination in Amazon S3. Must belong to the same Region as the destination S3 bucket.
DestinationDataSharing
— (map
)Enables destination data sharing. By default, this field is
null
.DestinationDataSharingType
— (String
)The sharing data type. Only
Organization
is supported.
SyncType
— (String
)Specify
SyncToDestination
to create a resource data sync that synchronizes data to an S3 bucket for Inventory. If you specifySyncToDestination
, you must provide a value forS3Destination
. SpecifySyncFromSource
to synchronize data from a single account and multiple Regions, or multiple Amazon Web Services accounts and Amazon Web Services Regions, as listed in Organizations for Explorer. If you specifySyncFromSource
, you must provide a value forSyncSource
. The default value isSyncToDestination
.SyncSource
— (map
)Specify information about the data sources to synchronize. This parameter is required if the
SyncType
value is SyncFromSource.SourceType
— required — (String
)The type of data source for the resource data sync.
SourceType
is eitherAwsOrganizations
(if an organization is present in Organizations) orSingleAccountMultiRegions
.AwsOrganizationsSource
— (map
)Information about the
AwsOrganizationsSource
resource data sync source. A sync source of this type can synchronize data from Organizations.OrganizationSourceType
— required — (String
)If an Amazon Web Services organization is present, this is either
OrganizationalUnits
orEntireOrganization
. ForOrganizationalUnits
, the data is aggregated from a set of organization units. ForEntireOrganization
, the data is aggregated from the entire Amazon Web Services organization.OrganizationalUnits
— (Array<map>
)The Organizations organization units included in the sync.
OrganizationalUnitId
— (String
)The Organizations unit ID data source for the sync.
SourceRegions
— required — (Array<String>
)The
SyncSource
Amazon Web Services Regions included in the resource data sync.IncludeFutureRegions
— (Boolean
)Whether to automatically synchronize and aggregate data from new Amazon Web Services Regions when those Regions come online.
EnableAllOpsDataSources
— (Boolean
)When you create a resource data sync, if you choose one of the Organizations options, then Systems Manager automatically enables all OpsData sources in the selected Amazon Web Services Regions for all Amazon Web Services accounts in your organization (or in the selected organization units). For more information, see About multiple account and Region resource data syncs in the Amazon Web Services Systems Manager User Guide.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
deleteActivation(params = {}, callback) ⇒ AWS.Request
Deletes an activation. You aren't required to delete an activation. If you delete an activation, you can no longer use it to register additional managed instances. Deleting an activation doesn't de-register managed instances. You must manually de-register managed instances.
Service Reference:
Examples:
Calling the deleteActivation operation
var params = { ActivationId: 'STRING_VALUE' /* required */ }; ssm.deleteActivation(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
ActivationId
— (String
)The ID of the activation that you want to delete.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
deleteAssociation(params = {}, callback) ⇒ AWS.Request
Disassociates the specified Amazon Web Services Systems Manager document (SSM document) from the specified instance. If you created the association by using the
Targets
parameter, then you must delete the association by using the association ID.When you disassociate a document from an instance, it doesn't change the configuration of the instance. To change the configuration state of an instance after you disassociate a document, you must create a new document with the desired configuration and associate it with the instance.
Service Reference:
Examples:
Calling the deleteAssociation operation
var params = { AssociationId: 'STRING_VALUE', InstanceId: 'STRING_VALUE', Name: 'STRING_VALUE' }; ssm.deleteAssociation(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the SSM document.
InstanceId
— (String
)The instance ID.
Note:InstanceId
has been deprecated. To specify an instance ID for an association, use theTargets
parameter. Requests that include the parameterInstanceID
with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameterInstanceId
, you can't use the parametersAssociationName
,DocumentVersion
,MaxErrors
,MaxConcurrency
,OutputLocation
, orScheduleExpression
. To use these parameters, you must use theTargets
parameter.AssociationId
— (String
)The association ID that you want to delete.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
deleteDocument(params = {}, callback) ⇒ AWS.Request
Deletes the Amazon Web Services Systems Manager document (SSM document) and all instance associations to the document.
Before you delete the document, we recommend that you use DeleteAssociation to disassociate all instances that are associated with the document.
Service Reference:
Examples:
Calling the deleteDocument operation
var params = { Name: 'STRING_VALUE', /* required */ DocumentVersion: 'STRING_VALUE', Force: true || false, VersionName: 'STRING_VALUE' }; ssm.deleteDocument(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the document.
DocumentVersion
— (String
)The version of the document that you want to delete. If not provided, all versions of the document are deleted.
VersionName
— (String
)The version name of the document that you want to delete. If not provided, all versions of the document are deleted.
Force
— (Boolean
)Some SSM document types require that you specify a
Force
flag before you can delete the document. For example, you must specify aForce
flag to delete a document of typeApplicationConfigurationSchema
. You can restrict access to theForce
flag in an Identity and Access Management (IAM) policy.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
deleteInventory(params = {}, callback) ⇒ AWS.Request
Delete a custom inventory type or the data associated with a custom Inventory type. Deleting a custom inventory type is also referred to as deleting a custom inventory schema.
Service Reference:
Examples:
Calling the deleteInventory operation
var params = { TypeName: 'STRING_VALUE', /* required */ ClientToken: 'STRING_VALUE', DryRun: true || false, SchemaDeleteOption: DisableSchema | DeleteSchema }; ssm.deleteInventory(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
TypeName
— (String
)The name of the custom inventory type for which you want to delete either all previously collected data or the inventory type itself.
SchemaDeleteOption
— (String
)Use the
SchemaDeleteOption
to delete a custom inventory type (schema). If you don't choose this option, the system only deletes existing inventory data associated with the custom inventory type. Choose one of the following options:DisableSchema: If you choose this option, the system ignores all inventory data for the specified version, and any earlier versions. To enable this schema again, you must call the
PutInventory
operation for a version greater than the disabled version.DeleteSchema: This option deletes the specified custom type from the Inventory service. You can recreate the schema later, if you want.
Possible values include:"DisableSchema"
"DeleteSchema"
DryRun
— (Boolean
)Use this option to view a summary of the deletion request without deleting any data or the data type. This option is useful when you only want to understand what will be deleted. Once you validate that the data to be deleted is what you intend to delete, you can run the same command without specifying the
DryRun
option.ClientToken
— (String
)User-provided idempotency token.
If a token is not provided, the SDK will use a version 4 UUID.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:DeletionId
— (String
)Every
DeleteInventory
operation is assigned a unique ID. This option returns a unique ID. You can use this ID to query the status of a delete operation. This option is useful for ensuring that a delete operation has completed before you begin other operations.TypeName
— (String
)The name of the inventory data type specified in the request.
DeletionSummary
— (map
)A summary of the delete operation. For more information about this summary, see Deleting custom inventory in the Amazon Web Services Systems Manager User Guide.
TotalCount
— (Integer
)The total number of items to delete. This count doesn't change during the delete operation.
RemainingCount
— (Integer
)Remaining number of items to delete.
SummaryItems
— (Array<map>
)A list of counts and versions for deleted items.
Version
— (String
)The inventory type version.
Count
— (Integer
)A count of the number of deleted items.
RemainingCount
— (Integer
)The remaining number of items to delete.
-
(AWS.Response)
—
Returns:
deleteMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Deletes a maintenance window.
Service Reference:
Examples:
Calling the deleteMaintenanceWindow operation
var params = { WindowId: 'STRING_VALUE' /* required */ }; ssm.deleteMaintenanceWindow(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowId
— (String
)The ID of the maintenance window to delete.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowId
— (String
)The ID of the deleted maintenance window.
-
(AWS.Response)
—
Returns:
deleteOpsMetadata(params = {}, callback) ⇒ AWS.Request
Delete OpsMetadata related to an application.
Service Reference:
Examples:
Calling the deleteOpsMetadata operation
var params = { OpsMetadataArn: 'STRING_VALUE' /* required */ }; ssm.deleteOpsMetadata(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
OpsMetadataArn
— (String
)The Amazon Resource Name (ARN) of an OpsMetadata Object to delete.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
deleteParameter(params = {}, callback) ⇒ AWS.Request
Delete a parameter from the system. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.
Service Reference:
Examples:
Calling the deleteParameter operation
var params = { Name: 'STRING_VALUE' /* required */ }; ssm.deleteParameter(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the parameter to delete.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
deleteParameters(params = {}, callback) ⇒ AWS.Request
Delete a list of parameters. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.
Service Reference:
Examples:
Calling the deleteParameters operation
var params = { Names: [ /* required */ 'STRING_VALUE', /* more items */ ] }; ssm.deleteParameters(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Names
— (Array<String>
)The names of the parameters to delete. After deleting a parameter, wait for at least 30 seconds to create a parameter with the same name.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:DeletedParameters
— (Array<String>
)The names of the deleted parameters.
InvalidParameters
— (Array<String>
)The names of parameters that weren't deleted because the parameters aren't valid.
-
(AWS.Response)
—
Returns:
deletePatchBaseline(params = {}, callback) ⇒ AWS.Request
Deletes a patch baseline.
Service Reference:
Examples:
Calling the deletePatchBaseline operation
var params = { BaselineId: 'STRING_VALUE' /* required */ }; ssm.deletePatchBaseline(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
BaselineId
— (String
)The ID of the patch baseline to delete.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:BaselineId
— (String
)The ID of the deleted patch baseline.
-
(AWS.Response)
—
Returns:
deleteResourceDataSync(params = {}, callback) ⇒ AWS.Request
Deletes a resource data sync configuration. After the configuration is deleted, changes to data on managed instances are no longer synced to or from the target. Deleting a sync configuration doesn't delete data.
Service Reference:
Examples:
Calling the deleteResourceDataSync operation
var params = { SyncName: 'STRING_VALUE', /* required */ SyncType: 'STRING_VALUE' }; ssm.deleteResourceDataSync(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
SyncName
— (String
)The name of the configuration to delete.
SyncType
— (String
)Specify the type of resource data sync to delete.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
deregisterManagedInstance(params = {}, callback) ⇒ AWS.Request
Removes the server or virtual machine from the list of registered servers. You can reregister the instance again at any time. If you don't plan to use Run Command on the server, we suggest uninstalling SSM Agent first.
Service Reference:
Examples:
Calling the deregisterManagedInstance operation
var params = { InstanceId: 'STRING_VALUE' /* required */ }; ssm.deregisterManagedInstance(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
InstanceId
— (String
)The ID assigned to the managed instance when you registered it using the activation process.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
deregisterPatchBaselineForPatchGroup(params = {}, callback) ⇒ AWS.Request
Removes a patch group from a patch baseline.
Service Reference:
Examples:
Calling the deregisterPatchBaselineForPatchGroup operation
var params = { BaselineId: 'STRING_VALUE', /* required */ PatchGroup: 'STRING_VALUE' /* required */ }; ssm.deregisterPatchBaselineForPatchGroup(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
BaselineId
— (String
)The ID of the patch baseline to deregister the patch group from.
PatchGroup
— (String
)The name of the patch group that should be deregistered from the patch baseline.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:BaselineId
— (String
)The ID of the patch baseline the patch group was deregistered from.
PatchGroup
— (String
)The name of the patch group deregistered from the patch baseline.
-
(AWS.Response)
—
Returns:
deregisterTargetFromMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Removes a target from a maintenance window.
Service Reference:
Examples:
Calling the deregisterTargetFromMaintenanceWindow operation
var params = { WindowId: 'STRING_VALUE', /* required */ WindowTargetId: 'STRING_VALUE', /* required */ Safe: true || false }; ssm.deregisterTargetFromMaintenanceWindow(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowId
— (String
)The ID of the maintenance window the target should be removed from.
WindowTargetId
— (String
)The ID of the target definition to remove.
Safe
— (Boolean
)The system checks if the target is being referenced by a task. If the target is being referenced, the system returns an error and doesn't deregister the target from the maintenance window.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowId
— (String
)The ID of the maintenance window the target was removed from.
WindowTargetId
— (String
)The ID of the removed target definition.
-
(AWS.Response)
—
Returns:
deregisterTaskFromMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Removes a task from a maintenance window.
Service Reference:
Examples:
Calling the deregisterTaskFromMaintenanceWindow operation
var params = { WindowId: 'STRING_VALUE', /* required */ WindowTaskId: 'STRING_VALUE' /* required */ }; ssm.deregisterTaskFromMaintenanceWindow(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowId
— (String
)The ID of the maintenance window the task should be removed from.
WindowTaskId
— (String
)The ID of the task to remove from the maintenance window.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowId
— (String
)The ID of the maintenance window the task was removed from.
WindowTaskId
— (String
)The ID of the task removed from the maintenance window.
-
(AWS.Response)
—
Returns:
describeActivations(params = {}, callback) ⇒ AWS.Request
Describes details about the activation, such as the date and time the activation was created, its expiration date, the Identity and Access Management (IAM) role assigned to the instances in the activation, and the number of instances registered by using this activation.
Service Reference:
Examples:
Calling the describeActivations operation
var params = { Filters: [ { FilterKey: ActivationIds | DefaultInstanceName | IamRole, FilterValues: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeActivations(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Filters
— (Array<map>
)A filter to view information about your activations.
FilterKey
— (String
)The name of the filter.
Possible values include:"ActivationIds"
"DefaultInstanceName"
"IamRole"
FilterValues
— (Array<String>
)The filter values.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:ActivationList
— (Array<map>
)A list of activations for your Amazon Web Services account.
ActivationId
— (String
)The ID created by Systems Manager when you submitted the activation.
Description
— (String
)A user defined description of the activation.
DefaultInstanceName
— (String
)A name for the managed instance when it is created.
IamRole
— (String
)The Identity and Access Management (IAM) role to assign to the managed instance.
RegistrationLimit
— (Integer
)The maximum number of managed instances that can be registered using this activation.
RegistrationsCount
— (Integer
)The number of managed instances already registered with this activation.
ExpirationDate
— (Date
)The date when this activation can no longer be used to register managed instances.
Expired
— (Boolean
)Whether or not the activation is expired.
CreatedDate
— (Date
)The date the activation was created.
Tags
— (Array<map>
)Tags assigned to the activation.
Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
-
(AWS.Response)
—
Returns:
describeAssociation(params = {}, callback) ⇒ AWS.Request
Describes the association for the specified target or instance. If you created the association by using the
Targets
parameter, then you must retrieve the association by using the association ID.Service Reference:
Examples:
Calling the describeAssociation operation
var params = { AssociationId: 'STRING_VALUE', AssociationVersion: 'STRING_VALUE', InstanceId: 'STRING_VALUE', Name: 'STRING_VALUE' }; ssm.describeAssociation(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the SSM document.
InstanceId
— (String
)The instance ID.
AssociationId
— (String
)The association ID for which you want information.
AssociationVersion
— (String
)Specify the association version to retrieve. To view the latest version, either specify
$LATEST
for this parameter, or omit this parameter. To view a list of all associations for an instance, use ListAssociations. To get a list of versions for a specific association, use ListAssociationVersions.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:AssociationDescription
— (map
)Information about the association.
Name
— (String
)The name of the SSM document.
InstanceId
— (String
)The instance ID.
AssociationVersion
— (String
)The association version.
Date
— (Date
)The date when the association was made.
LastUpdateAssociationDate
— (Date
)The date when the association was last updated.
Status
— (map
)The association status.
Date
— required — (Date
)The date when the status changed.
Name
— required — (String
)The status.
Possible values include:"Pending"
"Success"
"Failed"
Message
— required — (String
)The reason for the status.
AdditionalInfo
— (String
)A user-defined string.
Overview
— (map
)Information about the association.
Status
— (String
)The status of the association. Status can be: Pending, Success, or Failed.
DetailedStatus
— (String
)A detailed status of the association.
AssociationStatusAggregatedCount
— (map<Integer>
)Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
DocumentVersion
— (String
)The document version.
AutomationTargetParameterName
— (String
)Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
Parameters
— (map<Array<String>>
)A description of the parameters for a document.
AssociationId
— (String
)The association ID.
Targets
— (Array<map>
)The instances targeted by the request.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression
— (String
)A cron expression that specifies a schedule when the association runs.
OutputLocation
— (map
)An S3 bucket where you want to store the output details of the request.
S3Location
— (map
)An S3 bucket where you want to store the results of this request.
OutputS3Region
— (String
)The Amazon Web Services Region of the S3 bucket.
OutputS3BucketName
— (String
)The name of the S3 bucket.
OutputS3KeyPrefix
— (String
)The S3 bucket subfolder.
LastExecutionDate
— (Date
)The date on which the association was last run.
LastSuccessfulExecutionDate
— (Date
)The last date on which the association was successfully run.
AssociationName
— (String
)The association name.
MaxErrors
— (String
)The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time.MaxConcurrency
— (String
)The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified forMaxConcurrency
.ComplianceSeverity
— (String
)The severity level that is assigned to the association.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"UNSPECIFIED"
SyncCompliance
— (String
)The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
Possible values include:AUTO
mode."AUTO"
"MANUAL"
ApplyOnlyAtCronInterval
— (Boolean
)By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames
— (Array<String>
)The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
TargetLocations
— (Array<map>
)The combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
-
(AWS.Response)
—
Returns:
describeAssociationExecutions(params = {}, callback) ⇒ AWS.Request
Views all executions for a specific association ID.
Service Reference:
Examples:
Calling the describeAssociationExecutions operation
var params = { AssociationId: 'STRING_VALUE', /* required */ Filters: [ { Key: ExecutionId | Status | CreatedTime, /* required */ Type: EQUAL | LESS_THAN | GREATER_THAN, /* required */ Value: 'STRING_VALUE' /* required */ }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeAssociationExecutions(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
AssociationId
— (String
)The association ID for which you want to view execution history details.
Filters
— (Array<map>
)Filters for the request. You can specify the following filters and values.
ExecutionId (EQUAL)
Status (EQUAL)
CreatedTime (EQUAL, GREATER_THAN, LESS_THAN)
Key
— required — (String
)The key value used in the request.
Possible values include:"ExecutionId"
"Status"
"CreatedTime"
Value
— required — (String
)The value specified for the key.
Type
— required — (String
)The filter type specified in the request.
Possible values include:"EQUAL"
"LESS_THAN"
"GREATER_THAN"
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:AssociationExecutions
— (Array<map>
)A list of the executions for the specified association ID.
AssociationId
— (String
)The association ID.
AssociationVersion
— (String
)The association version.
ExecutionId
— (String
)The execution ID for the association.
Status
— (String
)The status of the association execution.
DetailedStatus
— (String
)Detailed status information about the execution.
CreatedTime
— (Date
)The time the execution started.
LastExecutionDate
— (Date
)The date of the last execution.
ResourceCountByStatus
— (String
)An aggregate status of the resources in the execution based on the status type.
NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
-
(AWS.Response)
—
Returns:
describeAssociationExecutionTargets(params = {}, callback) ⇒ AWS.Request
Views information about a specific execution of a specific association.
Service Reference:
Examples:
Calling the describeAssociationExecutionTargets operation
var params = { AssociationId: 'STRING_VALUE', /* required */ ExecutionId: 'STRING_VALUE', /* required */ Filters: [ { Key: Status | ResourceId | ResourceType, /* required */ Value: 'STRING_VALUE' /* required */ }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeAssociationExecutionTargets(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
AssociationId
— (String
)The association ID that includes the execution for which you want to view details.
ExecutionId
— (String
)The execution ID for which you want to view details.
Filters
— (Array<map>
)Filters for the request. You can specify the following filters and values.
Status (EQUAL)
ResourceId (EQUAL)
ResourceType (EQUAL)
Key
— required — (String
)The key value used in the request.
Possible values include:"Status"
"ResourceId"
"ResourceType"
Value
— required — (String
)The value specified for the key.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:AssociationExecutionTargets
— (Array<map>
)Information about the execution.
AssociationId
— (String
)The association ID.
AssociationVersion
— (String
)The association version.
ExecutionId
— (String
)The execution ID.
ResourceId
— (String
)The resource ID, for example, the instance ID where the association ran.
ResourceType
— (String
)The resource type, for example, instance.
Status
— (String
)The association execution status.
DetailedStatus
— (String
)Detailed information about the execution status.
LastExecutionDate
— (Date
)The date of the last execution.
OutputSource
— (map
)The location where the association details are saved.
OutputSourceId
— (String
)The ID of the output source, for example the URL of an S3 bucket.
OutputSourceType
— (String
)The type of source where the association execution details are stored, for example, Amazon S3.
NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
-
(AWS.Response)
—
Returns:
describeAutomationExecutions(params = {}, callback) ⇒ AWS.Request
Provides details about all active and terminated Automation executions.
Service Reference:
Examples:
Calling the describeAutomationExecutions operation
var params = { Filters: [ { Key: DocumentNamePrefix | ExecutionStatus | ExecutionId | ParentExecutionId | CurrentAction | StartTimeBefore | StartTimeAfter | AutomationType | TagKey | TargetResourceGroup | AutomationSubtype | OpsItemId, /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeAutomationExecutions(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Filters
— (Array<map>
)Filters used to limit the scope of executions that are requested.
Key
— required — (String
)One or more keys to limit the results.
Possible values include:"DocumentNamePrefix"
"ExecutionStatus"
"ExecutionId"
"ParentExecutionId"
"CurrentAction"
"StartTimeBefore"
"StartTimeAfter"
"AutomationType"
"TagKey"
"TargetResourceGroup"
"AutomationSubtype"
"OpsItemId"
Values
— required — (Array<String>
)The values used to limit the execution information associated with the filter's key.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:AutomationExecutionMetadataList
— (Array<map>
)The list of details about each automation execution which has occurred which matches the filter specification, if any.
AutomationExecutionId
— (String
)The execution ID.
DocumentName
— (String
)The name of the Automation runbook used during execution.
DocumentVersion
— (String
)The document version used during the execution.
AutomationExecutionStatus
— (String
)The status of the execution.
Possible values include:"Pending"
"InProgress"
"Waiting"
"Success"
"TimedOut"
"Cancelling"
"Cancelled"
"Failed"
"PendingApproval"
"Approved"
"Rejected"
"Scheduled"
"RunbookInProgress"
"PendingChangeCalendarOverride"
"ChangeCalendarOverrideApproved"
"ChangeCalendarOverrideRejected"
"CompletedWithSuccess"
"CompletedWithFailure"
ExecutionStartTime
— (Date
)The time the execution started.
ExecutionEndTime
— (Date
)The time the execution finished. This isn't populated if the execution is still in progress.
ExecutedBy
— (String
)The IAM role ARN of the user who ran the automation.
LogFile
— (String
)An S3 bucket where execution information is stored.
Outputs
— (map<Array<String>>
)The list of execution outputs as defined in the Automation runbook.
Mode
— (String
)The Automation execution mode.
Possible values include:"Auto"
"Interactive"
ParentAutomationExecutionId
— (String
)The execution ID of the parent automation.
CurrentStepName
— (String
)The name of the step that is currently running.
CurrentAction
— (String
)The action of the step that is currently running.
FailureMessage
— (String
)The list of execution outputs as defined in the Automation runbook.
TargetParameterName
— (String
)The list of execution outputs as defined in the Automation runbook.
Targets
— (Array<map>
)The targets defined by the user when starting the automation.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TargetMaps
— (Array<map<Array<String>>>
)The specified key-value mapping of document parameters to target resources.
ResolvedTargets
— (map
)A list of targets that resolved during the execution.
ParameterValues
— (Array<String>
)A list of parameter values sent to targets that resolved during the Automation execution.
Truncated
— (Boolean
)A boolean value indicating whether the resolved target list is truncated.
MaxConcurrency
— (String
)The
MaxConcurrency
value specified by the user when starting the automation.MaxErrors
— (String
)The
MaxErrors
value specified by the user when starting the automation.Target
— (String
)The list of execution outputs as defined in the Automation runbook.
AutomationType
— (String
)Use this filter with DescribeAutomationExecutions. Specify either Local or CrossAccount. CrossAccount is an Automation that runs in multiple Amazon Web Services Regions and Amazon Web Services accounts. For more information, see Running Automation workflows in multiple Amazon Web Services Regions and accounts in the Amazon Web Services Systems Manager User Guide.
Possible values include:"CrossAccount"
"Local"
AutomationSubtype
— (String
)The subtype of the Automation operation. Currently, the only supported value is
Possible values include:ChangeRequest
."ChangeRequest"
ScheduledTime
— (Date
)The date and time the Automation operation is scheduled to start.
Runbooks
— (Array<map>
)Information about the Automation runbooks that are run during a runbook workflow in Change Manager.
Note: The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.DocumentName
— required — (String
)The name of the Automation runbook used in a runbook workflow.
DocumentVersion
— (String
)The version of the Automation runbook used in a runbook workflow.
Parameters
— (map<Array<String>>
)The key-value map of execution parameters, which were supplied when calling
StartChangeRequestExecution
.TargetParameterName
— (String
)The name of the parameter used as the target resource for the rate-controlled runbook workflow. Required if you specify
Targets
.Targets
— (Array<map>
)A key-value mapping to target resources that the runbook operation performs tasks on. Required if you specify
TargetParameterName
.Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
MaxConcurrency
— (String
)The
MaxConcurrency
value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time.MaxErrors
— (String
)The
MaxErrors
value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back.TargetLocations
— (Array<map>
)Information about the Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Runbook operation.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
OpsItemId
— (String
)The ID of an OpsItem that is created to represent a Change Manager change request.
AssociationId
— (String
)The ID of a State Manager association used in the Automation operation.
ChangeRequestName
— (String
)The name of the Change Manager change request.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeAutomationStepExecutions(params = {}, callback) ⇒ AWS.Request
Information about all active and terminated step executions in an Automation workflow.
Service Reference:
Examples:
Calling the describeAutomationStepExecutions operation
var params = { AutomationExecutionId: 'STRING_VALUE', /* required */ Filters: [ { Key: StartTimeBefore | StartTimeAfter | StepExecutionStatus | StepExecutionId | StepName | Action, /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE', ReverseOrder: true || false }; ssm.describeAutomationStepExecutions(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
AutomationExecutionId
— (String
)The Automation execution ID for which you want step execution descriptions.
Filters
— (Array<map>
)One or more filters to limit the number of step executions returned by the request.
Key
— required — (String
)One or more keys to limit the results. Valid filter keys include the following: StepName, Action, StepExecutionId, StepExecutionStatus, StartTimeBefore, StartTimeAfter.
Possible values include:"StartTimeBefore"
"StartTimeAfter"
"StepExecutionStatus"
"StepExecutionId"
"StepName"
"Action"
Values
— required — (Array<String>
)The values of the filter key.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
ReverseOrder
— (Boolean
)Indicates whether to list step executions in reverse order by start time. The default value is 'false'.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:StepExecutions
— (Array<map>
)A list of details about the current state of all steps that make up an execution.
StepName
— (String
)The name of this execution step.
Action
— (String
)The action this step performs. The action determines the behavior of the step.
TimeoutSeconds
— (Integer
)The timeout seconds of the step.
OnFailure
— (String
)The action to take if the step fails. The default value is
Abort
.MaxAttempts
— (Integer
)The maximum number of tries to run the action of the step. The default value is
1
.ExecutionStartTime
— (Date
)If a step has begun execution, this contains the time the step started. If the step is in Pending status, this field isn't populated.
ExecutionEndTime
— (Date
)If a step has finished execution, this contains the time the execution ended. If the step hasn't yet concluded, this field isn't populated.
StepStatus
— (String
)The execution status for this step.
Possible values include:"Pending"
"InProgress"
"Waiting"
"Success"
"TimedOut"
"Cancelling"
"Cancelled"
"Failed"
"PendingApproval"
"Approved"
"Rejected"
"Scheduled"
"RunbookInProgress"
"PendingChangeCalendarOverride"
"ChangeCalendarOverrideApproved"
"ChangeCalendarOverrideRejected"
"CompletedWithSuccess"
"CompletedWithFailure"
ResponseCode
— (String
)The response code returned by the execution of the step.
Inputs
— (map<String>
)Fully-resolved values passed into the step before execution.
Outputs
— (map<Array<String>>
)Returned values from the execution of the step.
Response
— (String
)A message associated with the response code for an execution.
FailureMessage
— (String
)If a step failed, this message explains why the execution failed.
FailureDetails
— (map
)Information about the Automation failure.
FailureStage
— (String
)The stage of the Automation execution when the failure occurred. The stages include the following: InputValidation, PreVerification, Invocation, PostVerification.
FailureType
— (String
)The type of Automation failure. Failure types include the following: Action, Permission, Throttling, Verification, Internal.
Details
— (map<Array<String>>
)Detailed information about the Automation step failure.
StepExecutionId
— (String
)The unique ID of a step execution.
OverriddenParameters
— (map<Array<String>>
)A user-specified list of parameters to override when running a step.
IsEnd
— (Boolean
)The flag which can be used to end automation no matter whether the step succeeds or fails.
NextStep
— (String
)The next step after the step succeeds.
IsCritical
— (Boolean
)The flag which can be used to help decide whether the failure of current step leads to the Automation failure.
ValidNextSteps
— (Array<String>
)Strategies used when step fails, we support Continue and Abort. Abort will fail the automation when the step fails. Continue will ignore the failure of current step and allow automation to run the next step. With conditional branching, we add step:stepName to support the automation to go to another specific step.
Targets
— (Array<map>
)The targets for the step execution.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TargetLocation
— (map
)The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation execution.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeAvailablePatches(params = {}, callback) ⇒ AWS.Request
Lists all patches eligible to be included in a patch baseline.
Service Reference:
Examples:
Calling the describeAvailablePatches operation
var params = { Filters: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeAvailablePatches(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Filters
— (Array<map>
)Each element in the array is a structure containing a key-value pair.
Windows Server
Supported keys for Windows Server instance patches include the following:
-
PATCH_SET
Sample values:
OS
|APPLICATION
-
PRODUCT
Sample values:
WindowsServer2012
|Office 2010
|MicrosoftDefenderAntivirus
-
PRODUCT_FAMILY
Sample values:
Windows
|Office
-
MSRC_SEVERITY
Sample values:
ServicePacks
|Important
|Moderate
-
CLASSIFICATION
Sample values:
ServicePacks
|SecurityUpdates
|DefinitionUpdates
-
PATCH_ID
Sample values:
KB123456
|KB4516046
Linux
When specifying filters for Linux patches, you must specify a key-pair for
PRODUCT
. For example, using the Command Line Interface (CLI), the following command fails:aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615
However, the following command succeeds:
aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615
Supported keys for Linux instance patches include the following:
-
PRODUCT
Sample values:
AmazonLinux2018.03
|AmazonLinux2.0
-
NAME
Sample values:
kernel-headers
|samba-python
|php
-
SEVERITY
Sample values:
Critical
|Important
|Medium
|Low
-
EPOCH
Sample values:
0
|1
-
VERSION
Sample values:
78.6.1
|4.10.16
-
RELEASE
Sample values:
9.56.amzn1
|1.amzn2
-
ARCH
Sample values:
i686
|x86_64
-
REPOSITORY
Sample values:
Core
|Updates
-
ADVISORY_ID
Sample values:
ALAS-2018-1058
|ALAS2-2021-1594
-
CVE_ID
Sample values:
CVE-2018-3615
|CVE-2020-1472
-
BUGZILLA_ID
Sample values:
1463241
Key
— (String
)The key for the filter.
Values
— (Array<String>
)The value for the filter.
-
MaxResults
— (Integer
)The maximum number of patches to return (per page).
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Patches
— (Array<map>
)An array of patches. Each entry in the array is a patch structure.
Id
— (String
)The ID of the patch. Applies to Windows patches only.
Note: This ID isn't the same as the Microsoft Knowledge Base ID.ReleaseDate
— (Date
)The date the patch was released.
Title
— (String
)The title of the patch.
Description
— (String
)The description of the patch.
ContentUrl
— (String
)The URL where more information can be obtained about the patch.
Vendor
— (String
)The name of the vendor providing the patch.
ProductFamily
— (String
)The product family the patch is applicable for. For example,
Windows
orAmazon Linux 2
.Product
— (String
)The specific product the patch is applicable for. For example,
WindowsServer2016
orAmazonLinux2018.03
.Classification
— (String
)The classification of the patch. For example,
SecurityUpdates
,Updates
, orCriticalUpdates
.MsrcSeverity
— (String
)The severity of the patch, such as
Critical
,Important
, orModerate
. Applies to Windows patches only.KbNumber
— (String
)The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.
MsrcNumber
— (String
)The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example,
MS14-045
. Applies to Windows patches only.Language
— (String
)The language of the patch if it's language-specific.
AdvisoryIds
— (Array<String>
)The Advisory ID of the patch. For example,
RHSA-2020:3779
. Applies to Linux-based instances only.BugzillaIds
— (Array<String>
)The Bugzilla ID of the patch. For example,
1600646
. Applies to Linux-based instances only.CVEIds
— (Array<String>
)The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example,
CVE-2011-3192
. Applies to Linux-based instances only.Name
— (String
)The name of the patch. Applies to Linux-based instances only.
Epoch
— (Integer
)The epoch of the patch. For example in
pkg-example-EE-20180914-2.2.amzn1.noarch
, the epoch value is20180914-2
. Applies to Linux-based instances only.Version
— (String
)The version number of the patch. For example, in
example-pkg-1.710.10-2.7.abcd.x86_64
, the version number is indicated by-1
. Applies to Linux-based instances only.Release
— (String
)The particular release of a patch. For example, in
pkg-example-EE-20180914-2.2.amzn1.noarch
, the release is2.amaz1
. Applies to Linux-based instances only.Arch
— (String
)The architecture of the patch. For example, in
example-pkg-0.710.10-2.7.abcd.x86_64
, the architecture is indicated byx86_64
. Applies to Linux-based instances only.Severity
— (String
)The severity level of the patch. For example,
CRITICAL
orMODERATE
.Repository
— (String
)The source patch repository for the operating system and version, such as
trusty-security
for Ubuntu Server 14.04 LTE andfocal-security
for Ubuntu Server 20.04 LTE. Applies to Linux-based instances only.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeDocument(params = {}, callback) ⇒ AWS.Request
Describes the specified Amazon Web Services Systems Manager document (SSM document).
Service Reference:
Examples:
Calling the describeDocument operation
var params = { Name: 'STRING_VALUE', /* required */ DocumentVersion: 'STRING_VALUE', VersionName: 'STRING_VALUE' }; ssm.describeDocument(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the SSM document.
DocumentVersion
— (String
)The document version for which you want information. Can be a specific version or the default version.
VersionName
— (String
)An optional field specifying the version of the artifact associated with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document, and can't be changed.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Document
— (map
)Information about the SSM document.
Sha1
— (String
)The SHA1 hash of the document, which you can use for verification.
Hash
— (String
)The Sha256 or Sha1 hash created by the system when the document was created.
Note: Sha1 hashes have been deprecated.HashType
— (String
)The hash type of the document. Valid values include
Sha256
orSha1
.Note: Sha1 hashes have been deprecated.Possible values include:"Sha256"
"Sha1"
Name
— (String
)The name of the SSM document.
DisplayName
— (String
)The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.
VersionName
— (String
)The version of the artifact associated with the document.
Owner
— (String
)The Amazon Web Services user account that created the document.
CreatedDate
— (Date
)The date when the document was created.
Status
— (String
)The status of the SSM document.
Possible values include:"Creating"
"Active"
"Updating"
"Deleting"
"Failed"
StatusInformation
— (String
)A message returned by Amazon Web Services Systems Manager that explains the
Status
value. For example, aFailed
status might be explained by theStatusInformation
message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."DocumentVersion
— (String
)The document version.
Description
— (String
)A description of the document.
Parameters
— (Array<map>
)A description of the parameters for a document.
Name
— (String
)The name of the parameter.
Type
— (String
)The type of parameter. The type can be either String or StringList.
Possible values include:"String"
"StringList"
Description
— (String
)A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.
DefaultValue
— (String
)If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.
PlatformTypes
— (Array<String>
)The list of OS platforms compatible with this SSM document.
DocumentType
— (String
)The type of document.
Possible values include:"Command"
"Policy"
"Automation"
"Session"
"Package"
"ApplicationConfiguration"
"ApplicationConfigurationSchema"
"DeploymentStrategy"
"ChangeCalendar"
"Automation.ChangeTemplate"
"ProblemAnalysis"
"ProblemAnalysisTemplate"
SchemaVersion
— (String
)The schema version.
LatestVersion
— (String
)The latest version of the document.
DefaultVersion
— (String
)The default version.
DocumentFormat
— (String
)The document format, either JSON or YAML.
Possible values include:"YAML"
"JSON"
"TEXT"
TargetType
— (String
)The target type which defines the kinds of resources the document can run on. For example,
/AWS::EC2::Instance
. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.Tags
— (Array<map>
)The tags, or metadata, that have been applied to the document.
Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
AttachmentsInformation
— (Array<map>
)Details about the document attachments, including names, locations, sizes, and so on.
Name
— (String
)The name of the attachment.
Requires
— (Array<map>
)A list of SSM documents required by a document. For example, an
ApplicationConfiguration
document requires anApplicationConfigurationSchema
document.Name
— required — (String
)The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version
— (String
)The document version required by the current document.
Author
— (String
)The user in your organization who created the document.
ReviewInformation
— (Array<map>
)Details about the review of a document.
ReviewedTime
— (Date
)The time that the reviewer took action on the document review request.
Status
— (String
)The current status of the document review request.
Possible values include:"APPROVED"
"NOT_REVIEWED"
"PENDING"
"REJECTED"
Reviewer
— (String
)The reviewer assigned to take action on the document review request.
ApprovedVersion
— (String
)The version of the document currently approved for use in the organization.
PendingReviewVersion
— (String
)The version of the document that is currently under review.
ReviewStatus
— (String
)The current status of the review.
Possible values include:"APPROVED"
"NOT_REVIEWED"
"PENDING"
"REJECTED"
-
(AWS.Response)
—
Returns:
describeDocumentPermission(params = {}, callback) ⇒ AWS.Request
Describes the permissions for a Amazon Web Services Systems Manager document (SSM document). If you created the document, you are the owner. If a document is shared, it can either be shared privately (by specifying a user's Amazon Web Services account ID) or publicly (All).
Service Reference:
Examples:
Calling the describeDocumentPermission operation
var params = { Name: 'STRING_VALUE', /* required */ PermissionType: Share, /* required */ MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeDocumentPermission(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the document for which you are the owner.
PermissionType
— (String
)The permission type for the document. The permission type can be Share.
Possible values include:"Share"
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:AccountIds
— (Array<String>
)The account IDs that have permission to use this document. The ID can be either an Amazon Web Services account or All.
AccountSharingInfoList
— (Array<map>
)A list of Amazon Web Services accounts where the current document is shared and the version shared with each account.
AccountId
— (String
)The Amazon Web Services account ID where the current document is shared.
SharedDocumentVersion
— (String
)The version of the current document shared with the account.
NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
-
(AWS.Response)
—
Returns:
describeEffectiveInstanceAssociations(params = {}, callback) ⇒ AWS.Request
All associations for the instance(s).
Service Reference:
Examples:
Calling the describeEffectiveInstanceAssociations operation
var params = { InstanceId: 'STRING_VALUE', /* required */ MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeEffectiveInstanceAssociations(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
InstanceId
— (String
)The instance ID for which you want to view all associations.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Associations
— (Array<map>
)The associations for the requested instance.
AssociationId
— (String
)The association ID.
InstanceId
— (String
)The instance ID.
Content
— (String
)The content of the association document for the instance(s).
AssociationVersion
— (String
)Version information for the association on the instance.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeEffectivePatchesForPatchBaseline(params = {}, callback) ⇒ AWS.Request
Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline. Applies to patch baselines for Windows only.
Service Reference:
Examples:
Calling the describeEffectivePatchesForPatchBaseline operation
var params = { BaselineId: 'STRING_VALUE', /* required */ MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeEffectivePatchesForPatchBaseline(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
BaselineId
— (String
)The ID of the patch baseline to retrieve the effective patches for.
MaxResults
— (Integer
)The maximum number of patches to return (per page).
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:EffectivePatches
— (Array<map>
)An array of patches and patch status.
Patch
— (map
)Provides metadata for a patch, including information such as the KB ID, severity, classification and a URL for where more information can be obtained about the patch.
Id
— (String
)The ID of the patch. Applies to Windows patches only.
Note: This ID isn't the same as the Microsoft Knowledge Base ID.ReleaseDate
— (Date
)The date the patch was released.
Title
— (String
)The title of the patch.
Description
— (String
)The description of the patch.
ContentUrl
— (String
)The URL where more information can be obtained about the patch.
Vendor
— (String
)The name of the vendor providing the patch.
ProductFamily
— (String
)The product family the patch is applicable for. For example,
Windows
orAmazon Linux 2
.Product
— (String
)The specific product the patch is applicable for. For example,
WindowsServer2016
orAmazonLinux2018.03
.Classification
— (String
)The classification of the patch. For example,
SecurityUpdates
,Updates
, orCriticalUpdates
.MsrcSeverity
— (String
)The severity of the patch, such as
Critical
,Important
, orModerate
. Applies to Windows patches only.KbNumber
— (String
)The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.
MsrcNumber
— (String
)The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example,
MS14-045
. Applies to Windows patches only.Language
— (String
)The language of the patch if it's language-specific.
AdvisoryIds
— (Array<String>
)The Advisory ID of the patch. For example,
RHSA-2020:3779
. Applies to Linux-based instances only.BugzillaIds
— (Array<String>
)The Bugzilla ID of the patch. For example,
1600646
. Applies to Linux-based instances only.CVEIds
— (Array<String>
)The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example,
CVE-2011-3192
. Applies to Linux-based instances only.Name
— (String
)The name of the patch. Applies to Linux-based instances only.
Epoch
— (Integer
)The epoch of the patch. For example in
pkg-example-EE-20180914-2.2.amzn1.noarch
, the epoch value is20180914-2
. Applies to Linux-based instances only.Version
— (String
)The version number of the patch. For example, in
example-pkg-1.710.10-2.7.abcd.x86_64
, the version number is indicated by-1
. Applies to Linux-based instances only.Release
— (String
)The particular release of a patch. For example, in
pkg-example-EE-20180914-2.2.amzn1.noarch
, the release is2.amaz1
. Applies to Linux-based instances only.Arch
— (String
)The architecture of the patch. For example, in
example-pkg-0.710.10-2.7.abcd.x86_64
, the architecture is indicated byx86_64
. Applies to Linux-based instances only.Severity
— (String
)The severity level of the patch. For example,
CRITICAL
orMODERATE
.Repository
— (String
)The source patch repository for the operating system and version, such as
trusty-security
for Ubuntu Server 14.04 LTE andfocal-security
for Ubuntu Server 20.04 LTE. Applies to Linux-based instances only.
PatchStatus
— (map
)The status of the patch in a patch baseline. This includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.
DeploymentStatus
— (String
)The approval status of a patch.
Possible values include:"APPROVED"
"PENDING_APPROVAL"
"EXPLICIT_APPROVED"
"EXPLICIT_REJECTED"
ComplianceLevel
— (String
)The compliance severity level for a patch.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"INFORMATIONAL"
"UNSPECIFIED"
ApprovalDate
— (Date
)The date the patch was approved (or will be approved if the status is
PENDING_APPROVAL
).
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeInstanceAssociationsStatus(params = {}, callback) ⇒ AWS.Request
The status of the associations for the instance(s).
Service Reference:
Examples:
Calling the describeInstanceAssociationsStatus operation
var params = { InstanceId: 'STRING_VALUE', /* required */ MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeInstanceAssociationsStatus(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
InstanceId
— (String
)The instance IDs for which you want association status information.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:InstanceAssociationStatusInfos
— (Array<map>
)Status information about the association.
AssociationId
— (String
)The association ID.
Name
— (String
)The name of the association.
DocumentVersion
— (String
)The association document versions.
AssociationVersion
— (String
)The version of the association applied to the instance.
InstanceId
— (String
)The instance ID where the association was created.
ExecutionDate
— (Date
)The date the instance association ran.
Status
— (String
)Status information about the instance association.
DetailedStatus
— (String
)Detailed status information about the instance association.
ExecutionSummary
— (String
)Summary information about association execution.
ErrorCode
— (String
)An error code returned by the request to create the association.
OutputUrl
— (map
)A URL for an S3 bucket where you want to store the results of this request.
S3OutputUrl
— (map
)The URL of S3 bucket where you want to store the results of this request.
OutputUrl
— (String
)A URL for an S3 bucket where you want to store the results of this request.
AssociationName
— (String
)The name of the association applied to the instance.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeInstanceInformation(params = {}, callback) ⇒ AWS.Request
Describes one or more of your instances, including information about the operating system platform, the version of SSM Agent installed on the instance, instance status, and so on.
If you specify one or more instance IDs, it returns information for those instances. If you don't specify instance IDs, it returns information for all your instances. If you specify an instance ID that isn't valid or an instance that you don't own, you receive an error.
Note: TheIamRole
field for this API operation is the Identity and Access Management (IAM) role assigned to on-premises instances. This call doesn't return the IAM role for EC2 instances.Service Reference:
Examples:
Calling the describeInstanceInformation operation
var params = { Filters: [ { Key: 'STRING_VALUE', /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], InstanceInformationFilterList: [ { key: InstanceIds | AgentVersion | PingStatus | PlatformTypes | ActivationIds | IamRole | ResourceType | AssociationStatus, /* required */ valueSet: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeInstanceInformation(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
InstanceInformationFilterList
— (Array<map>
)This is a legacy method. We recommend that you don't use this method. Instead, use the
Filters
data type.Filters
enables you to return instance information by filtering based on tags applied to managed instances.Note: Attempting to useInstanceInformationFilterList
andFilters
leads to an exception error.key
— required — (String
)The name of the filter.
Possible values include:"InstanceIds"
"AgentVersion"
"PingStatus"
"PlatformTypes"
"ActivationIds"
"IamRole"
"ResourceType"
"AssociationStatus"
valueSet
— required — (Array<String>
)The filter values.
Filters
— (Array<map>
)One or more filters. Use a filter to return a more specific list of instances. You can filter based on tags applied to EC2 instances. Use this
Filters
data type instead ofInstanceInformationFilterList
, which is deprecated.Key
— required — (String
)The filter key name to describe your instances. For example:
"InstanceIds"|"AgentVersion"|"PingStatus"|"PlatformTypes"|"ActivationIds"|"IamRole"|"ResourceType"|"AssociationStatus"|"Tag Key"
Tag key
isn't a valid filter. You must specify eithertag-key
ortag:keyname
and a string. Here are some valid examples: tag-key, tag:123, tag:al!, tag:Windows. Here are some invalid examples: tag-keys, Tag Key, tag:, tagKey, abc:keyname.Values
— required — (Array<String>
)The filter values.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:InstanceInformationList
— (Array<map>
)The instance information list.
InstanceId
— (String
)The instance ID.
PingStatus
— (String
)Connection status of SSM Agent.
Note: The statusPossible values include:Inactive
has been deprecated and is no longer in use."Online"
"ConnectionLost"
"Inactive"
LastPingDateTime
— (Date
)The date and time when the agent last pinged the Systems Manager service.
AgentVersion
— (String
)The version of SSM Agent running on your Linux instance.
IsLatestVersion
— (Boolean
)Indicates whether the latest version of SSM Agent is running on your Linux Managed Instance. This field doesn't indicate whether or not the latest version is installed on Windows managed instances, because some older versions of Windows Server use the EC2Config service to process Systems Manager requests.
PlatformType
— (String
)The operating system platform type.
Possible values include:"Windows"
"Linux"
PlatformName
— (String
)The name of the operating system platform running on your instance.
PlatformVersion
— (String
)The version of the OS platform running on your instance.
ActivationId
— (String
)The activation ID created by Amazon Web Services Systems Manager when the server or virtual machine (VM) was registered.
IamRole
— (String
)The Identity and Access Management (IAM) role assigned to the on-premises Systems Manager managed instance. This call doesn't return the IAM role for Amazon Elastic Compute Cloud (Amazon EC2) instances. To retrieve the IAM role for an EC2 instance, use the Amazon EC2
DescribeInstances
operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.RegistrationDate
— (Date
)The date the server or VM was registered with Amazon Web Services as a managed instance.
ResourceType
— (String
)The type of instance. Instances are either EC2 instances or managed instances.
Possible values include:"ManagedInstance"
"Document"
"EC2Instance"
Name
— (String
)The name assigned to an on-premises server or virtual machine (VM) when it is activated as a Systems Manager managed instance. The name is specified as the
DefaultInstanceName
property using the CreateActivation command. It is applied to the managed instance by specifying the Activation Code and Activation ID when you install SSM Agent on the instance, as explained in Install SSM Agent for a hybrid environment (Linux) and Install SSM Agent for a hybrid environment (Windows). To retrieve the Name tag of an EC2 instance, use the Amazon EC2DescribeInstances
operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.IPAddress
— (String
)The IP address of the managed instance.
ComputerName
— (String
)The fully qualified host name of the managed instance.
AssociationStatus
— (String
)The status of the association.
LastAssociationExecutionDate
— (Date
)The date the association was last run.
LastSuccessfulAssociationExecutionDate
— (Date
)The last date the association was successfully run.
AssociationOverview
— (map
)Information about the association.
DetailedStatus
— (String
)Detailed status information about the aggregated associations.
InstanceAssociationStatusAggregatedCount
— (map<Integer>
)The number of associations for the instance(s).
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeInstancePatches(params = {}, callback) ⇒ AWS.Request
Retrieves information about the patches on the specified instance and their state relative to the patch baseline being used for the instance.
Service Reference:
Examples:
Calling the describeInstancePatches operation
var params = { InstanceId: 'STRING_VALUE', /* required */ Filters: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeInstancePatches(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
InstanceId
— (String
)The ID of the instance whose patch state information should be retrieved.
Filters
— (Array<map>
)Each element in the array is a structure containing a key-value pair.
Supported keys for
DescribeInstancePatches
include the following:-
Classification
Sample values:
Security
|SecurityUpdates
-
KBId
Sample values:
KB4480056
|java-1.7.0-openjdk.x86_64
-
Severity
Sample values:
Important
|Medium
|Low
-
State
Sample values:
Installed
|InstalledOther
|InstalledPendingReboot
Key
— (String
)The key for the filter.
Values
— (Array<String>
)The value for the filter.
-
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
MaxResults
— (Integer
)The maximum number of patches to return (per page).
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Patches
— (Array<map>
)Each entry in the array is a structure containing:
-
Title (string)
-
KBId (string)
-
Classification (string)
-
Severity (string)
-
State (string, such as "INSTALLED" or "FAILED")
-
InstalledTime (DateTime)
-
InstalledBy (string)
Title
— required — (String
)The title of the patch.
KBId
— required — (String
)The operating system-specific ID of the patch.
Classification
— required — (String
)The classification of the patch, such as
SecurityUpdates
,Updates
, andCriticalUpdates
.Severity
— required — (String
)The severity of the patchsuch as
Critical
,Important
, andModerate
.State
— required — (String
)The state of the patch on the instance, such as INSTALLED or FAILED.
For descriptions of each patch state, see About patch compliance in the Amazon Web Services Systems Manager User Guide.
Possible values include:"INSTALLED"
"INSTALLED_OTHER"
"INSTALLED_PENDING_REBOOT"
"INSTALLED_REJECTED"
"MISSING"
"NOT_APPLICABLE"
"FAILED"
InstalledTime
— required — (Date
)The date/time the patch was installed on the instance. Not all operating systems provide this level of information.
CVEIds
— (String
)The IDs of one or more Common Vulnerabilities and Exposure (CVE) issues that are resolved by the patch.
-
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeInstancePatchStates(params = {}, callback) ⇒ AWS.Request
Retrieves the high-level patch state of one or more instances.
Service Reference:
Examples:
Calling the describeInstancePatchStates operation
var params = { InstanceIds: [ /* required */ 'STRING_VALUE', /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeInstancePatchStates(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
InstanceIds
— (Array<String>
)The ID of the instance for which patch state information should be retrieved.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
MaxResults
— (Integer
)The maximum number of instances to return (per page).
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:InstancePatchStates
— (Array<map>
)The high-level patch state for the requested instances.
InstanceId
— required — (String
)The ID of the managed instance the high-level patch compliance information was collected for.
PatchGroup
— required — (String
)The name of the patch group the managed instance belongs to.
BaselineId
— required — (String
)The ID of the patch baseline used to patch the instance.
SnapshotId
— (String
)The ID of the patch baseline snapshot used during the patching operation when this compliance data was collected.
InstallOverrideList
— (String
)An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document
AWS-RunPatchBaseline
, overrides the patches specified by the default patch baseline.For more information about the
InstallOverrideList
parameter, see About theAWS-RunPatchBaseline
SSM document in the Amazon Web Services Systems Manager User Guide.OwnerInformation
— (String
)Placeholder information. This field will always be empty in the current release of the service.
InstalledCount
— (Integer
)The number of patches from the patch baseline that are installed on the instance.
InstalledOtherCount
— (Integer
)The number of patches not specified in the patch baseline that are installed on the instance.
InstalledPendingRebootCount
— (Integer
)The number of patches installed by Patch Manager since the last time the instance was rebooted.
InstalledRejectedCount
— (Integer
)The number of patches installed on an instance that are specified in a
RejectedPatches
list. Patches with a status ofInstalledRejected
were typically installed before they were added to aRejectedPatches
list.Note: IfALLOW_AS_DEPENDENCY
is the specified option forRejectedPatchesAction
, the value ofInstalledRejectedCount
will always be0
(zero).MissingCount
— (Integer
)The number of patches from the patch baseline that are applicable for the instance but aren't currently installed.
FailedCount
— (Integer
)The number of patches from the patch baseline that were attempted to be installed during the last patching operation, but failed to install.
UnreportedNotApplicableCount
— (Integer
)The number of patches beyond the supported limit of
NotApplicableCount
that aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.NotApplicableCount
— (Integer
)The number of patches from the patch baseline that aren't applicable for the instance and therefore aren't installed on the instance. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in
UnreportedNotApplicableCount
.OperationStartTime
— required — (Date
)The time the most recent patching operation was started on the instance.
OperationEndTime
— required — (Date
)The time the most recent patching operation completed on the instance.
Operation
— required — (String
)The type of patching operation that was performed: or
-
SCAN
assesses the patch compliance state. -
INSTALL
installs missing patches.
"Scan"
"Install"
-
LastNoRebootInstallOperationTime
— (Date
)The time of the last attempt to patch the instance with
NoReboot
specified as the reboot option.RebootOption
— (String
)Indicates the reboot option specified in the patch baseline.
Note: Reboot options apply toInstall
operations only. Reboots aren't attempted for Patch ManagerScan
operations.-
RebootIfNeeded
: Patch Manager tries to reboot the instance if it installed any patches, or if any patches are detected with a status ofInstalledPendingReboot
. -
NoReboot
: Patch Manager attempts to install missing packages without trying to reboot the system. Patches installed with this option are assigned a status ofInstalledPendingReboot
. These patches might not be in effect until a reboot is performed.
"RebootIfNeeded"
"NoReboot"
-
CriticalNonCompliantCount
— (Integer
)The number of instances where patches that are specified as
Critical
for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances isNON_COMPLIANT
.SecurityNonCompliantCount
— (Integer
)The number of instances where patches that are specified as
Security
in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances isNON_COMPLIANT
.OtherNonCompliantCount
— (Integer
)The number of instances with patches installed that are specified as other than
Critical
orSecurity
but aren't compliant with the patch baseline. The status of these instances isNON_COMPLIANT
.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeInstancePatchStatesForPatchGroup(params = {}, callback) ⇒ AWS.Request
Retrieves the high-level patch state for the instances in the specified patch group.
Service Reference:
Examples:
Calling the describeInstancePatchStatesForPatchGroup operation
var params = { PatchGroup: 'STRING_VALUE', /* required */ Filters: [ { Key: 'STRING_VALUE', /* required */ Type: Equal | NotEqual | LessThan | GreaterThan, /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeInstancePatchStatesForPatchGroup(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
PatchGroup
— (String
)The name of the patch group for which the patch state information should be retrieved.
Filters
— (Array<map>
)Each entry in the array is a structure containing:
-
Key (string between 1 and 200 characters)
-
Values (array containing a single string)
-
Type (string "Equal", "NotEqual", "LessThan", "GreaterThan")
Key
— required — (String
)The key for the filter. Supported values include the following:
-
InstalledCount
-
InstalledOtherCount
-
InstalledPendingRebootCount
-
InstalledRejectedCount
-
MissingCount
-
FailedCount
-
UnreportedNotApplicableCount
-
NotApplicableCount
-
Values
— required — (Array<String>
)The value for the filter. Must be an integer greater than or equal to 0.
Type
— required — (String
)The type of comparison that should be performed for the value.
Possible values include:"Equal"
"NotEqual"
"LessThan"
"GreaterThan"
-
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
MaxResults
— (Integer
)The maximum number of patches to return (per page).
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:InstancePatchStates
— (Array<map>
)The high-level patch state for the requested instances.
InstanceId
— required — (String
)The ID of the managed instance the high-level patch compliance information was collected for.
PatchGroup
— required — (String
)The name of the patch group the managed instance belongs to.
BaselineId
— required — (String
)The ID of the patch baseline used to patch the instance.
SnapshotId
— (String
)The ID of the patch baseline snapshot used during the patching operation when this compliance data was collected.
InstallOverrideList
— (String
)An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document
AWS-RunPatchBaseline
, overrides the patches specified by the default patch baseline.For more information about the
InstallOverrideList
parameter, see About theAWS-RunPatchBaseline
SSM document in the Amazon Web Services Systems Manager User Guide.OwnerInformation
— (String
)Placeholder information. This field will always be empty in the current release of the service.
InstalledCount
— (Integer
)The number of patches from the patch baseline that are installed on the instance.
InstalledOtherCount
— (Integer
)The number of patches not specified in the patch baseline that are installed on the instance.
InstalledPendingRebootCount
— (Integer
)The number of patches installed by Patch Manager since the last time the instance was rebooted.
InstalledRejectedCount
— (Integer
)The number of patches installed on an instance that are specified in a
RejectedPatches
list. Patches with a status ofInstalledRejected
were typically installed before they were added to aRejectedPatches
list.Note: IfALLOW_AS_DEPENDENCY
is the specified option forRejectedPatchesAction
, the value ofInstalledRejectedCount
will always be0
(zero).MissingCount
— (Integer
)The number of patches from the patch baseline that are applicable for the instance but aren't currently installed.
FailedCount
— (Integer
)The number of patches from the patch baseline that were attempted to be installed during the last patching operation, but failed to install.
UnreportedNotApplicableCount
— (Integer
)The number of patches beyond the supported limit of
NotApplicableCount
that aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.NotApplicableCount
— (Integer
)The number of patches from the patch baseline that aren't applicable for the instance and therefore aren't installed on the instance. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in
UnreportedNotApplicableCount
.OperationStartTime
— required — (Date
)The time the most recent patching operation was started on the instance.
OperationEndTime
— required — (Date
)The time the most recent patching operation completed on the instance.
Operation
— required — (String
)The type of patching operation that was performed: or
-
SCAN
assesses the patch compliance state. -
INSTALL
installs missing patches.
"Scan"
"Install"
-
LastNoRebootInstallOperationTime
— (Date
)The time of the last attempt to patch the instance with
NoReboot
specified as the reboot option.RebootOption
— (String
)Indicates the reboot option specified in the patch baseline.
Note: Reboot options apply toInstall
operations only. Reboots aren't attempted for Patch ManagerScan
operations.-
RebootIfNeeded
: Patch Manager tries to reboot the instance if it installed any patches, or if any patches are detected with a status ofInstalledPendingReboot
. -
NoReboot
: Patch Manager attempts to install missing packages without trying to reboot the system. Patches installed with this option are assigned a status ofInstalledPendingReboot
. These patches might not be in effect until a reboot is performed.
"RebootIfNeeded"
"NoReboot"
-
CriticalNonCompliantCount
— (Integer
)The number of instances where patches that are specified as
Critical
for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances isNON_COMPLIANT
.SecurityNonCompliantCount
— (Integer
)The number of instances where patches that are specified as
Security
in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances isNON_COMPLIANT
.OtherNonCompliantCount
— (Integer
)The number of instances with patches installed that are specified as other than
Critical
orSecurity
but aren't compliant with the patch baseline. The status of these instances isNON_COMPLIANT
.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeInventoryDeletions(params = {}, callback) ⇒ AWS.Request
Describes a specific delete inventory operation.
Service Reference:
Examples:
Calling the describeInventoryDeletions operation
var params = { DeletionId: 'STRING_VALUE', MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeInventoryDeletions(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
DeletionId
— (String
)Specify the delete inventory ID for which you want information. This ID was returned by the
DeleteInventory
operation.NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:InventoryDeletions
— (Array<map>
)A list of status items for deleted inventory.
DeletionId
— (String
)The deletion ID returned by the
DeleteInventory
operation.TypeName
— (String
)The name of the inventory data type.
DeletionStartTime
— (Date
)The UTC timestamp when the delete operation started.
LastStatus
— (String
)The status of the operation. Possible values are InProgress and Complete.
Possible values include:"InProgress"
"Complete"
LastStatusMessage
— (String
)Information about the status.
DeletionSummary
— (map
)Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the Amazon Web Services Systems Manager User Guide.
TotalCount
— (Integer
)The total number of items to delete. This count doesn't change during the delete operation.
RemainingCount
— (Integer
)Remaining number of items to delete.
SummaryItems
— (Array<map>
)A list of counts and versions for deleted items.
Version
— (String
)The inventory type version.
Count
— (Integer
)A count of the number of deleted items.
RemainingCount
— (Integer
)The remaining number of items to delete.
LastStatusUpdateTime
— (Date
)The UTC timestamp of when the last status report.
NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
-
(AWS.Response)
—
Returns:
describeMaintenanceWindowExecutions(params = {}, callback) ⇒ AWS.Request
Lists the executions of a maintenance window. This includes information about when the maintenance window was scheduled to be active, and information about tasks registered and run with the maintenance window.
Service Reference:
Examples:
Calling the describeMaintenanceWindowExecutions operation
var params = { WindowId: 'STRING_VALUE', /* required */ Filters: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeMaintenanceWindowExecutions(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowId
— (String
)The ID of the maintenance window whose executions should be retrieved.
Filters
— (Array<map>
)Each entry in the array is a structure containing:
-
Key. A string between 1 and 128 characters. Supported keys include
ExecutedBefore
andExecutedAfter
. -
Values. An array of strings, each between 1 and 256 characters. Supported values are date/time strings in a valid ISO 8601 date/time format, such as
2021-11-04T05:00:00Z
.
Key
— (String
)The name of the filter.
Values
— (Array<String>
)The filter values.
-
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowExecutions
— (Array<map>
)Information about the maintenance window executions.
WindowId
— (String
)The ID of the maintenance window.
WindowExecutionId
— (String
)The ID of the maintenance window execution.
Status
— (String
)The status of the execution.
Possible values include:"PENDING"
"IN_PROGRESS"
"SUCCESS"
"FAILED"
"TIMED_OUT"
"CANCELLING"
"CANCELLED"
"SKIPPED_OVERLAPPING"
StatusDetails
— (String
)The details explaining the status. Not available for all status values.
StartTime
— (Date
)The time the execution started.
EndTime
— (Date
)The time the execution finished.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeMaintenanceWindowExecutionTaskInvocations(params = {}, callback) ⇒ AWS.Request
Retrieves the individual task executions (one per target) for a particular task run as part of a maintenance window execution.
Service Reference:
Examples:
Calling the describeMaintenanceWindowExecutionTaskInvocations operation
var params = { TaskId: 'STRING_VALUE', /* required */ WindowExecutionId: 'STRING_VALUE', /* required */ Filters: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeMaintenanceWindowExecutionTaskInvocations(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowExecutionId
— (String
)The ID of the maintenance window execution the task is part of.
TaskId
— (String
)The ID of the specific task in the maintenance window task that should be retrieved.
Filters
— (Array<map>
)Optional filters used to scope down the returned task invocations. The supported filter key is
STATUS
with the corresponding valuesPENDING
,IN_PROGRESS
,SUCCESS
,FAILED
,TIMED_OUT
,CANCELLING
, andCANCELLED
.Key
— (String
)The name of the filter.
Values
— (Array<String>
)The filter values.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowExecutionTaskInvocationIdentities
— (Array<map>
)Information about the task invocation results per invocation.
WindowExecutionId
— (String
)The ID of the maintenance window execution that ran the task.
TaskExecutionId
— (String
)The ID of the specific task execution in the maintenance window execution.
InvocationId
— (String
)The ID of the task invocation.
ExecutionId
— (String
)The ID of the action performed in the service that actually handled the task invocation. If the task type is
RUN_COMMAND
, this value is the command ID.TaskType
— (String
)The task type.
Possible values include:"RUN_COMMAND"
"AUTOMATION"
"STEP_FUNCTIONS"
"LAMBDA"
Parameters
— (String
)The parameters that were provided for the invocation when it was run.
Status
— (String
)The status of the task invocation.
Possible values include:"PENDING"
"IN_PROGRESS"
"SUCCESS"
"FAILED"
"TIMED_OUT"
"CANCELLING"
"CANCELLED"
"SKIPPED_OVERLAPPING"
StatusDetails
— (String
)The details explaining the status of the task invocation. Not available for all status values.
StartTime
— (Date
)The time the invocation started.
EndTime
— (Date
)The time the invocation finished.
OwnerInformation
— (String
)User-provided value that was specified when the target was registered with the maintenance window. This was also included in any Amazon CloudWatch Events events raised during the task invocation.
WindowTargetId
— (String
)The ID of the target definition in this maintenance window the invocation was performed for.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeMaintenanceWindowExecutionTasks(params = {}, callback) ⇒ AWS.Request
For a given maintenance window execution, lists the tasks that were run.
Service Reference:
Examples:
Calling the describeMaintenanceWindowExecutionTasks operation
var params = { WindowExecutionId: 'STRING_VALUE', /* required */ Filters: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeMaintenanceWindowExecutionTasks(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowExecutionId
— (String
)The ID of the maintenance window execution whose task executions should be retrieved.
Filters
— (Array<map>
)Optional filters used to scope down the returned tasks. The supported filter key is
STATUS
with the corresponding valuesPENDING
,IN_PROGRESS
,SUCCESS
,FAILED
,TIMED_OUT
,CANCELLING
, andCANCELLED
.Key
— (String
)The name of the filter.
Values
— (Array<String>
)The filter values.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowExecutionTaskIdentities
— (Array<map>
)Information about the task executions.
WindowExecutionId
— (String
)The ID of the maintenance window execution that ran the task.
TaskExecutionId
— (String
)The ID of the specific task execution in the maintenance window execution.
Status
— (String
)The status of the task execution.
Possible values include:"PENDING"
"IN_PROGRESS"
"SUCCESS"
"FAILED"
"TIMED_OUT"
"CANCELLING"
"CANCELLED"
"SKIPPED_OVERLAPPING"
StatusDetails
— (String
)The details explaining the status of the task execution. Not available for all status values.
StartTime
— (Date
)The time the task execution started.
EndTime
— (Date
)The time the task execution finished.
TaskArn
— (String
)The Amazon Resource Name (ARN) of the task that ran.
TaskType
— (String
)The type of task that ran.
Possible values include:"RUN_COMMAND"
"AUTOMATION"
"STEP_FUNCTIONS"
"LAMBDA"
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeMaintenanceWindows(params = {}, callback) ⇒ AWS.Request
Retrieves the maintenance windows in an Amazon Web Services account.
Service Reference:
Examples:
Calling the describeMaintenanceWindows operation
var params = { Filters: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeMaintenanceWindows(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Filters
— (Array<map>
)Optional filters used to narrow down the scope of the returned maintenance windows. Supported filter keys are
Name
andEnabled
. For example,Name=MyMaintenanceWindow
andEnabled=True
.Key
— (String
)The name of the filter.
Values
— (Array<String>
)The filter values.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowIdentities
— (Array<map>
)Information about the maintenance windows.
WindowId
— (String
)The ID of the maintenance window.
Name
— (String
)The name of the maintenance window.
Description
— (String
)A description of the maintenance window.
Enabled
— (Boolean
)Indicates whether the maintenance window is enabled.
Duration
— (Integer
)The duration of the maintenance window in hours.
Cutoff
— (Integer
)The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
Schedule
— (String
)The schedule of the maintenance window in the form of a cron or rate expression.
ScheduleTimezone
— (String
)The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.
ScheduleOffset
— (Integer
)The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
EndDate
— (String
)The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive.
StartDate
— (String
)The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active.
NextExecutionTime
— (String
)The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeMaintenanceWindowSchedule(params = {}, callback) ⇒ AWS.Request
Retrieves information about upcoming executions of a maintenance window.
Service Reference:
Examples:
Calling the describeMaintenanceWindowSchedule operation
var params = { Filters: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE', ResourceType: INSTANCE | RESOURCE_GROUP, Targets: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], WindowId: 'STRING_VALUE' }; ssm.describeMaintenanceWindowSchedule(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowId
— (String
)The ID of the maintenance window to retrieve information about.
Targets
— (Array<map>
)The instance ID or key-value pair to retrieve information about.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ResourceType
— (String
)The type of resource you want to retrieve information about. For example,
Possible values include:INSTANCE
."INSTANCE"
"RESOURCE_GROUP"
Filters
— (Array<map>
)Filters used to limit the range of results. For example, you can limit maintenance window executions to only those scheduled before or after a certain date and time.
Key
— (String
)The key for the filter.
Values
— (Array<String>
)The value for the filter.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:ScheduledWindowExecutions
— (Array<map>
)Information about maintenance window executions scheduled for the specified time range.
WindowId
— (String
)The ID of the maintenance window to be run.
Name
— (String
)The name of the maintenance window to be run.
ExecutionTime
— (String
)The time, in ISO-8601 Extended format, that the maintenance window is scheduled to be run.
NextToken
— (String
)The token for the next set of items to return. (You use this token in the next call.)
-
(AWS.Response)
—
Returns:
describeMaintenanceWindowsForTarget(params = {}, callback) ⇒ AWS.Request
Retrieves information about the maintenance window targets or tasks that an instance is associated with.
Service Reference:
Examples:
Calling the describeMaintenanceWindowsForTarget operation
var params = { ResourceType: INSTANCE | RESOURCE_GROUP, /* required */ Targets: [ /* required */ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeMaintenanceWindowsForTarget(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Targets
— (Array<map>
)The instance ID or key-value pair to retrieve information about.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ResourceType
— (String
)The type of resource you want to retrieve information about. For example,
Possible values include:INSTANCE
."INSTANCE"
"RESOURCE_GROUP"
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowIdentities
— (Array<map>
)Information about the maintenance window targets and tasks an instance is associated with.
WindowId
— (String
)The ID of the maintenance window.
Name
— (String
)The name of the maintenance window.
NextToken
— (String
)The token for the next set of items to return. (You use this token in the next call.)
-
(AWS.Response)
—
Returns:
describeMaintenanceWindowTargets(params = {}, callback) ⇒ AWS.Request
Lists the targets registered with the maintenance window.
Service Reference:
Examples:
Calling the describeMaintenanceWindowTargets operation
var params = { WindowId: 'STRING_VALUE', /* required */ Filters: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeMaintenanceWindowTargets(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowId
— (String
)The ID of the maintenance window whose targets should be retrieved.
Filters
— (Array<map>
)Optional filters that can be used to narrow down the scope of the returned window targets. The supported filter keys are
Type
,WindowTargetId
, andOwnerInformation
.Key
— (String
)The name of the filter.
Values
— (Array<String>
)The filter values.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Targets
— (Array<map>
)Information about the targets in the maintenance window.
WindowId
— (String
)The ID of the maintenance window to register the target with.
WindowTargetId
— (String
)The ID of the target.
ResourceType
— (String
)The type of target that is being registered with the maintenance window.
Possible values include:"INSTANCE"
"RESOURCE_GROUP"
Targets
— (Array<map>
)The targets, either instances or tags.
Specify instances using the following format:
Key=instanceids,Values=<instanceid1>,<instanceid2>
Tags are specified using the following format:
Key=<tag name>,Values=<tag value>
.Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
OwnerInformation
— (String
)A user-provided value that will be included in any Amazon CloudWatch Events events that are raised while running tasks for these targets in this maintenance window.
Name
— (String
)The name for the maintenance window target.
Description
— (String
)A description for the target.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeMaintenanceWindowTasks(params = {}, callback) ⇒ AWS.Request
Lists the tasks in a maintenance window.
Note: For maintenance window tasks without a specified target, you can't supply values for--max-errors
and--max-concurrency
. Instead, the system inserts a placeholder value of1
, which may be reported in the response to this command. These values don't affect the running of your task and can be ignored.Service Reference:
Examples:
Calling the describeMaintenanceWindowTasks operation
var params = { WindowId: 'STRING_VALUE', /* required */ Filters: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeMaintenanceWindowTasks(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowId
— (String
)The ID of the maintenance window whose tasks should be retrieved.
Filters
— (Array<map>
)Optional filters used to narrow down the scope of the returned tasks. The supported filter keys are
WindowTaskId
,TaskArn
,Priority
, andTaskType
.Key
— (String
)The name of the filter.
Values
— (Array<String>
)The filter values.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Tasks
— (Array<map>
)Information about the tasks in the maintenance window.
WindowId
— (String
)The ID of the maintenance window where the task is registered.
WindowTaskId
— (String
)The task ID.
TaskArn
— (String
)The resource that the task uses during execution. For
RUN_COMMAND
andAUTOMATION
task types,TaskArn
is the Amazon Web Services Systems Manager (SSM document) name or ARN. ForLAMBDA
tasks, it's the function name or ARN. ForSTEP_FUNCTIONS
tasks, it's the state machine ARN.Type
— (String
)The type of task.
Possible values include:"RUN_COMMAND"
"AUTOMATION"
"STEP_FUNCTIONS"
"LAMBDA"
Targets
— (Array<map>
)The targets (either instances or tags). Instances are specified using
Key=instanceids,Values=<instanceid1>,<instanceid2>
. Tags are specified usingKey=<tag name>,Values=<tag value>
.Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TaskParameters
— (map<map>
)The parameters that should be passed to the task when it is run.
Note:TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.Values
— (Array<String>
)This field contains an array of 0 or more strings, each 1 to 255 characters in length.
Priority
— (Integer
)The priority of the task in the maintenance window. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
LoggingInfo
— (map
)Information about an S3 bucket to write task-level logs to.
Note:LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.S3BucketName
— required — (String
)The name of an S3 bucket where execution logs are stored .
S3KeyPrefix
— (String
)(Optional) The S3 bucket subfolder.
S3Region
— required — (String
)The Amazon Web Services Region where the S3 bucket is located.
ServiceRoleArn
— (String
)The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
MaxConcurrency
— (String
)The maximum number of targets this task can be run for, in parallel.
MaxErrors
— (String
)The maximum number of errors allowed before this task stops being scheduled.
Name
— (String
)The task name.
Description
— (String
)A description of the task.
CutoffBehavior
— (String
)The specification for whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.
Possible values include:"CONTINUE_TASK"
"CANCEL_TASK"
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describeOpsItems(params = {}, callback) ⇒ AWS.Request
Query a set of OpsItems. You must have permission in Identity and Access Management (IAM) to query a list of OpsItems. For more information, see Getting started with OpsCenter in the Amazon Web Services Systems Manager User Guide.
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see OpsCenter in the Amazon Web Services Systems Manager User Guide.
Service Reference:
Examples:
Calling the describeOpsItems operation
var params = { MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE', OpsItemFilters: [ { Key: Status | CreatedBy | Source | Priority | Title | OpsItemId | CreatedTime | LastModifiedTime | ActualStartTime | ActualEndTime | PlannedStartTime | PlannedEndTime | OperationalData | OperationalDataKey | OperationalDataValue | ResourceId | AutomationId | Category | Severity | OpsItemType | ChangeRequestByRequesterArn | ChangeRequestByRequesterName | ChangeRequestByApproverArn | ChangeRequestByApproverName | ChangeRequestByTemplate | ChangeRequestByTargetsResourceGroup | InsightByType, /* required */ Operator: Equal | Contains | GreaterThan | LessThan, /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }; ssm.describeOpsItems(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
OpsItemFilters
— (Array<map>
)One or more filters to limit the response.
-
Key: CreatedTime
Operations: GreaterThan, LessThan
-
Key: LastModifiedBy
Operations: Contains, Equals
-
Key: LastModifiedTime
Operations: GreaterThan, LessThan
-
Key: Priority
Operations: Equals
-
Key: Source
Operations: Contains, Equals
-
Key: Status
Operations: Equals
-
Key: Title
Operations: Equals,Contains
-
Key: OperationalData**
Operations: Equals
-
Key: OperationalDataKey
Operations: Equals
-
Key: OperationalDataValue
Operations: Equals, Contains
-
Key: OpsItemId
Operations: Equals
-
Key: ResourceId
Operations: Contains
-
Key: AutomationId
Operations: Equals
The Equals operator for Title matches the first 100 characters. If you specify more than 100 characters, they system returns an error that the filter value exceeds the length limit.
**If you filter the response by using the OperationalData operator, specify a key-value pair by using the following JSON format:
{"key":"key_name","value":"a_value"}
Key
— required — (String
)The name of the filter.
Possible values include:"Status"
"CreatedBy"
"Source"
"Priority"
"Title"
"OpsItemId"
"CreatedTime"
"LastModifiedTime"
"ActualStartTime"
"ActualEndTime"
"PlannedStartTime"
"PlannedEndTime"
"OperationalData"
"OperationalDataKey"
"OperationalDataValue"
"ResourceId"
"AutomationId"
"Category"
"Severity"
"OpsItemType"
"ChangeRequestByRequesterArn"
"ChangeRequestByRequesterName"
"ChangeRequestByApproverArn"
"ChangeRequestByApproverName"
"ChangeRequestByTemplate"
"ChangeRequestByTargetsResourceGroup"
"InsightByType"
Values
— required — (Array<String>
)The filter value.
Operator
— required — (String
)The operator used by the filter call.
Possible values include:"Equal"
"Contains"
"GreaterThan"
"LessThan"
-
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
OpsItemSummaries
— (Array<map>
)A list of OpsItems.
CreatedBy
— (String
)The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem.
CreatedTime
— (Date
)The date and time the OpsItem was created.
LastModifiedBy
— (String
)The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem.
LastModifiedTime
— (Date
)The date and time the OpsItem was last updated.
Priority
— (Integer
)The importance of this OpsItem in relation to other OpsItems in the system.
Source
— (String
)The impacted Amazon Web Services resource.
Status
— (String
)The OpsItem status. Status can be
Possible values include:Open
,In Progress
, orResolved
."Open"
"InProgress"
"Resolved"
"Pending"
"TimedOut"
"Cancelling"
"Cancelled"
"Failed"
"CompletedWithSuccess"
"CompletedWithFailure"
"Scheduled"
"RunbookInProgress"
"PendingChangeCalendarOverride"
"ChangeCalendarOverrideApproved"
"ChangeCalendarOverrideRejected"
"PendingApproval"
"Approved"
"Rejected"
"Closed"
OpsItemId
— (String
)The ID of the OpsItem.
Title
— (String
)A short heading that describes the nature of the OpsItem and the impacted resource.
OperationalData
— (map<map>
)Operational data is custom data that provides useful reference details about the OpsItem.
Value
— (String
)The value of the OperationalData key.
Type
— (String
)The type of key-value pair. Valid types include
Possible values include:SearchableString
andString
."SearchableString"
"String"
Category
— (String
)A list of OpsItems by category.
Severity
— (String
)A list of OpsItems by severity.
OpsItemType
— (String
)The type of OpsItem. Currently, the only valid values are
/aws/changerequest
and/aws/issue
.ActualStartTime
— (Date
)The time a runbook workflow started. Currently reported only for the OpsItem type
/aws/changerequest
.ActualEndTime
— (Date
)The time a runbook workflow ended. Currently reported only for the OpsItem type
/aws/changerequest
.PlannedStartTime
— (Date
)The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type
/aws/changerequest
.PlannedEndTime
— (Date
)The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type
/aws/changerequest
.
-
(AWS.Response)
—
Returns:
describeParameters(params = {}, callback) ⇒ AWS.Request
Get information about a parameter.
Request results are returned on a best-effort basis. If you specify
MaxResults
in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value ofMaxResults
. If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and aNextToken
. You can specify theNextToken
in a subsequent call to get the next set of results.If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must also update the key alias the parameter uses to reference KMS. Otherwise,
DescribeParameters
retrieves whatever the original key alias was referencing.Service Reference:
Examples:
Calling the describeParameters operation
var params = { Filters: [ { Key: Name | Type | KeyId, /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE', ParameterFilters: [ { Key: 'STRING_VALUE', /* required */ Option: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }; ssm.describeParameters(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Filters
— (Array<map>
)This data type is deprecated. Instead, use
ParameterFilters
.Key
— required — (String
)The name of the filter.
Possible values include:"Name"
"Type"
"KeyId"
Values
— required — (Array<String>
)The filter values.
ParameterFilters
— (Array<map>
)Filters to limit the request results.
Key
— required — (String
)The name of the filter.
The
ParameterStringFilter
object is used by the DescribeParameters and GetParametersByPath API operations. However, not all of the pattern values listed forKey
can be used with both operations.For
DescribeActions
, all of the listed patterns are valid exceptLabel
.For
GetParametersByPath
, the following patterns listed forKey
aren't valid:tag
,DataType
,Name
,Path
, andTier
.For examples of Amazon Web Services CLI commands demonstrating valid parameter filter constructions, see Searching for Systems Manager parameters in the Amazon Web Services Systems Manager User Guide.
Option
— (String
)For all filters used with DescribeParameters, valid options include
Equals
andBeginsWith
. TheName
filter additionally supports theContains
option. (Exception: For filters using the keyPath
, valid options includeRecursive
andOneLevel
.)For filters used with GetParametersByPath, valid options include
Equals
andBeginsWith
. (Exception: For filters usingLabel
as the Key name, the only valid option isEquals
.)Values
— (Array<String>
)The value you want to search for.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Parameters
— (Array<map>
)Parameters returned by the request.
Name
— (String
)The parameter name.
Type
— (String
)The type of parameter. Valid parameter types include the following:
Possible values include:String
,StringList
, andSecureString
."String"
"StringList"
"SecureString"
KeyId
— (String
)The ID of the query key used for this parameter.
LastModifiedDate
— (Date
)Date the parameter was last changed or updated.
LastModifiedUser
— (String
)Amazon Resource Name (ARN) of the Amazon Web Services user who last changed the parameter.
Description
— (String
)Description of the parameter actions.
AllowedPattern
— (String
)A parameter name can include only the following letters and symbols.
a-zA-Z0-9_.-
Version
— (Integer
)The parameter version.
Tier
— (String
)The parameter tier.
Possible values include:"Standard"
"Advanced"
"Intelligent-Tiering"
Policies
— (Array<map>
)A list of policies associated with a parameter.
PolicyText
— (String
)The JSON text of the policy.
PolicyType
— (String
)The type of policy. Parameter Store, a capablility of Amazon Web Services Systems Manager, supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
PolicyStatus
— (String
)The status of the policy. Policies report the following statuses: Pending (the policy hasn't been enforced or applied yet), Finished (the policy was applied), Failed (the policy wasn't applied), or InProgress (the policy is being applied now).
DataType
— (String
)The data type of the parameter, such as
text
oraws:ec2:image
. The default istext
.
NextToken
— (String
)The token to use when requesting the next set of items.
-
(AWS.Response)
—
Returns:
describePatchBaselines(params = {}, callback) ⇒ AWS.Request
Lists the patch baselines in your Amazon Web Services account.
Service Reference:
Examples:
Calling the describePatchBaselines operation
var params = { Filters: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describePatchBaselines(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Filters
— (Array<map>
)Each element in the array is a structure containing a key-value pair.
Supported keys for
DescribePatchBaselines
include the following:-
NAME_PREFIX
Sample values:
AWS-
|My-
-
OWNER
Sample values:
AWS
|Self
-
OPERATING_SYSTEM
Sample values:
AMAZON_LINUX
|SUSE
|WINDOWS
Key
— (String
)The key for the filter.
Values
— (Array<String>
)The value for the filter.
-
MaxResults
— (Integer
)The maximum number of patch baselines to return (per page).
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:BaselineIdentities
— (Array<map>
)An array of
PatchBaselineIdentity
elements.BaselineId
— (String
)The ID of the patch baseline.
BaselineName
— (String
)The name of the patch baseline.
OperatingSystem
— (String
)Defines the operating system the patch baseline applies to. The default value is
Possible values include:WINDOWS
."WINDOWS"
"AMAZON_LINUX"
"AMAZON_LINUX_2"
"UBUNTU"
"REDHAT_ENTERPRISE_LINUX"
"SUSE"
"CENTOS"
"ORACLE_LINUX"
"DEBIAN"
"MACOS"
BaselineDescription
— (String
)The description of the patch baseline.
DefaultBaseline
— (Boolean
)Whether this is the default baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describePatchGroups(params = {}, callback) ⇒ AWS.Request
Lists all patch groups that have been registered with patch baselines.
Service Reference:
Examples:
Calling the describePatchGroups operation
var params = { Filters: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describePatchGroups(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
MaxResults
— (Integer
)The maximum number of patch groups to return (per page).
Filters
— (Array<map>
)Each element in the array is a structure containing a key-value pair.
Supported keys for
DescribePatchGroups
include the following:-
NAME_PREFIX
Sample values:
AWS-
|My-
. -
OPERATING_SYSTEM
Sample values:
AMAZON_LINUX
|SUSE
|WINDOWS
Key
— (String
)The key for the filter.
Values
— (Array<String>
)The value for the filter.
-
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Mappings
— (Array<map>
)Each entry in the array contains:
-
PatchGroup
: string (between 1 and 256 characters. Regex:^([\p{L}\p{Z}\p{N}_.:/=+-@]*)$)
-
PatchBaselineIdentity
: APatchBaselineIdentity
element.
PatchGroup
— (String
)The name of the patch group registered with the patch baseline.
BaselineIdentity
— (map
)The patch baseline the patch group is registered with.
BaselineId
— (String
)The ID of the patch baseline.
BaselineName
— (String
)The name of the patch baseline.
OperatingSystem
— (String
)Defines the operating system the patch baseline applies to. The default value is
Possible values include:WINDOWS
."WINDOWS"
"AMAZON_LINUX"
"AMAZON_LINUX_2"
"UBUNTU"
"REDHAT_ENTERPRISE_LINUX"
"SUSE"
"CENTOS"
"ORACLE_LINUX"
"DEBIAN"
"MACOS"
BaselineDescription
— (String
)The description of the patch baseline.
DefaultBaseline
— (Boolean
)Whether this is the default baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
-
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
describePatchGroupState(params = {}, callback) ⇒ AWS.Request
Returns high-level aggregated patch compliance state information for a patch group.
Service Reference:
Examples:
Calling the describePatchGroupState operation
var params = { PatchGroup: 'STRING_VALUE' /* required */ }; ssm.describePatchGroupState(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
PatchGroup
— (String
)The name of the patch group whose patch snapshot should be retrieved.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Instances
— (Integer
)The number of instances in the patch group.
InstancesWithInstalledPatches
— (Integer
)The number of instances with installed patches.
InstancesWithInstalledOtherPatches
— (Integer
)The number of instances with patches installed that aren't defined in the patch baseline.
InstancesWithInstalledPendingRebootPatches
— (Integer
)The number of instances with patches installed by Patch Manager that haven't been rebooted after the patch installation. The status of these instances is
NON_COMPLIANT
.InstancesWithInstalledRejectedPatches
— (Integer
)The number of instances with patches installed that are specified in a
RejectedPatches
list. Patches with a status ofINSTALLED_REJECTED
were typically installed before they were added to aRejectedPatches
list.Note: IfALLOW_AS_DEPENDENCY
is the specified option forRejectedPatchesAction
, the value ofInstancesWithInstalledRejectedPatches
will always be0
(zero).InstancesWithMissingPatches
— (Integer
)The number of instances with missing patches from the patch baseline.
InstancesWithFailedPatches
— (Integer
)The number of instances with patches from the patch baseline that failed to install.
InstancesWithNotApplicablePatches
— (Integer
)The number of instances with patches that aren't applicable.
InstancesWithUnreportedNotApplicablePatches
— (Integer
)The number of instances with
NotApplicable
patches beyond the supported limit, which aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.InstancesWithCriticalNonCompliantPatches
— (Integer
)The number of instances where patches that are specified as
Critical
for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances isNON_COMPLIANT
.InstancesWithSecurityNonCompliantPatches
— (Integer
)The number of instances where patches that are specified as
Security
in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances isNON_COMPLIANT
.InstancesWithOtherNonCompliantPatches
— (Integer
)The number of instances with patches installed that are specified as other than
Critical
orSecurity
but aren't compliant with the patch baseline. The status of these instances isNON_COMPLIANT
.
-
(AWS.Response)
—
Returns:
describePatchProperties(params = {}, callback) ⇒ AWS.Request
Lists the properties of available patches organized by product, product family, classification, severity, and other properties of available patches. You can use the reported properties in the filters you specify in requests for operations such as CreatePatchBaseline, UpdatePatchBaseline, DescribeAvailablePatches, and DescribePatchBaselines.
The following section lists the properties that can be used in filters for each major operating system type:
- AMAZON_LINUX
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- AMAZON_LINUX_2
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- CENTOS
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- DEBIAN
-
Valid properties:
PRODUCT
|PRIORITY
- MACOS
-
Valid properties:
PRODUCT
|CLASSIFICATION
- ORACLE_LINUX
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- REDHAT_ENTERPRISE_LINUX
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- SUSE
-
Valid properties:
PRODUCT
|CLASSIFICATION
|SEVERITY
- UBUNTU
-
Valid properties:
PRODUCT
|PRIORITY
- WINDOWS
-
Valid properties:
PRODUCT
|PRODUCT_FAMILY
|CLASSIFICATION
|MSRC_SEVERITY
Service Reference:
Examples:
Calling the describePatchProperties operation
var params = { OperatingSystem: WINDOWS | AMAZON_LINUX | AMAZON_LINUX_2 | UBUNTU | REDHAT_ENTERPRISE_LINUX | SUSE | CENTOS | ORACLE_LINUX | DEBIAN | MACOS, /* required */ Property: PRODUCT | PRODUCT_FAMILY | CLASSIFICATION | MSRC_SEVERITY | PRIORITY | SEVERITY, /* required */ MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE', PatchSet: OS | APPLICATION }; ssm.describePatchProperties(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
OperatingSystem
— (String
)The operating system type for which to list patches.
Possible values include:"WINDOWS"
"AMAZON_LINUX"
"AMAZON_LINUX_2"
"UBUNTU"
"REDHAT_ENTERPRISE_LINUX"
"SUSE"
"CENTOS"
"ORACLE_LINUX"
"DEBIAN"
"MACOS"
Property
— (String
)The patch property for which you want to view patch details.
Possible values include:"PRODUCT"
"PRODUCT_FAMILY"
"CLASSIFICATION"
"MSRC_SEVERITY"
"PRIORITY"
"SEVERITY"
PatchSet
— (String
)Indicates whether to list patches for the Windows operating system or for applications released by Microsoft. Not applicable for the Linux or macOS operating systems.
Possible values include:"OS"
"APPLICATION"
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Properties
— (Array<map<String>>
)A list of the properties for patches matching the filter request parameters.
NextToken
— (String
)The token for the next set of items to return. (You use this token in the next call.)
-
(AWS.Response)
—
Returns:
describeSessions(params = {}, callback) ⇒ AWS.Request
Retrieves a list of all active sessions (both connected and disconnected) or terminated sessions from the past 30 days.
Service Reference:
Examples:
Calling the describeSessions operation
var params = { State: Active | History, /* required */ Filters: [ { key: InvokedAfter | InvokedBefore | Target | Owner | Status | SessionId, /* required */ value: 'STRING_VALUE' /* required */ }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.describeSessions(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
State
— (String
)The session status to retrieve a list of sessions for. For example, "Active".
Possible values include:"Active"
"History"
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Filters
— (Array<map>
)One or more filters to limit the type of sessions returned by the request.
key
— required — (String
)The name of the filter.
Possible values include:"InvokedAfter"
"InvokedBefore"
"Target"
"Owner"
"Status"
"SessionId"
value
— required — (String
)The filter value. Valid values for each filter key are as follows:
-
InvokedAfter: Specify a timestamp to limit your results. For example, specify 2018-08-29T00:00:00Z to see sessions that started August 29, 2018, and later.
-
InvokedBefore: Specify a timestamp to limit your results. For example, specify 2018-08-29T00:00:00Z to see sessions that started before August 29, 2018.
-
Target: Specify an instance to which session connections have been made.
-
Owner: Specify an Amazon Web Services user account to see a list of sessions started by that user.
-
Status: Specify a valid session status to see a list of all sessions with that status. Status values you can specify include:
-
Connected
-
Connecting
-
Disconnected
-
Terminated
-
Terminating
-
Failed
-
-
SessionId: Specify a session ID to return details about the session.
-
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Sessions
— (Array<map>
)A list of sessions meeting the request parameters.
SessionId
— (String
)The ID of the session.
Target
— (String
)The instance that the Session Manager session connected to.
Status
— (String
)The status of the session. For example, "Connected" or "Terminated".
Possible values include:"Connected"
"Connecting"
"Disconnected"
"Terminated"
"Terminating"
"Failed"
StartDate
— (Date
)The date and time, in ISO-8601 Extended format, when the session began.
EndDate
— (Date
)The date and time, in ISO-8601 Extended format, when the session was terminated.
DocumentName
— (String
)The name of the Session Manager SSM document used to define the parameters and plugin settings for the session. For example,
SSM-SessionManagerRunShell
.Owner
— (String
)The ID of the Amazon Web Services user account that started the session.
Details
— (String
)Reserved for future use.
OutputUrl
— (map
)Reserved for future use.
S3OutputUrl
— (String
)Reserved for future use.
CloudWatchOutputUrl
— (String
)Reserved for future use.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
-
(AWS.Response)
—
Returns:
disassociateOpsItemRelatedItem(params = {}, callback) ⇒ AWS.Request
Deletes the association between an OpsItem and a related item. For example, this API operation can delete an Incident Manager incident from an OpsItem. Incident Manager is a capability of Amazon Web Services Systems Manager.
Service Reference:
Examples:
Calling the disassociateOpsItemRelatedItem operation
var params = { AssociationId: 'STRING_VALUE', /* required */ OpsItemId: 'STRING_VALUE' /* required */ }; ssm.disassociateOpsItemRelatedItem(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
OpsItemId
— (String
)The ID of the OpsItem for which you want to delete an association between the OpsItem and a related item.
AssociationId
— (String
)The ID of the association for which you want to delete an association between the OpsItem and a related item.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
getAutomationExecution(params = {}, callback) ⇒ AWS.Request
Get detailed information about a particular Automation execution.
Service Reference:
Examples:
Calling the getAutomationExecution operation
var params = { AutomationExecutionId: 'STRING_VALUE' /* required */ }; ssm.getAutomationExecution(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
AutomationExecutionId
— (String
)The unique identifier for an existing automation execution to examine. The execution ID is returned by StartAutomationExecution when the execution of an Automation runbook is initiated.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:AutomationExecution
— (map
)Detailed information about the current state of an automation execution.
AutomationExecutionId
— (String
)The execution ID.
DocumentName
— (String
)The name of the Automation runbook used during the execution.
DocumentVersion
— (String
)The version of the document to use during execution.
ExecutionStartTime
— (Date
)The time the execution started.
ExecutionEndTime
— (Date
)The time the execution finished.
AutomationExecutionStatus
— (String
)The execution status of the Automation.
Possible values include:"Pending"
"InProgress"
"Waiting"
"Success"
"TimedOut"
"Cancelling"
"Cancelled"
"Failed"
"PendingApproval"
"Approved"
"Rejected"
"Scheduled"
"RunbookInProgress"
"PendingChangeCalendarOverride"
"ChangeCalendarOverrideApproved"
"ChangeCalendarOverrideRejected"
"CompletedWithSuccess"
"CompletedWithFailure"
StepExecutions
— (Array<map>
)A list of details about the current state of all steps that comprise an execution. An Automation runbook contains a list of steps that are run in order.
StepName
— (String
)The name of this execution step.
Action
— (String
)The action this step performs. The action determines the behavior of the step.
TimeoutSeconds
— (Integer
)The timeout seconds of the step.
OnFailure
— (String
)The action to take if the step fails. The default value is
Abort
.MaxAttempts
— (Integer
)The maximum number of tries to run the action of the step. The default value is
1
.ExecutionStartTime
— (Date
)If a step has begun execution, this contains the time the step started. If the step is in Pending status, this field isn't populated.
ExecutionEndTime
— (Date
)If a step has finished execution, this contains the time the execution ended. If the step hasn't yet concluded, this field isn't populated.
StepStatus
— (String
)The execution status for this step.
Possible values include:"Pending"
"InProgress"
"Waiting"
"Success"
"TimedOut"
"Cancelling"
"Cancelled"
"Failed"
"PendingApproval"
"Approved"
"Rejected"
"Scheduled"
"RunbookInProgress"
"PendingChangeCalendarOverride"
"ChangeCalendarOverrideApproved"
"ChangeCalendarOverrideRejected"
"CompletedWithSuccess"
"CompletedWithFailure"
ResponseCode
— (String
)The response code returned by the execution of the step.
Inputs
— (map<String>
)Fully-resolved values passed into the step before execution.
Outputs
— (map<Array<String>>
)Returned values from the execution of the step.
Response
— (String
)A message associated with the response code for an execution.
FailureMessage
— (String
)If a step failed, this message explains why the execution failed.
FailureDetails
— (map
)Information about the Automation failure.
FailureStage
— (String
)The stage of the Automation execution when the failure occurred. The stages include the following: InputValidation, PreVerification, Invocation, PostVerification.
FailureType
— (String
)The type of Automation failure. Failure types include the following: Action, Permission, Throttling, Verification, Internal.
Details
— (map<Array<String>>
)Detailed information about the Automation step failure.
StepExecutionId
— (String
)The unique ID of a step execution.
OverriddenParameters
— (map<Array<String>>
)A user-specified list of parameters to override when running a step.
IsEnd
— (Boolean
)The flag which can be used to end automation no matter whether the step succeeds or fails.
NextStep
— (String
)The next step after the step succeeds.
IsCritical
— (Boolean
)The flag which can be used to help decide whether the failure of current step leads to the Automation failure.
ValidNextSteps
— (Array<String>
)Strategies used when step fails, we support Continue and Abort. Abort will fail the automation when the step fails. Continue will ignore the failure of current step and allow automation to run the next step. With conditional branching, we add step:stepName to support the automation to go to another specific step.
Targets
— (Array<map>
)The targets for the step execution.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TargetLocation
— (map
)The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation execution.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
StepExecutionsTruncated
— (Boolean
)A boolean value that indicates if the response contains the full list of the Automation step executions. If true, use the DescribeAutomationStepExecutions API operation to get the full list of step executions.
Parameters
— (map<Array<String>>
)The key-value map of execution parameters, which were supplied when calling StartAutomationExecution.
Outputs
— (map<Array<String>>
)The list of execution outputs as defined in the Automation runbook.
FailureMessage
— (String
)A message describing why an execution has failed, if the status is set to Failed.
Mode
— (String
)The automation execution mode.
Possible values include:"Auto"
"Interactive"
ParentAutomationExecutionId
— (String
)The AutomationExecutionId of the parent automation.
ExecutedBy
— (String
)The Amazon Resource Name (ARN) of the user who ran the automation.
CurrentStepName
— (String
)The name of the step that is currently running.
CurrentAction
— (String
)The action of the step that is currently running.
TargetParameterName
— (String
)The parameter name.
Targets
— (Array<map>
)The specified targets.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TargetMaps
— (Array<map<Array<String>>>
)The specified key-value mapping of document parameters to target resources.
ResolvedTargets
— (map
)A list of resolved targets in the rate control execution.
ParameterValues
— (Array<String>
)A list of parameter values sent to targets that resolved during the Automation execution.
Truncated
— (Boolean
)A boolean value indicating whether the resolved target list is truncated.
MaxConcurrency
— (String
)The
MaxConcurrency
value specified by the user when the execution started.MaxErrors
— (String
)The MaxErrors value specified by the user when the execution started.
Target
— (String
)The target of the execution.
TargetLocations
— (Array<map>
)The combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the Automation.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
ProgressCounters
— (map
)An aggregate of step execution statuses displayed in the Amazon Web Services Systems Manager console for a multi-Region and multi-account Automation execution.
TotalSteps
— (Integer
)The total number of steps run in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
SuccessSteps
— (Integer
)The total number of steps that successfully completed in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
FailedSteps
— (Integer
)The total number of steps that failed to run in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
CancelledSteps
— (Integer
)The total number of steps that the system cancelled in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
TimedOutSteps
— (Integer
)The total number of steps that timed out in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
AutomationSubtype
— (String
)The subtype of the Automation operation. Currently, the only supported value is
Possible values include:ChangeRequest
."ChangeRequest"
ScheduledTime
— (Date
)The date and time the Automation operation is scheduled to start.
Runbooks
— (Array<map>
)Information about the Automation runbooks that are run as part of a runbook workflow.
Note: The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.DocumentName
— required — (String
)The name of the Automation runbook used in a runbook workflow.
DocumentVersion
— (String
)The version of the Automation runbook used in a runbook workflow.
Parameters
— (map<Array<String>>
)The key-value map of execution parameters, which were supplied when calling
StartChangeRequestExecution
.TargetParameterName
— (String
)The name of the parameter used as the target resource for the rate-controlled runbook workflow. Required if you specify
Targets
.Targets
— (Array<map>
)A key-value mapping to target resources that the runbook operation performs tasks on. Required if you specify
TargetParameterName
.Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
MaxConcurrency
— (String
)The
MaxConcurrency
value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time.MaxErrors
— (String
)The
MaxErrors
value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back.TargetLocations
— (Array<map>
)Information about the Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Runbook operation.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
OpsItemId
— (String
)The ID of an OpsItem that is created to represent a Change Manager change request.
AssociationId
— (String
)The ID of a State Manager association used in the Automation operation.
ChangeRequestName
— (String
)The name of the Change Manager change request.
-
(AWS.Response)
—
Returns:
getCalendarState(params = {}, callback) ⇒ AWS.Request
Gets the state of a Amazon Web Services Systems Manager change calendar at the current time or a specified time. If you specify a time,
GetCalendarState
returns the state of the calendar at that specific time, and returns the next time that the change calendar state will transition. If you don't specify a time,GetCalendarState
uses the current time. Change Calendar entries have two possible states:OPEN
orCLOSED
.If you specify more than one calendar in a request, the command returns the status of
OPEN
only if all calendars in the request are open. If one or more calendars in the request are closed, the status returned isCLOSED
.For more information about Change Calendar, a capability of Amazon Web Services Systems Manager, see Amazon Web Services Systems Manager Change Calendar in the Amazon Web Services Systems Manager User Guide.
Service Reference:
Examples:
Calling the getCalendarState operation
var params = { CalendarNames: [ /* required */ 'STRING_VALUE', /* more items */ ], AtTime: 'STRING_VALUE' }; ssm.getCalendarState(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
CalendarNames
— (Array<String>
)The names or Amazon Resource Names (ARNs) of the Systems Manager documents (SSM documents) that represent the calendar entries for which you want to get the state.
AtTime
— (String
)(Optional) The specific time for which you want to get calendar state information, in ISO 8601 format. If you don't specify a value or
AtTime
, the current time is used.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:State
— (String
)The state of the calendar. An
Possible values include:OPEN
calendar indicates that actions are allowed to proceed, and aCLOSED
calendar indicates that actions aren't allowed to proceed."OPEN"
"CLOSED"
AtTime
— (String
)The time, as an ISO 8601 string, that you specified in your command. If you don't specify a time,
GetCalendarState
uses the current time.NextTransitionTime
— (String
)The time, as an ISO 8601 string, that the calendar state will change. If the current calendar state is
OPEN
,NextTransitionTime
indicates when the calendar state changes toCLOSED
, and vice-versa.
-
(AWS.Response)
—
Returns:
getCommandInvocation(params = {}, callback) ⇒ AWS.Request
Returns detailed information about command execution for an invocation or plugin.
GetCommandInvocation
only gives the execution status of a plugin in a document. To get the command execution status on a specific instance, use ListCommandInvocations. To get the command execution status across instances, use ListCommands.Service Reference:
Examples:
Calling the getCommandInvocation operation
var params = { CommandId: 'STRING_VALUE', /* required */ InstanceId: 'STRING_VALUE', /* required */ PluginName: 'STRING_VALUE' }; ssm.getCommandInvocation(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
CommandId
— (String
)(Required) The parent command ID of the invocation plugin.
InstanceId
— (String
)(Required) The ID of the managed instance targeted by the command. A managed instance can be an Amazon Elastic Compute Cloud (Amazon EC2) instance or an instance in your hybrid environment that is configured for Amazon Web Services Systems Manager.
PluginName
— (String
)The name of the plugin for which you want detailed results. If the document contains only one plugin, you can omit the name and details for that plugin. If the document contains more than one plugin, you must specify the name of the plugin for which you want to view details.
Plugin names are also referred to as step names in Systems Manager documents (SSM documents). For example,
aws:RunShellScript
is a plugin.To find the
PluginName
, check the document content and find the name of the plugin. Alternatively, use ListCommandInvocations with theCommandId
andDetails
parameters. ThePluginName
is theName
attribute of theCommandPlugin
object in theCommandPlugins
list.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:CommandId
— (String
)The parent command ID of the invocation plugin.
InstanceId
— (String
)The ID of the managed instance targeted by the command. A managed instance can be an EC2 instance or an instance in your hybrid environment that is configured for Systems Manager.
Comment
— (String
)The comment text for the command.
DocumentName
— (String
)The name of the document that was run. For example,
AWS-RunShellScript
.DocumentVersion
— (String
)The Systems Manager document (SSM document) version used in the request.
PluginName
— (String
)The name of the plugin, or step name, for which details are reported. For example,
aws:RunShellScript
is a plugin.ResponseCode
— (Integer
)The error level response code for the plugin script. If the response code is
-1
, then the command hasn't started running on the instance, or it wasn't received by the instance.ExecutionStartDateTime
— (String
)The date and time the plugin started running. Date and time are written in ISO 8601 format. For example, June 7, 2017 is represented as 2017-06-7. The following sample Amazon Web Services CLI command uses the
InvokedBefore
filter.aws ssm list-commands --filters key=InvokedBefore,value=2017-06-07T00:00:00Z
If the plugin hasn't started to run, the string is empty.
ExecutionElapsedTime
— (String
)Duration since
ExecutionStartDateTime
.ExecutionEndDateTime
— (String
)The date and time the plugin finished running. Date and time are written in ISO 8601 format. For example, June 7, 2017 is represented as 2017-06-7. The following sample Amazon Web Services CLI command uses the
InvokedAfter
filter.aws ssm list-commands --filters key=InvokedAfter,value=2017-06-07T00:00:00Z
If the plugin hasn't started to run, the string is empty.
Status
— (String
)The status of this invocation plugin. This status can be different than
Possible values include:StatusDetails
."Pending"
"InProgress"
"Delayed"
"Success"
"Cancelled"
"TimedOut"
"Failed"
"Cancelling"
StatusDetails
— (String
)A detailed status of the command execution for an invocation.
StatusDetails
includes more information thanStatus
because it includes states resulting from error and concurrency control parameters.StatusDetails
can show different results thanStatus
. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide.StatusDetails
can be one of the following values:-
Pending: The command hasn't been sent to the instance.
-
In Progress: The command has been sent to the instance but hasn't reached a terminal state.
-
Delayed: The system attempted to send the command to the target, but the target wasn't available. The instance might not be available because of network issues, because the instance was stopped, or for similar reasons. The system will try to send the command again.
-
Success: The command or plugin ran successfully. This is a terminal state.
-
Delivery Timed Out: The command wasn't delivered to the instance before the delivery timeout expired. Delivery timeouts don't count against the parent command's
MaxErrors
limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state. -
Execution Timed Out: The command started to run on the instance, but the execution wasn't complete before the timeout expired. Execution timeouts count against the
MaxErrors
limit of the parent command. This is a terminal state. -
Failed: The command wasn't run successfully on the instance. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the
MaxErrors
limit of the parent command. This is a terminal state. -
Canceled: The command was terminated before it was completed. This is a terminal state.
-
Undeliverable: The command can't be delivered to the instance. The instance might not exist or might not be responding. Undeliverable invocations don't count against the parent command's
MaxErrors
limit and don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state. -
Terminated: The parent command exceeded its
MaxErrors
limit and subsequent command invocations were canceled by the system. This is a terminal state.
-
StandardOutputContent
— (String
)The first 24,000 characters written by the plugin to
stdout
. If the command hasn't finished running, ifExecutionStatus
is neither Succeeded nor Failed, then this string is empty.StandardOutputUrl
— (String
)The URL for the complete text written by the plugin to
stdout
in Amazon Simple Storage Service (Amazon S3). If an S3 bucket wasn't specified, then this string is empty.StandardErrorContent
— (String
)The first 8,000 characters written by the plugin to
stderr
. If the command hasn't finished running, then this string is empty.StandardErrorUrl
— (String
)The URL for the complete text written by the plugin to
stderr
. If the command hasn't finished running, then this string is empty.CloudWatchOutputConfig
— (map
)Amazon CloudWatch Logs information where Systems Manager sent the command output.
CloudWatchLogGroupName
— (String
)The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
CloudWatchOutputEnabled
— (Boolean
)Enables Systems Manager to send command output to CloudWatch Logs.
-
(AWS.Response)
—
Returns:
Waiter Resource States:
getConnectionStatus(params = {}, callback) ⇒ AWS.Request
Retrieves the Session Manager connection status for an instance to determine whether it is running and ready to receive Session Manager connections.
Service Reference:
Examples:
Calling the getConnectionStatus operation
var params = { Target: 'STRING_VALUE' /* required */ }; ssm.getConnectionStatus(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Target
— (String
)The instance ID.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Target
— (String
)The ID of the instance to check connection status.
Status
— (String
)The status of the connection to the instance. For example, 'Connected' or 'Not Connected'.
Possible values include:"Connected"
"NotConnected"
-
(AWS.Response)
—
Returns:
getDefaultPatchBaseline(params = {}, callback) ⇒ AWS.Request
Retrieves the default patch baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
If you don't specify an operating system value, the default patch baseline for Windows is returned.
Service Reference:
Examples:
Calling the getDefaultPatchBaseline operation
var params = { OperatingSystem: WINDOWS | AMAZON_LINUX | AMAZON_LINUX_2 | UBUNTU | REDHAT_ENTERPRISE_LINUX | SUSE | CENTOS | ORACLE_LINUX | DEBIAN | MACOS }; ssm.getDefaultPatchBaseline(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
OperatingSystem
— (String
)Returns the default patch baseline for the specified operating system.
Possible values include:"WINDOWS"
"AMAZON_LINUX"
"AMAZON_LINUX_2"
"UBUNTU"
"REDHAT_ENTERPRISE_LINUX"
"SUSE"
"CENTOS"
"ORACLE_LINUX"
"DEBIAN"
"MACOS"
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:BaselineId
— (String
)The ID of the default patch baseline.
OperatingSystem
— (String
)The operating system for the returned patch baseline.
Possible values include:"WINDOWS"
"AMAZON_LINUX"
"AMAZON_LINUX_2"
"UBUNTU"
"REDHAT_ENTERPRISE_LINUX"
"SUSE"
"CENTOS"
"ORACLE_LINUX"
"DEBIAN"
"MACOS"
-
(AWS.Response)
—
Returns:
getDeployablePatchSnapshotForInstance(params = {}, callback) ⇒ AWS.Request
Retrieves the current snapshot for the patch baseline the instance uses. This API is primarily used by the
AWS-RunPatchBaseline
Systems Manager document (SSM document).Note: If you run the command locally, such as with the Command Line Interface (CLI), the system attempts to use your local Amazon Web Services credentials and the operation fails. To avoid this, you can run the command in the Amazon Web Services Systems Manager console. Use Run Command, a capability of Amazon Web Services Systems Manager, with an SSM document that enables you to target an instance with a script or command. For example, run the command using theAWS-RunShellScript
document or theAWS-RunPowerShellScript
document.Service Reference:
Examples:
Calling the getDeployablePatchSnapshotForInstance operation
var params = { InstanceId: 'STRING_VALUE', /* required */ SnapshotId: 'STRING_VALUE', /* required */ BaselineOverride: { ApprovalRules: { PatchRules: [ /* required */ { PatchFilterGroup: { /* required */ PatchFilters: [ /* required */ { Key: ARCH | ADVISORY_ID | BUGZILLA_ID | PATCH_SET | PRODUCT | PRODUCT_FAMILY | CLASSIFICATION | CVE_ID | EPOCH | MSRC_SEVERITY | NAME | PATCH_ID | SECTION | PRIORITY | REPOSITORY | RELEASE | SEVERITY | SECURITY | VERSION, /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }, ApproveAfterDays: 'NUMBER_VALUE', ApproveUntilDate: 'STRING_VALUE', ComplianceLevel: CRITICAL | HIGH | MEDIUM | LOW | INFORMATIONAL | UNSPECIFIED, EnableNonSecurity: true || false }, /* more items */ ] }, ApprovedPatches: [ 'STRING_VALUE', /* more items */ ], ApprovedPatchesComplianceLevel: CRITICAL | HIGH | MEDIUM | LOW | INFORMATIONAL | UNSPECIFIED, ApprovedPatchesEnableNonSecurity: true || false, GlobalFilters: { PatchFilters: [ /* required */ { Key: ARCH | ADVISORY_ID | BUGZILLA_ID | PATCH_SET | PRODUCT | PRODUCT_FAMILY | CLASSIFICATION | CVE_ID | EPOCH | MSRC_SEVERITY | NAME | PATCH_ID | SECTION | PRIORITY | REPOSITORY | RELEASE | SEVERITY | SECURITY | VERSION, /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }, OperatingSystem: WINDOWS | AMAZON_LINUX | AMAZON_LINUX_2 | UBUNTU | REDHAT_ENTERPRISE_LINUX | SUSE | CENTOS | ORACLE_LINUX | DEBIAN | MACOS, RejectedPatches: [ 'STRING_VALUE', /* more items */ ], RejectedPatchesAction: ALLOW_AS_DEPENDENCY | BLOCK, Sources: [ { Configuration: 'STRING_VALUE', /* required */ Name: 'STRING_VALUE', /* required */ Products: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] } }; ssm.getDeployablePatchSnapshotForInstance(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
InstanceId
— (String
)The ID of the instance for which the appropriate patch snapshot should be retrieved.
SnapshotId
— (String
)The snapshot ID provided by the user when running
AWS-RunPatchBaseline
.BaselineOverride
— (map
)Defines the basic information about a patch baseline override.
OperatingSystem
— (String
)The operating system rule used by the patch baseline override.
Possible values include:"WINDOWS"
"AMAZON_LINUX"
"AMAZON_LINUX_2"
"UBUNTU"
"REDHAT_ENTERPRISE_LINUX"
"SUSE"
"CENTOS"
"ORACLE_LINUX"
"DEBIAN"
"MACOS"
GlobalFilters
— (map
)A set of patch filters, typically used for approval rules.
PatchFilters
— required — (Array<map>
)The set of patch filters that make up the group.
Key
— required — (String
)The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
Possible values include:"ARCH"
"ADVISORY_ID"
"BUGZILLA_ID"
"PATCH_SET"
"PRODUCT"
"PRODUCT_FAMILY"
"CLASSIFICATION"
"CVE_ID"
"EPOCH"
"MSRC_SEVERITY"
"NAME"
"PATCH_ID"
"SECTION"
"PRIORITY"
"REPOSITORY"
"RELEASE"
"SEVERITY"
"SECURITY"
"VERSION"
Values
— required — (Array<String>
)The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
ApprovalRules
— (map
)A set of rules defining the approval rules for a patch baseline.
PatchRules
— required — (Array<map>
)The rules that make up the rule group.
PatchFilterGroup
— required — (map
)The patch filter group that defines the criteria for the rule.
PatchFilters
— required — (Array<map>
)The set of patch filters that make up the group.
Key
— required — (String
)The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
Possible values include:"ARCH"
"ADVISORY_ID"
"BUGZILLA_ID"
"PATCH_SET"
"PRODUCT"
"PRODUCT_FAMILY"
"CLASSIFICATION"
"CVE_ID"
"EPOCH"
"MSRC_SEVERITY"
"NAME"
"PATCH_ID"
"SECTION"
"PRIORITY"
"REPOSITORY"
"RELEASE"
"SEVERITY"
"SECURITY"
"VERSION"
Values
— required — (Array<String>
)The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
ComplianceLevel
— (String
)A compliance severity level for all approved patches in a patch baseline.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"INFORMATIONAL"
"UNSPECIFIED"
ApproveAfterDays
— (Integer
)The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7
means that patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu Server.ApproveUntilDate
— (String
)The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
Enter dates in the format
YYYY-MM-DD
. For example,2021-12-31
.EnableNonSecurity
— (Boolean
)For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false
. Applies to Linux instances only.
ApprovedPatches
— (Array<String>
)A list of explicitly approved patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
ApprovedPatchesComplianceLevel
— (String
)Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"INFORMATIONAL"
"UNSPECIFIED"
RejectedPatches
— (Array<String>
)A list of explicitly rejected patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
RejectedPatchesAction
— (String
)The action for Patch Manager to take on patches included in the
Possible values include:RejectedPackages
list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency."ALLOW_AS_DEPENDENCY"
"BLOCK"
ApprovedPatchesEnableNonSecurity
— (Boolean
)Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is
false
. Applies to Linux instances only.Sources
— (Array<map>
)Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
Name
— required — (String
)The name specified to identify the patch source.
Products
— required — (Array<String>
)The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
Configuration
— required — (String
)The value of the yum repo configuration. For example:
[main]
name=MyCustomRepository
baseurl=https://my-custom-repository
enabled=1
Note: For information about other options available for your yum repository configuration, see dnf.conf(5).
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:InstanceId
— (String
)The instance ID.
SnapshotId
— (String
)The user-defined snapshot ID.
SnapshotDownloadUrl
— (String
)A pre-signed Amazon Simple Storage Service (Amazon S3) URL that can be used to download the patch snapshot.
Product
— (String
)Returns the specific operating system (for example Windows Server 2012 or Amazon Linux 2015.09) on the instance for the specified patch snapshot.
-
(AWS.Response)
—
Returns:
getDocument(params = {}, callback) ⇒ AWS.Request
Gets the contents of the specified Amazon Web Services Systems Manager document (SSM document).
Service Reference:
Examples:
Calling the getDocument operation
var params = { Name: 'STRING_VALUE', /* required */ DocumentFormat: YAML | JSON | TEXT, DocumentVersion: 'STRING_VALUE', VersionName: 'STRING_VALUE' }; ssm.getDocument(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the SSM document.
VersionName
— (String
)An optional field specifying the version of the artifact associated with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document and can't be changed.
DocumentVersion
— (String
)The document version for which you want information.
DocumentFormat
— (String
)Returns the document in the specified format. The document format can be either JSON or YAML. JSON is the default format.
Possible values include:"YAML"
"JSON"
"TEXT"
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Name
— (String
)The name of the SSM document.
CreatedDate
— (Date
)The date the SSM document was created.
DisplayName
— (String
)The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.
VersionName
— (String
)The version of the artifact associated with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document, and can't be changed.
DocumentVersion
— (String
)The document version.
Status
— (String
)The status of the SSM document, such as
Possible values include:Creating
,Active
,Updating
,Failed
, andDeleting
."Creating"
"Active"
"Updating"
"Deleting"
"Failed"
StatusInformation
— (String
)A message returned by Amazon Web Services Systems Manager that explains the
Status
value. For example, aFailed
status might be explained by theStatusInformation
message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."Content
— (String
)The contents of the SSM document.
DocumentType
— (String
)The document type.
Possible values include:"Command"
"Policy"
"Automation"
"Session"
"Package"
"ApplicationConfiguration"
"ApplicationConfigurationSchema"
"DeploymentStrategy"
"ChangeCalendar"
"Automation.ChangeTemplate"
"ProblemAnalysis"
"ProblemAnalysisTemplate"
DocumentFormat
— (String
)The document format, either JSON or YAML.
Possible values include:"YAML"
"JSON"
"TEXT"
Requires
— (Array<map>
)A list of SSM documents required by a document. For example, an
ApplicationConfiguration
document requires anApplicationConfigurationSchema
document.Name
— required — (String
)The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version
— (String
)The document version required by the current document.
AttachmentsContent
— (Array<map>
)A description of the document attachments, including names, locations, sizes, and so on.
Name
— (String
)The name of an attachment.
Size
— (Integer
)The size of an attachment in bytes.
Hash
— (String
)The cryptographic hash value of the document content.
HashType
— (String
)The hash algorithm used to calculate the hash value.
Possible values include:"Sha256"
Url
— (String
)The URL location of the attachment content.
ReviewStatus
— (String
)The current review status of a new custom Systems Manager document (SSM document) created by a member of your organization, or of the latest version of an existing SSM document.
Only one version of an SSM document can be in the APPROVED state at a time. When a new version is approved, the status of the previous version changes to REJECTED.
Only one version of an SSM document can be in review, or PENDING, at a time.
Possible values include:"APPROVED"
"NOT_REVIEWED"
"PENDING"
"REJECTED"
-
(AWS.Response)
—
Returns:
getInventory(params = {}, callback) ⇒ AWS.Request
Query inventory information. This includes instance status, such as
Stopped
orTerminated
.Service Reference:
Examples:
Calling the getInventory operation
var params = { Aggregators: [ /* InventoryAggregatorList */ { Aggregators: /* recursive InventoryAggregatorList */, Expression: 'STRING_VALUE', Groups: [ { Filters: [ /* required */ { Key: 'STRING_VALUE', /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ], Type: Equal | NotEqual | BeginWith | LessThan | GreaterThan | Exists }, /* more items */ ], Name: 'STRING_VALUE' /* required */ }, /* more items */ ] }, /* more items */ ], Filters: [ { Key: 'STRING_VALUE', /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ], Type: Equal | NotEqual | BeginWith | LessThan | GreaterThan | Exists }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE', ResultAttributes: [ { TypeName: 'STRING_VALUE' /* required */ }, /* more items */ ] }; ssm.getInventory(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Filters
— (Array<map>
)One or more filters. Use a filter to return a more specific list of results.
Key
— required — (String
)The name of the filter key.
Values
— required — (Array<String>
)Inventory filter values. Example: inventory filter where instance IDs are specified as values
Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal
.Type
— (String
)The type of filter.
Note: ThePossible values include:Exists
filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide."Equal"
"NotEqual"
"BeginWith"
"LessThan"
"GreaterThan"
"Exists"
Aggregators
— (Array<map>
)Returns counts of inventory types based on one or more expressions. For example, if you aggregate by using an expression that uses the
AWS:InstanceInformation.PlatformType
type, you can see a count of how many Windows and Linux instances exist in your inventoried fleet.Expression
— (String
)The inventory type and attribute name for aggregation.
Aggregators
— (Array<map>
)Nested aggregators to further refine aggregation for an inventory type.
Groups
— (Array<map>
)A user-defined set of one or more filters on which to aggregate inventory data. Groups return a count of resources that match and don't match the specified criteria.
Name
— required — (String
)The name of the group.
Filters
— required — (Array<map>
)Filters define the criteria for the group. The
matchingCount
field displays the number of resources that match the criteria. ThenotMatchingCount
field displays the number of resources that don't match the criteria.Key
— required — (String
)The name of the filter key.
Values
— required — (Array<String>
)Inventory filter values. Example: inventory filter where instance IDs are specified as values
Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal
.Type
— (String
)The type of filter.
Note: ThePossible values include:Exists
filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide."Equal"
"NotEqual"
"BeginWith"
"LessThan"
"GreaterThan"
"Exists"
ResultAttributes
— (Array<map>
)The list of inventory item types to return.
TypeName
— required — (String
)Name of the inventory item type. Valid value:
AWS:InstanceInformation
. Default Value:AWS:InstanceInformation
.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Entities
— (Array<map>
)Collection of inventory entities such as a collection of instance inventory.
Id
— (String
)ID of the inventory result entity. For example, for managed instance inventory the result will be the managed instance ID. For EC2 instance inventory, the result will be the instance ID.
Data
— (map<map>
)The data section in the inventory result entity JSON.
TypeName
— required — (String
)The name of the inventory result item type.
SchemaVersion
— required — (String
)The schema version for the inventory result item/
CaptureTime
— (String
)The time inventory item data was captured.
ContentHash
— (String
)MD5 hash of the inventory item type contents. The content hash is used to determine whether to update inventory information. The PutInventory API doesn't update the inventory item type contents if the MD5 hash hasn't changed since last update.
Content
— required — (Array<map<String>>
)Contains all the inventory data of the item type. Results include attribute names and values.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
getInventorySchema(params = {}, callback) ⇒ AWS.Request
Return a list of inventory type names for the account, or return a list of attribute names for a specific Inventory item type.
Service Reference:
Examples:
Calling the getInventorySchema operation
var params = { Aggregator: true || false, MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE', SubType: true || false, TypeName: 'STRING_VALUE' }; ssm.getInventorySchema(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
TypeName
— (String
)The type of inventory item to return.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
Aggregator
— (Boolean
)Returns inventory schemas that support aggregation. For example, this call returns the
AWS:InstanceInformation
type, because it supports aggregation based on thePlatformName
,PlatformType
, andPlatformVersion
attributes.SubType
— (Boolean
)Returns the sub-type schema for a specified inventory type.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Schemas
— (Array<map>
)Inventory schemas returned by the request.
TypeName
— required — (String
)The name of the inventory type. Default inventory item type names start with Amazon Web Services. Custom inventory type names will start with Custom. Default inventory item types include the following:
AWS:AWSComponent
,AWS:Application
,AWS:InstanceInformation
,AWS:Network
, andAWS:WindowsUpdate
.Version
— (String
)The schema version for the inventory item.
Attributes
— required — (Array<map>
)The schema attributes for inventory. This contains data type and attribute name.
Name
— required — (String
)Name of the inventory item attribute.
DataType
— required — (String
)The data type of the inventory item attribute.
Possible values include:"string"
"number"
DisplayName
— (String
)The alias name of the inventory type. The alias name is used for display purposes.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
getMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Retrieves a maintenance window.
Service Reference:
Examples:
Calling the getMaintenanceWindow operation
var params = { WindowId: 'STRING_VALUE' /* required */ }; ssm.getMaintenanceWindow(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowId
— (String
)The ID of the maintenance window for which you want to retrieve information.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowId
— (String
)The ID of the created maintenance window.
Name
— (String
)The name of the maintenance window.
Description
— (String
)The description of the maintenance window.
StartDate
— (String
)The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. The maintenance window won't run before this specified time.
EndDate
— (String
)The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive. The maintenance window won't run after this specified time.
Schedule
— (String
)The schedule of the maintenance window in the form of a cron or rate expression.
ScheduleTimezone
— (String
)The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
ScheduleOffset
— (Integer
)The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
NextExecutionTime
— (String
)The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive.
Duration
— (Integer
)The duration of the maintenance window in hours.
Cutoff
— (Integer
)The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
AllowUnassociatedTargets
— (Boolean
)Whether targets must be registered with the maintenance window before tasks can be defined for those targets.
Enabled
— (Boolean
)Indicates whether the maintenance window is enabled.
CreatedDate
— (Date
)The date the maintenance window was created.
ModifiedDate
— (Date
)The date the maintenance window was last modified.
-
(AWS.Response)
—
Returns:
getMaintenanceWindowExecution(params = {}, callback) ⇒ AWS.Request
Retrieves details about a specific a maintenance window execution.
Service Reference:
Examples:
Calling the getMaintenanceWindowExecution operation
var params = { WindowExecutionId: 'STRING_VALUE' /* required */ }; ssm.getMaintenanceWindowExecution(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowExecutionId
— (String
)The ID of the maintenance window execution that includes the task.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowExecutionId
— (String
)The ID of the maintenance window execution.
TaskIds
— (Array<String>
)The ID of the task executions from the maintenance window execution.
Status
— (String
)The status of the maintenance window execution.
Possible values include:"PENDING"
"IN_PROGRESS"
"SUCCESS"
"FAILED"
"TIMED_OUT"
"CANCELLING"
"CANCELLED"
"SKIPPED_OVERLAPPING"
StatusDetails
— (String
)The details explaining the status. Not available for all status values.
StartTime
— (Date
)The time the maintenance window started running.
EndTime
— (Date
)The time the maintenance window finished running.
-
(AWS.Response)
—
Returns:
getMaintenanceWindowExecutionTask(params = {}, callback) ⇒ AWS.Request
Retrieves the details about a specific task run as part of a maintenance window execution.
Service Reference:
Examples:
Calling the getMaintenanceWindowExecutionTask operation
var params = { TaskId: 'STRING_VALUE', /* required */ WindowExecutionId: 'STRING_VALUE' /* required */ }; ssm.getMaintenanceWindowExecutionTask(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowExecutionId
— (String
)The ID of the maintenance window execution that includes the task.
TaskId
— (String
)The ID of the specific task execution in the maintenance window task that should be retrieved.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowExecutionId
— (String
)The ID of the maintenance window execution that includes the task.
TaskExecutionId
— (String
)The ID of the specific task execution in the maintenance window task that was retrieved.
TaskArn
— (String
)The Amazon Resource Name (ARN) of the task that ran.
ServiceRole
— (String
)The role that was assumed when running the task.
Type
— (String
)The type of task that was run.
Possible values include:"RUN_COMMAND"
"AUTOMATION"
"STEP_FUNCTIONS"
"LAMBDA"
TaskParameters
— (Array<map<map>>
)The parameters passed to the task when it was run.
Note:TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.The map has the following format:
-
Key
: string, between 1 and 255 characters -
Value
: an array of strings, each between 1 and 255 characters
Values
— (Array<String>
)This field contains an array of 0 or more strings, each 1 to 255 characters in length.
-
Priority
— (Integer
)The priority of the task.
MaxConcurrency
— (String
)The defined maximum number of task executions that could be run in parallel.
MaxErrors
— (String
)The defined maximum number of task execution errors allowed before scheduling of the task execution would have been stopped.
Status
— (String
)The status of the task.
Possible values include:"PENDING"
"IN_PROGRESS"
"SUCCESS"
"FAILED"
"TIMED_OUT"
"CANCELLING"
"CANCELLED"
"SKIPPED_OVERLAPPING"
StatusDetails
— (String
)The details explaining the status. Not available for all status values.
StartTime
— (Date
)The time the task execution started.
EndTime
— (Date
)The time the task execution completed.
-
(AWS.Response)
—
Returns:
getMaintenanceWindowExecutionTaskInvocation(params = {}, callback) ⇒ AWS.Request
Retrieves information about a specific task running on a specific target.
Service Reference:
Examples:
Calling the getMaintenanceWindowExecutionTaskInvocation operation
var params = { InvocationId: 'STRING_VALUE', /* required */ TaskId: 'STRING_VALUE', /* required */ WindowExecutionId: 'STRING_VALUE' /* required */ }; ssm.getMaintenanceWindowExecutionTaskInvocation(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowExecutionId
— (String
)The ID of the maintenance window execution for which the task is a part.
TaskId
— (String
)The ID of the specific task in the maintenance window task that should be retrieved.
InvocationId
— (String
)The invocation ID to retrieve.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowExecutionId
— (String
)The maintenance window execution ID.
TaskExecutionId
— (String
)The task execution ID.
InvocationId
— (String
)The invocation ID.
ExecutionId
— (String
)The execution ID.
TaskType
— (String
)Retrieves the task type for a maintenance window.
Possible values include:"RUN_COMMAND"
"AUTOMATION"
"STEP_FUNCTIONS"
"LAMBDA"
Parameters
— (String
)The parameters used at the time that the task ran.
Status
— (String
)The task status for an invocation.
Possible values include:"PENDING"
"IN_PROGRESS"
"SUCCESS"
"FAILED"
"TIMED_OUT"
"CANCELLING"
"CANCELLED"
"SKIPPED_OVERLAPPING"
StatusDetails
— (String
)The details explaining the status. Details are only available for certain status values.
StartTime
— (Date
)The time that the task started running on the target.
EndTime
— (Date
)The time that the task finished running on the target.
OwnerInformation
— (String
)User-provided value to be included in any Amazon CloudWatch Events or Amazon EventBridge events raised while running tasks for these targets in this maintenance window.
WindowTargetId
— (String
)The maintenance window target ID.
-
(AWS.Response)
—
Returns:
getMaintenanceWindowTask(params = {}, callback) ⇒ AWS.Request
Lists the tasks in a maintenance window.
Note: For maintenance window tasks without a specified target, you can't supply values for--max-errors
and--max-concurrency
. Instead, the system inserts a placeholder value of1
, which may be reported in the response to this command. These values don't affect the running of your task and can be ignored.Service Reference:
Examples:
Calling the getMaintenanceWindowTask operation
var params = { WindowId: 'STRING_VALUE', /* required */ WindowTaskId: 'STRING_VALUE' /* required */ }; ssm.getMaintenanceWindowTask(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowId
— (String
)The maintenance window ID that includes the task to retrieve.
WindowTaskId
— (String
)The maintenance window task ID to retrieve.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowId
— (String
)The retrieved maintenance window ID.
WindowTaskId
— (String
)The retrieved maintenance window task ID.
Targets
— (Array<map>
)The targets where the task should run.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TaskArn
— (String
)The resource that the task used during execution. For
RUN_COMMAND
andAUTOMATION
task types, the value ofTaskArn
is the SSM document name/ARN. ForLAMBDA
tasks, the value is the function name/ARN. ForSTEP_FUNCTIONS
tasks, the value is the state machine ARN.ServiceRoleArn
— (String
)The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TaskType
— (String
)The type of task to run.
Possible values include:"RUN_COMMAND"
"AUTOMATION"
"STEP_FUNCTIONS"
"LAMBDA"
TaskParameters
— (map<map>
)The parameters to pass to the task when it runs.
Note:TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.Values
— (Array<String>
)This field contains an array of 0 or more strings, each 1 to 255 characters in length.
TaskInvocationParameters
— (map
)The parameters to pass to the task when it runs.
RunCommand
— (map
)The parameters for a
RUN_COMMAND
task type.Comment
— (String
)Information about the commands to run.
CloudWatchOutputConfig
— (map
)Configuration options for sending command output to Amazon CloudWatch Logs.
CloudWatchLogGroupName
— (String
)The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
CloudWatchOutputEnabled
— (Boolean
)Enables Systems Manager to send command output to CloudWatch Logs.
DocumentHash
— (String
)The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
DocumentHashType
— (String
)SHA-256 or SHA-1. SHA-1 hashes have been deprecated.
Possible values include:"Sha256"
"Sha1"
DocumentVersion
— (String
)The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify
$DEFAULT
,$LATEST
, or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
NotificationConfig
— (map
)Configurations for sending notifications about command status changes on a per-instance basis.
NotificationArn
— (String
)An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents
— (Array<String>
)The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
NotificationType
— (String
)The type of notification.
-
Command
: Receive notification when the status of a command changes. -
Invocation
: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes.
"Command"
"Invocation"
-
OutputS3BucketName
— (String
)The name of the Amazon Simple Storage Service (Amazon S3) bucket.
OutputS3KeyPrefix
— (String
)The S3 bucket subfolder.
Parameters
— (map<Array<String>>
)The parameters for the
RUN_COMMAND
task execution.ServiceRoleArn
— (String
)The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TimeoutSeconds
— (Integer
)If this time is reached and the command hasn't already started running, it doesn't run.
Automation
— (map
)The parameters for an
AUTOMATION
task type.DocumentVersion
— (String
)The version of an Automation runbook to use during task execution.
Parameters
— (map<Array<String>>
)The parameters for the
AUTOMATION
task.For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
Note:LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. ForAUTOMATION
task types, Amazon Web Services Systems Manager ignores any values specified for these parameters.
StepFunctions
— (map
)The parameters for a
STEP_FUNCTIONS
task type.Input
— (String
)The inputs for the
STEP_FUNCTIONS
task.Name
— (String
)The name of the
STEP_FUNCTIONS
task.
Lambda
— (map
)The parameters for a
LAMBDA
task type.ClientContext
— (String
)Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.
Qualifier
— (String
)(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.
Payload
— (Buffer, Typed Array, Blob, String
)JSON to provide to your Lambda function as input.
Priority
— (Integer
)The priority of the task when it runs. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
MaxConcurrency
— (String
)The maximum number of targets allowed to run this task in parallel.
Note: For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of1
, which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored.MaxErrors
— (String
)The maximum number of errors allowed before the task stops being scheduled.
Note: For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of1
, which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored.LoggingInfo
— (map
)The location in Amazon Simple Storage Service (Amazon S3) where the task results are logged.
Note:LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.S3BucketName
— required — (String
)The name of an S3 bucket where execution logs are stored .
S3KeyPrefix
— (String
)(Optional) The S3 bucket subfolder.
S3Region
— required — (String
)The Amazon Web Services Region where the S3 bucket is located.
Name
— (String
)The retrieved task name.
Description
— (String
)The retrieved task description.
CutoffBehavior
— (String
)The action to take on tasks when the maintenance window cutoff time is reached.
Possible values include:CONTINUE_TASK
means that tasks continue to run. For Automation, Lambda, Step Functions tasks,CANCEL_TASK
means that currently running task invocations continue, but no new task invocations are started. For Run Command tasks,CANCEL_TASK
means the system attempts to stop the task by sending aCancelCommand
operation."CONTINUE_TASK"
"CANCEL_TASK"
-
(AWS.Response)
—
Returns:
getOpsItem(params = {}, callback) ⇒ AWS.Request
Get information about an OpsItem by using the ID. You must have permission in Identity and Access Management (IAM) to view information about an OpsItem. For more information, see Getting started with OpsCenter in the Amazon Web Services Systems Manager User Guide.
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see OpsCenter in the Amazon Web Services Systems Manager User Guide.
Service Reference:
Examples:
Calling the getOpsItem operation
var params = { OpsItemId: 'STRING_VALUE' /* required */ }; ssm.getOpsItem(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
OpsItemId
— (String
)The ID of the OpsItem that you want to get.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:OpsItem
— (map
)The OpsItem.
CreatedBy
— (String
)The ARN of the Amazon Web Services account that created the OpsItem.
OpsItemType
— (String
)The type of OpsItem. Currently, the only valid values are
/aws/changerequest
and/aws/issue
.CreatedTime
— (Date
)The date and time the OpsItem was created.
Description
— (String
)The OpsItem description.
LastModifiedBy
— (String
)The ARN of the Amazon Web Services account that last updated the OpsItem.
LastModifiedTime
— (Date
)The date and time the OpsItem was last updated.
Notifications
— (Array<map>
)The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.
Arn
— (String
)The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.
Priority
— (Integer
)The importance of this OpsItem in relation to other OpsItems in the system.
RelatedOpsItems
— (Array<map>
)One or more OpsItems that share something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
OpsItemId
— required — (String
)The ID of an OpsItem related to the current OpsItem.
Status
— (String
)The OpsItem status. Status can be
Possible values include:Open
,In Progress
, orResolved
. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide."Open"
"InProgress"
"Resolved"
"Pending"
"TimedOut"
"Cancelling"
"Cancelled"
"Failed"
"CompletedWithSuccess"
"CompletedWithFailure"
"Scheduled"
"RunbookInProgress"
"PendingChangeCalendarOverride"
"ChangeCalendarOverrideApproved"
"ChangeCalendarOverrideRejected"
"PendingApproval"
"Approved"
"Rejected"
"Closed"
OpsItemId
— (String
)The ID of the OpsItem.
Version
— (String
)The version of this OpsItem. Each time the OpsItem is edited the version number increments by one.
Title
— (String
)A short heading that describes the nature of the OpsItem and the impacted resource.
Source
— (String
)The origin of the OpsItem, such as Amazon EC2 or Systems Manager. The impacted resource is a subset of source.
OperationalData
— (map<map>
)Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.
Operational data keys can't begin with the following:
amazon
,aws
,amzn
,ssm
,/amazon
,/aws
,/amzn
,/ssm
.You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).
Use the
/aws/resources
key in OperationalData to specify a related resource in the request. Use the/aws/automations
key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Creating OpsItems manually in the Amazon Web Services Systems Manager User Guide.Value
— (String
)The value of the OperationalData key.
Type
— (String
)The type of key-value pair. Valid types include
Possible values include:SearchableString
andString
."SearchableString"
"String"
Category
— (String
)An OpsItem category. Category options include: Availability, Cost, Performance, Recovery, Security.
Severity
— (String
)The severity of the OpsItem. Severity options range from 1 to 4.
ActualStartTime
— (Date
)The time a runbook workflow started. Currently reported only for the OpsItem type
/aws/changerequest
.ActualEndTime
— (Date
)The time a runbook workflow ended. Currently reported only for the OpsItem type
/aws/changerequest
.PlannedStartTime
— (Date
)The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type
/aws/changerequest
.PlannedEndTime
— (Date
)The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type
/aws/changerequest
.
-
(AWS.Response)
—
Returns:
getOpsMetadata(params = {}, callback) ⇒ AWS.Request
View operational metadata related to an application in Application Manager.
Service Reference:
Examples:
Calling the getOpsMetadata operation
var params = { OpsMetadataArn: 'STRING_VALUE', /* required */ MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.getOpsMetadata(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
OpsMetadataArn
— (String
)The Amazon Resource Name (ARN) of an OpsMetadata Object to view.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:ResourceId
— (String
)The resource ID of the Application Manager application.
Metadata
— (map<map>
)OpsMetadata for an Application Manager application.
Value
— (String
)Metadata value to assign to an Application Manager application.
NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
-
(AWS.Response)
—
Returns:
getOpsSummary(params = {}, callback) ⇒ AWS.Request
View a summary of operations metadata (OpsData) based on specified filters and aggregators. OpsData can include information about Amazon Web Services Systems Manager OpsCenter operational workitems (OpsItems) as well as information about any Amazon Web Services resource or service configured to report OpsData to Amazon Web Services Systems Manager Explorer.
Service Reference:
Examples:
Calling the getOpsSummary operation
var params = { Aggregators: [ /* OpsAggregatorList */ { AggregatorType: 'STRING_VALUE', Aggregators: /* recursive OpsAggregatorList */, AttributeName: 'STRING_VALUE', Filters: [ { Key: 'STRING_VALUE', /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ], Type: Equal | NotEqual | BeginWith | LessThan | GreaterThan | Exists }, /* more items */ ], TypeName: 'STRING_VALUE', Values: { '<OpsAggregatorValueKey>': 'STRING_VALUE', /* '<OpsAggregatorValueKey>': ... */ } }, /* more items */ ], Filters: [ { Key: 'STRING_VALUE', /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ], Type: Equal | NotEqual | BeginWith | LessThan | GreaterThan | Exists }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE', ResultAttributes: [ { TypeName: 'STRING_VALUE' /* required */ }, /* more items */ ], SyncName: 'STRING_VALUE' }; ssm.getOpsSummary(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
SyncName
— (String
)Specify the name of a resource data sync to get.
Filters
— (Array<map>
)Optional filters used to scope down the returned OpsData.
Key
— required — (String
)The name of the filter.
Values
— required — (Array<String>
)The filter value.
Type
— (String
)The type of filter.
Possible values include:"Equal"
"NotEqual"
"BeginWith"
"LessThan"
"GreaterThan"
"Exists"
Aggregators
— (Array<map>
)Optional aggregators that return counts of OpsData based on one or more expressions.
AggregatorType
— (String
)Either a
Range
orCount
aggregator for limiting an OpsData summary.TypeName
— (String
)The data type name to use for viewing counts of OpsData.
AttributeName
— (String
)The name of an OpsData attribute on which to limit the count of OpsData.
Values
— (map<String>
)The aggregator value.
Filters
— (Array<map>
)The aggregator filters.
Key
— required — (String
)The name of the filter.
Values
— required — (Array<String>
)The filter value.
Type
— (String
)The type of filter.
Possible values include:"Equal"
"NotEqual"
"BeginWith"
"LessThan"
"GreaterThan"
"Exists"
Aggregators
— (Array<map>
)A nested aggregator for viewing counts of OpsData.
ResultAttributes
— (Array<map>
)The OpsData data type to return.
TypeName
— required — (String
)Name of the data type. Valid value:
AWS:OpsItem
,AWS:EC2InstanceInformation
,AWS:OpsItemTrendline
, orAWS:ComplianceSummary
.
NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Entities
— (Array<map>
)The list of aggregated details and filtered OpsData.
Id
— (String
)The query ID.
Data
— (map<map>
)The data returned by the query.
CaptureTime
— (String
)The time the OpsData was captured.
Content
— (Array<map<String>>
)The details of an OpsData summary.
NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
-
(AWS.Response)
—
Returns:
getParameter(params = {}, callback) ⇒ AWS.Request
Get information about a single parameter by specifying the parameter name.
Note: To get information about more than one parameter at a time, use the GetParameters operation.Service Reference:
Examples:
Calling the getParameter operation
var params = { Name: 'STRING_VALUE', /* required */ WithDecryption: true || false }; ssm.getParameter(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the parameter you want to query.
To query by parameter label, use
"Name": "name:label"
. To query by parameter version, use"Name": "name:version"
.WithDecryption
— (Boolean
)Return decrypted values for secure string parameters. This flag is ignored for
String
andStringList
parameter types.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Parameter
— (map
)Information about a parameter.
Name
— (String
)The name of the parameter.
Type
— (String
)The type of parameter. Valid values include the following:
Possible values include:String
,StringList
, andSecureString
."String"
"StringList"
"SecureString"
Value
— (String
)The parameter value.
Version
— (Integer
)The parameter version.
Selector
— (String
)Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:
parameter_name:version
parameter_name:label
SourceResult
— (String
)Applies to parameters that reference information in other Amazon Web Services services.
SourceResult
is the raw result or response from the source.LastModifiedDate
— (Date
)Date the parameter was last changed or updated and the parameter version was created.
ARN
— (String
)The Amazon Resource Name (ARN) of the parameter.
DataType
— (String
)The data type of the parameter, such as
text
oraws:ec2:image
. The default istext
.
-
(AWS.Response)
—
Returns:
getParameterHistory(params = {}, callback) ⇒ AWS.Request
Retrieves the history of all changes to a parameter.
If you change the KMS key alias for the KMS key used to encrypt a parameter, then you must also update the key alias the parameter uses to reference KMS. Otherwise,
GetParameterHistory
retrieves whatever the original key alias was referencing.Service Reference:
Examples:
Calling the getParameterHistory operation
var params = { Name: 'STRING_VALUE', /* required */ MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE', WithDecryption: true || false }; ssm.getParameterHistory(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the parameter for which you want to review history.
WithDecryption
— (Boolean
)Return decrypted values for secure string parameters. This flag is ignored for
String
andStringList
parameter types.MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Parameters
— (Array<map>
)A list of parameters returned by the request.
Name
— (String
)The name of the parameter.
Type
— (String
)The type of parameter used.
Possible values include:"String"
"StringList"
"SecureString"
KeyId
— (String
)The ID of the query key used for this parameter.
LastModifiedDate
— (Date
)Date the parameter was last changed or updated.
LastModifiedUser
— (String
)Amazon Resource Name (ARN) of the Amazon Web Services user who last changed the parameter.
Description
— (String
)Information about the parameter.
Value
— (String
)The parameter value.
AllowedPattern
— (String
)Parameter names can include the following letters and symbols.
a-zA-Z0-9_.-
Version
— (Integer
)The parameter version.
Labels
— (Array<String>
)Labels assigned to the parameter version.
Tier
— (String
)The parameter tier.
Possible values include:"Standard"
"Advanced"
"Intelligent-Tiering"
Policies
— (Array<map>
)Information about the policies assigned to a parameter.
Assigning parameter policies in the Amazon Web Services Systems Manager User Guide.
PolicyText
— (String
)The JSON text of the policy.
PolicyType
— (String
)The type of policy. Parameter Store, a capablility of Amazon Web Services Systems Manager, supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
PolicyStatus
— (String
)The status of the policy. Policies report the following statuses: Pending (the policy hasn't been enforced or applied yet), Finished (the policy was applied), Failed (the policy wasn't applied), or InProgress (the policy is being applied now).
DataType
— (String
)The data type of the parameter, such as
text
oraws:ec2:image
. The default istext
.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
getParameters(params = {}, callback) ⇒ AWS.Request
Get information about one or more parameters by specifying multiple parameter names.
Note: To get information about a single parameter, you can use the GetParameter operation instead.Service Reference:
Examples:
Calling the getParameters operation
var params = { Names: [ /* required */ 'STRING_VALUE', /* more items */ ], WithDecryption: true || false }; ssm.getParameters(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Names
— (Array<String>
)Names of the parameters for which you want to query information.
To query by parameter label, use
"Name": "name:label"
. To query by parameter version, use"Name": "name:version"
.WithDecryption
— (Boolean
)Return decrypted secure string value. Return decrypted values for secure string parameters. This flag is ignored for
String
andStringList
parameter types.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Parameters
— (Array<map>
)A list of details for a parameter.
Name
— (String
)The name of the parameter.
Type
— (String
)The type of parameter. Valid values include the following:
Possible values include:String
,StringList
, andSecureString
."String"
"StringList"
"SecureString"
Value
— (String
)The parameter value.
Version
— (Integer
)The parameter version.
Selector
— (String
)Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:
parameter_name:version
parameter_name:label
SourceResult
— (String
)Applies to parameters that reference information in other Amazon Web Services services.
SourceResult
is the raw result or response from the source.LastModifiedDate
— (Date
)Date the parameter was last changed or updated and the parameter version was created.
ARN
— (String
)The Amazon Resource Name (ARN) of the parameter.
DataType
— (String
)The data type of the parameter, such as
text
oraws:ec2:image
. The default istext
.
InvalidParameters
— (Array<String>
)A list of parameters that aren't formatted correctly or don't run during an execution.
-
(AWS.Response)
—
Returns:
getParametersByPath(params = {}, callback) ⇒ AWS.Request
Retrieve information about one or more parameters in a specific hierarchy.
Request results are returned on a best-effort basis. If you specify
MaxResults
in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value ofMaxResults
. If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and aNextToken
. You can specify theNextToken
in a subsequent call to get the next set of results.Service Reference:
Examples:
Calling the getParametersByPath operation
var params = { Path: 'STRING_VALUE', /* required */ MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE', ParameterFilters: [ { Key: 'STRING_VALUE', /* required */ Option: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], Recursive: true || false, WithDecryption: true || false }; ssm.getParametersByPath(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Path
— (String
)The hierarchy for the parameter. Hierarchies start with a forward slash (/). The hierachy is the parameter name except the last part of the parameter. For the API call to succeeed, the last part of the parameter name can't be in the path. A parameter name hierarchy can have a maximum of 15 levels. Here is an example of a hierarchy:
/Finance/Prod/IAD/WinServ2016/license33
Recursive
— (Boolean
)Retrieve all parameters within a hierarchy.
If a user has access to a path, then the user can access all levels of that path. For example, if a user has permission to access path
/a
, then the user can also access/a/b
. Even if a user has explicitly been denied access in IAM for parameter/a/b
, they can still call the GetParametersByPath API operation recursively for/a
and view/a/b
.ParameterFilters
— (Array<map>
)Filters to limit the request results.
Note: The followingKey
values are supported forGetParametersByPath
:Type
,KeyId
, andLabel
. The followingKey
values aren't supported forGetParametersByPath
:tag
,DataType
,Name
,Path
, andTier
.Key
— required — (String
)The name of the filter.
The
ParameterStringFilter
object is used by the DescribeParameters and GetParametersByPath API operations. However, not all of the pattern values listed forKey
can be used with both operations.For
DescribeActions
, all of the listed patterns are valid exceptLabel
.For
GetParametersByPath
, the following patterns listed forKey
aren't valid:tag
,DataType
,Name
,Path
, andTier
.For examples of Amazon Web Services CLI commands demonstrating valid parameter filter constructions, see Searching for Systems Manager parameters in the Amazon Web Services Systems Manager User Guide.
Option
— (String
)For all filters used with DescribeParameters, valid options include
Equals
andBeginsWith
. TheName
filter additionally supports theContains
option. (Exception: For filters using the keyPath
, valid options includeRecursive
andOneLevel
.)For filters used with GetParametersByPath, valid options include
Equals
andBeginsWith
. (Exception: For filters usingLabel
as the Key name, the only valid option isEquals
.)Values
— (Array<String>
)The value you want to search for.
WithDecryption
— (Boolean
)Retrieve all parameters in a hierarchy with their value decrypted.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Parameters
— (Array<map>
)A list of parameters found in the specified hierarchy.
Name
— (String
)The name of the parameter.
Type
— (String
)The type of parameter. Valid values include the following:
Possible values include:String
,StringList
, andSecureString
."String"
"StringList"
"SecureString"
Value
— (String
)The parameter value.
Version
— (Integer
)The parameter version.
Selector
— (String
)Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:
parameter_name:version
parameter_name:label
SourceResult
— (String
)Applies to parameters that reference information in other Amazon Web Services services.
SourceResult
is the raw result or response from the source.LastModifiedDate
— (Date
)Date the parameter was last changed or updated and the parameter version was created.
ARN
— (String
)The Amazon Resource Name (ARN) of the parameter.
DataType
— (String
)The data type of the parameter, such as
text
oraws:ec2:image
. The default istext
.
NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
-
(AWS.Response)
—
Returns:
getPatchBaseline(params = {}, callback) ⇒ AWS.Request
Retrieves information about a patch baseline.
Service Reference:
Examples:
Calling the getPatchBaseline operation
var params = { BaselineId: 'STRING_VALUE' /* required */ }; ssm.getPatchBaseline(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
BaselineId
— (String
)The ID of the patch baseline to retrieve.
Note: To retrieve information about an Amazon Web Services managed patch baseline, specify the full Amazon Resource Name (ARN) of the baseline. For example, for the baselineAWS-AmazonLinuxDefaultPatchBaseline
, specifyarn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0e392de35e7c563b7
instead ofpb-0e392de35e7c563b7
.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:BaselineId
— (String
)The ID of the retrieved patch baseline.
Name
— (String
)The name of the patch baseline.
OperatingSystem
— (String
)Returns the operating system specified for the patch baseline.
Possible values include:"WINDOWS"
"AMAZON_LINUX"
"AMAZON_LINUX_2"
"UBUNTU"
"REDHAT_ENTERPRISE_LINUX"
"SUSE"
"CENTOS"
"ORACLE_LINUX"
"DEBIAN"
"MACOS"
GlobalFilters
— (map
)A set of global filters used to exclude patches from the baseline.
PatchFilters
— required — (Array<map>
)The set of patch filters that make up the group.
Key
— required — (String
)The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
Possible values include:"ARCH"
"ADVISORY_ID"
"BUGZILLA_ID"
"PATCH_SET"
"PRODUCT"
"PRODUCT_FAMILY"
"CLASSIFICATION"
"CVE_ID"
"EPOCH"
"MSRC_SEVERITY"
"NAME"
"PATCH_ID"
"SECTION"
"PRIORITY"
"REPOSITORY"
"RELEASE"
"SEVERITY"
"SECURITY"
"VERSION"
Values
— required — (Array<String>
)The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
ApprovalRules
— (map
)A set of rules used to include patches in the baseline.
PatchRules
— required — (Array<map>
)The rules that make up the rule group.
PatchFilterGroup
— required — (map
)The patch filter group that defines the criteria for the rule.
PatchFilters
— required — (Array<map>
)The set of patch filters that make up the group.
Key
— required — (String
)The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
Possible values include:"ARCH"
"ADVISORY_ID"
"BUGZILLA_ID"
"PATCH_SET"
"PRODUCT"
"PRODUCT_FAMILY"
"CLASSIFICATION"
"CVE_ID"
"EPOCH"
"MSRC_SEVERITY"
"NAME"
"PATCH_ID"
"SECTION"
"PRIORITY"
"REPOSITORY"
"RELEASE"
"SEVERITY"
"SECURITY"
"VERSION"
Values
— required — (Array<String>
)The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
ComplianceLevel
— (String
)A compliance severity level for all approved patches in a patch baseline.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"INFORMATIONAL"
"UNSPECIFIED"
ApproveAfterDays
— (Integer
)The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7
means that patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu Server.ApproveUntilDate
— (String
)The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
Enter dates in the format
YYYY-MM-DD
. For example,2021-12-31
.EnableNonSecurity
— (Boolean
)For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false
. Applies to Linux instances only.
ApprovedPatches
— (Array<String>
)A list of explicitly approved patches for the baseline.
ApprovedPatchesComplianceLevel
— (String
)Returns the specified compliance severity level for approved patches in the patch baseline.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"INFORMATIONAL"
"UNSPECIFIED"
ApprovedPatchesEnableNonSecurity
— (Boolean
)Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is
false
. Applies to Linux instances only.RejectedPatches
— (Array<String>
)A list of explicitly rejected patches for the baseline.
RejectedPatchesAction
— (String
)The action specified to take on patches included in the
Possible values include:RejectedPatches
list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency."ALLOW_AS_DEPENDENCY"
"BLOCK"
PatchGroups
— (Array<String>
)Patch groups included in the patch baseline.
CreatedDate
— (Date
)The date the patch baseline was created.
ModifiedDate
— (Date
)The date the patch baseline was last modified.
Description
— (String
)A description of the patch baseline.
Sources
— (Array<map>
)Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
Name
— required — (String
)The name specified to identify the patch source.
Products
— required — (Array<String>
)The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
Configuration
— required — (String
)The value of the yum repo configuration. For example:
[main]
name=MyCustomRepository
baseurl=https://my-custom-repository
enabled=1
Note: For information about other options available for your yum repository configuration, see dnf.conf(5).
-
(AWS.Response)
—
Returns:
getPatchBaselineForPatchGroup(params = {}, callback) ⇒ AWS.Request
Retrieves the patch baseline that should be used for the specified patch group.
Service Reference:
Examples:
Calling the getPatchBaselineForPatchGroup operation
var params = { PatchGroup: 'STRING_VALUE', /* required */ OperatingSystem: WINDOWS | AMAZON_LINUX | AMAZON_LINUX_2 | UBUNTU | REDHAT_ENTERPRISE_LINUX | SUSE | CENTOS | ORACLE_LINUX | DEBIAN | MACOS }; ssm.getPatchBaselineForPatchGroup(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
PatchGroup
— (String
)The name of the patch group whose patch baseline should be retrieved.
OperatingSystem
— (String
)Returns he operating system rule specified for patch groups using the patch baseline.
Possible values include:"WINDOWS"
"AMAZON_LINUX"
"AMAZON_LINUX_2"
"UBUNTU"
"REDHAT_ENTERPRISE_LINUX"
"SUSE"
"CENTOS"
"ORACLE_LINUX"
"DEBIAN"
"MACOS"
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:BaselineId
— (String
)The ID of the patch baseline that should be used for the patch group.
PatchGroup
— (String
)The name of the patch group.
OperatingSystem
— (String
)The operating system rule specified for patch groups using the patch baseline.
Possible values include:"WINDOWS"
"AMAZON_LINUX"
"AMAZON_LINUX_2"
"UBUNTU"
"REDHAT_ENTERPRISE_LINUX"
"SUSE"
"CENTOS"
"ORACLE_LINUX"
"DEBIAN"
"MACOS"
-
(AWS.Response)
—
Returns:
getServiceSetting(params = {}, callback) ⇒ AWS.Request
ServiceSetting
is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting offalse
. This means the user can't use this feature unless they change the setting totrue
and intentionally opt in for a paid feature.Services map a
SettingId
object to a setting value. Amazon Web Services services teams define the default value for aSettingId
. You can't create a newSettingId
, but you can overwrite the default value if you have thessm:UpdateServiceSetting
permission for the setting. Use the UpdateServiceSetting API operation to change the default setting. Or use the ResetServiceSetting to change the value back to the original value defined by the Amazon Web Services service team.Query the current service setting for the Amazon Web Services account.
Service Reference:
Examples:
Calling the getServiceSetting operation
var params = { SettingId: 'STRING_VALUE' /* required */ }; ssm.getServiceSetting(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
SettingId
— (String
)The ID of the service setting to get. The setting ID can be one of the following.
-
/ssm/automation/customer-script-log-destination
-
/ssm/automation/customer-script-log-group-name
-
/ssm/documents/console/public-sharing-permission
-
/ssm/parameter-store/default-parameter-tier
-
/ssm/parameter-store/high-throughput-enabled
-
/ssm/managed-instance/activation-tier
-
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:ServiceSetting
— (map
)The query result of the current service setting.
SettingId
— (String
)The ID of the service setting.
SettingValue
— (String
)The value of the service setting.
LastModifiedDate
— (Date
)The last time the service setting was modified.
LastModifiedUser
— (String
)The ARN of the last modified user. This field is populated only if the setting value was overwritten.
ARN
— (String
)The ARN of the service setting.
Status
— (String
)The status of the service setting. The value can be Default, Customized or PendingUpdate.
-
Default: The current setting uses a default value provisioned by the Amazon Web Services service team.
-
Customized: The current setting use a custom value specified by the customer.
-
PendingUpdate: The current setting uses a default or custom value, but a setting change request is pending approval.
-
-
(AWS.Response)
—
Returns:
labelParameterVersion(params = {}, callback) ⇒ AWS.Request
A parameter label is a user-defined alias to help you manage different versions of a parameter. When you modify a parameter, Amazon Web Services Systems Manager automatically saves a new version and increments the version number by one. A label can help you remember the purpose of a parameter when there are multiple versions.
Parameter labels have the following requirements and restrictions.
-
A version of a parameter can have a maximum of 10 labels.
-
You can't attach the same label to different versions of the same parameter. For example, if version 1 has the label Production, then you can't attach Production to version 2.
-
You can move a label from one version of a parameter to another.
-
You can't create a label when you create a new parameter. You must attach a label to a specific version of a parameter.
-
If you no longer want to use a parameter label, then you can either delete it or move it to a different version of a parameter.
-
A label can have a maximum of 100 characters.
-
Labels can contain letters (case sensitive), numbers, periods (.), hyphens (-), or underscores (_).
-
Labels can't begin with a number, "
aws
" or "ssm
" (not case sensitive). If a label fails to meet these requirements, then the label isn't associated with a parameter and the system displays it in the list of InvalidLabels.
Service Reference:
Examples:
Calling the labelParameterVersion operation
var params = { Labels: [ /* required */ 'STRING_VALUE', /* more items */ ], Name: 'STRING_VALUE', /* required */ ParameterVersion: 'NUMBER_VALUE' }; ssm.labelParameterVersion(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The parameter name on which you want to attach one or more labels.
ParameterVersion
— (Integer
)The specific version of the parameter on which you want to attach one or more labels. If no version is specified, the system attaches the label to the latest version.
Labels
— (Array<String>
)One or more labels to attach to the specified parameter version.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:InvalidLabels
— (Array<String>
)The label doesn't meet the requirements. For information about parameter label requirements, see Labeling parameters in the Amazon Web Services Systems Manager User Guide.
ParameterVersion
— (Integer
)The version of the parameter that has been labeled.
-
(AWS.Response)
—
Returns:
listAssociations(params = {}, callback) ⇒ AWS.Request
Returns all State Manager associations in the current Amazon Web Services account and Amazon Web Services Region. You can limit the results to a specific State Manager association document or instance by specifying a filter. State Manager is a capability of Amazon Web Services Systems Manager.
Service Reference:
Examples:
Calling the listAssociations operation
var params = { AssociationFilterList: [ { key: InstanceId | Name | AssociationId | AssociationStatusName | LastExecutedBefore | LastExecutedAfter | AssociationName | ResourceGroupName, /* required */ value: 'STRING_VALUE' /* required */ }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.listAssociations(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
AssociationFilterList
— (Array<map>
)One or more filters. Use a filter to return a more specific list of results.
Note: Filtering associations using theInstanceID
attribute only returns legacy associations created using theInstanceID
attribute. Associations targeting the instance that are part of the Target AttributesResourceGroup
orTags
aren't returned.key
— required — (String
)The name of the filter.
Note:Possible values include:InstanceId
has been deprecated."InstanceId"
"Name"
"AssociationId"
"AssociationStatusName"
"LastExecutedBefore"
"LastExecutedAfter"
"AssociationName"
"ResourceGroupName"
value
— required — (String
)The filter value.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Associations
— (Array<map>
)The associations.
Name
— (String
)The name of the SSM document.
InstanceId
— (String
)The instance ID.
AssociationId
— (String
)The ID created by the system when you create an association. An association is a binding between a document and a set of targets with a schedule.
AssociationVersion
— (String
)The association version.
DocumentVersion
— (String
)The version of the document used in the association.
Targets
— (Array<map>
)The instances targeted by the request to create an association. You can target all instances in an Amazon Web Services account by specifying the
InstanceIds
key with a value of*
.Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
LastExecutionDate
— (Date
)The date on which the association was last run.
Overview
— (map
)Information about the association.
Status
— (String
)The status of the association. Status can be: Pending, Success, or Failed.
DetailedStatus
— (String
)A detailed status of the association.
AssociationStatusAggregatedCount
— (map<Integer>
)Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
ScheduleExpression
— (String
)A cron expression that specifies a schedule when the association runs. The schedule runs in Coordinated Universal Time (UTC).
AssociationName
— (String
)The association name.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
listAssociationVersions(params = {}, callback) ⇒ AWS.Request
Retrieves all versions of an association for a specific association ID.
Service Reference:
Examples:
Calling the listAssociationVersions operation
var params = { AssociationId: 'STRING_VALUE', /* required */ MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.listAssociationVersions(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
AssociationId
— (String
)The association ID for which you want to view all versions.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:AssociationVersions
— (Array<map>
)Information about all versions of the association for the specified association ID.
AssociationId
— (String
)The ID created by the system when the association was created.
AssociationVersion
— (String
)The association version.
CreatedDate
— (Date
)The date the association version was created.
Name
— (String
)The name specified when the association was created.
DocumentVersion
— (String
)The version of an Amazon Web Services Systems Manager document (SSM document) used when the association version was created.
Parameters
— (map<Array<String>>
)Parameters specified when the association version was created.
Targets
— (Array<map>
)The targets specified for the association when the association version was created.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression
— (String
)The cron or rate schedule specified for the association when the association version was created.
OutputLocation
— (map
)The location in Amazon S3 specified for the association when the association version was created.
S3Location
— (map
)An S3 bucket where you want to store the results of this request.
OutputS3Region
— (String
)The Amazon Web Services Region of the S3 bucket.
OutputS3BucketName
— (String
)The name of the S3 bucket.
OutputS3KeyPrefix
— (String
)The S3 bucket subfolder.
AssociationName
— (String
)The name specified for the association version when the association version was created.
MaxErrors
— (String
)The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time.MaxConcurrency
— (String
)The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified forMaxConcurrency
.ComplianceSeverity
— (String
)The severity level that is assigned to the association.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"UNSPECIFIED"
SyncCompliance
— (String
)The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
Possible values include:AUTO
mode."AUTO"
"MANUAL"
ApplyOnlyAtCronInterval
— (Boolean
)By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames
— (Array<String>
)The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations for this version only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
TargetLocations
— (Array<map>
)The combination of Amazon Web Services Regions and Amazon Web Services accounts where you wanted to run the association when this association version was created.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
-
(AWS.Response)
—
Returns:
listCommandInvocations(params = {}, callback) ⇒ AWS.Request
An invocation is copy of a command sent to a specific instance. A command can apply to one or more instances. A command invocation applies to one instance. For example, if a user runs
SendCommand
against three instances, then a command invocation is created for each requested instance ID.ListCommandInvocations
provide status about command execution.Service Reference:
Examples:
Calling the listCommandInvocations operation
var params = { CommandId: 'STRING_VALUE', Details: true || false, Filters: [ { key: InvokedAfter | InvokedBefore | Status | ExecutionStage | DocumentName, /* required */ value: 'STRING_VALUE' /* required */ }, /* more items */ ], InstanceId: 'STRING_VALUE', MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.listCommandInvocations(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
CommandId
— (String
)(Optional) The invocations for a specific command ID.
InstanceId
— (String
)(Optional) The command execution details for a specific instance ID.
MaxResults
— (Integer
)(Optional) The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)(Optional) The token for the next set of items to return. (You received this token from a previous call.)
Filters
— (Array<map>
)(Optional) One or more filters. Use a filter to return a more specific list of results.
key
— required — (String
)The name of the filter.
Possible values include:"InvokedAfter"
"InvokedBefore"
"Status"
"ExecutionStage"
"DocumentName"
value
— required — (String
)The filter value. Valid values for each filter key are as follows:
-
InvokedAfter: Specify a timestamp to limit your results. For example, specify
2021-07-07T00:00:00Z
to see a list of command executions occurring July 7, 2021, and later. -
InvokedBefore: Specify a timestamp to limit your results. For example, specify
2021-07-07T00:00:00Z
to see a list of command executions from before July 7, 2021. -
Status: Specify a valid command status to see a list of all command executions with that status. The status choices depend on the API you call.
The status values you can specify for
ListCommands
are:-
Pending
-
InProgress
-
Success
-
Cancelled
-
Failed
-
TimedOut
(this includes both Delivery and Execution time outs) -
AccessDenied
-
DeliveryTimedOut
-
ExecutionTimedOut
-
Incomplete
-
NoInstancesInTag
-
LimitExceeded
The status values you can specify for
ListCommandInvocations
are:-
Pending
-
InProgress
-
Delayed
-
Success
-
Cancelled
-
Failed
-
TimedOut
(this includes both Delivery and Execution time outs) -
AccessDenied
-
DeliveryTimedOut
-
ExecutionTimedOut
-
Undeliverable
-
InvalidPlatform
-
Terminated
-
-
DocumentName: Specify name of the Amazon Web Services Systems Manager document (SSM document) for which you want to see command execution results. For example, specify
AWS-RunPatchBaseline
to see command executions that used this SSM document to perform security patching operations on instances. -
ExecutionStage: Specify one of the following values:
-
Executing
: Returns a list of command executions that are currently still running. -
Complete
: Returns a list of command executions that have already completed.
-
-
Details
— (Boolean
)(Optional) If set this returns the response of the command executions and any command output. The default value is
false
.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:CommandInvocations
— (Array<map>
)(Optional) A list of all invocations.
CommandId
— (String
)The command against which this invocation was requested.
InstanceId
— (String
)The instance ID in which this invocation was requested.
InstanceName
— (String
)The fully qualified host name of the managed instance.
Comment
— (String
)User-specified information about the command, such as a brief description of what the command should do.
DocumentName
— (String
)The document name that was requested for execution.
DocumentVersion
— (String
)The Systems Manager document (SSM document) version.
RequestedDateTime
— (Date
)The time and date the request was sent to this instance.
Status
— (String
)Whether or not the invocation succeeded, failed, or is pending.
Possible values include:"Pending"
"InProgress"
"Delayed"
"Success"
"Cancelled"
"TimedOut"
"Failed"
"Cancelling"
StatusDetails
— (String
)A detailed status of the command execution for each invocation (each instance targeted by the command). StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide. StatusDetails can be one of the following values:
-
Pending: The command hasn't been sent to the instance.
-
In Progress: The command has been sent to the instance but hasn't reached a terminal state.
-
Success: The execution of the command or plugin was successfully completed. This is a terminal state.
-
Delivery Timed Out: The command wasn't delivered to the instance before the delivery timeout expired. Delivery timeouts don't count against the parent command's
MaxErrors
limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state. -
Execution Timed Out: Command execution started on the instance, but the execution wasn't complete before the execution timeout expired. Execution timeouts count against the
MaxErrors
limit of the parent command. This is a terminal state. -
Failed: The command wasn't successful on the instance. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the
MaxErrors
limit of the parent command. This is a terminal state. -
Canceled: The command was terminated before it was completed. This is a terminal state.
-
Undeliverable: The command can't be delivered to the instance. The instance might not exist or might not be responding. Undeliverable invocations don't count against the parent command's MaxErrors limit and don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state.
-
Terminated: The parent command exceeded its MaxErrors limit and subsequent command invocations were canceled by the system. This is a terminal state.
-
TraceOutput
— (String
)Gets the trace output sent by the agent.
StandardOutputUrl
— (String
)The URL to the plugin's StdOut file in Amazon Simple Storage Service (Amazon S3), if the S3 bucket was defined for the parent command. For an invocation,
StandardOutputUrl
is populated if there is just one plugin defined for the command, and the S3 bucket was defined for the command.StandardErrorUrl
— (String
)The URL to the plugin's StdErr file in Amazon Simple Storage Service (Amazon S3), if the S3 bucket was defined for the parent command. For an invocation,
StandardErrorUrl
is populated if there is just one plugin defined for the command, and the S3 bucket was defined for the command.CommandPlugins
— (Array<map>
)Plugins processed by the command.
Name
— (String
)The name of the plugin. Must be one of the following:
aws:updateAgent
,aws:domainjoin
,aws:applications
,aws:runPowerShellScript
,aws:psmodule
,aws:cloudWatch
,aws:runShellScript
, oraws:updateSSMAgent
.Status
— (String
)The status of this plugin. You can run a document with multiple plugins.
Possible values include:"Pending"
"InProgress"
"Success"
"TimedOut"
"Cancelled"
"Failed"
StatusDetails
— (String
)A detailed status of the plugin execution.
StatusDetails
includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide. StatusDetails can be one of the following values:-
Pending: The command hasn't been sent to the instance.
-
In Progress: The command has been sent to the instance but hasn't reached a terminal state.
-
Success: The execution of the command or plugin was successfully completed. This is a terminal state.
-
Delivery Timed Out: The command wasn't delivered to the instance before the delivery timeout expired. Delivery timeouts don't count against the parent command's
MaxErrors
limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state. -
Execution Timed Out: Command execution started on the instance, but the execution wasn't complete before the execution timeout expired. Execution timeouts count against the
MaxErrors
limit of the parent command. This is a terminal state. -
Failed: The command wasn't successful on the instance. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the MaxErrors limit of the parent command. This is a terminal state.
-
Canceled: The command was terminated before it was completed. This is a terminal state.
-
Undeliverable: The command can't be delivered to the instance. The instance might not exist, or it might not be responding. Undeliverable invocations don't count against the parent command's MaxErrors limit, and they don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state.
-
Terminated: The parent command exceeded its MaxErrors limit and subsequent command invocations were canceled by the system. This is a terminal state.
-
ResponseCode
— (Integer
)A numeric response code generated after running the plugin.
ResponseStartDateTime
— (Date
)The time the plugin started running.
ResponseFinishDateTime
— (Date
)The time the plugin stopped running. Could stop prematurely if, for example, a cancel command was sent.
Output
— (String
)Output of the plugin execution.
StandardOutputUrl
— (String
)The URL for the complete text written by the plugin to stdout in Amazon S3. If the S3 bucket for the command wasn't specified, then this string is empty.
StandardErrorUrl
— (String
)The URL for the complete text written by the plugin to stderr. If execution isn't yet complete, then this string is empty.
OutputS3Region
— (String
)(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the S3 bucket region.
OutputS3BucketName
— (String
)The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:
doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript
doc-example-bucket
is the name of the S3 bucket;ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix
is the name of the S3 prefix;i-02573cafcfEXAMPLE
is the instance ID;awsrunShellScript
is the name of the plugin.OutputS3KeyPrefix
— (String
)The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:
doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript
doc-example-bucket
is the name of the S3 bucket;ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix
is the name of the S3 prefix;i-02573cafcfEXAMPLE
is the instance ID;awsrunShellScript
is the name of the plugin.
ServiceRole
— (String
)The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes on a per instance basis.
NotificationConfig
— (map
)Configurations for sending notifications about command status changes on a per instance basis.
NotificationArn
— (String
)An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents
— (Array<String>
)The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
NotificationType
— (String
)The type of notification.
-
Command
: Receive notification when the status of a command changes. -
Invocation
: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes.
"Command"
"Invocation"
-
CloudWatchOutputConfig
— (map
)Amazon CloudWatch Logs information where you want Amazon Web Services Systems Manager to send the command output.
CloudWatchLogGroupName
— (String
)The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
CloudWatchOutputEnabled
— (Boolean
)Enables Systems Manager to send command output to CloudWatch Logs.
NextToken
— (String
)(Optional) The token for the next set of items to return. (You received this token from a previous call.)
-
(AWS.Response)
—
Returns:
listCommands(params = {}, callback) ⇒ AWS.Request
Lists the commands requested by users of the Amazon Web Services account.
Service Reference:
Examples:
Calling the listCommands operation
var params = { CommandId: 'STRING_VALUE', Filters: [ { key: InvokedAfter | InvokedBefore | Status | ExecutionStage | DocumentName, /* required */ value: 'STRING_VALUE' /* required */ }, /* more items */ ], InstanceId: 'STRING_VALUE', MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.listCommands(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
CommandId
— (String
)(Optional) If provided, lists only the specified command.
InstanceId
— (String
)(Optional) Lists commands issued against this instance ID.
Note: You can't specify an instance ID in the same command that you specifyStatus
=Pending
. This is because the command hasn't reached the instance yet.MaxResults
— (Integer
)(Optional) The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)(Optional) The token for the next set of items to return. (You received this token from a previous call.)
Filters
— (Array<map>
)(Optional) One or more filters. Use a filter to return a more specific list of results.
key
— required — (String
)The name of the filter.
Possible values include:"InvokedAfter"
"InvokedBefore"
"Status"
"ExecutionStage"
"DocumentName"
value
— required — (String
)The filter value. Valid values for each filter key are as follows:
-
InvokedAfter: Specify a timestamp to limit your results. For example, specify
2021-07-07T00:00:00Z
to see a list of command executions occurring July 7, 2021, and later. -
InvokedBefore: Specify a timestamp to limit your results. For example, specify
2021-07-07T00:00:00Z
to see a list of command executions from before July 7, 2021. -
Status: Specify a valid command status to see a list of all command executions with that status. The status choices depend on the API you call.
The status values you can specify for
ListCommands
are:-
Pending
-
InProgress
-
Success
-
Cancelled
-
Failed
-
TimedOut
(this includes both Delivery and Execution time outs) -
AccessDenied
-
DeliveryTimedOut
-
ExecutionTimedOut
-
Incomplete
-
NoInstancesInTag
-
LimitExceeded
The status values you can specify for
ListCommandInvocations
are:-
Pending
-
InProgress
-
Delayed
-
Success
-
Cancelled
-
Failed
-
TimedOut
(this includes both Delivery and Execution time outs) -
AccessDenied
-
DeliveryTimedOut
-
ExecutionTimedOut
-
Undeliverable
-
InvalidPlatform
-
Terminated
-
-
DocumentName: Specify name of the Amazon Web Services Systems Manager document (SSM document) for which you want to see command execution results. For example, specify
AWS-RunPatchBaseline
to see command executions that used this SSM document to perform security patching operations on instances. -
ExecutionStage: Specify one of the following values:
-
Executing
: Returns a list of command executions that are currently still running. -
Complete
: Returns a list of command executions that have already completed.
-
-
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Commands
— (Array<map>
)(Optional) The list of commands requested by the user.
CommandId
— (String
)A unique identifier for this command.
DocumentName
— (String
)The name of the document requested for execution.
DocumentVersion
— (String
)The Systems Manager document (SSM document) version.
Comment
— (String
)User-specified information about the command, such as a brief description of what the command should do.
ExpiresAfter
— (Date
)If this time is reached and the command hasn't already started running, it won't run. Calculated based on the
ExpiresAfter
user input provided as part of theSendCommand
API operation.Parameters
— (map<Array<String>>
)The parameter values to be inserted in the document when running the command.
InstanceIds
— (Array<String>
)The instance IDs against which this command was requested.
Targets
— (Array<map>
)An array of search criteria that targets instances using a Key,Value combination that you specify. Targets is required if you don't provide one or more instance IDs in the call.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
RequestedDateTime
— (Date
)The date and time the command was requested.
Status
— (String
)The status of the command.
Possible values include:"Pending"
"InProgress"
"Success"
"Cancelled"
"Failed"
"TimedOut"
"Cancelling"
StatusDetails
— (String
)A detailed status of the command execution.
StatusDetails
includes more information thanStatus
because it includes states resulting from error and concurrency control parameters.StatusDetails
can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide. StatusDetails can be one of the following values:-
Pending: The command hasn't been sent to any instances.
-
In Progress: The command has been sent to at least one instance but hasn't reached a final state on all instances.
-
Success: The command successfully ran on all invocations. This is a terminal state.
-
Delivery Timed Out: The value of MaxErrors or more command invocations shows a status of Delivery Timed Out. This is a terminal state.
-
Execution Timed Out: The value of MaxErrors or more command invocations shows a status of Execution Timed Out. This is a terminal state.
-
Failed: The value of MaxErrors or more command invocations shows a status of Failed. This is a terminal state.
-
Incomplete: The command was attempted on all instances and one or more invocations doesn't have a value of Success but not enough invocations failed for the status to be Failed. This is a terminal state.
-
Canceled: The command was terminated before it was completed. This is a terminal state.
-
Rate Exceeded: The number of instances targeted by the command exceeded the account limit for pending invocations. The system has canceled the command before running it on any instance. This is a terminal state.
-
OutputS3Region
— (String
)(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Amazon Web Services Region of the S3 bucket.
OutputS3BucketName
— (String
)The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command.
OutputS3KeyPrefix
— (String
)The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command.
MaxConcurrency
— (String
)The maximum number of instances that are allowed to run the command at the same time. You can specify a number of instances, such as 10, or a percentage of instances, such as 10%. The default value is 50. For more information about how to use
MaxConcurrency
, see Running commands using Systems Manager Run Command in the Amazon Web Services Systems Manager User Guide.MaxErrors
— (String
)The maximum number of errors allowed before the system stops sending the command to additional targets. You can specify a number of errors, such as 10, or a percentage or errors, such as 10%. The default value is
0
. For more information about how to useMaxErrors
, see Running commands using Systems Manager Run Command in the Amazon Web Services Systems Manager User Guide.TargetCount
— (Integer
)The number of targets for the command.
CompletedCount
— (Integer
)The number of targets for which the command invocation reached a terminal state. Terminal states include the following: Success, Failed, Execution Timed Out, Delivery Timed Out, Canceled, Terminated, or Undeliverable.
ErrorCount
— (Integer
)The number of targets for which the status is Failed or Execution Timed Out.
DeliveryTimedOutCount
— (Integer
)The number of targets for which the status is Delivery Timed Out.
ServiceRole
— (String
)The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes.
NotificationConfig
— (map
)Configurations for sending notifications about command status changes.
NotificationArn
— (String
)An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents
— (Array<String>
)The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
NotificationType
— (String
)The type of notification.
-
Command
: Receive notification when the status of a command changes. -
Invocation
: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes.
"Command"
"Invocation"
-
CloudWatchOutputConfig
— (map
)Amazon CloudWatch Logs information where you want Amazon Web Services Systems Manager to send the command output.
CloudWatchLogGroupName
— (String
)The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
CloudWatchOutputEnabled
— (Boolean
)Enables Systems Manager to send command output to CloudWatch Logs.
TimeoutSeconds
— (Integer
)The
TimeoutSeconds
value specified for a command.
NextToken
— (String
)(Optional) The token for the next set of items to return. (You received this token from a previous call.)
-
(AWS.Response)
—
Returns:
listComplianceItems(params = {}, callback) ⇒ AWS.Request
For a specified resource ID, this API operation returns a list of compliance statuses for different resource types. Currently, you can only specify one resource ID per call. List results depend on the criteria specified in the filter.
Service Reference:
Examples:
Calling the listComplianceItems operation
var params = { Filters: [ { Key: 'STRING_VALUE', Type: EQUAL | NOT_EQUAL | BEGIN_WITH | LESS_THAN | GREATER_THAN, Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE', ResourceIds: [ 'STRING_VALUE', /* more items */ ], ResourceTypes: [ 'STRING_VALUE', /* more items */ ] }; ssm.listComplianceItems(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Filters
— (Array<map>
)One or more compliance filters. Use a filter to return a more specific list of results.
Key
— (String
)The name of the filter.
Values
— (Array<String>
)The value for which to search.
Type
— (String
)The type of comparison that should be performed for the value: Equal, NotEqual, BeginWith, LessThan, or GreaterThan.
Possible values include:"EQUAL"
"NOT_EQUAL"
"BEGIN_WITH"
"LESS_THAN"
"GREATER_THAN"
ResourceIds
— (Array<String>
)The ID for the resources from which to get compliance information. Currently, you can only specify one resource ID.
ResourceTypes
— (Array<String>
)The type of resource from which to get compliance information. Currently, the only supported resource type is
ManagedInstance
.NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:ComplianceItems
— (Array<map>
)A list of compliance information for the specified resource ID.
ComplianceType
— (String
)The compliance type. For example, Association (for a State Manager association), Patch, or Custom:
string
are all valid compliance types.ResourceType
— (String
)The type of resource.
ManagedInstance
is currently the only supported resource type.ResourceId
— (String
)An ID for the resource. For a managed instance, this is the instance ID.
Id
— (String
)An ID for the compliance item. For example, if the compliance item is a Windows patch, the ID could be the number of the KB article; for example: KB4010320.
Title
— (String
)A title for the compliance item. For example, if the compliance item is a Windows patch, the title could be the title of the KB article for the patch; for example: Security Update for Active Directory Federation Services.
Status
— (String
)The status of the compliance item. An item is either COMPLIANT, NON_COMPLIANT, or an empty string (for Windows patches that aren't applicable).
Possible values include:"COMPLIANT"
"NON_COMPLIANT"
Severity
— (String
)The severity of the compliance status. Severity can be one of the following: Critical, High, Medium, Low, Informational, Unspecified.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"INFORMATIONAL"
"UNSPECIFIED"
ExecutionSummary
— (map
)A summary for the compliance item. The summary includes an execution ID, the execution type (for example, command), and the execution time.
ExecutionTime
— required — (Date
)The time the execution ran as a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'.
ExecutionId
— (String
)An ID created by the system when
PutComplianceItems
was called. For example,CommandID
is a valid execution ID. You can use this ID in subsequent calls.ExecutionType
— (String
)The type of execution. For example,
Command
is a valid execution type.
Details
— (map<String>
)A "Key": "Value" tag combination for the compliance item.
NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
-
(AWS.Response)
—
Returns:
listComplianceSummaries(params = {}, callback) ⇒ AWS.Request
Returns a summary count of compliant and non-compliant resources for a compliance type. For example, this call can return State Manager associations, patches, or custom compliance types according to the filter criteria that you specify.
Service Reference:
Examples:
Calling the listComplianceSummaries operation
var params = { Filters: [ { Key: 'STRING_VALUE', Type: EQUAL | NOT_EQUAL | BEGIN_WITH | LESS_THAN | GREATER_THAN, Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.listComplianceSummaries(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Filters
— (Array<map>
)One or more compliance or inventory filters. Use a filter to return a more specific list of results.
Key
— (String
)The name of the filter.
Values
— (Array<String>
)The value for which to search.
Type
— (String
)The type of comparison that should be performed for the value: Equal, NotEqual, BeginWith, LessThan, or GreaterThan.
Possible values include:"EQUAL"
"NOT_EQUAL"
"BEGIN_WITH"
"LESS_THAN"
"GREATER_THAN"
NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
MaxResults
— (Integer
)The maximum number of items to return for this call. Currently, you can specify null or 50. The call also returns a token that you can specify in a subsequent call to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:ComplianceSummaryItems
— (Array<map>
)A list of compliant and non-compliant summary counts based on compliance types. For example, this call returns State Manager associations, patches, or custom compliance types according to the filter criteria that you specified.
ComplianceType
— (String
)The type of compliance item. For example, the compliance type can be Association, Patch, or Custom:string.
CompliantSummary
— (map
)A list of COMPLIANT items for the specified compliance type.
CompliantCount
— (Integer
)The total number of resources that are compliant.
SeveritySummary
— (map
)A summary of the compliance severity by compliance type.
CriticalCount
— (Integer
)The total number of resources or compliance items that have a severity level of critical. Critical severity is determined by the organization that published the compliance items.
HighCount
— (Integer
)The total number of resources or compliance items that have a severity level of high. High severity is determined by the organization that published the compliance items.
MediumCount
— (Integer
)The total number of resources or compliance items that have a severity level of medium. Medium severity is determined by the organization that published the compliance items.
LowCount
— (Integer
)The total number of resources or compliance items that have a severity level of low. Low severity is determined by the organization that published the compliance items.
InformationalCount
— (Integer
)The total number of resources or compliance items that have a severity level of informational. Informational severity is determined by the organization that published the compliance items.
UnspecifiedCount
— (Integer
)The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.
NonCompliantSummary
— (map
)A list of NON_COMPLIANT items for the specified compliance type.
NonCompliantCount
— (Integer
)The total number of compliance items that aren't compliant.
SeveritySummary
— (map
)A summary of the non-compliance severity by compliance type
CriticalCount
— (Integer
)The total number of resources or compliance items that have a severity level of critical. Critical severity is determined by the organization that published the compliance items.
HighCount
— (Integer
)The total number of resources or compliance items that have a severity level of high. High severity is determined by the organization that published the compliance items.
MediumCount
— (Integer
)The total number of resources or compliance items that have a severity level of medium. Medium severity is determined by the organization that published the compliance items.
LowCount
— (Integer
)The total number of resources or compliance items that have a severity level of low. Low severity is determined by the organization that published the compliance items.
InformationalCount
— (Integer
)The total number of resources or compliance items that have a severity level of informational. Informational severity is determined by the organization that published the compliance items.
UnspecifiedCount
— (Integer
)The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.
NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
-
(AWS.Response)
—
Returns:
listDocumentMetadataHistory(params = {}, callback) ⇒ AWS.Request
Information about approval reviews for a version of a change template in Change Manager.
Service Reference:
Examples:
Calling the listDocumentMetadataHistory operation
var params = { Metadata: DocumentReviews, /* required */ Name: 'STRING_VALUE', /* required */ DocumentVersion: 'STRING_VALUE', MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.listDocumentMetadataHistory(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the change template.
DocumentVersion
— (String
)The version of the change template.
Metadata
— (String
)The type of data for which details are being requested. Currently, the only supported value is
Possible values include:DocumentReviews
."DocumentReviews"
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Name
— (String
)The name of the change template.
DocumentVersion
— (String
)The version of the change template.
Author
— (String
)The user ID of the person in the organization who requested the review of the change template.
Metadata
— (map
)Information about the response to the change template approval request.
ReviewerResponse
— (Array<map>
)Details about a reviewer's response to a document review request.
CreateTime
— (Date
)The date and time that a reviewer entered a response to a document review request.
UpdatedTime
— (Date
)The date and time that a reviewer last updated a response to a document review request.
ReviewStatus
— (String
)The current review status of a new custom SSM document created by a member of your organization, or of the latest version of an existing SSM document.
Only one version of a document can be in the APPROVED state at a time. When a new version is approved, the status of the previous version changes to REJECTED.
Only one version of a document can be in review, or PENDING, at a time.
Possible values include:"APPROVED"
"NOT_REVIEWED"
"PENDING"
"REJECTED"
Comment
— (Array<map>
)The comment entered by a reviewer as part of their document review response.
Type
— (String
)The type of information added to a review request. Currently, only the value
Possible values include:Comment
is supported."Comment"
Content
— (String
)The content of a comment entered by a user who requests a review of a new document version, or who reviews the new version.
Reviewer
— (String
)The user in your organization assigned to review a document request.
NextToken
— (String
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
-
(AWS.Response)
—
Returns:
listDocuments(params = {}, callback) ⇒ AWS.Request
Returns all Systems Manager (SSM) documents in the current Amazon Web Services account and Amazon Web Services Region. You can limit the results of this request by using a filter.
Service Reference:
Examples:
Calling the listDocuments operation
var params = { DocumentFilterList: [ { key: Name | Owner | PlatformTypes | DocumentType, /* required */ value: 'STRING_VALUE' /* required */ }, /* more items */ ], Filters: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.listDocuments(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
DocumentFilterList
— (Array<map>
)This data type is deprecated. Instead, use
Filters
.key
— required — (String
)The name of the filter.
Possible values include:"Name"
"Owner"
"PlatformTypes"
"DocumentType"
value
— required — (String
)The value of the filter.
Filters
— (Array<map>
)One or more
DocumentKeyValuesFilter
objects. Use a filter to return a more specific list of results. For keys, you can specify one or more key-value pair tags that have been applied to a document. Other valid keys includeOwner
,Name
,PlatformTypes
,DocumentType
, andTargetType
. For example, to return documents you own useKey=Owner,Values=Self
. To specify a custom key-value pair, use the formatKey=tag:tagName,Values=valueName
.Note: This API operation only supports filtering documents by using a single tag key and one or more tag values. For example:Key=tag:tagName,Values=valueName1,valueName2
Key
— (String
)The name of the filter key.
Values
— (Array<String>
)The value for the filter key.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:DocumentIdentifiers
— (Array<map>
)The names of the SSM documents.
Name
— (String
)The name of the SSM document.
CreatedDate
— (Date
)The date the SSM document was created.
DisplayName
— (String
)An optional field where you can specify a friendly name for the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.
Owner
— (String
)The Amazon Web Services user account that created the document.
VersionName
— (String
)An optional field specifying the version of the artifact associated with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document, and can't be changed.
PlatformTypes
— (Array<String>
)The operating system platform.
DocumentVersion
— (String
)The document version.
DocumentType
— (String
)The document type.
Possible values include:"Command"
"Policy"
"Automation"
"Session"
"Package"
"ApplicationConfiguration"
"ApplicationConfigurationSchema"
"DeploymentStrategy"
"ChangeCalendar"
"Automation.ChangeTemplate"
"ProblemAnalysis"
"ProblemAnalysisTemplate"
SchemaVersion
— (String
)The schema version.
DocumentFormat
— (String
)The document format, either JSON or YAML.
Possible values include:"YAML"
"JSON"
"TEXT"
TargetType
— (String
)The target type which defines the kinds of resources the document can run on. For example,
/AWS::EC2::Instance
. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.Tags
— (Array<map>
)The tags, or metadata, that have been applied to the document.
Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
Requires
— (Array<map>
)A list of SSM documents required by a document. For example, an
ApplicationConfiguration
document requires anApplicationConfigurationSchema
document.Name
— required — (String
)The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version
— (String
)The document version required by the current document.
ReviewStatus
— (String
)The current status of a document review.
Possible values include:"APPROVED"
"NOT_REVIEWED"
"PENDING"
"REJECTED"
Author
— (String
)The user in your organization who created the document.
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
listDocumentVersions(params = {}, callback) ⇒ AWS.Request
List all versions for a document.
Service Reference:
Examples:
Calling the listDocumentVersions operation
var params = { Name: 'STRING_VALUE', /* required */ MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.listDocumentVersions(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the document. You can specify an Amazon Resource Name (ARN).
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:DocumentVersions
— (Array<map>
)The document versions.
Name
— (String
)The document name.
DisplayName
— (String
)The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.
DocumentVersion
— (String
)The document version.
VersionName
— (String
)The version of the artifact associated with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document, and can't be changed.
CreatedDate
— (Date
)The date the document was created.
IsDefaultVersion
— (Boolean
)An identifier for the default version of the document.
DocumentFormat
— (String
)The document format, either JSON or YAML.
Possible values include:"YAML"
"JSON"
"TEXT"
Status
— (String
)The status of the SSM document, such as
Possible values include:Creating
,Active
,Failed
, andDeleting
."Creating"
"Active"
"Updating"
"Deleting"
"Failed"
StatusInformation
— (String
)A message returned by Amazon Web Services Systems Manager that explains the
Status
value. For example, aFailed
status might be explained by theStatusInformation
message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."ReviewStatus
— (String
)The current status of the approval review for the latest version of the document.
Possible values include:"APPROVED"
"NOT_REVIEWED"
"PENDING"
"REJECTED"
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
listInventoryEntries(params = {}, callback) ⇒ AWS.Request
A list of inventory items returned by the request.
Service Reference:
Examples:
Calling the listInventoryEntries operation
var params = { InstanceId: 'STRING_VALUE', /* required */ TypeName: 'STRING_VALUE', /* required */ Filters: [ { Key: 'STRING_VALUE', /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ], Type: Equal | NotEqual | BeginWith | LessThan | GreaterThan | Exists }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.listInventoryEntries(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
InstanceId
— (String
)The instance ID for which you want inventory information.
TypeName
— (String
)The type of inventory item for which you want information.
Filters
— (Array<map>
)One or more filters. Use a filter to return a more specific list of results.
Key
— required — (String
)The name of the filter key.
Values
— required — (Array<String>
)Inventory filter values. Example: inventory filter where instance IDs are specified as values
Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal
.Type
— (String
)The type of filter.
Note: ThePossible values include:Exists
filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide."Equal"
"NotEqual"
"BeginWith"
"LessThan"
"GreaterThan"
"Exists"
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:TypeName
— (String
)The type of inventory item returned by the request.
InstanceId
— (String
)The instance ID targeted by the request to query inventory information.
SchemaVersion
— (String
)The inventory schema version used by the instance(s).
CaptureTime
— (String
)The time that inventory information was collected for the instance(s).
Entries
— (Array<map<String>>
)A list of inventory items on the instance(s).
NextToken
— (String
)The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
-
(AWS.Response)
—
Returns:
listOpsItemEvents(params = {}, callback) ⇒ AWS.Request
Returns a list of all OpsItem events in the current Amazon Web Services Region and Amazon Web Services account. You can limit the results to events associated with specific OpsItems by specifying a filter.
Service Reference:
Examples:
Calling the listOpsItemEvents operation
var params = { Filters: [ { Key: OpsItemId, /* required */ Operator: Equal, /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.listOpsItemEvents(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Filters
— (Array<map>
)One or more OpsItem filters. Use a filter to return a more specific list of results.
Key
— required — (String
)The name of the filter key. Currently, the only supported value is
Possible values include:OpsItemId
."OpsItemId"
Values
— required — (Array<String>
)The values for the filter, consisting of one or more OpsItem IDs.
Operator
— required — (String
)The operator used by the filter call. Currently, the only supported value is
Possible values include:Equal
."Equal"
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
Summaries
— (Array<map>
)A list of event information for the specified OpsItems.
OpsItemId
— (String
)The ID of the OpsItem.
EventId
— (String
)The ID of the OpsItem event.
Source
— (String
)The source of the OpsItem event.
DetailType
— (String
)The type of information provided as a detail.
Detail
— (String
)Specific information about the OpsItem event.
CreatedBy
— (map
)Information about the user or resource that created the OpsItem event.
Arn
— (String
)The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem event.
CreatedTime
— (Date
)The date and time the OpsItem event was created.
-
(AWS.Response)
—
Returns:
listOpsItemRelatedItems(params = {}, callback) ⇒ AWS.Request
Lists all related-item resources associated with a Systems Manager OpsCenter OpsItem. OpsCenter is a capability of Amazon Web Services Systems Manager.
Service Reference:
Examples:
Calling the listOpsItemRelatedItems operation
var params = { Filters: [ { Key: ResourceType | AssociationId | ResourceUri, /* required */ Operator: Equal, /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE', OpsItemId: 'STRING_VALUE' }; ssm.listOpsItemRelatedItems(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
OpsItemId
— (String
)The ID of the OpsItem for which you want to list all related-item resources.
Filters
— (Array<map>
)One or more OpsItem filters. Use a filter to return a more specific list of results.
Key
— required — (String
)The name of the filter key. Supported values include
Possible values include:ResourceUri
,ResourceType
, orAssociationId
."ResourceType"
"AssociationId"
"ResourceUri"
Values
— required — (Array<String>
)The values for the filter.
Operator
— required — (String
)The operator used by the filter call. The only supported operator is
Possible values include:EQUAL
."Equal"
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)The token for the next set of items to return. (You received this token from a previous call.)
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
Summaries
— (Array<map>
)A list of related-item resources for the specified OpsItem.
OpsItemId
— (String
)The OpsItem ID.
AssociationId
— (String
)The association ID.
ResourceType
— (String
)The resource type.
AssociationType
— (String
)The association type.
ResourceUri
— (String
)The Amazon Resource Name (ARN) of the related-item resource.
CreatedBy
— (map
)Information about the user or resource that created an OpsItem event.
Arn
— (String
)The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem event.
CreatedTime
— (Date
)The time the related-item association was created.
LastModifiedBy
— (map
)Information about the user or resource that created an OpsItem event.
Arn
— (String
)The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem event.
LastModifiedTime
— (Date
)The time the related-item association was last updated.
-
(AWS.Response)
—
Returns:
listOpsMetadata(params = {}, callback) ⇒ AWS.Request
Amazon Web Services Systems Manager calls this API operation when displaying all Application Manager OpsMetadata objects or blobs.
Service Reference:
Examples:
Calling the listOpsMetadata operation
var params = { Filters: [ { Key: 'STRING_VALUE', /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.listOpsMetadata(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Filters
— (Array<map>
)One or more filters to limit the number of OpsMetadata objects returned by the call.
Key
— required — (String
)A filter key.
Values
— required — (Array<String>
)A filter value.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:OpsMetadataList
— (Array<map>
)Returns a list of OpsMetadata objects.
ResourceId
— (String
)The ID of the Application Manager application.
OpsMetadataArn
— (String
)The Amazon Resource Name (ARN) of the OpsMetadata Object or blob.
LastModifiedDate
— (Date
)The date the OpsMetadata object was last updated.
LastModifiedUser
— (String
)The user name who last updated the OpsMetadata object.
CreationDate
— (Date
)The date the OpsMetadata objects was created.
NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
-
(AWS.Response)
—
Returns:
listResourceComplianceSummaries(params = {}, callback) ⇒ AWS.Request
Returns a resource-level summary count. The summary includes information about compliant and non-compliant statuses and detailed compliance-item severity counts, according to the filter criteria you specify.
Service Reference:
Examples:
Calling the listResourceComplianceSummaries operation
var params = { Filters: [ { Key: 'STRING_VALUE', Type: EQUAL | NOT_EQUAL | BEGIN_WITH | LESS_THAN | GREATER_THAN, Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE' }; ssm.listResourceComplianceSummaries(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Filters
— (Array<map>
)One or more filters. Use a filter to return a more specific list of results.
Key
— (String
)The name of the filter.
Values
— (Array<String>
)The value for which to search.
Type
— (String
)The type of comparison that should be performed for the value: Equal, NotEqual, BeginWith, LessThan, or GreaterThan.
Possible values include:"EQUAL"
"NOT_EQUAL"
"BEGIN_WITH"
"LESS_THAN"
"GREATER_THAN"
NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:ResourceComplianceSummaryItems
— (Array<map>
)A summary count for specified or targeted managed instances. Summary count includes information about compliant and non-compliant State Manager associations, patch status, or custom items according to the filter criteria that you specify.
ComplianceType
— (String
)The compliance type.
ResourceType
— (String
)The resource type.
ResourceId
— (String
)The resource ID.
Status
— (String
)The compliance status for the resource.
Possible values include:"COMPLIANT"
"NON_COMPLIANT"
OverallSeverity
— (String
)The highest severity item found for the resource. The resource is compliant for this item.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"INFORMATIONAL"
"UNSPECIFIED"
ExecutionSummary
— (map
)Information about the execution.
ExecutionTime
— required — (Date
)The time the execution ran as a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'.
ExecutionId
— (String
)An ID created by the system when
PutComplianceItems
was called. For example,CommandID
is a valid execution ID. You can use this ID in subsequent calls.ExecutionType
— (String
)The type of execution. For example,
Command
is a valid execution type.
CompliantSummary
— (map
)A list of items that are compliant for the resource.
CompliantCount
— (Integer
)The total number of resources that are compliant.
SeveritySummary
— (map
)A summary of the compliance severity by compliance type.
CriticalCount
— (Integer
)The total number of resources or compliance items that have a severity level of critical. Critical severity is determined by the organization that published the compliance items.
HighCount
— (Integer
)The total number of resources or compliance items that have a severity level of high. High severity is determined by the organization that published the compliance items.
MediumCount
— (Integer
)The total number of resources or compliance items that have a severity level of medium. Medium severity is determined by the organization that published the compliance items.
LowCount
— (Integer
)The total number of resources or compliance items that have a severity level of low. Low severity is determined by the organization that published the compliance items.
InformationalCount
— (Integer
)The total number of resources or compliance items that have a severity level of informational. Informational severity is determined by the organization that published the compliance items.
UnspecifiedCount
— (Integer
)The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.
NonCompliantSummary
— (map
)A list of items that aren't compliant for the resource.
NonCompliantCount
— (Integer
)The total number of compliance items that aren't compliant.
SeveritySummary
— (map
)A summary of the non-compliance severity by compliance type
CriticalCount
— (Integer
)The total number of resources or compliance items that have a severity level of critical. Critical severity is determined by the organization that published the compliance items.
HighCount
— (Integer
)The total number of resources or compliance items that have a severity level of high. High severity is determined by the organization that published the compliance items.
MediumCount
— (Integer
)The total number of resources or compliance items that have a severity level of medium. Medium severity is determined by the organization that published the compliance items.
LowCount
— (Integer
)The total number of resources or compliance items that have a severity level of low. Low severity is determined by the organization that published the compliance items.
InformationalCount
— (Integer
)The total number of resources or compliance items that have a severity level of informational. Informational severity is determined by the organization that published the compliance items.
UnspecifiedCount
— (Integer
)The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.
NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
-
(AWS.Response)
—
Returns:
listResourceDataSync(params = {}, callback) ⇒ AWS.Request
Lists your resource data sync configurations. Includes information about the last time a sync attempted to start, the last sync status, and the last time a sync successfully completed.
The number of sync configurations might be too large to return using a single call to
ListResourceDataSync
. You can limit the number of sync configurations returned by using theMaxResults
parameter. To determine whether there are more sync configurations to list, check the value ofNextToken
in the output. If there are more sync configurations to list, you can request them by specifying theNextToken
returned in the call to the parameter of a subsequent call.Service Reference:
Examples:
Calling the listResourceDataSync operation
var params = { MaxResults: 'NUMBER_VALUE', NextToken: 'STRING_VALUE', SyncType: 'STRING_VALUE' }; ssm.listResourceDataSync(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
SyncType
— (String
)View a list of resource data syncs according to the sync type. Specify
SyncToDestination
to view resource data syncs that synchronize data to an Amazon S3 bucket. SpecifySyncFromSource
to view resource data syncs from Organizations or from multiple Amazon Web Services Regions.NextToken
— (String
)A token to start the list. Use this token to get the next set of results.
MaxResults
— (Integer
)The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:ResourceDataSyncItems
— (Array<map>
)A list of your current resource data sync configurations and their statuses.
SyncName
— (String
)The name of the resource data sync.
SyncType
— (String
)The type of resource data sync. If
SyncType
isSyncToDestination
, then the resource data sync synchronizes data to an S3 bucket. If theSyncType
isSyncFromSource
then the resource data sync synchronizes data from Organizations or from multiple Amazon Web Services Regions.SyncSource
— (map
)Information about the source where the data was synchronized.
SourceType
— (String
)The type of data source for the resource data sync.
SourceType
is eitherAwsOrganizations
(if an organization is present in Organizations) orsingleAccountMultiRegions
.AwsOrganizationsSource
— (map
)The field name in
SyncSource
for theResourceDataSyncAwsOrganizationsSource
type.OrganizationSourceType
— required — (String
)If an Amazon Web Services organization is present, this is either
OrganizationalUnits
orEntireOrganization
. ForOrganizationalUnits
, the data is aggregated from a set of organization units. ForEntireOrganization
, the data is aggregated from the entire Amazon Web Services organization.OrganizationalUnits
— (Array<map>
)The Organizations organization units included in the sync.
OrganizationalUnitId
— (String
)The Organizations unit ID data source for the sync.
SourceRegions
— (Array<String>
)The
SyncSource
Amazon Web Services Regions included in the resource data sync.IncludeFutureRegions
— (Boolean
)Whether to automatically synchronize and aggregate data from new Amazon Web Services Regions when those Regions come online.
State
— (String
)The data type name for including resource data sync state. There are four sync states:
OrganizationNotExists
: Your organization doesn't exist.NoPermissions
: The system can't locate the service-linked role. This role is automatically created when a user creates a resource data sync in Explorer.InvalidOrganizationalUnit
: You specified or selected an invalid unit in the resource data sync configuration.TrustedAccessDisabled
: You disabled Systems Manager access in the organization in Organizations.EnableAllOpsDataSources
— (Boolean
)When you create a resource data sync, if you choose one of the Organizations options, then Systems Manager automatically enables all OpsData sources in the selected Amazon Web Services Regions for all Amazon Web Services accounts in your organization (or in the selected organization units). For more information, see About multiple account and Region resource data syncs in the Amazon Web Services Systems Manager User Guide.
S3Destination
— (map
)Configuration information for the target S3 bucket.
BucketName
— required — (String
)The name of the S3 bucket where the aggregated data is stored.
Prefix
— (String
)An Amazon S3 prefix for the bucket.
SyncFormat
— required — (String
)A supported sync format. The following format is currently supported: JsonSerDe
Possible values include:"JsonSerDe"
Region
— required — (String
)The Amazon Web Services Region with the S3 bucket targeted by the resource data sync.
AWSKMSKeyARN
— (String
)The ARN of an encryption key for a destination in Amazon S3. Must belong to the same Region as the destination S3 bucket.
DestinationDataSharing
— (map
)Enables destination data sharing. By default, this field is
null
.DestinationDataSharingType
— (String
)The sharing data type. Only
Organization
is supported.
LastSyncTime
— (Date
)The last time the configuration attempted to sync (UTC).
LastSuccessfulSyncTime
— (Date
)The last time the sync operations returned a status of
SUCCESSFUL
(UTC).SyncLastModifiedTime
— (Date
)The date and time the resource data sync was changed.
LastStatus
— (String
)The status reported by the last sync.
Possible values include:"Successful"
"Failed"
"InProgress"
SyncCreatedTime
— (Date
)The date and time the configuration was created (UTC).
LastSyncStatusMessage
— (String
)The status message details reported by the last sync.
NextToken
— (String
)The token for the next set of items to return. Use this token to get the next set of results.
-
(AWS.Response)
—
Returns:
listTagsForResource(params = {}, callback) ⇒ AWS.Request
Returns a list of the tags assigned to the specified resource.
For information about the ID format for each supported resource type, see AddTagsToResource.
Service Reference:
Examples:
Calling the listTagsForResource operation
var params = { ResourceId: 'STRING_VALUE', /* required */ ResourceType: Document | ManagedInstance | MaintenanceWindow | Parameter | PatchBaseline | OpsItem | OpsMetadata /* required */ }; ssm.listTagsForResource(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
ResourceType
— (String
)Returns a list of tags for a specific resource type.
Possible values include:"Document"
"ManagedInstance"
"MaintenanceWindow"
"Parameter"
"PatchBaseline"
"OpsItem"
"OpsMetadata"
ResourceId
— (String
)The resource ID for which you want to see a list of tags.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:TagList
— (Array<map>
)A list of tags.
Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
-
(AWS.Response)
—
Returns:
modifyDocumentPermission(params = {}, callback) ⇒ AWS.Request
Shares a Amazon Web Services Systems Manager document (SSM document)publicly or privately. If you share a document privately, you must specify the Amazon Web Services user account IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.
Service Reference:
Examples:
Calling the modifyDocumentPermission operation
var params = { Name: 'STRING_VALUE', /* required */ PermissionType: Share, /* required */ AccountIdsToAdd: [ 'STRING_VALUE', /* more items */ ], AccountIdsToRemove: [ 'STRING_VALUE', /* more items */ ], SharedDocumentVersion: 'STRING_VALUE' }; ssm.modifyDocumentPermission(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the document that you want to share.
PermissionType
— (String
)The permission type for the document. The permission type can be Share.
Possible values include:"Share"
AccountIdsToAdd
— (Array<String>
)The Amazon Web Services user accounts that should have access to the document. The account IDs can either be a group of account IDs or All.
AccountIdsToRemove
— (Array<String>
)The Amazon Web Services user accounts that should no longer have access to the document. The Amazon Web Services user account can either be a group of account IDs or All. This action has a higher priority than AccountIdsToAdd. If you specify an account ID to add and the same ID to remove, the system removes access to the document.
SharedDocumentVersion
— (String
)(Optional) The version of the document to share. If it isn't specified, the system choose the
Default
version to share.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
putComplianceItems(params = {}, callback) ⇒ AWS.Request
Registers a compliance type and other compliance details on a designated resource. This operation lets you register custom compliance details with a resource. This call overwrites existing compliance information on the resource, so you must provide a full list of compliance items each time that you send the request.
ComplianceType can be one of the following:
-
ExecutionId: The execution ID when the patch, association, or custom compliance item was applied.
-
ExecutionType: Specify patch, association, or Custom:
string
. -
ExecutionTime. The time the patch, association, or custom compliance item was applied to the instance.
-
Id: The patch, association, or custom compliance ID.
-
Title: A title.
-
Status: The status of the compliance item. For example,
approved
for patches, orFailed
for associations. -
Severity: A patch severity. For example,
critical
. -
DocumentName: An SSM document name. For example,
AWS-RunPatchBaseline
. -
DocumentVersion: An SSM document version number. For example, 4.
-
Classification: A patch classification. For example,
security updates
. -
PatchBaselineId: A patch baseline ID.
-
PatchSeverity: A patch severity. For example,
Critical
. -
PatchState: A patch state. For example,
InstancesWithFailedPatches
. -
PatchGroup: The name of a patch group.
-
InstalledTime: The time the association, patch, or custom compliance item was applied to the resource. Specify the time by using the following format: yyyy-MM-dd'T'HH:mm:ss'Z'
Service Reference:
Examples:
Calling the putComplianceItems operation
var params = { ComplianceType: 'STRING_VALUE', /* required */ ExecutionSummary: { /* required */ ExecutionTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789, /* required */ ExecutionId: 'STRING_VALUE', ExecutionType: 'STRING_VALUE' }, Items: [ /* required */ { Severity: CRITICAL | HIGH | MEDIUM | LOW | INFORMATIONAL | UNSPECIFIED, /* required */ Status: COMPLIANT | NON_COMPLIANT, /* required */ Details: { '<AttributeName>': 'STRING_VALUE', /* '<AttributeName>': ... */ }, Id: 'STRING_VALUE', Title: 'STRING_VALUE' }, /* more items */ ], ResourceId: 'STRING_VALUE', /* required */ ResourceType: 'STRING_VALUE', /* required */ ItemContentHash: 'STRING_VALUE', UploadType: COMPLETE | PARTIAL }; ssm.putComplianceItems(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
ResourceId
— (String
)Specify an ID for this resource. For a managed instance, this is the instance ID.
ResourceType
— (String
)Specify the type of resource.
ManagedInstance
is currently the only supported resource type.ComplianceType
— (String
)Specify the compliance type. For example, specify Association (for a State Manager association), Patch, or Custom:
string
.ExecutionSummary
— (map
)A summary of the call execution that includes an execution ID, the type of execution (for example,
Command
), and the date/time of the execution using a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'.ExecutionTime
— required — (Date
)The time the execution ran as a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'.
ExecutionId
— (String
)An ID created by the system when
PutComplianceItems
was called. For example,CommandID
is a valid execution ID. You can use this ID in subsequent calls.ExecutionType
— (String
)The type of execution. For example,
Command
is a valid execution type.
Items
— (Array<map>
)Information about the compliance as defined by the resource type. For example, for a patch compliance type,
Items
includes information about the PatchSeverity, Classification, and so on.Id
— (String
)The compliance item ID. For example, if the compliance item is a Windows patch, the ID could be the number of the KB article.
Title
— (String
)The title of the compliance item. For example, if the compliance item is a Windows patch, the title could be the title of the KB article for the patch; for example: Security Update for Active Directory Federation Services.
Severity
— required — (String
)The severity of the compliance status. Severity can be one of the following: Critical, High, Medium, Low, Informational, Unspecified.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"INFORMATIONAL"
"UNSPECIFIED"
Status
— required — (String
)The status of the compliance item. An item is either COMPLIANT or NON_COMPLIANT.
Possible values include:"COMPLIANT"
"NON_COMPLIANT"
Details
— (map<String>
)A "Key": "Value" tag combination for the compliance item.
ItemContentHash
— (String
)MD5 or SHA-256 content hash. The content hash is used to determine if existing information should be overwritten or ignored. If the content hashes match, the request to put compliance information is ignored.
UploadType
— (String
)The mode for uploading compliance items. You can specify
COMPLETE
orPARTIAL
. InCOMPLETE
mode, the system overwrites all existing compliance information for the resource. You must provide a full list of compliance items each time you send the request.In
PARTIAL
mode, the system overwrites compliance information for a specific association. The association must be configured withSyncCompliance
set toMANUAL
. By default, all requests useCOMPLETE
mode.Note: This attribute is only valid for association compliance.Possible values include:"COMPLETE"
"PARTIAL"
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
putInventory(params = {}, callback) ⇒ AWS.Request
Bulk update custom inventory items on one more instance. The request adds an inventory item, if it doesn't already exist, or updates an inventory item, if it does exist.
Service Reference:
Examples:
Calling the putInventory operation
var params = { InstanceId: 'STRING_VALUE', /* required */ Items: [ /* required */ { CaptureTime: 'STRING_VALUE', /* required */ SchemaVersion: 'STRING_VALUE', /* required */ TypeName: 'STRING_VALUE', /* required */ Content: [ { '<AttributeName>': 'STRING_VALUE', /* '<AttributeName>': ... */ }, /* more items */ ], ContentHash: 'STRING_VALUE', Context: { '<AttributeName>': 'STRING_VALUE', /* '<AttributeName>': ... */ } }, /* more items */ ] }; ssm.putInventory(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
InstanceId
— (String
)An instance ID where you want to add or update inventory items.
Items
— (Array<map>
)The inventory items that you want to add or update on instances.
TypeName
— required — (String
)The name of the inventory type. Default inventory item type names start with
AWS
. Custom inventory type names will start with Custom. Default inventory item types include the following:AWS:AWSComponent
,AWS:Application
,AWS:InstanceInformation
,AWS:Network
, andAWS:WindowsUpdate
.SchemaVersion
— required — (String
)The schema version for the inventory item.
CaptureTime
— required — (String
)The time the inventory information was collected.
ContentHash
— (String
)MD5 hash of the inventory item type contents. The content hash is used to determine whether to update inventory information. The PutInventory API doesn't update the inventory item type contents if the MD5 hash hasn't changed since last update.
Content
— (Array<map<String>>
)The inventory data of the inventory type.
Context
— (map<String>
)A map of associated properties for a specified inventory type. For example, with this attribute, you can specify the
ExecutionId
,ExecutionType
,ComplianceType
properties of theAWS:ComplianceItem
type.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Message
— (String
)Information about the request.
-
(AWS.Response)
—
Returns:
putParameter(params = {}, callback) ⇒ AWS.Request
Add a parameter to the system.
Service Reference:
Examples:
Calling the putParameter operation
var params = { Name: 'STRING_VALUE', /* required */ Value: 'STRING_VALUE', /* required */ AllowedPattern: 'STRING_VALUE', DataType: 'STRING_VALUE', Description: 'STRING_VALUE', KeyId: 'STRING_VALUE', Overwrite: true || false, Policies: 'STRING_VALUE', Tags: [ { Key: 'STRING_VALUE', /* required */ Value: 'STRING_VALUE' /* required */ }, /* more items */ ], Tier: Standard | Advanced | Intelligent-Tiering, Type: String | StringList | SecureString }; ssm.putParameter(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The fully qualified name of the parameter that you want to add to the system. The fully qualified name includes the complete hierarchy of the parameter path and name. For parameters in a hierarchy, you must include a leading forward slash character (/) when you create or reference a parameter. For example:
/Dev/DBServer/MySQL/db-string13
Naming Constraints:
-
Parameter names are case sensitive.
-
A parameter name must be unique within an Amazon Web Services Region
-
A parameter name can't be prefixed with "
aws
" or "ssm
" (case-insensitive). -
Parameter names can include only the following symbols and letters:
a-zA-Z0-9_.-
In addition, the slash character ( / ) is used to delineate hierarchies in parameter names. For example:
/Dev/Production/East/Project-ABC/MyParameter
-
A parameter name can't include spaces.
-
Parameter hierarchies are limited to a maximum depth of fifteen levels.
For additional information about valid values for parameter names, see Creating Systems Manager parameters in the Amazon Web Services Systems Manager User Guide.
Note: The maximum length constraint listed below includes capacity for additional system attributes that aren't part of the name. The maximum length for a parameter name, including the full length of the parameter ARN, is 1011 characters. For example, the length of the following parameter name is 65 characters, not 20 characters:arn:aws:ssm:us-east-2:111122223333:parameter/ExampleParameterName
-
Description
— (String
)Information about the parameter that you want to add to the system. Optional but recommended.
Don't enter personally identifiable information in this field.
Value
— (String
)The parameter value that you want to add to the system. Standard parameters have a value limit of 4 KB. Advanced parameters have a value limit of 8 KB.
Note: Parameters can't be referenced or nested in the values of other parameters. You can't include{{}}
or{{ssm:parameter-name}}
in a parameter value.Type
— (String
)The type of parameter that you want to add to the system.
Note:SecureString
isn't currently supported for CloudFormation templates.Items in a
StringList
must be separated by a comma (,). You can't use other punctuation or special character to escape items in the list. If you have a parameter value that requires a comma, then use theString
data type.Specifying a parameter type isn't required when updating a parameter. You must specify a parameter type when creating a parameter.
"String"
"StringList"
"SecureString"
KeyId
— (String
)The Key Management Service (KMS) ID that you want to use to encrypt a parameter. Either the default KMS key automatically assigned to your Amazon Web Services account or a custom key. Required for parameters that use the
SecureString
data type.If you don't specify a key ID, the system uses the default key associated with your Amazon Web Services account.
-
To use your default KMS key, choose the
SecureString
data type, and do not specify theKey ID
when you create the parameter. The system automatically populatesKey ID
with your default KMS key. -
To use a custom KMS key, choose the
SecureString
data type with theKey ID
parameter.
-
Overwrite
— (Boolean
)Overwrite an existing parameter. The default value is
false
.AllowedPattern
— (String
)A regular expression used to validate the parameter value. For example, for String types with values restricted to numbers, you can specify the following: AllowedPattern=^\d+$
Tags
— (Array<map>
)Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Systems Manager parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter. In this case, you could specify the following key-value pairs:
-
Key=Resource,Value=S3bucket
-
Key=OS,Value=Windows
-
Key=ParameterType,Value=LicenseKey
Note: To add tags to an existing Systems Manager parameter, use the AddTagsToResource operation.Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
-
Tier
— (String
)The parameter tier to assign to a parameter.
Parameter Store offers a standard tier and an advanced tier for parameters. Standard parameters have a content size limit of 4 KB and can't be configured to use parameter policies. You can create a maximum of 10,000 standard parameters for each Region in an Amazon Web Services account. Standard parameters are offered at no additional cost.
Advanced parameters have a content size limit of 8 KB and can be configured to use parameter policies. You can create a maximum of 100,000 advanced parameters for each Region in an Amazon Web Services account. Advanced parameters incur a charge. For more information, see Standard and advanced parameter tiers in the Amazon Web Services Systems Manager User Guide.
You can change a standard parameter to an advanced parameter any time. But you can't revert an advanced parameter to a standard parameter. Reverting an advanced parameter to a standard parameter would result in data loss because the system would truncate the size of the parameter from 8 KB to 4 KB. Reverting would also remove any policies attached to the parameter. Lastly, advanced parameters use a different form of encryption than standard parameters.
If you no longer need an advanced parameter, or if you no longer want to incur charges for an advanced parameter, you must delete it and recreate it as a new standard parameter.
Using the Default Tier Configuration
In
PutParameter
requests, you can specify the tier to create the parameter in. Whenever you specify a tier in the request, Parameter Store creates or updates the parameter according to that request. However, if you don't specify a tier in a request, Parameter Store assigns the tier based on the current Parameter Store default tier configuration.The default tier when you begin using Parameter Store is the standard-parameter tier. If you use the advanced-parameter tier, you can specify one of the following as the default:
-
Advanced: With this option, Parameter Store evaluates all requests as advanced parameters.
-
Intelligent-Tiering: With this option, Parameter Store evaluates each request to determine if the parameter is standard or advanced.
If the request doesn't include any options that require an advanced parameter, the parameter is created in the standard-parameter tier. If one or more options requiring an advanced parameter are included in the request, Parameter Store create a parameter in the advanced-parameter tier.
This approach helps control your parameter-related costs by always creating standard parameters unless an advanced parameter is necessary.
Options that require an advanced parameter include the following:
-
The content size of the parameter is more than 4 KB.
-
The parameter uses a parameter policy.
-
More than 10,000 parameters already exist in your Amazon Web Services account in the current Amazon Web Services Region.
For more information about configuring the default tier option, see Specifying a default parameter tier in the Amazon Web Services Systems Manager User Guide.
Possible values include:"Standard"
"Advanced"
"Intelligent-Tiering"
-
Policies
— (String
)One or more policies to apply to a parameter. This operation takes a JSON array. Parameter Store, a capability of Amazon Web Services Systems Manager supports the following policy types:
Expiration: This policy deletes the parameter after it expires. When you create the policy, you specify the expiration date. You can update the expiration date and time by updating the policy. Updating the parameter doesn't affect the expiration date and time. When the expiration time is reached, Parameter Store deletes the parameter.
ExpirationNotification: This policy triggers an event in Amazon CloudWatch Events that notifies you about the expiration. By using this policy, you can receive notification before or after the expiration time is reached, in units of days or hours.
NoChangeNotification: This policy triggers a CloudWatch Events event if a parameter hasn't been modified for a specified period of time. This policy type is useful when, for example, a secret needs to be changed within a period of time, but it hasn't been changed.
All existing policies are preserved until you send new policies or an empty policy. For more information about parameter policies, see Assigning parameter policies.
DataType
— (String
)The data type for a
String
parameter. Supported data types include plain text and Amazon Machine Image (AMI) IDs.The following data type values are supported.
-
text
-
aws:ec2:image
When you create a
String
parameter and specifyaws:ec2:image
, Amazon Web Services Systems Manager validates the parameter value is in the required format, such asami-12345abcdeEXAMPLE
, and that the specified AMI is available in your Amazon Web Services account. For more information, see Native parameter support for Amazon Machine Image (AMI) IDs in the Amazon Web Services Systems Manager User Guide.-
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Version
— (Integer
)The new version number of a parameter. If you edit a parameter value, Parameter Store automatically creates a new version and assigns this new version a unique ID. You can reference a parameter version ID in API operations or in Systems Manager documents (SSM documents). By default, if you don't specify a specific version, the system returns the latest parameter value when a parameter is called.
Tier
— (String
)The tier assigned to the parameter.
Possible values include:"Standard"
"Advanced"
"Intelligent-Tiering"
-
(AWS.Response)
—
Returns:
registerDefaultPatchBaseline(params = {}, callback) ⇒ AWS.Request
Defines the default patch baseline for the relevant operating system.
To reset the Amazon Web Services-predefined patch baseline as the default, specify the full patch baseline Amazon Resource Name (ARN) as the baseline ID value. For example, for CentOS, specify
arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed
instead ofpb-0574b43a65ea646ed
.Service Reference:
Examples:
Calling the registerDefaultPatchBaseline operation
var params = { BaselineId: 'STRING_VALUE' /* required */ }; ssm.registerDefaultPatchBaseline(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
BaselineId
— (String
)The ID of the patch baseline that should be the default patch baseline.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:BaselineId
— (String
)The ID of the default patch baseline.
-
(AWS.Response)
—
Returns:
registerPatchBaselineForPatchGroup(params = {}, callback) ⇒ AWS.Request
Registers a patch baseline for a patch group.
Service Reference:
Examples:
Calling the registerPatchBaselineForPatchGroup operation
var params = { BaselineId: 'STRING_VALUE', /* required */ PatchGroup: 'STRING_VALUE' /* required */ }; ssm.registerPatchBaselineForPatchGroup(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
BaselineId
— (String
)The ID of the patch baseline to register with the patch group.
PatchGroup
— (String
)The name of the patch group to be registered with the patch baseline.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:BaselineId
— (String
)The ID of the patch baseline the patch group was registered with.
PatchGroup
— (String
)The name of the patch group registered with the patch baseline.
-
(AWS.Response)
—
Returns:
registerTargetWithMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Registers a target with a maintenance window.
Service Reference:
Examples:
Calling the registerTargetWithMaintenanceWindow operation
var params = { ResourceType: INSTANCE | RESOURCE_GROUP, /* required */ Targets: [ /* required */ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], WindowId: 'STRING_VALUE', /* required */ ClientToken: 'STRING_VALUE', Description: 'STRING_VALUE', Name: 'STRING_VALUE', OwnerInformation: 'STRING_VALUE' }; ssm.registerTargetWithMaintenanceWindow(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowId
— (String
)The ID of the maintenance window the target should be registered with.
ResourceType
— (String
)The type of target being registered with the maintenance window.
Possible values include:"INSTANCE"
"RESOURCE_GROUP"
Targets
— (Array<map>
)The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs.
Note: If a single maintenance window task is registered with multiple targets, its task invocations occur sequentially and not in parallel. If your task must run on multiple targets at the same time, register a task for each target individually and assign each task the same priority level.You can specify targets using instance IDs, resource group names, or tags that have been applied to instances.
Example 1: Specify instance IDs
Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
Example 2: Use tag key-pairs applied to instances
Key=tag:my-tag-key,Values=my-tag-value-1,my-tag-value-2
Example 3: Use tag-keys applied to instances
Key=tag-key,Values=my-tag-key-1,my-tag-key-2
Example 4: Use resource group names
Key=resource-groups:Name,Values=resource-group-name
Example 5: Use filters for resource group types
Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2
Note: ForKey=resource-groups:ResourceTypeFilters
, specify resource types in the following formatKey=resource-groups:ResourceTypeFilters,Values=AWS::EC2::INSTANCE,AWS::EC2::VPC
For more information about these examples formats, including the best use case for each one, see Examples: Register targets with a maintenance window in the Amazon Web Services Systems Manager User Guide.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
OwnerInformation
— (String
)User-provided value that will be included in any Amazon CloudWatch Events events raised while running tasks for these targets in this maintenance window.
Name
— (String
)An optional name for the target.
Description
— (String
)An optional description for the target.
ClientToken
— (String
)User-provided idempotency token.
If a token is not provided, the SDK will use a version 4 UUID.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowTargetId
— (String
)The ID of the target definition in this maintenance window.
-
(AWS.Response)
—
Returns:
registerTaskWithMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Adds a new task to a maintenance window.
Service Reference:
Examples:
Calling the registerTaskWithMaintenanceWindow operation
var params = { TaskArn: 'STRING_VALUE', /* required */ TaskType: RUN_COMMAND | AUTOMATION | STEP_FUNCTIONS | LAMBDA, /* required */ WindowId: 'STRING_VALUE', /* required */ ClientToken: 'STRING_VALUE', CutoffBehavior: CONTINUE_TASK | CANCEL_TASK, Description: 'STRING_VALUE', LoggingInfo: { S3BucketName: 'STRING_VALUE', /* required */ S3Region: 'STRING_VALUE', /* required */ S3KeyPrefix: 'STRING_VALUE' }, MaxConcurrency: 'STRING_VALUE', MaxErrors: 'STRING_VALUE', Name: 'STRING_VALUE', Priority: 'NUMBER_VALUE', ServiceRoleArn: 'STRING_VALUE', Targets: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], TaskInvocationParameters: { Automation: { DocumentVersion: 'STRING_VALUE', Parameters: { '<AutomationParameterKey>': [ 'STRING_VALUE', /* more items */ ], /* '<AutomationParameterKey>': ... */ } }, Lambda: { ClientContext: 'STRING_VALUE', Payload: Buffer.from('...') || 'STRING_VALUE' /* Strings will be Base-64 encoded on your behalf */, Qualifier: 'STRING_VALUE' }, RunCommand: { CloudWatchOutputConfig: { CloudWatchLogGroupName: 'STRING_VALUE', CloudWatchOutputEnabled: true || false }, Comment: 'STRING_VALUE', DocumentHash: 'STRING_VALUE', DocumentHashType: Sha256 | Sha1, DocumentVersion: 'STRING_VALUE', NotificationConfig: { NotificationArn: 'STRING_VALUE', NotificationEvents: [ All | InProgress | Success | TimedOut | Cancelled | Failed, /* more items */ ], NotificationType: Command | Invocation }, OutputS3BucketName: 'STRING_VALUE', OutputS3KeyPrefix: 'STRING_VALUE', Parameters: { '<ParameterName>': [ 'STRING_VALUE', /* more items */ ], /* '<ParameterName>': ... */ }, ServiceRoleArn: 'STRING_VALUE', TimeoutSeconds: 'NUMBER_VALUE' }, StepFunctions: { Input: 'STRING_VALUE', Name: 'STRING_VALUE' } }, TaskParameters: { '<MaintenanceWindowTaskParameterName>': { Values: [ 'STRING_VALUE', /* more items */ ] }, /* '<MaintenanceWindowTaskParameterName>': ... */ } }; ssm.registerTaskWithMaintenanceWindow(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowId
— (String
)The ID of the maintenance window the task should be added to.
Targets
— (Array<map>
)The targets (either instances or maintenance window targets).
Note: One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.Specify instances using the following format:
Key=InstanceIds,Values=<instance-id-1>,<instance-id-2>
Specify maintenance window targets using the following format:
Key=WindowTargetIds,Values=<window-target-id-1>,<window-target-id-2>
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TaskArn
— (String
)The ARN of the task to run.
ServiceRoleArn
— (String
)The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses your account's service-linked role. If no service-linked role for Systems Manager exists in your account, it is created when you run
RegisterTaskWithMaintenanceWindow
.For more information, see the following topics in the in the Amazon Web Services Systems Manager User Guide:
TaskType
— (String
)The type of task being registered.
Possible values include:"RUN_COMMAND"
"AUTOMATION"
"STEP_FUNCTIONS"
"LAMBDA"
TaskParameters
— (map<map>
)The parameters that should be passed to the task when it is run.
Note:TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.Values
— (Array<String>
)This field contains an array of 0 or more strings, each 1 to 255 characters in length.
TaskInvocationParameters
— (map
)The parameters that the task should use during execution. Populate only the fields that match the task type. All other fields should be empty.
RunCommand
— (map
)The parameters for a
RUN_COMMAND
task type.Comment
— (String
)Information about the commands to run.
CloudWatchOutputConfig
— (map
)Configuration options for sending command output to Amazon CloudWatch Logs.
CloudWatchLogGroupName
— (String
)The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
CloudWatchOutputEnabled
— (Boolean
)Enables Systems Manager to send command output to CloudWatch Logs.
DocumentHash
— (String
)The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
DocumentHashType
— (String
)SHA-256 or SHA-1. SHA-1 hashes have been deprecated.
Possible values include:"Sha256"
"Sha1"
DocumentVersion
— (String
)The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify
$DEFAULT
,$LATEST
, or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
NotificationConfig
— (map
)Configurations for sending notifications about command status changes on a per-instance basis.
NotificationArn
— (String
)An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents
— (Array<String>
)The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
NotificationType
— (String
)The type of notification.
-
Command
: Receive notification when the status of a command changes. -
Invocation
: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes.
"Command"
"Invocation"
-
OutputS3BucketName
— (String
)The name of the Amazon Simple Storage Service (Amazon S3) bucket.
OutputS3KeyPrefix
— (String
)The S3 bucket subfolder.
Parameters
— (map<Array<String>>
)The parameters for the
RUN_COMMAND
task execution.ServiceRoleArn
— (String
)The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TimeoutSeconds
— (Integer
)If this time is reached and the command hasn't already started running, it doesn't run.
Automation
— (map
)The parameters for an
AUTOMATION
task type.DocumentVersion
— (String
)The version of an Automation runbook to use during task execution.
Parameters
— (map<Array<String>>
)The parameters for the
AUTOMATION
task.For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
Note:LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. ForAUTOMATION
task types, Amazon Web Services Systems Manager ignores any values specified for these parameters.
StepFunctions
— (map
)The parameters for a
STEP_FUNCTIONS
task type.Input
— (String
)The inputs for the
STEP_FUNCTIONS
task.Name
— (String
)The name of the
STEP_FUNCTIONS
task.
Lambda
— (map
)The parameters for a
LAMBDA
task type.ClientContext
— (String
)Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.
Qualifier
— (String
)(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.
Payload
— (Buffer, Typed Array, Blob, String
)JSON to provide to your Lambda function as input.
Priority
— (Integer
)The priority of the task in the maintenance window, the lower the number the higher the priority. Tasks in a maintenance window are scheduled in priority order with tasks that have the same priority scheduled in parallel.
MaxConcurrency
— (String
)The maximum number of targets this task can be run for in parallel.
Note: For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of1
. This value doesn't affect the running of your task.MaxErrors
— (String
)The maximum number of errors allowed before this task stops being scheduled.
Note: For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of1
. This value doesn't affect the running of your task.LoggingInfo
— (map
)A structure containing information about an Amazon Simple Storage Service (Amazon S3) bucket to write instance-level logs to.
Note:LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.S3BucketName
— required — (String
)The name of an S3 bucket where execution logs are stored .
S3KeyPrefix
— (String
)(Optional) The S3 bucket subfolder.
S3Region
— required — (String
)The Amazon Web Services Region where the S3 bucket is located.
Name
— (String
)An optional name for the task.
Description
— (String
)An optional description for the task.
ClientToken
— (String
)User-provided idempotency token.
If a token is not provided, the SDK will use a version 4 UUID.CutoffBehavior
— (String
)Indicates whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.
-
CONTINUE_TASK
: When the cutoff time is reached, any tasks that are running continue. The default value. -
CANCEL_TASK
:-
For Automation, Lambda, Step Functions tasks: When the cutoff time is reached, any task invocations that are already running continue, but no new task invocations are started.
-
For Run Command tasks: When the cutoff time is reached, the system sends a CancelCommand operation that attempts to cancel the command associated with the task. However, there is no guarantee that the command will be terminated and the underlying process stopped.
The status for tasks that are not completed is
TIMED_OUT
. -
"CONTINUE_TASK"
"CANCEL_TASK"
-
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowTaskId
— (String
)The ID of the task in the maintenance window.
-
(AWS.Response)
—
Returns:
removeTagsFromResource(params = {}, callback) ⇒ AWS.Request
Removes tag keys from the specified resource.
Service Reference:
Examples:
Calling the removeTagsFromResource operation
var params = { ResourceId: 'STRING_VALUE', /* required */ ResourceType: Document | ManagedInstance | MaintenanceWindow | Parameter | PatchBaseline | OpsItem | OpsMetadata, /* required */ TagKeys: [ /* required */ 'STRING_VALUE', /* more items */ ] }; ssm.removeTagsFromResource(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
ResourceType
— (String
)The type of resource from which you want to remove a tag.
Note: ThePossible values include:ManagedInstance
type for this API operation is only for on-premises managed instances. Specify the name of the managed instance in the following format:mi-ID_number
. For example,mi-1a2b3c4d5e6f
."Document"
"ManagedInstance"
"MaintenanceWindow"
"Parameter"
"PatchBaseline"
"OpsItem"
"OpsMetadata"
ResourceId
— (String
)The ID of the resource from which you want to remove tags. For example:
ManagedInstance: mi-012345abcde
MaintenanceWindow: mw-012345abcde
PatchBaseline: pb-012345abcde
OpsMetadata object:
ResourceID
for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically,ResourceID
is created from the strings that come after the wordopsmetadata
in the ARN. For example, an OpsMetadata object with an ARN ofarn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager
has aResourceID
of eitheraws/ssm/MyGroup/appmanager
or/aws/ssm/MyGroup/appmanager
.For the Document and Parameter values, use the name of the resource.
Note: The ManagedInstance type for this API operation is only for on-premises managed instances. Specify the name of the managed instance in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f.TagKeys
— (Array<String>
)Tag keys that you want to remove from the specified resource.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
resetServiceSetting(params = {}, callback) ⇒ AWS.Request
ServiceSetting
is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.Services map a
SettingId
object to a setting value. Amazon Web Services services teams define the default value for aSettingId
. You can't create a newSettingId
, but you can overwrite the default value if you have thessm:UpdateServiceSetting
permission for the setting. Use the GetServiceSetting API operation to view the current value. Use the UpdateServiceSetting API operation to change the default setting.Reset the service setting for the account to the default value as provisioned by the Amazon Web Services service team.
Service Reference:
Examples:
Calling the resetServiceSetting operation
var params = { SettingId: 'STRING_VALUE' /* required */ }; ssm.resetServiceSetting(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
SettingId
— (String
)The Amazon Resource Name (ARN) of the service setting to reset. The setting ID can be one of the following.
-
/ssm/automation/customer-script-log-destination
-
/ssm/automation/customer-script-log-group-name
-
/ssm/documents/console/public-sharing-permission
-
/ssm/parameter-store/default-parameter-tier
-
/ssm/parameter-store/high-throughput-enabled
-
/ssm/managed-instance/activation-tier
-
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:ServiceSetting
— (map
)The current, effective service setting after calling the ResetServiceSetting API operation.
SettingId
— (String
)The ID of the service setting.
SettingValue
— (String
)The value of the service setting.
LastModifiedDate
— (Date
)The last time the service setting was modified.
LastModifiedUser
— (String
)The ARN of the last modified user. This field is populated only if the setting value was overwritten.
ARN
— (String
)The ARN of the service setting.
Status
— (String
)The status of the service setting. The value can be Default, Customized or PendingUpdate.
-
Default: The current setting uses a default value provisioned by the Amazon Web Services service team.
-
Customized: The current setting use a custom value specified by the customer.
-
PendingUpdate: The current setting uses a default or custom value, but a setting change request is pending approval.
-
-
(AWS.Response)
—
Returns:
resumeSession(params = {}, callback) ⇒ AWS.Request
Reconnects a session to an instance after it has been disconnected. Connections can be resumed for disconnected sessions, but not terminated sessions.
Note: This command is primarily for use by client machines to automatically reconnect during intermittent network issues. It isn't intended for any other use.Service Reference:
Examples:
Calling the resumeSession operation
var params = { SessionId: 'STRING_VALUE' /* required */ }; ssm.resumeSession(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
SessionId
— (String
)The ID of the disconnected session to resume.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:SessionId
— (String
)The ID of the session.
TokenValue
— (String
)An encrypted token value containing session and caller information. Used to authenticate the connection to the instance.
StreamUrl
— (String
)A URL back to SSM Agent on the instance that the Session Manager client uses to send commands and receive output from the instance. Format:
wss://ssmmessages.region.amazonaws.com/v1/data-channel/session-id?stream=(input|output)
.region represents the Region identifier for an Amazon Web Services Region supported by Amazon Web Services Systems Manager, such as
us-east-2
for the US East (Ohio) Region. For a list of supported region values, see the Region column in Systems Manager service endpoints in the Amazon Web Services General Reference.session-id represents the ID of a Session Manager session, such as
1a2b3c4dEXAMPLE
.
-
(AWS.Response)
—
Returns:
sendAutomationSignal(params = {}, callback) ⇒ AWS.Request
Sends a signal to an Automation execution to change the current behavior or status of the execution.
Service Reference:
Examples:
Calling the sendAutomationSignal operation
var params = { AutomationExecutionId: 'STRING_VALUE', /* required */ SignalType: Approve | Reject | StartStep | StopStep | Resume, /* required */ Payload: { '<AutomationParameterKey>': [ 'STRING_VALUE', /* more items */ ], /* '<AutomationParameterKey>': ... */ } }; ssm.sendAutomationSignal(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
AutomationExecutionId
— (String
)The unique identifier for an existing Automation execution that you want to send the signal to.
SignalType
— (String
)The type of signal to send to an Automation execution.
Possible values include:"Approve"
"Reject"
"StartStep"
"StopStep"
"Resume"
Payload
— (map<Array<String>>
)The data sent with the signal. The data schema depends on the type of signal used in the request.
For
Approve
andReject
signal types, the payload is an optional comment that you can send with the signal type. For example:Comment="Looks good"
For
StartStep
andResume
signal types, you must send the name of the Automation step to start or resume as the payload. For example:StepName="step1"
For the
StopStep
signal type, you must send the step execution ID as the payload. For example:StepExecutionId="97fff367-fc5a-4299-aed8-0123456789ab"
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
sendCommand(params = {}, callback) ⇒ AWS.Request
Runs commands on one or more managed instances.
Service Reference:
Examples:
Calling the sendCommand operation
var params = { DocumentName: 'STRING_VALUE', /* required */ CloudWatchOutputConfig: { CloudWatchLogGroupName: 'STRING_VALUE', CloudWatchOutputEnabled: true || false }, Comment: 'STRING_VALUE', DocumentHash: 'STRING_VALUE', DocumentHashType: Sha256 | Sha1, DocumentVersion: 'STRING_VALUE', InstanceIds: [ 'STRING_VALUE', /* more items */ ], MaxConcurrency: 'STRING_VALUE', MaxErrors: 'STRING_VALUE', NotificationConfig: { NotificationArn: 'STRING_VALUE', NotificationEvents: [ All | InProgress | Success | TimedOut | Cancelled | Failed, /* more items */ ], NotificationType: Command | Invocation }, OutputS3BucketName: 'STRING_VALUE', OutputS3KeyPrefix: 'STRING_VALUE', OutputS3Region: 'STRING_VALUE', Parameters: { '<ParameterName>': [ 'STRING_VALUE', /* more items */ ], /* '<ParameterName>': ... */ }, ServiceRoleArn: 'STRING_VALUE', Targets: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], TimeoutSeconds: 'NUMBER_VALUE' }; ssm.sendCommand(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
InstanceIds
— (Array<String>
)The IDs of the instances where the command should run. Specifying instance IDs is most useful when you are targeting a limited number of instances, though you can specify up to 50 IDs.
To target a larger number of instances, or if you prefer not to list individual instance IDs, we recommend using the
Targets
option instead. UsingTargets
, which accepts tag key-value pairs to identify the instances to send commands to, you can a send command to tens, hundreds, or thousands of instances at once.For more information about how to use targets, see Using targets and rate controls to send commands to a fleet in the Amazon Web Services Systems Manager User Guide.
Targets
— (Array<map>
)An array of search criteria that targets instances using a
Key,Value
combination that you specify. Specifying targets is most useful when you want to send a command to a large number of instances at once. UsingTargets
, which accepts tag key-value pairs to identify instances, you can send a command to tens, hundreds, or thousands of instances at once.To send a command to a smaller number of instances, you can use the
InstanceIds
option instead.For more information about how to use targets, see Sending commands to a fleet in the Amazon Web Services Systems Manager User Guide.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
DocumentName
— (String
)The name of the Amazon Web Services Systems Manager document (SSM document) to run. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document Amazon Resource Name (ARN). For more information about how to use shared documents, see Using shared SSM documents in the Amazon Web Services Systems Manager User Guide.
Note: If you specify a document name or ARN that hasn't been shared with your account, you receive anInvalidDocument
error.DocumentVersion
— (String
)The SSM document version to use in the request. You can specify $DEFAULT, $LATEST, or a specific version number. If you run commands by using the Command Line Interface (Amazon Web Services CLI), then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:
--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
DocumentHash
— (String
)The Sha256 or Sha1 hash created by the system when the document was created.
Note: Sha1 hashes have been deprecated.DocumentHashType
— (String
)Sha256 or Sha1.
Note: Sha1 hashes have been deprecated.Possible values include:"Sha256"
"Sha1"
TimeoutSeconds
— (Integer
)If this time is reached and the command hasn't already started running, it won't run.
Comment
— (String
)User-specified information about the command, such as a brief description of what the command should do.
Parameters
— (map<Array<String>>
)The required and optional parameters specified in the document being run.
OutputS3Region
— (String
)(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Amazon Web Services Region of the S3 bucket.
OutputS3BucketName
— (String
)The name of the S3 bucket where command execution responses should be stored.
OutputS3KeyPrefix
— (String
)The directory structure within the S3 bucket where the responses should be stored.
MaxConcurrency
— (String
)(Optional) The maximum number of instances that are allowed to run the command at the same time. You can specify a number such as 10 or a percentage such as 10%. The default value is
50
. For more information about how to useMaxConcurrency
, see Using concurrency controls in the Amazon Web Services Systems Manager User Guide.MaxErrors
— (String
)The maximum number of errors allowed without the command failing. When the command fails one more time beyond the value of
MaxErrors
, the systems stops sending the command to additional targets. You can specify a number like 10 or a percentage like 10%. The default value is0
. For more information about how to useMaxErrors
, see Using error controls in the Amazon Web Services Systems Manager User Guide.ServiceRoleArn
— (String
)The ARN of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for Run Command commands.
NotificationConfig
— (map
)Configurations for sending notifications.
NotificationArn
— (String
)An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents
— (Array<String>
)The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
NotificationType
— (String
)The type of notification.
-
Command
: Receive notification when the status of a command changes. -
Invocation
: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes.
"Command"
"Invocation"
-
CloudWatchOutputConfig
— (map
)Enables Amazon Web Services Systems Manager to send Run Command output to Amazon CloudWatch Logs. Run Command is a capability of Amazon Web Services Systems Manager.
CloudWatchLogGroupName
— (String
)The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
CloudWatchOutputEnabled
— (Boolean
)Enables Systems Manager to send command output to CloudWatch Logs.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Command
— (map
)The request as it was received by Systems Manager. Also provides the command ID which can be used future references to this request.
CommandId
— (String
)A unique identifier for this command.
DocumentName
— (String
)The name of the document requested for execution.
DocumentVersion
— (String
)The Systems Manager document (SSM document) version.
Comment
— (String
)User-specified information about the command, such as a brief description of what the command should do.
ExpiresAfter
— (Date
)If this time is reached and the command hasn't already started running, it won't run. Calculated based on the
ExpiresAfter
user input provided as part of theSendCommand
API operation.Parameters
— (map<Array<String>>
)The parameter values to be inserted in the document when running the command.
InstanceIds
— (Array<String>
)The instance IDs against which this command was requested.
Targets
— (Array<map>
)An array of search criteria that targets instances using a Key,Value combination that you specify. Targets is required if you don't provide one or more instance IDs in the call.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
RequestedDateTime
— (Date
)The date and time the command was requested.
Status
— (String
)The status of the command.
Possible values include:"Pending"
"InProgress"
"Success"
"Cancelled"
"Failed"
"TimedOut"
"Cancelling"
StatusDetails
— (String
)A detailed status of the command execution.
StatusDetails
includes more information thanStatus
because it includes states resulting from error and concurrency control parameters.StatusDetails
can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide. StatusDetails can be one of the following values:-
Pending: The command hasn't been sent to any instances.
-
In Progress: The command has been sent to at least one instance but hasn't reached a final state on all instances.
-
Success: The command successfully ran on all invocations. This is a terminal state.
-
Delivery Timed Out: The value of MaxErrors or more command invocations shows a status of Delivery Timed Out. This is a terminal state.
-
Execution Timed Out: The value of MaxErrors or more command invocations shows a status of Execution Timed Out. This is a terminal state.
-
Failed: The value of MaxErrors or more command invocations shows a status of Failed. This is a terminal state.
-
Incomplete: The command was attempted on all instances and one or more invocations doesn't have a value of Success but not enough invocations failed for the status to be Failed. This is a terminal state.
-
Canceled: The command was terminated before it was completed. This is a terminal state.
-
Rate Exceeded: The number of instances targeted by the command exceeded the account limit for pending invocations. The system has canceled the command before running it on any instance. This is a terminal state.
-
OutputS3Region
— (String
)(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Amazon Web Services Region of the S3 bucket.
OutputS3BucketName
— (String
)The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command.
OutputS3KeyPrefix
— (String
)The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command.
MaxConcurrency
— (String
)The maximum number of instances that are allowed to run the command at the same time. You can specify a number of instances, such as 10, or a percentage of instances, such as 10%. The default value is 50. For more information about how to use
MaxConcurrency
, see Running commands using Systems Manager Run Command in the Amazon Web Services Systems Manager User Guide.MaxErrors
— (String
)The maximum number of errors allowed before the system stops sending the command to additional targets. You can specify a number of errors, such as 10, or a percentage or errors, such as 10%. The default value is
0
. For more information about how to useMaxErrors
, see Running commands using Systems Manager Run Command in the Amazon Web Services Systems Manager User Guide.TargetCount
— (Integer
)The number of targets for the command.
CompletedCount
— (Integer
)The number of targets for which the command invocation reached a terminal state. Terminal states include the following: Success, Failed, Execution Timed Out, Delivery Timed Out, Canceled, Terminated, or Undeliverable.
ErrorCount
— (Integer
)The number of targets for which the status is Failed or Execution Timed Out.
DeliveryTimedOutCount
— (Integer
)The number of targets for which the status is Delivery Timed Out.
ServiceRole
— (String
)The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes.
NotificationConfig
— (map
)Configurations for sending notifications about command status changes.
NotificationArn
— (String
)An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents
— (Array<String>
)The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
NotificationType
— (String
)The type of notification.
-
Command
: Receive notification when the status of a command changes. -
Invocation
: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes.
"Command"
"Invocation"
-
CloudWatchOutputConfig
— (map
)Amazon CloudWatch Logs information where you want Amazon Web Services Systems Manager to send the command output.
CloudWatchLogGroupName
— (String
)The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
CloudWatchOutputEnabled
— (Boolean
)Enables Systems Manager to send command output to CloudWatch Logs.
TimeoutSeconds
— (Integer
)The
TimeoutSeconds
value specified for a command.
-
(AWS.Response)
—
Returns:
startAssociationsOnce(params = {}, callback) ⇒ AWS.Request
Runs an association immediately and only one time. This operation can be helpful when troubleshooting associations.
Service Reference:
Examples:
Calling the startAssociationsOnce operation
var params = { AssociationIds: [ /* required */ 'STRING_VALUE', /* more items */ ] }; ssm.startAssociationsOnce(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
AssociationIds
— (Array<String>
)The association IDs that you want to run immediately and only one time.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
startAutomationExecution(params = {}, callback) ⇒ AWS.Request
Initiates execution of an Automation runbook.
Service Reference:
Examples:
Calling the startAutomationExecution operation
var params = { DocumentName: 'STRING_VALUE', /* required */ ClientToken: 'STRING_VALUE', DocumentVersion: 'STRING_VALUE', MaxConcurrency: 'STRING_VALUE', MaxErrors: 'STRING_VALUE', Mode: Auto | Interactive, Parameters: { '<AutomationParameterKey>': [ 'STRING_VALUE', /* more items */ ], /* '<AutomationParameterKey>': ... */ }, Tags: [ { Key: 'STRING_VALUE', /* required */ Value: 'STRING_VALUE' /* required */ }, /* more items */ ], TargetLocations: [ { Accounts: [ 'STRING_VALUE', /* more items */ ], ExecutionRoleName: 'STRING_VALUE', Regions: [ 'STRING_VALUE', /* more items */ ], TargetLocationMaxConcurrency: 'STRING_VALUE', TargetLocationMaxErrors: 'STRING_VALUE' }, /* more items */ ], TargetMaps: [ { '<TargetMapKey>': [ 'STRING_VALUE', /* more items */ ], /* '<TargetMapKey>': ... */ }, /* more items */ ], TargetParameterName: 'STRING_VALUE', Targets: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }; ssm.startAutomationExecution(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
DocumentName
— (String
)The name of the SSM document to run. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document ARN. For more information about how to use shared documents, see Using shared SSM documents in the Amazon Web Services Systems Manager User Guide.
DocumentVersion
— (String
)The version of the Automation runbook to use for this execution.
Parameters
— (map<Array<String>>
)A key-value map of execution parameters, which match the declared parameters in the Automation runbook.
ClientToken
— (String
)User-provided idempotency token. The token must be unique, is case insensitive, enforces the UUID format, and can't be reused.
Mode
— (String
)The execution mode of the automation. Valid modes include the following: Auto and Interactive. The default mode is Auto.
Possible values include:"Auto"
"Interactive"
TargetParameterName
— (String
)The name of the parameter used as the target resource for the rate-controlled execution. Required if you specify targets.
Targets
— (Array<map>
)A key-value mapping to target resources. Required if you specify TargetParameterName.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TargetMaps
— (Array<map<Array<String>>>
)A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.
MaxConcurrency
— (String
)The maximum number of targets allowed to run this task in parallel. You can specify a number, such as 10, or a percentage, such as 10%. The default value is
10
.MaxErrors
— (String
)The number of errors that are allowed before the system stops running the automation on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops running the automation when the fourth error is received. If you specify 0, then the system stops running the automation on additional targets after the first error result is returned. If you run an automation on 50 resources and set max-errors to 10%, then the system stops running the automation on additional targets when the sixth error is received.
Executions that are already running an automation when max-errors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one at a time.
TargetLocations
— (Array<map>
)A location is a combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the automation. Use this operation to start an automation in multiple Amazon Web Services Regions and multiple Amazon Web Services accounts. For more information, see Running Automation workflows in multiple Amazon Web Services Regions and Amazon Web Services accounts in the Amazon Web Services Systems Manager User Guide.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
Tags
— (Array<map>
)Optional metadata that you assign to a resource. You can specify a maximum of five tags for an automation. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an automation to identify an environment or operating system. In this case, you could specify the following key-value pairs:
-
Key=environment,Value=test
-
Key=OS,Value=Windows
Note: To add tags to an existing patch baseline, use the AddTagsToResource operation.Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
-
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:AutomationExecutionId
— (String
)The unique ID of a newly scheduled automation execution.
-
(AWS.Response)
—
Returns:
startChangeRequestExecution(params = {}, callback) ⇒ AWS.Request
Creates a change request for Change Manager. The Automation runbooks specified in the change request run only after all required approvals for the change request have been received.
Service Reference:
Examples:
Calling the startChangeRequestExecution operation
var params = { DocumentName: 'STRING_VALUE', /* required */ Runbooks: [ /* required */ { DocumentName: 'STRING_VALUE', /* required */ DocumentVersion: 'STRING_VALUE', MaxConcurrency: 'STRING_VALUE', MaxErrors: 'STRING_VALUE', Parameters: { '<AutomationParameterKey>': [ 'STRING_VALUE', /* more items */ ], /* '<AutomationParameterKey>': ... */ }, TargetLocations: [ { Accounts: [ 'STRING_VALUE', /* more items */ ], ExecutionRoleName: 'STRING_VALUE', Regions: [ 'STRING_VALUE', /* more items */ ], TargetLocationMaxConcurrency: 'STRING_VALUE', TargetLocationMaxErrors: 'STRING_VALUE' }, /* more items */ ], TargetParameterName: 'STRING_VALUE', Targets: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }, /* more items */ ], AutoApprove: true || false, ChangeDetails: 'STRING_VALUE', ChangeRequestName: 'STRING_VALUE', ClientToken: 'STRING_VALUE', DocumentVersion: 'STRING_VALUE', Parameters: { '<AutomationParameterKey>': [ 'STRING_VALUE', /* more items */ ], /* '<AutomationParameterKey>': ... */ }, ScheduledEndTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789, ScheduledTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789, Tags: [ { Key: 'STRING_VALUE', /* required */ Value: 'STRING_VALUE' /* required */ }, /* more items */ ] }; ssm.startChangeRequestExecution(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
ScheduledTime
— (Date
)The date and time specified in the change request to run the Automation runbooks.
Note: The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.DocumentName
— (String
)The name of the change template document to run during the runbook workflow.
DocumentVersion
— (String
)The version of the change template document to run during the runbook workflow.
Parameters
— (map<Array<String>>
)A key-value map of parameters that match the declared parameters in the change template document.
ChangeRequestName
— (String
)The name of the change request associated with the runbook workflow to be run.
ClientToken
— (String
)The user-provided idempotency token. The token must be unique, is case insensitive, enforces the UUID format, and can't be reused.
AutoApprove
— (Boolean
)Indicates whether the change request can be approved automatically without the need for manual approvals.
If
AutoApprovable
is enabled in a change template, then settingAutoApprove
totrue
inStartChangeRequestExecution
creates a change request that bypasses approver review.Note: Change Calendar restrictions are not bypassed in this scenario. If the state of an associated calendar isCLOSED
, change freeze approvers must still grant permission for this change request to run. If they don't, the change won't be processed until the calendar state is againOPEN
.Runbooks
— (Array<map>
)Information about the Automation runbooks that are run during the runbook workflow.
Note: The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.DocumentName
— required — (String
)The name of the Automation runbook used in a runbook workflow.
DocumentVersion
— (String
)The version of the Automation runbook used in a runbook workflow.
Parameters
— (map<Array<String>>
)The key-value map of execution parameters, which were supplied when calling
StartChangeRequestExecution
.TargetParameterName
— (String
)The name of the parameter used as the target resource for the rate-controlled runbook workflow. Required if you specify
Targets
.Targets
— (Array<map>
)A key-value mapping to target resources that the runbook operation performs tasks on. Required if you specify
TargetParameterName
.Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
MaxConcurrency
— (String
)The
MaxConcurrency
value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time.MaxErrors
— (String
)The
MaxErrors
value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back.TargetLocations
— (Array<map>
)Information about the Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Runbook operation.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
Tags
— (Array<map>
)Optional metadata that you assign to a resource. You can specify a maximum of five tags for a change request. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a change request to identify an environment or target Amazon Web Services Region. In this case, you could specify the following key-value pairs:
-
Key=Environment,Value=Production
-
Key=Region,Value=us-east-2
Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
-
ScheduledEndTime
— (Date
)The time that the requester expects the runbook workflow related to the change request to complete. The time is an estimate only that the requester provides for reviewers.
ChangeDetails
— (String
)User-provided details about the change. If no details are provided, content specified in the Template information section of the associated change template is added.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:AutomationExecutionId
— (String
)The unique ID of a runbook workflow operation. (A runbook workflow is a type of Automation operation.)
-
(AWS.Response)
—
Returns:
startSession(params = {}, callback) ⇒ AWS.Request
Initiates a connection to a target (for example, an instance) for a Session Manager session. Returns a URL and token that can be used to open a WebSocket connection for sending input and receiving outputs.
Note: Amazon Web Services CLI usage:start-session
is an interactive command that requires the Session Manager plugin to be installed on the client machine making the call. For information, see Install the Session Manager plugin for the Amazon Web Services CLI in the Amazon Web Services Systems Manager User Guide. Amazon Web Services Tools for PowerShell usage: Start-SSMSession isn't currently supported by Amazon Web Services Tools for PowerShell on Windows local machines.Service Reference:
Examples:
Calling the startSession operation
var params = { Target: 'STRING_VALUE', /* required */ DocumentName: 'STRING_VALUE', Parameters: { '<SessionManagerParameterName>': [ 'STRING_VALUE', /* more items */ ], /* '<SessionManagerParameterName>': ... */ } }; ssm.startSession(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Target
— (String
)The instance to connect to for the session.
DocumentName
— (String
)The name of the SSM document to define the parameters and plugin settings for the session. For example,
SSM-SessionManagerRunShell
. You can call the GetDocument API to verify the document exists before attempting to start a session. If no document name is provided, a shell to the instance is launched by default.Parameters
— (map<Array<String>>
)Reserved for future use.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:SessionId
— (String
)The ID of the session.
TokenValue
— (String
)An encrypted token value containing session and caller information. Used to authenticate the connection to the instance.
StreamUrl
— (String
)A URL back to SSM Agent on the instance that the Session Manager client uses to send commands and receive output from the instance. Format:
wss://ssmmessages.region.amazonaws.com/v1/data-channel/session-id?stream=(input|output)
region represents the Region identifier for an Amazon Web Services Region supported by Amazon Web Services Systems Manager, such as
us-east-2
for the US East (Ohio) Region. For a list of supported region values, see the Region column in Systems Manager service endpoints in the Amazon Web Services General Reference.session-id represents the ID of a Session Manager session, such as
1a2b3c4dEXAMPLE
.
-
(AWS.Response)
—
Returns:
stopAutomationExecution(params = {}, callback) ⇒ AWS.Request
Stop an Automation that is currently running.
Service Reference:
Examples:
Calling the stopAutomationExecution operation
var params = { AutomationExecutionId: 'STRING_VALUE', /* required */ Type: Complete | Cancel }; ssm.stopAutomationExecution(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
AutomationExecutionId
— (String
)The execution ID of the Automation to stop.
Type
— (String
)The stop request type. Valid types include the following: Cancel and Complete. The default type is Cancel.
Possible values include:"Complete"
"Cancel"
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
terminateSession(params = {}, callback) ⇒ AWS.Request
Permanently ends a session and closes the data connection between the Session Manager client and SSM Agent on the instance. A terminated session isn't be resumed.
Service Reference:
Examples:
Calling the terminateSession operation
var params = { SessionId: 'STRING_VALUE' /* required */ }; ssm.terminateSession(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
SessionId
— (String
)The ID of the session to terminate.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:SessionId
— (String
)The ID of the session that has been terminated.
-
(AWS.Response)
—
Returns:
unlabelParameterVersion(params = {}, callback) ⇒ AWS.Request
Remove a label or labels from a parameter.
Service Reference:
Examples:
Calling the unlabelParameterVersion operation
var params = { Labels: [ /* required */ 'STRING_VALUE', /* more items */ ], Name: 'STRING_VALUE', /* required */ ParameterVersion: 'NUMBER_VALUE' /* required */ }; ssm.unlabelParameterVersion(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the parameter from which you want to delete one or more labels.
ParameterVersion
— (Integer
)The specific version of the parameter which you want to delete one or more labels from. If it isn't present, the call will fail.
Labels
— (Array<String>
)One or more labels to delete from the specified parameter version.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:RemovedLabels
— (Array<String>
)A list of all labels deleted from the parameter.
InvalidLabels
— (Array<String>
)The labels that aren't attached to the given parameter version.
-
(AWS.Response)
—
Returns:
updateAssociation(params = {}, callback) ⇒ AWS.Request
Updates an association. You can update the association name and version, the document version, schedule, parameters, and Amazon Simple Storage Service (Amazon S3) output.
In order to call this API operation, your Identity and Access Management (IAM) user account, group, or role must be configured with permission to call the DescribeAssociation API operation. If you don't have permission to call
DescribeAssociation
, then you receive the following error:An error occurred (AccessDeniedException) when calling the UpdateAssociation operation: User: <user_arn> isn't authorized to perform: ssm:DescribeAssociation on resource: <resource_arn>
When you update an association, the association immediately runs against the specified targets.
Service Reference:
Examples:
Calling the updateAssociation operation
var params = { AssociationId: 'STRING_VALUE', /* required */ ApplyOnlyAtCronInterval: true || false, AssociationName: 'STRING_VALUE', AssociationVersion: 'STRING_VALUE', AutomationTargetParameterName: 'STRING_VALUE', CalendarNames: [ 'STRING_VALUE', /* more items */ ], ComplianceSeverity: CRITICAL | HIGH | MEDIUM | LOW | UNSPECIFIED, DocumentVersion: 'STRING_VALUE', MaxConcurrency: 'STRING_VALUE', MaxErrors: 'STRING_VALUE', Name: 'STRING_VALUE', OutputLocation: { S3Location: { OutputS3BucketName: 'STRING_VALUE', OutputS3KeyPrefix: 'STRING_VALUE', OutputS3Region: 'STRING_VALUE' } }, Parameters: { '<ParameterName>': [ 'STRING_VALUE', /* more items */ ], /* '<ParameterName>': ... */ }, ScheduleExpression: 'STRING_VALUE', SyncCompliance: AUTO | MANUAL, TargetLocations: [ { Accounts: [ 'STRING_VALUE', /* more items */ ], ExecutionRoleName: 'STRING_VALUE', Regions: [ 'STRING_VALUE', /* more items */ ], TargetLocationMaxConcurrency: 'STRING_VALUE', TargetLocationMaxErrors: 'STRING_VALUE' }, /* more items */ ], Targets: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }; ssm.updateAssociation(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
AssociationId
— (String
)The ID of the association you want to update.
Parameters
— (map<Array<String>>
)The parameters you want to update for the association. If you create a parameter using Parameter Store, a capability of Amazon Web Services Systems Manager, you can reference the parameter using
{{ssm:parameter-name}}
.DocumentVersion
— (String
)The document version you want update for the association.
ScheduleExpression
— (String
)The cron expression used to schedule the association that you want to update.
OutputLocation
— (map
)An S3 bucket where you want to store the results of this request.
S3Location
— (map
)An S3 bucket where you want to store the results of this request.
OutputS3Region
— (String
)The Amazon Web Services Region of the S3 bucket.
OutputS3BucketName
— (String
)The name of the S3 bucket.
OutputS3KeyPrefix
— (String
)The S3 bucket subfolder.
Name
— (String
)The name of the SSM Command document or Automation runbook that contains the configuration information for the instance.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.
For Systems Manager document (SSM document) that are shared with you from other Amazon Web Services accounts, you must specify the complete SSM document ARN, in the following format:
arn:aws:ssm:region:account-id:document/document-name
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example,
AWS-ApplyPatchBaseline
orMy-Document
.Targets
— (Array<map>
)The targets of the association.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
AssociationName
— (String
)The name of the association that you want to update.
AssociationVersion
— (String
)This parameter is provided for concurrency control purposes. You must specify the latest association version in the service. If you want to ensure that this request succeeds, either specify
$LATEST
, or omit this parameter.AutomationTargetParameterName
— (String
)Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
MaxErrors
— (String
)The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time.MaxConcurrency
— (String
)The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified forMaxConcurrency
.ComplianceSeverity
— (String
)The severity level to assign to the association.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"UNSPECIFIED"
SyncCompliance
— (String
)The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
Possible values include:AUTO
mode."AUTO"
"MANUAL"
ApplyOnlyAtCronInterval
— (Boolean
)By default, when you update an association, the system runs it immediately after it is updated and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you update it. This parameter isn't supported for rate expressions.
Also, if you specified this option when you created the association, you can reset it. To do so, specify the
no-apply-only-at-cron-interval
parameter when you update the association from the command line. This parameter forces the association to run immediately after updating it and according to the interval specified.CalendarNames
— (Array<String>
)The names or Amazon Resource Names (ARNs) of the Change Calendar type documents you want to gate your associations under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
TargetLocations
— (Array<map>
)A location is a combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association. Use this action to update an association in multiple Regions and multiple accounts.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:AssociationDescription
— (map
)The description of the association that was updated.
Name
— (String
)The name of the SSM document.
InstanceId
— (String
)The instance ID.
AssociationVersion
— (String
)The association version.
Date
— (Date
)The date when the association was made.
LastUpdateAssociationDate
— (Date
)The date when the association was last updated.
Status
— (map
)The association status.
Date
— required — (Date
)The date when the status changed.
Name
— required — (String
)The status.
Possible values include:"Pending"
"Success"
"Failed"
Message
— required — (String
)The reason for the status.
AdditionalInfo
— (String
)A user-defined string.
Overview
— (map
)Information about the association.
Status
— (String
)The status of the association. Status can be: Pending, Success, or Failed.
DetailedStatus
— (String
)A detailed status of the association.
AssociationStatusAggregatedCount
— (map<Integer>
)Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
DocumentVersion
— (String
)The document version.
AutomationTargetParameterName
— (String
)Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
Parameters
— (map<Array<String>>
)A description of the parameters for a document.
AssociationId
— (String
)The association ID.
Targets
— (Array<map>
)The instances targeted by the request.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression
— (String
)A cron expression that specifies a schedule when the association runs.
OutputLocation
— (map
)An S3 bucket where you want to store the output details of the request.
S3Location
— (map
)An S3 bucket where you want to store the results of this request.
OutputS3Region
— (String
)The Amazon Web Services Region of the S3 bucket.
OutputS3BucketName
— (String
)The name of the S3 bucket.
OutputS3KeyPrefix
— (String
)The S3 bucket subfolder.
LastExecutionDate
— (Date
)The date on which the association was last run.
LastSuccessfulExecutionDate
— (Date
)The last date on which the association was successfully run.
AssociationName
— (String
)The association name.
MaxErrors
— (String
)The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time.MaxConcurrency
— (String
)The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified forMaxConcurrency
.ComplianceSeverity
— (String
)The severity level that is assigned to the association.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"UNSPECIFIED"
SyncCompliance
— (String
)The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
Possible values include:AUTO
mode."AUTO"
"MANUAL"
ApplyOnlyAtCronInterval
— (Boolean
)By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames
— (Array<String>
)The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
TargetLocations
— (Array<map>
)The combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
-
(AWS.Response)
—
Returns:
updateAssociationStatus(params = {}, callback) ⇒ AWS.Request
Updates the status of the Amazon Web Services Systems Manager document (SSM document) associated with the specified instance.
UpdateAssociationStatus
is primarily used by the Amazon Web Services Systems Manager Agent (SSM Agent) to report status updates about your associations and is only used for associations created with theInstanceId
legacy parameter.Service Reference:
Examples:
Calling the updateAssociationStatus operation
var params = { AssociationStatus: { /* required */ Date: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789, /* required */ Message: 'STRING_VALUE', /* required */ Name: Pending | Success | Failed, /* required */ AdditionalInfo: 'STRING_VALUE' }, InstanceId: 'STRING_VALUE', /* required */ Name: 'STRING_VALUE' /* required */ }; ssm.updateAssociationStatus(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the SSM document.
InstanceId
— (String
)The instance ID.
AssociationStatus
— (map
)The association status.
Date
— required — (Date
)The date when the status changed.
Name
— required — (String
)The status.
Possible values include:"Pending"
"Success"
"Failed"
Message
— required — (String
)The reason for the status.
AdditionalInfo
— (String
)A user-defined string.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:AssociationDescription
— (map
)Information about the association.
Name
— (String
)The name of the SSM document.
InstanceId
— (String
)The instance ID.
AssociationVersion
— (String
)The association version.
Date
— (Date
)The date when the association was made.
LastUpdateAssociationDate
— (Date
)The date when the association was last updated.
Status
— (map
)The association status.
Date
— required — (Date
)The date when the status changed.
Name
— required — (String
)The status.
Possible values include:"Pending"
"Success"
"Failed"
Message
— required — (String
)The reason for the status.
AdditionalInfo
— (String
)A user-defined string.
Overview
— (map
)Information about the association.
Status
— (String
)The status of the association. Status can be: Pending, Success, or Failed.
DetailedStatus
— (String
)A detailed status of the association.
AssociationStatusAggregatedCount
— (map<Integer>
)Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
DocumentVersion
— (String
)The document version.
AutomationTargetParameterName
— (String
)Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
Parameters
— (map<Array<String>>
)A description of the parameters for a document.
AssociationId
— (String
)The association ID.
Targets
— (Array<map>
)The instances targeted by the request.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression
— (String
)A cron expression that specifies a schedule when the association runs.
OutputLocation
— (map
)An S3 bucket where you want to store the output details of the request.
S3Location
— (map
)An S3 bucket where you want to store the results of this request.
OutputS3Region
— (String
)The Amazon Web Services Region of the S3 bucket.
OutputS3BucketName
— (String
)The name of the S3 bucket.
OutputS3KeyPrefix
— (String
)The S3 bucket subfolder.
LastExecutionDate
— (Date
)The date on which the association was last run.
LastSuccessfulExecutionDate
— (Date
)The last date on which the association was successfully run.
AssociationName
— (String
)The association name.
MaxErrors
— (String
)The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set
MaxError
to 10%, then the system stops sending the request when the sixth error is received.Executions that are already running an association when
MaxErrors
is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, setMaxConcurrency
to 1 so that executions proceed one at a time.MaxConcurrency
— (String
)The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running
MaxConcurrency
associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified forMaxConcurrency
.ComplianceSeverity
— (String
)The severity level that is assigned to the association.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"UNSPECIFIED"
SyncCompliance
— (String
)The mode for generating association compliance. You can specify
AUTO
orMANUAL
. InAUTO
mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association isCOMPLIANT
. If the association execution doesn't run successfully, the association isNON-COMPLIANT
.In
MANUAL
mode, you must specify theAssociationId
as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.By default, all associations use
Possible values include:AUTO
mode."AUTO"
"MANUAL"
ApplyOnlyAtCronInterval
— (Boolean
)By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames
— (Array<String>
)The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar.
TargetLocations
— (Array<map>
)The combination of Amazon Web Services Regions and Amazon Web Services accounts where you want to run the association.
Accounts
— (Array<String>
)The Amazon Web Services accounts targeted by the current Automation execution.
Regions
— (Array<String>
)The Amazon Web Services Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency
— (String
)The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors
— (String
)The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName
— (String
)The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
-
(AWS.Response)
—
Returns:
updateDocument(params = {}, callback) ⇒ AWS.Request
Updates one or more values for an SSM document.
Service Reference:
Examples:
Calling the updateDocument operation
var params = { Content: 'STRING_VALUE', /* required */ Name: 'STRING_VALUE', /* required */ Attachments: [ { Key: SourceUrl | S3FileUrl | AttachmentReference, Name: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], DisplayName: 'STRING_VALUE', DocumentFormat: YAML | JSON | TEXT, DocumentVersion: 'STRING_VALUE', TargetType: 'STRING_VALUE', VersionName: 'STRING_VALUE' }; ssm.updateDocument(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Content
— (String
)A valid JSON or YAML string.
Attachments
— (Array<map>
)A list of key-value pairs that describe attachments to a version of a document.
Key
— (String
)The key of a key-value pair that identifies the location of an attachment to a document.
Possible values include:"SourceUrl"
"S3FileUrl"
"AttachmentReference"
Values
— (Array<String>
)The value of a key-value pair that identifies the location of an attachment to a document. The format for Value depends on the type of key you specify.
-
For the key SourceUrl, the value is an S3 bucket location. For example:
"Values": [ "s3://doc-example-bucket/my-folder" ]
-
For the key S3FileUrl, the value is a file in an S3 bucket. For example:
"Values": [ "s3://doc-example-bucket/my-folder/my-file.py" ]
-
For the key AttachmentReference, the value is constructed from the name of another SSM document in your account, a version number of that document, and a file attached to that document version that you want to reuse. For example:
"Values": [ "MyOtherDocument/3/my-other-file.py" ]
However, if the SSM document is shared with you from another account, the full SSM document ARN must be specified instead of the document name only. For example:
"Values": [ "arn:aws:ssm:us-east-2:111122223333:document/OtherAccountDocument/3/their-file.py" ]
-
Name
— (String
)The name of the document attachment file.
Name
— (String
)The name of the SSM document that you want to update.
DisplayName
— (String
)The friendly name of the SSM document that you want to update. This value can differ for each version of the document. If you don't specify a value for this parameter in your request, the existing value is applied to the new document version.
VersionName
— (String
)An optional field specifying the version of the artifact you are updating with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document, and can't be changed.
DocumentVersion
— (String
)The version of the document that you want to update. Currently, Systems Manager supports updating only the latest version of the document. You can specify the version number of the latest version or use the
$LATEST
variable.DocumentFormat
— (String
)Specify the document format for the new document version. Systems Manager supports JSON and YAML documents. JSON is the default format.
Possible values include:"YAML"
"JSON"
"TEXT"
TargetType
— (String
)Specify a new target type for the document.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:DocumentDescription
— (map
)A description of the document that was updated.
Sha1
— (String
)The SHA1 hash of the document, which you can use for verification.
Hash
— (String
)The Sha256 or Sha1 hash created by the system when the document was created.
Note: Sha1 hashes have been deprecated.HashType
— (String
)The hash type of the document. Valid values include
Sha256
orSha1
.Note: Sha1 hashes have been deprecated.Possible values include:"Sha256"
"Sha1"
Name
— (String
)The name of the SSM document.
DisplayName
— (String
)The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.
VersionName
— (String
)The version of the artifact associated with the document.
Owner
— (String
)The Amazon Web Services user account that created the document.
CreatedDate
— (Date
)The date when the document was created.
Status
— (String
)The status of the SSM document.
Possible values include:"Creating"
"Active"
"Updating"
"Deleting"
"Failed"
StatusInformation
— (String
)A message returned by Amazon Web Services Systems Manager that explains the
Status
value. For example, aFailed
status might be explained by theStatusInformation
message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."DocumentVersion
— (String
)The document version.
Description
— (String
)A description of the document.
Parameters
— (Array<map>
)A description of the parameters for a document.
Name
— (String
)The name of the parameter.
Type
— (String
)The type of parameter. The type can be either String or StringList.
Possible values include:"String"
"StringList"
Description
— (String
)A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.
DefaultValue
— (String
)If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.
PlatformTypes
— (Array<String>
)The list of OS platforms compatible with this SSM document.
DocumentType
— (String
)The type of document.
Possible values include:"Command"
"Policy"
"Automation"
"Session"
"Package"
"ApplicationConfiguration"
"ApplicationConfigurationSchema"
"DeploymentStrategy"
"ChangeCalendar"
"Automation.ChangeTemplate"
"ProblemAnalysis"
"ProblemAnalysisTemplate"
SchemaVersion
— (String
)The schema version.
LatestVersion
— (String
)The latest version of the document.
DefaultVersion
— (String
)The default version.
DocumentFormat
— (String
)The document format, either JSON or YAML.
Possible values include:"YAML"
"JSON"
"TEXT"
TargetType
— (String
)The target type which defines the kinds of resources the document can run on. For example,
/AWS::EC2::Instance
. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.Tags
— (Array<map>
)The tags, or metadata, that have been applied to the document.
Key
— required — (String
)The name of the tag.
Value
— required — (String
)The value of the tag.
AttachmentsInformation
— (Array<map>
)Details about the document attachments, including names, locations, sizes, and so on.
Name
— (String
)The name of the attachment.
Requires
— (Array<map>
)A list of SSM documents required by a document. For example, an
ApplicationConfiguration
document requires anApplicationConfigurationSchema
document.Name
— required — (String
)The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version
— (String
)The document version required by the current document.
Author
— (String
)The user in your organization who created the document.
ReviewInformation
— (Array<map>
)Details about the review of a document.
ReviewedTime
— (Date
)The time that the reviewer took action on the document review request.
Status
— (String
)The current status of the document review request.
Possible values include:"APPROVED"
"NOT_REVIEWED"
"PENDING"
"REJECTED"
Reviewer
— (String
)The reviewer assigned to take action on the document review request.
ApprovedVersion
— (String
)The version of the document currently approved for use in the organization.
PendingReviewVersion
— (String
)The version of the document that is currently under review.
ReviewStatus
— (String
)The current status of the review.
Possible values include:"APPROVED"
"NOT_REVIEWED"
"PENDING"
"REJECTED"
-
(AWS.Response)
—
Returns:
updateDocumentDefaultVersion(params = {}, callback) ⇒ AWS.Request
Set the default version of a document.
Service Reference:
Examples:
Calling the updateDocumentDefaultVersion operation
var params = { DocumentVersion: 'STRING_VALUE', /* required */ Name: 'STRING_VALUE' /* required */ }; ssm.updateDocumentDefaultVersion(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of a custom document that you want to set as the default version.
DocumentVersion
— (String
)The version of a custom document that you want to set as the default version.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:Description
— (map
)The description of a custom document that you want to set as the default version.
Name
— (String
)The name of the document.
DefaultVersion
— (String
)The default version of the document.
DefaultVersionName
— (String
)The default version of the artifact associated with the document.
-
(AWS.Response)
—
Returns:
updateDocumentMetadata(params = {}, callback) ⇒ AWS.Request
Updates information related to approval reviews for a specific version of a change template in Change Manager.
Service Reference:
Examples:
Calling the updateDocumentMetadata operation
var params = { DocumentReviews: { /* required */ Action: SendForReview | UpdateReview | Approve | Reject, /* required */ Comment: [ { Content: 'STRING_VALUE', Type: Comment }, /* more items */ ] }, Name: 'STRING_VALUE', /* required */ DocumentVersion: 'STRING_VALUE' }; ssm.updateDocumentMetadata(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Name
— (String
)The name of the change template for which a version's metadata is to be updated.
DocumentVersion
— (String
)The version of a change template in which to update approval metadata.
DocumentReviews
— (map
)The change template review details to update.
Action
— required — (String
)The action to take on a document approval review request.
Possible values include:"SendForReview"
"UpdateReview"
"Approve"
"Reject"
Comment
— (Array<map>
)A comment entered by a user in your organization about the document review request.
Type
— (String
)The type of information added to a review request. Currently, only the value
Possible values include:Comment
is supported."Comment"
Content
— (String
)The content of a comment entered by a user who requests a review of a new document version, or who reviews the new version.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
updateMaintenanceWindow(params = {}, callback) ⇒ AWS.Request
Updates an existing maintenance window. Only specified parameters are modified.
Note: The value you specify forDuration
determines the specific end time for the maintenance window based on the time it begins. No maintenance window tasks are permitted to start after the resulting endtime minus the number of hours you specify forCutoff
. For example, if the maintenance window starts at 3 PM, the duration is three hours, and the value you specify forCutoff
is one hour, no maintenance window tasks can start after 5 PM.Service Reference:
Examples:
Calling the updateMaintenanceWindow operation
var params = { WindowId: 'STRING_VALUE', /* required */ AllowUnassociatedTargets: true || false, Cutoff: 'NUMBER_VALUE', Description: 'STRING_VALUE', Duration: 'NUMBER_VALUE', Enabled: true || false, EndDate: 'STRING_VALUE', Name: 'STRING_VALUE', Replace: true || false, Schedule: 'STRING_VALUE', ScheduleOffset: 'NUMBER_VALUE', ScheduleTimezone: 'STRING_VALUE', StartDate: 'STRING_VALUE' }; ssm.updateMaintenanceWindow(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowId
— (String
)The ID of the maintenance window to update.
Name
— (String
)The name of the maintenance window.
Description
— (String
)An optional description for the update request.
StartDate
— (String
)The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
EndDate
— (String
)The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become inactive.
EndDate
allows you to set a date and time in the future when the maintenance window will no longer run.Schedule
— (String
)The schedule of the maintenance window in the form of a cron or rate expression.
ScheduleTimezone
— (String
)The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
ScheduleOffset
— (Integer
)The number of days to wait after the date and time specified by a cron expression before running the maintenance window.
For example, the following cron expression schedules a maintenance window to run the third Tuesday of every month at 11:30 PM.
cron(30 23 ? * TUE#3 *)
If the schedule offset is
2
, the maintenance window won't run until two days later.Duration
— (Integer
)The duration of the maintenance window in hours.
Cutoff
— (Integer
)The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
AllowUnassociatedTargets
— (Boolean
)Whether targets must be registered with the maintenance window before tasks can be defined for those targets.
Enabled
— (Boolean
)Whether the maintenance window is enabled.
Replace
— (Boolean
)If
True
, then all fields that are required by the CreateMaintenanceWindow operation are also required for this API request. Optional fields that aren't specified are set to null.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowId
— (String
)The ID of the created maintenance window.
Name
— (String
)The name of the maintenance window.
Description
— (String
)An optional description of the update.
StartDate
— (String
)The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. The maintenance window won't run before this specified time.
EndDate
— (String
)The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive. The maintenance window won't run after this specified time.
Schedule
— (String
)The schedule of the maintenance window in the form of a cron or rate expression.
ScheduleTimezone
— (String
)The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
ScheduleOffset
— (Integer
)The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
Duration
— (Integer
)The duration of the maintenance window in hours.
Cutoff
— (Integer
)The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
AllowUnassociatedTargets
— (Boolean
)Whether targets must be registered with the maintenance window before tasks can be defined for those targets.
Enabled
— (Boolean
)Whether the maintenance window is enabled.
-
(AWS.Response)
—
Returns:
updateMaintenanceWindowTarget(params = {}, callback) ⇒ AWS.Request
Modifies the target of an existing maintenance window. You can change the following:
-
Name
-
Description
-
Owner
-
IDs for an ID target
-
Tags for a Tag target
-
From any supported tag type to another. The three supported tag types are ID target, Tag target, and resource group. For more information, see Target.
Note: If a parameter is null, then the corresponding field isn't modified.Service Reference:
Examples:
Calling the updateMaintenanceWindowTarget operation
var params = { WindowId: 'STRING_VALUE', /* required */ WindowTargetId: 'STRING_VALUE', /* required */ Description: 'STRING_VALUE', Name: 'STRING_VALUE', OwnerInformation: 'STRING_VALUE', Replace: true || false, Targets: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }; ssm.updateMaintenanceWindowTarget(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowId
— (String
)The maintenance window ID with which to modify the target.
WindowTargetId
— (String
)The target ID to modify.
Targets
— (Array<map>
)The targets to add or replace.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
OwnerInformation
— (String
)User-provided value that will be included in any Amazon CloudWatch Events events raised while running tasks for these targets in this maintenance window.
Name
— (String
)A name for the update.
Description
— (String
)An optional description for the update.
Replace
— (Boolean
)If
True
, then all fields that are required by the RegisterTargetWithMaintenanceWindow operation are also required for this API request. Optional fields that aren't specified are set to null.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowId
— (String
)The maintenance window ID specified in the update request.
WindowTargetId
— (String
)The target ID specified in the update request.
Targets
— (Array<map>
)The updated targets.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
OwnerInformation
— (String
)The updated owner.
Name
— (String
)The updated name.
Description
— (String
)The updated description.
-
(AWS.Response)
—
Returns:
updateMaintenanceWindowTask(params = {}, callback) ⇒ AWS.Request
Modifies a task assigned to a maintenance window. You can't change the task type, but you can change the following values:
-
TaskARN
. For example, you can change aRUN_COMMAND
task fromAWS-RunPowerShellScript
toAWS-RunShellScript
. -
ServiceRoleArn
-
TaskInvocationParameters
-
Priority
-
MaxConcurrency
-
MaxErrors
Note: One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.If the value for a parameter in
UpdateMaintenanceWindowTask
is null, then the corresponding field isn't modified. If you setReplace
to true, then all fields required by the RegisterTaskWithMaintenanceWindow operation are required for this request. Optional fields that aren't specified are set to null.When you update a maintenance window task that has options specified in
TaskInvocationParameters
, you must provide again all theTaskInvocationParameters
values that you want to retain. The values you don't specify again are removed. For example, suppose that when you registered a Run Command task, you specifiedTaskInvocationParameters
values forComment
,NotificationConfig
, andOutputS3BucketName
. If you update the maintenance window task and specify only a differentOutputS3BucketName
value, the values forComment
andNotificationConfig
are removed.Service Reference:
Examples:
Calling the updateMaintenanceWindowTask operation
var params = { WindowId: 'STRING_VALUE', /* required */ WindowTaskId: 'STRING_VALUE', /* required */ CutoffBehavior: CONTINUE_TASK | CANCEL_TASK, Description: 'STRING_VALUE', LoggingInfo: { S3BucketName: 'STRING_VALUE', /* required */ S3Region: 'STRING_VALUE', /* required */ S3KeyPrefix: 'STRING_VALUE' }, MaxConcurrency: 'STRING_VALUE', MaxErrors: 'STRING_VALUE', Name: 'STRING_VALUE', Priority: 'NUMBER_VALUE', Replace: true || false, ServiceRoleArn: 'STRING_VALUE', Targets: [ { Key: 'STRING_VALUE', Values: [ 'STRING_VALUE', /* more items */ ] }, /* more items */ ], TaskArn: 'STRING_VALUE', TaskInvocationParameters: { Automation: { DocumentVersion: 'STRING_VALUE', Parameters: { '<AutomationParameterKey>': [ 'STRING_VALUE', /* more items */ ], /* '<AutomationParameterKey>': ... */ } }, Lambda: { ClientContext: 'STRING_VALUE', Payload: Buffer.from('...') || 'STRING_VALUE' /* Strings will be Base-64 encoded on your behalf */, Qualifier: 'STRING_VALUE' }, RunCommand: { CloudWatchOutputConfig: { CloudWatchLogGroupName: 'STRING_VALUE', CloudWatchOutputEnabled: true || false }, Comment: 'STRING_VALUE', DocumentHash: 'STRING_VALUE', DocumentHashType: Sha256 | Sha1, DocumentVersion: 'STRING_VALUE', NotificationConfig: { NotificationArn: 'STRING_VALUE', NotificationEvents: [ All | InProgress | Success | TimedOut | Cancelled | Failed, /* more items */ ], NotificationType: Command | Invocation }, OutputS3BucketName: 'STRING_VALUE', OutputS3KeyPrefix: 'STRING_VALUE', Parameters: { '<ParameterName>': [ 'STRING_VALUE', /* more items */ ], /* '<ParameterName>': ... */ }, ServiceRoleArn: 'STRING_VALUE', TimeoutSeconds: 'NUMBER_VALUE' }, StepFunctions: { Input: 'STRING_VALUE', Name: 'STRING_VALUE' } }, TaskParameters: { '<MaintenanceWindowTaskParameterName>': { Values: [ 'STRING_VALUE', /* more items */ ] }, /* '<MaintenanceWindowTaskParameterName>': ... */ } }; ssm.updateMaintenanceWindowTask(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
WindowId
— (String
)The maintenance window ID that contains the task to modify.
WindowTaskId
— (String
)The task ID to modify.
Targets
— (Array<map>
)The targets (either instances or tags) to modify. Instances are specified using the format
Key=instanceids,Values=instanceID_1,instanceID_2
. Tags are specified using the formatKey=tag_name,Values=tag_value
.Note: One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TaskArn
— (String
)The task ARN to modify.
ServiceRoleArn
— (String
)The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses your account's service-linked role. If no service-linked role for Systems Manager exists in your account, it is created when you run
RegisterTaskWithMaintenanceWindow
.For more information, see the following topics in the in the Amazon Web Services Systems Manager User Guide:
TaskParameters
— (map<map>
)The parameters to modify.
Note:TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.The map has the following format:
Key: string, between 1 and 255 characters
Value: an array of strings, each string is between 1 and 255 characters
Values
— (Array<String>
)This field contains an array of 0 or more strings, each 1 to 255 characters in length.
TaskInvocationParameters
— (map
)The parameters that the task should use during execution. Populate only the fields that match the task type. All other fields should be empty.
When you update a maintenance window task that has options specified in
TaskInvocationParameters
, you must provide again all theTaskInvocationParameters
values that you want to retain. The values you don't specify again are removed. For example, suppose that when you registered a Run Command task, you specifiedTaskInvocationParameters
values forComment
,NotificationConfig
, andOutputS3BucketName
. If you update the maintenance window task and specify only a differentOutputS3BucketName
value, the values forComment
andNotificationConfig
are removed.RunCommand
— (map
)The parameters for a
RUN_COMMAND
task type.Comment
— (String
)Information about the commands to run.
CloudWatchOutputConfig
— (map
)Configuration options for sending command output to Amazon CloudWatch Logs.
CloudWatchLogGroupName
— (String
)The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
CloudWatchOutputEnabled
— (Boolean
)Enables Systems Manager to send command output to CloudWatch Logs.
DocumentHash
— (String
)The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
DocumentHashType
— (String
)SHA-256 or SHA-1. SHA-1 hashes have been deprecated.
Possible values include:"Sha256"
"Sha1"
DocumentVersion
— (String
)The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify
$DEFAULT
,$LATEST
, or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
NotificationConfig
— (map
)Configurations for sending notifications about command status changes on a per-instance basis.
NotificationArn
— (String
)An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents
— (Array<String>
)The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
NotificationType
— (String
)The type of notification.
-
Command
: Receive notification when the status of a command changes. -
Invocation
: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes.
"Command"
"Invocation"
-
OutputS3BucketName
— (String
)The name of the Amazon Simple Storage Service (Amazon S3) bucket.
OutputS3KeyPrefix
— (String
)The S3 bucket subfolder.
Parameters
— (map<Array<String>>
)The parameters for the
RUN_COMMAND
task execution.ServiceRoleArn
— (String
)The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TimeoutSeconds
— (Integer
)If this time is reached and the command hasn't already started running, it doesn't run.
Automation
— (map
)The parameters for an
AUTOMATION
task type.DocumentVersion
— (String
)The version of an Automation runbook to use during task execution.
Parameters
— (map<Array<String>>
)The parameters for the
AUTOMATION
task.For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
Note:LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. ForAUTOMATION
task types, Amazon Web Services Systems Manager ignores any values specified for these parameters.
StepFunctions
— (map
)The parameters for a
STEP_FUNCTIONS
task type.Input
— (String
)The inputs for the
STEP_FUNCTIONS
task.Name
— (String
)The name of the
STEP_FUNCTIONS
task.
Lambda
— (map
)The parameters for a
LAMBDA
task type.ClientContext
— (String
)Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.
Qualifier
— (String
)(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.
Payload
— (Buffer, Typed Array, Blob, String
)JSON to provide to your Lambda function as input.
Priority
— (Integer
)The new task priority to specify. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
MaxConcurrency
— (String
)The new
MaxConcurrency
value you want to specify.MaxConcurrency
is the number of targets that are allowed to run this task in parallel.Note: For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of1
, which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored.MaxErrors
— (String
)The new
MaxErrors
value to specify.MaxErrors
is the maximum number of errors that are allowed before the task stops being scheduled.Note: For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of1
, which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored.LoggingInfo
— (map
)The new logging location in Amazon S3 to specify.
Note:LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.S3BucketName
— required — (String
)The name of an S3 bucket where execution logs are stored .
S3KeyPrefix
— (String
)(Optional) The S3 bucket subfolder.
S3Region
— required — (String
)The Amazon Web Services Region where the S3 bucket is located.
Name
— (String
)The new task name to specify.
Description
— (String
)The new task description to specify.
Replace
— (Boolean
)If True, then all fields that are required by the RegisterTaskWithMaintenanceWindow operation are also required for this API request. Optional fields that aren't specified are set to null.
CutoffBehavior
— (String
)Indicates whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.
-
CONTINUE_TASK
: When the cutoff time is reached, any tasks that are running continue. The default value. -
CANCEL_TASK
:-
For Automation, Lambda, Step Functions tasks: When the cutoff time is reached, any task invocations that are already running continue, but no new task invocations are started.
-
For Run Command tasks: When the cutoff time is reached, the system sends a CancelCommand operation that attempts to cancel the command associated with the task. However, there is no guarantee that the command will be terminated and the underlying process stopped.
The status for tasks that are not completed is
TIMED_OUT
. -
"CONTINUE_TASK"
"CANCEL_TASK"
-
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:WindowId
— (String
)The ID of the maintenance window that was updated.
WindowTaskId
— (String
)The task ID of the maintenance window that was updated.
Targets
— (Array<map>
)The updated target values.
Key
— (String
)User-defined criteria for sending commands that target instances that meet the criteria.
Values
— (Array<String>
)User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TaskArn
— (String
)The updated task ARN value.
ServiceRoleArn
— (String
)The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TaskParameters
— (map<map>
)The updated parameter values.
Note:TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.Values
— (Array<String>
)This field contains an array of 0 or more strings, each 1 to 255 characters in length.
TaskInvocationParameters
— (map
)The updated parameter values.
RunCommand
— (map
)The parameters for a
RUN_COMMAND
task type.Comment
— (String
)Information about the commands to run.
CloudWatchOutputConfig
— (map
)Configuration options for sending command output to Amazon CloudWatch Logs.
CloudWatchLogGroupName
— (String
)The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
CloudWatchOutputEnabled
— (Boolean
)Enables Systems Manager to send command output to CloudWatch Logs.
DocumentHash
— (String
)The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
DocumentHashType
— (String
)SHA-256 or SHA-1. SHA-1 hashes have been deprecated.
Possible values include:"Sha256"
"Sha1"
DocumentVersion
— (String
)The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify
$DEFAULT
,$LATEST
, or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
NotificationConfig
— (map
)Configurations for sending notifications about command status changes on a per-instance basis.
NotificationArn
— (String
)An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents
— (Array<String>
)The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
NotificationType
— (String
)The type of notification.
-
Command
: Receive notification when the status of a command changes. -
Invocation
: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes.
"Command"
"Invocation"
-
OutputS3BucketName
— (String
)The name of the Amazon Simple Storage Service (Amazon S3) bucket.
OutputS3KeyPrefix
— (String
)The S3 bucket subfolder.
Parameters
— (map<Array<String>>
)The parameters for the
RUN_COMMAND
task execution.ServiceRoleArn
— (String
)The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TimeoutSeconds
— (Integer
)If this time is reached and the command hasn't already started running, it doesn't run.
Automation
— (map
)The parameters for an
AUTOMATION
task type.DocumentVersion
— (String
)The version of an Automation runbook to use during task execution.
Parameters
— (map<Array<String>>
)The parameters for the
AUTOMATION
task.For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
Note:LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.TaskParameters
has been deprecated. To specify parameters to pass to a task when it runs, instead use theParameters
option in theTaskInvocationParameters
structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. ForAUTOMATION
task types, Amazon Web Services Systems Manager ignores any values specified for these parameters.
StepFunctions
— (map
)The parameters for a
STEP_FUNCTIONS
task type.Input
— (String
)The inputs for the
STEP_FUNCTIONS
task.Name
— (String
)The name of the
STEP_FUNCTIONS
task.
Lambda
— (map
)The parameters for a
LAMBDA
task type.ClientContext
— (String
)Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.
Qualifier
— (String
)(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.
Payload
— (Buffer, Typed Array, Blob, String
)JSON to provide to your Lambda function as input.
Priority
— (Integer
)The updated priority value.
MaxConcurrency
— (String
)The updated
MaxConcurrency
value.MaxErrors
— (String
)The updated
MaxErrors
value.LoggingInfo
— (map
)The updated logging information in Amazon S3.
Note:LoggingInfo
has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use theOutputS3BucketName
andOutputS3KeyPrefix
options in theTaskInvocationParameters
structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.S3BucketName
— required — (String
)The name of an S3 bucket where execution logs are stored .
S3KeyPrefix
— (String
)(Optional) The S3 bucket subfolder.
S3Region
— required — (String
)The Amazon Web Services Region where the S3 bucket is located.
Name
— (String
)The updated task name.
Description
— (String
)The updated task description.
CutoffBehavior
— (String
)The specification for whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.
Possible values include:"CONTINUE_TASK"
"CANCEL_TASK"
-
(AWS.Response)
—
Returns:
updateManagedInstanceRole(params = {}, callback) ⇒ AWS.Request
Changes the Identity and Access Management (IAM) role that is assigned to the on-premises instance or virtual machines (VM). IAM roles are first assigned to these hybrid instances during the activation process. For more information, see CreateActivation.
Service Reference:
Examples:
Calling the updateManagedInstanceRole operation
var params = { IamRole: 'STRING_VALUE', /* required */ InstanceId: 'STRING_VALUE' /* required */ }; ssm.updateManagedInstanceRole(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
InstanceId
— (String
)The ID of the managed instance where you want to update the role.
IamRole
— (String
)The IAM role you want to assign or change.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
updateOpsItem(params = {}, callback) ⇒ AWS.Request
Edit or change an OpsItem. You must have permission in Identity and Access Management (IAM) to update an OpsItem. For more information, see Getting started with OpsCenter in the Amazon Web Services Systems Manager User Guide.
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see OpsCenter in the Amazon Web Services Systems Manager User Guide.
Service Reference:
Examples:
Calling the updateOpsItem operation
var params = { OpsItemId: 'STRING_VALUE', /* required */ ActualEndTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789, ActualStartTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789, Category: 'STRING_VALUE', Description: 'STRING_VALUE', Notifications: [ { Arn: 'STRING_VALUE' }, /* more items */ ], OperationalData: { '<OpsItemDataKey>': { Type: SearchableString | String, Value: 'STRING_VALUE' }, /* '<OpsItemDataKey>': ... */ }, OperationalDataToDelete: [ 'STRING_VALUE', /* more items */ ], PlannedEndTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789, PlannedStartTime: new Date || 'Wed Dec 31 1969 16:00:00 GMT-0800 (PST)' || 123456789, Priority: 'NUMBER_VALUE', RelatedOpsItems: [ { OpsItemId: 'STRING_VALUE' /* required */ }, /* more items */ ], Severity: 'STRING_VALUE', Status: Open | InProgress | Resolved | Pending | TimedOut | Cancelling | Cancelled | Failed | CompletedWithSuccess | CompletedWithFailure | Scheduled | RunbookInProgress | PendingChangeCalendarOverride | ChangeCalendarOverrideApproved | ChangeCalendarOverrideRejected | PendingApproval | Approved | Rejected | Closed, Title: 'STRING_VALUE' }; ssm.updateOpsItem(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
Description
— (String
)Update the information about the OpsItem. Provide enough information so that users reading this OpsItem for the first time understand the issue.
OperationalData
— (map<map>
)Add new keys or edit existing key-value pairs of the OperationalData map in the OpsItem object.
Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.
Operational data keys can't begin with the following:
amazon
,aws
,amzn
,ssm
,/amazon
,/aws
,/amzn
,/ssm
.You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).
Use the
/aws/resources
key in OperationalData to specify a related resource in the request. Use the/aws/automations
key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Creating OpsItems manually in the Amazon Web Services Systems Manager User Guide.Value
— (String
)The value of the OperationalData key.
Type
— (String
)The type of key-value pair. Valid types include
Possible values include:SearchableString
andString
."SearchableString"
"String"
OperationalDataToDelete
— (Array<String>
)Keys that you want to remove from the OperationalData map.
Notifications
— (Array<map>
)The Amazon Resource Name (ARN) of an SNS topic where notifications are sent when this OpsItem is edited or changed.
Arn
— (String
)The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.
Priority
— (Integer
)The importance of this OpsItem in relation to other OpsItems in the system.
RelatedOpsItems
— (Array<map>
)One or more OpsItems that share something in common with the current OpsItems. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
OpsItemId
— required — (String
)The ID of an OpsItem related to the current OpsItem.
Status
— (String
)The OpsItem status. Status can be
Possible values include:Open
,In Progress
, orResolved
. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide."Open"
"InProgress"
"Resolved"
"Pending"
"TimedOut"
"Cancelling"
"Cancelled"
"Failed"
"CompletedWithSuccess"
"CompletedWithFailure"
"Scheduled"
"RunbookInProgress"
"PendingChangeCalendarOverride"
"ChangeCalendarOverrideApproved"
"ChangeCalendarOverrideRejected"
"PendingApproval"
"Approved"
"Rejected"
"Closed"
OpsItemId
— (String
)The ID of the OpsItem.
Title
— (String
)A short heading that describes the nature of the OpsItem and the impacted resource.
Category
— (String
)Specify a new category for an OpsItem.
Severity
— (String
)Specify a new severity for an OpsItem.
ActualStartTime
— (Date
)The time a runbook workflow started. Currently reported only for the OpsItem type
/aws/changerequest
.ActualEndTime
— (Date
)The time a runbook workflow ended. Currently reported only for the OpsItem type
/aws/changerequest
.PlannedStartTime
— (Date
)The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type
/aws/changerequest
.PlannedEndTime
— (Date
)The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type
/aws/changerequest
.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
updateOpsMetadata(params = {}, callback) ⇒ AWS.Request
Amazon Web Services Systems Manager calls this API operation when you edit OpsMetadata in Application Manager.
Service Reference:
Examples:
Calling the updateOpsMetadata operation
var params = { OpsMetadataArn: 'STRING_VALUE', /* required */ KeysToDelete: [ 'STRING_VALUE', /* more items */ ], MetadataToUpdate: { '<MetadataKey>': { Value: 'STRING_VALUE' }, /* '<MetadataKey>': ... */ } }; ssm.updateOpsMetadata(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
OpsMetadataArn
— (String
)The Amazon Resoure Name (ARN) of the OpsMetadata Object to update.
MetadataToUpdate
— (map<map>
)Metadata to add to an OpsMetadata object.
Value
— (String
)Metadata value to assign to an Application Manager application.
KeysToDelete
— (Array<String>
)The metadata keys to delete from the OpsMetadata object.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:OpsMetadataArn
— (String
)The Amazon Resource Name (ARN) of the OpsMetadata Object that was updated.
-
(AWS.Response)
—
Returns:
updatePatchBaseline(params = {}, callback) ⇒ AWS.Request
Modifies an existing patch baseline. Fields not specified in the request are left unchanged.
Note: For information about valid key-value pairs inPatchFilters
for each supported operating system type, see PatchFilter.Service Reference:
Examples:
Calling the updatePatchBaseline operation
var params = { BaselineId: 'STRING_VALUE', /* required */ ApprovalRules: { PatchRules: [ /* required */ { PatchFilterGroup: { /* required */ PatchFilters: [ /* required */ { Key: ARCH | ADVISORY_ID | BUGZILLA_ID | PATCH_SET | PRODUCT | PRODUCT_FAMILY | CLASSIFICATION | CVE_ID | EPOCH | MSRC_SEVERITY | NAME | PATCH_ID | SECTION | PRIORITY | REPOSITORY | RELEASE | SEVERITY | SECURITY | VERSION, /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }, ApproveAfterDays: 'NUMBER_VALUE', ApproveUntilDate: 'STRING_VALUE', ComplianceLevel: CRITICAL | HIGH | MEDIUM | LOW | INFORMATIONAL | UNSPECIFIED, EnableNonSecurity: true || false }, /* more items */ ] }, ApprovedPatches: [ 'STRING_VALUE', /* more items */ ], ApprovedPatchesComplianceLevel: CRITICAL | HIGH | MEDIUM | LOW | INFORMATIONAL | UNSPECIFIED, ApprovedPatchesEnableNonSecurity: true || false, Description: 'STRING_VALUE', GlobalFilters: { PatchFilters: [ /* required */ { Key: ARCH | ADVISORY_ID | BUGZILLA_ID | PATCH_SET | PRODUCT | PRODUCT_FAMILY | CLASSIFICATION | CVE_ID | EPOCH | MSRC_SEVERITY | NAME | PATCH_ID | SECTION | PRIORITY | REPOSITORY | RELEASE | SEVERITY | SECURITY | VERSION, /* required */ Values: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }, Name: 'STRING_VALUE', RejectedPatches: [ 'STRING_VALUE', /* more items */ ], RejectedPatchesAction: ALLOW_AS_DEPENDENCY | BLOCK, Replace: true || false, Sources: [ { Configuration: 'STRING_VALUE', /* required */ Name: 'STRING_VALUE', /* required */ Products: [ /* required */ 'STRING_VALUE', /* more items */ ] }, /* more items */ ] }; ssm.updatePatchBaseline(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
BaselineId
— (String
)The ID of the patch baseline to update.
Name
— (String
)The name of the patch baseline.
GlobalFilters
— (map
)A set of global filters used to include patches in the baseline.
PatchFilters
— required — (Array<map>
)The set of patch filters that make up the group.
Key
— required — (String
)The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
Possible values include:"ARCH"
"ADVISORY_ID"
"BUGZILLA_ID"
"PATCH_SET"
"PRODUCT"
"PRODUCT_FAMILY"
"CLASSIFICATION"
"CVE_ID"
"EPOCH"
"MSRC_SEVERITY"
"NAME"
"PATCH_ID"
"SECTION"
"PRIORITY"
"REPOSITORY"
"RELEASE"
"SEVERITY"
"SECURITY"
"VERSION"
Values
— required — (Array<String>
)The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
ApprovalRules
— (map
)A set of rules used to include patches in the baseline.
PatchRules
— required — (Array<map>
)The rules that make up the rule group.
PatchFilterGroup
— required — (map
)The patch filter group that defines the criteria for the rule.
PatchFilters
— required — (Array<map>
)The set of patch filters that make up the group.
Key
— required — (String
)The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
Possible values include:"ARCH"
"ADVISORY_ID"
"BUGZILLA_ID"
"PATCH_SET"
"PRODUCT"
"PRODUCT_FAMILY"
"CLASSIFICATION"
"CVE_ID"
"EPOCH"
"MSRC_SEVERITY"
"NAME"
"PATCH_ID"
"SECTION"
"PRIORITY"
"REPOSITORY"
"RELEASE"
"SEVERITY"
"SECURITY"
"VERSION"
Values
— required — (Array<String>
)The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
ComplianceLevel
— (String
)A compliance severity level for all approved patches in a patch baseline.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"INFORMATIONAL"
"UNSPECIFIED"
ApproveAfterDays
— (Integer
)The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7
means that patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu Server.ApproveUntilDate
— (String
)The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
Enter dates in the format
YYYY-MM-DD
. For example,2021-12-31
.EnableNonSecurity
— (Boolean
)For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false
. Applies to Linux instances only.
ApprovedPatches
— (Array<String>
)A list of explicitly approved patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
ApprovedPatchesComplianceLevel
— (String
)Assigns a new compliance severity level to an existing patch baseline.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"INFORMATIONAL"
"UNSPECIFIED"
ApprovedPatchesEnableNonSecurity
— (Boolean
)Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is
false
. Applies to Linux instances only.RejectedPatches
— (Array<String>
)A list of explicitly rejected patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
RejectedPatchesAction
— (String
)The action for Patch Manager to take on patches included in the
RejectedPackages
list.-
ALLOW_AS_DEPENDENCY
: A package in theRejected
patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported asInstalledOther
. This is the default action if no option is specified. -
BLOCK
: Packages in theRejectedPatches
list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to theRejected
patches list, it is considered non-compliant with the patch baseline, and its status is reported asInstalledRejected
.
"ALLOW_AS_DEPENDENCY"
"BLOCK"
-
Description
— (String
)A description of the patch baseline.
Sources
— (Array<map>
)Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
Name
— required — (String
)The name specified to identify the patch source.
Products
— required — (Array<String>
)The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
Configuration
— required — (String
)The value of the yum repo configuration. For example:
[main]
name=MyCustomRepository
baseurl=https://my-custom-repository
enabled=1
Note: For information about other options available for your yum repository configuration, see dnf.conf(5).
Replace
— (Boolean
)If True, then all fields that are required by the CreatePatchBaseline operation are also required for this API request. Optional fields that aren't specified are set to null.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:BaselineId
— (String
)The ID of the deleted patch baseline.
Name
— (String
)The name of the patch baseline.
OperatingSystem
— (String
)The operating system rule used by the updated patch baseline.
Possible values include:"WINDOWS"
"AMAZON_LINUX"
"AMAZON_LINUX_2"
"UBUNTU"
"REDHAT_ENTERPRISE_LINUX"
"SUSE"
"CENTOS"
"ORACLE_LINUX"
"DEBIAN"
"MACOS"
GlobalFilters
— (map
)A set of global filters used to exclude patches from the baseline.
PatchFilters
— required — (Array<map>
)The set of patch filters that make up the group.
Key
— required — (String
)The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
Possible values include:"ARCH"
"ADVISORY_ID"
"BUGZILLA_ID"
"PATCH_SET"
"PRODUCT"
"PRODUCT_FAMILY"
"CLASSIFICATION"
"CVE_ID"
"EPOCH"
"MSRC_SEVERITY"
"NAME"
"PATCH_ID"
"SECTION"
"PRIORITY"
"REPOSITORY"
"RELEASE"
"SEVERITY"
"SECURITY"
"VERSION"
Values
— required — (Array<String>
)The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
ApprovalRules
— (map
)A set of rules used to include patches in the baseline.
PatchRules
— required — (Array<map>
)The rules that make up the rule group.
PatchFilterGroup
— required — (map
)The patch filter group that defines the criteria for the rule.
PatchFilters
— required — (Array<map>
)The set of patch filters that make up the group.
Key
— required — (String
)The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
Possible values include:"ARCH"
"ADVISORY_ID"
"BUGZILLA_ID"
"PATCH_SET"
"PRODUCT"
"PRODUCT_FAMILY"
"CLASSIFICATION"
"CVE_ID"
"EPOCH"
"MSRC_SEVERITY"
"NAME"
"PATCH_ID"
"SECTION"
"PRIORITY"
"REPOSITORY"
"RELEASE"
"SEVERITY"
"SECURITY"
"VERSION"
Values
— required — (Array<String>
)The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
ComplianceLevel
— (String
)A compliance severity level for all approved patches in a patch baseline.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"INFORMATIONAL"
"UNSPECIFIED"
ApproveAfterDays
— (Integer
)The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of
7
means that patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu Server.ApproveUntilDate
— (String
)The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
Enter dates in the format
YYYY-MM-DD
. For example,2021-12-31
.EnableNonSecurity
— (Boolean
)For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is
false
. Applies to Linux instances only.
ApprovedPatches
— (Array<String>
)A list of explicitly approved patches for the baseline.
ApprovedPatchesComplianceLevel
— (String
)The compliance severity level assigned to the patch baseline after the update completed.
Possible values include:"CRITICAL"
"HIGH"
"MEDIUM"
"LOW"
"INFORMATIONAL"
"UNSPECIFIED"
ApprovedPatchesEnableNonSecurity
— (Boolean
)Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is
false
. Applies to Linux instances only.RejectedPatches
— (Array<String>
)A list of explicitly rejected patches for the baseline.
RejectedPatchesAction
— (String
)The action specified to take on patches included in the
Possible values include:RejectedPatches
list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency."ALLOW_AS_DEPENDENCY"
"BLOCK"
CreatedDate
— (Date
)The date when the patch baseline was created.
ModifiedDate
— (Date
)The date when the patch baseline was last modified.
Description
— (String
)A description of the patch baseline.
Sources
— (Array<map>
)Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
Name
— required — (String
)The name specified to identify the patch source.
Products
— required — (Array<String>
)The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter.
Configuration
— required — (String
)The value of the yum repo configuration. For example:
[main]
name=MyCustomRepository
baseurl=https://my-custom-repository
enabled=1
Note: For information about other options available for your yum repository configuration, see dnf.conf(5).
-
(AWS.Response)
—
Returns:
updateResourceDataSync(params = {}, callback) ⇒ AWS.Request
Update a resource data sync. After you create a resource data sync for a Region, you can't change the account options for that sync. For example, if you create a sync in the us-east-2 (Ohio) Region and you choose the
Include only the current account
option, you can't edit that sync later and choose theInclude all accounts from my Organizations configuration
option. Instead, you must delete the first resource data sync, and create a new one.Note: This API operation only supports a resource data sync that was created with a SyncFromSourceSyncType
.Service Reference:
Examples:
Calling the updateResourceDataSync operation
var params = { SyncName: 'STRING_VALUE', /* required */ SyncSource: { /* required */ SourceRegions: [ /* required */ 'STRING_VALUE', /* more items */ ], SourceType: 'STRING_VALUE', /* required */ AwsOrganizationsSource: { OrganizationSourceType: 'STRING_VALUE', /* required */ OrganizationalUnits: [ { OrganizationalUnitId: 'STRING_VALUE' }, /* more items */ ] }, EnableAllOpsDataSources: true || false, IncludeFutureRegions: true || false }, SyncType: 'STRING_VALUE' /* required */ }; ssm.updateResourceDataSync(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
SyncName
— (String
)The name of the resource data sync you want to update.
SyncType
— (String
)The type of resource data sync. The supported
SyncType
is SyncFromSource.SyncSource
— (map
)Specify information about the data sources to synchronize.
SourceType
— required — (String
)The type of data source for the resource data sync.
SourceType
is eitherAwsOrganizations
(if an organization is present in Organizations) orSingleAccountMultiRegions
.AwsOrganizationsSource
— (map
)Information about the
AwsOrganizationsSource
resource data sync source. A sync source of this type can synchronize data from Organizations.OrganizationSourceType
— required — (String
)If an Amazon Web Services organization is present, this is either
OrganizationalUnits
orEntireOrganization
. ForOrganizationalUnits
, the data is aggregated from a set of organization units. ForEntireOrganization
, the data is aggregated from the entire Amazon Web Services organization.OrganizationalUnits
— (Array<map>
)The Organizations organization units included in the sync.
OrganizationalUnitId
— (String
)The Organizations unit ID data source for the sync.
SourceRegions
— required — (Array<String>
)The
SyncSource
Amazon Web Services Regions included in the resource data sync.IncludeFutureRegions
— (Boolean
)Whether to automatically synchronize and aggregate data from new Amazon Web Services Regions when those Regions come online.
EnableAllOpsDataSources
— (Boolean
)When you create a resource data sync, if you choose one of the Organizations options, then Systems Manager automatically enables all OpsData sources in the selected Amazon Web Services Regions for all Amazon Web Services accounts in your organization (or in the selected organization units). For more information, see About multiple account and Region resource data syncs in the Amazon Web Services Systems Manager User Guide.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
updateServiceSetting(params = {}, callback) ⇒ AWS.Request
ServiceSetting
is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.Services map a
SettingId
object to a setting value. Amazon Web Services services teams define the default value for aSettingId
. You can't create a newSettingId
, but you can overwrite the default value if you have thessm:UpdateServiceSetting
permission for the setting. Use the GetServiceSetting API operation to view the current value. Or, use the ResetServiceSetting to change the value back to the original value defined by the Amazon Web Services service team.Update the service setting for the account.
Service Reference:
Examples:
Calling the updateServiceSetting operation
var params = { SettingId: 'STRING_VALUE', /* required */ SettingValue: 'STRING_VALUE' /* required */ }; ssm.updateServiceSetting(params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
(defaults to: {})
—
SettingId
— (String
)The Amazon Resource Name (ARN) of the service setting to reset. For example,
arn:aws:ssm:us-east-1:111122223333:servicesetting/ssm/parameter-store/high-throughput-enabled
. The setting ID can be one of the following.-
/ssm/automation/customer-script-log-destination
-
/ssm/automation/customer-script-log-group-name
-
/ssm/documents/console/public-sharing-permission
-
/ssm/parameter-store/default-parameter-tier
-
/ssm/parameter-store/high-throughput-enabled
-
/ssm/managed-instance/activation-tier
-
SettingValue
— (String
)The new value to specify for the service setting. The following list specifies the available values for each setting.
-
/ssm/parameter-store/default-parameter-tier
:Standard
,Advanced
,Intelligent-Tiering
-
/ssm/parameter-store/high-throughput-enabled
:true
orfalse
-
/ssm/managed-instance/activation-tier
:true
orfalse
-
/ssm/automation/customer-script-log-destination
:CloudWatch
-
/ssm/automation/customer-script-log-group-name
: the name of an Amazon CloudWatch Logs log group -
/ssm/documents/console/public-sharing-permission
:Enable
orDisable
-
/ssm/managed-instance/activation-tier
:standard
oradvanced
-
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs.
-
(AWS.Response)
—
Returns:
waitFor(state, params = {}, callback) ⇒ AWS.Request
Waits for a given SSM resource. The final callback or 'complete' event will be fired only when the resource is either in its final state or the waiter has timed out and stopped polling for the final state.
Examples:
Waiting for the commandExecuted state
var params = { CommandId: 'STRING_VALUE', /* required */ InstanceId: 'STRING_VALUE', /* required */ }; ssm.waitFor('commandExecuted', params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
state
(String)
—
the resource state to wait for. Available states for this service are listed in "Waiter Resource States" below.
-
params
(map)
(defaults to: {})
—
a list of parameters for the given state. See each waiter resource state for required parameters.
Callback (callback):
-
function(err, data) { ... }
Callback containing error and data information. See the respective resource state for the expected error or data information.
If the waiter times out its requests, it will return a
ResourceNotReady
error.
Returns:
Waiter Resource States:
Waiter Resource Details
ssm.waitFor('commandExecuted', params = {}, [callback]) ⇒ AWS.Request
Waits for the
commandExecuted
state by periodically calling the underlying SSM.getCommandInvocation() operation every 5 seconds (at most 20 times).Examples:
Waiting for the commandExecuted state
var params = { CommandId: 'STRING_VALUE', /* required */ InstanceId: 'STRING_VALUE', /* required */ }; ssm.waitFor('commandExecuted', params, function(err, data) { if (err) console.log(err, err.stack); // an error occurred else console.log(data); // successful response });
Parameters:
-
params
(Object)
—
CommandId
— (String
)(Required) The parent command ID of the invocation plugin.
InstanceId
— (String
)(Required) The ID of the managed instance targeted by the command. A managed instance can be an Amazon Elastic Compute Cloud (Amazon EC2) instance or an instance in your hybrid environment that is configured for Amazon Web Services Systems Manager.
PluginName
— (String
)The name of the plugin for which you want detailed results. If the document contains only one plugin, you can omit the name and details for that plugin. If the document contains more than one plugin, you must specify the name of the plugin for which you want to view details.
Plugin names are also referred to as step names in Systems Manager documents (SSM documents). For example,
aws:RunShellScript
is a plugin.To find the
PluginName
, check the document content and find the name of the plugin. Alternatively, use ListCommandInvocations with theCommandId
andDetails
parameters. ThePluginName
is theName
attribute of theCommandPlugin
object in theCommandPlugins
list.
Callback (callback):
-
function(err, data) { ... }
Called when a response from the service is returned. If a callback is not supplied, you must call AWS.Request.send() on the returned request object to initiate the request.
Context (this):
-
(AWS.Response)
—
the response object containing error, data properties, and the original request object.
Parameters:
-
err
(Error)
—
the error object returned from the request. Set to
null
if the request is successful. -
data
(Object)
—
the de-serialized data returned from the request. Set to
null
if a request error occurs. Thedata
object has the following properties:CommandId
— (String
)The parent command ID of the invocation plugin.
InstanceId
— (String
)The ID of the managed instance targeted by the command. A managed instance can be an EC2 instance or an instance in your hybrid environment that is configured for Systems Manager.
Comment
— (String
)The comment text for the command.
DocumentName
— (String
)The name of the document that was run. For example,
AWS-RunShellScript
.DocumentVersion
— (String
)The Systems Manager document (SSM document) version used in the request.
PluginName
— (String
)The name of the plugin, or step name, for which details are reported. For example,
aws:RunShellScript
is a plugin.ResponseCode
— (Integer
)The error level response code for the plugin script. If the response code is
-1
, then the command hasn't started running on the instance, or it wasn't received by the instance.ExecutionStartDateTime
— (String
)The date and time the plugin started running. Date and time are written in ISO 8601 format. For example, June 7, 2017 is represented as 2017-06-7. The following sample Amazon Web Services CLI command uses the
InvokedBefore
filter.aws ssm list-commands --filters key=InvokedBefore,value=2017-06-07T00:00:00Z
If the plugin hasn't started to run, the string is empty.
ExecutionElapsedTime
— (String
)Duration since
ExecutionStartDateTime
.ExecutionEndDateTime
— (String
)The date and time the plugin finished running. Date and time are written in ISO 8601 format. For example, June 7, 2017 is represented as 2017-06-7. The following sample Amazon Web Services CLI command uses the
InvokedAfter
filter.aws ssm list-commands --filters key=InvokedAfter,value=2017-06-07T00:00:00Z
If the plugin hasn't started to run, the string is empty.
Status
— (String
)The status of this invocation plugin. This status can be different than
Possible values include:StatusDetails
."Pending"
"InProgress"
"Delayed"
"Success"
"Cancelled"
"TimedOut"
"Failed"
"Cancelling"
StatusDetails
— (String
)A detailed status of the command execution for an invocation.
StatusDetails
includes more information thanStatus
because it includes states resulting from error and concurrency control parameters.StatusDetails
can show different results thanStatus
. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide.StatusDetails
can be one of the following values:-
Pending: The command hasn't been sent to the instance.
-
In Progress: The command has been sent to the instance but hasn't reached a terminal state.
-
Delayed: The system attempted to send the command to the target, but the target wasn't available. The instance might not be available because of network issues, because the instance was stopped, or for similar reasons. The system will try to send the command again.
-
Success: The command or plugin ran successfully. This is a terminal state.
-
Delivery Timed Out: The command wasn't delivered to the instance before the delivery timeout expired. Delivery timeouts don't count against the parent command's
MaxErrors
limit, but they do contribute to whether the parent command status is Success or Incomplete. This is a terminal state. -
Execution Timed Out: The command started to run on the instance, but the execution wasn't complete before the timeout expired. Execution timeouts count against the
MaxErrors
limit of the parent command. This is a terminal state. -
Failed: The command wasn't run successfully on the instance. For a plugin, this indicates that the result code wasn't zero. For a command invocation, this indicates that the result code for one or more plugins wasn't zero. Invocation failures count against the
MaxErrors
limit of the parent command. This is a terminal state. -
Canceled: The command was terminated before it was completed. This is a terminal state.
-
Undeliverable: The command can't be delivered to the instance. The instance might not exist or might not be responding. Undeliverable invocations don't count against the parent command's
MaxErrors
limit and don't contribute to whether the parent command status is Success or Incomplete. This is a terminal state. -
Terminated: The parent command exceeded its
MaxErrors
limit and subsequent command invocations were canceled by the system. This is a terminal state.
-
StandardOutputContent
— (String
)The first 24,000 characters written by the plugin to
stdout
. If the command hasn't finished running, ifExecutionStatus
is neither Succeeded nor Failed, then this string is empty.StandardOutputUrl
— (String
)The URL for the complete text written by the plugin to
stdout
in Amazon Simple Storage Service (Amazon S3). If an S3 bucket wasn't specified, then this string is empty.StandardErrorContent
— (String
)The first 8,000 characters written by the plugin to
stderr
. If the command hasn't finished running, then this string is empty.StandardErrorUrl
— (String
)The URL for the complete text written by the plugin to
stderr
. If the command hasn't finished running, then this string is empty.CloudWatchOutputConfig
— (map
)Amazon CloudWatch Logs information where Systems Manager sent the command output.
CloudWatchLogGroupName
— (String
)The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
CloudWatchOutputEnabled
— (Boolean
)Enables Systems Manager to send command output to CloudWatch Logs.
-
(AWS.Response)
—
Returns:
See Also:
Generated on Fri Oct 29 18:27:30 2021 by yard 0.9.26 (ruby-2.3.8). - createOpsItem(params = {}, callback) ⇒ AWS.Request