Table of Contents
A low-level client representing Amazon Simple Systems Manager (SSM)
Amazon Web Services Systems Manager is a collection of capabilities that helps you automate management tasks such as collecting system inventory, applying operating system (OS) patches, automating the creation of Amazon Machine Images (AMIs), and configuring operating systems (OSs) and applications at scale. Systems Manager lets you remotely and securely manage the configuration of your managed instances. A managed instance is any Amazon Elastic Compute Cloud instance (EC2 instance), or any on-premises server or virtual machine (VM) in your hybrid environment that has been configured for Systems Manager.
This reference is intended to be used with the Amazon Web Services Systems Manager User Guide .
To get started, verify prerequisites and configure managed instances. For more information, see Setting up Amazon Web Services Systems Manager in the Amazon Web Services Systems Manager User Guide .
Related resources
import boto3
client = boto3.client('ssm')
These are the available methods:
Adds or overwrites one or more tags for the specified resource. Tags are metadata that you can assign to your documents, managed instances, maintenance windows, Parameter Store parameters, and patch baselines. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. For example, you could define a set of tags for your account's managed instances that helps you track each instance's owner and stack level. For example:
Each resource can have a maximum of 50 tags.
We recommend that you devise a set of tag keys that meets your needs for each resource type. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags you add. Tags don't have any semantic meaning to and are interpreted strictly as a string of characters.
For more information about using tags with Amazon Elastic Compute Cloud (Amazon EC2) instances, see Tagging your Amazon EC2 resources in the Amazon EC2 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.add_tags_to_resource(
ResourceType='Document'|'ManagedInstance'|'MaintenanceWindow'|'Parameter'|'PatchBaseline'|'OpsItem'|'OpsMetadata',
ResourceId='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
Specifies the type of resource you are tagging.
Note
The ManagedInstance type for this API operation is for on-premises managed instances. You must specify the name of the managed instance in the following format: mi-*ID_number* `` . For example, ``mi-1a2b3c4d5e6f .
[REQUIRED]
The resource ID you want to tag.
Use the ID of the resource. Here are some examples:
MaintenanceWindow : mw-012345abcdePatchBaseline : pb-012345abcde
OpsMetadata object: ResourceID for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically, ResourceID is created from the strings that come after the word opsmetadata in the ARN. For example, an OpsMetadata object with an ARN of arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager has a ResourceID of either aws/ssm/MyGroup/appmanager or /aws/ssm/MyGroup/appmanager .
For the Document and Parameter values, use the name of the resource.
ManagedInstance : mi-012345abcde
Note
The ManagedInstance type for this API operation is only for on-premises managed instances. You must specify the name of the managed instance in the following format: mi-*ID_number* `` . For example, ``mi-1a2b3c4d5e6f .
[REQUIRED]
One or more tags. The value parameter is required.
Warning
Don't enter personally identifiable information in this field.
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{}
Response Structure
Exceptions
Associates a related resource to a Systems Manager OpsCenter OpsItem. For example, you can associate an Incident Manager incident or analysis with an OpsItem. Incident Manager is a capability of Amazon Web Services Systems Manager.
See also: AWS API Documentation
Request Syntax
response = client.associate_ops_item_related_item(
OpsItemId='string',
AssociationType='string',
ResourceType='string',
ResourceUri='string'
)
[REQUIRED]
The ID of the OpsItem to which you want to associate a resource as a related item.
[REQUIRED]
The type of association that you want to create between an OpsItem and a resource. OpsCenter supports IsParentOf and RelatesTo association types.
[REQUIRED]
The type of resource that you want to associate with an OpsItem. OpsCenter supports the following types:
AWS::SSMIncidents::IncidentRecord : an Incident Manager incident. Incident Manager is a capability of Amazon Web Services Systems Manager.AWS::SSM::Document : a Systems Manager (SSM) document.
[REQUIRED]
The Amazon Resource Name (ARN) of the Amazon Web Services resource that you want to associate with the OpsItem.
dict
Response Syntax
{
'AssociationId': 'string'
}
Response Structure
(dict) --
AssociationId (string) --
The association ID.
Exceptions
Check if an operation can be paginated.
Attempts to cancel the command specified by the Command ID. There is no guarantee that the command will be terminated and the underlying process stopped.
See also: AWS API Documentation
Request Syntax
response = client.cancel_command(
CommandId='string',
InstanceIds=[
'string',
]
)
[REQUIRED]
The ID of the command you want to cancel.
(Optional) A list of instance IDs on which you want to cancel the command. If not provided, the command is canceled on every instance on which it was requested.
dict
Response Syntax
{}
Response Structure
(dict) --
Whether or not the command was successfully canceled. There is no guarantee that a request can be canceled.
Exceptions
Stops a maintenance window execution that is already in progress and cancels any tasks in the window that haven't already starting running. Tasks already in progress will continue to completion.
See also: AWS API Documentation
Request Syntax
response = client.cancel_maintenance_window_execution(
WindowExecutionId='string'
)
[REQUIRED]
The ID of the maintenance window execution to stop.
{
'WindowExecutionId': 'string'
}
Response Structure
The ID of the maintenance window execution that has been stopped.
Exceptions
Generates an activation code and activation ID you can use to register your on-premises server or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and ID when installing SSM Agent on machines in your hybrid environment. For more information about requirements for managing on-premises instances and VMs using Systems Manager, see Setting up Amazon Web Services Systems Manager for hybrid environments in the Amazon Web Services Systems Manager User Guide .
Note
On-premises servers or VMs that are registered with Systems Manager and Amazon Elastic Compute Cloud (Amazon EC2) instances that you manage with Systems Manager are all called managed instances .
See also: AWS API Documentation
Request Syntax
response = client.create_activation(
Description='string',
DefaultInstanceName='string',
IamRole='string',
RegistrationLimit=123,
ExpirationDate=datetime(2015, 1, 1),
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
A user-defined description of the resource that you want to register with Systems Manager.
Warning
Don't enter personally identifiable information in this field.
The name of the registered, managed instance as it will appear in the Amazon Web Services Systems Manager console or when you use the Amazon Web Services command line tools to list Systems Manager resources.
Warning
Don't enter personally identifiable information in this field.
[REQUIRED]
The Identity and Access Management (IAM) role that you want to assign to the managed instance. This IAMrole must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com . For more information, see Create an IAM service role for a hybrid environment in the Amazon Web Services Systems Manager User Guide .
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an activation to identify which servers or virtual machines (VMs) in your on-premises environment you intend to activate. In this case, you could specify the following key-value pairs:
Warning
When you install SSM Agent on your on-premises servers and VMs, you specify an activation ID and code. When you specify the activation ID and code, tags assigned to the activation are automatically applied to the on-premises servers or VMs.
You can't add tags to or delete tags from an existing activation. You can tag your on-premises servers and VMs after they connect to Systems Manager for the first time and are assigned a managed instance ID. This means they are listed in the Amazon Web Services Systems Manager console with an ID that is prefixed with "mi-". For information about how to add tags to your managed instances, see AddTagsToResource . For information about how to remove tags from your managed instances, see RemoveTagsFromResource .
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{
'ActivationId': 'string',
'ActivationCode': 'string'
}
Response Structure
(dict) --
ActivationId (string) --
The ID number generated by the system when it processed the activation. The activation ID functions like a user name.
ActivationCode (string) --
The code the system generates when it processes the activation. The activation code functions like a password to validate the activation ID.
Exceptions
A State Manager association defines the state that you want to maintain on your instances. For example, an association can specify that anti-virus software must be installed and running on your instances, or that certain ports must be closed. For static targets, the association specifies a schedule for when the configuration is reapplied. For dynamic targets, such as an Amazon Web Services resource group or an Amazon Web Services autoscaling group, State Manager, a capability of Amazon Web Services Systems Manager applies the configuration when new instances are added to the group. The association also specifies actions to take when applying the configuration. For example, an association for anti-virus software might run once a day. If the software isn't installed, then State Manager installs it. If the software is installed, but the service isn't running, then the association might instruct State Manager to start the service.
See also: AWS API Documentation
Request Syntax
response = client.create_association(
Name='string',
DocumentVersion='string',
InstanceId='string',
Parameters={
'string': [
'string',
]
},
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
ScheduleExpression='string',
OutputLocation={
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
AssociationName='string',
AutomationTargetParameterName='string',
MaxErrors='string',
MaxConcurrency='string',
ComplianceSeverity='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
SyncCompliance='AUTO'|'MANUAL',
ApplyOnlyAtCronInterval=True|False,
CalendarNames=[
'string',
],
TargetLocations=[
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
)
[REQUIRED]
The name of the SSM Command document or Automation runbook that contains the configuration information for the instance.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.
For Systems Manager documents (SSM documents) that are shared with you from other accounts, you must specify the complete SSM document ARN, in the following format:
``arn:partition :ssm:region :account-id :document/document-name ``
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS-ApplyPatchBaseline or My-Document .
The instance ID.
Note
InstanceId has been deprecated. To specify an instance ID for an association, use the Targets parameter. Requests that include the parameter InstanceID with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameter InstanceId , you can't use the parameters AssociationName , DocumentVersion , MaxErrors , MaxConcurrency , OutputLocation , or ScheduleExpression . To use these parameters, you must use the Targets parameter.
The parameters for the runtime configuration of the document.
The targets for the association. You can target instances by using tags, Amazon Web Services resource groups, all instances in an account, or individual instance IDs. For more information about choosing targets for an association, see Using targets and rate controls with State Manager associations in the Amazon Web Services Systems Manager User Guide .
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
An Amazon Simple Storage Service (Amazon S3) bucket where you want to store the output details of the request.
An S3 bucket where you want to store the results of this request.
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
The name of the S3 bucket.
The S3 bucket subfolder.
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents you want to gate your associations under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
A location is a combination of Regions and accounts where you want to run the association. Use this action to create an association in multiple Regions and multiple accounts.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
dict
Response Syntax
{
'AssociationDescription': {
'Name': 'string',
'InstanceId': 'string',
'AssociationVersion': 'string',
'Date': datetime(2015, 1, 1),
'LastUpdateAssociationDate': datetime(2015, 1, 1),
'Status': {
'Date': datetime(2015, 1, 1),
'Name': 'Pending'|'Success'|'Failed',
'Message': 'string',
'AdditionalInfo': 'string'
},
'Overview': {
'Status': 'string',
'DetailedStatus': 'string',
'AssociationStatusAggregatedCount': {
'string': 123
}
},
'DocumentVersion': 'string',
'AutomationTargetParameterName': 'string',
'Parameters': {
'string': [
'string',
]
},
'AssociationId': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'ScheduleExpression': 'string',
'OutputLocation': {
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
'LastExecutionDate': datetime(2015, 1, 1),
'LastSuccessfulExecutionDate': datetime(2015, 1, 1),
'AssociationName': 'string',
'MaxErrors': 'string',
'MaxConcurrency': 'string',
'ComplianceSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
'SyncCompliance': 'AUTO'|'MANUAL',
'ApplyOnlyAtCronInterval': True|False,
'CalendarNames': [
'string',
],
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
}
}
Response Structure
(dict) --
AssociationDescription (dict) --
Information about the association.
Name (string) --
The name of the SSM document.
InstanceId (string) --
The ID of the instance.
AssociationVersion (string) --
The association version.
Date (datetime) --
The date when the association was made.
LastUpdateAssociationDate (datetime) --
The date when the association was last updated.
Status (dict) --
The association status.
Date (datetime) --
The date when the status changed.
Name (string) --
The status.
Message (string) --
The reason for the status.
AdditionalInfo (string) --
A user-defined string.
Overview (dict) --
Information about the association.
Status (string) --
The status of the association. Status can be: Pending, Success, or Failed.
DetailedStatus (string) --
A detailed status of the association.
AssociationStatusAggregatedCount (dict) --
Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
DocumentVersion (string) --
The document version.
AutomationTargetParameterName (string) --
Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
Parameters (dict) --
A description of the parameters for a document.
AssociationId (string) --
The association ID.
Targets (list) --
The instances targeted by the request.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression (string) --
A cron expression that specifies a schedule when the association runs.
OutputLocation (dict) --
An S3 bucket where you want to store the output details of the request.
S3Location (dict) --
An S3 bucket where you want to store the results of this request.
OutputS3Region (string) --
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
OutputS3BucketName (string) --
The name of the S3 bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
LastExecutionDate (datetime) --
The date on which the association was last run.
LastSuccessfulExecutionDate (datetime) --
The last date on which the association was successfully run.
AssociationName (string) --
The association name.
MaxErrors (string) --
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
MaxConcurrency (string) --
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
ComplianceSeverity (string) --
The severity level that is assigned to the association.
SyncCompliance (string) --
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
ApplyOnlyAtCronInterval (boolean) --
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames (list) --
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
TargetLocations (list) --
The combination of Regions and accounts where you want to run the association.
(dict) --
The combination of Regions and accounts targeted by the current Automation execution.
Accounts (list) --
The accounts targeted by the current Automation execution.
Regions (list) --
The Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency (string) --
The maximum number of Regions and accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors (string) --
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName (string) --
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
Exceptions
Associates the specified Amazon Web Services Systems Manager document (SSM document) with the specified instances or targets.
When you associate a document with one or more instances using instance IDs or tags, Amazon Web Services Systems Manager Agent (SSM Agent) running on the instance processes the document and configures the instance as specified.
If you associate a document with an instance that already has an associated document, the system returns the AssociationAlreadyExists exception.
See also: AWS API Documentation
Request Syntax
response = client.create_association_batch(
Entries=[
{
'Name': 'string',
'InstanceId': 'string',
'Parameters': {
'string': [
'string',
]
},
'AutomationTargetParameterName': 'string',
'DocumentVersion': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'ScheduleExpression': 'string',
'OutputLocation': {
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
'AssociationName': 'string',
'MaxErrors': 'string',
'MaxConcurrency': 'string',
'ComplianceSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
'SyncCompliance': 'AUTO'|'MANUAL',
'ApplyOnlyAtCronInterval': True|False,
'CalendarNames': [
'string',
],
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
},
]
)
[REQUIRED]
One or more associations.
Describes the association of a Amazon Web Services Systems Manager document (SSM document) and an instance.
The name of the SSM document that contains the configuration information for the instance. You can specify Command or Automation runbooks.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.
For SSM documents that are shared with you from other accounts, you must specify the complete SSM document ARN, in the following format:
``arn:aws:ssm:region :account-id :document/document-name ``
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS-ApplyPatchBaseline or My-Document .
The ID of the instance.
A description of the parameters for a document.
Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
The document version.
The instances targeted by the request.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
A cron expression that specifies a schedule when the association runs.
An S3 bucket where you want to store the results of this request.
An S3 bucket where you want to store the results of this request.
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
The name of the S3 bucket.
The S3 bucket subfolder.
Specify a descriptive name for the association.
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
The severity level to assign to the association.
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
Use this action to create an association in multiple Regions and multiple accounts.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
{
'Successful': [
{
'Name': 'string',
'InstanceId': 'string',
'AssociationVersion': 'string',
'Date': datetime(2015, 1, 1),
'LastUpdateAssociationDate': datetime(2015, 1, 1),
'Status': {
'Date': datetime(2015, 1, 1),
'Name': 'Pending'|'Success'|'Failed',
'Message': 'string',
'AdditionalInfo': 'string'
},
'Overview': {
'Status': 'string',
'DetailedStatus': 'string',
'AssociationStatusAggregatedCount': {
'string': 123
}
},
'DocumentVersion': 'string',
'AutomationTargetParameterName': 'string',
'Parameters': {
'string': [
'string',
]
},
'AssociationId': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'ScheduleExpression': 'string',
'OutputLocation': {
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
'LastExecutionDate': datetime(2015, 1, 1),
'LastSuccessfulExecutionDate': datetime(2015, 1, 1),
'AssociationName': 'string',
'MaxErrors': 'string',
'MaxConcurrency': 'string',
'ComplianceSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
'SyncCompliance': 'AUTO'|'MANUAL',
'ApplyOnlyAtCronInterval': True|False,
'CalendarNames': [
'string',
],
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
},
],
'Failed': [
{
'Entry': {
'Name': 'string',
'InstanceId': 'string',
'Parameters': {
'string': [
'string',
]
},
'AutomationTargetParameterName': 'string',
'DocumentVersion': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'ScheduleExpression': 'string',
'OutputLocation': {
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
'AssociationName': 'string',
'MaxErrors': 'string',
'MaxConcurrency': 'string',
'ComplianceSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
'SyncCompliance': 'AUTO'|'MANUAL',
'ApplyOnlyAtCronInterval': True|False,
'CalendarNames': [
'string',
],
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
},
'Message': 'string',
'Fault': 'Client'|'Server'|'Unknown'
},
]
}
Response Structure
Information about the associations that succeeded.
Describes the parameters for a document.
The name of the SSM document.
The ID of the instance.
The association version.
The date when the association was made.
The date when the association was last updated.
The association status.
The date when the status changed.
The status.
The reason for the status.
A user-defined string.
Information about the association.
The status of the association. Status can be: Pending, Success, or Failed.
A detailed status of the association.
Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
The document version.
Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
A description of the parameters for a document.
The association ID.
The instances targeted by the request.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
A cron expression that specifies a schedule when the association runs.
An S3 bucket where you want to store the output details of the request.
An S3 bucket where you want to store the results of this request.
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
The name of the S3 bucket.
The S3 bucket subfolder.
The date on which the association was last run.
The last date on which the association was successfully run.
The association name.
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
The severity level that is assigned to the association.
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
The combination of Regions and accounts where you want to run the association.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
Information about the associations that failed.
Describes a failed association.
The association.
The name of the SSM document that contains the configuration information for the instance. You can specify Command or Automation runbooks.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.
For SSM documents that are shared with you from other accounts, you must specify the complete SSM document ARN, in the following format:
``arn:aws:ssm:region :account-id :document/document-name ``
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS-ApplyPatchBaseline or My-Document .
The ID of the instance.
A description of the parameters for a document.
Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
The document version.
The instances targeted by the request.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
A cron expression that specifies a schedule when the association runs.
An S3 bucket where you want to store the results of this request.
An S3 bucket where you want to store the results of this request.
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
The name of the S3 bucket.
The S3 bucket subfolder.
Specify a descriptive name for the association.
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
The severity level to assign to the association.
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
Use this action to create an association in multiple Regions and multiple accounts.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
A description of the failure.
The source of the failure.
Exceptions
Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs on your managed instances. For more information about SSM documents, including information about supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the Amazon Web Services Systems Manager User Guide .
See also: AWS API Documentation
Request Syntax
response = client.create_document(
Content='string',
Requires=[
{
'Name': 'string',
'Version': 'string'
},
],
Attachments=[
{
'Key': 'SourceUrl'|'S3FileUrl'|'AttachmentReference',
'Values': [
'string',
],
'Name': 'string'
},
],
Name='string',
DisplayName='string',
VersionName='string',
DocumentType='Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate',
DocumentFormat='YAML'|'JSON'|'TEXT',
TargetType='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The content for the new SSM document in JSON or YAML format. We recommend storing the contents for your new document in an external JSON or YAML file and referencing the file in a command.
For examples, see the following topics in the Amazon Web Services Systems Manager User Guide .
A list of SSM documents required by a document. This parameter is used exclusively by AppConfig. When a user creates an AppConfig configuration in an SSM document, the user must also specify a required document for validation purposes. In this case, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document for validation purposes. For more information, see What is AppConfig? in the AppConfig User Guide .
An SSM document required by the current document.
The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
The document version required by the current document.
A list of key-value pairs that describe attachments to a version of a document.
Identifying information about a document attachment, including the file name and a key-value pair that identifies the location of an attachment to a document.
The key of a key-value pair that identifies the location of an attachment to a document.
The value of a key-value pair that identifies the location of an attachment to a document. The format for Value depends on the type of key you specify.
The name of the document attachment file.
[REQUIRED]
A name for the SSM document.
Warning
You can't use the following strings as document name prefixes. These are reserved by Amazon Web Services for use as document name prefixes:
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an SSM document to identify the types of targets or the environment where it will run. In this case, you could specify the following key-value pairs:
Note
To add tags to an existing SSM document, use the AddTagsToResource operation.
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{
'DocumentDescription': {
'Sha1': 'string',
'Hash': 'string',
'HashType': 'Sha256'|'Sha1',
'Name': 'string',
'DisplayName': 'string',
'VersionName': 'string',
'Owner': 'string',
'CreatedDate': datetime(2015, 1, 1),
'Status': 'Creating'|'Active'|'Updating'|'Deleting'|'Failed',
'StatusInformation': 'string',
'DocumentVersion': 'string',
'Description': 'string',
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList',
'Description': 'string',
'DefaultValue': 'string'
},
],
'PlatformTypes': [
'Windows'|'Linux',
],
'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate',
'SchemaVersion': 'string',
'LatestVersion': 'string',
'DefaultVersion': 'string',
'DocumentFormat': 'YAML'|'JSON'|'TEXT',
'TargetType': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'AttachmentsInformation': [
{
'Name': 'string'
},
],
'Requires': [
{
'Name': 'string',
'Version': 'string'
},
],
'Author': 'string',
'ReviewInformation': [
{
'ReviewedTime': datetime(2015, 1, 1),
'Status': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
'Reviewer': 'string'
},
],
'ApprovedVersion': 'string',
'PendingReviewVersion': 'string',
'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED'
}
}
Response Structure
(dict) --
DocumentDescription (dict) --
Information about the SSM document.
Sha1 (string) --
The SHA1 hash of the document, which you can use for verification.
Hash (string) --
The Sha256 or Sha1 hash created by the system when the document was created.
Note
Sha1 hashes have been deprecated.
HashType (string) --
The hash type of the document. Valid values include Sha256 or Sha1 .
Note
Sha1 hashes have been deprecated.
Name (string) --
The name of the SSM document.
DisplayName (string) --
The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument .
VersionName (string) --
The version of the artifact associated with the document.
Owner (string) --
The Amazon Web Services user account that created the document.
CreatedDate (datetime) --
The date when the document was created.
Status (string) --
The status of the SSM document.
StatusInformation (string) --
A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."
DocumentVersion (string) --
The document version.
Description (string) --
A description of the document.
Parameters (list) --
A description of the parameters for a document.
(dict) --
Parameters specified in a System Manager document that run on the server when the command is run.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. The type can be either String or StringList.
Description (string) --
A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.
DefaultValue (string) --
If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.
PlatformTypes (list) --
The list of OS platforms compatible with this SSM document.
DocumentType (string) --
The type of document.
SchemaVersion (string) --
The schema version.
LatestVersion (string) --
The latest version of the document.
DefaultVersion (string) --
The default version.
DocumentFormat (string) --
The document format, either JSON or YAML.
TargetType (string) --
The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance . For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide .
Tags (list) --
The tags, or metadata, that have been applied to the document.
(dict) --
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
Key (string) --
The name of the tag.
Value (string) --
The value of the tag.
AttachmentsInformation (list) --
Details about the document attachments, including names, locations, sizes, and so on.
(dict) --
An attribute of an attachment, such as the attachment name.
Name (string) --
The name of the attachment.
Requires (list) --
A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.
(dict) --
An SSM document required by the current document.
Name (string) --
The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version (string) --
The document version required by the current document.
Author (string) --
The user in your organization who created the document.
ReviewInformation (list) --
Details about the review of a document.
(dict) --
Information about the result of a document review request.
ReviewedTime (datetime) --
The time that the reviewer took action on the document review request.
Status (string) --
The current status of the document review request.
Reviewer (string) --
The reviewer assigned to take action on the document review request.
ApprovedVersion (string) --
The version of the document currently approved for use in the organization.
PendingReviewVersion (string) --
The version of the document that is currently under review.
ReviewStatus (string) --
The current status of the review.
Exceptions
Creates a new maintenance window.
Note
The value you specify for Duration determines the specific end time for the maintenance window based on the time it begins. No maintenance window tasks are permitted to start after the resulting endtime minus the number of hours you specify for Cutoff . For example, if the maintenance window starts at 3 PM, the duration is three hours, and the value you specify for Cutoff is one hour, no maintenance window tasks can start after 5 PM.
See also: AWS API Documentation
Request Syntax
response = client.create_maintenance_window(
Name='string',
Description='string',
StartDate='string',
EndDate='string',
Schedule='string',
ScheduleTimezone='string',
ScheduleOffset=123,
Duration=123,
Cutoff=123,
AllowUnassociatedTargets=True|False,
ClientToken='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The name of the maintenance window.
[REQUIRED]
The schedule of the maintenance window in the form of a cron or rate expression.
The number of days to wait after the date and time specified by a cron expression before running the maintenance window.
For example, the following cron expression schedules a maintenance window to run on the third Tuesday of every month at 11:30 PM.
cron(30 23 ? * TUE#3 *)
If the schedule offset is 2 , the maintenance window won't run until two days later.
[REQUIRED]
The duration of the maintenance window in hours.
[REQUIRED]
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
[REQUIRED]
Enables a maintenance window task to run on managed instances, even if you haven't registered those instances as targets. If enabled, then you must specify the unregistered instances (by instance ID) when you register a task with the maintenance window.
If you don't enable this option, then you must specify previously-registered targets when you register a task with the maintenance window.
User-provided idempotency token.
This field is autopopulated if not provided.
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a maintenance window to identify the type of tasks it will run, the types of targets, and the environment it will run in. In this case, you could specify the following key-value pairs:
Note
To add tags to an existing maintenance window, use the AddTagsToResource operation.
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{
'WindowId': 'string'
}
Response Structure
(dict) --
WindowId (string) --
The ID of the created maintenance window.
Exceptions
Creates a new OpsItem. You must have permission in Identity and Access Management (IAM) to create a new OpsItem. For more information, see Getting started with OpsCenter in the Amazon Web Services Systems Manager User Guide .
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide .
See also: AWS API Documentation
Request Syntax
response = client.create_ops_item(
Description='string',
OpsItemType='string',
OperationalData={
'string': {
'Value': 'string',
'Type': 'SearchableString'|'String'
}
},
Notifications=[
{
'Arn': 'string'
},
],
Priority=123,
RelatedOpsItems=[
{
'OpsItemId': 'string'
},
],
Source='string',
Title='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
],
Category='string',
Severity='string',
ActualStartTime=datetime(2015, 1, 1),
ActualEndTime=datetime(2015, 1, 1),
PlannedStartTime=datetime(2015, 1, 1),
PlannedEndTime=datetime(2015, 1, 1)
)
[REQUIRED]
Information about the OpsItem.
Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.
Warning
Operational data keys can't begin with the following: amazon , aws , amzn , ssm , /amazon , /aws , /amzn , /ssm .
You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).
Use the /aws/resources key in OperationalData to specify a related resource in the request. Use the /aws/automations key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Creating OpsItems manually in the Amazon Web Services Systems Manager User Guide .
An object that defines the value of the key and its type in the OperationalData map.
The value of the OperationalData key.
The type of key-value pair. Valid types include SearchableString and String .
The Amazon Resource Name (ARN) of an SNS topic where notifications are sent when this OpsItem is edited or changed.
A notification about the OpsItem.
The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.
One or more OpsItems that share something in common with the current OpsItems. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
An OpsItems that shares something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
The ID of an OpsItem related to the current OpsItem.
[REQUIRED]
The origin of the OpsItem, such as Amazon EC2 or Systems Manager.
Note
The source name can't contain the following strings: aws , amazon , and amzn .
[REQUIRED]
A short heading that describes the nature of the OpsItem and the impacted resource.
Optional metadata that you assign to a resource. You can restrict access to OpsItems by using an inline IAM policy that specifies tags. For more information, see Getting started with OpsCenter in the Amazon Web Services Systems Manager User Guide .
Tags use a key-value pair. For example:
Key=Department,Value=Finance
Warning
To add tags to a new OpsItem, a user must have IAM permissions for both the ssm:CreateOpsItems operation and the ssm:AddTagsToResource operation. To add tags to an existing OpsItem, use the AddTagsToResource operation.
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{
'OpsItemId': 'string'
}
Response Structure
(dict) --
OpsItemId (string) --
The ID of the OpsItem.
Exceptions
If you create a new application in Application Manager, Amazon Web Services Systems Manager calls this API operation to specify information about the new application, including the application type.
See also: AWS API Documentation
Request Syntax
response = client.create_ops_metadata(
ResourceId='string',
Metadata={
'string': {
'Value': 'string'
}
},
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
A resource ID for a new Application Manager application.
Metadata for a new Application Manager application.
Metadata to assign to an Application Manager application.
Metadata value to assign to an Application Manager application.
Optional metadata that you assign to a resource. You can specify a maximum of five tags for an OpsMetadata object. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an OpsMetadata object to identify an environment or target Region. In this case, you could specify the following key-value pairs:
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{
'OpsMetadataArn': 'string'
}
Response Structure
(dict) --
OpsMetadataArn (string) --
The Amazon Resource Name (ARN) of the OpsMetadata Object or blob created by the call.
Exceptions
Creates a patch baseline.
Note
For information about valid key-value pairs in PatchFilters for each supported operating system type, see PatchFilter .
See also: AWS API Documentation
Request Syntax
response = client.create_patch_baseline(
OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
Name='string',
GlobalFilters={
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
ApprovalRules={
'PatchRules': [
{
'PatchFilterGroup': {
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApproveAfterDays': 123,
'ApproveUntilDate': 'string',
'EnableNonSecurity': True|False
},
]
},
ApprovedPatches=[
'string',
],
ApprovedPatchesComplianceLevel='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
ApprovedPatchesEnableNonSecurity=True|False,
RejectedPatches=[
'string',
],
RejectedPatchesAction='ALLOW_AS_DEPENDENCY'|'BLOCK',
Description='string',
Sources=[
{
'Name': 'string',
'Products': [
'string',
],
'Configuration': 'string'
},
],
ClientToken='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The name of the patch baseline.
A set of global filters used to include patches in the baseline.
The set of patch filters that make up the group.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
A set of rules used to include patches in the baseline.
The rules that make up the rule group.
Defines an approval rule for a patch baseline.
The patch filter group that defines the criteria for the rule.
The set of patch filters that make up the group.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
A compliance severity level for all approved patches in a patch baseline.
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu Server.
The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
Enter dates in the format YYYY-MM-DD . For example, 2021-12-31 .
For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux instances only.
A list of explicitly approved patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide .
A list of explicitly rejected patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide .
The action for Patch Manager to take on patches included in the RejectedPackages list.
Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
The name specified to identify the patch source.
The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter .
The value of the yum repo configuration. For example:
[main]name=MyCustomRepository
baseurl=https://my-custom-repository
enabled=1
Note
For information about other options available for your yum repository configuration, see dnf.conf(5) .
User-provided idempotency token.
This field is autopopulated if not provided.
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to. In this case, you could specify the following key-value pairs:
Note
To add tags to an existing patch baseline, use the AddTagsToResource operation.
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{
'BaselineId': 'string'
}
Response Structure
(dict) --
BaselineId (string) --
The ID of the created patch baseline.
Exceptions
A resource data sync helps you view data from multiple sources in a single location. Amazon Web Services Systems Manager offers two types of resource data sync: SyncToDestination and SyncFromSource .
You can configure Systems Manager Inventory to use the SyncToDestination type to synchronize Inventory data from multiple Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Configuring resource data sync for Inventory in the Amazon Web Services Systems Manager User Guide .
You can configure Systems Manager Explorer to use the SyncFromSource type to synchronize operational work items (OpsItems) and operational data (OpsData) from multiple Regions to a single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple accounts and Regions or EntireOrganization by using Organizations. For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the Amazon Web Services Systems Manager User Guide .
A resource data sync is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data. To check the status of a sync, use the ListResourceDataSync .
Note
By default, data isn't encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy.
See also: AWS API Documentation
Request Syntax
response = client.create_resource_data_sync(
SyncName='string',
S3Destination={
'BucketName': 'string',
'Prefix': 'string',
'SyncFormat': 'JsonSerDe',
'Region': 'string',
'AWSKMSKeyARN': 'string',
'DestinationDataSharing': {
'DestinationDataSharingType': 'string'
}
},
SyncType='string',
SyncSource={
'SourceType': 'string',
'AwsOrganizationsSource': {
'OrganizationSourceType': 'string',
'OrganizationalUnits': [
{
'OrganizationalUnitId': 'string'
},
]
},
'SourceRegions': [
'string',
],
'IncludeFutureRegions': True|False,
'EnableAllOpsDataSources': True|False
}
)
[REQUIRED]
A name for the configuration.
Amazon S3 configuration details for the sync. This parameter is required if the SyncType value is SyncToDestination.
The name of the S3 bucket where the aggregated data is stored.
An Amazon S3 prefix for the bucket.
A supported sync format. The following format is currently supported: JsonSerDe
The Region with the S3 bucket targeted by the resource data sync.
The ARN of an encryption key for a destination in Amazon S3. Must belong to the same Region as the destination S3 bucket.
Enables destination data sharing. By default, this field is null .
The sharing data type. Only Organization is supported.
Specify information about the data sources to synchronize. This parameter is required if the SyncType value is SyncFromSource.
The type of data source for the resource data sync. SourceType is either AwsOrganizations (if an organization is present in Organizations) or SingleAccountMultiRegions .
Information about the AwsOrganizationsSource resource data sync source. A sync source of this type can synchronize data from Organizations.
If an Amazon Web Services organization is present, this is either OrganizationalUnits or EntireOrganization . For OrganizationalUnits , the data is aggregated from a set of organization units. For EntireOrganization , the data is aggregated from the entire Amazon Web Services organization.
The Organizations organization units included in the sync.
The Organizations organizational unit data source for the sync.
The Organizations unit ID data source for the sync.
The SyncSource Regions included in the resource data sync.
Whether to automatically synchronize and aggregate data from new Regions when those Regions come online.
When you create a resource data sync, if you choose one of the Organizations options, then Systems Manager automatically enables all OpsData sources in the selected Regions for all accounts in your organization (or in the selected organization units). For more information, see About multiple account and Region resource data syncs in the Amazon Web Services Systems Manager User Guide .
dict
Response Syntax
{}
Response Structure
Exceptions
Deletes an activation. You aren't required to delete an activation. If you delete an activation, you can no longer use it to register additional managed instances. Deleting an activation doesn't de-register managed instances. You must manually de-register managed instances.
See also: AWS API Documentation
Request Syntax
response = client.delete_activation(
ActivationId='string'
)
[REQUIRED]
The ID of the activation that you want to delete.
{}
Response Structure
Exceptions
Disassociates the specified Amazon Web Services Systems Manager document (SSM document) from the specified instance.
When you disassociate a document from an instance, it doesn't change the configuration of the instance. To change the configuration state of an instance after you disassociate a document, you must create a new document with the desired configuration and associate it with the instance.
See also: AWS API Documentation
Request Syntax
response = client.delete_association(
Name='string',
InstanceId='string',
AssociationId='string'
)
dict
Response Syntax
{}
Response Structure
Exceptions
Deletes the Amazon Web Services Systems Manager document (SSM document) and all instance associations to the document.
Before you delete the document, we recommend that you use DeleteAssociation to disassociate all instances that are associated with the document.
See also: AWS API Documentation
Request Syntax
response = client.delete_document(
Name='string',
DocumentVersion='string',
VersionName='string',
Force=True|False
)
[REQUIRED]
The name of the document.
dict
Response Syntax
{}
Response Structure
Exceptions
Delete a custom inventory type or the data associated with a custom Inventory type. Deleting a custom inventory type is also referred to as deleting a custom inventory schema.
See also: AWS API Documentation
Request Syntax
response = client.delete_inventory(
TypeName='string',
SchemaDeleteOption='DisableSchema'|'DeleteSchema',
DryRun=True|False,
ClientToken='string'
)
[REQUIRED]
The name of the custom inventory type for which you want to delete either all previously collected data or the inventory type itself.
Use the SchemaDeleteOption to delete a custom inventory type (schema). If you don't choose this option, the system only deletes existing inventory data associated with the custom inventory type. Choose one of the following options:
DisableSchema: If you choose this option, the system ignores all inventory data for the specified version, and any earlier versions. To enable this schema again, you must call the PutInventory operation for a version greater than the disabled version.
DeleteSchema: This option deletes the specified custom type from the Inventory service. You can recreate the schema later, if you want.
User-provided idempotency token.
This field is autopopulated if not provided.
dict
Response Syntax
{
'DeletionId': 'string',
'TypeName': 'string',
'DeletionSummary': {
'TotalCount': 123,
'RemainingCount': 123,
'SummaryItems': [
{
'Version': 'string',
'Count': 123,
'RemainingCount': 123
},
]
}
}
Response Structure
(dict) --
DeletionId (string) --
Every DeleteInventory operation is assigned a unique ID. This option returns a unique ID. You can use this ID to query the status of a delete operation. This option is useful for ensuring that a delete operation has completed before you begin other operations.
TypeName (string) --
The name of the inventory data type specified in the request.
DeletionSummary (dict) --
A summary of the delete operation. For more information about this summary, see Deleting custom inventory in the Amazon Web Services Systems Manager User Guide .
TotalCount (integer) --
The total number of items to delete. This count doesn't change during the delete operation.
RemainingCount (integer) --
Remaining number of items to delete.
SummaryItems (list) --
A list of counts and versions for deleted items.
(dict) --
Either a count, remaining count, or a version number in a delete inventory summary.
Version (string) --
The inventory type version.
Count (integer) --
A count of the number of deleted items.
RemainingCount (integer) --
The remaining number of items to delete.
Exceptions
Deletes a maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.delete_maintenance_window(
WindowId='string'
)
[REQUIRED]
The ID of the maintenance window to delete.
{
'WindowId': 'string'
}
Response Structure
The ID of the deleted maintenance window.
Exceptions
Delete OpsMetadata related to an application.
See also: AWS API Documentation
Request Syntax
response = client.delete_ops_metadata(
OpsMetadataArn='string'
)
[REQUIRED]
The Amazon Resource Name (ARN) of an OpsMetadata Object to delete.
{}
Response Structure
Exceptions
Delete a parameter from the system.
See also: AWS API Documentation
Request Syntax
response = client.delete_parameter(
Name='string'
)
[REQUIRED]
The name of the parameter to delete.
{}
Response Structure
Exceptions
Delete a list of parameters.
See also: AWS API Documentation
Request Syntax
response = client.delete_parameters(
Names=[
'string',
]
)
[REQUIRED]
The names of the parameters to delete.
{
'DeletedParameters': [
'string',
],
'InvalidParameters': [
'string',
]
}
Response Structure
The names of the deleted parameters.
The names of parameters that weren't deleted because the parameters aren't valid.
Exceptions
Deletes a patch baseline.
See also: AWS API Documentation
Request Syntax
response = client.delete_patch_baseline(
BaselineId='string'
)
[REQUIRED]
The ID of the patch baseline to delete.
{
'BaselineId': 'string'
}
Response Structure
The ID of the deleted patch baseline.
Exceptions
Deletes a resource data sync configuration. After the configuration is deleted, changes to data on managed instances are no longer synced to or from the target. Deleting a sync configuration doesn't delete data.
See also: AWS API Documentation
Request Syntax
response = client.delete_resource_data_sync(
SyncName='string',
SyncType='string'
)
[REQUIRED]
The name of the configuration to delete.
dict
Response Syntax
{}
Response Structure
Exceptions
Removes the server or virtual machine from the list of registered servers. You can reregister the instance again at any time. If you don't plan to use Run Command on the server, we suggest uninstalling SSM Agent first.
See also: AWS API Documentation
Request Syntax
response = client.deregister_managed_instance(
InstanceId='string'
)
[REQUIRED]
The ID assigned to the managed instance when you registered it using the activation process.
{}
Response Structure
Exceptions
Removes a patch group from a patch baseline.
See also: AWS API Documentation
Request Syntax
response = client.deregister_patch_baseline_for_patch_group(
BaselineId='string',
PatchGroup='string'
)
[REQUIRED]
The ID of the patch baseline to deregister the patch group from.
[REQUIRED]
The name of the patch group that should be deregistered from the patch baseline.
dict
Response Syntax
{
'BaselineId': 'string',
'PatchGroup': 'string'
}
Response Structure
(dict) --
BaselineId (string) --
The ID of the patch baseline the patch group was deregistered from.
PatchGroup (string) --
The name of the patch group deregistered from the patch baseline.
Exceptions
Removes a target from a maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.deregister_target_from_maintenance_window(
WindowId='string',
WindowTargetId='string',
Safe=True|False
)
[REQUIRED]
The ID of the maintenance window the target should be removed from.
[REQUIRED]
The ID of the target definition to remove.
dict
Response Syntax
{
'WindowId': 'string',
'WindowTargetId': 'string'
}
Response Structure
(dict) --
WindowId (string) --
The ID of the maintenance window the target was removed from.
WindowTargetId (string) --
The ID of the removed target definition.
Exceptions
Removes a task from a maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.deregister_task_from_maintenance_window(
WindowId='string',
WindowTaskId='string'
)
[REQUIRED]
The ID of the maintenance window the task should be removed from.
[REQUIRED]
The ID of the task to remove from the maintenance window.
dict
Response Syntax
{
'WindowId': 'string',
'WindowTaskId': 'string'
}
Response Structure
(dict) --
WindowId (string) --
The ID of the maintenance window the task was removed from.
WindowTaskId (string) --
The ID of the task removed from the maintenance window.
Exceptions
Describes details about the activation, such as the date and time the activation was created, its expiration date, the Identity and Access Management (IAM) role assigned to the instances in the activation, and the number of instances registered by using this activation.
See also: AWS API Documentation
Request Syntax
response = client.describe_activations(
Filters=[
{
'FilterKey': 'ActivationIds'|'DefaultInstanceName'|'IamRole',
'FilterValues': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
A filter to view information about your activations.
Filter for the DescribeActivation API.
The name of the filter.
The filter values.
dict
Response Syntax
{
'ActivationList': [
{
'ActivationId': 'string',
'Description': 'string',
'DefaultInstanceName': 'string',
'IamRole': 'string',
'RegistrationLimit': 123,
'RegistrationsCount': 123,
'ExpirationDate': datetime(2015, 1, 1),
'Expired': True|False,
'CreatedDate': datetime(2015, 1, 1),
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ActivationList (list) --
A list of activations for your account.
(dict) --
An activation registers one or more on-premises servers or virtual machines (VMs) with Amazon Web Services so that you can configure those servers or VMs using Run Command. A server or VM that has been registered with Amazon Web Services Systems Manager is called a managed instance.
ActivationId (string) --
The ID created by Systems Manager when you submitted the activation.
Description (string) --
A user defined description of the activation.
DefaultInstanceName (string) --
A name for the managed instance when it is created.
IamRole (string) --
The Identity and Access Management (IAM) role to assign to the managed instance.
RegistrationLimit (integer) --
The maximum number of managed instances that can be registered using this activation.
RegistrationsCount (integer) --
The number of managed instances already registered with this activation.
ExpirationDate (datetime) --
The date when this activation can no longer be used to register managed instances.
Expired (boolean) --
Whether or not the activation is expired.
CreatedDate (datetime) --
The date the activation was created.
Tags (list) --
Tags assigned to the activation.
(dict) --
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
Key (string) --
The name of the tag.
Value (string) --
The value of the tag.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Describes the association for the specified target or instance. If you created the association by using the Targets parameter, then you must retrieve the association by using the association ID. If you created the association by specifying an instance ID and an Amazon Web Services Systems Manager document (SSM document), then you retrieve the association by specifying the document name and the instance ID.
See also: AWS API Documentation
Request Syntax
response = client.describe_association(
Name='string',
InstanceId='string',
AssociationId='string',
AssociationVersion='string'
)
dict
Response Syntax
{
'AssociationDescription': {
'Name': 'string',
'InstanceId': 'string',
'AssociationVersion': 'string',
'Date': datetime(2015, 1, 1),
'LastUpdateAssociationDate': datetime(2015, 1, 1),
'Status': {
'Date': datetime(2015, 1, 1),
'Name': 'Pending'|'Success'|'Failed',
'Message': 'string',
'AdditionalInfo': 'string'
},
'Overview': {
'Status': 'string',
'DetailedStatus': 'string',
'AssociationStatusAggregatedCount': {
'string': 123
}
},
'DocumentVersion': 'string',
'AutomationTargetParameterName': 'string',
'Parameters': {
'string': [
'string',
]
},
'AssociationId': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'ScheduleExpression': 'string',
'OutputLocation': {
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
'LastExecutionDate': datetime(2015, 1, 1),
'LastSuccessfulExecutionDate': datetime(2015, 1, 1),
'AssociationName': 'string',
'MaxErrors': 'string',
'MaxConcurrency': 'string',
'ComplianceSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
'SyncCompliance': 'AUTO'|'MANUAL',
'ApplyOnlyAtCronInterval': True|False,
'CalendarNames': [
'string',
],
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
}
}
Response Structure
(dict) --
AssociationDescription (dict) --
Information about the association.
Name (string) --
The name of the SSM document.
InstanceId (string) --
The ID of the instance.
AssociationVersion (string) --
The association version.
Date (datetime) --
The date when the association was made.
LastUpdateAssociationDate (datetime) --
The date when the association was last updated.
Status (dict) --
The association status.
Date (datetime) --
The date when the status changed.
Name (string) --
The status.
Message (string) --
The reason for the status.
AdditionalInfo (string) --
A user-defined string.
Overview (dict) --
Information about the association.
Status (string) --
The status of the association. Status can be: Pending, Success, or Failed.
DetailedStatus (string) --
A detailed status of the association.
AssociationStatusAggregatedCount (dict) --
Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
DocumentVersion (string) --
The document version.
AutomationTargetParameterName (string) --
Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
Parameters (dict) --
A description of the parameters for a document.
AssociationId (string) --
The association ID.
Targets (list) --
The instances targeted by the request.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression (string) --
A cron expression that specifies a schedule when the association runs.
OutputLocation (dict) --
An S3 bucket where you want to store the output details of the request.
S3Location (dict) --
An S3 bucket where you want to store the results of this request.
OutputS3Region (string) --
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
OutputS3BucketName (string) --
The name of the S3 bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
LastExecutionDate (datetime) --
The date on which the association was last run.
LastSuccessfulExecutionDate (datetime) --
The last date on which the association was successfully run.
AssociationName (string) --
The association name.
MaxErrors (string) --
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
MaxConcurrency (string) --
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
ComplianceSeverity (string) --
The severity level that is assigned to the association.
SyncCompliance (string) --
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
ApplyOnlyAtCronInterval (boolean) --
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames (list) --
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
TargetLocations (list) --
The combination of Regions and accounts where you want to run the association.
(dict) --
The combination of Regions and accounts targeted by the current Automation execution.
Accounts (list) --
The accounts targeted by the current Automation execution.
Regions (list) --
The Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency (string) --
The maximum number of Regions and accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors (string) --
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName (string) --
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
Exceptions
Views information about a specific execution of a specific association.
See also: AWS API Documentation
Request Syntax
response = client.describe_association_execution_targets(
AssociationId='string',
ExecutionId='string',
Filters=[
{
'Key': 'Status'|'ResourceId'|'ResourceType',
'Value': 'string'
},
],
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The association ID that includes the execution for which you want to view details.
[REQUIRED]
The execution ID for which you want to view details.
Filters for the request. You can specify the following filters and values.
Status (EQUAL)
ResourceId (EQUAL)
ResourceType (EQUAL)
Filters for the association execution.
The key value used in the request.
The value specified for the key.
dict
Response Syntax
{
'AssociationExecutionTargets': [
{
'AssociationId': 'string',
'AssociationVersion': 'string',
'ExecutionId': 'string',
'ResourceId': 'string',
'ResourceType': 'string',
'Status': 'string',
'DetailedStatus': 'string',
'LastExecutionDate': datetime(2015, 1, 1),
'OutputSource': {
'OutputSourceId': 'string',
'OutputSourceType': 'string'
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AssociationExecutionTargets (list) --
Information about the execution.
(dict) --
Includes information about the specified association execution.
AssociationId (string) --
The association ID.
AssociationVersion (string) --
The association version.
ExecutionId (string) --
The execution ID.
ResourceId (string) --
The resource ID, for example, the instance ID where the association ran.
ResourceType (string) --
The resource type, for example, instance.
Status (string) --
The association execution status.
DetailedStatus (string) --
Detailed information about the execution status.
LastExecutionDate (datetime) --
The date of the last execution.
OutputSource (dict) --
The location where the association details are saved.
OutputSourceId (string) --
The ID of the output source, for example the URL of an S3 bucket.
OutputSourceType (string) --
The type of source where the association execution details are stored, for example, Amazon S3.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Views all executions for a specific association ID.
See also: AWS API Documentation
Request Syntax
response = client.describe_association_executions(
AssociationId='string',
Filters=[
{
'Key': 'ExecutionId'|'Status'|'CreatedTime',
'Value': 'string',
'Type': 'EQUAL'|'LESS_THAN'|'GREATER_THAN'
},
],
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The association ID for which you want to view execution history details.
Filters for the request. You can specify the following filters and values.
ExecutionId (EQUAL)
Status (EQUAL)
CreatedTime (EQUAL, GREATER_THAN, LESS_THAN)
Filters used in the request.
The key value used in the request.
The value specified for the key.
The filter type specified in the request.
dict
Response Syntax
{
'AssociationExecutions': [
{
'AssociationId': 'string',
'AssociationVersion': 'string',
'ExecutionId': 'string',
'Status': 'string',
'DetailedStatus': 'string',
'CreatedTime': datetime(2015, 1, 1),
'LastExecutionDate': datetime(2015, 1, 1),
'ResourceCountByStatus': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AssociationExecutions (list) --
A list of the executions for the specified association ID.
(dict) --
Includes information about the specified association.
AssociationId (string) --
The association ID.
AssociationVersion (string) --
The association version.
ExecutionId (string) --
The execution ID for the association.
Status (string) --
The status of the association execution.
DetailedStatus (string) --
Detailed status information about the execution.
CreatedTime (datetime) --
The time the execution started.
LastExecutionDate (datetime) --
The date of the last execution.
ResourceCountByStatus (string) --
An aggregate status of the resources in the execution based on the status type.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Provides details about all active and terminated Automation executions.
See also: AWS API Documentation
Request Syntax
response = client.describe_automation_executions(
Filters=[
{
'Key': 'DocumentNamePrefix'|'ExecutionStatus'|'ExecutionId'|'ParentExecutionId'|'CurrentAction'|'StartTimeBefore'|'StartTimeAfter'|'AutomationType'|'TagKey'|'TargetResourceGroup'|'AutomationSubtype'|'OpsItemId',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
Filters used to limit the scope of executions that are requested.
A filter used to match specific automation executions. This is used to limit the scope of Automation execution information returned.
One or more keys to limit the results.
The values used to limit the execution information associated with the filter's key.
dict
Response Syntax
{
'AutomationExecutionMetadataList': [
{
'AutomationExecutionId': 'string',
'DocumentName': 'string',
'DocumentVersion': 'string',
'AutomationExecutionStatus': 'Pending'|'InProgress'|'Waiting'|'Success'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'PendingApproval'|'Approved'|'Rejected'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'CompletedWithSuccess'|'CompletedWithFailure',
'ExecutionStartTime': datetime(2015, 1, 1),
'ExecutionEndTime': datetime(2015, 1, 1),
'ExecutedBy': 'string',
'LogFile': 'string',
'Outputs': {
'string': [
'string',
]
},
'Mode': 'Auto'|'Interactive',
'ParentAutomationExecutionId': 'string',
'CurrentStepName': 'string',
'CurrentAction': 'string',
'FailureMessage': 'string',
'TargetParameterName': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TargetMaps': [
{
'string': [
'string',
]
},
],
'ResolvedTargets': {
'ParameterValues': [
'string',
],
'Truncated': True|False
},
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'Target': 'string',
'AutomationType': 'CrossAccount'|'Local',
'AutomationSubtype': 'ChangeRequest',
'ScheduledTime': datetime(2015, 1, 1),
'Runbooks': [
{
'DocumentName': 'string',
'DocumentVersion': 'string',
'Parameters': {
'string': [
'string',
]
},
'TargetParameterName': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
},
],
'OpsItemId': 'string',
'AssociationId': 'string',
'ChangeRequestName': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AutomationExecutionMetadataList (list) --
The list of details about each automation execution which has occurred which matches the filter specification, if any.
(dict) --
Details about a specific Automation execution.
AutomationExecutionId (string) --
The execution ID.
DocumentName (string) --
The name of the Automation runbook used during execution.
DocumentVersion (string) --
The document version used during the execution.
AutomationExecutionStatus (string) --
The status of the execution.
ExecutionStartTime (datetime) --
The time the execution started.
ExecutionEndTime (datetime) --
The time the execution finished. This isn't populated if the execution is still in progress.
ExecutedBy (string) --
The IAM role ARN of the user who ran the automation.
LogFile (string) --
An S3 bucket where execution information is stored.
Outputs (dict) --
The list of execution outputs as defined in the Automation runbook.
Mode (string) --
The Automation execution mode.
ParentAutomationExecutionId (string) --
The execution ID of the parent automation.
CurrentStepName (string) --
The name of the step that is currently running.
CurrentAction (string) --
The action of the step that is currently running.
FailureMessage (string) --
The list of execution outputs as defined in the Automation runbook.
TargetParameterName (string) --
The list of execution outputs as defined in the Automation runbook.
Targets (list) --
The targets defined by the user when starting the automation.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TargetMaps (list) --
The specified key-value mapping of document parameters to target resources.
ResolvedTargets (dict) --
A list of targets that resolved during the execution.
ParameterValues (list) --
A list of parameter values sent to targets that resolved during the Automation execution.
Truncated (boolean) --
A boolean value indicating whether the resolved target list is truncated.
MaxConcurrency (string) --
The MaxConcurrency value specified by the user when starting the automation.
MaxErrors (string) --
The MaxErrors value specified by the user when starting the automation.
Target (string) --
The list of execution outputs as defined in the Automation runbook.
AutomationType (string) --
Use this filter with DescribeAutomationExecutions . Specify either Local or CrossAccount. CrossAccount is an Automation that runs in multiple Regions and accounts. For more information, see Running Automation workflows in multiple Regions and accounts in the Amazon Web Services Systems Manager User Guide .
AutomationSubtype (string) --
The subtype of the Automation operation. Currently, the only supported value is ChangeRequest .
ScheduledTime (datetime) --
The date and time the Automation operation is scheduled to start.
Runbooks (list) --
Information about the Automation runbooks that are run during a runbook workflow in Change Manager.
Note
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
(dict) --
Information about an Automation runbook used in a runbook workflow in Change Manager.
Note
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
DocumentName (string) --
The name of the Automation runbook used in a runbook workflow.
DocumentVersion (string) --
The version of the Automation runbook used in a runbook workflow.
Parameters (dict) --
The key-value map of execution parameters, which were supplied when calling StartChangeRequestExecution .
TargetParameterName (string) --
The name of the parameter used as the target resource for the rate-controlled runbook workflow. Required if you specify Targets .
Targets (list) --
A key-value mapping to target resources that the runbook operation performs tasks on. Required if you specify TargetParameterName .
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
MaxConcurrency (string) --
The MaxConcurrency value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time.
MaxErrors (string) --
The MaxErrors value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back.
TargetLocations (list) --
Information about the Regions and accounts targeted by the current Runbook operation.
(dict) --
The combination of Regions and accounts targeted by the current Automation execution.
Accounts (list) --
The accounts targeted by the current Automation execution.
Regions (list) --
The Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency (string) --
The maximum number of Regions and accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors (string) --
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName (string) --
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
OpsItemId (string) --
The ID of an OpsItem that is created to represent a Change Manager change request.
AssociationId (string) --
The ID of a State Manager association used in the Automation operation.
ChangeRequestName (string) --
The name of the Change Manager change request.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Information about all active and terminated step executions in an Automation workflow.
See also: AWS API Documentation
Request Syntax
response = client.describe_automation_step_executions(
AutomationExecutionId='string',
Filters=[
{
'Key': 'StartTimeBefore'|'StartTimeAfter'|'StepExecutionStatus'|'StepExecutionId'|'StepName'|'Action',
'Values': [
'string',
]
},
],
NextToken='string',
MaxResults=123,
ReverseOrder=True|False
)
[REQUIRED]
The Automation execution ID for which you want step execution descriptions.
One or more filters to limit the number of step executions returned by the request.
A filter to limit the amount of step execution information returned by the call.
One or more keys to limit the results. Valid filter keys include the following: StepName, Action, StepExecutionId, StepExecutionStatus, StartTimeBefore, StartTimeAfter.
The values of the filter key.
dict
Response Syntax
{
'StepExecutions': [
{
'StepName': 'string',
'Action': 'string',
'TimeoutSeconds': 123,
'OnFailure': 'string',
'MaxAttempts': 123,
'ExecutionStartTime': datetime(2015, 1, 1),
'ExecutionEndTime': datetime(2015, 1, 1),
'StepStatus': 'Pending'|'InProgress'|'Waiting'|'Success'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'PendingApproval'|'Approved'|'Rejected'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'CompletedWithSuccess'|'CompletedWithFailure',
'ResponseCode': 'string',
'Inputs': {
'string': 'string'
},
'Outputs': {
'string': [
'string',
]
},
'Response': 'string',
'FailureMessage': 'string',
'FailureDetails': {
'FailureStage': 'string',
'FailureType': 'string',
'Details': {
'string': [
'string',
]
}
},
'StepExecutionId': 'string',
'OverriddenParameters': {
'string': [
'string',
]
},
'IsEnd': True|False,
'NextStep': 'string',
'IsCritical': True|False,
'ValidNextSteps': [
'string',
],
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TargetLocation': {
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
StepExecutions (list) --
A list of details about the current state of all steps that make up an execution.
(dict) --
Detailed information about an the execution state of an Automation step.
StepName (string) --
The name of this execution step.
Action (string) --
The action this step performs. The action determines the behavior of the step.
TimeoutSeconds (integer) --
The timeout seconds of the step.
OnFailure (string) --
The action to take if the step fails. The default value is Abort .
MaxAttempts (integer) --
The maximum number of tries to run the action of the step. The default value is 1 .
ExecutionStartTime (datetime) --
If a step has begun execution, this contains the time the step started. If the step is in Pending status, this field isn't populated.
ExecutionEndTime (datetime) --
If a step has finished execution, this contains the time the execution ended. If the step hasn't yet concluded, this field isn't populated.
StepStatus (string) --
The execution status for this step.
ResponseCode (string) --
The response code returned by the execution of the step.
Inputs (dict) --
Fully-resolved values passed into the step before execution.
Outputs (dict) --
Returned values from the execution of the step.
Response (string) --
A message associated with the response code for an execution.
FailureMessage (string) --
If a step failed, this message explains why the execution failed.
FailureDetails (dict) --
Information about the Automation failure.
FailureStage (string) --
The stage of the Automation execution when the failure occurred. The stages include the following: InputValidation, PreVerification, Invocation, PostVerification.
FailureType (string) --
The type of Automation failure. Failure types include the following: Action, Permission, Throttling, Verification, Internal.
Details (dict) --
Detailed information about the Automation step failure.
StepExecutionId (string) --
The unique ID of a step execution.
OverriddenParameters (dict) --
A user-specified list of parameters to override when running a step.
IsEnd (boolean) --
The flag which can be used to end automation no matter whether the step succeeds or fails.
NextStep (string) --
The next step after the step succeeds.
IsCritical (boolean) --
The flag which can be used to help decide whether the failure of current step leads to the Automation failure.
ValidNextSteps (list) --
Strategies used when step fails, we support Continue and Abort. Abort will fail the automation when the step fails. Continue will ignore the failure of current step and allow automation to run the next step. With conditional branching, we add step:stepName to support the automation to go to another specific step.
Targets (list) --
The targets for the step execution.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TargetLocation (dict) --
The combination of Regions and accounts targeted by the current Automation execution.
Accounts (list) --
The accounts targeted by the current Automation execution.
Regions (list) --
The Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency (string) --
The maximum number of Regions and accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors (string) --
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName (string) --
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Lists all patches eligible to be included in a patch baseline.
See also: AWS API Documentation
Request Syntax
response = client.describe_available_patches(
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
Each element in the array is a structure containing a key-value pair.
Windows Server
Supported keys for Windows Server instance patches include the following:
Linux
Warning
When specifying filters for Linux patches, you must specify a key-pair for PRODUCT . For example, using the Command Line Interface (CLI), the following command fails:
aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615
However, the following command succeeds:
aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615
Supported keys for Linux instance patches include the following:
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
dict
Response Syntax
{
'Patches': [
{
'Id': 'string',
'ReleaseDate': datetime(2015, 1, 1),
'Title': 'string',
'Description': 'string',
'ContentUrl': 'string',
'Vendor': 'string',
'ProductFamily': 'string',
'Product': 'string',
'Classification': 'string',
'MsrcSeverity': 'string',
'KbNumber': 'string',
'MsrcNumber': 'string',
'Language': 'string',
'AdvisoryIds': [
'string',
],
'BugzillaIds': [
'string',
],
'CVEIds': [
'string',
],
'Name': 'string',
'Epoch': 123,
'Version': 'string',
'Release': 'string',
'Arch': 'string',
'Severity': 'string',
'Repository': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Patches (list) --
An array of patches. Each entry in the array is a patch structure.
(dict) --
Represents metadata about a patch.
Id (string) --
The ID of the patch. Applies to Windows patches only.
Note
This ID isn't the same as the Microsoft Knowledge Base ID.
ReleaseDate (datetime) --
The date the patch was released.
Title (string) --
The title of the patch.
Description (string) --
The description of the patch.
ContentUrl (string) --
The URL where more information can be obtained about the patch.
Vendor (string) --
The name of the vendor providing the patch.
ProductFamily (string) --
The product family the patch is applicable for. For example, Windows or Amazon Linux 2 .
Product (string) --
The specific product the patch is applicable for. For example, WindowsServer2016 or AmazonLinux2018.03 .
Classification (string) --
The classification of the patch. For example, SecurityUpdates , Updates , or CriticalUpdates .
MsrcSeverity (string) --
The severity of the patch, such as Critical , Important , or Moderate . Applies to Windows patches only.
KbNumber (string) --
The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.
MsrcNumber (string) --
The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example, MS14-045 . Applies to Windows patches only.
Language (string) --
The language of the patch if it's language-specific.
AdvisoryIds (list) --
The Advisory ID of the patch. For example, RHSA-2020:3779 . Applies to Linux-based instances only.
BugzillaIds (list) --
The Bugzilla ID of the patch. For example, 1600646 . Applies to Linux-based instances only.
CVEIds (list) --
The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example, CVE-2011-3192 . Applies to Linux-based instances only.
Name (string) --
The name of the patch. Applies to Linux-based instances only.
Epoch (integer) --
The epoch of the patch. For example in pkg-example-EE-20180914-2.2.amzn1.noarch , the epoch value is 20180914-2 . Applies to Linux-based instances only.
Version (string) --
The version number of the patch. For example, in example-pkg-1.710.10-2.7.abcd.x86_64 , the version number is indicated by -1 . Applies to Linux-based instances only.
Release (string) --
The particular release of a patch. For example, in pkg-example-EE-20180914-2.2.amzn1.noarch , the release is 2.amaz1 . Applies to Linux-based instances only.
Arch (string) --
The architecture of the patch. For example, in example-pkg-0.710.10-2.7.abcd.x86_64 , the architecture is indicated by x86_64 . Applies to Linux-based instances only.
Severity (string) --
The severity level of the patch. For example, CRITICAL or MODERATE .
Repository (string) --
The source patch repository for the operating system and version, such as trusty-security for Ubuntu Server 14.04 LTE and focal-security for Ubuntu Server 20.04 LTE. Applies to Linux-based instances only.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Describes the specified Amazon Web Services Systems Manager document (SSM document).
See also: AWS API Documentation
Request Syntax
response = client.describe_document(
Name='string',
DocumentVersion='string',
VersionName='string'
)
[REQUIRED]
The name of the SSM document.
dict
Response Syntax
{
'Document': {
'Sha1': 'string',
'Hash': 'string',
'HashType': 'Sha256'|'Sha1',
'Name': 'string',
'DisplayName': 'string',
'VersionName': 'string',
'Owner': 'string',
'CreatedDate': datetime(2015, 1, 1),
'Status': 'Creating'|'Active'|'Updating'|'Deleting'|'Failed',
'StatusInformation': 'string',
'DocumentVersion': 'string',
'Description': 'string',
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList',
'Description': 'string',
'DefaultValue': 'string'
},
],
'PlatformTypes': [
'Windows'|'Linux',
],
'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate',
'SchemaVersion': 'string',
'LatestVersion': 'string',
'DefaultVersion': 'string',
'DocumentFormat': 'YAML'|'JSON'|'TEXT',
'TargetType': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'AttachmentsInformation': [
{
'Name': 'string'
},
],
'Requires': [
{
'Name': 'string',
'Version': 'string'
},
],
'Author': 'string',
'ReviewInformation': [
{
'ReviewedTime': datetime(2015, 1, 1),
'Status': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
'Reviewer': 'string'
},
],
'ApprovedVersion': 'string',
'PendingReviewVersion': 'string',
'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED'
}
}
Response Structure
(dict) --
Document (dict) --
Information about the SSM document.
Sha1 (string) --
The SHA1 hash of the document, which you can use for verification.
Hash (string) --
The Sha256 or Sha1 hash created by the system when the document was created.
Note
Sha1 hashes have been deprecated.
HashType (string) --
The hash type of the document. Valid values include Sha256 or Sha1 .
Note
Sha1 hashes have been deprecated.
Name (string) --
The name of the SSM document.
DisplayName (string) --
The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument .
VersionName (string) --
The version of the artifact associated with the document.
Owner (string) --
The Amazon Web Services user account that created the document.
CreatedDate (datetime) --
The date when the document was created.
Status (string) --
The status of the SSM document.
StatusInformation (string) --
A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."
DocumentVersion (string) --
The document version.
Description (string) --
A description of the document.
Parameters (list) --
A description of the parameters for a document.
(dict) --
Parameters specified in a System Manager document that run on the server when the command is run.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. The type can be either String or StringList.
Description (string) --
A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.
DefaultValue (string) --
If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.
PlatformTypes (list) --
The list of OS platforms compatible with this SSM document.
DocumentType (string) --
The type of document.
SchemaVersion (string) --
The schema version.
LatestVersion (string) --
The latest version of the document.
DefaultVersion (string) --
The default version.
DocumentFormat (string) --
The document format, either JSON or YAML.
TargetType (string) --
The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance . For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide .
Tags (list) --
The tags, or metadata, that have been applied to the document.
(dict) --
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
Key (string) --
The name of the tag.
Value (string) --
The value of the tag.
AttachmentsInformation (list) --
Details about the document attachments, including names, locations, sizes, and so on.
(dict) --
An attribute of an attachment, such as the attachment name.
Name (string) --
The name of the attachment.
Requires (list) --
A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.
(dict) --
An SSM document required by the current document.
Name (string) --
The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version (string) --
The document version required by the current document.
Author (string) --
The user in your organization who created the document.
ReviewInformation (list) --
Details about the review of a document.
(dict) --
Information about the result of a document review request.
ReviewedTime (datetime) --
The time that the reviewer took action on the document review request.
Status (string) --
The current status of the document review request.
Reviewer (string) --
The reviewer assigned to take action on the document review request.
ApprovedVersion (string) --
The version of the document currently approved for use in the organization.
PendingReviewVersion (string) --
The version of the document that is currently under review.
ReviewStatus (string) --
The current status of the review.
Exceptions
Describes the permissions for a Amazon Web Services Systems Manager document (SSM document). If you created the document, you are the owner. If a document is shared, it can either be shared privately (by specifying a user's account ID) or publicly (All ).
See also: AWS API Documentation
Request Syntax
response = client.describe_document_permission(
Name='string',
PermissionType='Share',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The name of the document for which you are the owner.
[REQUIRED]
The permission type for the document. The permission type can be Share .
dict
Response Syntax
{
'AccountIds': [
'string',
],
'AccountSharingInfoList': [
{
'AccountId': 'string',
'SharedDocumentVersion': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AccountIds (list) --
The account IDs that have permission to use this document. The ID can be either an account or All .
AccountSharingInfoList (list) --
A list of accounts where the current document is shared and the version shared with each account.
(dict) --
Information includes the account ID where the current document is shared and the version shared with that account.
AccountId (string) --
The account ID where the current document is shared.
SharedDocumentVersion (string) --
The version of the current document shared with the account.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
All associations for the instance(s).
See also: AWS API Documentation
Request Syntax
response = client.describe_effective_instance_associations(
InstanceId='string',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The instance ID for which you want to view all associations.
dict
Response Syntax
{
'Associations': [
{
'AssociationId': 'string',
'InstanceId': 'string',
'Content': 'string',
'AssociationVersion': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Associations (list) --
The associations for the requested instance.
(dict) --
One or more association documents on the instance.
AssociationId (string) --
The association ID.
InstanceId (string) --
The instance ID.
Content (string) --
The content of the association document for the instance(s).
AssociationVersion (string) --
Version information for the association on the instance.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline. Applies to patch baselines for Windows only.
See also: AWS API Documentation
Request Syntax
response = client.describe_effective_patches_for_patch_baseline(
BaselineId='string',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The ID of the patch baseline to retrieve the effective patches for.
dict
Response Syntax
{
'EffectivePatches': [
{
'Patch': {
'Id': 'string',
'ReleaseDate': datetime(2015, 1, 1),
'Title': 'string',
'Description': 'string',
'ContentUrl': 'string',
'Vendor': 'string',
'ProductFamily': 'string',
'Product': 'string',
'Classification': 'string',
'MsrcSeverity': 'string',
'KbNumber': 'string',
'MsrcNumber': 'string',
'Language': 'string',
'AdvisoryIds': [
'string',
],
'BugzillaIds': [
'string',
],
'CVEIds': [
'string',
],
'Name': 'string',
'Epoch': 123,
'Version': 'string',
'Release': 'string',
'Arch': 'string',
'Severity': 'string',
'Repository': 'string'
},
'PatchStatus': {
'DeploymentStatus': 'APPROVED'|'PENDING_APPROVAL'|'EXPLICIT_APPROVED'|'EXPLICIT_REJECTED',
'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApprovalDate': datetime(2015, 1, 1)
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
EffectivePatches (list) --
An array of patches and patch status.
(dict) --
The EffectivePatch structure defines metadata about a patch along with the approval state of the patch in a particular patch baseline. The approval state includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.
Patch (dict) --
Provides metadata for a patch, including information such as the KB ID, severity, classification and a URL for where more information can be obtained about the patch.
Id (string) --
The ID of the patch. Applies to Windows patches only.
Note
This ID isn't the same as the Microsoft Knowledge Base ID.
ReleaseDate (datetime) --
The date the patch was released.
Title (string) --
The title of the patch.
Description (string) --
The description of the patch.
ContentUrl (string) --
The URL where more information can be obtained about the patch.
Vendor (string) --
The name of the vendor providing the patch.
ProductFamily (string) --
The product family the patch is applicable for. For example, Windows or Amazon Linux 2 .
Product (string) --
The specific product the patch is applicable for. For example, WindowsServer2016 or AmazonLinux2018.03 .
Classification (string) --
The classification of the patch. For example, SecurityUpdates , Updates , or CriticalUpdates .
MsrcSeverity (string) --
The severity of the patch, such as Critical , Important , or Moderate . Applies to Windows patches only.
KbNumber (string) --
The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.
MsrcNumber (string) --
The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example, MS14-045 . Applies to Windows patches only.
Language (string) --
The language of the patch if it's language-specific.
AdvisoryIds (list) --
The Advisory ID of the patch. For example, RHSA-2020:3779 . Applies to Linux-based instances only.
BugzillaIds (list) --
The Bugzilla ID of the patch. For example, 1600646 . Applies to Linux-based instances only.
CVEIds (list) --
The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example, CVE-2011-3192 . Applies to Linux-based instances only.
Name (string) --
The name of the patch. Applies to Linux-based instances only.
Epoch (integer) --
The epoch of the patch. For example in pkg-example-EE-20180914-2.2.amzn1.noarch , the epoch value is 20180914-2 . Applies to Linux-based instances only.
Version (string) --
The version number of the patch. For example, in example-pkg-1.710.10-2.7.abcd.x86_64 , the version number is indicated by -1 . Applies to Linux-based instances only.
Release (string) --
The particular release of a patch. For example, in pkg-example-EE-20180914-2.2.amzn1.noarch , the release is 2.amaz1 . Applies to Linux-based instances only.
Arch (string) --
The architecture of the patch. For example, in example-pkg-0.710.10-2.7.abcd.x86_64 , the architecture is indicated by x86_64 . Applies to Linux-based instances only.
Severity (string) --
The severity level of the patch. For example, CRITICAL or MODERATE .
Repository (string) --
The source patch repository for the operating system and version, such as trusty-security for Ubuntu Server 14.04 LTE and focal-security for Ubuntu Server 20.04 LTE. Applies to Linux-based instances only.
PatchStatus (dict) --
The status of the patch in a patch baseline. This includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.
DeploymentStatus (string) --
The approval status of a patch.
ComplianceLevel (string) --
The compliance severity level for a patch.
ApprovalDate (datetime) --
The date the patch was approved (or will be approved if the status is PENDING_APPROVAL ).
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
The status of the associations for the instance(s).
See also: AWS API Documentation
Request Syntax
response = client.describe_instance_associations_status(
InstanceId='string',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The instance IDs for which you want association status information.
dict
Response Syntax
{
'InstanceAssociationStatusInfos': [
{
'AssociationId': 'string',
'Name': 'string',
'DocumentVersion': 'string',
'AssociationVersion': 'string',
'InstanceId': 'string',
'ExecutionDate': datetime(2015, 1, 1),
'Status': 'string',
'DetailedStatus': 'string',
'ExecutionSummary': 'string',
'ErrorCode': 'string',
'OutputUrl': {
'S3OutputUrl': {
'OutputUrl': 'string'
}
},
'AssociationName': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
InstanceAssociationStatusInfos (list) --
Status information about the association.
(dict) --
Status information about the instance association.
AssociationId (string) --
The association ID.
Name (string) --
The name of the association.
DocumentVersion (string) --
The association document versions.
AssociationVersion (string) --
The version of the association applied to the instance.
InstanceId (string) --
The instance ID where the association was created.
ExecutionDate (datetime) --
The date the instance association ran.
Status (string) --
Status information about the instance association.
DetailedStatus (string) --
Detailed status information about the instance association.
ExecutionSummary (string) --
Summary information about association execution.
ErrorCode (string) --
An error code returned by the request to create the association.
OutputUrl (dict) --
A URL for an S3 bucket where you want to store the results of this request.
S3OutputUrl (dict) --
The URL of S3 bucket where you want to store the results of this request.
OutputUrl (string) --
A URL for an S3 bucket where you want to store the results of this request.
AssociationName (string) --
The name of the association applied to the instance.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Describes one or more of your instances, including information about the operating system platform, the version of SSM Agent installed on the instance, instance status, and so on.
If you specify one or more instance IDs, it returns information for those instances. If you don't specify instance IDs, it returns information for all your instances. If you specify an instance ID that isn't valid or an instance that you don't own, you receive an error.
Note
The IamRole field for this API operation is the Identity and Access Management (IAM) role assigned to on-premises instances. This call doesn't return the IAM role for EC2 instances.
See also: AWS API Documentation
Request Syntax
response = client.describe_instance_information(
InstanceInformationFilterList=[
{
'key': 'InstanceIds'|'AgentVersion'|'PingStatus'|'PlatformTypes'|'ActivationIds'|'IamRole'|'ResourceType'|'AssociationStatus',
'valueSet': [
'string',
]
},
],
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
This is a legacy method. We recommend that you don't use this method. Instead, use the Filters data type. Filters enables you to return instance information by filtering based on tags applied to managed instances.
Note
Attempting to use InstanceInformationFilterList and Filters leads to an exception error.
Describes a filter for a specific list of instances. You can filter instances information by using tags. You specify tags by using a key-value mapping.
Use this operation instead of the DescribeInstanceInformationRequest$InstanceInformationFilterList method. The InstanceInformationFilterList method is a legacy method and doesn't support tags.
The name of the filter.
The filter values.
One or more filters. Use a filter to return a more specific list of instances. You can filter based on tags applied to EC2 instances. Use this Filters data type instead of InstanceInformationFilterList , which is deprecated.
The filters to describe or get information about your managed instances.
The filter key name to describe your instances. For example:
"InstanceIds"|"AgentVersion"|"PingStatus"|"PlatformTypes"|"ActivationIds"|"IamRole"|"ResourceType"|"AssociationStatus"|"Tag Key"
Warning
Tag key isn't a valid filter. You must specify either tag-key or tag:keyname and a string. Here are some valid examples: tag-key, tag:123, tag:al!, tag:Windows. Here are some invalid examples: tag-keys, Tag Key, tag:, tagKey, abc:keyname.
The filter values.
dict
Response Syntax
{
'InstanceInformationList': [
{
'InstanceId': 'string',
'PingStatus': 'Online'|'ConnectionLost'|'Inactive',
'LastPingDateTime': datetime(2015, 1, 1),
'AgentVersion': 'string',
'IsLatestVersion': True|False,
'PlatformType': 'Windows'|'Linux',
'PlatformName': 'string',
'PlatformVersion': 'string',
'ActivationId': 'string',
'IamRole': 'string',
'RegistrationDate': datetime(2015, 1, 1),
'ResourceType': 'ManagedInstance'|'Document'|'EC2Instance',
'Name': 'string',
'IPAddress': 'string',
'ComputerName': 'string',
'AssociationStatus': 'string',
'LastAssociationExecutionDate': datetime(2015, 1, 1),
'LastSuccessfulAssociationExecutionDate': datetime(2015, 1, 1),
'AssociationOverview': {
'DetailedStatus': 'string',
'InstanceAssociationStatusAggregatedCount': {
'string': 123
}
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
InstanceInformationList (list) --
The instance information list.
(dict) --
Describes a filter for a specific list of instances.
InstanceId (string) --
The instance ID.
PingStatus (string) --
Connection status of SSM Agent.
Note
The status Inactive has been deprecated and is no longer in use.
LastPingDateTime (datetime) --
The date and time when the agent last pinged the Systems Manager service.
AgentVersion (string) --
The version of SSM Agent running on your Linux instance.
IsLatestVersion (boolean) --
Indicates whether the latest version of SSM Agent is running on your Linux Managed Instance. This field doesn't indicate whether or not the latest version is installed on Windows managed instances, because some older versions of Windows Server use the EC2Config service to process Systems Manager requests.
PlatformType (string) --
The operating system platform type.
PlatformName (string) --
The name of the operating system platform running on your instance.
PlatformVersion (string) --
The version of the OS platform running on your instance.
ActivationId (string) --
The activation ID created by Amazon Web Services Systems Manager when the server or virtual machine (VM) was registered.
IamRole (string) --
The Identity and Access Management (IAM) role assigned to the on-premises Systems Manager managed instance. This call doesn't return the IAM role for Amazon Elastic Compute Cloud (Amazon EC2) instances. To retrieve the IAM role for an EC2 instance, use the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference .
RegistrationDate (datetime) --
The date the server or VM was registered with Amazon Web Services as a managed instance.
ResourceType (string) --
The type of instance. Instances are either EC2 instances or managed instances.
Name (string) --
The name assigned to an on-premises server or virtual machine (VM) when it is activated as a Systems Manager managed instance. The name is specified as the DefaultInstanceName property using the CreateActivation command. It is applied to the managed instance by specifying the Activation Code and Activation ID when you install SSM Agent on the instance, as explained in Install SSM Agent for a hybrid environment (Linux) and Install SSM Agent for a hybrid environment (Windows) . To retrieve the Name tag of an EC2 instance, use the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference .
IPAddress (string) --
The IP address of the managed instance.
ComputerName (string) --
The fully qualified host name of the managed instance.
AssociationStatus (string) --
The status of the association.
LastAssociationExecutionDate (datetime) --
The date the association was last run.
LastSuccessfulAssociationExecutionDate (datetime) --
The last date the association was successfully run.
AssociationOverview (dict) --
Information about the association.
DetailedStatus (string) --
Detailed status information about the aggregated associations.
InstanceAssociationStatusAggregatedCount (dict) --
The number of associations for the instance(s).
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves the high-level patch state of one or more instances.
See also: AWS API Documentation
Request Syntax
response = client.describe_instance_patch_states(
InstanceIds=[
'string',
],
NextToken='string',
MaxResults=123
)
[REQUIRED]
The ID of the instance for which patch state information should be retrieved.
dict
Response Syntax
{
'InstancePatchStates': [
{
'InstanceId': 'string',
'PatchGroup': 'string',
'BaselineId': 'string',
'SnapshotId': 'string',
'InstallOverrideList': 'string',
'OwnerInformation': 'string',
'InstalledCount': 123,
'InstalledOtherCount': 123,
'InstalledPendingRebootCount': 123,
'InstalledRejectedCount': 123,
'MissingCount': 123,
'FailedCount': 123,
'UnreportedNotApplicableCount': 123,
'NotApplicableCount': 123,
'OperationStartTime': datetime(2015, 1, 1),
'OperationEndTime': datetime(2015, 1, 1),
'Operation': 'Scan'|'Install',
'LastNoRebootInstallOperationTime': datetime(2015, 1, 1),
'RebootOption': 'RebootIfNeeded'|'NoReboot',
'CriticalNonCompliantCount': 123,
'SecurityNonCompliantCount': 123,
'OtherNonCompliantCount': 123
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
InstancePatchStates (list) --
The high-level patch state for the requested instances.
(dict) --
Defines the high-level patch compliance state for a managed instance, providing information about the number of installed, missing, not applicable, and failed patches along with metadata about the operation when this information was gathered for the instance.
InstanceId (string) --
The ID of the managed instance the high-level patch compliance information was collected for.
PatchGroup (string) --
The name of the patch group the managed instance belongs to.
BaselineId (string) --
The ID of the patch baseline used to patch the instance.
SnapshotId (string) --
The ID of the patch baseline snapshot used during the patching operation when this compliance data was collected.
InstallOverrideList (string) --
An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document AWS-RunPatchBaseline , overrides the patches specified by the default patch baseline.
For more information about the InstallOverrideList parameter, see About the ``AWS-RunPatchBaseline` https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-about-aws-runpatchbaseline.html`__ SSM document in the Amazon Web Services Systems Manager User Guide .
OwnerInformation (string) --
Placeholder information. This field will always be empty in the current release of the service.
InstalledCount (integer) --
The number of patches from the patch baseline that are installed on the instance.
InstalledOtherCount (integer) --
The number of patches not specified in the patch baseline that are installed on the instance.
InstalledPendingRebootCount (integer) --
The number of patches installed by Patch Manager since the last time the instance was rebooted.
InstalledRejectedCount (integer) --
The number of patches installed on an instance that are specified in a RejectedPatches list. Patches with a status of InstalledRejected were typically installed before they were added to a RejectedPatches list.
Note
If ALLOW_AS_DEPENDENCY is the specified option for RejectedPatchesAction , the value of InstalledRejectedCount will always be 0 (zero).
MissingCount (integer) --
The number of patches from the patch baseline that are applicable for the instance but aren't currently installed.
FailedCount (integer) --
The number of patches from the patch baseline that were attempted to be installed during the last patching operation, but failed to install.
UnreportedNotApplicableCount (integer) --
The number of patches beyond the supported limit of NotApplicableCount that aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.
NotApplicableCount (integer) --
The number of patches from the patch baseline that aren't applicable for the instance and therefore aren't installed on the instance. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in UnreportedNotApplicableCount .
OperationStartTime (datetime) --
The time the most recent patching operation was started on the instance.
OperationEndTime (datetime) --
The time the most recent patching operation completed on the instance.
Operation (string) --
The type of patching operation that was performed: or
LastNoRebootInstallOperationTime (datetime) --
The time of the last attempt to patch the instance with NoReboot specified as the reboot option.
RebootOption (string) --
Indicates the reboot option specified in the patch baseline.
Note
Reboot options apply to Install operations only. Reboots aren't attempted for Patch Manager Scan operations.
CriticalNonCompliantCount (integer) --
The number of instances where patches that are specified as Critical for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
SecurityNonCompliantCount (integer) --
The number of instances where patches that are specified as Security in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
OtherNonCompliantCount (integer) --
The number of instances with patches installed that are specified as other than Critical or Security but aren't compliant with the patch baseline. The status of these instances is NON_COMPLIANT .
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves the high-level patch state for the instances in the specified patch group.
See also: AWS API Documentation
Request Syntax
response = client.describe_instance_patch_states_for_patch_group(
PatchGroup='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'LessThan'|'GreaterThan'
},
],
NextToken='string',
MaxResults=123
)
[REQUIRED]
The name of the patch group for which the patch state information should be retrieved.
Each entry in the array is a structure containing:
Defines a filter used in DescribeInstancePatchStatesForPatchGroup to scope down the information returned by the API.
Example : To filter for all instances in a patch group having more than three patches with a FailedCount status, use the following for the filter:
The key for the filter. Supported values include the following:
The value for the filter. Must be an integer greater than or equal to 0.
The type of comparison that should be performed for the value.
dict
Response Syntax
{
'InstancePatchStates': [
{
'InstanceId': 'string',
'PatchGroup': 'string',
'BaselineId': 'string',
'SnapshotId': 'string',
'InstallOverrideList': 'string',
'OwnerInformation': 'string',
'InstalledCount': 123,
'InstalledOtherCount': 123,
'InstalledPendingRebootCount': 123,
'InstalledRejectedCount': 123,
'MissingCount': 123,
'FailedCount': 123,
'UnreportedNotApplicableCount': 123,
'NotApplicableCount': 123,
'OperationStartTime': datetime(2015, 1, 1),
'OperationEndTime': datetime(2015, 1, 1),
'Operation': 'Scan'|'Install',
'LastNoRebootInstallOperationTime': datetime(2015, 1, 1),
'RebootOption': 'RebootIfNeeded'|'NoReboot',
'CriticalNonCompliantCount': 123,
'SecurityNonCompliantCount': 123,
'OtherNonCompliantCount': 123
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
InstancePatchStates (list) --
The high-level patch state for the requested instances.
(dict) --
Defines the high-level patch compliance state for a managed instance, providing information about the number of installed, missing, not applicable, and failed patches along with metadata about the operation when this information was gathered for the instance.
InstanceId (string) --
The ID of the managed instance the high-level patch compliance information was collected for.
PatchGroup (string) --
The name of the patch group the managed instance belongs to.
BaselineId (string) --
The ID of the patch baseline used to patch the instance.
SnapshotId (string) --
The ID of the patch baseline snapshot used during the patching operation when this compliance data was collected.
InstallOverrideList (string) --
An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document AWS-RunPatchBaseline , overrides the patches specified by the default patch baseline.
For more information about the InstallOverrideList parameter, see About the ``AWS-RunPatchBaseline` https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-about-aws-runpatchbaseline.html`__ SSM document in the Amazon Web Services Systems Manager User Guide .
OwnerInformation (string) --
Placeholder information. This field will always be empty in the current release of the service.
InstalledCount (integer) --
The number of patches from the patch baseline that are installed on the instance.
InstalledOtherCount (integer) --
The number of patches not specified in the patch baseline that are installed on the instance.
InstalledPendingRebootCount (integer) --
The number of patches installed by Patch Manager since the last time the instance was rebooted.
InstalledRejectedCount (integer) --
The number of patches installed on an instance that are specified in a RejectedPatches list. Patches with a status of InstalledRejected were typically installed before they were added to a RejectedPatches list.
Note
If ALLOW_AS_DEPENDENCY is the specified option for RejectedPatchesAction , the value of InstalledRejectedCount will always be 0 (zero).
MissingCount (integer) --
The number of patches from the patch baseline that are applicable for the instance but aren't currently installed.
FailedCount (integer) --
The number of patches from the patch baseline that were attempted to be installed during the last patching operation, but failed to install.
UnreportedNotApplicableCount (integer) --
The number of patches beyond the supported limit of NotApplicableCount that aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.
NotApplicableCount (integer) --
The number of patches from the patch baseline that aren't applicable for the instance and therefore aren't installed on the instance. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in UnreportedNotApplicableCount .
OperationStartTime (datetime) --
The time the most recent patching operation was started on the instance.
OperationEndTime (datetime) --
The time the most recent patching operation completed on the instance.
Operation (string) --
The type of patching operation that was performed: or
LastNoRebootInstallOperationTime (datetime) --
The time of the last attempt to patch the instance with NoReboot specified as the reboot option.
RebootOption (string) --
Indicates the reboot option specified in the patch baseline.
Note
Reboot options apply to Install operations only. Reboots aren't attempted for Patch Manager Scan operations.
CriticalNonCompliantCount (integer) --
The number of instances where patches that are specified as Critical for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
SecurityNonCompliantCount (integer) --
The number of instances where patches that are specified as Security in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
OtherNonCompliantCount (integer) --
The number of instances with patches installed that are specified as other than Critical or Security but aren't compliant with the patch baseline. The status of these instances is NON_COMPLIANT .
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves information about the patches on the specified instance and their state relative to the patch baseline being used for the instance.
See also: AWS API Documentation
Request Syntax
response = client.describe_instance_patches(
InstanceId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
NextToken='string',
MaxResults=123
)
[REQUIRED]
The ID of the instance whose patch state information should be retrieved.
Each element in the array is a structure containing a key-value pair.
Supported keys for DescribeInstancePatches include the following:
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
dict
Response Syntax
{
'Patches': [
{
'Title': 'string',
'KBId': 'string',
'Classification': 'string',
'Severity': 'string',
'State': 'INSTALLED'|'INSTALLED_OTHER'|'INSTALLED_PENDING_REBOOT'|'INSTALLED_REJECTED'|'MISSING'|'NOT_APPLICABLE'|'FAILED',
'InstalledTime': datetime(2015, 1, 1),
'CVEIds': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Patches (list) --
Each entry in the array is a structure containing:
(dict) --
Information about the state of a patch on a particular instance as it relates to the patch baseline used to patch the instance.
Title (string) --
The title of the patch.
KBId (string) --
The operating system-specific ID of the patch.
Classification (string) --
The classification of the patch, such as SecurityUpdates , Updates , and CriticalUpdates .
Severity (string) --
The severity of the patchsuch as Critical , Important , and Moderate .
State (string) --
The state of the patch on the instance, such as INSTALLED or FAILED.
For descriptions of each patch state, see About patch compliance in the Amazon Web Services Systems Manager User Guide .
InstalledTime (datetime) --
The date/time the patch was installed on the instance. Not all operating systems provide this level of information.
CVEIds (string) --
The IDs of one or more Common Vulnerabilities and Exposure (CVE) issues that are resolved by the patch.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Describes a specific delete inventory operation.
See also: AWS API Documentation
Request Syntax
response = client.describe_inventory_deletions(
DeletionId='string',
NextToken='string',
MaxResults=123
)
dict
Response Syntax
{
'InventoryDeletions': [
{
'DeletionId': 'string',
'TypeName': 'string',
'DeletionStartTime': datetime(2015, 1, 1),
'LastStatus': 'InProgress'|'Complete',
'LastStatusMessage': 'string',
'DeletionSummary': {
'TotalCount': 123,
'RemainingCount': 123,
'SummaryItems': [
{
'Version': 'string',
'Count': 123,
'RemainingCount': 123
},
]
},
'LastStatusUpdateTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
InventoryDeletions (list) --
A list of status items for deleted inventory.
(dict) --
Status information returned by the DeleteInventory operation.
DeletionId (string) --
The deletion ID returned by the DeleteInventory operation.
TypeName (string) --
The name of the inventory data type.
DeletionStartTime (datetime) --
The UTC timestamp when the delete operation started.
LastStatus (string) --
The status of the operation. Possible values are InProgress and Complete.
LastStatusMessage (string) --
Information about the status.
DeletionSummary (dict) --
Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the Amazon Web Services Systems Manager User Guide .
TotalCount (integer) --
The total number of items to delete. This count doesn't change during the delete operation.
RemainingCount (integer) --
Remaining number of items to delete.
SummaryItems (list) --
A list of counts and versions for deleted items.
(dict) --
Either a count, remaining count, or a version number in a delete inventory summary.
Version (string) --
The inventory type version.
Count (integer) --
A count of the number of deleted items.
RemainingCount (integer) --
The remaining number of items to delete.
LastStatusUpdateTime (datetime) --
The UTC timestamp of when the last status report.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Retrieves the individual task executions (one per target) for a particular task run as part of a maintenance window execution.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_window_execution_task_invocations(
WindowExecutionId='string',
TaskId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The ID of the maintenance window execution the task is part of.
[REQUIRED]
The ID of the specific task in the maintenance window task that should be retrieved.
Optional filters used to scope down the returned task invocations. The supported filter key is STATUS with the corresponding values PENDING , IN_PROGRESS , SUCCESS , FAILED , TIMED_OUT , CANCELLING , and CANCELLED .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
dict
Response Syntax
{
'WindowExecutionTaskInvocationIdentities': [
{
'WindowExecutionId': 'string',
'TaskExecutionId': 'string',
'InvocationId': 'string',
'ExecutionId': 'string',
'TaskType': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA',
'Parameters': 'string',
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1),
'OwnerInformation': 'string',
'WindowTargetId': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
WindowExecutionTaskInvocationIdentities (list) --
Information about the task invocation results per invocation.
(dict) --
Describes the information about a task invocation for a particular target as part of a task execution performed as part of a maintenance window execution.
WindowExecutionId (string) --
The ID of the maintenance window execution that ran the task.
TaskExecutionId (string) --
The ID of the specific task execution in the maintenance window execution.
InvocationId (string) --
The ID of the task invocation.
ExecutionId (string) --
The ID of the action performed in the service that actually handled the task invocation. If the task type is RUN_COMMAND , this value is the command ID.
TaskType (string) --
The task type.
Parameters (string) --
The parameters that were provided for the invocation when it was run.
Status (string) --
The status of the task invocation.
StatusDetails (string) --
The details explaining the status of the task invocation. Not available for all status values.
StartTime (datetime) --
The time the invocation started.
EndTime (datetime) --
The time the invocation finished.
OwnerInformation (string) --
User-provided value that was specified when the target was registered with the maintenance window. This was also included in any Amazon CloudWatch Events events raised during the task invocation.
WindowTargetId (string) --
The ID of the target definition in this maintenance window the invocation was performed for.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
For a given maintenance window execution, lists the tasks that were run.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_window_execution_tasks(
WindowExecutionId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The ID of the maintenance window execution whose task executions should be retrieved.
Optional filters used to scope down the returned tasks. The supported filter key is STATUS with the corresponding values PENDING , IN_PROGRESS , SUCCESS , FAILED , TIMED_OUT , CANCELLING , and CANCELLED .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
dict
Response Syntax
{
'WindowExecutionTaskIdentities': [
{
'WindowExecutionId': 'string',
'TaskExecutionId': 'string',
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1),
'TaskArn': 'string',
'TaskType': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
WindowExecutionTaskIdentities (list) --
Information about the task executions.
(dict) --
Information about a task execution performed as part of a maintenance window execution.
WindowExecutionId (string) --
The ID of the maintenance window execution that ran the task.
TaskExecutionId (string) --
The ID of the specific task execution in the maintenance window execution.
Status (string) --
The status of the task execution.
StatusDetails (string) --
The details explaining the status of the task execution. Not available for all status values.
StartTime (datetime) --
The time the task execution started.
EndTime (datetime) --
The time the task execution finished.
TaskArn (string) --
The Amazon Resource Name (ARN) of the task that ran.
TaskType (string) --
The type of task that ran.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Lists the executions of a maintenance window. This includes information about when the maintenance window was scheduled to be active, and information about tasks registered and run with the maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_window_executions(
WindowId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The ID of the maintenance window whose executions should be retrieved.
Each entry in the array is a structure containing:
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
dict
Response Syntax
{
'WindowExecutions': [
{
'WindowId': 'string',
'WindowExecutionId': 'string',
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
WindowExecutions (list) --
Information about the maintenance window executions.
(dict) --
Describes the information about an execution of a maintenance window.
WindowId (string) --
The ID of the maintenance window.
WindowExecutionId (string) --
The ID of the maintenance window execution.
Status (string) --
The status of the execution.
StatusDetails (string) --
The details explaining the status. Not available for all status values.
StartTime (datetime) --
The time the execution started.
EndTime (datetime) --
The time the execution finished.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves information about upcoming executions of a maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_window_schedule(
WindowId='string',
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
ResourceType='INSTANCE'|'RESOURCE_GROUP',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
The instance ID or key-value pair to retrieve information about.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
Filters used to limit the range of results. For example, you can limit maintenance window executions to only those scheduled before or after a certain date and time.
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
dict
Response Syntax
{
'ScheduledWindowExecutions': [
{
'WindowId': 'string',
'Name': 'string',
'ExecutionTime': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ScheduledWindowExecutions (list) --
Information about maintenance window executions scheduled for the specified time range.
(dict) --
Information about a scheduled execution for a maintenance window.
WindowId (string) --
The ID of the maintenance window to be run.
Name (string) --
The name of the maintenance window to be run.
ExecutionTime (string) --
The time, in ISO-8601 Extended format, that the maintenance window is scheduled to be run.
NextToken (string) --
The token for the next set of items to return. (You use this token in the next call.)
Exceptions
Lists the targets registered with the maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_window_targets(
WindowId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The ID of the maintenance window whose targets should be retrieved.
Optional filters that can be used to narrow down the scope of the returned window targets. The supported filter keys are Type , WindowTargetId , and OwnerInformation .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
dict
Response Syntax
{
'Targets': [
{
'WindowId': 'string',
'WindowTargetId': 'string',
'ResourceType': 'INSTANCE'|'RESOURCE_GROUP',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'OwnerInformation': 'string',
'Name': 'string',
'Description': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Targets (list) --
Information about the targets in the maintenance window.
(dict) --
The target registered with the maintenance window.
WindowId (string) --
The ID of the maintenance window to register the target with.
WindowTargetId (string) --
The ID of the target.
ResourceType (string) --
The type of target that is being registered with the maintenance window.
Targets (list) --
The targets, either instances or tags.
Specify instances using the following format:
Key=instanceids,Values=<instanceid1>,<instanceid2>
Tags are specified using the following format:
Key=<tag name>,Values=<tag value> .
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
OwnerInformation (string) --
A user-provided value that will be included in any Amazon CloudWatch Events events that are raised while running tasks for these targets in this maintenance window.
Name (string) --
The name for the maintenance window target.
Description (string) --
A description for the target.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Lists the tasks in a maintenance window.
Note
For maintenance window tasks without a specified target, you can't supply values for --max-errors and --max-concurrency . Instead, the system inserts a placeholder value of 1 , which may be reported in the response to this command. These values don't affect the running of your task and can be ignored.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_window_tasks(
WindowId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The ID of the maintenance window whose tasks should be retrieved.
Optional filters used to narrow down the scope of the returned tasks. The supported filter keys are WindowTaskId , TaskArn , Priority , and TaskType .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
dict
Response Syntax
{
'Tasks': [
{
'WindowId': 'string',
'WindowTaskId': 'string',
'TaskArn': 'string',
'Type': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TaskParameters': {
'string': {
'Values': [
'string',
]
}
},
'Priority': 123,
'LoggingInfo': {
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'S3Region': 'string'
},
'ServiceRoleArn': 'string',
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'Name': 'string',
'Description': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Tasks (list) --
Information about the tasks in the maintenance window.
(dict) --
Information about a task defined for a maintenance window.
WindowId (string) --
The ID of the maintenance window where the task is registered.
WindowTaskId (string) --
The task ID.
TaskArn (string) --
The resource that the task uses during execution. For RUN_COMMAND and AUTOMATION task types, TaskArn is the Amazon Web Services Systems Manager (SSM document) name or ARN. For LAMBDA tasks, it's the function name or ARN. For STEP_FUNCTIONS tasks, it's the state machine ARN.
Type (string) --
The type of task.
Targets (list) --
The targets (either instances or tags). Instances are specified using Key=instanceids,Values=<instanceid1>,<instanceid2> . Tags are specified using Key=<tag name>,Values=<tag value> .
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TaskParameters (dict) --
The parameters that should be passed to the task when it is run.
Note
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
(string) --
(dict) --
Defines the values for a task parameter.
Values (list) --
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
Priority (integer) --
The priority of the task in the maintenance window. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
LoggingInfo (dict) --
Information about an S3 bucket to write task-level logs to.
Note
LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
S3BucketName (string) --
The name of an S3 bucket where execution logs are stored .
S3KeyPrefix (string) --
(Optional) The S3 bucket subfolder.
S3Region (string) --
The Region where the S3 bucket is located.
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
MaxConcurrency (string) --
The maximum number of targets this task can be run for, in parallel.
MaxErrors (string) --
The maximum number of errors allowed before this task stops being scheduled.
Name (string) --
The task name.
Description (string) --
A description of the task.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves the maintenance windows in an account.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_windows(
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
Optional filters used to narrow down the scope of the returned maintenance windows. Supported filter keys are Name and Enabled . For example, Name=MyMaintenanceWindow and Enabled=True .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
dict
Response Syntax
{
'WindowIdentities': [
{
'WindowId': 'string',
'Name': 'string',
'Description': 'string',
'Enabled': True|False,
'Duration': 123,
'Cutoff': 123,
'Schedule': 'string',
'ScheduleTimezone': 'string',
'ScheduleOffset': 123,
'EndDate': 'string',
'StartDate': 'string',
'NextExecutionTime': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
WindowIdentities (list) --
Information about the maintenance windows.
(dict) --
Information about the maintenance window.
WindowId (string) --
The ID of the maintenance window.
Name (string) --
The name of the maintenance window.
Description (string) --
A description of the maintenance window.
Enabled (boolean) --
Indicates whether the maintenance window is enabled.
Duration (integer) --
The duration of the maintenance window in hours.
Cutoff (integer) --
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
Schedule (string) --
The schedule of the maintenance window in the form of a cron or rate expression.
ScheduleTimezone (string) --
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.
ScheduleOffset (integer) --
The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
EndDate (string) --
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive.
StartDate (string) --
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active.
NextExecutionTime (string) --
The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves information about the maintenance window targets or tasks that an instance is associated with.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_windows_for_target(
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
ResourceType='INSTANCE'|'RESOURCE_GROUP',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The instance ID or key-value pair to retrieve information about.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
[REQUIRED]
The type of resource you want to retrieve information about. For example, INSTANCE .
dict
Response Syntax
{
'WindowIdentities': [
{
'WindowId': 'string',
'Name': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
WindowIdentities (list) --
Information about the maintenance window targets and tasks an instance is associated with.
(dict) --
The maintenance window to which the specified target belongs.
WindowId (string) --
The ID of the maintenance window.
Name (string) --
The name of the maintenance window.
NextToken (string) --
The token for the next set of items to return. (You use this token in the next call.)
Exceptions
Query a set of OpsItems. You must have permission in Identity and Access Management (IAM) to query a list of OpsItems. For more information, see Getting started with OpsCenter in the Amazon Web Services Systems Manager User Guide .
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see OpsCenter in the Amazon Web Services Systems Manager User Guide .
See also: AWS API Documentation
Request Syntax
response = client.describe_ops_items(
OpsItemFilters=[
{
'Key': 'Status'|'CreatedBy'|'Source'|'Priority'|'Title'|'OpsItemId'|'CreatedTime'|'LastModifiedTime'|'ActualStartTime'|'ActualEndTime'|'PlannedStartTime'|'PlannedEndTime'|'OperationalData'|'OperationalDataKey'|'OperationalDataValue'|'ResourceId'|'AutomationId'|'Category'|'Severity'|'OpsItemType'|'ChangeRequestByRequesterArn'|'ChangeRequestByRequesterName'|'ChangeRequestByApproverArn'|'ChangeRequestByApproverName'|'ChangeRequestByTemplate'|'ChangeRequestByTargetsResourceGroup'|'InsightByType',
'Values': [
'string',
],
'Operator': 'Equal'|'Contains'|'GreaterThan'|'LessThan'
},
],
MaxResults=123,
NextToken='string'
)
One or more filters to limit the response.
*The Equals operator for Title matches the first 100 characters. If you specify more than 100 characters, they system returns an error that the filter value exceeds the length limit.
**If you filter the response by using the OperationalData operator, specify a key-value pair by using the following JSON format: {"key":"key_name","value":"a_value"}
Describes an OpsItem filter.
The name of the filter.
The filter value.
The operator used by the filter call.
dict
Response Syntax
{
'NextToken': 'string',
'OpsItemSummaries': [
{
'CreatedBy': 'string',
'CreatedTime': datetime(2015, 1, 1),
'LastModifiedBy': 'string',
'LastModifiedTime': datetime(2015, 1, 1),
'Priority': 123,
'Source': 'string',
'Status': 'Open'|'InProgress'|'Resolved'|'Pending'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'CompletedWithSuccess'|'CompletedWithFailure'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'PendingApproval'|'Approved'|'Rejected'|'Closed',
'OpsItemId': 'string',
'Title': 'string',
'OperationalData': {
'string': {
'Value': 'string',
'Type': 'SearchableString'|'String'
}
},
'Category': 'string',
'Severity': 'string',
'OpsItemType': 'string',
'ActualStartTime': datetime(2015, 1, 1),
'ActualEndTime': datetime(2015, 1, 1),
'PlannedStartTime': datetime(2015, 1, 1),
'PlannedEndTime': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
OpsItemSummaries (list) --
A list of OpsItems.
(dict) --
A count of OpsItems.
CreatedBy (string) --
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem.
CreatedTime (datetime) --
The date and time the OpsItem was created.
LastModifiedBy (string) --
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem.
LastModifiedTime (datetime) --
The date and time the OpsItem was last updated.
Priority (integer) --
The importance of this OpsItem in relation to other OpsItems in the system.
Source (string) --
The impacted Amazon Web Services resource.
Status (string) --
The OpsItem status. Status can be Open , In Progress , or Resolved .
OpsItemId (string) --
The ID of the OpsItem.
Title (string) --
A short heading that describes the nature of the OpsItem and the impacted resource.
OperationalData (dict) --
Operational data is custom data that provides useful reference details about the OpsItem.
(string) --
(dict) --
An object that defines the value of the key and its type in the OperationalData map.
Value (string) --
The value of the OperationalData key.
Type (string) --
The type of key-value pair. Valid types include SearchableString and String .
Category (string) --
A list of OpsItems by category.
Severity (string) --
A list of OpsItems by severity.
OpsItemType (string) --
The type of OpsItem. Currently, the only valid values are /aws/changerequest and /aws/issue .
ActualStartTime (datetime) --
The time a runbook workflow started. Currently reported only for the OpsItem type /aws/changerequest .
ActualEndTime (datetime) --
The time a runbook workflow ended. Currently reported only for the OpsItem type /aws/changerequest .
PlannedStartTime (datetime) --
The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type /aws/changerequest .
PlannedEndTime (datetime) --
The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest .
Exceptions
Get information about a parameter.
Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults . If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken . You can specify the NextToken in a subsequent call to get the next set of results.
See also: AWS API Documentation
Request Syntax
response = client.describe_parameters(
Filters=[
{
'Key': 'Name'|'Type'|'KeyId',
'Values': [
'string',
]
},
],
ParameterFilters=[
{
'Key': 'string',
'Option': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
This data type is deprecated. Instead, use ParameterFilters .
This data type is deprecated. Instead, use ParameterStringFilter .
The name of the filter.
The filter values.
Filters to limit the request results.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter.
The ParameterStringFilter object is used by the DescribeParameters and GetParametersByPath API operations. However, not all of the pattern values listed for Key can be used with both operations.
For DescribeActions , all of the listed patterns are valid, with the exception of Label .
For GetParametersByPath , the following patterns listed for Key aren't valid: tag , Name , Path , and Tier .
For examples of Amazon Web Services CLI commands demonstrating valid parameter filter constructions, see Searching for Systems Manager parameters in the Amazon Web Services Systems Manager User Guide .
For all filters used with DescribeParameters , valid options include Equals and BeginsWith . The Name filter additionally supports the Contains option. (Exception: For filters using the key Path , valid options include Recursive and OneLevel .)
For filters used with GetParametersByPath , valid options include Equals and BeginsWith . (Exception: For filters using Label as the Key name, the only valid option is Equals .)
The value you want to search for.
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'KeyId': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'LastModifiedUser': 'string',
'Description': 'string',
'AllowedPattern': 'string',
'Version': 123,
'Tier': 'Standard'|'Advanced'|'Intelligent-Tiering',
'Policies': [
{
'PolicyText': 'string',
'PolicyType': 'string',
'PolicyStatus': 'string'
},
],
'DataType': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Parameters (list) --
Parameters returned by the request.
(dict) --
Metadata includes information like the ARN of the last user and the date/time the parameter was last used.
Name (string) --
The parameter name.
Type (string) --
The type of parameter. Valid parameter types include the following: String , StringList , and SecureString .
KeyId (string) --
The ID of the query key used for this parameter.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated.
LastModifiedUser (string) --
Amazon Resource Name (ARN) of the Amazon Web Services user who last changed the parameter.
Description (string) --
Description of the parameter actions.
AllowedPattern (string) --
A parameter name can include only the following letters and symbols.
Version (integer) --
The parameter version.
Tier (string) --
The parameter tier.
Policies (list) --
A list of policies associated with a parameter.
(dict) --
One or more policies assigned to a parameter.
PolicyText (string) --
The JSON text of the policy.
PolicyType (string) --
The type of policy. Parameter Store, a capablility of Amazon Web Services Systems Manager, supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
PolicyStatus (string) --
The status of the policy. Policies report the following statuses: Pending (the policy hasn't been enforced or applied yet), Finished (the policy was applied), Failed (the policy wasn't applied), or InProgress (the policy is being applied now).
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
NextToken (string) --
The token to use when requesting the next set of items.
Exceptions
Lists the patch baselines in your account.
See also: AWS API Documentation
Request Syntax
response = client.describe_patch_baselines(
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
Each element in the array is a structure containing a key-value pair.
Supported keys for DescribePatchBaselines include the following:
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
dict
Response Syntax
{
'BaselineIdentities': [
{
'BaselineId': 'string',
'BaselineName': 'string',
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
'BaselineDescription': 'string',
'DefaultBaseline': True|False
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
BaselineIdentities (list) --
An array of PatchBaselineIdentity elements.
(dict) --
Defines the basic information about a patch baseline.
BaselineId (string) --
The ID of the patch baseline.
BaselineName (string) --
The name of the patch baseline.
OperatingSystem (string) --
Defines the operating system the patch baseline applies to. The default value is WINDOWS .
BaselineDescription (string) --
The description of the patch baseline.
DefaultBaseline (boolean) --
Whether this is the default baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Returns high-level aggregated patch compliance state information for a patch group.
See also: AWS API Documentation
Request Syntax
response = client.describe_patch_group_state(
PatchGroup='string'
)
[REQUIRED]
The name of the patch group whose patch snapshot should be retrieved.
{
'Instances': 123,
'InstancesWithInstalledPatches': 123,
'InstancesWithInstalledOtherPatches': 123,
'InstancesWithInstalledPendingRebootPatches': 123,
'InstancesWithInstalledRejectedPatches': 123,
'InstancesWithMissingPatches': 123,
'InstancesWithFailedPatches': 123,
'InstancesWithNotApplicablePatches': 123,
'InstancesWithUnreportedNotApplicablePatches': 123,
'InstancesWithCriticalNonCompliantPatches': 123,
'InstancesWithSecurityNonCompliantPatches': 123,
'InstancesWithOtherNonCompliantPatches': 123
}
Response Structure
The number of instances in the patch group.
The number of instances with installed patches.
The number of instances with patches installed that aren't defined in the patch baseline.
The number of instances with patches installed by Patch Manager that haven't been rebooted after the patch installation. The status of these instances is NON_COMPLIANT .
The number of instances with patches installed that are specified in a RejectedPatches list. Patches with a status of INSTALLED_REJECTED were typically installed before they were added to a RejectedPatches list.
Note
If ALLOW_AS_DEPENDENCY is the specified option for RejectedPatchesAction , the value of InstancesWithInstalledRejectedPatches will always be 0 (zero).
The number of instances with missing patches from the patch baseline.
The number of instances with patches from the patch baseline that failed to install.
The number of instances with patches that aren't applicable.
The number of instances with NotApplicable patches beyond the supported limit, which aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.
The number of instances where patches that are specified as Critical for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
The number of instances where patches that are specified as Security in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
The number of instances with patches installed that are specified as other than Critical or Security but aren't compliant with the patch baseline. The status of these instances is NON_COMPLIANT .
Exceptions
Lists all patch groups that have been registered with patch baselines.
See also: AWS API Documentation
Request Syntax
response = client.describe_patch_groups(
MaxResults=123,
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
NextToken='string'
)
Each element in the array is a structure containing a key-value pair.
Supported keys for DescribePatchGroups include the following:
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
dict
Response Syntax
{
'Mappings': [
{
'PatchGroup': 'string',
'BaselineIdentity': {
'BaselineId': 'string',
'BaselineName': 'string',
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
'BaselineDescription': 'string',
'DefaultBaseline': True|False
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Mappings (list) --
Each entry in the array contains:
(dict) --
The mapping between a patch group and the patch baseline the patch group is registered with.
PatchGroup (string) --
The name of the patch group registered with the patch baseline.
BaselineIdentity (dict) --
The patch baseline the patch group is registered with.
BaselineId (string) --
The ID of the patch baseline.
BaselineName (string) --
The name of the patch baseline.
OperatingSystem (string) --
Defines the operating system the patch baseline applies to. The default value is WINDOWS .
BaselineDescription (string) --
The description of the patch baseline.
DefaultBaseline (boolean) --
Whether this is the default baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Lists the properties of available patches organized by product, product family, classification, severity, and other properties of available patches. You can use the reported properties in the filters you specify in requests for operations such as CreatePatchBaseline , UpdatePatchBaseline , DescribeAvailablePatches , and DescribePatchBaselines .
The following section lists the properties that can be used in filters for each major operating system type:
AMAZON_LINUX
Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
AMAZON_LINUX_2
Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
CENTOS
Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
DEBIAN
Valid properties: PRODUCT | PRIORITY
MACOS
Valid properties: PRODUCT | CLASSIFICATION
ORACLE_LINUX
Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
REDHAT_ENTERPRISE_LINUX
Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
SUSE
Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
UBUNTU
Valid properties: PRODUCT | PRIORITY
WINDOWS
Valid properties: PRODUCT | PRODUCT_FAMILY | CLASSIFICATION | MSRC_SEVERITY
See also: AWS API Documentation
Request Syntax
response = client.describe_patch_properties(
OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
Property='PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PRIORITY'|'SEVERITY',
PatchSet='OS'|'APPLICATION',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The operating system type for which to list patches.
[REQUIRED]
The patch property for which you want to view patch details.
dict
Response Syntax
{
'Properties': [
{
'string': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Properties (list) --
A list of the properties for patches matching the filter request parameters.
NextToken (string) --
The token for the next set of items to return. (You use this token in the next call.)
Exceptions
Retrieves a list of all active sessions (both connected and disconnected) or terminated sessions from the past 30 days.
See also: AWS API Documentation
Request Syntax
response = client.describe_sessions(
State='Active'|'History',
MaxResults=123,
NextToken='string',
Filters=[
{
'key': 'InvokedAfter'|'InvokedBefore'|'Target'|'Owner'|'Status'|'SessionId',
'value': 'string'
},
]
)
[REQUIRED]
The session status to retrieve a list of sessions for. For example, "Active".
One or more filters to limit the type of sessions returned by the request.
Describes a filter for Session Manager information.
The name of the filter.
The filter value. Valid values for each filter key are as follows:
dict
Response Syntax
{
'Sessions': [
{
'SessionId': 'string',
'Target': 'string',
'Status': 'Connected'|'Connecting'|'Disconnected'|'Terminated'|'Terminating'|'Failed',
'StartDate': datetime(2015, 1, 1),
'EndDate': datetime(2015, 1, 1),
'DocumentName': 'string',
'Owner': 'string',
'Details': 'string',
'OutputUrl': {
'S3OutputUrl': 'string',
'CloudWatchOutputUrl': 'string'
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Sessions (list) --
A list of sessions meeting the request parameters.
(dict) --
Information about a Session Manager connection to an instance.
SessionId (string) --
The ID of the session.
Target (string) --
The instance that the Session Manager session connected to.
Status (string) --
The status of the session. For example, "Connected" or "Terminated".
StartDate (datetime) --
The date and time, in ISO-8601 Extended format, when the session began.
EndDate (datetime) --
The date and time, in ISO-8601 Extended format, when the session was terminated.
DocumentName (string) --
The name of the Session Manager SSM document used to define the parameters and plugin settings for the session. For example, SSM-SessionManagerRunShell .
Owner (string) --
The ID of the Amazon Web Services user account that started the session.
Details (string) --
Reserved for future use.
OutputUrl (dict) --
Reserved for future use.
S3OutputUrl (string) --
Reserved for future use.
CloudWatchOutputUrl (string) --
Reserved for future use.
NextToken (string) --
The token for the next set of items to return. (You received this token from a previous call.)
Exceptions
Deletes the association between an OpsItem and a related resource. For example, this API operation can delete an Incident Manager incident from an OpsItem. Incident Manager is a capability of Amazon Web Services Systems Manager.
See also: AWS API Documentation
Request Syntax
response = client.disassociate_ops_item_related_item(
OpsItemId='string',
AssociationId='string'
)
[REQUIRED]
The ID of the OpsItem for which you want to delete an association between the OpsItem and a related resource.
[REQUIRED]
The ID of the association for which you want to delete an association between the OpsItem and a related resource.
dict
Response Syntax
{}
Response Structure
Exceptions
Generate a presigned url given a client, its method, and arguments
The presigned url
Get detailed information about a particular Automation execution.
See also: AWS API Documentation
Request Syntax
response = client.get_automation_execution(
AutomationExecutionId='string'
)
[REQUIRED]
The unique identifier for an existing automation execution to examine. The execution ID is returned by StartAutomationExecution when the execution of an Automation runbook is initiated.
{
'AutomationExecution': {
'AutomationExecutionId': 'string',
'DocumentName': 'string',
'DocumentVersion': 'string',
'ExecutionStartTime': datetime(2015, 1, 1),
'ExecutionEndTime': datetime(2015, 1, 1),
'AutomationExecutionStatus': 'Pending'|'InProgress'|'Waiting'|'Success'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'PendingApproval'|'Approved'|'Rejected'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'CompletedWithSuccess'|'CompletedWithFailure',
'StepExecutions': [
{
'StepName': 'string',
'Action': 'string',
'TimeoutSeconds': 123,
'OnFailure': 'string',
'MaxAttempts': 123,
'ExecutionStartTime': datetime(2015, 1, 1),
'ExecutionEndTime': datetime(2015, 1, 1),
'StepStatus': 'Pending'|'InProgress'|'Waiting'|'Success'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'PendingApproval'|'Approved'|'Rejected'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'CompletedWithSuccess'|'CompletedWithFailure',
'ResponseCode': 'string',
'Inputs': {
'string': 'string'
},
'Outputs': {
'string': [
'string',
]
},
'Response': 'string',
'FailureMessage': 'string',
'FailureDetails': {
'FailureStage': 'string',
'FailureType': 'string',
'Details': {
'string': [
'string',
]
}
},
'StepExecutionId': 'string',
'OverriddenParameters': {
'string': [
'string',
]
},
'IsEnd': True|False,
'NextStep': 'string',
'IsCritical': True|False,
'ValidNextSteps': [
'string',
],
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TargetLocation': {
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
}
},
],
'StepExecutionsTruncated': True|False,
'Parameters': {
'string': [
'string',
]
},
'Outputs': {
'string': [
'string',
]
},
'FailureMessage': 'string',
'Mode': 'Auto'|'Interactive',
'ParentAutomationExecutionId': 'string',
'ExecutedBy': 'string',
'CurrentStepName': 'string',
'CurrentAction': 'string',
'TargetParameterName': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TargetMaps': [
{
'string': [
'string',
]
},
],
'ResolvedTargets': {
'ParameterValues': [
'string',
],
'Truncated': True|False
},
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'Target': 'string',
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
],
'ProgressCounters': {
'TotalSteps': 123,
'SuccessSteps': 123,
'FailedSteps': 123,
'CancelledSteps': 123,
'TimedOutSteps': 123
},
'AutomationSubtype': 'ChangeRequest',
'ScheduledTime': datetime(2015, 1, 1),
'Runbooks': [
{
'DocumentName': 'string',
'DocumentVersion': 'string',
'Parameters': {
'string': [
'string',
]
},
'TargetParameterName': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
},
],
'OpsItemId': 'string',
'AssociationId': 'string',
'ChangeRequestName': 'string'
}
}
Response Structure
Detailed information about the current state of an automation execution.
The execution ID.
The name of the Automation runbook used during the execution.
The version of the document to use during execution.
The time the execution started.
The time the execution finished.
The execution status of the Automation.
A list of details about the current state of all steps that comprise an execution. An Automation runbook contains a list of steps that are run in order.
Detailed information about an the execution state of an Automation step.
The name of this execution step.
The action this step performs. The action determines the behavior of the step.
The timeout seconds of the step.
The action to take if the step fails. The default value is Abort .
The maximum number of tries to run the action of the step. The default value is 1 .
If a step has begun execution, this contains the time the step started. If the step is in Pending status, this field isn't populated.
If a step has finished execution, this contains the time the execution ended. If the step hasn't yet concluded, this field isn't populated.
The execution status for this step.
The response code returned by the execution of the step.
Fully-resolved values passed into the step before execution.
Returned values from the execution of the step.
A message associated with the response code for an execution.
If a step failed, this message explains why the execution failed.
Information about the Automation failure.
The stage of the Automation execution when the failure occurred. The stages include the following: InputValidation, PreVerification, Invocation, PostVerification.
The type of Automation failure. Failure types include the following: Action, Permission, Throttling, Verification, Internal.
Detailed information about the Automation step failure.
The unique ID of a step execution.
A user-specified list of parameters to override when running a step.
The flag which can be used to end automation no matter whether the step succeeds or fails.
The next step after the step succeeds.
The flag which can be used to help decide whether the failure of current step leads to the Automation failure.
Strategies used when step fails, we support Continue and Abort. Abort will fail the automation when the step fails. Continue will ignore the failure of current step and allow automation to run the next step. With conditional branching, we add step:stepName to support the automation to go to another specific step.
The targets for the step execution.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
A boolean value that indicates if the response contains the full list of the Automation step executions. If true, use the DescribeAutomationStepExecutions API operation to get the full list of step executions.
The key-value map of execution parameters, which were supplied when calling StartAutomationExecution .
The list of execution outputs as defined in the Automation runbook.
A message describing why an execution has failed, if the status is set to Failed.
The automation execution mode.
The AutomationExecutionId of the parent automation.
The Amazon Resource Name (ARN) of the user who ran the automation.
The name of the step that is currently running.
The action of the step that is currently running.
The parameter name.
The specified targets.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
The specified key-value mapping of document parameters to target resources.
A list of resolved targets in the rate control execution.
A list of parameter values sent to targets that resolved during the Automation execution.
A boolean value indicating whether the resolved target list is truncated.
The MaxConcurrency value specified by the user when the execution started.
The MaxErrors value specified by the user when the execution started.
The target of the execution.
The combination of Regions and/or accounts where you want to run the Automation.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
An aggregate of step execution statuses displayed in the Amazon Web Services Systems Manager console for a multi-Region and multi-account Automation execution.
The total number of steps run in all specified Regions and accounts for the current Automation execution.
The total number of steps that successfully completed in all specified Regions and accounts for the current Automation execution.
The total number of steps that failed to run in all specified Regions and accounts for the current Automation execution.
The total number of steps that the system cancelled in all specified Regions and accounts for the current Automation execution.
The total number of steps that timed out in all specified Regions and accounts for the current Automation execution.
The subtype of the Automation operation. Currently, the only supported value is ChangeRequest .
The date and time the Automation operation is scheduled to start.
Information about the Automation runbooks that are run as part of a runbook workflow.
Note
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
Information about an Automation runbook used in a runbook workflow in Change Manager.
Note
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
The name of the Automation runbook used in a runbook workflow.
The version of the Automation runbook used in a runbook workflow.
The key-value map of execution parameters, which were supplied when calling StartChangeRequestExecution .
The name of the parameter used as the target resource for the rate-controlled runbook workflow. Required if you specify Targets .
A key-value mapping to target resources that the runbook operation performs tasks on. Required if you specify TargetParameterName .
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
The MaxConcurrency value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time.
The MaxErrors value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back.
Information about the Regions and accounts targeted by the current Runbook operation.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
The ID of an OpsItem that is created to represent a Change Manager change request.
The ID of a State Manager association used in the Automation operation.
The name of the Change Manager change request.
Exceptions
Gets the state of a Amazon Web Services Systems Manager change calendar at the current time or a specified time. If you specify a time, GetCalendarState returns the state of the calendar at that specific time, and returns the next time that the change calendar state will transition. If you don't specify a time, GetCalendarState uses the current time. Change Calendar entries have two possible states: OPEN or CLOSED .
If you specify more than one calendar in a request, the command returns the status of OPEN only if all calendars in the request are open. If one or more calendars in the request are closed, the status returned is CLOSED .
For more information about Change Calendar, a capability of Amazon Web Services Systems Manager, see Amazon Web Services Systems Manager Change Calendar in the Amazon Web Services Systems Manager User Guide .
See also: AWS API Documentation
Request Syntax
response = client.get_calendar_state(
CalendarNames=[
'string',
],
AtTime='string'
)
[REQUIRED]
The names or Amazon Resource Names (ARNs) of the Systems Manager documents (SSM documents) that represent the calendar entries for which you want to get the state.
dict
Response Syntax
{
'State': 'OPEN'|'CLOSED',
'AtTime': 'string',
'NextTransitionTime': 'string'
}
Response Structure
(dict) --
State (string) --
The state of the calendar. An OPEN calendar indicates that actions are allowed to proceed, and a CLOSED calendar indicates that actions aren't allowed to proceed.
AtTime (string) --
The time, as an ISO 8601 string, that you specified in your command. If you don't specify a time, GetCalendarState uses the current time.
NextTransitionTime (string) --
The time, as an ISO 8601 string, that the calendar state will change. If the current calendar state is OPEN , NextTransitionTime indicates when the calendar state changes to CLOSED , and vice-versa.
Exceptions
Returns detailed information about command execution for an invocation or plugin.
GetCommandInvocation only gives the execution status of a plugin in a document. To get the command execution status on a specific instance, use ListCommandInvocations . To get the command execution status across instances, use ListCommands .
See also: AWS API Documentation
Request Syntax
response = client.get_command_invocation(
CommandId='string',
InstanceId='string',
PluginName='string'
)
[REQUIRED]
(Required) The parent command ID of the invocation plugin.
[REQUIRED]
(Required) The ID of the managed instance targeted by the command. A managed instance can be an Amazon Elastic Compute Cloud (Amazon EC2) instance or an instance in your hybrid environment that is configured for Amazon Web Services Systems Manager.
The name of the plugin for which you want detailed results. If the document contains only one plugin, you can omit the name and details for that plugin. If the document contains more than one plugin, you must specify the name of the plugin for which you want to view details.
Plugin names are also referred to as step names in Systems Manager documents (SSM documents). For example, aws:RunShellScript is a plugin.
To find the PluginName , check the document content and find the name of the plugin. Alternatively, use ListCommandInvocations with the CommandId and Details parameters. The PluginName is the Name attribute of the CommandPlugin object in the CommandPlugins list.
dict
Response Syntax
{
'CommandId': 'string',
'InstanceId': 'string',
'Comment': 'string',
'DocumentName': 'string',
'DocumentVersion': 'string',
'PluginName': 'string',
'ResponseCode': 123,
'ExecutionStartDateTime': 'string',
'ExecutionElapsedTime': 'string',
'ExecutionEndDateTime': 'string',
'Status': 'Pending'|'InProgress'|'Delayed'|'Success'|'Cancelled'|'TimedOut'|'Failed'|'Cancelling',
'StatusDetails': 'string',
'StandardOutputContent': 'string',
'StandardOutputUrl': 'string',
'StandardErrorContent': 'string',
'StandardErrorUrl': 'string',
'CloudWatchOutputConfig': {
'CloudWatchLogGroupName': 'string',
'CloudWatchOutputEnabled': True|False
}
}
Response Structure
(dict) --
CommandId (string) --
The parent command ID of the invocation plugin.
InstanceId (string) --
The ID of the managed instance targeted by the command. A managed instance can be an EC2 instance or an instance in your hybrid environment that is configured for Systems Manager.
Comment (string) --
The comment text for the command.
DocumentName (string) --
The name of the document that was run. For example, AWS-RunShellScript .
DocumentVersion (string) --
The Systems Manager document (SSM document) version used in the request.
PluginName (string) --
The name of the plugin, or step name , for which details are reported. For example, aws:RunShellScript is a plugin.
ResponseCode (integer) --
The error level response code for the plugin script. If the response code is -1 , then the command hasn't started running on the instance, or it wasn't received by the instance.
ExecutionStartDateTime (string) --
The date and time the plugin started running. Date and time are written in ISO 8601 format. For example, June 7, 2017 is represented as 2017-06-7. The following sample Amazon Web Services CLI command uses the InvokedBefore filter.
aws ssm list-commands --filters key=InvokedBefore,value=2017-06-07T00:00:00Z
If the plugin hasn't started to run, the string is empty.
ExecutionElapsedTime (string) --
Duration since ExecutionStartDateTime .
ExecutionEndDateTime (string) --
The date and time the plugin finished running. Date and time are written in ISO 8601 format. For example, June 7, 2017 is represented as 2017-06-7. The following sample Amazon Web Services CLI command uses the InvokedAfter filter.
aws ssm list-commands --filters key=InvokedAfter,value=2017-06-07T00:00:00Z
If the plugin hasn't started to run, the string is empty.
Status (string) --
The status of this invocation plugin. This status can be different than StatusDetails .
StatusDetails (string) --
A detailed status of the command execution for an invocation. StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status . For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide . StatusDetails can be one of the following values:
StandardOutputContent (string) --
The first 24,000 characters written by the plugin to stdout . If the command hasn't finished running, if ExecutionStatus is neither Succeeded nor Failed, then this string is empty.
StandardOutputUrl (string) --
The URL for the complete text written by the plugin to stdout in Amazon Simple Storage Service (Amazon S3). If an S3 bucket wasn't specified, then this string is empty.
StandardErrorContent (string) --
The first 8,000 characters written by the plugin to stderr . If the command hasn't finished running, then this string is empty.
StandardErrorUrl (string) --
The URL for the complete text written by the plugin to stderr . If the command hasn't finished running, then this string is empty.
CloudWatchOutputConfig (dict) --
Amazon CloudWatch Logs information where Systems Manager sent the command output.
CloudWatchLogGroupName (string) --
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
``aws/ssm/SystemsManagerDocumentName ``
CloudWatchOutputEnabled (boolean) --
Enables Systems Manager to send command output to CloudWatch Logs.
Exceptions
Retrieves the Session Manager connection status for an instance to determine whether it is running and ready to receive Session Manager connections.
See also: AWS API Documentation
Request Syntax
response = client.get_connection_status(
Target='string'
)
[REQUIRED]
The ID of the instance.
{
'Target': 'string',
'Status': 'Connected'|'NotConnected'
}
Response Structure
The ID of the instance to check connection status.
The status of the connection to the instance. For example, 'Connected' or 'Not Connected'.
Exceptions
Retrieves the default patch baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
If you don't specify an operating system value, the default patch baseline for Windows is returned.
See also: AWS API Documentation
Request Syntax
response = client.get_default_patch_baseline(
OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS'
)
{
'BaselineId': 'string',
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS'
}
Response Structure
The ID of the default patch baseline.
The operating system for the returned patch baseline.
Exceptions
Retrieves the current snapshot for the patch baseline the instance uses. This API is primarily used by the AWS-RunPatchBaseline Systems Manager document (SSM document).
Note
If you run the command locally, such as with the Command Line Interface (CLI), the system attempts to use your local AWS credentials and the operation fails. To avoid this, you can run the command in the Amazon Web Services Systems Manager console. Use Run Command, a capability of Amazon Web Services Systems Manager, with an SSM document that enables you to target an instance with a script or command. For example, run the command using the AWS-RunShellScript document or the AWS-RunPowerShellScript document.
See also: AWS API Documentation
Request Syntax
response = client.get_deployable_patch_snapshot_for_instance(
InstanceId='string',
SnapshotId='string',
BaselineOverride={
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
'GlobalFilters': {
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
'ApprovalRules': {
'PatchRules': [
{
'PatchFilterGroup': {
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApproveAfterDays': 123,
'ApproveUntilDate': 'string',
'EnableNonSecurity': True|False
},
]
},
'ApprovedPatches': [
'string',
],
'ApprovedPatchesComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'RejectedPatches': [
'string',
],
'RejectedPatchesAction': 'ALLOW_AS_DEPENDENCY'|'BLOCK',
'ApprovedPatchesEnableNonSecurity': True|False,
'Sources': [
{
'Name': 'string',
'Products': [
'string',
],
'Configuration': 'string'
},
]
}
)
[REQUIRED]
The ID of the instance for which the appropriate patch snapshot should be retrieved.
[REQUIRED]
The snapshot ID provided by the user when running AWS-RunPatchBaseline .
Defines the basic information about a patch baseline override.
The operating system rule used by the patch baseline override.
A set of patch filters, typically used for approval rules.
The set of patch filters that make up the group.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
A set of rules defining the approval rules for a patch baseline.
The rules that make up the rule group.
Defines an approval rule for a patch baseline.
The patch filter group that defines the criteria for the rule.
The set of patch filters that make up the group.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
A compliance severity level for all approved patches in a patch baseline.
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu Server.
The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
Enter dates in the format YYYY-MM-DD . For example, 2021-12-31 .
For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux instances only.
A list of explicitly approved patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide .
Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation.
A list of explicitly rejected patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide .
The action for Patch Manager to take on patches included in the RejectedPackages list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency.
Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is false . Applies to Linux instances only.
Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
The name specified to identify the patch source.
The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter .
The value of the yum repo configuration. For example:
[main]name=MyCustomRepository
baseurl=https://my-custom-repository
enabled=1
Note
For information about other options available for your yum repository configuration, see dnf.conf(5) .
dict
Response Syntax
{
'InstanceId': 'string',
'SnapshotId': 'string',
'SnapshotDownloadUrl': 'string',
'Product': 'string'
}
Response Structure
(dict) --
InstanceId (string) --
The ID of the instance.
SnapshotId (string) --
The user-defined snapshot ID.
SnapshotDownloadUrl (string) --
A pre-signed Amazon Simple Storage Service (Amazon S3) URL that can be used to download the patch snapshot.
Product (string) --
Returns the specific operating system (for example Windows Server 2012 or Amazon Linux 2015.09) on the instance for the specified patch snapshot.
Exceptions
Gets the contents of the specified Amazon Web Services Systems Manager document (SSM document).
See also: AWS API Documentation
Request Syntax
response = client.get_document(
Name='string',
VersionName='string',
DocumentVersion='string',
DocumentFormat='YAML'|'JSON'|'TEXT'
)
[REQUIRED]
The name of the SSM document.
dict
Response Syntax
{
'Name': 'string',
'CreatedDate': datetime(2015, 1, 1),
'DisplayName': 'string',
'VersionName': 'string',
'DocumentVersion': 'string',
'Status': 'Creating'|'Active'|'Updating'|'Deleting'|'Failed',
'StatusInformation': 'string',
'Content': 'string',
'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate',
'DocumentFormat': 'YAML'|'JSON'|'TEXT',
'Requires': [
{
'Name': 'string',
'Version': 'string'
},
],
'AttachmentsContent': [
{
'Name': 'string',
'Size': 123,
'Hash': 'string',
'HashType': 'Sha256',
'Url': 'string'
},
],
'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED'
}
Response Structure
(dict) --
Name (string) --
The name of the SSM document.
CreatedDate (datetime) --
The date the SSM document was created.
DisplayName (string) --
The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument .
VersionName (string) --
The version of the artifact associated with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document, and can't be changed.
DocumentVersion (string) --
The document version.
Status (string) --
The status of the SSM document, such as Creating , Active , Updating , Failed , and Deleting .
StatusInformation (string) --
A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."
Content (string) --
The contents of the SSM document.
DocumentType (string) --
The document type.
DocumentFormat (string) --
The document format, either JSON or YAML.
Requires (list) --
A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.
(dict) --
An SSM document required by the current document.
Name (string) --
The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version (string) --
The document version required by the current document.
AttachmentsContent (list) --
A description of the document attachments, including names, locations, sizes, and so on.
(dict) --
A structure that includes attributes that describe a document attachment.
Name (string) --
The name of an attachment.
Size (integer) --
The size of an attachment in bytes.
Hash (string) --
The cryptographic hash value of the document content.
HashType (string) --
The hash algorithm used to calculate the hash value.
Url (string) --
The URL location of the attachment content.
ReviewStatus (string) --
The current review status of a new custom Systems Manager document (SSM document) created by a member of your organization, or of the latest version of an existing SSM document.
Only one version of an SSM document can be in the APPROVED state at a time. When a new version is approved, the status of the previous version changes to REJECTED.
Only one version of an SSM document can be in review, or PENDING, at a time.
Exceptions
Query inventory information.
See also: AWS API Documentation
Request Syntax
response = client.get_inventory(
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'BeginWith'|'LessThan'|'GreaterThan'|'Exists'
},
],
Aggregators=[
{
'Expression': 'string',
'Aggregators': {'... recursive ...'},
'Groups': [
{
'Name': 'string',
'Filters': [
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'BeginWith'|'LessThan'|'GreaterThan'|'Exists'
},
]
},
]
},
],
ResultAttributes=[
{
'TypeName': 'string'
},
],
NextToken='string',
MaxResults=123
)
One or more filters. Use a filter to return a more specific list of results.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter key.
Inventory filter values. Example: inventory filter where instance IDs are specified as values Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal .
The type of filter.
Note
The Exists filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide .
Returns counts of inventory types based on one or more expressions. For example, if you aggregate by using an expression that uses the AWS:InstanceInformation.PlatformType type, you can see a count of how many Windows and Linux instances exist in your inventoried fleet.
Specifies the inventory type and attribute for the aggregation execution.
The inventory type and attribute name for aggregation.
Nested aggregators to further refine aggregation for an inventory type.
A user-defined set of one or more filters on which to aggregate inventory data. Groups return a count of resources that match and don't match the specified criteria.
A user-defined set of one or more filters on which to aggregate inventory data. Groups return a count of resources that match and don't match the specified criteria.
The name of the group.
Filters define the criteria for the group. The matchingCount field displays the number of resources that match the criteria. The notMatchingCount field displays the number of resources that don't match the criteria.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter key.
Inventory filter values. Example: inventory filter where instance IDs are specified as values Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal .
The type of filter.
Note
The Exists filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide .
The list of inventory item types to return.
The inventory item result attribute.
Name of the inventory item type. Valid value: AWS:InstanceInformation . Default Value: AWS:InstanceInformation .
dict
Response Syntax
{
'Entities': [
{
'Id': 'string',
'Data': {
'string': {
'TypeName': 'string',
'SchemaVersion': 'string',
'CaptureTime': 'string',
'ContentHash': 'string',
'Content': [
{
'string': 'string'
},
]
}
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Entities (list) --
Collection of inventory entities such as a collection of instance inventory.
(dict) --
Inventory query results.
Id (string) --
ID of the inventory result entity. For example, for managed instance inventory the result will be the managed instance ID. For EC2 instance inventory, the result will be the instance ID.
Data (dict) --
The data section in the inventory result entity JSON.
(string) --
(dict) --
The inventory result item.
TypeName (string) --
The name of the inventory result item type.
SchemaVersion (string) --
The schema version for the inventory result item/
CaptureTime (string) --
The time inventory item data was captured.
ContentHash (string) --
MD5 hash of the inventory item type contents. The content hash is used to determine whether to update inventory information. The PutInventory API doesn't update the inventory item type contents if the MD5 hash hasn't changed since last update.
Content (list) --
Contains all the inventory data of the item type. Results include attribute names and values.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Return a list of inventory type names for the account, or return a list of attribute names for a specific Inventory item type.
See also: AWS API Documentation
Request Syntax
response = client.get_inventory_schema(
TypeName='string',
NextToken='string',
MaxResults=123,
Aggregator=True|False,
SubType=True|False
)
dict
Response Syntax
{
'Schemas': [
{
'TypeName': 'string',
'Version': 'string',
'Attributes': [
{
'Name': 'string',
'DataType': 'string'|'number'
},
],
'DisplayName': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Schemas (list) --
Inventory schemas returned by the request.
(dict) --
The inventory item schema definition. Users can use this to compose inventory query filters.
TypeName (string) --
The name of the inventory type. Default inventory item type names start with Amazon Web Services. Custom inventory type names will start with Custom. Default inventory item types include the following: AWS:AWSComponent , AWS:Application , AWS:InstanceInformation , AWS:Network , and AWS:WindowsUpdate .
Version (string) --
The schema version for the inventory item.
Attributes (list) --
The schema attributes for inventory. This contains data type and attribute name.
(dict) --
Attributes are the entries within the inventory item content. It contains name and value.
Name (string) --
Name of the inventory item attribute.
DataType (string) --
The data type of the inventory item attribute.
DisplayName (string) --
The alias name of the inventory type. The alias name is used for display purposes.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves a maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.get_maintenance_window(
WindowId='string'
)
[REQUIRED]
The ID of the maintenance window for which you want to retrieve information.
{
'WindowId': 'string',
'Name': 'string',
'Description': 'string',
'StartDate': 'string',
'EndDate': 'string',
'Schedule': 'string',
'ScheduleTimezone': 'string',
'ScheduleOffset': 123,
'NextExecutionTime': 'string',
'Duration': 123,
'Cutoff': 123,
'AllowUnassociatedTargets': True|False,
'Enabled': True|False,
'CreatedDate': datetime(2015, 1, 1),
'ModifiedDate': datetime(2015, 1, 1)
}
Response Structure
The ID of the created maintenance window.
The name of the maintenance window.
The description of the maintenance window.
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. The maintenance window won't run before this specified time.
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive. The maintenance window won't run after this specified time.
The schedule of the maintenance window in the form of a cron or rate expression.
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive.
The duration of the maintenance window in hours.
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
Whether targets must be registered with the maintenance window before tasks can be defined for those targets.
Indicates whether the maintenance window is enabled.
The date the maintenance window was created.
The date the maintenance window was last modified.
Exceptions
Retrieves details about a specific a maintenance window execution.
See also: AWS API Documentation
Request Syntax
response = client.get_maintenance_window_execution(
WindowExecutionId='string'
)
[REQUIRED]
The ID of the maintenance window execution that includes the task.
{
'WindowExecutionId': 'string',
'TaskIds': [
'string',
],
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1)
}
Response Structure
The ID of the maintenance window execution.
The ID of the task executions from the maintenance window execution.
The status of the maintenance window execution.
The details explaining the status. Not available for all status values.
The time the maintenance window started running.
The time the maintenance window finished running.
Exceptions
Retrieves the details about a specific task run as part of a maintenance window execution.
See also: AWS API Documentation
Request Syntax
response = client.get_maintenance_window_execution_task(
WindowExecutionId='string',
TaskId='string'
)
[REQUIRED]
The ID of the maintenance window execution that includes the task.
[REQUIRED]
The ID of the specific task execution in the maintenance window task that should be retrieved.
dict
Response Syntax
{
'WindowExecutionId': 'string',
'TaskExecutionId': 'string',
'TaskArn': 'string',
'ServiceRole': 'string',
'Type': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA',
'TaskParameters': [
{
'string': {
'Values': [
'string',
]
}
},
],
'Priority': 123,
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1)
}
Response Structure
(dict) --
WindowExecutionId (string) --
The ID of the maintenance window execution that includes the task.
TaskExecutionId (string) --
The ID of the specific task execution in the maintenance window task that was retrieved.
TaskArn (string) --
The Amazon Resource Name (ARN) of the task that ran.
ServiceRole (string) --
The role that was assumed when running the task.
Type (string) --
The type of task that was run.
TaskParameters (list) --
The parameters passed to the task when it was run.
Note
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
The map has the following format:
(dict) --
(string) --
(dict) --
Defines the values for a task parameter.
Values (list) --
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
Priority (integer) --
The priority of the task.
MaxConcurrency (string) --
The defined maximum number of task executions that could be run in parallel.
MaxErrors (string) --
The defined maximum number of task execution errors allowed before scheduling of the task execution would have been stopped.
Status (string) --
The status of the task.
StatusDetails (string) --
The details explaining the status. Not available for all status values.
StartTime (datetime) --
The time the task execution started.
EndTime (datetime) --
The time the task execution completed.
Exceptions
Retrieves information about a specific task running on a specific target.
See also: AWS API Documentation
Request Syntax
response = client.get_maintenance_window_execution_task_invocation(
WindowExecutionId='string',
TaskId='string',
InvocationId='string'
)
[REQUIRED]
The ID of the maintenance window execution for which the task is a part.
[REQUIRED]
The ID of the specific task in the maintenance window task that should be retrieved.
[REQUIRED]
The invocation ID to retrieve.
dict
Response Syntax
{
'WindowExecutionId': 'string',
'TaskExecutionId': 'string',
'InvocationId': 'string',
'ExecutionId': 'string',
'TaskType': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA',
'Parameters': 'string',
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1),
'OwnerInformation': 'string',
'WindowTargetId': 'string'
}
Response Structure
(dict) --
WindowExecutionId (string) --
The maintenance window execution ID.
TaskExecutionId (string) --
The task execution ID.
InvocationId (string) --
The invocation ID.
ExecutionId (string) --
The execution ID.
TaskType (string) --
Retrieves the task type for a maintenance window.
Parameters (string) --
The parameters used at the time that the task ran.
Status (string) --
The task status for an invocation.
StatusDetails (string) --
The details explaining the status. Details are only available for certain status values.
StartTime (datetime) --
The time that the task started running on the target.
EndTime (datetime) --
The time that the task finished running on the target.
OwnerInformation (string) --
User-provided value to be included in any Amazon CloudWatch Events or Amazon EventBridge events raised while running tasks for these targets in this maintenance window.
WindowTargetId (string) --
The maintenance window target ID.
Exceptions
Lists the tasks in a maintenance window.
Note
For maintenance window tasks without a specified target, you can't supply values for --max-errors and --max-concurrency . Instead, the system inserts a placeholder value of 1 , which may be reported in the response to this command. These values don't affect the running of your task and can be ignored.
See also: AWS API Documentation
Request Syntax
response = client.get_maintenance_window_task(
WindowId='string',
WindowTaskId='string'
)
[REQUIRED]
The maintenance window ID that includes the task to retrieve.
[REQUIRED]
The maintenance window task ID to retrieve.
dict
Response Syntax
{
'WindowId': 'string',
'WindowTaskId': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TaskArn': 'string',
'ServiceRoleArn': 'string',
'TaskType': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA',
'TaskParameters': {
'string': {
'Values': [
'string',
]
}
},
'TaskInvocationParameters': {
'RunCommand': {
'Comment': 'string',
'CloudWatchOutputConfig': {
'CloudWatchLogGroupName': 'string',
'CloudWatchOutputEnabled': True|False
},
'DocumentHash': 'string',
'DocumentHashType': 'Sha256'|'Sha1',
'DocumentVersion': 'string',
'NotificationConfig': {
'NotificationArn': 'string',
'NotificationEvents': [
'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed',
],
'NotificationType': 'Command'|'Invocation'
},
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string',
'Parameters': {
'string': [
'string',
]
},
'ServiceRoleArn': 'string',
'TimeoutSeconds': 123
},
'Automation': {
'DocumentVersion': 'string',
'Parameters': {
'string': [
'string',
]
}
},
'StepFunctions': {
'Input': 'string',
'Name': 'string'
},
'Lambda': {
'ClientContext': 'string',
'Qualifier': 'string',
'Payload': b'bytes'
}
},
'Priority': 123,
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'LoggingInfo': {
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'S3Region': 'string'
},
'Name': 'string',
'Description': 'string'
}
Response Structure
(dict) --
WindowId (string) --
The retrieved maintenance window ID.
WindowTaskId (string) --
The retrieved maintenance window task ID.
Targets (list) --
The targets where the task should run.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TaskArn (string) --
The resource that the task used during execution. For RUN_COMMAND and AUTOMATION task types, the value of TaskArn is the SSM document name/ARN. For LAMBDA tasks, the value is the function name/ARN. For STEP_FUNCTIONS tasks, the value is the state machine ARN.
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TaskType (string) --
The type of task to run.
TaskParameters (dict) --
The parameters to pass to the task when it runs.
Note
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
(string) --
(dict) --
Defines the values for a task parameter.
Values (list) --
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
TaskInvocationParameters (dict) --
The parameters to pass to the task when it runs.
RunCommand (dict) --
The parameters for a RUN_COMMAND task type.
Comment (string) --
Information about the commands to run.
CloudWatchOutputConfig (dict) --
Configuration options for sending command output to Amazon CloudWatch Logs.
CloudWatchLogGroupName (string) --
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
``aws/ssm/SystemsManagerDocumentName ``
CloudWatchOutputEnabled (boolean) --
Enables Systems Manager to send command output to CloudWatch Logs.
DocumentHash (string) --
The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
DocumentHashType (string) --
SHA-256 or SHA-1. SHA-1 hashes have been deprecated.
DocumentVersion (string) --
The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify $DEFAULT , $LATEST , or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:
--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
NotificationConfig (dict) --
Configurations for sending notifications about command status changes on a per-instance basis.
NotificationArn (string) --
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents (list) --
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide .
NotificationType (string) --
The type of notification.
OutputS3BucketName (string) --
The name of the Amazon Simple Storage Service (Amazon S3) bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
Parameters (dict) --
The parameters for the RUN_COMMAND task execution.
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TimeoutSeconds (integer) --
If this time is reached and the command hasn't already started running, it doesn't run.
Automation (dict) --
The parameters for an AUTOMATION task type.
DocumentVersion (string) --
The version of an Automation runbook to use during task execution.
Parameters (dict) --
The parameters for the AUTOMATION task.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask .
Note
LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
For AUTOMATION task types, Amazon Web Services Systems Manager ignores any values specified for these parameters.
StepFunctions (dict) --
The parameters for a STEP_FUNCTIONS task type.
Input (string) --
The inputs for the STEP_FUNCTIONS task.
Name (string) --
The name of the STEP_FUNCTIONS task.
Lambda (dict) --
The parameters for a LAMBDA task type.
ClientContext (string) --
Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.
Qualifier (string) --
(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.
Payload (bytes) --
JSON to provide to your Lambda function as input.
Priority (integer) --
The priority of the task when it runs. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
MaxConcurrency (string) --
The maximum number of targets allowed to run this task in parallel.
Note
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1 , which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored.
MaxErrors (string) --
The maximum number of errors allowed before the task stops being scheduled.
Note
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1 , which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored.
LoggingInfo (dict) --
The location in Amazon Simple Storage Service (Amazon S3) where the task results are logged.
Note
LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
S3BucketName (string) --
The name of an S3 bucket where execution logs are stored .
S3KeyPrefix (string) --
(Optional) The S3 bucket subfolder.
S3Region (string) --
The Region where the S3 bucket is located.
Name (string) --
The retrieved task name.
Description (string) --
The retrieved task description.
Exceptions
Get information about an OpsItem by using the ID. You must have permission in Identity and Access Management (IAM) to view information about an OpsItem. For more information, see Getting started with OpsCenter in the Amazon Web Services Systems Manager User Guide .
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see OpsCenter in the Amazon Web Services Systems Manager User Guide .
See also: AWS API Documentation
Request Syntax
response = client.get_ops_item(
OpsItemId='string'
)
[REQUIRED]
The ID of the OpsItem that you want to get.
{
'OpsItem': {
'CreatedBy': 'string',
'OpsItemType': 'string',
'CreatedTime': datetime(2015, 1, 1),
'Description': 'string',
'LastModifiedBy': 'string',
'LastModifiedTime': datetime(2015, 1, 1),
'Notifications': [
{
'Arn': 'string'
},
],
'Priority': 123,
'RelatedOpsItems': [
{
'OpsItemId': 'string'
},
],
'Status': 'Open'|'InProgress'|'Resolved'|'Pending'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'CompletedWithSuccess'|'CompletedWithFailure'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'PendingApproval'|'Approved'|'Rejected'|'Closed',
'OpsItemId': 'string',
'Version': 'string',
'Title': 'string',
'Source': 'string',
'OperationalData': {
'string': {
'Value': 'string',
'Type': 'SearchableString'|'String'
}
},
'Category': 'string',
'Severity': 'string',
'ActualStartTime': datetime(2015, 1, 1),
'ActualEndTime': datetime(2015, 1, 1),
'PlannedStartTime': datetime(2015, 1, 1),
'PlannedEndTime': datetime(2015, 1, 1)
}
}
Response Structure
The OpsItem.
The ARN of the account that created the OpsItem.
The type of OpsItem. Currently, the only valid values are /aws/changerequest and /aws/issue .
The date and time the OpsItem was created.
The OpsItem description.
The ARN of the account that last updated the OpsItem.
The date and time the OpsItem was last updated.
The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.
A notification about the OpsItem.
The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.
The importance of this OpsItem in relation to other OpsItems in the system.
One or more OpsItems that share something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
An OpsItems that shares something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
The ID of an OpsItem related to the current OpsItem.
The OpsItem status. Status can be Open , In Progress , or Resolved . For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide .
The ID of the OpsItem.
The version of this OpsItem. Each time the OpsItem is edited the version number increments by one.
A short heading that describes the nature of the OpsItem and the impacted resource.
The origin of the OpsItem, such as Amazon EC2 or Systems Manager. The impacted resource is a subset of source.
Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.
Warning
Operational data keys can't begin with the following: amazon , aws , amzn , ssm , /amazon , /aws , /amzn , /ssm .
You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).
Use the /aws/resources key in OperationalData to specify a related resource in the request. Use the /aws/automations key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Creating OpsItems manually in the Amazon Web Services Systems Manager User Guide .
An object that defines the value of the key and its type in the OperationalData map.
The value of the OperationalData key.
The type of key-value pair. Valid types include SearchableString and String .
An OpsItem category. Category options include: Availability, Cost, Performance, Recovery, Security.
The severity of the OpsItem. Severity options range from 1 to 4.
The time a runbook workflow started. Currently reported only for the OpsItem type /aws/changerequest .
The time a runbook workflow ended. Currently reported only for the OpsItem type /aws/changerequest .
The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type /aws/changerequest .
The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest .
Exceptions
View operational metadata related to an application in Application Manager.
See also: AWS API Documentation
Request Syntax
response = client.get_ops_metadata(
OpsMetadataArn='string',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The Amazon Resource Name (ARN) of an OpsMetadata Object to view.
dict
Response Syntax
{
'ResourceId': 'string',
'Metadata': {
'string': {
'Value': 'string'
}
},
'NextToken': 'string'
}
Response Structure
(dict) --
ResourceId (string) --
The resource ID of the Application Manager application.
Metadata (dict) --
OpsMetadata for an Application Manager application.
(string) --
(dict) --
Metadata to assign to an Application Manager application.
Value (string) --
Metadata value to assign to an Application Manager application.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
View a summary of operations metadata (OpsData) based on specified filters and aggregators. OpsData can include information about Amazon Web Services Systems Manager OpsCenter operational workitems (OpsItems) as well as information about any Amazon Web Services resource or service configured to report OpsData to Amazon Web Services Systems Manager Explorer.
See also: AWS API Documentation
Request Syntax
response = client.get_ops_summary(
SyncName='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'BeginWith'|'LessThan'|'GreaterThan'|'Exists'
},
],
Aggregators=[
{
'AggregatorType': 'string',
'TypeName': 'string',
'AttributeName': 'string',
'Values': {
'string': 'string'
},
'Filters': [
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'BeginWith'|'LessThan'|'GreaterThan'|'Exists'
},
],
'Aggregators': {'... recursive ...'}
},
],
ResultAttributes=[
{
'TypeName': 'string'
},
],
NextToken='string',
MaxResults=123
)
Optional filters used to scope down the returned OpsData.
A filter for viewing OpsData summaries.
The name of the filter.
The filter value.
The type of filter.
Optional aggregators that return counts of OpsData based on one or more expressions.
One or more aggregators for viewing counts of OpsData using different dimensions such as Source , CreatedTime , or Source and CreatedTime , to name a few.
Either a Range or Count aggregator for limiting an OpsData summary.
The data type name to use for viewing counts of OpsData.
The name of an OpsData attribute on which to limit the count of OpsData.
The aggregator value.
The aggregator filters.
A filter for viewing OpsData summaries.
The name of the filter.
The filter value.
The type of filter.
A nested aggregator for viewing counts of OpsData.
The OpsData data type to return.
The OpsItem data type to return.
Name of the data type. Valid value: AWS:OpsItem , AWS:EC2InstanceInformation , AWS:OpsItemTrendline , or AWS:ComplianceSummary .
dict
Response Syntax
{
'Entities': [
{
'Id': 'string',
'Data': {
'string': {
'CaptureTime': 'string',
'Content': [
{
'string': 'string'
},
]
}
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Entities (list) --
The list of aggregated and filtered OpsData.
(dict) --
The result of the query.
Id (string) --
The query ID.
Data (dict) --
The data returned by the query.
(string) --
(dict) --
The OpsData summary.
CaptureTime (string) --
The time the OpsData was captured.
Content (list) --
The details of an OpsData summary.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Create a paginator for an operation.
Get information about a parameter by using the parameter name. Don't confuse this API operation with the GetParameters API operation.
See also: AWS API Documentation
Request Syntax
response = client.get_parameter(
Name='string',
WithDecryption=True|False
)
[REQUIRED]
The name of the parameter you want to query.
dict
Response Syntax
{
'Parameter': {
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'Value': 'string',
'Version': 123,
'Selector': 'string',
'SourceResult': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'ARN': 'string',
'DataType': 'string'
}
}
Response Structure
(dict) --
Parameter (dict) --
Information about a parameter.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. Valid values include the following: String , StringList , and SecureString .
Value (string) --
The parameter value.
Version (integer) --
The parameter version.
Selector (string) --
Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:
parameter_name:version
parameter_name:label
SourceResult (string) --
Applies to parameters that reference information in other Amazon Web Services services. SourceResult is the raw result or response from the source.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated and the parameter version was created.
ARN (string) --
The Amazon Resource Name (ARN) of the parameter.
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
Exceptions
Retrieves the history of all changes to a parameter.
See also: AWS API Documentation
Request Syntax
response = client.get_parameter_history(
Name='string',
WithDecryption=True|False,
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The name of the parameter for which you want to review history.
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'KeyId': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'LastModifiedUser': 'string',
'Description': 'string',
'Value': 'string',
'AllowedPattern': 'string',
'Version': 123,
'Labels': [
'string',
],
'Tier': 'Standard'|'Advanced'|'Intelligent-Tiering',
'Policies': [
{
'PolicyText': 'string',
'PolicyType': 'string',
'PolicyStatus': 'string'
},
],
'DataType': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Parameters (list) --
A list of parameters returned by the request.
(dict) --
Information about parameter usage.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter used.
KeyId (string) --
The ID of the query key used for this parameter.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated.
LastModifiedUser (string) --
Amazon Resource Name (ARN) of the Amazon Web Services user who last changed the parameter.
Description (string) --
Information about the parameter.
Value (string) --
The parameter value.
AllowedPattern (string) --
Parameter names can include the following letters and symbols.
Version (integer) --
The parameter version.
Labels (list) --
Labels assigned to the parameter version.
Tier (string) --
The parameter tier.
Policies (list) --
Information about the policies assigned to a parameter.
Assigning parameter policies in the Amazon Web Services Systems Manager User Guide .
(dict) --
One or more policies assigned to a parameter.
PolicyText (string) --
The JSON text of the policy.
PolicyType (string) --
The type of policy. Parameter Store, a capablility of Amazon Web Services Systems Manager, supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
PolicyStatus (string) --
The status of the policy. Policies report the following statuses: Pending (the policy hasn't been enforced or applied yet), Finished (the policy was applied), Failed (the policy wasn't applied), or InProgress (the policy is being applied now).
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Get details of a parameter. Don't confuse this API operation with the GetParameter API operation.
See also: AWS API Documentation
Request Syntax
response = client.get_parameters(
Names=[
'string',
],
WithDecryption=True|False
)
[REQUIRED]
Names of the parameters for which you want to query information.
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'Value': 'string',
'Version': 123,
'Selector': 'string',
'SourceResult': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'ARN': 'string',
'DataType': 'string'
},
],
'InvalidParameters': [
'string',
]
}
Response Structure
(dict) --
Parameters (list) --
A list of details for a parameter.
(dict) --
An Amazon Web Services Systems Manager parameter in Parameter Store.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. Valid values include the following: String , StringList , and SecureString .
Value (string) --
The parameter value.
Version (integer) --
The parameter version.
Selector (string) --
Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:
parameter_name:version
parameter_name:label
SourceResult (string) --
Applies to parameters that reference information in other Amazon Web Services services. SourceResult is the raw result or response from the source.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated and the parameter version was created.
ARN (string) --
The Amazon Resource Name (ARN) of the parameter.
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
InvalidParameters (list) --
A list of parameters that aren't formatted correctly or don't run during an execution.
Exceptions
Retrieve information about one or more parameters in a specific hierarchy.
Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults . If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken . You can specify the NextToken in a subsequent call to get the next set of results.
See also: AWS API Documentation
Request Syntax
response = client.get_parameters_by_path(
Path='string',
Recursive=True|False,
ParameterFilters=[
{
'Key': 'string',
'Option': 'string',
'Values': [
'string',
]
},
],
WithDecryption=True|False,
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The hierarchy for the parameter. Hierarchies start with a forward slash (/). The hierachy is the parameter name except the last part of the parameter. For the API call to succeeed, the last part of the parameter name can't be in the path. A parameter name hierarchy can have a maximum of 15 levels. Here is an example of a hierarchy: /Finance/Prod/IAD/WinServ2016/license33
Retrieve all parameters within a hierarchy.
Warning
If a user has access to a path, then the user can access all levels of that path. For example, if a user has permission to access path /a , then the user can also access /a/b . Even if a user has explicitly been denied access in IAM for parameter /a/b , they can still call the GetParametersByPath API operation recursively for /a and view /a/b .
Filters to limit the request results.
Note
For GetParametersByPath , the following filter Key names are supported: Type , KeyId , Label , and DataType .
The following Key values are not supported for GetParametersByPath : tag , Name , Path , and Tier .
One or more filters. Use a filter to return a more specific list of results.
The name of the filter.
The ParameterStringFilter object is used by the DescribeParameters and GetParametersByPath API operations. However, not all of the pattern values listed for Key can be used with both operations.
For DescribeActions , all of the listed patterns are valid, with the exception of Label .
For GetParametersByPath , the following patterns listed for Key aren't valid: tag , Name , Path , and Tier .
For examples of Amazon Web Services CLI commands demonstrating valid parameter filter constructions, see Searching for Systems Manager parameters in the Amazon Web Services Systems Manager User Guide .
For all filters used with DescribeParameters , valid options include Equals and BeginsWith . The Name filter additionally supports the Contains option. (Exception: For filters using the key Path , valid options include Recursive and OneLevel .)
For filters used with GetParametersByPath , valid options include Equals and BeginsWith . (Exception: For filters using Label as the Key name, the only valid option is Equals .)
The value you want to search for.
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'Value': 'string',
'Version': 123,
'Selector': 'string',
'SourceResult': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'ARN': 'string',
'DataType': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Parameters (list) --
A list of parameters found in the specified hierarchy.
(dict) --
An Amazon Web Services Systems Manager parameter in Parameter Store.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. Valid values include the following: String , StringList , and SecureString .
Value (string) --
The parameter value.
Version (integer) --
The parameter version.
Selector (string) --
Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:
parameter_name:version
parameter_name:label
SourceResult (string) --
Applies to parameters that reference information in other Amazon Web Services services. SourceResult is the raw result or response from the source.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated and the parameter version was created.
ARN (string) --
The Amazon Resource Name (ARN) of the parameter.
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Retrieves information about a patch baseline.
See also: AWS API Documentation
Request Syntax
response = client.get_patch_baseline(
BaselineId='string'
)
[REQUIRED]
The ID of the patch baseline to retrieve.
{
'BaselineId': 'string',
'Name': 'string',
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
'GlobalFilters': {
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
'ApprovalRules': {
'PatchRules': [
{
'PatchFilterGroup': {
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApproveAfterDays': 123,
'ApproveUntilDate': 'string',
'EnableNonSecurity': True|False
},
]
},
'ApprovedPatches': [
'string',
],
'ApprovedPatchesComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApprovedPatchesEnableNonSecurity': True|False,
'RejectedPatches': [
'string',
],
'RejectedPatchesAction': 'ALLOW_AS_DEPENDENCY'|'BLOCK',
'PatchGroups': [
'string',
],
'CreatedDate': datetime(2015, 1, 1),
'ModifiedDate': datetime(2015, 1, 1),
'Description': 'string',
'Sources': [
{
'Name': 'string',
'Products': [
'string',
],
'Configuration': 'string'
},
]
}
Response Structure
The ID of the retrieved patch baseline.
The name of the patch baseline.
Returns the operating system specified for the patch baseline.
A set of global filters used to exclude patches from the baseline.
The set of patch filters that make up the group.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
A set of rules used to include patches in the baseline.
The rules that make up the rule group.
Defines an approval rule for a patch baseline.
The patch filter group that defines the criteria for the rule.
The set of patch filters that make up the group.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
A compliance severity level for all approved patches in a patch baseline.
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu Server.
The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
Enter dates in the format YYYY-MM-DD . For example, 2021-12-31 .
For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux instances only.
A list of explicitly approved patches for the baseline.
Returns the specified compliance severity level for approved patches in the patch baseline.
Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is false . Applies to Linux instances only.
A list of explicitly rejected patches for the baseline.
The action specified to take on patches included in the RejectedPatches list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency.
Patch groups included in the patch baseline.
The date the patch baseline was created.
The date the patch baseline was last modified.
A description of the patch baseline.
Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
The name specified to identify the patch source.
The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter .
The value of the yum repo configuration. For example:
[main]name=MyCustomRepository
baseurl=https://my-custom-repository
enabled=1
Note
For information about other options available for your yum repository configuration, see dnf.conf(5) .
Exceptions
Retrieves the patch baseline that should be used for the specified patch group.
See also: AWS API Documentation
Request Syntax
response = client.get_patch_baseline_for_patch_group(
PatchGroup='string',
OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS'
)
[REQUIRED]
The name of the patch group whose patch baseline should be retrieved.
dict
Response Syntax
{
'BaselineId': 'string',
'PatchGroup': 'string',
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS'
}
Response Structure
(dict) --
BaselineId (string) --
The ID of the patch baseline that should be used for the patch group.
PatchGroup (string) --
The name of the patch group.
OperatingSystem (string) --
The operating system rule specified for patch groups using the patch baseline.
Exceptions
ServiceSetting is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of false . This means the user can't use this feature unless they change the setting to true and intentionally opt in for a paid feature.
Services map a SettingId object to a setting value. Amazon Web Services services teams define the default value for a SettingId . You can't create a new SettingId , but you can overwrite the default value if you have the ssm:UpdateServiceSetting permission for the setting. Use the UpdateServiceSetting API operation to change the default setting. Or use the ResetServiceSetting to change the value back to the original value defined by the Amazon Web Services service team.
Query the current service setting for the account.
See also: AWS API Documentation
Request Syntax
response = client.get_service_setting(
SettingId='string'
)
[REQUIRED]
The ID of the service setting to get. The setting ID can be one of the following.
{
'ServiceSetting': {
'SettingId': 'string',
'SettingValue': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'LastModifiedUser': 'string',
'ARN': 'string',
'Status': 'string'
}
}
Response Structure
The query result body of the GetServiceSetting API operation.
The query result of the current service setting.
The ID of the service setting.
The value of the service setting.
The last time the service setting was modified.
The ARN of the last modified user. This field is populated only if the setting value was overwritten.
The ARN of the service setting.
The status of the service setting. The value can be Default, Customized or PendingUpdate.
Exceptions
Returns an object that can wait for some condition.
A parameter label is a user-defined alias to help you manage different versions of a parameter. When you modify a parameter, Amazon Web Services Systems Manager automatically saves a new version and increments the version number by one. A label can help you remember the purpose of a parameter when there are multiple versions.
Parameter labels have the following requirements and restrictions.
See also: AWS API Documentation
Request Syntax
response = client.label_parameter_version(
Name='string',
ParameterVersion=123,
Labels=[
'string',
]
)
[REQUIRED]
The parameter name on which you want to attach one or more labels.
[REQUIRED]
One or more labels to attach to the specified parameter version.
dict
Response Syntax
{
'InvalidLabels': [
'string',
],
'ParameterVersion': 123
}
Response Structure
(dict) --
InvalidLabels (list) --
The label doesn't meet the requirements. For information about parameter label requirements, see Labeling parameters in the Amazon Web Services Systems Manager User Guide .
ParameterVersion (integer) --
The version of the parameter that has been labeled.
Exceptions
Retrieves all versions of an association for a specific association ID.
See also: AWS API Documentation
Request Syntax
response = client.list_association_versions(
AssociationId='string',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The association ID for which you want to view all versions.
dict
Response Syntax
{
'AssociationVersions': [
{
'AssociationId': 'string',
'AssociationVersion': 'string',
'CreatedDate': datetime(2015, 1, 1),
'Name': 'string',
'DocumentVersion': 'string',
'Parameters': {
'string': [
'string',
]
},
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'ScheduleExpression': 'string',
'OutputLocation': {
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
'AssociationName': 'string',
'MaxErrors': 'string',
'MaxConcurrency': 'string',
'ComplianceSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
'SyncCompliance': 'AUTO'|'MANUAL',
'ApplyOnlyAtCronInterval': True|False,
'CalendarNames': [
'string',
],
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AssociationVersions (list) --
Information about all versions of the association for the specified association ID.
(dict) --
Information about the association version.
AssociationId (string) --
The ID created by the system when the association was created.
AssociationVersion (string) --
The association version.
CreatedDate (datetime) --
The date the association version was created.
Name (string) --
The name specified when the association was created.
DocumentVersion (string) --
The version of an Amazon Web Services Systems Manager document (SSM document) used when the association version was created.
Parameters (dict) --
Parameters specified when the association version was created.
Targets (list) --
The targets specified for the association when the association version was created.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression (string) --
The cron or rate schedule specified for the association when the association version was created.
OutputLocation (dict) --
The location in Amazon S3 specified for the association when the association version was created.
S3Location (dict) --
An S3 bucket where you want to store the results of this request.
OutputS3Region (string) --
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
OutputS3BucketName (string) --
The name of the S3 bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
AssociationName (string) --
The name specified for the association version when the association version was created.
MaxErrors (string) --
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
MaxConcurrency (string) --
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
ComplianceSeverity (string) --
The severity level that is assigned to the association.
SyncCompliance (string) --
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
ApplyOnlyAtCronInterval (boolean) --
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames (list) --
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations for this version only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
TargetLocations (list) --
The combination of Regions and accounts where you wanted to run the association when this association version was created.
(dict) --
The combination of Regions and accounts targeted by the current Automation execution.
Accounts (list) --
The accounts targeted by the current Automation execution.
Regions (list) --
The Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency (string) --
The maximum number of Regions and accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors (string) --
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName (string) --
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Returns all State Manager associations in the current account and Region. You can limit the results to a specific State Manager association document or instance by specifying a filter. State Manager is a capability of Amazon Web Services Systems Manager.
See also: AWS API Documentation
Request Syntax
response = client.list_associations(
AssociationFilterList=[
{
'key': 'InstanceId'|'Name'|'AssociationId'|'AssociationStatusName'|'LastExecutedBefore'|'LastExecutedAfter'|'AssociationName'|'ResourceGroupName',
'value': 'string'
},
],
MaxResults=123,
NextToken='string'
)
One or more filters. Use a filter to return a more specific list of results.
Note
Filtering associations using the InstanceID attribute only returns legacy associations created using the InstanceID attribute. Associations targeting the instance that are part of the Target Attributes ResourceGroup or Tags aren't returned.
Describes a filter.
The name of the filter.
Note
InstanceId has been deprecated.
The filter value.
dict
Response Syntax
{
'Associations': [
{
'Name': 'string',
'InstanceId': 'string',
'AssociationId': 'string',
'AssociationVersion': 'string',
'DocumentVersion': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'LastExecutionDate': datetime(2015, 1, 1),
'Overview': {
'Status': 'string',
'DetailedStatus': 'string',
'AssociationStatusAggregatedCount': {
'string': 123
}
},
'ScheduleExpression': 'string',
'AssociationName': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Associations (list) --
The associations.
(dict) --
Describes an association of a Amazon Web Services Systems Manager document (SSM document) and an instance.
Name (string) --
The name of the SSM document.
InstanceId (string) --
The ID of the instance.
AssociationId (string) --
The ID created by the system when you create an association. An association is a binding between a document and a set of targets with a schedule.
AssociationVersion (string) --
The association version.
DocumentVersion (string) --
The version of the document used in the association.
Targets (list) --
The instances targeted by the request to create an association.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
LastExecutionDate (datetime) --
The date on which the association was last run.
Overview (dict) --
Information about the association.
Status (string) --
The status of the association. Status can be: Pending, Success, or Failed.
DetailedStatus (string) --
A detailed status of the association.
AssociationStatusAggregatedCount (dict) --
Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
ScheduleExpression (string) --
A cron expression that specifies a schedule when the association runs. The schedule runs in Coordinated Universal Time (UTC).
AssociationName (string) --
The association name.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
An invocation is copy of a command sent to a specific instance. A command can apply to one or more instances. A command invocation applies to one instance. For example, if a user runs SendCommand against three instances, then a command invocation is created for each requested instance ID. ListCommandInvocations provide status about command execution.
See also: AWS API Documentation
Request Syntax
response = client.list_command_invocations(
CommandId='string',
InstanceId='string',
MaxResults=123,
NextToken='string',
Filters=[
{
'key': 'InvokedAfter'|'InvokedBefore'|'Status'|'ExecutionStage'|'DocumentName',
'value': 'string'
},
],
Details=True|False
)
(Optional) One or more filters. Use a filter to return a more specific list of results.
Describes a command filter.
Note
An instance ID can't be specified when a command status is Pending because the command hasn't run on the instance yet.
The name of the filter.
The filter value. Valid values for each filter key are as follows:
dict
Response Syntax
{
'CommandInvocations': [
{
'CommandId': 'string',
'InstanceId': 'string',
'InstanceName': 'string',
'Comment': 'string',
'DocumentName': 'string',
'DocumentVersion': 'string',
'RequestedDateTime': datetime(2015, 1, 1),
'Status': 'Pending'|'InProgress'|'Delayed'|'Success'|'Cancelled'|'TimedOut'|'Failed'|'Cancelling',
'StatusDetails': 'string',
'TraceOutput': 'string',
'StandardOutputUrl': 'string',
'StandardErrorUrl': 'string',
'CommandPlugins': [
{
'Name': 'string',
'Status': 'Pending'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed',
'StatusDetails': 'string',
'ResponseCode': 123,
'ResponseStartDateTime': datetime(2015, 1, 1),
'ResponseFinishDateTime': datetime(2015, 1, 1),
'Output': 'string',
'StandardOutputUrl': 'string',
'StandardErrorUrl': 'string',
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
},
],
'ServiceRole': 'string',
'NotificationConfig': {
'NotificationArn': 'string',
'NotificationEvents': [
'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed',
],
'NotificationType': 'Command'|'Invocation'
},
'CloudWatchOutputConfig': {
'CloudWatchLogGroupName': 'string',
'CloudWatchOutputEnabled': True|False
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
CommandInvocations (list) --
(Optional) A list of all invocations.
(dict) --
An invocation is copy of a command sent to a specific instance. A command can apply to one or more instances. A command invocation applies to one instance. For example, if a user runs SendCommand against three instances, then a command invocation is created for each requested instance ID. A command invocation returns status and detail information about a command you ran.
CommandId (string) --
The command against which this invocation was requested.
InstanceId (string) --
The instance ID in which this invocation was requested.
InstanceName (string) --
The name of the invocation target. For EC2 instances this is the value for the aws:Name tag. For on-premises instances, this is the name of the instance.
Comment (string) --
User-specified information about the command, such as a brief description of what the command should do.
DocumentName (string) --
The document name that was requested for execution.
DocumentVersion (string) --
The Systems Manager document (SSM document) version.
RequestedDateTime (datetime) --
The time and date the request was sent to this instance.
Status (string) --
Whether or not the invocation succeeded, failed, or is pending.
StatusDetails (string) --
A detailed status of the command execution for each invocation (each instance targeted by the command). StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide . StatusDetails can be one of the following values:
TraceOutput (string) --
Gets the trace output sent by the agent.
StandardOutputUrl (string) --
The URL to the plugin's StdOut file in Amazon Simple Storage Service (Amazon S3), if the S3 bucket was defined for the parent command. For an invocation, StandardOutputUrl is populated if there is just one plugin defined for the command, and the S3 bucket was defined for the command.
StandardErrorUrl (string) --
The URL to the plugin's StdErr file in Amazon Simple Storage Service (Amazon S3), if the S3 bucket was defined for the parent command. For an invocation, StandardErrorUrl is populated if there is just one plugin defined for the command, and the S3 bucket was defined for the command.
CommandPlugins (list) --
Plugins processed by the command.
(dict) --
Describes plugin details.
Name (string) --
The name of the plugin. Must be one of the following: aws:updateAgent , aws:domainjoin , aws:applications , aws:runPowerShellScript , aws:psmodule , aws:cloudWatch , aws:runShellScript , or aws:updateSSMAgent .
Status (string) --
The status of this plugin. You can run a document with multiple plugins.
StatusDetails (string) --
A detailed status of the plugin execution. StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide . StatusDetails can be one of the following values:
ResponseCode (integer) --
A numeric response code generated after running the plugin.
ResponseStartDateTime (datetime) --
The time the plugin started running.
ResponseFinishDateTime (datetime) --
The time the plugin stopped running. Could stop prematurely if, for example, a cancel command was sent.
Output (string) --
Output of the plugin execution.
StandardOutputUrl (string) --
The URL for the complete text written by the plugin to stdout in Amazon S3. If the S3 bucket for the command wasn't specified, then this string is empty.
StandardErrorUrl (string) --
The URL for the complete text written by the plugin to stderr. If execution isn't yet complete, then this string is empty.
OutputS3Region (string) --
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the S3 bucket region.
OutputS3BucketName (string) --
The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:
doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript
doc-example-bucket is the name of the S3 bucket;
ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix is the name of the S3 prefix;
i-02573cafcfEXAMPLE is the instance ID;
awsrunShellScript is the name of the plugin.
OutputS3KeyPrefix (string) --
The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:
doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript
doc-example-bucket is the name of the S3 bucket;
ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix is the name of the S3 prefix;
i-02573cafcfEXAMPLE is the instance ID;
awsrunShellScript is the name of the plugin.
ServiceRole (string) --
The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes on a per instance basis.
NotificationConfig (dict) --
Configurations for sending notifications about command status changes on a per instance basis.
NotificationArn (string) --
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents (list) --
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide .
NotificationType (string) --
The type of notification.
CloudWatchOutputConfig (dict) --
Amazon CloudWatch Logs information where you want Amazon Web Services Systems Manager to send the command output.
CloudWatchLogGroupName (string) --
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
``aws/ssm/SystemsManagerDocumentName ``
CloudWatchOutputEnabled (boolean) --
Enables Systems Manager to send command output to CloudWatch Logs.
NextToken (string) --
(Optional) The token for the next set of items to return. (You received this token from a previous call.)
Exceptions
Lists the commands requested by users of the account.
See also: AWS API Documentation
Request Syntax
response = client.list_commands(
CommandId='string',
InstanceId='string',
MaxResults=123,
NextToken='string',
Filters=[
{
'key': 'InvokedAfter'|'InvokedBefore'|'Status'|'ExecutionStage'|'DocumentName',
'value': 'string'
},
]
)
(Optional) Lists commands issued against this instance ID.
Note
You can't specify an instance ID in the same command that you specify Status = Pending . This is because the command hasn't reached the instance yet.
(Optional) One or more filters. Use a filter to return a more specific list of results.
Describes a command filter.
Note
An instance ID can't be specified when a command status is Pending because the command hasn't run on the instance yet.
The name of the filter.
The filter value. Valid values for each filter key are as follows:
dict
Response Syntax
{
'Commands': [
{
'CommandId': 'string',
'DocumentName': 'string',
'DocumentVersion': 'string',
'Comment': 'string',
'ExpiresAfter': datetime(2015, 1, 1),
'Parameters': {
'string': [
'string',
]
},
'InstanceIds': [
'string',
],
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'RequestedDateTime': datetime(2015, 1, 1),
'Status': 'Pending'|'InProgress'|'Success'|'Cancelled'|'Failed'|'TimedOut'|'Cancelling',
'StatusDetails': 'string',
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string',
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'TargetCount': 123,
'CompletedCount': 123,
'ErrorCount': 123,
'DeliveryTimedOutCount': 123,
'ServiceRole': 'string',
'NotificationConfig': {
'NotificationArn': 'string',
'NotificationEvents': [
'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed',
],
'NotificationType': 'Command'|'Invocation'
},
'CloudWatchOutputConfig': {
'CloudWatchLogGroupName': 'string',
'CloudWatchOutputEnabled': True|False
},
'TimeoutSeconds': 123
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Commands (list) --
(Optional) The list of commands requested by the user.
(dict) --
Describes a command request.
CommandId (string) --
A unique identifier for this command.
DocumentName (string) --
The name of the document requested for execution.
DocumentVersion (string) --
The Systems Manager document (SSM document) version.
Comment (string) --
User-specified information about the command, such as a brief description of what the command should do.
ExpiresAfter (datetime) --
If this time is reached and the command hasn't already started running, it won't run. Calculated based on the ExpiresAfter user input provided as part of the SendCommand API operation.
Parameters (dict) --
The parameter values to be inserted in the document when running the command.
InstanceIds (list) --
The instance IDs against which this command was requested.
Targets (list) --
An array of search criteria that targets instances using a Key,Value combination that you specify. Targets is required if you don't provide one or more instance IDs in the call.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
RequestedDateTime (datetime) --
The date and time the command was requested.
Status (string) --
The status of the command.
StatusDetails (string) --
A detailed status of the command execution. StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide . StatusDetails can be one of the following values:
OutputS3Region (string) --
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Region of the S3 bucket.
OutputS3BucketName (string) --
The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command.
OutputS3KeyPrefix (string) --
The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command.
MaxConcurrency (string) --
The maximum number of instances that are allowed to run the command at the same time. You can specify a number of instances, such as 10, or a percentage of instances, such as 10%. The default value is 50. For more information about how to use MaxConcurrency , see Running commands using Systems Manager Run Command in the Amazon Web Services Systems Manager User Guide .
MaxErrors (string) --
The maximum number of errors allowed before the system stops sending the command to additional targets. You can specify a number of errors, such as 10, or a percentage or errors, such as 10%. The default value is 0 . For more information about how to use MaxErrors , see Running commands using Systems Manager Run Command in the Amazon Web Services Systems Manager User Guide .
TargetCount (integer) --
The number of targets for the command.
CompletedCount (integer) --
The number of targets for which the command invocation reached a terminal state. Terminal states include the following: Success, Failed, Execution Timed Out, Delivery Timed Out, Canceled, Terminated, or Undeliverable.
ErrorCount (integer) --
The number of targets for which the status is Failed or Execution Timed Out.
DeliveryTimedOutCount (integer) --
The number of targets for which the status is Delivery Timed Out.
ServiceRole (string) --
The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes.
NotificationConfig (dict) --
Configurations for sending notifications about command status changes.
NotificationArn (string) --
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents (list) --
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide .
NotificationType (string) --
The type of notification.
CloudWatchOutputConfig (dict) --
Amazon CloudWatch Logs information where you want Amazon Web Services Systems Manager to send the command output.
CloudWatchLogGroupName (string) --
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
``aws/ssm/SystemsManagerDocumentName ``
CloudWatchOutputEnabled (boolean) --
Enables Systems Manager to send command output to CloudWatch Logs.
TimeoutSeconds (integer) --
The TimeoutSeconds value specified for a command.
NextToken (string) --
(Optional) The token for the next set of items to return. (You received this token from a previous call.)
Exceptions
For a specified resource ID, this API operation returns a list of compliance statuses for different resource types. Currently, you can only specify one resource ID per call. List results depend on the criteria specified in the filter.
See also: AWS API Documentation
Request Syntax
response = client.list_compliance_items(
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'EQUAL'|'NOT_EQUAL'|'BEGIN_WITH'|'LESS_THAN'|'GREATER_THAN'
},
],
ResourceIds=[
'string',
],
ResourceTypes=[
'string',
],
NextToken='string',
MaxResults=123
)
One or more compliance filters. Use a filter to return a more specific list of results.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter.
The value for which to search.
The type of comparison that should be performed for the value: Equal, NotEqual, BeginWith, LessThan, or GreaterThan.
The ID for the resources from which to get compliance information. Currently, you can only specify one resource ID.
The type of resource from which to get compliance information. Currently, the only supported resource type is ManagedInstance .
dict
Response Syntax
{
'ComplianceItems': [
{
'ComplianceType': 'string',
'ResourceType': 'string',
'ResourceId': 'string',
'Id': 'string',
'Title': 'string',
'Status': 'COMPLIANT'|'NON_COMPLIANT',
'Severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ExecutionSummary': {
'ExecutionTime': datetime(2015, 1, 1),
'ExecutionId': 'string',
'ExecutionType': 'string'
},
'Details': {
'string': 'string'
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ComplianceItems (list) --
A list of compliance information for the specified resource ID.
(dict) --
Information about the compliance as defined by the resource type. For example, for a patch resource type, Items includes information about the PatchSeverity, Classification, and so on.
ComplianceType (string) --
The compliance type. For example, Association (for a State Manager association), Patch, or Custom:string are all valid compliance types.
ResourceType (string) --
The type of resource. ManagedInstance is currently the only supported resource type.
ResourceId (string) --
An ID for the resource. For a managed instance, this is the instance ID.
Id (string) --
An ID for the compliance item. For example, if the compliance item is a Windows patch, the ID could be the number of the KB article; for example: KB4010320.
Title (string) --
A title for the compliance item. For example, if the compliance item is a Windows patch, the title could be the title of the KB article for the patch; for example: Security Update for Active Directory Federation Services.
Status (string) --
The status of the compliance item. An item is either COMPLIANT, NON_COMPLIANT, or an empty string (for Windows patches that aren't applicable).
Severity (string) --
The severity of the compliance status. Severity can be one of the following: Critical, High, Medium, Low, Informational, Unspecified.
ExecutionSummary (dict) --
A summary for the compliance item. The summary includes an execution ID, the execution type (for example, command), and the execution time.
ExecutionTime (datetime) --
The time the execution ran as a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'.
ExecutionId (string) --
An ID created by the system when PutComplianceItems was called. For example, CommandID is a valid execution ID. You can use this ID in subsequent calls.
ExecutionType (string) --
The type of execution. For example, Command is a valid execution type.
Details (dict) --
A "Key": "Value" tag combination for the compliance item.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Returns a summary count of compliant and non-compliant resources for a compliance type. For example, this call can return State Manager associations, patches, or custom compliance types according to the filter criteria that you specify.
See also: AWS API Documentation
Request Syntax
response = client.list_compliance_summaries(
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'EQUAL'|'NOT_EQUAL'|'BEGIN_WITH'|'LESS_THAN'|'GREATER_THAN'
},
],
NextToken='string',
MaxResults=123
)
One or more compliance or inventory filters. Use a filter to return a more specific list of results.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter.
The value for which to search.
The type of comparison that should be performed for the value: Equal, NotEqual, BeginWith, LessThan, or GreaterThan.
dict
Response Syntax
{
'ComplianceSummaryItems': [
{
'ComplianceType': 'string',
'CompliantSummary': {
'CompliantCount': 123,
'SeveritySummary': {
'CriticalCount': 123,
'HighCount': 123,
'MediumCount': 123,
'LowCount': 123,
'InformationalCount': 123,
'UnspecifiedCount': 123
}
},
'NonCompliantSummary': {
'NonCompliantCount': 123,
'SeveritySummary': {
'CriticalCount': 123,
'HighCount': 123,
'MediumCount': 123,
'LowCount': 123,
'InformationalCount': 123,
'UnspecifiedCount': 123
}
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ComplianceSummaryItems (list) --
A list of compliant and non-compliant summary counts based on compliance types. For example, this call returns State Manager associations, patches, or custom compliance types according to the filter criteria that you specified.
(dict) --
A summary of compliance information by compliance type.
ComplianceType (string) --
The type of compliance item. For example, the compliance type can be Association, Patch, or Custom:string.
CompliantSummary (dict) --
A list of COMPLIANT items for the specified compliance type.
CompliantCount (integer) --
The total number of resources that are compliant.
SeveritySummary (dict) --
A summary of the compliance severity by compliance type.
CriticalCount (integer) --
The total number of resources or compliance items that have a severity level of critical. Critical severity is determined by the organization that published the compliance items.
HighCount (integer) --
The total number of resources or compliance items that have a severity level of high. High severity is determined by the organization that published the compliance items.
MediumCount (integer) --
The total number of resources or compliance items that have a severity level of medium. Medium severity is determined by the organization that published the compliance items.
LowCount (integer) --
The total number of resources or compliance items that have a severity level of low. Low severity is determined by the organization that published the compliance items.
InformationalCount (integer) --
The total number of resources or compliance items that have a severity level of informational. Informational severity is determined by the organization that published the compliance items.
UnspecifiedCount (integer) --
The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.
NonCompliantSummary (dict) --
A list of NON_COMPLIANT items for the specified compliance type.
NonCompliantCount (integer) --
The total number of compliance items that aren't compliant.
SeveritySummary (dict) --
A summary of the non-compliance severity by compliance type
CriticalCount (integer) --
The total number of resources or compliance items that have a severity level of critical. Critical severity is determined by the organization that published the compliance items.
HighCount (integer) --
The total number of resources or compliance items that have a severity level of high. High severity is determined by the organization that published the compliance items.
MediumCount (integer) --
The total number of resources or compliance items that have a severity level of medium. Medium severity is determined by the organization that published the compliance items.
LowCount (integer) --
The total number of resources or compliance items that have a severity level of low. Low severity is determined by the organization that published the compliance items.
InformationalCount (integer) --
The total number of resources or compliance items that have a severity level of informational. Informational severity is determined by the organization that published the compliance items.
UnspecifiedCount (integer) --
The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Information about approval reviews for a version of an SSM document.
See also: AWS API Documentation
Request Syntax
response = client.list_document_metadata_history(
Name='string',
DocumentVersion='string',
Metadata='DocumentReviews',
NextToken='string',
MaxResults=123
)
[REQUIRED]
The name of the document.
[REQUIRED]
The type of data for which details are being requested. Currently, the only supported value is DocumentReviews .
dict
Response Syntax
{
'Name': 'string',
'DocumentVersion': 'string',
'Author': 'string',
'Metadata': {
'ReviewerResponse': [
{
'CreateTime': datetime(2015, 1, 1),
'UpdatedTime': datetime(2015, 1, 1),
'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
'Comment': [
{
'Type': 'Comment',
'Content': 'string'
},
],
'Reviewer': 'string'
},
]
},
'NextToken': 'string'
}
Response Structure
(dict) --
Name (string) --
The name of the document.
DocumentVersion (string) --
The version of the document.
Author (string) --
The user ID of the person in the organization who requested the document review.
Metadata (dict) --
Information about the response to the document approval request.
ReviewerResponse (list) --
Details about a reviewer's response to a document review request.
(dict) --
Information about a reviewer's response to a document review request.
CreateTime (datetime) --
The date and time that a reviewer entered a response to a document review request.
UpdatedTime (datetime) --
The date and time that a reviewer last updated a response to a document review request.
ReviewStatus (string) --
The current review status of a new custom SSM document created by a member of your organization, or of the latest version of an existing SSM document.
Only one version of a document can be in the APPROVED state at a time. When a new version is approved, the status of the previous version changes to REJECTED.
Only one version of a document can be in review, or PENDING, at a time.
Comment (list) --
The comment entered by a reviewer as part of their document review response.
(dict) --
Information about comments added to a document review request.
Type (string) --
The type of information added to a review request. Currently, only the value Comment is supported.
Content (string) --
The content of a comment entered by a user who requests a review of a new document version, or who reviews the new version.
Reviewer (string) --
The user in your organization assigned to review a document request.
NextToken (string) --
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
Exceptions
List all versions for a document.
See also: AWS API Documentation
Request Syntax
response = client.list_document_versions(
Name='string',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The name of the document. You can specify an Amazon Resource Name (ARN).
dict
Response Syntax
{
'DocumentVersions': [
{
'Name': 'string',
'DisplayName': 'string',
'DocumentVersion': 'string',
'VersionName': 'string',
'CreatedDate': datetime(2015, 1, 1),
'IsDefaultVersion': True|False,
'DocumentFormat': 'YAML'|'JSON'|'TEXT',
'Status': 'Creating'|'Active'|'Updating'|'Deleting'|'Failed',
'StatusInformation': 'string',
'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
DocumentVersions (list) --
The document versions.
(dict) --
Version information about the document.
Name (string) --
The document name.
DisplayName (string) --
The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument .
DocumentVersion (string) --
The document version.
VersionName (string) --
The version of the artifact associated with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document, and can't be changed.
CreatedDate (datetime) --
The date the document was created.
IsDefaultVersion (boolean) --
An identifier for the default version of the document.
DocumentFormat (string) --
The document format, either JSON or YAML.
Status (string) --
The status of the SSM document, such as Creating , Active , Failed , and Deleting .
StatusInformation (string) --
A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."
ReviewStatus (string) --
The current status of the approval review for the latest version of the document.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Returns all Systems Manager (SSM) documents in the current account and Region. You can limit the results of this request by using a filter.
See also: AWS API Documentation
Request Syntax
response = client.list_documents(
DocumentFilterList=[
{
'key': 'Name'|'Owner'|'PlatformTypes'|'DocumentType',
'value': 'string'
},
],
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
This data type is deprecated. Instead, use Filters .
This data type is deprecated. Instead, use DocumentKeyValuesFilter .
The name of the filter.
The value of the filter.
One or more DocumentKeyValuesFilter objects. Use a filter to return a more specific list of results. For keys, you can specify one or more key-value pair tags that have been applied to a document. Other valid keys include Owner , Name , PlatformTypes , DocumentType , and TargetType . For example, to return documents you own use Key=Owner,Values=Self . To specify a custom key-value pair, use the format Key=tag:tagName,Values=valueName .
Note
This API operation only supports filtering documents by using a single tag key and one or more tag values. For example: Key=tag:tagName,Values=valueName1,valueName2
One or more filters. Use a filter to return a more specific list of documents.
For keys, you can specify one or more tags that have been applied to a document.
You can also use Amazon Web Services-provided keys, some of which have specific allowed values. These keys and their associated values are as follows:
DocumentType
Owner
Note that only one Owner can be specified in a request. For example: Key=Owner,Values=Self .
PlatformTypes
Name is another Amazon Web Services-provided key. If you use Name as a key, you can use a name prefix to return a list of documents. For example, in the Amazon Web Services CLI, to return a list of all documents that begin with Te , run the following command:aws ssm list-documents --filters Key=Name,Values=Te
You can also use the TargetType Amazon Web Services-provided key. For a list of valid resource type values that can be used with this key, see Amazon Web Services resource and property types reference in the CloudFormation User Guide .
If you specify more than two keys, only documents that are identified by all the tags are returned in the results. If you specify more than two values for a key, documents that are identified by any of the values are returned in the results.
To specify a custom key-value pair, use the format Key=tag:tagName,Values=valueName .
For example, if you created a key called region and are using the Amazon Web Services CLI to call the list-documents command:
aws ssm list-documents --filters Key=tag:region,Values=east,west Key=Owner,Values=Self
The name of the filter key.
The value for the filter key.
dict
Response Syntax
{
'DocumentIdentifiers': [
{
'Name': 'string',
'CreatedDate': datetime(2015, 1, 1),
'DisplayName': 'string',
'Owner': 'string',
'VersionName': 'string',
'PlatformTypes': [
'Windows'|'Linux',
],
'DocumentVersion': 'string',
'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate',
'SchemaVersion': 'string',
'DocumentFormat': 'YAML'|'JSON'|'TEXT',
'TargetType': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'Requires': [
{
'Name': 'string',
'Version': 'string'
},
],
'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
'Author': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
DocumentIdentifiers (list) --
The names of the SSM documents.
(dict) --
Describes the name of a SSM document.
Name (string) --
The name of the SSM document.
CreatedDate (datetime) --
The date the SSM document was created.
DisplayName (string) --
An optional field where you can specify a friendly name for the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument .
Owner (string) --
The Amazon Web Services user account that created the document.
VersionName (string) --
An optional field specifying the version of the artifact associated with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document, and can't be changed.
PlatformTypes (list) --
The operating system platform.
DocumentVersion (string) --
The document version.
DocumentType (string) --
The document type.
SchemaVersion (string) --
The schema version.
DocumentFormat (string) --
The document format, either JSON or YAML.
TargetType (string) --
The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance . For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide .
Tags (list) --
The tags, or metadata, that have been applied to the document.
(dict) --
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
Key (string) --
The name of the tag.
Value (string) --
The value of the tag.
Requires (list) --
A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.
(dict) --
An SSM document required by the current document.
Name (string) --
The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version (string) --
The document version required by the current document.
ReviewStatus (string) --
The current status of a document review.
Author (string) --
The user in your organization who created the document.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
A list of inventory items returned by the request.
See also: AWS API Documentation
Request Syntax
response = client.list_inventory_entries(
InstanceId='string',
TypeName='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'BeginWith'|'LessThan'|'GreaterThan'|'Exists'
},
],
NextToken='string',
MaxResults=123
)
[REQUIRED]
The instance ID for which you want inventory information.
[REQUIRED]
The type of inventory item for which you want information.
One or more filters. Use a filter to return a more specific list of results.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter key.
Inventory filter values. Example: inventory filter where instance IDs are specified as values Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal .
The type of filter.
Note
The Exists filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide .
dict
Response Syntax
{
'TypeName': 'string',
'InstanceId': 'string',
'SchemaVersion': 'string',
'CaptureTime': 'string',
'Entries': [
{
'string': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
TypeName (string) --
The type of inventory item returned by the request.
InstanceId (string) --
The instance ID targeted by the request to query inventory information.
SchemaVersion (string) --
The inventory schema version used by the instance(s).
CaptureTime (string) --
The time that inventory information was collected for the instance(s).
Entries (list) --
A list of inventory items on the instance(s).
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Returns a list of all OpsItem events in the current Region and account. You can limit the results to events associated with specific OpsItems by specifying a filter.
See also: AWS API Documentation
Request Syntax
response = client.list_ops_item_events(
Filters=[
{
'Key': 'OpsItemId',
'Values': [
'string',
],
'Operator': 'Equal'
},
],
MaxResults=123,
NextToken='string'
)
One or more OpsItem filters. Use a filter to return a more specific list of results.
Describes a filter for a specific list of OpsItem events. You can filter event information by using tags. You specify tags by using a key-value pair mapping.
The name of the filter key. Currently, the only supported value is OpsItemId .
The values for the filter, consisting of one or more OpsItem IDs.
The operator used by the filter call. Currently, the only supported value is Equal .
dict
Response Syntax
{
'NextToken': 'string',
'Summaries': [
{
'OpsItemId': 'string',
'EventId': 'string',
'Source': 'string',
'DetailType': 'string',
'Detail': 'string',
'CreatedBy': {
'Arn': 'string'
},
'CreatedTime': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Summaries (list) --
A list of event information for the specified OpsItems.
(dict) --
Summary information about an OpsItem event or that associated an OpsItem with a related item.
OpsItemId (string) --
The ID of the OpsItem.
EventId (string) --
The ID of the OpsItem event.
Source (string) --
The source of the OpsItem event.
DetailType (string) --
The type of information provided as a detail.
Detail (string) --
Specific information about the OpsItem event.
CreatedBy (dict) --
Information about the user or resource that created the OpsItem event.
Arn (string) --
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem event.
CreatedTime (datetime) --
The date and time the OpsItem event was created.
Exceptions
Lists all related-item resources associated with an OpsItem.
See also: AWS API Documentation
Request Syntax
response = client.list_ops_item_related_items(
OpsItemId='string',
Filters=[
{
'Key': 'ResourceType'|'AssociationId'|'ResourceUri',
'Values': [
'string',
],
'Operator': 'Equal'
},
],
MaxResults=123,
NextToken='string'
)
One or more OpsItem filters. Use a filter to return a more specific list of results.
Describes a filter for a specific list of related-item resources.
The name of the filter key. Supported values include ResourceUri , ResourceType , or AssociationId .
The values for the filter.
The operator used by the filter call. The only supported operator is EQUAL .
dict
Response Syntax
{
'NextToken': 'string',
'Summaries': [
{
'OpsItemId': 'string',
'AssociationId': 'string',
'ResourceType': 'string',
'AssociationType': 'string',
'ResourceUri': 'string',
'CreatedBy': {
'Arn': 'string'
},
'CreatedTime': datetime(2015, 1, 1),
'LastModifiedBy': {
'Arn': 'string'
},
'LastModifiedTime': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Summaries (list) --
A list of related-item resources for the specified OpsItem.
(dict) --
Summary information about related-item resources for an OpsItem.
OpsItemId (string) --
The OpsItem ID.
AssociationId (string) --
The association ID.
ResourceType (string) --
The resource type.
AssociationType (string) --
The association type.
ResourceUri (string) --
The Amazon Resource Name (ARN) of the related-item resource.
CreatedBy (dict) --
Information about the user or resource that created an OpsItem event.
Arn (string) --
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem event.
CreatedTime (datetime) --
The time the related-item association was created.
LastModifiedBy (dict) --
Information about the user or resource that created an OpsItem event.
Arn (string) --
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem event.
LastModifiedTime (datetime) --
The time the related-item association was last updated.
Exceptions
Amazon Web Services Systems Manager calls this API operation when displaying all Application Manager OpsMetadata objects or blobs.
See also: AWS API Documentation
Request Syntax
response = client.list_ops_metadata(
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
One or more filters to limit the number of OpsMetadata objects returned by the call.
A filter to limit the number of OpsMetadata objects displayed.
A filter key.
A filter value.
dict
Response Syntax
{
'OpsMetadataList': [
{
'ResourceId': 'string',
'OpsMetadataArn': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'LastModifiedUser': 'string',
'CreationDate': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
OpsMetadataList (list) --
Returns a list of OpsMetadata objects.
(dict) --
Operational metadata for an application in Application Manager.
ResourceId (string) --
The ID of the Application Manager application.
OpsMetadataArn (string) --
The Amazon Resource Name (ARN) of the OpsMetadata Object or blob.
LastModifiedDate (datetime) --
The date the OpsMetadata object was last updated.
LastModifiedUser (string) --
The user name who last updated the OpsMetadata object.
CreationDate (datetime) --
The date the OpsMetadata objects was created.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Returns a resource-level summary count. The summary includes information about compliant and non-compliant statuses and detailed compliance-item severity counts, according to the filter criteria you specify.
See also: AWS API Documentation
Request Syntax
response = client.list_resource_compliance_summaries(
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'EQUAL'|'NOT_EQUAL'|'BEGIN_WITH'|'LESS_THAN'|'GREATER_THAN'
},
],
NextToken='string',
MaxResults=123
)
One or more filters. Use a filter to return a more specific list of results.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter.
The value for which to search.
The type of comparison that should be performed for the value: Equal, NotEqual, BeginWith, LessThan, or GreaterThan.
dict
Response Syntax
{
'ResourceComplianceSummaryItems': [
{
'ComplianceType': 'string',
'ResourceType': 'string',
'ResourceId': 'string',
'Status': 'COMPLIANT'|'NON_COMPLIANT',
'OverallSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ExecutionSummary': {
'ExecutionTime': datetime(2015, 1, 1),
'ExecutionId': 'string',
'ExecutionType': 'string'
},
'CompliantSummary': {
'CompliantCount': 123,
'SeveritySummary': {
'CriticalCount': 123,
'HighCount': 123,
'MediumCount': 123,
'LowCount': 123,
'InformationalCount': 123,
'UnspecifiedCount': 123
}
},
'NonCompliantSummary': {
'NonCompliantCount': 123,
'SeveritySummary': {
'CriticalCount': 123,
'HighCount': 123,
'MediumCount': 123,
'LowCount': 123,
'InformationalCount': 123,
'UnspecifiedCount': 123
}
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ResourceComplianceSummaryItems (list) --
A summary count for specified or targeted managed instances. Summary count includes information about compliant and non-compliant State Manager associations, patch status, or custom items according to the filter criteria that you specify.
(dict) --
Compliance summary information for a specific resource.
ComplianceType (string) --
The compliance type.
ResourceType (string) --
The resource type.
ResourceId (string) --
The resource ID.
Status (string) --
The compliance status for the resource.
OverallSeverity (string) --
The highest severity item found for the resource. The resource is compliant for this item.
ExecutionSummary (dict) --
Information about the execution.
ExecutionTime (datetime) --
The time the execution ran as a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'.
ExecutionId (string) --
An ID created by the system when PutComplianceItems was called. For example, CommandID is a valid execution ID. You can use this ID in subsequent calls.
ExecutionType (string) --
The type of execution. For example, Command is a valid execution type.
CompliantSummary (dict) --
A list of items that are compliant for the resource.
CompliantCount (integer) --
The total number of resources that are compliant.
SeveritySummary (dict) --
A summary of the compliance severity by compliance type.
CriticalCount (integer) --
The total number of resources or compliance items that have a severity level of critical. Critical severity is determined by the organization that published the compliance items.
HighCount (integer) --
The total number of resources or compliance items that have a severity level of high. High severity is determined by the organization that published the compliance items.
MediumCount (integer) --
The total number of resources or compliance items that have a severity level of medium. Medium severity is determined by the organization that published the compliance items.
LowCount (integer) --
The total number of resources or compliance items that have a severity level of low. Low severity is determined by the organization that published the compliance items.
InformationalCount (integer) --
The total number of resources or compliance items that have a severity level of informational. Informational severity is determined by the organization that published the compliance items.
UnspecifiedCount (integer) --
The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.
NonCompliantSummary (dict) --
A list of items that aren't compliant for the resource.
NonCompliantCount (integer) --
The total number of compliance items that aren't compliant.
SeveritySummary (dict) --
A summary of the non-compliance severity by compliance type
CriticalCount (integer) --
The total number of resources or compliance items that have a severity level of critical. Critical severity is determined by the organization that published the compliance items.
HighCount (integer) --
The total number of resources or compliance items that have a severity level of high. High severity is determined by the organization that published the compliance items.
MediumCount (integer) --
The total number of resources or compliance items that have a severity level of medium. Medium severity is determined by the organization that published the compliance items.
LowCount (integer) --
The total number of resources or compliance items that have a severity level of low. Low severity is determined by the organization that published the compliance items.
InformationalCount (integer) --
The total number of resources or compliance items that have a severity level of informational. Informational severity is determined by the organization that published the compliance items.
UnspecifiedCount (integer) --
The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Lists your resource data sync configurations. Includes information about the last time a sync attempted to start, the last sync status, and the last time a sync successfully completed.
The number of sync configurations might be too large to return using a single call to ListResourceDataSync . You can limit the number of sync configurations returned by using the MaxResults parameter. To determine whether there are more sync configurations to list, check the value of NextToken in the output. If there are more sync configurations to list, you can request them by specifying the NextToken returned in the call to the parameter of a subsequent call.
See also: AWS API Documentation
Request Syntax
response = client.list_resource_data_sync(
SyncType='string',
NextToken='string',
MaxResults=123
)
dict
Response Syntax
{
'ResourceDataSyncItems': [
{
'SyncName': 'string',
'SyncType': 'string',
'SyncSource': {
'SourceType': 'string',
'AwsOrganizationsSource': {
'OrganizationSourceType': 'string',
'OrganizationalUnits': [
{
'OrganizationalUnitId': 'string'
},
]
},
'SourceRegions': [
'string',
],
'IncludeFutureRegions': True|False,
'State': 'string',
'EnableAllOpsDataSources': True|False
},
'S3Destination': {
'BucketName': 'string',
'Prefix': 'string',
'SyncFormat': 'JsonSerDe',
'Region': 'string',
'AWSKMSKeyARN': 'string',
'DestinationDataSharing': {
'DestinationDataSharingType': 'string'
}
},
'LastSyncTime': datetime(2015, 1, 1),
'LastSuccessfulSyncTime': datetime(2015, 1, 1),
'SyncLastModifiedTime': datetime(2015, 1, 1),
'LastStatus': 'Successful'|'Failed'|'InProgress',
'SyncCreatedTime': datetime(2015, 1, 1),
'LastSyncStatusMessage': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ResourceDataSyncItems (list) --
A list of your current resource data sync configurations and their statuses.
(dict) --
Information about a resource data sync configuration, including its current status and last successful sync.
SyncName (string) --
The name of the resource data sync.
SyncType (string) --
The type of resource data sync. If SyncType is SyncToDestination , then the resource data sync synchronizes data to an S3 bucket. If the SyncType is SyncFromSource then the resource data sync synchronizes data from Organizations or from multiple Regions.
SyncSource (dict) --
Information about the source where the data was synchronized.
SourceType (string) --
The type of data source for the resource data sync. SourceType is either AwsOrganizations (if an organization is present in Organizations) or singleAccountMultiRegions .
AwsOrganizationsSource (dict) --
The field name in SyncSource for the ResourceDataSyncAwsOrganizationsSource type.
OrganizationSourceType (string) --
If an Amazon Web Services organization is present, this is either OrganizationalUnits or EntireOrganization . For OrganizationalUnits , the data is aggregated from a set of organization units. For EntireOrganization , the data is aggregated from the entire Amazon Web Services organization.
OrganizationalUnits (list) --
The Organizations organization units included in the sync.
(dict) --
The Organizations organizational unit data source for the sync.
OrganizationalUnitId (string) --
The Organizations unit ID data source for the sync.
SourceRegions (list) --
The SyncSource Regions included in the resource data sync.
IncludeFutureRegions (boolean) --
Whether to automatically synchronize and aggregate data from new Regions when those Regions come online.
State (string) --
The data type name for including resource data sync state. There are four sync states:
OrganizationNotExists : Your organization doesn't exist.
NoPermissions : The system can't locate the service-linked role. This role is automatically created when a user creates a resource data sync in Explorer.
InvalidOrganizationalUnit : You specified or selected an invalid unit in the resource data sync configuration.
TrustedAccessDisabled : You disabled Systems Manager access in the organization in Organizations.
EnableAllOpsDataSources (boolean) --
When you create a resource data sync, if you choose one of the Organizations options, then Systems Manager automatically enables all OpsData sources in the selected Regions for all accounts in your organization (or in the selected organization units). For more information, see About multiple account and Region resource data syncs in the Amazon Web Services Systems Manager User Guide .
S3Destination (dict) --
Configuration information for the target S3 bucket.
BucketName (string) --
The name of the S3 bucket where the aggregated data is stored.
Prefix (string) --
An Amazon S3 prefix for the bucket.
SyncFormat (string) --
A supported sync format. The following format is currently supported: JsonSerDe
Region (string) --
The Region with the S3 bucket targeted by the resource data sync.
AWSKMSKeyARN (string) --
The ARN of an encryption key for a destination in Amazon S3. Must belong to the same Region as the destination S3 bucket.
DestinationDataSharing (dict) --
Enables destination data sharing. By default, this field is null .
DestinationDataSharingType (string) --
The sharing data type. Only Organization is supported.
LastSyncTime (datetime) --
The last time the configuration attempted to sync (UTC).
LastSuccessfulSyncTime (datetime) --
The last time the sync operations returned a status of SUCCESSFUL (UTC).
SyncLastModifiedTime (datetime) --
The date and time the resource data sync was changed.
LastStatus (string) --
The status reported by the last sync.
SyncCreatedTime (datetime) --
The date and time the configuration was created (UTC).
LastSyncStatusMessage (string) --
The status message details reported by the last sync.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Returns a list of the tags assigned to the specified resource.
For information about the ID format for each supported resource type, see AddTagsToResource .
See also: AWS API Documentation
Request Syntax
response = client.list_tags_for_resource(
ResourceType='Document'|'ManagedInstance'|'MaintenanceWindow'|'Parameter'|'PatchBaseline'|'OpsItem'|'OpsMetadata',
ResourceId='string'
)
[REQUIRED]
Returns a list of tags for a specific resource type.
[REQUIRED]
The resource ID for which you want to see a list of tags.
dict
Response Syntax
{
'TagList': [
{
'Key': 'string',
'Value': 'string'
},
]
}
Response Structure
(dict) --
TagList (list) --
A list of tags.
(dict) --
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
Key (string) --
The name of the tag.
Value (string) --
The value of the tag.
Exceptions
Shares a Amazon Web Services Systems Manager document (SSM document)publicly or privately. If you share a document privately, you must specify the Amazon Web Services user account IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.
See also: AWS API Documentation
Request Syntax
response = client.modify_document_permission(
Name='string',
PermissionType='Share',
AccountIdsToAdd=[
'string',
],
AccountIdsToRemove=[
'string',
],
SharedDocumentVersion='string'
)
[REQUIRED]
The name of the document that you want to share.
[REQUIRED]
The permission type for the document. The permission type can be Share .
The Amazon Web Services user accounts that should have access to the document. The account IDs can either be a group of account IDs or All .
The Amazon Web Services user accounts that should no longer have access to the document. The Amazon Web Services user account can either be a group of account IDs or All . This action has a higher priority than AccountIdsToAdd . If you specify an account ID to add and the same ID to remove, the system removes access to the document.
dict
Response Syntax
{}
Response Structure
Exceptions
Registers a compliance type and other compliance details on a designated resource. This operation lets you register custom compliance details with a resource. This call overwrites existing compliance information on the resource, so you must provide a full list of compliance items each time that you send the request.
ComplianceType can be one of the following:
See also: AWS API Documentation
Request Syntax
response = client.put_compliance_items(
ResourceId='string',
ResourceType='string',
ComplianceType='string',
ExecutionSummary={
'ExecutionTime': datetime(2015, 1, 1),
'ExecutionId': 'string',
'ExecutionType': 'string'
},
Items=[
{
'Id': 'string',
'Title': 'string',
'Severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'Status': 'COMPLIANT'|'NON_COMPLIANT',
'Details': {
'string': 'string'
}
},
],
ItemContentHash='string',
UploadType='COMPLETE'|'PARTIAL'
)
[REQUIRED]
Specify an ID for this resource. For a managed instance, this is the instance ID.
[REQUIRED]
Specify the type of resource. ManagedInstance is currently the only supported resource type.
[REQUIRED]
Specify the compliance type. For example, specify Association (for a State Manager association), Patch, or Custom:string .
[REQUIRED]
A summary of the call execution that includes an execution ID, the type of execution (for example, Command ), and the date/time of the execution using a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'.
The time the execution ran as a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'.
An ID created by the system when PutComplianceItems was called. For example, CommandID is a valid execution ID. You can use this ID in subsequent calls.
The type of execution. For example, Command is a valid execution type.
[REQUIRED]
Information about the compliance as defined by the resource type. For example, for a patch compliance type, Items includes information about the PatchSeverity, Classification, and so on.
Information about a compliance item.
The compliance item ID. For example, if the compliance item is a Windows patch, the ID could be the number of the KB article.
The title of the compliance item. For example, if the compliance item is a Windows patch, the title could be the title of the KB article for the patch; for example: Security Update for Active Directory Federation Services.
The severity of the compliance status. Severity can be one of the following: Critical, High, Medium, Low, Informational, Unspecified.
The status of the compliance item. An item is either COMPLIANT or NON_COMPLIANT.
A "Key": "Value" tag combination for the compliance item.
The mode for uploading compliance items. You can specify COMPLETE or PARTIAL . In COMPLETE mode, the system overwrites all existing compliance information for the resource. You must provide a full list of compliance items each time you send the request.
In PARTIAL mode, the system overwrites compliance information for a specific association. The association must be configured with SyncCompliance set to MANUAL . By default, all requests use COMPLETE mode.
Note
This attribute is only valid for association compliance.
dict
Response Syntax
{}
Response Structure
Exceptions
Bulk update custom inventory items on one more instance. The request adds an inventory item, if it doesn't already exist, or updates an inventory item, if it does exist.
See also: AWS API Documentation
Request Syntax
response = client.put_inventory(
InstanceId='string',
Items=[
{
'TypeName': 'string',
'SchemaVersion': 'string',
'CaptureTime': 'string',
'ContentHash': 'string',
'Content': [
{
'string': 'string'
},
],
'Context': {
'string': 'string'
}
},
]
)
[REQUIRED]
An instance ID where you want to add or update inventory items.
[REQUIRED]
The inventory items that you want to add or update on instances.
Information collected from managed instances based on your inventory policy document
The name of the inventory type. Default inventory item type names start with AWS . Custom inventory type names will start with Custom. Default inventory item types include the following: AWS:AWSComponent , AWS:Application , AWS:InstanceInformation , AWS:Network , and AWS:WindowsUpdate .
The schema version for the inventory item.
The time the inventory information was collected.
MD5 hash of the inventory item type contents. The content hash is used to determine whether to update inventory information. The PutInventory API doesn't update the inventory item type contents if the MD5 hash hasn't changed since last update.
The inventory data of the inventory type.
A map of associated properties for a specified inventory type. For example, with this attribute, you can specify the ExecutionId , ExecutionType , ComplianceType properties of the AWS:ComplianceItem type.
dict
Response Syntax
{
'Message': 'string'
}
Response Structure
(dict) --
Message (string) --
Information about the request.
Exceptions
Add a parameter to the system.
See also: AWS API Documentation
Request Syntax
response = client.put_parameter(
Name='string',
Description='string',
Value='string',
Type='String'|'StringList'|'SecureString',
KeyId='string',
Overwrite=True|False,
AllowedPattern='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
],
Tier='Standard'|'Advanced'|'Intelligent-Tiering',
Policies='string',
DataType='string'
)
[REQUIRED]
The fully qualified name of the parameter that you want to add to the system. The fully qualified name includes the complete hierarchy of the parameter path and name. For parameters in a hierarchy, you must include a leading forward slash character (/) when you create or reference a parameter. For example: /Dev/DBServer/MySQL/db-string13
Naming Constraints:
For additional information about valid values for parameter names, see Creating Systems Manager parameters in the Amazon Web Services Systems Manager User Guide .
Note
The maximum length constraint listed below includes capacity for additional system attributes that aren't part of the name. The maximum length for a parameter name, including the full length of the parameter ARN, is 1011 characters. For example, the length of the following parameter name is 65 characters, not 20 characters:
arn:aws:ssm:us-east-2:111122223333:parameter/ExampleParameterName
Information about the parameter that you want to add to the system. Optional but recommended.
Warning
Don't enter personally identifiable information in this field.
[REQUIRED]
The parameter value that you want to add to the system. Standard parameters have a value limit of 4 KB. Advanced parameters have a value limit of 8 KB.
Note
Parameters can't be referenced or nested in the values of other parameters. You can't include {{}} or {{ssm:*parameter-name* }} in a parameter value.
The type of parameter that you want to add to the system.
Note
SecureString isn't currently supported for CloudFormation templates.
Items in a StringList must be separated by a comma (,). You can't use other punctuation or special character to escape items in the list. If you have a parameter value that requires a comma, then use the String data type.
Warning
Specifying a parameter type isn't required when updating a parameter. You must specify a parameter type when creating a parameter.
The Key Management Service (KMS) ID that you want to use to encrypt a parameter. Either the default KMS key automatically assigned to your account or a custom key. Required for parameters that use the SecureString data type.
If you don't specify a key ID, the system uses the default key associated with your account.
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Systems Manager parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter. In this case, you could specify the following key-value pairs:
Note
To add tags to an existing Systems Manager parameter, use the AddTagsToResource operation.
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
The parameter tier to assign to a parameter.
Parameter Store offers a standard tier and an advanced tier for parameters. Standard parameters have a content size limit of 4 KB and can't be configured to use parameter policies. You can create a maximum of 10,000 standard parameters for each Region in an account. Standard parameters are offered at no additional cost.
Advanced parameters have a content size limit of 8 KB and can be configured to use parameter policies. You can create a maximum of 100,000 advanced parameters for each Region in an account. Advanced parameters incur a charge. For more information, see Standard and advanced parameter tiers in the Amazon Web Services Systems Manager User Guide .
You can change a standard parameter to an advanced parameter any time. But you can't revert an advanced parameter to a standard parameter. Reverting an advanced parameter to a standard parameter would result in data loss because the system would truncate the size of the parameter from 8 KB to 4 KB. Reverting would also remove any policies attached to the parameter. Lastly, advanced parameters use a different form of encryption than standard parameters.
If you no longer need an advanced parameter, or if you no longer want to incur charges for an advanced parameter, you must delete it and recreate it as a new standard parameter.
Using the Default Tier Configuration
In PutParameter requests, you can specify the tier to create the parameter in. Whenever you specify a tier in the request, Parameter Store creates or updates the parameter according to that request. However, if you don't specify a tier in a request, Parameter Store assigns the tier based on the current Parameter Store default tier configuration.
The default tier when you begin using Parameter Store is the standard-parameter tier. If you use the advanced-parameter tier, you can specify one of the following as the default:
Options that require an advanced parameter include the following:
For more information about configuring the default tier option, see Specifying a default parameter tier in the Amazon Web Services Systems Manager User Guide .
One or more policies to apply to a parameter. This operation takes a JSON array. Parameter Store, a capability of Amazon Web Services Systems Manager supports the following policy types:
Expiration: This policy deletes the parameter after it expires. When you create the policy, you specify the expiration date. You can update the expiration date and time by updating the policy. Updating the parameter doesn't affect the expiration date and time. When the expiration time is reached, Parameter Store deletes the parameter.
ExpirationNotification: This policy triggers an event in Amazon CloudWatch Events that notifies you about the expiration. By using this policy, you can receive notification before or after the expiration time is reached, in units of days or hours.
NoChangeNotification: This policy triggers a CloudWatch Events event if a parameter hasn't been modified for a specified period of time. This policy type is useful when, for example, a secret needs to be changed within a period of time, but it hasn't been changed.
All existing policies are preserved until you send new policies or an empty policy. For more information about parameter policies, see Assigning parameter policies .
The data type for a String parameter. Supported data types include plain text and Amazon Machine Image (AMI) IDs.
The following data type values are supported.
When you create a String parameter and specify aws:ec2:image , Amazon Web Services Systems Manager validates the parameter value is in the required format, such as ami-12345abcdeEXAMPLE , and that the specified AMI is available in your account. For more information, see Native parameter support for Amazon Machine Image (AMI) IDs in the Amazon Web Services Systems Manager User Guide .
dict
Response Syntax
{
'Version': 123,
'Tier': 'Standard'|'Advanced'|'Intelligent-Tiering'
}
Response Structure
(dict) --
Version (integer) --
The new version number of a parameter. If you edit a parameter value, Parameter Store automatically creates a new version and assigns this new version a unique ID. You can reference a parameter version ID in API operations or in Systems Manager documents (SSM documents). By default, if you don't specify a specific version, the system returns the latest parameter value when a parameter is called.
Tier (string) --
The tier assigned to the parameter.
Exceptions
Defines the default patch baseline for the relevant operating system.
To reset the Amazon Web Services-predefined patch baseline as the default, specify the full patch baseline Amazon Resource Name (ARN) as the baseline ID value. For example, for CentOS, specify arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed instead of pb-0574b43a65ea646ed .
See also: AWS API Documentation
Request Syntax
response = client.register_default_patch_baseline(
BaselineId='string'
)
[REQUIRED]
The ID of the patch baseline that should be the default patch baseline.
{
'BaselineId': 'string'
}
Response Structure
The ID of the default patch baseline.
Exceptions
Registers a patch baseline for a patch group.
See also: AWS API Documentation
Request Syntax
response = client.register_patch_baseline_for_patch_group(
BaselineId='string',
PatchGroup='string'
)
[REQUIRED]
The ID of the patch baseline to register with the patch group.
[REQUIRED]
The name of the patch group to be registered with the patch baseline.
dict
Response Syntax
{
'BaselineId': 'string',
'PatchGroup': 'string'
}
Response Structure
(dict) --
BaselineId (string) --
The ID of the patch baseline the patch group was registered with.
PatchGroup (string) --
The name of the patch group registered with the patch baseline.
Exceptions
Registers a target with a maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.register_target_with_maintenance_window(
WindowId='string',
ResourceType='INSTANCE'|'RESOURCE_GROUP',
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
OwnerInformation='string',
Name='string',
Description='string',
ClientToken='string'
)
[REQUIRED]
The ID of the maintenance window the target should be registered with.
[REQUIRED]
The type of target being registered with the maintenance window.
[REQUIRED]
The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs.
Note
If a single maintenance window task is registered with multiple targets, its task invocations occur sequentially and not in parallel. If your task must run on multiple targets at the same time, register a task for each target individually and assign each task the same priority level.
You can specify targets using instance IDs, resource group names, or tags that have been applied to instances.
Example 1 : Specify instance IDs``Key=InstanceIds,Values=*instance-id-1* ,*instance-id-2* ,*instance-id-3* ``
Example 2 : Use tag key-pairs applied to instances
``Key=tag:my-tag-key ,Values=*my-tag-value-1* ,*my-tag-value-2* ``
Example 3 : Use tag-keys applied to instances
``Key=tag-key,Values=*my-tag-key-1* ,*my-tag-key-2* ``
Example 4 : Use resource group names
``Key=resource-groups:Name,Values=*resource-group-name* ``
Example 5 : Use filters for resource group types
``Key=resource-groups:ResourceTypeFilters,Values=*resource-type-1* ,*resource-type-2* ``
Note
For Key=resource-groups:ResourceTypeFilters , specify resource types in the following format
``Key=resource-groups:ResourceTypeFilters,Values=*AWS::EC2::INSTANCE* ,*AWS::EC2::VPC* ``
For more information about these examples formats, including the best use case for each one, see Examples: Register targets with a maintenance window in the Amazon Web Services Systems Manager User Guide .
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
User-provided idempotency token.
This field is autopopulated if not provided.
dict
Response Syntax
{
'WindowTargetId': 'string'
}
Response Structure
(dict) --
WindowTargetId (string) --
The ID of the target definition in this maintenance window.
Exceptions
Adds a new task to a maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.register_task_with_maintenance_window(
WindowId='string',
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
TaskArn='string',
ServiceRoleArn='string',
TaskType='RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA',
TaskParameters={
'string': {
'Values': [
'string',
]
}
},
TaskInvocationParameters={
'RunCommand': {
'Comment': 'string',
'CloudWatchOutputConfig': {
'CloudWatchLogGroupName': 'string',
'CloudWatchOutputEnabled': True|False
},
'DocumentHash': 'string',
'DocumentHashType': 'Sha256'|'Sha1',
'DocumentVersion': 'string',
'NotificationConfig': {
'NotificationArn': 'string',
'NotificationEvents': [
'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed',
],
'NotificationType': 'Command'|'Invocation'
},
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string',
'Parameters': {
'string': [
'string',
]
},
'ServiceRoleArn': 'string',
'TimeoutSeconds': 123
},
'Automation': {
'DocumentVersion': 'string',
'Parameters': {
'string': [
'string',
]
}
},
'StepFunctions': {
'Input': 'string',
'Name': 'string'
},
'Lambda': {
'ClientContext': 'string',
'Qualifier': 'string',
'Payload': b'bytes'
}
},
Priority=123,
MaxConcurrency='string',
MaxErrors='string',
LoggingInfo={
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'S3Region': 'string'
},
Name='string',
Description='string',
ClientToken='string'
)
[REQUIRED]
The ID of the maintenance window the task should be added to.
The targets (either instances or maintenance window targets).
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Specify instances using the following format:
Key=InstanceIds,Values=<instance-id-1>,<instance-id-2>
Specify maintenance window targets using the following format:
Key=WindowTargetIds,Values=<window-target-id-1>,<window-target-id-2>
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
[REQUIRED]
The ARN of the task to run.
The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses your account's service-linked role. If no service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow .
For more information, see the following topics in the in the Amazon Web Services Systems Manager User Guide :
[REQUIRED]
The type of task being registered.
The parameters that should be passed to the task when it is run.
Note
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
Defines the values for a task parameter.
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
The parameters that the task should use during execution. Populate only the fields that match the task type. All other fields should be empty.
The parameters for a RUN_COMMAND task type.
Information about the commands to run.
Configuration options for sending command output to Amazon CloudWatch Logs.
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
``aws/ssm/SystemsManagerDocumentName ``
Enables Systems Manager to send command output to CloudWatch Logs.
The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
SHA-256 or SHA-1. SHA-1 hashes have been deprecated.
The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify $DEFAULT , $LATEST , or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:
--document-version "\$DEFAULT"--document-version "\$LATEST"
--document-version "3"
Configurations for sending notifications about command status changes on a per-instance basis.
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide .
The type of notification.
The name of the Amazon Simple Storage Service (Amazon S3) bucket.
The S3 bucket subfolder.
The parameters for the RUN_COMMAND task execution.
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
If this time is reached and the command hasn't already started running, it doesn't run.
The parameters for an AUTOMATION task type.
The version of an Automation runbook to use during task execution.
The parameters for the AUTOMATION task.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask .
Note
LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
For AUTOMATION task types, Amazon Web Services Systems Manager ignores any values specified for these parameters.
The parameters for a STEP_FUNCTIONS task type.
The inputs for the STEP_FUNCTIONS task.
The name of the STEP_FUNCTIONS task.
The parameters for a LAMBDA task type.
Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.
(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.
JSON to provide to your Lambda function as input.
The maximum number of targets this task can be run for in parallel.
Note
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1 . This value doesn't affect the running of your task.
The maximum number of errors allowed before this task stops being scheduled.
Note
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1 . This value doesn't affect the running of your task.
A structure containing information about an Amazon Simple Storage Service (Amazon S3) bucket to write instance-level logs to.
Note
LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
The name of an S3 bucket where execution logs are stored .
(Optional) The S3 bucket subfolder.
The Region where the S3 bucket is located.
User-provided idempotency token.
This field is autopopulated if not provided.
dict
Response Syntax
{
'WindowTaskId': 'string'
}
Response Structure
(dict) --
WindowTaskId (string) --
The ID of the task in the maintenance window.
Exceptions
Removes tag keys from the specified resource.
See also: AWS API Documentation
Request Syntax
response = client.remove_tags_from_resource(
ResourceType='Document'|'ManagedInstance'|'MaintenanceWindow'|'Parameter'|'PatchBaseline'|'OpsItem'|'OpsMetadata',
ResourceId='string',
TagKeys=[
'string',
]
)
[REQUIRED]
The type of resource from which you want to remove a tag.
Note
The ManagedInstance type for this API operation is only for on-premises managed instances. Specify the name of the managed instance in the following format: mi-*ID_number* `` . For example, ``mi-1a2b3c4d5e6f .
[REQUIRED]
The ID of the resource from which you want to remove tags. For example:
ManagedInstance: mi-012345abcde
MaintenanceWindow: mw-012345abcde
PatchBaseline: pb-012345abcde
OpsMetadata object: ResourceID for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically, ResourceID is created from the strings that come after the word opsmetadata in the ARN. For example, an OpsMetadata object with an ARN of arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager has a ResourceID of either aws/ssm/MyGroup/appmanager or /aws/ssm/MyGroup/appmanager .
For the Document and Parameter values, use the name of the resource.
Note
The ManagedInstance type for this API operation is only for on-premises managed instances. Specify the name of the managed instance in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f.
[REQUIRED]
Tag keys that you want to remove from the specified resource.
dict
Response Syntax
{}
Response Structure
Exceptions
ServiceSetting is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.
Services map a SettingId object to a setting value. Amazon Web Services services teams define the default value for a SettingId . You can't create a new SettingId , but you can overwrite the default value if you have the ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting API operation to view the current value. Use the UpdateServiceSetting API operation to change the default setting.
Reset the service setting for the account to the default value as provisioned by the Amazon Web Services service team.
See also: AWS API Documentation
Request Syntax
response = client.reset_service_setting(
SettingId='string'
)
[REQUIRED]
The Amazon Resource Name (ARN) of the service setting to reset. The setting ID can be one of the following.
{
'ServiceSetting': {
'SettingId': 'string',
'SettingValue': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'LastModifiedUser': 'string',
'ARN': 'string',
'Status': 'string'
}
}
Response Structure
The result body of the ResetServiceSetting API operation.
The current, effective service setting after calling the ResetServiceSetting API operation.
The ID of the service setting.
The value of the service setting.
The last time the service setting was modified.
The ARN of the last modified user. This field is populated only if the setting value was overwritten.
The ARN of the service setting.
The status of the service setting. The value can be Default, Customized or PendingUpdate.
Exceptions
Reconnects a session to an instance after it has been disconnected. Connections can be resumed for disconnected sessions, but not terminated sessions.
Note
This command is primarily for use by client machines to automatically reconnect during intermittent network issues. It isn't intended for any other use.
See also: AWS API Documentation
Request Syntax
response = client.resume_session(
SessionId='string'
)
[REQUIRED]
The ID of the disconnected session to resume.
{
'SessionId': 'string',
'TokenValue': 'string',
'StreamUrl': 'string'
}
Response Structure
The ID of the session.
An encrypted token value containing session and caller information. Used to authenticate the connection to the instance.
A URL back to SSM Agent on the instance that the Session Manager client uses to send commands and receive output from the instance. Format: wss://ssmmessages.**region** .amazonaws.com/v1/data-channel/**session-id** ?stream=(input|output) .
region represents the Region identifier for an Region supported by Amazon Web Services Systems Manager, such as us-east-2 for the US East (Ohio) Region. For a list of supported region values, see the Region column in Systems Manager service endpoints in the Amazon Web Services General Reference .session-id represents the ID of a Session Manager session, such as 1a2b3c4dEXAMPLE .
Exceptions
Sends a signal to an Automation execution to change the current behavior or status of the execution.
See also: AWS API Documentation
Request Syntax
response = client.send_automation_signal(
AutomationExecutionId='string',
SignalType='Approve'|'Reject'|'StartStep'|'StopStep'|'Resume',
Payload={
'string': [
'string',
]
}
)
[REQUIRED]
The unique identifier for an existing Automation execution that you want to send the signal to.
[REQUIRED]
The type of signal to send to an Automation execution.
The data sent with the signal. The data schema depends on the type of signal used in the request.
For Approve and Reject signal types, the payload is an optional comment that you can send with the signal type. For example:
Comment="Looks good"
For StartStep and Resume signal types, you must send the name of the Automation step to start or resume as the payload. For example:
StepName="step1"
For the StopStep signal type, you must send the step execution ID as the payload. For example:
StepExecutionId="97fff367-fc5a-4299-aed8-0123456789ab"
dict
Response Syntax
{}
Response Structure
Exceptions
Runs commands on one or more managed instances.
See also: AWS API Documentation
Request Syntax
response = client.send_command(
InstanceIds=[
'string',
],
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
DocumentName='string',
DocumentVersion='string',
DocumentHash='string',
DocumentHashType='Sha256'|'Sha1',
TimeoutSeconds=123,
Comment='string',
Parameters={
'string': [
'string',
]
},
OutputS3Region='string',
OutputS3BucketName='string',
OutputS3KeyPrefix='string',
MaxConcurrency='string',
MaxErrors='string',
ServiceRoleArn='string',
NotificationConfig={
'NotificationArn': 'string',
'NotificationEvents': [
'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed',
],
'NotificationType': 'Command'|'Invocation'
},
CloudWatchOutputConfig={
'CloudWatchLogGroupName': 'string',
'CloudWatchOutputEnabled': True|False
}
)
The IDs of the instances where the command should run. Specifying instance IDs is most useful when you are targeting a limited number of instances, though you can specify up to 50 IDs.
To target a larger number of instances, or if you prefer not to list individual instance IDs, we recommend using the Targets option instead. Using Targets , which accepts tag key-value pairs to identify the instances to send commands to, you can a send command to tens, hundreds, or thousands of instances at once.
For more information about how to use targets, see Using targets and rate controls to send commands to a fleet in the Amazon Web Services Systems Manager User Guide .
An array of search criteria that targets instances using a Key,Value combination that you specify. Specifying targets is most useful when you want to send a command to a large number of instances at once. Using Targets , which accepts tag key-value pairs to identify instances, you can send a command to tens, hundreds, or thousands of instances at once.
To send a command to a smaller number of instances, you can use the InstanceIds option instead.
For more information about how to use targets, see Sending commands to a fleet in the Amazon Web Services Systems Manager User Guide .
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
[REQUIRED]
The name of the Amazon Web Services Systems Manager document (SSM document) to run. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document ARN. For more information about how to use shared documents, see Using shared SSM documents in the Amazon Web Services Systems Manager User Guide .
The SSM document version to use in the request. You can specify $DEFAULT, $LATEST, or a specific version number. If you run commands by using the Command Line Interface (Amazon Web Services CLI), then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:
--document-version "$DEFAULT"
--document-version "$LATEST"
--document-version "3"
The Sha256 or Sha1 hash created by the system when the document was created.
Note
Sha1 hashes have been deprecated.
Sha256 or Sha1.
Note
Sha1 hashes have been deprecated.
The required and optional parameters specified in the document being run.
Configurations for sending notifications.
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide .
The type of notification.
Enables Amazon Web Services Systems Manager to send Run Command output to Amazon CloudWatch Logs. Run Command is a capability of Amazon Web Services Systems Manager.
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
``aws/ssm/SystemsManagerDocumentName ``
Enables Systems Manager to send command output to CloudWatch Logs.
dict
Response Syntax
{
'Command': {
'CommandId': 'string',
'DocumentName': 'string',
'DocumentVersion': 'string',
'Comment': 'string',
'ExpiresAfter': datetime(2015, 1, 1),
'Parameters': {
'string': [
'string',
]
},
'InstanceIds': [
'string',
],
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'RequestedDateTime': datetime(2015, 1, 1),
'Status': 'Pending'|'InProgress'|'Success'|'Cancelled'|'Failed'|'TimedOut'|'Cancelling',
'StatusDetails': 'string',
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string',
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'TargetCount': 123,
'CompletedCount': 123,
'ErrorCount': 123,
'DeliveryTimedOutCount': 123,
'ServiceRole': 'string',
'NotificationConfig': {
'NotificationArn': 'string',
'NotificationEvents': [
'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed',
],
'NotificationType': 'Command'|'Invocation'
},
'CloudWatchOutputConfig': {
'CloudWatchLogGroupName': 'string',
'CloudWatchOutputEnabled': True|False
},
'TimeoutSeconds': 123
}
}
Response Structure
(dict) --
Command (dict) --
The request as it was received by Systems Manager. Also provides the command ID which can be used future references to this request.
CommandId (string) --
A unique identifier for this command.
DocumentName (string) --
The name of the document requested for execution.
DocumentVersion (string) --
The Systems Manager document (SSM document) version.
Comment (string) --
User-specified information about the command, such as a brief description of what the command should do.
ExpiresAfter (datetime) --
If this time is reached and the command hasn't already started running, it won't run. Calculated based on the ExpiresAfter user input provided as part of the SendCommand API operation.
Parameters (dict) --
The parameter values to be inserted in the document when running the command.
InstanceIds (list) --
The instance IDs against which this command was requested.
Targets (list) --
An array of search criteria that targets instances using a Key,Value combination that you specify. Targets is required if you don't provide one or more instance IDs in the call.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
RequestedDateTime (datetime) --
The date and time the command was requested.
Status (string) --
The status of the command.
StatusDetails (string) --
A detailed status of the command execution. StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide . StatusDetails can be one of the following values:
OutputS3Region (string) --
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Region of the S3 bucket.
OutputS3BucketName (string) --
The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command.
OutputS3KeyPrefix (string) --
The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command.
MaxConcurrency (string) --
The maximum number of instances that are allowed to run the command at the same time. You can specify a number of instances, such as 10, or a percentage of instances, such as 10%. The default value is 50. For more information about how to use MaxConcurrency , see Running commands using Systems Manager Run Command in the Amazon Web Services Systems Manager User Guide .
MaxErrors (string) --
The maximum number of errors allowed before the system stops sending the command to additional targets. You can specify a number of errors, such as 10, or a percentage or errors, such as 10%. The default value is 0 . For more information about how to use MaxErrors , see Running commands using Systems Manager Run Command in the Amazon Web Services Systems Manager User Guide .
TargetCount (integer) --
The number of targets for the command.
CompletedCount (integer) --
The number of targets for which the command invocation reached a terminal state. Terminal states include the following: Success, Failed, Execution Timed Out, Delivery Timed Out, Canceled, Terminated, or Undeliverable.
ErrorCount (integer) --
The number of targets for which the status is Failed or Execution Timed Out.
DeliveryTimedOutCount (integer) --
The number of targets for which the status is Delivery Timed Out.
ServiceRole (string) --
The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes.
NotificationConfig (dict) --
Configurations for sending notifications about command status changes.
NotificationArn (string) --
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents (list) --
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide .
NotificationType (string) --
The type of notification.
CloudWatchOutputConfig (dict) --
Amazon CloudWatch Logs information where you want Amazon Web Services Systems Manager to send the command output.
CloudWatchLogGroupName (string) --
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
``aws/ssm/SystemsManagerDocumentName ``
CloudWatchOutputEnabled (boolean) --
Enables Systems Manager to send command output to CloudWatch Logs.
TimeoutSeconds (integer) --
The TimeoutSeconds value specified for a command.
Exceptions
Runs an association immediately and only one time. This operation can be helpful when troubleshooting associations.
See also: AWS API Documentation
Request Syntax
response = client.start_associations_once(
AssociationIds=[
'string',
]
)
[REQUIRED]
The association IDs that you want to run immediately and only one time.
{}
Response Structure
Exceptions
Initiates execution of an Automation runbook.
See also: AWS API Documentation
Request Syntax
response = client.start_automation_execution(
DocumentName='string',
DocumentVersion='string',
Parameters={
'string': [
'string',
]
},
ClientToken='string',
Mode='Auto'|'Interactive',
TargetParameterName='string',
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
TargetMaps=[
{
'string': [
'string',
]
},
],
MaxConcurrency='string',
MaxErrors='string',
TargetLocations=[
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
],
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The name of the SSM document to run. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document ARN. For more information about how to use shared documents, see Using shared SSM documents in the Amazon Web Services Systems Manager User Guide .
A key-value map of execution parameters, which match the declared parameters in the Automation runbook.
A key-value mapping to target resources. Required if you specify TargetParameterName.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.
The number of errors that are allowed before the system stops running the automation on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops running the automation when the fourth error is received. If you specify 0, then the system stops running the automation on additional targets after the first error result is returned. If you run an automation on 50 resources and set max-errors to 10%, then the system stops running the automation on additional targets when the sixth error is received.
Executions that are already running an automation when max-errors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one at a time.
A location is a combination of Regions and/or accounts where you want to run the automation. Use this operation to start an automation in multiple Regions and multiple accounts. For more information, see Running Automation workflows in multiple Regions and accounts in the Amazon Web Services Systems Manager User Guide .
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
Optional metadata that you assign to a resource. You can specify a maximum of five tags for an automation. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an automation to identify an environment or operating system. In this case, you could specify the following key-value pairs:
Note
To add tags to an existing patch baseline, use the AddTagsToResource operation.
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{
'AutomationExecutionId': 'string'
}
Response Structure
(dict) --
AutomationExecutionId (string) --
The unique ID of a newly scheduled automation execution.
Exceptions
Creates a change request for Change Manager. The Automation runbooks specified in the change request run only after all required approvals for the change request have been received.
See also: AWS API Documentation
Request Syntax
response = client.start_change_request_execution(
ScheduledTime=datetime(2015, 1, 1),
DocumentName='string',
DocumentVersion='string',
Parameters={
'string': [
'string',
]
},
ChangeRequestName='string',
ClientToken='string',
Runbooks=[
{
'DocumentName': 'string',
'DocumentVersion': 'string',
'Parameters': {
'string': [
'string',
]
},
'TargetParameterName': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
},
],
Tags=[
{
'Key': 'string',
'Value': 'string'
},
],
ScheduledEndTime=datetime(2015, 1, 1),
ChangeDetails='string'
)
The date and time specified in the change request to run the Automation runbooks.
Note
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
[REQUIRED]
The name of the change template document to run during the runbook workflow.
A key-value map of parameters that match the declared parameters in the change template document.
[REQUIRED]
Information about the Automation runbooks that are run during the runbook workflow.
Note
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
Information about an Automation runbook used in a runbook workflow in Change Manager.
Note
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
The name of the Automation runbook used in a runbook workflow.
The version of the Automation runbook used in a runbook workflow.
The key-value map of execution parameters, which were supplied when calling StartChangeRequestExecution .
The name of the parameter used as the target resource for the rate-controlled runbook workflow. Required if you specify Targets .
A key-value mapping to target resources that the runbook operation performs tasks on. Required if you specify TargetParameterName .
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
The MaxConcurrency value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time.
The MaxErrors value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back.
Information about the Regions and accounts targeted by the current Runbook operation.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
Optional metadata that you assign to a resource. You can specify a maximum of five tags for a change request. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a change request to identify an environment or target Region. In this case, you could specify the following key-value pairs:
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{
'AutomationExecutionId': 'string'
}
Response Structure
(dict) --
AutomationExecutionId (string) --
The unique ID of a runbook workflow operation. (A runbook workflow is a type of Automation operation.)
Exceptions
Initiates a connection to a target (for example, an instance) for a Session Manager session. Returns a URL and token that can be used to open a WebSocket connection for sending input and receiving outputs.
Note
Amazon Web Services CLI usage: start-session is an interactive command that requires the Session Manager plugin to be installed on the client machine making the call. For information, see Install the Session Manager plugin for the Amazon Web Services CLI in the Amazon Web Services Systems Manager User Guide .
Amazon Web Services Tools for PowerShell usage: Start-SSMSession isn't currently supported by Amazon Web Services Tools for PowerShell on Windows local machines.
See also: AWS API Documentation
Request Syntax
response = client.start_session(
Target='string',
DocumentName='string',
Parameters={
'string': [
'string',
]
}
)
[REQUIRED]
The instance to connect to for the session.
Reserved for future use.
dict
Response Syntax
{
'SessionId': 'string',
'TokenValue': 'string',
'StreamUrl': 'string'
}
Response Structure
(dict) --
SessionId (string) --
The ID of the session.
TokenValue (string) --
An encrypted token value containing session and caller information. Used to authenticate the connection to the instance.
StreamUrl (string) --
A URL back to SSM Agent on the instance that the Session Manager client uses to send commands and receive output from the instance. Format: wss://ssmmessages.**region** .amazonaws.com/v1/data-channel/**session-id** ?stream=(input|output)
region represents the Region identifier for an Region supported by Amazon Web Services Systems Manager, such as us-east-2 for the US East (Ohio) Region. For a list of supported region values, see the Region column in Systems Manager service endpoints in the Amazon Web Services General Reference .
session-id represents the ID of a Session Manager session, such as 1a2b3c4dEXAMPLE .
Exceptions
Stop an Automation that is currently running.
See also: AWS API Documentation
Request Syntax
response = client.stop_automation_execution(
AutomationExecutionId='string',
Type='Complete'|'Cancel'
)
[REQUIRED]
The execution ID of the Automation to stop.
dict
Response Syntax
{}
Response Structure
Exceptions
Permanently ends a session and closes the data connection between the Session Manager client and SSM Agent on the instance. A terminated session isn't be resumed.
See also: AWS API Documentation
Request Syntax
response = client.terminate_session(
SessionId='string'
)
[REQUIRED]
The ID of the session to terminate.
{
'SessionId': 'string'
}
Response Structure
The ID of the session that has been terminated.
Exceptions
Remove a label or labels from a parameter.
See also: AWS API Documentation
Request Syntax
response = client.unlabel_parameter_version(
Name='string',
ParameterVersion=123,
Labels=[
'string',
]
)
[REQUIRED]
The name of the parameter from which you want to delete one or more labels.
[REQUIRED]
The specific version of the parameter which you want to delete one or more labels from. If it isn't present, the call will fail.
[REQUIRED]
One or more labels to delete from the specified parameter version.
dict
Response Syntax
{
'RemovedLabels': [
'string',
],
'InvalidLabels': [
'string',
]
}
Response Structure
(dict) --
RemovedLabels (list) --
A list of all labels deleted from the parameter.
InvalidLabels (list) --
The labels that aren't attached to the given parameter version.
Exceptions
Updates an association. You can update the association name and version, the document version, schedule, parameters, and Amazon Simple Storage Service (Amazon S3) output.
In order to call this API operation, your Identity and Access Management (IAM) user account, group, or role must be configured with permission to call the DescribeAssociation API operation. If you don't have permission to call DescribeAssociation , then you receive the following error: An error occurred (AccessDeniedException) when calling the UpdateAssociation operation: User: <user_arn> isn't authorized to perform: ssm:DescribeAssociation on resource: <resource_arn>
Warning
When you update an association, the association immediately runs against the specified targets.
See also: AWS API Documentation
Request Syntax
response = client.update_association(
AssociationId='string',
Parameters={
'string': [
'string',
]
},
DocumentVersion='string',
ScheduleExpression='string',
OutputLocation={
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
Name='string',
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
AssociationName='string',
AssociationVersion='string',
AutomationTargetParameterName='string',
MaxErrors='string',
MaxConcurrency='string',
ComplianceSeverity='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
SyncCompliance='AUTO'|'MANUAL',
ApplyOnlyAtCronInterval=True|False,
CalendarNames=[
'string',
],
TargetLocations=[
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
)
[REQUIRED]
The ID of the association you want to update.
The parameters you want to update for the association. If you create a parameter using Parameter Store, a capability of Amazon Web Services Systems Manager, you can reference the parameter using {{ssm:parameter-name}} .
An S3 bucket where you want to store the results of this request.
An S3 bucket where you want to store the results of this request.
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
The name of the S3 bucket.
The S3 bucket subfolder.
The name of the SSM Command document or Automation runbook that contains the configuration information for the instance.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.
For Systems Manager document (SSM document) that are shared with you from other accounts, you must specify the complete SSM document ARN, in the following format:
``arn:aws:ssm:region :account-id :document/document-name ``
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS-ApplyPatchBaseline or My-Document .
The targets of the association.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
By default, when you update an association, the system runs it immediately after it is updated and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you update it. This parameter isn't supported for rate expressions.
Also, if you specified this option when you created the association, you can reset it. To do so, specify the no-apply-only-at-cron-interval parameter when you update the association from the command line. This parameter forces the association to run immediately after updating it and according to the interval specified.
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents you want to gate your associations under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
A location is a combination of Regions and accounts where you want to run the association. Use this action to update an association in multiple Regions and multiple accounts.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
dict
Response Syntax
{
'AssociationDescription': {
'Name': 'string',
'InstanceId': 'string',
'AssociationVersion': 'string',
'Date': datetime(2015, 1, 1),
'LastUpdateAssociationDate': datetime(2015, 1, 1),
'Status': {
'Date': datetime(2015, 1, 1),
'Name': 'Pending'|'Success'|'Failed',
'Message': 'string',
'AdditionalInfo': 'string'
},
'Overview': {
'Status': 'string',
'DetailedStatus': 'string',
'AssociationStatusAggregatedCount': {
'string': 123
}
},
'DocumentVersion': 'string',
'AutomationTargetParameterName': 'string',
'Parameters': {
'string': [
'string',
]
},
'AssociationId': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'ScheduleExpression': 'string',
'OutputLocation': {
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
'LastExecutionDate': datetime(2015, 1, 1),
'LastSuccessfulExecutionDate': datetime(2015, 1, 1),
'AssociationName': 'string',
'MaxErrors': 'string',
'MaxConcurrency': 'string',
'ComplianceSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
'SyncCompliance': 'AUTO'|'MANUAL',
'ApplyOnlyAtCronInterval': True|False,
'CalendarNames': [
'string',
],
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
}
}
Response Structure
(dict) --
AssociationDescription (dict) --
The description of the association that was updated.
Name (string) --
The name of the SSM document.
InstanceId (string) --
The ID of the instance.
AssociationVersion (string) --
The association version.
Date (datetime) --
The date when the association was made.
LastUpdateAssociationDate (datetime) --
The date when the association was last updated.
Status (dict) --
The association status.
Date (datetime) --
The date when the status changed.
Name (string) --
The status.
Message (string) --
The reason for the status.
AdditionalInfo (string) --
A user-defined string.
Overview (dict) --
Information about the association.
Status (string) --
The status of the association. Status can be: Pending, Success, or Failed.
DetailedStatus (string) --
A detailed status of the association.
AssociationStatusAggregatedCount (dict) --
Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
DocumentVersion (string) --
The document version.
AutomationTargetParameterName (string) --
Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
Parameters (dict) --
A description of the parameters for a document.
AssociationId (string) --
The association ID.
Targets (list) --
The instances targeted by the request.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression (string) --
A cron expression that specifies a schedule when the association runs.
OutputLocation (dict) --
An S3 bucket where you want to store the output details of the request.
S3Location (dict) --
An S3 bucket where you want to store the results of this request.
OutputS3Region (string) --
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
OutputS3BucketName (string) --
The name of the S3 bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
LastExecutionDate (datetime) --
The date on which the association was last run.
LastSuccessfulExecutionDate (datetime) --
The last date on which the association was successfully run.
AssociationName (string) --
The association name.
MaxErrors (string) --
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
MaxConcurrency (string) --
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
ComplianceSeverity (string) --
The severity level that is assigned to the association.
SyncCompliance (string) --
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
ApplyOnlyAtCronInterval (boolean) --
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames (list) --
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
TargetLocations (list) --
The combination of Regions and accounts where you want to run the association.
(dict) --
The combination of Regions and accounts targeted by the current Automation execution.
Accounts (list) --
The accounts targeted by the current Automation execution.
Regions (list) --
The Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency (string) --
The maximum number of Regions and accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors (string) --
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName (string) --
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
Exceptions
Updates the status of the Amazon Web Services Systems Manager document (SSM document) associated with the specified instance.
See also: AWS API Documentation
Request Syntax
response = client.update_association_status(
Name='string',
InstanceId='string',
AssociationStatus={
'Date': datetime(2015, 1, 1),
'Name': 'Pending'|'Success'|'Failed',
'Message': 'string',
'AdditionalInfo': 'string'
}
)
[REQUIRED]
The name of the SSM document.
[REQUIRED]
The ID of the instance.
[REQUIRED]
The association status.
The date when the status changed.
The status.
The reason for the status.
A user-defined string.
dict
Response Syntax
{
'AssociationDescription': {
'Name': 'string',
'InstanceId': 'string',
'AssociationVersion': 'string',
'Date': datetime(2015, 1, 1),
'LastUpdateAssociationDate': datetime(2015, 1, 1),
'Status': {
'Date': datetime(2015, 1, 1),
'Name': 'Pending'|'Success'|'Failed',
'Message': 'string',
'AdditionalInfo': 'string'
},
'Overview': {
'Status': 'string',
'DetailedStatus': 'string',
'AssociationStatusAggregatedCount': {
'string': 123
}
},
'DocumentVersion': 'string',
'AutomationTargetParameterName': 'string',
'Parameters': {
'string': [
'string',
]
},
'AssociationId': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'ScheduleExpression': 'string',
'OutputLocation': {
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
'LastExecutionDate': datetime(2015, 1, 1),
'LastSuccessfulExecutionDate': datetime(2015, 1, 1),
'AssociationName': 'string',
'MaxErrors': 'string',
'MaxConcurrency': 'string',
'ComplianceSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
'SyncCompliance': 'AUTO'|'MANUAL',
'ApplyOnlyAtCronInterval': True|False,
'CalendarNames': [
'string',
],
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
}
}
Response Structure
(dict) --
AssociationDescription (dict) --
Information about the association.
Name (string) --
The name of the SSM document.
InstanceId (string) --
The ID of the instance.
AssociationVersion (string) --
The association version.
Date (datetime) --
The date when the association was made.
LastUpdateAssociationDate (datetime) --
The date when the association was last updated.
Status (dict) --
The association status.
Date (datetime) --
The date when the status changed.
Name (string) --
The status.
Message (string) --
The reason for the status.
AdditionalInfo (string) --
A user-defined string.
Overview (dict) --
Information about the association.
Status (string) --
The status of the association. Status can be: Pending, Success, or Failed.
DetailedStatus (string) --
A detailed status of the association.
AssociationStatusAggregatedCount (dict) --
Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
DocumentVersion (string) --
The document version.
AutomationTargetParameterName (string) --
Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
Parameters (dict) --
A description of the parameters for a document.
AssociationId (string) --
The association ID.
Targets (list) --
The instances targeted by the request.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression (string) --
A cron expression that specifies a schedule when the association runs.
OutputLocation (dict) --
An S3 bucket where you want to store the output details of the request.
S3Location (dict) --
An S3 bucket where you want to store the results of this request.
OutputS3Region (string) --
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
OutputS3BucketName (string) --
The name of the S3 bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
LastExecutionDate (datetime) --
The date on which the association was last run.
LastSuccessfulExecutionDate (datetime) --
The last date on which the association was successfully run.
AssociationName (string) --
The association name.
MaxErrors (string) --
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
MaxConcurrency (string) --
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
ComplianceSeverity (string) --
The severity level that is assigned to the association.
SyncCompliance (string) --
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
ApplyOnlyAtCronInterval (boolean) --
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames (list) --
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
TargetLocations (list) --
The combination of Regions and accounts where you want to run the association.
(dict) --
The combination of Regions and accounts targeted by the current Automation execution.
Accounts (list) --
The accounts targeted by the current Automation execution.
Regions (list) --
The Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency (string) --
The maximum number of Regions and accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors (string) --
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName (string) --
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
Exceptions
Updates one or more values for an SSM document.
See also: AWS API Documentation
Request Syntax
response = client.update_document(
Content='string',
Attachments=[
{
'Key': 'SourceUrl'|'S3FileUrl'|'AttachmentReference',
'Values': [
'string',
],
'Name': 'string'
},
],
Name='string',
DisplayName='string',
VersionName='string',
DocumentVersion='string',
DocumentFormat='YAML'|'JSON'|'TEXT',
TargetType='string'
)
[REQUIRED]
A valid JSON or YAML string.
A list of key-value pairs that describe attachments to a version of a document.
Identifying information about a document attachment, including the file name and a key-value pair that identifies the location of an attachment to a document.
The key of a key-value pair that identifies the location of an attachment to a document.
The value of a key-value pair that identifies the location of an attachment to a document. The format for Value depends on the type of key you specify.
The name of the document attachment file.
[REQUIRED]
The name of the SSM document that you want to update.
dict
Response Syntax
{
'DocumentDescription': {
'Sha1': 'string',
'Hash': 'string',
'HashType': 'Sha256'|'Sha1',
'Name': 'string',
'DisplayName': 'string',
'VersionName': 'string',
'Owner': 'string',
'CreatedDate': datetime(2015, 1, 1),
'Status': 'Creating'|'Active'|'Updating'|'Deleting'|'Failed',
'StatusInformation': 'string',
'DocumentVersion': 'string',
'Description': 'string',
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList',
'Description': 'string',
'DefaultValue': 'string'
},
],
'PlatformTypes': [
'Windows'|'Linux',
],
'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate',
'SchemaVersion': 'string',
'LatestVersion': 'string',
'DefaultVersion': 'string',
'DocumentFormat': 'YAML'|'JSON'|'TEXT',
'TargetType': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'AttachmentsInformation': [
{
'Name': 'string'
},
],
'Requires': [
{
'Name': 'string',
'Version': 'string'
},
],
'Author': 'string',
'ReviewInformation': [
{
'ReviewedTime': datetime(2015, 1, 1),
'Status': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
'Reviewer': 'string'
},
],
'ApprovedVersion': 'string',
'PendingReviewVersion': 'string',
'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED'
}
}
Response Structure
(dict) --
DocumentDescription (dict) --
A description of the document that was updated.
Sha1 (string) --
The SHA1 hash of the document, which you can use for verification.
Hash (string) --
The Sha256 or Sha1 hash created by the system when the document was created.
Note
Sha1 hashes have been deprecated.
HashType (string) --
The hash type of the document. Valid values include Sha256 or Sha1 .
Note
Sha1 hashes have been deprecated.
Name (string) --
The name of the SSM document.
DisplayName (string) --
The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument .
VersionName (string) --
The version of the artifact associated with the document.
Owner (string) --
The Amazon Web Services user account that created the document.
CreatedDate (datetime) --
The date when the document was created.
Status (string) --
The status of the SSM document.
StatusInformation (string) --
A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."
DocumentVersion (string) --
The document version.
Description (string) --
A description of the document.
Parameters (list) --
A description of the parameters for a document.
(dict) --
Parameters specified in a System Manager document that run on the server when the command is run.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. The type can be either String or StringList.
Description (string) --
A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.
DefaultValue (string) --
If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.
PlatformTypes (list) --
The list of OS platforms compatible with this SSM document.
DocumentType (string) --
The type of document.
SchemaVersion (string) --
The schema version.
LatestVersion (string) --
The latest version of the document.
DefaultVersion (string) --
The default version.
DocumentFormat (string) --
The document format, either JSON or YAML.
TargetType (string) --
The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance . For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide .
Tags (list) --
The tags, or metadata, that have been applied to the document.
(dict) --
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
Key (string) --
The name of the tag.
Value (string) --
The value of the tag.
AttachmentsInformation (list) --
Details about the document attachments, including names, locations, sizes, and so on.
(dict) --
An attribute of an attachment, such as the attachment name.
Name (string) --
The name of the attachment.
Requires (list) --
A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.
(dict) --
An SSM document required by the current document.
Name (string) --
The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version (string) --
The document version required by the current document.
Author (string) --
The user in your organization who created the document.
ReviewInformation (list) --
Details about the review of a document.
(dict) --
Information about the result of a document review request.
ReviewedTime (datetime) --
The time that the reviewer took action on the document review request.
Status (string) --
The current status of the document review request.
Reviewer (string) --
The reviewer assigned to take action on the document review request.
ApprovedVersion (string) --
The version of the document currently approved for use in the organization.
PendingReviewVersion (string) --
The version of the document that is currently under review.
ReviewStatus (string) --
The current status of the review.
Exceptions
Set the default version of a document.
See also: AWS API Documentation
Request Syntax
response = client.update_document_default_version(
Name='string',
DocumentVersion='string'
)
[REQUIRED]
The name of a custom document that you want to set as the default version.
[REQUIRED]
The version of a custom document that you want to set as the default version.
dict
Response Syntax
{
'Description': {
'Name': 'string',
'DefaultVersion': 'string',
'DefaultVersionName': 'string'
}
}
Response Structure
(dict) --
Description (dict) --
The description of a custom document that you want to set as the default version.
Name (string) --
The name of the document.
DefaultVersion (string) --
The default version of the document.
DefaultVersionName (string) --
The default version of the artifact associated with the document.
Exceptions
Updates information related to approval reviews for a specific version of a document.
See also: AWS API Documentation
Request Syntax
response = client.update_document_metadata(
Name='string',
DocumentVersion='string',
DocumentReviews={
'Action': 'SendForReview'|'UpdateReview'|'Approve'|'Reject',
'Comment': [
{
'Type': 'Comment',
'Content': 'string'
},
]
}
)
[REQUIRED]
The name of the document for which a version is to be updated.
[REQUIRED]
The document review details to update.
The action to take on a document approval review request.
A comment entered by a user in your organization about the document review request.
Information about comments added to a document review request.
The type of information added to a review request. Currently, only the value Comment is supported.
The content of a comment entered by a user who requests a review of a new document version, or who reviews the new version.
dict
Response Syntax
{}
Response Structure
Exceptions
Updates an existing maintenance window. Only specified parameters are modified.
Note
The value you specify for Duration determines the specific end time for the maintenance window based on the time it begins. No maintenance window tasks are permitted to start after the resulting endtime minus the number of hours you specify for Cutoff . For example, if the maintenance window starts at 3 PM, the duration is three hours, and the value you specify for Cutoff is one hour, no maintenance window tasks can start after 5 PM.
See also: AWS API Documentation
Request Syntax
response = client.update_maintenance_window(
WindowId='string',
Name='string',
Description='string',
StartDate='string',
EndDate='string',
Schedule='string',
ScheduleTimezone='string',
ScheduleOffset=123,
Duration=123,
Cutoff=123,
AllowUnassociatedTargets=True|False,
Enabled=True|False,
Replace=True|False
)
[REQUIRED]
The ID of the maintenance window to update.
The number of days to wait after the date and time specified by a cron expression before running the maintenance window.
For example, the following cron expression schedules a maintenance window to run the third Tuesday of every month at 11:30 PM.
cron(30 23 ? * TUE#3 *)
If the schedule offset is 2 , the maintenance window won't run until two days later.
dict
Response Syntax
{
'WindowId': 'string',
'Name': 'string',
'Description': 'string',
'StartDate': 'string',
'EndDate': 'string',
'Schedule': 'string',
'ScheduleTimezone': 'string',
'ScheduleOffset': 123,
'Duration': 123,
'Cutoff': 123,
'AllowUnassociatedTargets': True|False,
'Enabled': True|False
}
Response Structure
(dict) --
WindowId (string) --
The ID of the created maintenance window.
Name (string) --
The name of the maintenance window.
Description (string) --
An optional description of the update.
StartDate (string) --
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. The maintenance window won't run before this specified time.
EndDate (string) --
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive. The maintenance window won't run after this specified time.
Schedule (string) --
The schedule of the maintenance window in the form of a cron or rate expression.
ScheduleTimezone (string) --
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
ScheduleOffset (integer) --
The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
Duration (integer) --
The duration of the maintenance window in hours.
Cutoff (integer) --
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
AllowUnassociatedTargets (boolean) --
Whether targets must be registered with the maintenance window before tasks can be defined for those targets.
Enabled (boolean) --
Whether the maintenance window is enabled.
Exceptions
Modifies the target of an existing maintenance window. You can change the following:
Note
If a parameter is null, then the corresponding field isn't modified.
See also: AWS API Documentation
Request Syntax
response = client.update_maintenance_window_target(
WindowId='string',
WindowTargetId='string',
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
OwnerInformation='string',
Name='string',
Description='string',
Replace=True|False
)
[REQUIRED]
The maintenance window ID with which to modify the target.
[REQUIRED]
The target ID to modify.
The targets to add or replace.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
dict
Response Syntax
{
'WindowId': 'string',
'WindowTargetId': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'OwnerInformation': 'string',
'Name': 'string',
'Description': 'string'
}
Response Structure
(dict) --
WindowId (string) --
The maintenance window ID specified in the update request.
WindowTargetId (string) --
The target ID specified in the update request.
Targets (list) --
The updated targets.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
OwnerInformation (string) --
The updated owner.
Name (string) --
The updated name.
Description (string) --
The updated description.
Exceptions
Modifies a task assigned to a maintenance window. You can't change the task type, but you can change the following values:
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
If the value for a parameter in UpdateMaintenanceWindowTask is null, then the corresponding field isn't modified. If you set Replace to true, then all fields required by the RegisterTaskWithMaintenanceWindow operation are required for this request. Optional fields that aren't specified are set to null.
Warning
When you update a maintenance window task that has options specified in TaskInvocationParameters , you must provide again all the TaskInvocationParameters values that you want to retain. The values you don't specify again are removed. For example, suppose that when you registered a Run Command task, you specified TaskInvocationParameters values for Comment , NotificationConfig , and OutputS3BucketName . If you update the maintenance window task and specify only a different OutputS3BucketName value, the values for Comment and NotificationConfig are removed.
See also: AWS API Documentation
Request Syntax
response = client.update_maintenance_window_task(
WindowId='string',
WindowTaskId='string',
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
TaskArn='string',
ServiceRoleArn='string',
TaskParameters={
'string': {
'Values': [
'string',
]
}
},
TaskInvocationParameters={
'RunCommand': {
'Comment': 'string',
'CloudWatchOutputConfig': {
'CloudWatchLogGroupName': 'string',
'CloudWatchOutputEnabled': True|False
},
'DocumentHash': 'string',
'DocumentHashType': 'Sha256'|'Sha1',
'DocumentVersion': 'string',
'NotificationConfig': {
'NotificationArn': 'string',
'NotificationEvents': [
'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed',
],
'NotificationType': 'Command'|'Invocation'
},
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string',
'Parameters': {
'string': [
'string',
]
},
'ServiceRoleArn': 'string',
'TimeoutSeconds': 123
},
'Automation': {
'DocumentVersion': 'string',
'Parameters': {
'string': [
'string',
]
}
},
'StepFunctions': {
'Input': 'string',
'Name': 'string'
},
'Lambda': {
'ClientContext': 'string',
'Qualifier': 'string',
'Payload': b'bytes'
}
},
Priority=123,
MaxConcurrency='string',
MaxErrors='string',
LoggingInfo={
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'S3Region': 'string'
},
Name='string',
Description='string',
Replace=True|False
)
[REQUIRED]
The maintenance window ID that contains the task to modify.
[REQUIRED]
The task ID to modify.
The targets (either instances or tags) to modify. Instances are specified using the format Key=instanceids,Values=instanceID_1,instanceID_2 . Tags are specified using the format Key=tag_name,Values=tag_value .
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses your account's service-linked role. If no service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow .
For more information, see the following topics in the in the Amazon Web Services Systems Manager User Guide :
The parameters to modify.
Note
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
The map has the following format:
Key: string, between 1 and 255 characters
Value: an array of strings, each string is between 1 and 255 characters
Defines the values for a task parameter.
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
The parameters that the task should use during execution. Populate only the fields that match the task type. All other fields should be empty.
Warning
When you update a maintenance window task that has options specified in TaskInvocationParameters , you must provide again all the TaskInvocationParameters values that you want to retain. The values you don't specify again are removed. For example, suppose that when you registered a Run Command task, you specified TaskInvocationParameters values for Comment , NotificationConfig , and OutputS3BucketName . If you update the maintenance window task and specify only a different OutputS3BucketName value, the values for Comment and NotificationConfig are removed.
The parameters for a RUN_COMMAND task type.
Information about the commands to run.
Configuration options for sending command output to Amazon CloudWatch Logs.
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
``aws/ssm/SystemsManagerDocumentName ``
Enables Systems Manager to send command output to CloudWatch Logs.
The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
SHA-256 or SHA-1. SHA-1 hashes have been deprecated.
The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify $DEFAULT , $LATEST , or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:
--document-version "\$DEFAULT"--document-version "\$LATEST"
--document-version "3"
Configurations for sending notifications about command status changes on a per-instance basis.
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide .
The type of notification.
The name of the Amazon Simple Storage Service (Amazon S3) bucket.
The S3 bucket subfolder.
The parameters for the RUN_COMMAND task execution.
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
If this time is reached and the command hasn't already started running, it doesn't run.
The parameters for an AUTOMATION task type.
The version of an Automation runbook to use during task execution.
The parameters for the AUTOMATION task.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask .
Note
LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
For AUTOMATION task types, Amazon Web Services Systems Manager ignores any values specified for these parameters.
The parameters for a STEP_FUNCTIONS task type.
The inputs for the STEP_FUNCTIONS task.
The name of the STEP_FUNCTIONS task.
The parameters for a LAMBDA task type.
Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.
(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.
JSON to provide to your Lambda function as input.
The new MaxConcurrency value you want to specify. MaxConcurrency is the number of targets that are allowed to run this task in parallel.
Note
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1 , which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored.
The new MaxErrors value to specify. MaxErrors is the maximum number of errors that are allowed before the task stops being scheduled.
Note
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1 , which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored.
The new logging location in Amazon S3 to specify.
Note
LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
The name of an S3 bucket where execution logs are stored .
(Optional) The S3 bucket subfolder.
The Region where the S3 bucket is located.
dict
Response Syntax
{
'WindowId': 'string',
'WindowTaskId': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TaskArn': 'string',
'ServiceRoleArn': 'string',
'TaskParameters': {
'string': {
'Values': [
'string',
]
}
},
'TaskInvocationParameters': {
'RunCommand': {
'Comment': 'string',
'CloudWatchOutputConfig': {
'CloudWatchLogGroupName': 'string',
'CloudWatchOutputEnabled': True|False
},
'DocumentHash': 'string',
'DocumentHashType': 'Sha256'|'Sha1',
'DocumentVersion': 'string',
'NotificationConfig': {
'NotificationArn': 'string',
'NotificationEvents': [
'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed',
],
'NotificationType': 'Command'|'Invocation'
},
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string',
'Parameters': {
'string': [
'string',
]
},
'ServiceRoleArn': 'string',
'TimeoutSeconds': 123
},
'Automation': {
'DocumentVersion': 'string',
'Parameters': {
'string': [
'string',
]
}
},
'StepFunctions': {
'Input': 'string',
'Name': 'string'
},
'Lambda': {
'ClientContext': 'string',
'Qualifier': 'string',
'Payload': b'bytes'
}
},
'Priority': 123,
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'LoggingInfo': {
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'S3Region': 'string'
},
'Name': 'string',
'Description': 'string'
}
Response Structure
(dict) --
WindowId (string) --
The ID of the maintenance window that was updated.
WindowTaskId (string) --
The task ID of the maintenance window that was updated.
Targets (list) --
The updated target values.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TaskArn (string) --
The updated task ARN value.
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TaskParameters (dict) --
The updated parameter values.
Note
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
(string) --
(dict) --
Defines the values for a task parameter.
Values (list) --
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
TaskInvocationParameters (dict) --
The updated parameter values.
RunCommand (dict) --
The parameters for a RUN_COMMAND task type.
Comment (string) --
Information about the commands to run.
CloudWatchOutputConfig (dict) --
Configuration options for sending command output to Amazon CloudWatch Logs.
CloudWatchLogGroupName (string) --
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
``aws/ssm/SystemsManagerDocumentName ``
CloudWatchOutputEnabled (boolean) --
Enables Systems Manager to send command output to CloudWatch Logs.
DocumentHash (string) --
The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
DocumentHashType (string) --
SHA-256 or SHA-1. SHA-1 hashes have been deprecated.
DocumentVersion (string) --
The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify $DEFAULT , $LATEST , or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:
--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
NotificationConfig (dict) --
Configurations for sending notifications about command status changes on a per-instance basis.
NotificationArn (string) --
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents (list) --
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide .
NotificationType (string) --
The type of notification.
OutputS3BucketName (string) --
The name of the Amazon Simple Storage Service (Amazon S3) bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
Parameters (dict) --
The parameters for the RUN_COMMAND task execution.
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TimeoutSeconds (integer) --
If this time is reached and the command hasn't already started running, it doesn't run.
Automation (dict) --
The parameters for an AUTOMATION task type.
DocumentVersion (string) --
The version of an Automation runbook to use during task execution.
Parameters (dict) --
The parameters for the AUTOMATION task.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask .
Note
LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
For AUTOMATION task types, Amazon Web Services Systems Manager ignores any values specified for these parameters.
StepFunctions (dict) --
The parameters for a STEP_FUNCTIONS task type.
Input (string) --
The inputs for the STEP_FUNCTIONS task.
Name (string) --
The name of the STEP_FUNCTIONS task.
Lambda (dict) --
The parameters for a LAMBDA task type.
ClientContext (string) --
Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.
Qualifier (string) --
(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.
Payload (bytes) --
JSON to provide to your Lambda function as input.
Priority (integer) --
The updated priority value.
MaxConcurrency (string) --
The updated MaxConcurrency value.
MaxErrors (string) --
The updated MaxErrors value.
LoggingInfo (dict) --
The updated logging information in Amazon S3.
Note
LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
S3BucketName (string) --
The name of an S3 bucket where execution logs are stored .
S3KeyPrefix (string) --
(Optional) The S3 bucket subfolder.
S3Region (string) --
The Region where the S3 bucket is located.
Name (string) --
The updated task name.
Description (string) --
The updated task description.
Exceptions
Changes the Identity and Access Management (IAM) role that is assigned to the on-premises instance or virtual machines (VM). IAM roles are first assigned to these hybrid instances during the activation process. For more information, see CreateActivation .
See also: AWS API Documentation
Request Syntax
response = client.update_managed_instance_role(
InstanceId='string',
IamRole='string'
)
[REQUIRED]
The ID of the managed instance where you want to update the role.
[REQUIRED]
The IAM role you want to assign or change.
dict
Response Syntax
{}
Response Structure
Exceptions
Edit or change an OpsItem. You must have permission in Identity and Access Management (IAM) to update an OpsItem. For more information, see Getting started with OpsCenter in the Amazon Web Services Systems Manager User Guide .
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see OpsCenter in the Amazon Web Services Systems Manager User Guide .
See also: AWS API Documentation
Request Syntax
response = client.update_ops_item(
Description='string',
OperationalData={
'string': {
'Value': 'string',
'Type': 'SearchableString'|'String'
}
},
OperationalDataToDelete=[
'string',
],
Notifications=[
{
'Arn': 'string'
},
],
Priority=123,
RelatedOpsItems=[
{
'OpsItemId': 'string'
},
],
Status='Open'|'InProgress'|'Resolved'|'Pending'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'CompletedWithSuccess'|'CompletedWithFailure'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'PendingApproval'|'Approved'|'Rejected'|'Closed',
OpsItemId='string',
Title='string',
Category='string',
Severity='string',
ActualStartTime=datetime(2015, 1, 1),
ActualEndTime=datetime(2015, 1, 1),
PlannedStartTime=datetime(2015, 1, 1),
PlannedEndTime=datetime(2015, 1, 1)
)
Add new keys or edit existing key-value pairs of the OperationalData map in the OpsItem object.
Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.
Warning
Operational data keys can't begin with the following: amazon , aws , amzn , ssm , /amazon , /aws , /amzn , /ssm .
You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).
Use the /aws/resources key in OperationalData to specify a related resource in the request. Use the /aws/automations key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Creating OpsItems manually in the Amazon Web Services Systems Manager User Guide .
An object that defines the value of the key and its type in the OperationalData map.
The value of the OperationalData key.
The type of key-value pair. Valid types include SearchableString and String .
Keys that you want to remove from the OperationalData map.
The Amazon Resource Name (ARN) of an SNS topic where notifications are sent when this OpsItem is edited or changed.
A notification about the OpsItem.
The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.
One or more OpsItems that share something in common with the current OpsItems. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
An OpsItems that shares something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
The ID of an OpsItem related to the current OpsItem.
[REQUIRED]
The ID of the OpsItem.
dict
Response Syntax
{}
Response Structure
Exceptions
Amazon Web Services Systems Manager calls this API operation when you edit OpsMetadata in Application Manager.
See also: AWS API Documentation
Request Syntax
response = client.update_ops_metadata(
OpsMetadataArn='string',
MetadataToUpdate={
'string': {
'Value': 'string'
}
},
KeysToDelete=[
'string',
]
)
[REQUIRED]
The Amazon Resoure Name (ARN) of the OpsMetadata Object to update.
Metadata to add to an OpsMetadata object.
Metadata to assign to an Application Manager application.
Metadata value to assign to an Application Manager application.
The metadata keys to delete from the OpsMetadata object.
dict
Response Syntax
{
'OpsMetadataArn': 'string'
}
Response Structure
(dict) --
OpsMetadataArn (string) --
The Amazon Resource Name (ARN) of the OpsMetadata Object that was updated.
Exceptions
Modifies an existing patch baseline. Fields not specified in the request are left unchanged.
Note
For information about valid key-value pairs in PatchFilters for each supported operating system type, see PatchFilter .
See also: AWS API Documentation
Request Syntax
response = client.update_patch_baseline(
BaselineId='string',
Name='string',
GlobalFilters={
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
ApprovalRules={
'PatchRules': [
{
'PatchFilterGroup': {
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApproveAfterDays': 123,
'ApproveUntilDate': 'string',
'EnableNonSecurity': True|False
},
]
},
ApprovedPatches=[
'string',
],
ApprovedPatchesComplianceLevel='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
ApprovedPatchesEnableNonSecurity=True|False,
RejectedPatches=[
'string',
],
RejectedPatchesAction='ALLOW_AS_DEPENDENCY'|'BLOCK',
Description='string',
Sources=[
{
'Name': 'string',
'Products': [
'string',
],
'Configuration': 'string'
},
],
Replace=True|False
)
[REQUIRED]
The ID of the patch baseline to update.
A set of global filters used to include patches in the baseline.
The set of patch filters that make up the group.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
A set of rules used to include patches in the baseline.
The rules that make up the rule group.
Defines an approval rule for a patch baseline.
The patch filter group that defines the criteria for the rule.
The set of patch filters that make up the group.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
A compliance severity level for all approved patches in a patch baseline.
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu Server.
The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
Enter dates in the format YYYY-MM-DD . For example, 2021-12-31 .
For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux instances only.
A list of explicitly approved patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide .
A list of explicitly rejected patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide .
The action for Patch Manager to take on patches included in the RejectedPackages list.
Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
The name specified to identify the patch source.
The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter .
The value of the yum repo configuration. For example:
[main]name=MyCustomRepository
baseurl=https://my-custom-repository
enabled=1
Note
For information about other options available for your yum repository configuration, see dnf.conf(5) .
dict
Response Syntax
{
'BaselineId': 'string',
'Name': 'string',
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
'GlobalFilters': {
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
'ApprovalRules': {
'PatchRules': [
{
'PatchFilterGroup': {
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApproveAfterDays': 123,
'ApproveUntilDate': 'string',
'EnableNonSecurity': True|False
},
]
},
'ApprovedPatches': [
'string',
],
'ApprovedPatchesComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApprovedPatchesEnableNonSecurity': True|False,
'RejectedPatches': [
'string',
],
'RejectedPatchesAction': 'ALLOW_AS_DEPENDENCY'|'BLOCK',
'CreatedDate': datetime(2015, 1, 1),
'ModifiedDate': datetime(2015, 1, 1),
'Description': 'string',
'Sources': [
{
'Name': 'string',
'Products': [
'string',
],
'Configuration': 'string'
},
]
}
Response Structure
(dict) --
BaselineId (string) --
The ID of the deleted patch baseline.
Name (string) --
The name of the patch baseline.
OperatingSystem (string) --
The operating system rule used by the updated patch baseline.
GlobalFilters (dict) --
A set of global filters used to exclude patches from the baseline.
PatchFilters (list) --
The set of patch filters that make up the group.
(dict) --
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
Key (string) --
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
Values (list) --
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
ApprovalRules (dict) --
A set of rules used to include patches in the baseline.
PatchRules (list) --
The rules that make up the rule group.
(dict) --
Defines an approval rule for a patch baseline.
PatchFilterGroup (dict) --
The patch filter group that defines the criteria for the rule.
PatchFilters (list) --
The set of patch filters that make up the group.
(dict) --
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
Key (string) --
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
Values (list) --
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
ComplianceLevel (string) --
A compliance severity level for all approved patches in a patch baseline.
ApproveAfterDays (integer) --
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu Server.
ApproveUntilDate (string) --
The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
Enter dates in the format YYYY-MM-DD . For example, 2021-12-31 .
EnableNonSecurity (boolean) --
For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux instances only.
ApprovedPatches (list) --
A list of explicitly approved patches for the baseline.
ApprovedPatchesComplianceLevel (string) --
The compliance severity level assigned to the patch baseline after the update completed.
ApprovedPatchesEnableNonSecurity (boolean) --
Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is false . Applies to Linux instances only.
RejectedPatches (list) --
A list of explicitly rejected patches for the baseline.
RejectedPatchesAction (string) --
The action specified to take on patches included in the RejectedPatches list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency.
CreatedDate (datetime) --
The date when the patch baseline was created.
ModifiedDate (datetime) --
The date when the patch baseline was last modified.
Description (string) --
A description of the patch baseline.
Sources (list) --
Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
(dict) --
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
Name (string) --
The name specified to identify the patch source.
Products (list) --
The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter .
Configuration (string) --
The value of the yum repo configuration. For example:
[main]
name=MyCustomRepository
baseurl=https://my-custom-repository
enabled=1
Note
For information about other options available for your yum repository configuration, see dnf.conf(5) .
Exceptions
Update a resource data sync. After you create a resource data sync for a Region, you can't change the account options for that sync. For example, if you create a sync in the us-east-2 (Ohio) Region and you choose the Include only the current account option, you can't edit that sync later and choose the Include all accounts from my Organizations configuration option. Instead, you must delete the first resource data sync, and create a new one.
Note
This API operation only supports a resource data sync that was created with a SyncFromSource SyncType .
See also: AWS API Documentation
Request Syntax
response = client.update_resource_data_sync(
SyncName='string',
SyncType='string',
SyncSource={
'SourceType': 'string',
'AwsOrganizationsSource': {
'OrganizationSourceType': 'string',
'OrganizationalUnits': [
{
'OrganizationalUnitId': 'string'
},
]
},
'SourceRegions': [
'string',
],
'IncludeFutureRegions': True|False,
'EnableAllOpsDataSources': True|False
}
)
[REQUIRED]
The name of the resource data sync you want to update.
[REQUIRED]
The type of resource data sync. The supported SyncType is SyncFromSource.
[REQUIRED]
Specify information about the data sources to synchronize.
The type of data source for the resource data sync. SourceType is either AwsOrganizations (if an organization is present in Organizations) or SingleAccountMultiRegions .
Information about the AwsOrganizationsSource resource data sync source. A sync source of this type can synchronize data from Organizations.
If an Amazon Web Services organization is present, this is either OrganizationalUnits or EntireOrganization . For OrganizationalUnits , the data is aggregated from a set of organization units. For EntireOrganization , the data is aggregated from the entire Amazon Web Services organization.
The Organizations organization units included in the sync.
The Organizations organizational unit data source for the sync.
The Organizations unit ID data source for the sync.
The SyncSource Regions included in the resource data sync.
Whether to automatically synchronize and aggregate data from new Regions when those Regions come online.
When you create a resource data sync, if you choose one of the Organizations options, then Systems Manager automatically enables all OpsData sources in the selected Regions for all accounts in your organization (or in the selected organization units). For more information, see About multiple account and Region resource data syncs in the Amazon Web Services Systems Manager User Guide .
dict
Response Syntax
{}
Response Structure
Exceptions
ServiceSetting is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.
Services map a SettingId object to a setting value. Amazon Web Services services teams define the default value for a SettingId . You can't create a new SettingId , but you can overwrite the default value if you have the ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting API operation to view the current value. Or, use the ResetServiceSetting to change the value back to the original value defined by the Amazon Web Services service team.
Update the service setting for the account.
See also: AWS API Documentation
Request Syntax
response = client.update_service_setting(
SettingId='string',
SettingValue='string'
)
[REQUIRED]
The Amazon Resource Name (ARN) of the service setting to reset. For example, arn:aws:ssm:us-east-1:111122223333:servicesetting/ssm/parameter-store/high-throughput-enabled . The setting ID can be one of the following.
[REQUIRED]
The new value to specify for the service setting. For the /ssm/parameter-store/default-parameter-tier setting ID, the setting value can be one of the following.
For the /ssm/parameter-store/high-throughput-enabled , and /ssm/managed-instance/activation-tier setting IDs, the setting value can be true or false.
For the /ssm/automation/customer-script-log-destination setting ID, the setting value can be CloudWatch .
For the /ssm/automation/customer-script-log-group-name setting ID, the setting value can be the name of an Amazon CloudWatch Logs log group.
For the /ssm/documents/console/public-sharing-permission setting ID, the setting value can be Enable or Disable .
dict
Response Syntax
{}
Response Structure
(dict) --
The result body of the UpdateServiceSetting API operation.
Exceptions
The available paginators are:
paginator = client.get_paginator('describe_activations')
Creates an iterator that will paginate through responses from SSM.Client.describe_activations().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Filters=[
{
'FilterKey': 'ActivationIds'|'DefaultInstanceName'|'IamRole',
'FilterValues': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A filter to view information about your activations.
Filter for the DescribeActivation API.
The name of the filter.
The filter values.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'ActivationList': [
{
'ActivationId': 'string',
'Description': 'string',
'DefaultInstanceName': 'string',
'IamRole': 'string',
'RegistrationLimit': 123,
'RegistrationsCount': 123,
'ExpirationDate': datetime(2015, 1, 1),
'Expired': True|False,
'CreatedDate': datetime(2015, 1, 1),
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
}
Response Structure
(dict) --
ActivationList (list) --
A list of activations for your account.
(dict) --
An activation registers one or more on-premises servers or virtual machines (VMs) with Amazon Web Services so that you can configure those servers or VMs using Run Command. A server or VM that has been registered with Amazon Web Services Systems Manager is called a managed instance.
ActivationId (string) --
The ID created by Systems Manager when you submitted the activation.
Description (string) --
A user defined description of the activation.
DefaultInstanceName (string) --
A name for the managed instance when it is created.
IamRole (string) --
The Identity and Access Management (IAM) role to assign to the managed instance.
RegistrationLimit (integer) --
The maximum number of managed instances that can be registered using this activation.
RegistrationsCount (integer) --
The number of managed instances already registered with this activation.
ExpirationDate (datetime) --
The date when this activation can no longer be used to register managed instances.
Expired (boolean) --
Whether or not the activation is expired.
CreatedDate (datetime) --
The date the activation was created.
Tags (list) --
Tags assigned to the activation.
(dict) --
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
Key (string) --
The name of the tag.
Value (string) --
The value of the tag.
paginator = client.get_paginator('describe_association_execution_targets')
Creates an iterator that will paginate through responses from SSM.Client.describe_association_execution_targets().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
AssociationId='string',
ExecutionId='string',
Filters=[
{
'Key': 'Status'|'ResourceId'|'ResourceType',
'Value': 'string'
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The association ID that includes the execution for which you want to view details.
[REQUIRED]
The execution ID for which you want to view details.
Filters for the request. You can specify the following filters and values.
Status (EQUAL)
ResourceId (EQUAL)
ResourceType (EQUAL)
Filters for the association execution.
The key value used in the request.
The value specified for the key.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'AssociationExecutionTargets': [
{
'AssociationId': 'string',
'AssociationVersion': 'string',
'ExecutionId': 'string',
'ResourceId': 'string',
'ResourceType': 'string',
'Status': 'string',
'DetailedStatus': 'string',
'LastExecutionDate': datetime(2015, 1, 1),
'OutputSource': {
'OutputSourceId': 'string',
'OutputSourceType': 'string'
}
},
],
}
Response Structure
(dict) --
AssociationExecutionTargets (list) --
Information about the execution.
(dict) --
Includes information about the specified association execution.
AssociationId (string) --
The association ID.
AssociationVersion (string) --
The association version.
ExecutionId (string) --
The execution ID.
ResourceId (string) --
The resource ID, for example, the instance ID where the association ran.
ResourceType (string) --
The resource type, for example, instance.
Status (string) --
The association execution status.
DetailedStatus (string) --
Detailed information about the execution status.
LastExecutionDate (datetime) --
The date of the last execution.
OutputSource (dict) --
The location where the association details are saved.
OutputSourceId (string) --
The ID of the output source, for example the URL of an S3 bucket.
OutputSourceType (string) --
The type of source where the association execution details are stored, for example, Amazon S3.
paginator = client.get_paginator('describe_association_executions')
Creates an iterator that will paginate through responses from SSM.Client.describe_association_executions().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
AssociationId='string',
Filters=[
{
'Key': 'ExecutionId'|'Status'|'CreatedTime',
'Value': 'string',
'Type': 'EQUAL'|'LESS_THAN'|'GREATER_THAN'
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The association ID for which you want to view execution history details.
Filters for the request. You can specify the following filters and values.
ExecutionId (EQUAL)
Status (EQUAL)
CreatedTime (EQUAL, GREATER_THAN, LESS_THAN)
Filters used in the request.
The key value used in the request.
The value specified for the key.
The filter type specified in the request.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'AssociationExecutions': [
{
'AssociationId': 'string',
'AssociationVersion': 'string',
'ExecutionId': 'string',
'Status': 'string',
'DetailedStatus': 'string',
'CreatedTime': datetime(2015, 1, 1),
'LastExecutionDate': datetime(2015, 1, 1),
'ResourceCountByStatus': 'string'
},
],
}
Response Structure
(dict) --
AssociationExecutions (list) --
A list of the executions for the specified association ID.
(dict) --
Includes information about the specified association.
AssociationId (string) --
The association ID.
AssociationVersion (string) --
The association version.
ExecutionId (string) --
The execution ID for the association.
Status (string) --
The status of the association execution.
DetailedStatus (string) --
Detailed status information about the execution.
CreatedTime (datetime) --
The time the execution started.
LastExecutionDate (datetime) --
The date of the last execution.
ResourceCountByStatus (string) --
An aggregate status of the resources in the execution based on the status type.
paginator = client.get_paginator('describe_automation_executions')
Creates an iterator that will paginate through responses from SSM.Client.describe_automation_executions().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Filters=[
{
'Key': 'DocumentNamePrefix'|'ExecutionStatus'|'ExecutionId'|'ParentExecutionId'|'CurrentAction'|'StartTimeBefore'|'StartTimeAfter'|'AutomationType'|'TagKey'|'TargetResourceGroup'|'AutomationSubtype'|'OpsItemId',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Filters used to limit the scope of executions that are requested.
A filter used to match specific automation executions. This is used to limit the scope of Automation execution information returned.
One or more keys to limit the results.
The values used to limit the execution information associated with the filter's key.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'AutomationExecutionMetadataList': [
{
'AutomationExecutionId': 'string',
'DocumentName': 'string',
'DocumentVersion': 'string',
'AutomationExecutionStatus': 'Pending'|'InProgress'|'Waiting'|'Success'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'PendingApproval'|'Approved'|'Rejected'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'CompletedWithSuccess'|'CompletedWithFailure',
'ExecutionStartTime': datetime(2015, 1, 1),
'ExecutionEndTime': datetime(2015, 1, 1),
'ExecutedBy': 'string',
'LogFile': 'string',
'Outputs': {
'string': [
'string',
]
},
'Mode': 'Auto'|'Interactive',
'ParentAutomationExecutionId': 'string',
'CurrentStepName': 'string',
'CurrentAction': 'string',
'FailureMessage': 'string',
'TargetParameterName': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TargetMaps': [
{
'string': [
'string',
]
},
],
'ResolvedTargets': {
'ParameterValues': [
'string',
],
'Truncated': True|False
},
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'Target': 'string',
'AutomationType': 'CrossAccount'|'Local',
'AutomationSubtype': 'ChangeRequest',
'ScheduledTime': datetime(2015, 1, 1),
'Runbooks': [
{
'DocumentName': 'string',
'DocumentVersion': 'string',
'Parameters': {
'string': [
'string',
]
},
'TargetParameterName': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
},
],
'OpsItemId': 'string',
'AssociationId': 'string',
'ChangeRequestName': 'string'
},
],
}
Response Structure
(dict) --
AutomationExecutionMetadataList (list) --
The list of details about each automation execution which has occurred which matches the filter specification, if any.
(dict) --
Details about a specific Automation execution.
AutomationExecutionId (string) --
The execution ID.
DocumentName (string) --
The name of the Automation runbook used during execution.
DocumentVersion (string) --
The document version used during the execution.
AutomationExecutionStatus (string) --
The status of the execution.
ExecutionStartTime (datetime) --
The time the execution started.
ExecutionEndTime (datetime) --
The time the execution finished. This isn't populated if the execution is still in progress.
ExecutedBy (string) --
The IAM role ARN of the user who ran the automation.
LogFile (string) --
An S3 bucket where execution information is stored.
Outputs (dict) --
The list of execution outputs as defined in the Automation runbook.
Mode (string) --
The Automation execution mode.
ParentAutomationExecutionId (string) --
The execution ID of the parent automation.
CurrentStepName (string) --
The name of the step that is currently running.
CurrentAction (string) --
The action of the step that is currently running.
FailureMessage (string) --
The list of execution outputs as defined in the Automation runbook.
TargetParameterName (string) --
The list of execution outputs as defined in the Automation runbook.
Targets (list) --
The targets defined by the user when starting the automation.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TargetMaps (list) --
The specified key-value mapping of document parameters to target resources.
ResolvedTargets (dict) --
A list of targets that resolved during the execution.
ParameterValues (list) --
A list of parameter values sent to targets that resolved during the Automation execution.
Truncated (boolean) --
A boolean value indicating whether the resolved target list is truncated.
MaxConcurrency (string) --
The MaxConcurrency value specified by the user when starting the automation.
MaxErrors (string) --
The MaxErrors value specified by the user when starting the automation.
Target (string) --
The list of execution outputs as defined in the Automation runbook.
AutomationType (string) --
Use this filter with DescribeAutomationExecutions . Specify either Local or CrossAccount. CrossAccount is an Automation that runs in multiple Regions and accounts. For more information, see Running Automation workflows in multiple Regions and accounts in the Amazon Web Services Systems Manager User Guide .
AutomationSubtype (string) --
The subtype of the Automation operation. Currently, the only supported value is ChangeRequest .
ScheduledTime (datetime) --
The date and time the Automation operation is scheduled to start.
Runbooks (list) --
Information about the Automation runbooks that are run during a runbook workflow in Change Manager.
Note
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
(dict) --
Information about an Automation runbook used in a runbook workflow in Change Manager.
Note
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
DocumentName (string) --
The name of the Automation runbook used in a runbook workflow.
DocumentVersion (string) --
The version of the Automation runbook used in a runbook workflow.
Parameters (dict) --
The key-value map of execution parameters, which were supplied when calling StartChangeRequestExecution .
TargetParameterName (string) --
The name of the parameter used as the target resource for the rate-controlled runbook workflow. Required if you specify Targets .
Targets (list) --
A key-value mapping to target resources that the runbook operation performs tasks on. Required if you specify TargetParameterName .
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
MaxConcurrency (string) --
The MaxConcurrency value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time.
MaxErrors (string) --
The MaxErrors value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back.
TargetLocations (list) --
Information about the Regions and accounts targeted by the current Runbook operation.
(dict) --
The combination of Regions and accounts targeted by the current Automation execution.
Accounts (list) --
The accounts targeted by the current Automation execution.
Regions (list) --
The Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency (string) --
The maximum number of Regions and accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors (string) --
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName (string) --
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
OpsItemId (string) --
The ID of an OpsItem that is created to represent a Change Manager change request.
AssociationId (string) --
The ID of a State Manager association used in the Automation operation.
ChangeRequestName (string) --
The name of the Change Manager change request.
paginator = client.get_paginator('describe_automation_step_executions')
Creates an iterator that will paginate through responses from SSM.Client.describe_automation_step_executions().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
AutomationExecutionId='string',
Filters=[
{
'Key': 'StartTimeBefore'|'StartTimeAfter'|'StepExecutionStatus'|'StepExecutionId'|'StepName'|'Action',
'Values': [
'string',
]
},
],
ReverseOrder=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The Automation execution ID for which you want step execution descriptions.
One or more filters to limit the number of step executions returned by the request.
A filter to limit the amount of step execution information returned by the call.
One or more keys to limit the results. Valid filter keys include the following: StepName, Action, StepExecutionId, StepExecutionStatus, StartTimeBefore, StartTimeAfter.
The values of the filter key.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'StepExecutions': [
{
'StepName': 'string',
'Action': 'string',
'TimeoutSeconds': 123,
'OnFailure': 'string',
'MaxAttempts': 123,
'ExecutionStartTime': datetime(2015, 1, 1),
'ExecutionEndTime': datetime(2015, 1, 1),
'StepStatus': 'Pending'|'InProgress'|'Waiting'|'Success'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'PendingApproval'|'Approved'|'Rejected'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'CompletedWithSuccess'|'CompletedWithFailure',
'ResponseCode': 'string',
'Inputs': {
'string': 'string'
},
'Outputs': {
'string': [
'string',
]
},
'Response': 'string',
'FailureMessage': 'string',
'FailureDetails': {
'FailureStage': 'string',
'FailureType': 'string',
'Details': {
'string': [
'string',
]
}
},
'StepExecutionId': 'string',
'OverriddenParameters': {
'string': [
'string',
]
},
'IsEnd': True|False,
'NextStep': 'string',
'IsCritical': True|False,
'ValidNextSteps': [
'string',
],
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TargetLocation': {
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
}
},
],
}
Response Structure
(dict) --
StepExecutions (list) --
A list of details about the current state of all steps that make up an execution.
(dict) --
Detailed information about an the execution state of an Automation step.
StepName (string) --
The name of this execution step.
Action (string) --
The action this step performs. The action determines the behavior of the step.
TimeoutSeconds (integer) --
The timeout seconds of the step.
OnFailure (string) --
The action to take if the step fails. The default value is Abort .
MaxAttempts (integer) --
The maximum number of tries to run the action of the step. The default value is 1 .
ExecutionStartTime (datetime) --
If a step has begun execution, this contains the time the step started. If the step is in Pending status, this field isn't populated.
ExecutionEndTime (datetime) --
If a step has finished execution, this contains the time the execution ended. If the step hasn't yet concluded, this field isn't populated.
StepStatus (string) --
The execution status for this step.
ResponseCode (string) --
The response code returned by the execution of the step.
Inputs (dict) --
Fully-resolved values passed into the step before execution.
Outputs (dict) --
Returned values from the execution of the step.
Response (string) --
A message associated with the response code for an execution.
FailureMessage (string) --
If a step failed, this message explains why the execution failed.
FailureDetails (dict) --
Information about the Automation failure.
FailureStage (string) --
The stage of the Automation execution when the failure occurred. The stages include the following: InputValidation, PreVerification, Invocation, PostVerification.
FailureType (string) --
The type of Automation failure. Failure types include the following: Action, Permission, Throttling, Verification, Internal.
Details (dict) --
Detailed information about the Automation step failure.
StepExecutionId (string) --
The unique ID of a step execution.
OverriddenParameters (dict) --
A user-specified list of parameters to override when running a step.
IsEnd (boolean) --
The flag which can be used to end automation no matter whether the step succeeds or fails.
NextStep (string) --
The next step after the step succeeds.
IsCritical (boolean) --
The flag which can be used to help decide whether the failure of current step leads to the Automation failure.
ValidNextSteps (list) --
Strategies used when step fails, we support Continue and Abort. Abort will fail the automation when the step fails. Continue will ignore the failure of current step and allow automation to run the next step. With conditional branching, we add step:stepName to support the automation to go to another specific step.
Targets (list) --
The targets for the step execution.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TargetLocation (dict) --
The combination of Regions and accounts targeted by the current Automation execution.
Accounts (list) --
The accounts targeted by the current Automation execution.
Regions (list) --
The Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency (string) --
The maximum number of Regions and accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors (string) --
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName (string) --
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
paginator = client.get_paginator('describe_available_patches')
Creates an iterator that will paginate through responses from SSM.Client.describe_available_patches().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Each element in the array is a structure containing a key-value pair.
Windows Server
Supported keys for Windows Server instance patches include the following:
Linux
Warning
When specifying filters for Linux patches, you must specify a key-pair for PRODUCT . For example, using the Command Line Interface (CLI), the following command fails:
aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615
However, the following command succeeds:
aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615
Supported keys for Linux instance patches include the following:
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Patches': [
{
'Id': 'string',
'ReleaseDate': datetime(2015, 1, 1),
'Title': 'string',
'Description': 'string',
'ContentUrl': 'string',
'Vendor': 'string',
'ProductFamily': 'string',
'Product': 'string',
'Classification': 'string',
'MsrcSeverity': 'string',
'KbNumber': 'string',
'MsrcNumber': 'string',
'Language': 'string',
'AdvisoryIds': [
'string',
],
'BugzillaIds': [
'string',
],
'CVEIds': [
'string',
],
'Name': 'string',
'Epoch': 123,
'Version': 'string',
'Release': 'string',
'Arch': 'string',
'Severity': 'string',
'Repository': 'string'
},
],
}
Response Structure
(dict) --
Patches (list) --
An array of patches. Each entry in the array is a patch structure.
(dict) --
Represents metadata about a patch.
Id (string) --
The ID of the patch. Applies to Windows patches only.
Note
This ID isn't the same as the Microsoft Knowledge Base ID.
ReleaseDate (datetime) --
The date the patch was released.
Title (string) --
The title of the patch.
Description (string) --
The description of the patch.
ContentUrl (string) --
The URL where more information can be obtained about the patch.
Vendor (string) --
The name of the vendor providing the patch.
ProductFamily (string) --
The product family the patch is applicable for. For example, Windows or Amazon Linux 2 .
Product (string) --
The specific product the patch is applicable for. For example, WindowsServer2016 or AmazonLinux2018.03 .
Classification (string) --
The classification of the patch. For example, SecurityUpdates , Updates , or CriticalUpdates .
MsrcSeverity (string) --
The severity of the patch, such as Critical , Important , or Moderate . Applies to Windows patches only.
KbNumber (string) --
The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.
MsrcNumber (string) --
The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example, MS14-045 . Applies to Windows patches only.
Language (string) --
The language of the patch if it's language-specific.
AdvisoryIds (list) --
The Advisory ID of the patch. For example, RHSA-2020:3779 . Applies to Linux-based instances only.
BugzillaIds (list) --
The Bugzilla ID of the patch. For example, 1600646 . Applies to Linux-based instances only.
CVEIds (list) --
The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example, CVE-2011-3192 . Applies to Linux-based instances only.
Name (string) --
The name of the patch. Applies to Linux-based instances only.
Epoch (integer) --
The epoch of the patch. For example in pkg-example-EE-20180914-2.2.amzn1.noarch , the epoch value is 20180914-2 . Applies to Linux-based instances only.
Version (string) --
The version number of the patch. For example, in example-pkg-1.710.10-2.7.abcd.x86_64 , the version number is indicated by -1 . Applies to Linux-based instances only.
Release (string) --
The particular release of a patch. For example, in pkg-example-EE-20180914-2.2.amzn1.noarch , the release is 2.amaz1 . Applies to Linux-based instances only.
Arch (string) --
The architecture of the patch. For example, in example-pkg-0.710.10-2.7.abcd.x86_64 , the architecture is indicated by x86_64 . Applies to Linux-based instances only.
Severity (string) --
The severity level of the patch. For example, CRITICAL or MODERATE .
Repository (string) --
The source patch repository for the operating system and version, such as trusty-security for Ubuntu Server 14.04 LTE and focal-security for Ubuntu Server 20.04 LTE. Applies to Linux-based instances only.
paginator = client.get_paginator('describe_effective_instance_associations')
Creates an iterator that will paginate through responses from SSM.Client.describe_effective_instance_associations().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
InstanceId='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The instance ID for which you want to view all associations.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Associations': [
{
'AssociationId': 'string',
'InstanceId': 'string',
'Content': 'string',
'AssociationVersion': 'string'
},
],
}
Response Structure
(dict) --
Associations (list) --
The associations for the requested instance.
(dict) --
One or more association documents on the instance.
AssociationId (string) --
The association ID.
InstanceId (string) --
The instance ID.
Content (string) --
The content of the association document for the instance(s).
AssociationVersion (string) --
Version information for the association on the instance.
paginator = client.get_paginator('describe_effective_patches_for_patch_baseline')
Creates an iterator that will paginate through responses from SSM.Client.describe_effective_patches_for_patch_baseline().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
BaselineId='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ID of the patch baseline to retrieve the effective patches for.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'EffectivePatches': [
{
'Patch': {
'Id': 'string',
'ReleaseDate': datetime(2015, 1, 1),
'Title': 'string',
'Description': 'string',
'ContentUrl': 'string',
'Vendor': 'string',
'ProductFamily': 'string',
'Product': 'string',
'Classification': 'string',
'MsrcSeverity': 'string',
'KbNumber': 'string',
'MsrcNumber': 'string',
'Language': 'string',
'AdvisoryIds': [
'string',
],
'BugzillaIds': [
'string',
],
'CVEIds': [
'string',
],
'Name': 'string',
'Epoch': 123,
'Version': 'string',
'Release': 'string',
'Arch': 'string',
'Severity': 'string',
'Repository': 'string'
},
'PatchStatus': {
'DeploymentStatus': 'APPROVED'|'PENDING_APPROVAL'|'EXPLICIT_APPROVED'|'EXPLICIT_REJECTED',
'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApprovalDate': datetime(2015, 1, 1)
}
},
],
}
Response Structure
(dict) --
EffectivePatches (list) --
An array of patches and patch status.
(dict) --
The EffectivePatch structure defines metadata about a patch along with the approval state of the patch in a particular patch baseline. The approval state includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.
Patch (dict) --
Provides metadata for a patch, including information such as the KB ID, severity, classification and a URL for where more information can be obtained about the patch.
Id (string) --
The ID of the patch. Applies to Windows patches only.
Note
This ID isn't the same as the Microsoft Knowledge Base ID.
ReleaseDate (datetime) --
The date the patch was released.
Title (string) --
The title of the patch.
Description (string) --
The description of the patch.
ContentUrl (string) --
The URL where more information can be obtained about the patch.
Vendor (string) --
The name of the vendor providing the patch.
ProductFamily (string) --
The product family the patch is applicable for. For example, Windows or Amazon Linux 2 .
Product (string) --
The specific product the patch is applicable for. For example, WindowsServer2016 or AmazonLinux2018.03 .
Classification (string) --
The classification of the patch. For example, SecurityUpdates , Updates , or CriticalUpdates .
MsrcSeverity (string) --
The severity of the patch, such as Critical , Important , or Moderate . Applies to Windows patches only.
KbNumber (string) --
The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.
MsrcNumber (string) --
The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example, MS14-045 . Applies to Windows patches only.
Language (string) --
The language of the patch if it's language-specific.
AdvisoryIds (list) --
The Advisory ID of the patch. For example, RHSA-2020:3779 . Applies to Linux-based instances only.
BugzillaIds (list) --
The Bugzilla ID of the patch. For example, 1600646 . Applies to Linux-based instances only.
CVEIds (list) --
The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example, CVE-2011-3192 . Applies to Linux-based instances only.
Name (string) --
The name of the patch. Applies to Linux-based instances only.
Epoch (integer) --
The epoch of the patch. For example in pkg-example-EE-20180914-2.2.amzn1.noarch , the epoch value is 20180914-2 . Applies to Linux-based instances only.
Version (string) --
The version number of the patch. For example, in example-pkg-1.710.10-2.7.abcd.x86_64 , the version number is indicated by -1 . Applies to Linux-based instances only.
Release (string) --
The particular release of a patch. For example, in pkg-example-EE-20180914-2.2.amzn1.noarch , the release is 2.amaz1 . Applies to Linux-based instances only.
Arch (string) --
The architecture of the patch. For example, in example-pkg-0.710.10-2.7.abcd.x86_64 , the architecture is indicated by x86_64 . Applies to Linux-based instances only.
Severity (string) --
The severity level of the patch. For example, CRITICAL or MODERATE .
Repository (string) --
The source patch repository for the operating system and version, such as trusty-security for Ubuntu Server 14.04 LTE and focal-security for Ubuntu Server 20.04 LTE. Applies to Linux-based instances only.
PatchStatus (dict) --
The status of the patch in a patch baseline. This includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.
DeploymentStatus (string) --
The approval status of a patch.
ComplianceLevel (string) --
The compliance severity level for a patch.
ApprovalDate (datetime) --
The date the patch was approved (or will be approved if the status is PENDING_APPROVAL ).
paginator = client.get_paginator('describe_instance_associations_status')
Creates an iterator that will paginate through responses from SSM.Client.describe_instance_associations_status().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
InstanceId='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The instance IDs for which you want association status information.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'InstanceAssociationStatusInfos': [
{
'AssociationId': 'string',
'Name': 'string',
'DocumentVersion': 'string',
'AssociationVersion': 'string',
'InstanceId': 'string',
'ExecutionDate': datetime(2015, 1, 1),
'Status': 'string',
'DetailedStatus': 'string',
'ExecutionSummary': 'string',
'ErrorCode': 'string',
'OutputUrl': {
'S3OutputUrl': {
'OutputUrl': 'string'
}
},
'AssociationName': 'string'
},
],
}
Response Structure
(dict) --
InstanceAssociationStatusInfos (list) --
Status information about the association.
(dict) --
Status information about the instance association.
AssociationId (string) --
The association ID.
Name (string) --
The name of the association.
DocumentVersion (string) --
The association document versions.
AssociationVersion (string) --
The version of the association applied to the instance.
InstanceId (string) --
The instance ID where the association was created.
ExecutionDate (datetime) --
The date the instance association ran.
Status (string) --
Status information about the instance association.
DetailedStatus (string) --
Detailed status information about the instance association.
ExecutionSummary (string) --
Summary information about association execution.
ErrorCode (string) --
An error code returned by the request to create the association.
OutputUrl (dict) --
A URL for an S3 bucket where you want to store the results of this request.
S3OutputUrl (dict) --
The URL of S3 bucket where you want to store the results of this request.
OutputUrl (string) --
A URL for an S3 bucket where you want to store the results of this request.
AssociationName (string) --
The name of the association applied to the instance.
paginator = client.get_paginator('describe_instance_information')
Creates an iterator that will paginate through responses from SSM.Client.describe_instance_information().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
InstanceInformationFilterList=[
{
'key': 'InstanceIds'|'AgentVersion'|'PingStatus'|'PlatformTypes'|'ActivationIds'|'IamRole'|'ResourceType'|'AssociationStatus',
'valueSet': [
'string',
]
},
],
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
This is a legacy method. We recommend that you don't use this method. Instead, use the Filters data type. Filters enables you to return instance information by filtering based on tags applied to managed instances.
Note
Attempting to use InstanceInformationFilterList and Filters leads to an exception error.
Describes a filter for a specific list of instances. You can filter instances information by using tags. You specify tags by using a key-value mapping.
Use this operation instead of the DescribeInstanceInformationRequest$InstanceInformationFilterList method. The InstanceInformationFilterList method is a legacy method and doesn't support tags.
The name of the filter.
The filter values.
One or more filters. Use a filter to return a more specific list of instances. You can filter based on tags applied to EC2 instances. Use this Filters data type instead of InstanceInformationFilterList , which is deprecated.
The filters to describe or get information about your managed instances.
The filter key name to describe your instances. For example:
"InstanceIds"|"AgentVersion"|"PingStatus"|"PlatformTypes"|"ActivationIds"|"IamRole"|"ResourceType"|"AssociationStatus"|"Tag Key"
Warning
Tag key isn't a valid filter. You must specify either tag-key or tag:keyname and a string. Here are some valid examples: tag-key, tag:123, tag:al!, tag:Windows. Here are some invalid examples: tag-keys, Tag Key, tag:, tagKey, abc:keyname.
The filter values.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'InstanceInformationList': [
{
'InstanceId': 'string',
'PingStatus': 'Online'|'ConnectionLost'|'Inactive',
'LastPingDateTime': datetime(2015, 1, 1),
'AgentVersion': 'string',
'IsLatestVersion': True|False,
'PlatformType': 'Windows'|'Linux',
'PlatformName': 'string',
'PlatformVersion': 'string',
'ActivationId': 'string',
'IamRole': 'string',
'RegistrationDate': datetime(2015, 1, 1),
'ResourceType': 'ManagedInstance'|'Document'|'EC2Instance',
'Name': 'string',
'IPAddress': 'string',
'ComputerName': 'string',
'AssociationStatus': 'string',
'LastAssociationExecutionDate': datetime(2015, 1, 1),
'LastSuccessfulAssociationExecutionDate': datetime(2015, 1, 1),
'AssociationOverview': {
'DetailedStatus': 'string',
'InstanceAssociationStatusAggregatedCount': {
'string': 123
}
}
},
],
}
Response Structure
(dict) --
InstanceInformationList (list) --
The instance information list.
(dict) --
Describes a filter for a specific list of instances.
InstanceId (string) --
The instance ID.
PingStatus (string) --
Connection status of SSM Agent.
Note
The status Inactive has been deprecated and is no longer in use.
LastPingDateTime (datetime) --
The date and time when the agent last pinged the Systems Manager service.
AgentVersion (string) --
The version of SSM Agent running on your Linux instance.
IsLatestVersion (boolean) --
Indicates whether the latest version of SSM Agent is running on your Linux Managed Instance. This field doesn't indicate whether or not the latest version is installed on Windows managed instances, because some older versions of Windows Server use the EC2Config service to process Systems Manager requests.
PlatformType (string) --
The operating system platform type.
PlatformName (string) --
The name of the operating system platform running on your instance.
PlatformVersion (string) --
The version of the OS platform running on your instance.
ActivationId (string) --
The activation ID created by Amazon Web Services Systems Manager when the server or virtual machine (VM) was registered.
IamRole (string) --
The Identity and Access Management (IAM) role assigned to the on-premises Systems Manager managed instance. This call doesn't return the IAM role for Amazon Elastic Compute Cloud (Amazon EC2) instances. To retrieve the IAM role for an EC2 instance, use the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference .
RegistrationDate (datetime) --
The date the server or VM was registered with Amazon Web Services as a managed instance.
ResourceType (string) --
The type of instance. Instances are either EC2 instances or managed instances.
Name (string) --
The name assigned to an on-premises server or virtual machine (VM) when it is activated as a Systems Manager managed instance. The name is specified as the DefaultInstanceName property using the CreateActivation command. It is applied to the managed instance by specifying the Activation Code and Activation ID when you install SSM Agent on the instance, as explained in Install SSM Agent for a hybrid environment (Linux) and Install SSM Agent for a hybrid environment (Windows) . To retrieve the Name tag of an EC2 instance, use the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference .
IPAddress (string) --
The IP address of the managed instance.
ComputerName (string) --
The fully qualified host name of the managed instance.
AssociationStatus (string) --
The status of the association.
LastAssociationExecutionDate (datetime) --
The date the association was last run.
LastSuccessfulAssociationExecutionDate (datetime) --
The last date the association was successfully run.
AssociationOverview (dict) --
Information about the association.
DetailedStatus (string) --
Detailed status information about the aggregated associations.
InstanceAssociationStatusAggregatedCount (dict) --
The number of associations for the instance(s).
paginator = client.get_paginator('describe_instance_patch_states')
Creates an iterator that will paginate through responses from SSM.Client.describe_instance_patch_states().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
InstanceIds=[
'string',
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ID of the instance for which patch state information should be retrieved.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'InstancePatchStates': [
{
'InstanceId': 'string',
'PatchGroup': 'string',
'BaselineId': 'string',
'SnapshotId': 'string',
'InstallOverrideList': 'string',
'OwnerInformation': 'string',
'InstalledCount': 123,
'InstalledOtherCount': 123,
'InstalledPendingRebootCount': 123,
'InstalledRejectedCount': 123,
'MissingCount': 123,
'FailedCount': 123,
'UnreportedNotApplicableCount': 123,
'NotApplicableCount': 123,
'OperationStartTime': datetime(2015, 1, 1),
'OperationEndTime': datetime(2015, 1, 1),
'Operation': 'Scan'|'Install',
'LastNoRebootInstallOperationTime': datetime(2015, 1, 1),
'RebootOption': 'RebootIfNeeded'|'NoReboot',
'CriticalNonCompliantCount': 123,
'SecurityNonCompliantCount': 123,
'OtherNonCompliantCount': 123
},
],
}
Response Structure
(dict) --
InstancePatchStates (list) --
The high-level patch state for the requested instances.
(dict) --
Defines the high-level patch compliance state for a managed instance, providing information about the number of installed, missing, not applicable, and failed patches along with metadata about the operation when this information was gathered for the instance.
InstanceId (string) --
The ID of the managed instance the high-level patch compliance information was collected for.
PatchGroup (string) --
The name of the patch group the managed instance belongs to.
BaselineId (string) --
The ID of the patch baseline used to patch the instance.
SnapshotId (string) --
The ID of the patch baseline snapshot used during the patching operation when this compliance data was collected.
InstallOverrideList (string) --
An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document AWS-RunPatchBaseline , overrides the patches specified by the default patch baseline.
For more information about the InstallOverrideList parameter, see About the ``AWS-RunPatchBaseline` https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-about-aws-runpatchbaseline.html`__ SSM document in the Amazon Web Services Systems Manager User Guide .
OwnerInformation (string) --
Placeholder information. This field will always be empty in the current release of the service.
InstalledCount (integer) --
The number of patches from the patch baseline that are installed on the instance.
InstalledOtherCount (integer) --
The number of patches not specified in the patch baseline that are installed on the instance.
InstalledPendingRebootCount (integer) --
The number of patches installed by Patch Manager since the last time the instance was rebooted.
InstalledRejectedCount (integer) --
The number of patches installed on an instance that are specified in a RejectedPatches list. Patches with a status of InstalledRejected were typically installed before they were added to a RejectedPatches list.
Note
If ALLOW_AS_DEPENDENCY is the specified option for RejectedPatchesAction , the value of InstalledRejectedCount will always be 0 (zero).
MissingCount (integer) --
The number of patches from the patch baseline that are applicable for the instance but aren't currently installed.
FailedCount (integer) --
The number of patches from the patch baseline that were attempted to be installed during the last patching operation, but failed to install.
UnreportedNotApplicableCount (integer) --
The number of patches beyond the supported limit of NotApplicableCount that aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.
NotApplicableCount (integer) --
The number of patches from the patch baseline that aren't applicable for the instance and therefore aren't installed on the instance. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in UnreportedNotApplicableCount .
OperationStartTime (datetime) --
The time the most recent patching operation was started on the instance.
OperationEndTime (datetime) --
The time the most recent patching operation completed on the instance.
Operation (string) --
The type of patching operation that was performed: or
LastNoRebootInstallOperationTime (datetime) --
The time of the last attempt to patch the instance with NoReboot specified as the reboot option.
RebootOption (string) --
Indicates the reboot option specified in the patch baseline.
Note
Reboot options apply to Install operations only. Reboots aren't attempted for Patch Manager Scan operations.
CriticalNonCompliantCount (integer) --
The number of instances where patches that are specified as Critical for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
SecurityNonCompliantCount (integer) --
The number of instances where patches that are specified as Security in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
OtherNonCompliantCount (integer) --
The number of instances with patches installed that are specified as other than Critical or Security but aren't compliant with the patch baseline. The status of these instances is NON_COMPLIANT .
paginator = client.get_paginator('describe_instance_patch_states_for_patch_group')
Creates an iterator that will paginate through responses from SSM.Client.describe_instance_patch_states_for_patch_group().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
PatchGroup='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'LessThan'|'GreaterThan'
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The name of the patch group for which the patch state information should be retrieved.
Each entry in the array is a structure containing:
Defines a filter used in DescribeInstancePatchStatesForPatchGroup to scope down the information returned by the API.
Example : To filter for all instances in a patch group having more than three patches with a FailedCount status, use the following for the filter:
The key for the filter. Supported values include the following:
The value for the filter. Must be an integer greater than or equal to 0.
The type of comparison that should be performed for the value.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'InstancePatchStates': [
{
'InstanceId': 'string',
'PatchGroup': 'string',
'BaselineId': 'string',
'SnapshotId': 'string',
'InstallOverrideList': 'string',
'OwnerInformation': 'string',
'InstalledCount': 123,
'InstalledOtherCount': 123,
'InstalledPendingRebootCount': 123,
'InstalledRejectedCount': 123,
'MissingCount': 123,
'FailedCount': 123,
'UnreportedNotApplicableCount': 123,
'NotApplicableCount': 123,
'OperationStartTime': datetime(2015, 1, 1),
'OperationEndTime': datetime(2015, 1, 1),
'Operation': 'Scan'|'Install',
'LastNoRebootInstallOperationTime': datetime(2015, 1, 1),
'RebootOption': 'RebootIfNeeded'|'NoReboot',
'CriticalNonCompliantCount': 123,
'SecurityNonCompliantCount': 123,
'OtherNonCompliantCount': 123
},
],
}
Response Structure
(dict) --
InstancePatchStates (list) --
The high-level patch state for the requested instances.
(dict) --
Defines the high-level patch compliance state for a managed instance, providing information about the number of installed, missing, not applicable, and failed patches along with metadata about the operation when this information was gathered for the instance.
InstanceId (string) --
The ID of the managed instance the high-level patch compliance information was collected for.
PatchGroup (string) --
The name of the patch group the managed instance belongs to.
BaselineId (string) --
The ID of the patch baseline used to patch the instance.
SnapshotId (string) --
The ID of the patch baseline snapshot used during the patching operation when this compliance data was collected.
InstallOverrideList (string) --
An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document AWS-RunPatchBaseline , overrides the patches specified by the default patch baseline.
For more information about the InstallOverrideList parameter, see About the ``AWS-RunPatchBaseline` https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-about-aws-runpatchbaseline.html`__ SSM document in the Amazon Web Services Systems Manager User Guide .
OwnerInformation (string) --
Placeholder information. This field will always be empty in the current release of the service.
InstalledCount (integer) --
The number of patches from the patch baseline that are installed on the instance.
InstalledOtherCount (integer) --
The number of patches not specified in the patch baseline that are installed on the instance.
InstalledPendingRebootCount (integer) --
The number of patches installed by Patch Manager since the last time the instance was rebooted.
InstalledRejectedCount (integer) --
The number of patches installed on an instance that are specified in a RejectedPatches list. Patches with a status of InstalledRejected were typically installed before they were added to a RejectedPatches list.
Note
If ALLOW_AS_DEPENDENCY is the specified option for RejectedPatchesAction , the value of InstalledRejectedCount will always be 0 (zero).
MissingCount (integer) --
The number of patches from the patch baseline that are applicable for the instance but aren't currently installed.
FailedCount (integer) --
The number of patches from the patch baseline that were attempted to be installed during the last patching operation, but failed to install.
UnreportedNotApplicableCount (integer) --
The number of patches beyond the supported limit of NotApplicableCount that aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.
NotApplicableCount (integer) --
The number of patches from the patch baseline that aren't applicable for the instance and therefore aren't installed on the instance. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in UnreportedNotApplicableCount .
OperationStartTime (datetime) --
The time the most recent patching operation was started on the instance.
OperationEndTime (datetime) --
The time the most recent patching operation completed on the instance.
Operation (string) --
The type of patching operation that was performed: or
LastNoRebootInstallOperationTime (datetime) --
The time of the last attempt to patch the instance with NoReboot specified as the reboot option.
RebootOption (string) --
Indicates the reboot option specified in the patch baseline.
Note
Reboot options apply to Install operations only. Reboots aren't attempted for Patch Manager Scan operations.
CriticalNonCompliantCount (integer) --
The number of instances where patches that are specified as Critical for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
SecurityNonCompliantCount (integer) --
The number of instances where patches that are specified as Security in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
OtherNonCompliantCount (integer) --
The number of instances with patches installed that are specified as other than Critical or Security but aren't compliant with the patch baseline. The status of these instances is NON_COMPLIANT .
paginator = client.get_paginator('describe_instance_patches')
Creates an iterator that will paginate through responses from SSM.Client.describe_instance_patches().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
InstanceId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ID of the instance whose patch state information should be retrieved.
Each element in the array is a structure containing a key-value pair.
Supported keys for DescribeInstancePatches include the following:
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Patches': [
{
'Title': 'string',
'KBId': 'string',
'Classification': 'string',
'Severity': 'string',
'State': 'INSTALLED'|'INSTALLED_OTHER'|'INSTALLED_PENDING_REBOOT'|'INSTALLED_REJECTED'|'MISSING'|'NOT_APPLICABLE'|'FAILED',
'InstalledTime': datetime(2015, 1, 1),
'CVEIds': 'string'
},
],
}
Response Structure
(dict) --
Patches (list) --
Each entry in the array is a structure containing:
(dict) --
Information about the state of a patch on a particular instance as it relates to the patch baseline used to patch the instance.
Title (string) --
The title of the patch.
KBId (string) --
The operating system-specific ID of the patch.
Classification (string) --
The classification of the patch, such as SecurityUpdates , Updates , and CriticalUpdates .
Severity (string) --
The severity of the patchsuch as Critical , Important , and Moderate .
State (string) --
The state of the patch on the instance, such as INSTALLED or FAILED.
For descriptions of each patch state, see About patch compliance in the Amazon Web Services Systems Manager User Guide .
InstalledTime (datetime) --
The date/time the patch was installed on the instance. Not all operating systems provide this level of information.
CVEIds (string) --
The IDs of one or more Common Vulnerabilities and Exposure (CVE) issues that are resolved by the patch.
paginator = client.get_paginator('describe_inventory_deletions')
Creates an iterator that will paginate through responses from SSM.Client.describe_inventory_deletions().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
DeletionId='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'InventoryDeletions': [
{
'DeletionId': 'string',
'TypeName': 'string',
'DeletionStartTime': datetime(2015, 1, 1),
'LastStatus': 'InProgress'|'Complete',
'LastStatusMessage': 'string',
'DeletionSummary': {
'TotalCount': 123,
'RemainingCount': 123,
'SummaryItems': [
{
'Version': 'string',
'Count': 123,
'RemainingCount': 123
},
]
},
'LastStatusUpdateTime': datetime(2015, 1, 1)
},
],
}
Response Structure
(dict) --
InventoryDeletions (list) --
A list of status items for deleted inventory.
(dict) --
Status information returned by the DeleteInventory operation.
DeletionId (string) --
The deletion ID returned by the DeleteInventory operation.
TypeName (string) --
The name of the inventory data type.
DeletionStartTime (datetime) --
The UTC timestamp when the delete operation started.
LastStatus (string) --
The status of the operation. Possible values are InProgress and Complete.
LastStatusMessage (string) --
Information about the status.
DeletionSummary (dict) --
Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the Amazon Web Services Systems Manager User Guide .
TotalCount (integer) --
The total number of items to delete. This count doesn't change during the delete operation.
RemainingCount (integer) --
Remaining number of items to delete.
SummaryItems (list) --
A list of counts and versions for deleted items.
(dict) --
Either a count, remaining count, or a version number in a delete inventory summary.
Version (string) --
The inventory type version.
Count (integer) --
A count of the number of deleted items.
RemainingCount (integer) --
The remaining number of items to delete.
LastStatusUpdateTime (datetime) --
The UTC timestamp of when the last status report.
paginator = client.get_paginator('describe_maintenance_window_execution_task_invocations')
Creates an iterator that will paginate through responses from SSM.Client.describe_maintenance_window_execution_task_invocations().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
WindowExecutionId='string',
TaskId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ID of the maintenance window execution the task is part of.
[REQUIRED]
The ID of the specific task in the maintenance window task that should be retrieved.
Optional filters used to scope down the returned task invocations. The supported filter key is STATUS with the corresponding values PENDING , IN_PROGRESS , SUCCESS , FAILED , TIMED_OUT , CANCELLING , and CANCELLED .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'WindowExecutionTaskInvocationIdentities': [
{
'WindowExecutionId': 'string',
'TaskExecutionId': 'string',
'InvocationId': 'string',
'ExecutionId': 'string',
'TaskType': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA',
'Parameters': 'string',
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1),
'OwnerInformation': 'string',
'WindowTargetId': 'string'
},
],
}
Response Structure
(dict) --
WindowExecutionTaskInvocationIdentities (list) --
Information about the task invocation results per invocation.
(dict) --
Describes the information about a task invocation for a particular target as part of a task execution performed as part of a maintenance window execution.
WindowExecutionId (string) --
The ID of the maintenance window execution that ran the task.
TaskExecutionId (string) --
The ID of the specific task execution in the maintenance window execution.
InvocationId (string) --
The ID of the task invocation.
ExecutionId (string) --
The ID of the action performed in the service that actually handled the task invocation. If the task type is RUN_COMMAND , this value is the command ID.
TaskType (string) --
The task type.
Parameters (string) --
The parameters that were provided for the invocation when it was run.
Status (string) --
The status of the task invocation.
StatusDetails (string) --
The details explaining the status of the task invocation. Not available for all status values.
StartTime (datetime) --
The time the invocation started.
EndTime (datetime) --
The time the invocation finished.
OwnerInformation (string) --
User-provided value that was specified when the target was registered with the maintenance window. This was also included in any Amazon CloudWatch Events events raised during the task invocation.
WindowTargetId (string) --
The ID of the target definition in this maintenance window the invocation was performed for.
paginator = client.get_paginator('describe_maintenance_window_execution_tasks')
Creates an iterator that will paginate through responses from SSM.Client.describe_maintenance_window_execution_tasks().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
WindowExecutionId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ID of the maintenance window execution whose task executions should be retrieved.
Optional filters used to scope down the returned tasks. The supported filter key is STATUS with the corresponding values PENDING , IN_PROGRESS , SUCCESS , FAILED , TIMED_OUT , CANCELLING , and CANCELLED .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'WindowExecutionTaskIdentities': [
{
'WindowExecutionId': 'string',
'TaskExecutionId': 'string',
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1),
'TaskArn': 'string',
'TaskType': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA'
},
],
}
Response Structure
(dict) --
WindowExecutionTaskIdentities (list) --
Information about the task executions.
(dict) --
Information about a task execution performed as part of a maintenance window execution.
WindowExecutionId (string) --
The ID of the maintenance window execution that ran the task.
TaskExecutionId (string) --
The ID of the specific task execution in the maintenance window execution.
Status (string) --
The status of the task execution.
StatusDetails (string) --
The details explaining the status of the task execution. Not available for all status values.
StartTime (datetime) --
The time the task execution started.
EndTime (datetime) --
The time the task execution finished.
TaskArn (string) --
The Amazon Resource Name (ARN) of the task that ran.
TaskType (string) --
The type of task that ran.
paginator = client.get_paginator('describe_maintenance_window_executions')
Creates an iterator that will paginate through responses from SSM.Client.describe_maintenance_window_executions().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
WindowId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ID of the maintenance window whose executions should be retrieved.
Each entry in the array is a structure containing:
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'WindowExecutions': [
{
'WindowId': 'string',
'WindowExecutionId': 'string',
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1)
},
],
}
Response Structure
(dict) --
WindowExecutions (list) --
Information about the maintenance window executions.
(dict) --
Describes the information about an execution of a maintenance window.
WindowId (string) --
The ID of the maintenance window.
WindowExecutionId (string) --
The ID of the maintenance window execution.
Status (string) --
The status of the execution.
StatusDetails (string) --
The details explaining the status. Not available for all status values.
StartTime (datetime) --
The time the execution started.
EndTime (datetime) --
The time the execution finished.
paginator = client.get_paginator('describe_maintenance_window_schedule')
Creates an iterator that will paginate through responses from SSM.Client.describe_maintenance_window_schedule().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
WindowId='string',
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
ResourceType='INSTANCE'|'RESOURCE_GROUP',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
The instance ID or key-value pair to retrieve information about.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
Filters used to limit the range of results. For example, you can limit maintenance window executions to only those scheduled before or after a certain date and time.
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'ScheduledWindowExecutions': [
{
'WindowId': 'string',
'Name': 'string',
'ExecutionTime': 'string'
},
],
}
Response Structure
(dict) --
ScheduledWindowExecutions (list) --
Information about maintenance window executions scheduled for the specified time range.
(dict) --
Information about a scheduled execution for a maintenance window.
WindowId (string) --
The ID of the maintenance window to be run.
Name (string) --
The name of the maintenance window to be run.
ExecutionTime (string) --
The time, in ISO-8601 Extended format, that the maintenance window is scheduled to be run.
paginator = client.get_paginator('describe_maintenance_window_targets')
Creates an iterator that will paginate through responses from SSM.Client.describe_maintenance_window_targets().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
WindowId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ID of the maintenance window whose targets should be retrieved.
Optional filters that can be used to narrow down the scope of the returned window targets. The supported filter keys are Type , WindowTargetId , and OwnerInformation .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Targets': [
{
'WindowId': 'string',
'WindowTargetId': 'string',
'ResourceType': 'INSTANCE'|'RESOURCE_GROUP',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'OwnerInformation': 'string',
'Name': 'string',
'Description': 'string'
},
],
}
Response Structure
(dict) --
Targets (list) --
Information about the targets in the maintenance window.
(dict) --
The target registered with the maintenance window.
WindowId (string) --
The ID of the maintenance window to register the target with.
WindowTargetId (string) --
The ID of the target.
ResourceType (string) --
The type of target that is being registered with the maintenance window.
Targets (list) --
The targets, either instances or tags.
Specify instances using the following format:
Key=instanceids,Values=<instanceid1>,<instanceid2>
Tags are specified using the following format:
Key=<tag name>,Values=<tag value> .
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
OwnerInformation (string) --
A user-provided value that will be included in any Amazon CloudWatch Events events that are raised while running tasks for these targets in this maintenance window.
Name (string) --
The name for the maintenance window target.
Description (string) --
A description for the target.
paginator = client.get_paginator('describe_maintenance_window_tasks')
Creates an iterator that will paginate through responses from SSM.Client.describe_maintenance_window_tasks().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
WindowId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The ID of the maintenance window whose tasks should be retrieved.
Optional filters used to narrow down the scope of the returned tasks. The supported filter keys are WindowTaskId , TaskArn , Priority , and TaskType .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Tasks': [
{
'WindowId': 'string',
'WindowTaskId': 'string',
'TaskArn': 'string',
'Type': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TaskParameters': {
'string': {
'Values': [
'string',
]
}
},
'Priority': 123,
'LoggingInfo': {
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'S3Region': 'string'
},
'ServiceRoleArn': 'string',
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'Name': 'string',
'Description': 'string'
},
],
}
Response Structure
(dict) --
Tasks (list) --
Information about the tasks in the maintenance window.
(dict) --
Information about a task defined for a maintenance window.
WindowId (string) --
The ID of the maintenance window where the task is registered.
WindowTaskId (string) --
The task ID.
TaskArn (string) --
The resource that the task uses during execution. For RUN_COMMAND and AUTOMATION task types, TaskArn is the Amazon Web Services Systems Manager (SSM document) name or ARN. For LAMBDA tasks, it's the function name or ARN. For STEP_FUNCTIONS tasks, it's the state machine ARN.
Type (string) --
The type of task.
Targets (list) --
The targets (either instances or tags). Instances are specified using Key=instanceids,Values=<instanceid1>,<instanceid2> . Tags are specified using Key=<tag name>,Values=<tag value> .
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TaskParameters (dict) --
The parameters that should be passed to the task when it is run.
Note
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
(string) --
(dict) --
Defines the values for a task parameter.
Values (list) --
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
Priority (integer) --
The priority of the task in the maintenance window. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
LoggingInfo (dict) --
Information about an S3 bucket to write task-level logs to.
Note
LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
S3BucketName (string) --
The name of an S3 bucket where execution logs are stored .
S3KeyPrefix (string) --
(Optional) The S3 bucket subfolder.
S3Region (string) --
The Region where the S3 bucket is located.
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
MaxConcurrency (string) --
The maximum number of targets this task can be run for, in parallel.
MaxErrors (string) --
The maximum number of errors allowed before this task stops being scheduled.
Name (string) --
The task name.
Description (string) --
A description of the task.
paginator = client.get_paginator('describe_maintenance_windows')
Creates an iterator that will paginate through responses from SSM.Client.describe_maintenance_windows().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Optional filters used to narrow down the scope of the returned maintenance windows. Supported filter keys are Name and Enabled . For example, Name=MyMaintenanceWindow and Enabled=True .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'WindowIdentities': [
{
'WindowId': 'string',
'Name': 'string',
'Description': 'string',
'Enabled': True|False,
'Duration': 123,
'Cutoff': 123,
'Schedule': 'string',
'ScheduleTimezone': 'string',
'ScheduleOffset': 123,
'EndDate': 'string',
'StartDate': 'string',
'NextExecutionTime': 'string'
},
],
}
Response Structure
(dict) --
WindowIdentities (list) --
Information about the maintenance windows.
(dict) --
Information about the maintenance window.
WindowId (string) --
The ID of the maintenance window.
Name (string) --
The name of the maintenance window.
Description (string) --
A description of the maintenance window.
Enabled (boolean) --
Indicates whether the maintenance window is enabled.
Duration (integer) --
The duration of the maintenance window in hours.
Cutoff (integer) --
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
Schedule (string) --
The schedule of the maintenance window in the form of a cron or rate expression.
ScheduleTimezone (string) --
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.
ScheduleOffset (integer) --
The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
EndDate (string) --
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive.
StartDate (string) --
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active.
NextExecutionTime (string) --
The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive.
paginator = client.get_paginator('describe_maintenance_windows_for_target')
Creates an iterator that will paginate through responses from SSM.Client.describe_maintenance_windows_for_target().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
ResourceType='INSTANCE'|'RESOURCE_GROUP',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The instance ID or key-value pair to retrieve information about.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
[REQUIRED]
The type of resource you want to retrieve information about. For example, INSTANCE .
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'WindowIdentities': [
{
'WindowId': 'string',
'Name': 'string'
},
],
}
Response Structure
(dict) --
WindowIdentities (list) --
Information about the maintenance window targets and tasks an instance is associated with.
(dict) --
The maintenance window to which the specified target belongs.
WindowId (string) --
The ID of the maintenance window.
Name (string) --
The name of the maintenance window.
paginator = client.get_paginator('describe_ops_items')
Creates an iterator that will paginate through responses from SSM.Client.describe_ops_items().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
OpsItemFilters=[
{
'Key': 'Status'|'CreatedBy'|'Source'|'Priority'|'Title'|'OpsItemId'|'CreatedTime'|'LastModifiedTime'|'ActualStartTime'|'ActualEndTime'|'PlannedStartTime'|'PlannedEndTime'|'OperationalData'|'OperationalDataKey'|'OperationalDataValue'|'ResourceId'|'AutomationId'|'Category'|'Severity'|'OpsItemType'|'ChangeRequestByRequesterArn'|'ChangeRequestByRequesterName'|'ChangeRequestByApproverArn'|'ChangeRequestByApproverName'|'ChangeRequestByTemplate'|'ChangeRequestByTargetsResourceGroup'|'InsightByType',
'Values': [
'string',
],
'Operator': 'Equal'|'Contains'|'GreaterThan'|'LessThan'
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
One or more filters to limit the response.
*The Equals operator for Title matches the first 100 characters. If you specify more than 100 characters, they system returns an error that the filter value exceeds the length limit.
**If you filter the response by using the OperationalData operator, specify a key-value pair by using the following JSON format: {"key":"key_name","value":"a_value"}
Describes an OpsItem filter.
The name of the filter.
The filter value.
The operator used by the filter call.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'OpsItemSummaries': [
{
'CreatedBy': 'string',
'CreatedTime': datetime(2015, 1, 1),
'LastModifiedBy': 'string',
'LastModifiedTime': datetime(2015, 1, 1),
'Priority': 123,
'Source': 'string',
'Status': 'Open'|'InProgress'|'Resolved'|'Pending'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'CompletedWithSuccess'|'CompletedWithFailure'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'PendingApproval'|'Approved'|'Rejected'|'Closed',
'OpsItemId': 'string',
'Title': 'string',
'OperationalData': {
'string': {
'Value': 'string',
'Type': 'SearchableString'|'String'
}
},
'Category': 'string',
'Severity': 'string',
'OpsItemType': 'string',
'ActualStartTime': datetime(2015, 1, 1),
'ActualEndTime': datetime(2015, 1, 1),
'PlannedStartTime': datetime(2015, 1, 1),
'PlannedEndTime': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
OpsItemSummaries (list) --
A list of OpsItems.
(dict) --
A count of OpsItems.
CreatedBy (string) --
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem.
CreatedTime (datetime) --
The date and time the OpsItem was created.
LastModifiedBy (string) --
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem.
LastModifiedTime (datetime) --
The date and time the OpsItem was last updated.
Priority (integer) --
The importance of this OpsItem in relation to other OpsItems in the system.
Source (string) --
The impacted Amazon Web Services resource.
Status (string) --
The OpsItem status. Status can be Open , In Progress , or Resolved .
OpsItemId (string) --
The ID of the OpsItem.
Title (string) --
A short heading that describes the nature of the OpsItem and the impacted resource.
OperationalData (dict) --
Operational data is custom data that provides useful reference details about the OpsItem.
(string) --
(dict) --
An object that defines the value of the key and its type in the OperationalData map.
Value (string) --
The value of the OperationalData key.
Type (string) --
The type of key-value pair. Valid types include SearchableString and String .
Category (string) --
A list of OpsItems by category.
Severity (string) --
A list of OpsItems by severity.
OpsItemType (string) --
The type of OpsItem. Currently, the only valid values are /aws/changerequest and /aws/issue .
ActualStartTime (datetime) --
The time a runbook workflow started. Currently reported only for the OpsItem type /aws/changerequest .
ActualEndTime (datetime) --
The time a runbook workflow ended. Currently reported only for the OpsItem type /aws/changerequest .
PlannedStartTime (datetime) --
The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type /aws/changerequest .
PlannedEndTime (datetime) --
The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest .
paginator = client.get_paginator('describe_parameters')
Creates an iterator that will paginate through responses from SSM.Client.describe_parameters().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Filters=[
{
'Key': 'Name'|'Type'|'KeyId',
'Values': [
'string',
]
},
],
ParameterFilters=[
{
'Key': 'string',
'Option': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
This data type is deprecated. Instead, use ParameterFilters .
This data type is deprecated. Instead, use ParameterStringFilter .
The name of the filter.
The filter values.
Filters to limit the request results.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter.
The ParameterStringFilter object is used by the DescribeParameters and GetParametersByPath API operations. However, not all of the pattern values listed for Key can be used with both operations.
For DescribeActions , all of the listed patterns are valid, with the exception of Label .
For GetParametersByPath , the following patterns listed for Key aren't valid: tag , Name , Path , and Tier .
For examples of Amazon Web Services CLI commands demonstrating valid parameter filter constructions, see Searching for Systems Manager parameters in the Amazon Web Services Systems Manager User Guide .
For all filters used with DescribeParameters , valid options include Equals and BeginsWith . The Name filter additionally supports the Contains option. (Exception: For filters using the key Path , valid options include Recursive and OneLevel .)
For filters used with GetParametersByPath , valid options include Equals and BeginsWith . (Exception: For filters using Label as the Key name, the only valid option is Equals .)
The value you want to search for.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'KeyId': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'LastModifiedUser': 'string',
'Description': 'string',
'AllowedPattern': 'string',
'Version': 123,
'Tier': 'Standard'|'Advanced'|'Intelligent-Tiering',
'Policies': [
{
'PolicyText': 'string',
'PolicyType': 'string',
'PolicyStatus': 'string'
},
],
'DataType': 'string'
},
],
}
Response Structure
(dict) --
Parameters (list) --
Parameters returned by the request.
(dict) --
Metadata includes information like the ARN of the last user and the date/time the parameter was last used.
Name (string) --
The parameter name.
Type (string) --
The type of parameter. Valid parameter types include the following: String , StringList , and SecureString .
KeyId (string) --
The ID of the query key used for this parameter.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated.
LastModifiedUser (string) --
Amazon Resource Name (ARN) of the Amazon Web Services user who last changed the parameter.
Description (string) --
Description of the parameter actions.
AllowedPattern (string) --
A parameter name can include only the following letters and symbols.
Version (integer) --
The parameter version.
Tier (string) --
The parameter tier.
Policies (list) --
A list of policies associated with a parameter.
(dict) --
One or more policies assigned to a parameter.
PolicyText (string) --
The JSON text of the policy.
PolicyType (string) --
The type of policy. Parameter Store, a capablility of Amazon Web Services Systems Manager, supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
PolicyStatus (string) --
The status of the policy. Policies report the following statuses: Pending (the policy hasn't been enforced or applied yet), Finished (the policy was applied), Failed (the policy wasn't applied), or InProgress (the policy is being applied now).
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
paginator = client.get_paginator('describe_patch_baselines')
Creates an iterator that will paginate through responses from SSM.Client.describe_patch_baselines().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Each element in the array is a structure containing a key-value pair.
Supported keys for DescribePatchBaselines include the following:
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'BaselineIdentities': [
{
'BaselineId': 'string',
'BaselineName': 'string',
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
'BaselineDescription': 'string',
'DefaultBaseline': True|False
},
],
}
Response Structure
(dict) --
BaselineIdentities (list) --
An array of PatchBaselineIdentity elements.
(dict) --
Defines the basic information about a patch baseline.
BaselineId (string) --
The ID of the patch baseline.
BaselineName (string) --
The name of the patch baseline.
OperatingSystem (string) --
Defines the operating system the patch baseline applies to. The default value is WINDOWS .
BaselineDescription (string) --
The description of the patch baseline.
DefaultBaseline (boolean) --
Whether this is the default baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
paginator = client.get_paginator('describe_patch_groups')
Creates an iterator that will paginate through responses from SSM.Client.describe_patch_groups().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Each element in the array is a structure containing a key-value pair.
Supported keys for DescribePatchGroups include the following:
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Mappings': [
{
'PatchGroup': 'string',
'BaselineIdentity': {
'BaselineId': 'string',
'BaselineName': 'string',
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
'BaselineDescription': 'string',
'DefaultBaseline': True|False
}
},
],
}
Response Structure
(dict) --
Mappings (list) --
Each entry in the array contains:
(dict) --
The mapping between a patch group and the patch baseline the patch group is registered with.
PatchGroup (string) --
The name of the patch group registered with the patch baseline.
BaselineIdentity (dict) --
The patch baseline the patch group is registered with.
BaselineId (string) --
The ID of the patch baseline.
BaselineName (string) --
The name of the patch baseline.
OperatingSystem (string) --
Defines the operating system the patch baseline applies to. The default value is WINDOWS .
BaselineDescription (string) --
The description of the patch baseline.
DefaultBaseline (boolean) --
Whether this is the default baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
paginator = client.get_paginator('describe_patch_properties')
Creates an iterator that will paginate through responses from SSM.Client.describe_patch_properties().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
Property='PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PRIORITY'|'SEVERITY',
PatchSet='OS'|'APPLICATION',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The operating system type for which to list patches.
[REQUIRED]
The patch property for which you want to view patch details.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Properties': [
{
'string': 'string'
},
],
}
Response Structure
(dict) --
Properties (list) --
A list of the properties for patches matching the filter request parameters.
paginator = client.get_paginator('describe_sessions')
Creates an iterator that will paginate through responses from SSM.Client.describe_sessions().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
State='Active'|'History',
Filters=[
{
'key': 'InvokedAfter'|'InvokedBefore'|'Target'|'Owner'|'Status'|'SessionId',
'value': 'string'
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The session status to retrieve a list of sessions for. For example, "Active".
One or more filters to limit the type of sessions returned by the request.
Describes a filter for Session Manager information.
The name of the filter.
The filter value. Valid values for each filter key are as follows:
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Sessions': [
{
'SessionId': 'string',
'Target': 'string',
'Status': 'Connected'|'Connecting'|'Disconnected'|'Terminated'|'Terminating'|'Failed',
'StartDate': datetime(2015, 1, 1),
'EndDate': datetime(2015, 1, 1),
'DocumentName': 'string',
'Owner': 'string',
'Details': 'string',
'OutputUrl': {
'S3OutputUrl': 'string',
'CloudWatchOutputUrl': 'string'
}
},
],
}
Response Structure
(dict) --
Sessions (list) --
A list of sessions meeting the request parameters.
(dict) --
Information about a Session Manager connection to an instance.
SessionId (string) --
The ID of the session.
Target (string) --
The instance that the Session Manager session connected to.
Status (string) --
The status of the session. For example, "Connected" or "Terminated".
StartDate (datetime) --
The date and time, in ISO-8601 Extended format, when the session began.
EndDate (datetime) --
The date and time, in ISO-8601 Extended format, when the session was terminated.
DocumentName (string) --
The name of the Session Manager SSM document used to define the parameters and plugin settings for the session. For example, SSM-SessionManagerRunShell .
Owner (string) --
The ID of the Amazon Web Services user account that started the session.
Details (string) --
Reserved for future use.
OutputUrl (dict) --
Reserved for future use.
S3OutputUrl (string) --
Reserved for future use.
CloudWatchOutputUrl (string) --
Reserved for future use.
paginator = client.get_paginator('get_inventory')
Creates an iterator that will paginate through responses from SSM.Client.get_inventory().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'BeginWith'|'LessThan'|'GreaterThan'|'Exists'
},
],
Aggregators=[
{
'Expression': 'string',
'Aggregators': {'... recursive ...'},
'Groups': [
{
'Name': 'string',
'Filters': [
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'BeginWith'|'LessThan'|'GreaterThan'|'Exists'
},
]
},
]
},
],
ResultAttributes=[
{
'TypeName': 'string'
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
One or more filters. Use a filter to return a more specific list of results.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter key.
Inventory filter values. Example: inventory filter where instance IDs are specified as values Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal .
The type of filter.
Note
The Exists filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide .
Returns counts of inventory types based on one or more expressions. For example, if you aggregate by using an expression that uses the AWS:InstanceInformation.PlatformType type, you can see a count of how many Windows and Linux instances exist in your inventoried fleet.
Specifies the inventory type and attribute for the aggregation execution.
The inventory type and attribute name for aggregation.
Nested aggregators to further refine aggregation for an inventory type.
A user-defined set of one or more filters on which to aggregate inventory data. Groups return a count of resources that match and don't match the specified criteria.
A user-defined set of one or more filters on which to aggregate inventory data. Groups return a count of resources that match and don't match the specified criteria.
The name of the group.
Filters define the criteria for the group. The matchingCount field displays the number of resources that match the criteria. The notMatchingCount field displays the number of resources that don't match the criteria.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter key.
Inventory filter values. Example: inventory filter where instance IDs are specified as values Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal .
The type of filter.
Note
The Exists filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide .
The list of inventory item types to return.
The inventory item result attribute.
Name of the inventory item type. Valid value: AWS:InstanceInformation . Default Value: AWS:InstanceInformation .
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Entities': [
{
'Id': 'string',
'Data': {
'string': {
'TypeName': 'string',
'SchemaVersion': 'string',
'CaptureTime': 'string',
'ContentHash': 'string',
'Content': [
{
'string': 'string'
},
]
}
}
},
],
}
Response Structure
(dict) --
Entities (list) --
Collection of inventory entities such as a collection of instance inventory.
(dict) --
Inventory query results.
Id (string) --
ID of the inventory result entity. For example, for managed instance inventory the result will be the managed instance ID. For EC2 instance inventory, the result will be the instance ID.
Data (dict) --
The data section in the inventory result entity JSON.
(string) --
(dict) --
The inventory result item.
TypeName (string) --
The name of the inventory result item type.
SchemaVersion (string) --
The schema version for the inventory result item/
CaptureTime (string) --
The time inventory item data was captured.
ContentHash (string) --
MD5 hash of the inventory item type contents. The content hash is used to determine whether to update inventory information. The PutInventory API doesn't update the inventory item type contents if the MD5 hash hasn't changed since last update.
Content (list) --
Contains all the inventory data of the item type. Results include attribute names and values.
paginator = client.get_paginator('get_inventory_schema')
Creates an iterator that will paginate through responses from SSM.Client.get_inventory_schema().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
TypeName='string',
Aggregator=True|False,
SubType=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Schemas': [
{
'TypeName': 'string',
'Version': 'string',
'Attributes': [
{
'Name': 'string',
'DataType': 'string'|'number'
},
],
'DisplayName': 'string'
},
],
}
Response Structure
(dict) --
Schemas (list) --
Inventory schemas returned by the request.
(dict) --
The inventory item schema definition. Users can use this to compose inventory query filters.
TypeName (string) --
The name of the inventory type. Default inventory item type names start with Amazon Web Services. Custom inventory type names will start with Custom. Default inventory item types include the following: AWS:AWSComponent , AWS:Application , AWS:InstanceInformation , AWS:Network , and AWS:WindowsUpdate .
Version (string) --
The schema version for the inventory item.
Attributes (list) --
The schema attributes for inventory. This contains data type and attribute name.
(dict) --
Attributes are the entries within the inventory item content. It contains name and value.
Name (string) --
Name of the inventory item attribute.
DataType (string) --
The data type of the inventory item attribute.
DisplayName (string) --
The alias name of the inventory type. The alias name is used for display purposes.
paginator = client.get_paginator('get_ops_summary')
Creates an iterator that will paginate through responses from SSM.Client.get_ops_summary().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
SyncName='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'BeginWith'|'LessThan'|'GreaterThan'|'Exists'
},
],
Aggregators=[
{
'AggregatorType': 'string',
'TypeName': 'string',
'AttributeName': 'string',
'Values': {
'string': 'string'
},
'Filters': [
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'BeginWith'|'LessThan'|'GreaterThan'|'Exists'
},
],
'Aggregators': {'... recursive ...'}
},
],
ResultAttributes=[
{
'TypeName': 'string'
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
Optional filters used to scope down the returned OpsData.
A filter for viewing OpsData summaries.
The name of the filter.
The filter value.
The type of filter.
Optional aggregators that return counts of OpsData based on one or more expressions.
One or more aggregators for viewing counts of OpsData using different dimensions such as Source , CreatedTime , or Source and CreatedTime , to name a few.
Either a Range or Count aggregator for limiting an OpsData summary.
The data type name to use for viewing counts of OpsData.
The name of an OpsData attribute on which to limit the count of OpsData.
The aggregator value.
The aggregator filters.
A filter for viewing OpsData summaries.
The name of the filter.
The filter value.
The type of filter.
A nested aggregator for viewing counts of OpsData.
The OpsData data type to return.
The OpsItem data type to return.
Name of the data type. Valid value: AWS:OpsItem , AWS:EC2InstanceInformation , AWS:OpsItemTrendline , or AWS:ComplianceSummary .
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Entities': [
{
'Id': 'string',
'Data': {
'string': {
'CaptureTime': 'string',
'Content': [
{
'string': 'string'
},
]
}
}
},
],
}
Response Structure
(dict) --
Entities (list) --
The list of aggregated and filtered OpsData.
(dict) --
The result of the query.
Id (string) --
The query ID.
Data (dict) --
The data returned by the query.
(string) --
(dict) --
The OpsData summary.
CaptureTime (string) --
The time the OpsData was captured.
Content (list) --
The details of an OpsData summary.
paginator = client.get_paginator('get_parameter_history')
Creates an iterator that will paginate through responses from SSM.Client.get_parameter_history().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Name='string',
WithDecryption=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The name of the parameter for which you want to review history.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'KeyId': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'LastModifiedUser': 'string',
'Description': 'string',
'Value': 'string',
'AllowedPattern': 'string',
'Version': 123,
'Labels': [
'string',
],
'Tier': 'Standard'|'Advanced'|'Intelligent-Tiering',
'Policies': [
{
'PolicyText': 'string',
'PolicyType': 'string',
'PolicyStatus': 'string'
},
],
'DataType': 'string'
},
],
}
Response Structure
(dict) --
Parameters (list) --
A list of parameters returned by the request.
(dict) --
Information about parameter usage.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter used.
KeyId (string) --
The ID of the query key used for this parameter.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated.
LastModifiedUser (string) --
Amazon Resource Name (ARN) of the Amazon Web Services user who last changed the parameter.
Description (string) --
Information about the parameter.
Value (string) --
The parameter value.
AllowedPattern (string) --
Parameter names can include the following letters and symbols.
Version (integer) --
The parameter version.
Labels (list) --
Labels assigned to the parameter version.
Tier (string) --
The parameter tier.
Policies (list) --
Information about the policies assigned to a parameter.
Assigning parameter policies in the Amazon Web Services Systems Manager User Guide .
(dict) --
One or more policies assigned to a parameter.
PolicyText (string) --
The JSON text of the policy.
PolicyType (string) --
The type of policy. Parameter Store, a capablility of Amazon Web Services Systems Manager, supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
PolicyStatus (string) --
The status of the policy. Policies report the following statuses: Pending (the policy hasn't been enforced or applied yet), Finished (the policy was applied), Failed (the policy wasn't applied), or InProgress (the policy is being applied now).
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
paginator = client.get_paginator('get_parameters_by_path')
Creates an iterator that will paginate through responses from SSM.Client.get_parameters_by_path().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Path='string',
Recursive=True|False,
ParameterFilters=[
{
'Key': 'string',
'Option': 'string',
'Values': [
'string',
]
},
],
WithDecryption=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The hierarchy for the parameter. Hierarchies start with a forward slash (/). The hierachy is the parameter name except the last part of the parameter. For the API call to succeeed, the last part of the parameter name can't be in the path. A parameter name hierarchy can have a maximum of 15 levels. Here is an example of a hierarchy: /Finance/Prod/IAD/WinServ2016/license33
Retrieve all parameters within a hierarchy.
Warning
If a user has access to a path, then the user can access all levels of that path. For example, if a user has permission to access path /a , then the user can also access /a/b . Even if a user has explicitly been denied access in IAM for parameter /a/b , they can still call the GetParametersByPath API operation recursively for /a and view /a/b .
Filters to limit the request results.
Note
For GetParametersByPath , the following filter Key names are supported: Type , KeyId , Label , and DataType .
The following Key values are not supported for GetParametersByPath : tag , Name , Path , and Tier .
One or more filters. Use a filter to return a more specific list of results.
The name of the filter.
The ParameterStringFilter object is used by the DescribeParameters and GetParametersByPath API operations. However, not all of the pattern values listed for Key can be used with both operations.
For DescribeActions , all of the listed patterns are valid, with the exception of Label .
For GetParametersByPath , the following patterns listed for Key aren't valid: tag , Name , Path , and Tier .
For examples of Amazon Web Services CLI commands demonstrating valid parameter filter constructions, see Searching for Systems Manager parameters in the Amazon Web Services Systems Manager User Guide .
For all filters used with DescribeParameters , valid options include Equals and BeginsWith . The Name filter additionally supports the Contains option. (Exception: For filters using the key Path , valid options include Recursive and OneLevel .)
For filters used with GetParametersByPath , valid options include Equals and BeginsWith . (Exception: For filters using Label as the Key name, the only valid option is Equals .)
The value you want to search for.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'Value': 'string',
'Version': 123,
'Selector': 'string',
'SourceResult': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'ARN': 'string',
'DataType': 'string'
},
],
}
Response Structure
(dict) --
Parameters (list) --
A list of parameters found in the specified hierarchy.
(dict) --
An Amazon Web Services Systems Manager parameter in Parameter Store.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. Valid values include the following: String , StringList , and SecureString .
Value (string) --
The parameter value.
Version (integer) --
The parameter version.
Selector (string) --
Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:
parameter_name:version
parameter_name:label
SourceResult (string) --
Applies to parameters that reference information in other Amazon Web Services services. SourceResult is the raw result or response from the source.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated and the parameter version was created.
ARN (string) --
The Amazon Resource Name (ARN) of the parameter.
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
paginator = client.get_paginator('list_association_versions')
Creates an iterator that will paginate through responses from SSM.Client.list_association_versions().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
AssociationId='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The association ID for which you want to view all versions.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'AssociationVersions': [
{
'AssociationId': 'string',
'AssociationVersion': 'string',
'CreatedDate': datetime(2015, 1, 1),
'Name': 'string',
'DocumentVersion': 'string',
'Parameters': {
'string': [
'string',
]
},
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'ScheduleExpression': 'string',
'OutputLocation': {
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
'AssociationName': 'string',
'MaxErrors': 'string',
'MaxConcurrency': 'string',
'ComplianceSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
'SyncCompliance': 'AUTO'|'MANUAL',
'ApplyOnlyAtCronInterval': True|False,
'CalendarNames': [
'string',
],
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
},
],
}
Response Structure
(dict) --
AssociationVersions (list) --
Information about all versions of the association for the specified association ID.
(dict) --
Information about the association version.
AssociationId (string) --
The ID created by the system when the association was created.
AssociationVersion (string) --
The association version.
CreatedDate (datetime) --
The date the association version was created.
Name (string) --
The name specified when the association was created.
DocumentVersion (string) --
The version of an Amazon Web Services Systems Manager document (SSM document) used when the association version was created.
Parameters (dict) --
Parameters specified when the association version was created.
Targets (list) --
The targets specified for the association when the association version was created.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression (string) --
The cron or rate schedule specified for the association when the association version was created.
OutputLocation (dict) --
The location in Amazon S3 specified for the association when the association version was created.
S3Location (dict) --
An S3 bucket where you want to store the results of this request.
OutputS3Region (string) --
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
OutputS3BucketName (string) --
The name of the S3 bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
AssociationName (string) --
The name specified for the association version when the association version was created.
MaxErrors (string) --
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
MaxConcurrency (string) --
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
ComplianceSeverity (string) --
The severity level that is assigned to the association.
SyncCompliance (string) --
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
ApplyOnlyAtCronInterval (boolean) --
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames (list) --
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations for this version only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
TargetLocations (list) --
The combination of Regions and accounts where you wanted to run the association when this association version was created.
(dict) --
The combination of Regions and accounts targeted by the current Automation execution.
Accounts (list) --
The accounts targeted by the current Automation execution.
Regions (list) --
The Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency (string) --
The maximum number of Regions and accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors (string) --
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName (string) --
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
paginator = client.get_paginator('list_associations')
Creates an iterator that will paginate through responses from SSM.Client.list_associations().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
AssociationFilterList=[
{
'key': 'InstanceId'|'Name'|'AssociationId'|'AssociationStatusName'|'LastExecutedBefore'|'LastExecutedAfter'|'AssociationName'|'ResourceGroupName',
'value': 'string'
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
One or more filters. Use a filter to return a more specific list of results.
Note
Filtering associations using the InstanceID attribute only returns legacy associations created using the InstanceID attribute. Associations targeting the instance that are part of the Target Attributes ResourceGroup or Tags aren't returned.
Describes a filter.
The name of the filter.
Note
InstanceId has been deprecated.
The filter value.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Associations': [
{
'Name': 'string',
'InstanceId': 'string',
'AssociationId': 'string',
'AssociationVersion': 'string',
'DocumentVersion': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'LastExecutionDate': datetime(2015, 1, 1),
'Overview': {
'Status': 'string',
'DetailedStatus': 'string',
'AssociationStatusAggregatedCount': {
'string': 123
}
},
'ScheduleExpression': 'string',
'AssociationName': 'string'
},
],
}
Response Structure
(dict) --
Associations (list) --
The associations.
(dict) --
Describes an association of a Amazon Web Services Systems Manager document (SSM document) and an instance.
Name (string) --
The name of the SSM document.
InstanceId (string) --
The ID of the instance.
AssociationId (string) --
The ID created by the system when you create an association. An association is a binding between a document and a set of targets with a schedule.
AssociationVersion (string) --
The association version.
DocumentVersion (string) --
The version of the document used in the association.
Targets (list) --
The instances targeted by the request to create an association.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
LastExecutionDate (datetime) --
The date on which the association was last run.
Overview (dict) --
Information about the association.
Status (string) --
The status of the association. Status can be: Pending, Success, or Failed.
DetailedStatus (string) --
A detailed status of the association.
AssociationStatusAggregatedCount (dict) --
Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
ScheduleExpression (string) --
A cron expression that specifies a schedule when the association runs. The schedule runs in Coordinated Universal Time (UTC).
AssociationName (string) --
The association name.
paginator = client.get_paginator('list_command_invocations')
Creates an iterator that will paginate through responses from SSM.Client.list_command_invocations().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
CommandId='string',
InstanceId='string',
Filters=[
{
'key': 'InvokedAfter'|'InvokedBefore'|'Status'|'ExecutionStage'|'DocumentName',
'value': 'string'
},
],
Details=True|False,
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
(Optional) One or more filters. Use a filter to return a more specific list of results.
Describes a command filter.
Note
An instance ID can't be specified when a command status is Pending because the command hasn't run on the instance yet.
The name of the filter.
The filter value. Valid values for each filter key are as follows:
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'CommandInvocations': [
{
'CommandId': 'string',
'InstanceId': 'string',
'InstanceName': 'string',
'Comment': 'string',
'DocumentName': 'string',
'DocumentVersion': 'string',
'RequestedDateTime': datetime(2015, 1, 1),
'Status': 'Pending'|'InProgress'|'Delayed'|'Success'|'Cancelled'|'TimedOut'|'Failed'|'Cancelling',
'StatusDetails': 'string',
'TraceOutput': 'string',
'StandardOutputUrl': 'string',
'StandardErrorUrl': 'string',
'CommandPlugins': [
{
'Name': 'string',
'Status': 'Pending'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed',
'StatusDetails': 'string',
'ResponseCode': 123,
'ResponseStartDateTime': datetime(2015, 1, 1),
'ResponseFinishDateTime': datetime(2015, 1, 1),
'Output': 'string',
'StandardOutputUrl': 'string',
'StandardErrorUrl': 'string',
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
},
],
'ServiceRole': 'string',
'NotificationConfig': {
'NotificationArn': 'string',
'NotificationEvents': [
'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed',
],
'NotificationType': 'Command'|'Invocation'
},
'CloudWatchOutputConfig': {
'CloudWatchLogGroupName': 'string',
'CloudWatchOutputEnabled': True|False
}
},
],
}
Response Structure
(dict) --
CommandInvocations (list) --
(Optional) A list of all invocations.
(dict) --
An invocation is copy of a command sent to a specific instance. A command can apply to one or more instances. A command invocation applies to one instance. For example, if a user runs SendCommand against three instances, then a command invocation is created for each requested instance ID. A command invocation returns status and detail information about a command you ran.
CommandId (string) --
The command against which this invocation was requested.
InstanceId (string) --
The instance ID in which this invocation was requested.
InstanceName (string) --
The name of the invocation target. For EC2 instances this is the value for the aws:Name tag. For on-premises instances, this is the name of the instance.
Comment (string) --
User-specified information about the command, such as a brief description of what the command should do.
DocumentName (string) --
The document name that was requested for execution.
DocumentVersion (string) --
The Systems Manager document (SSM document) version.
RequestedDateTime (datetime) --
The time and date the request was sent to this instance.
Status (string) --
Whether or not the invocation succeeded, failed, or is pending.
StatusDetails (string) --
A detailed status of the command execution for each invocation (each instance targeted by the command). StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide . StatusDetails can be one of the following values:
TraceOutput (string) --
Gets the trace output sent by the agent.
StandardOutputUrl (string) --
The URL to the plugin's StdOut file in Amazon Simple Storage Service (Amazon S3), if the S3 bucket was defined for the parent command. For an invocation, StandardOutputUrl is populated if there is just one plugin defined for the command, and the S3 bucket was defined for the command.
StandardErrorUrl (string) --
The URL to the plugin's StdErr file in Amazon Simple Storage Service (Amazon S3), if the S3 bucket was defined for the parent command. For an invocation, StandardErrorUrl is populated if there is just one plugin defined for the command, and the S3 bucket was defined for the command.
CommandPlugins (list) --
Plugins processed by the command.
(dict) --
Describes plugin details.
Name (string) --
The name of the plugin. Must be one of the following: aws:updateAgent , aws:domainjoin , aws:applications , aws:runPowerShellScript , aws:psmodule , aws:cloudWatch , aws:runShellScript , or aws:updateSSMAgent .
Status (string) --
The status of this plugin. You can run a document with multiple plugins.
StatusDetails (string) --
A detailed status of the plugin execution. StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide . StatusDetails can be one of the following values:
ResponseCode (integer) --
A numeric response code generated after running the plugin.
ResponseStartDateTime (datetime) --
The time the plugin started running.
ResponseFinishDateTime (datetime) --
The time the plugin stopped running. Could stop prematurely if, for example, a cancel command was sent.
Output (string) --
Output of the plugin execution.
StandardOutputUrl (string) --
The URL for the complete text written by the plugin to stdout in Amazon S3. If the S3 bucket for the command wasn't specified, then this string is empty.
StandardErrorUrl (string) --
The URL for the complete text written by the plugin to stderr. If execution isn't yet complete, then this string is empty.
OutputS3Region (string) --
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the S3 bucket region.
OutputS3BucketName (string) --
The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:
doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript
doc-example-bucket is the name of the S3 bucket;
ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix is the name of the S3 prefix;
i-02573cafcfEXAMPLE is the instance ID;
awsrunShellScript is the name of the plugin.
OutputS3KeyPrefix (string) --
The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command. For example, in the following response:
doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript
doc-example-bucket is the name of the S3 bucket;
ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix is the name of the S3 prefix;
i-02573cafcfEXAMPLE is the instance ID;
awsrunShellScript is the name of the plugin.
ServiceRole (string) --
The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes on a per instance basis.
NotificationConfig (dict) --
Configurations for sending notifications about command status changes on a per instance basis.
NotificationArn (string) --
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents (list) --
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide .
NotificationType (string) --
The type of notification.
CloudWatchOutputConfig (dict) --
Amazon CloudWatch Logs information where you want Amazon Web Services Systems Manager to send the command output.
CloudWatchLogGroupName (string) --
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
``aws/ssm/SystemsManagerDocumentName ``
CloudWatchOutputEnabled (boolean) --
Enables Systems Manager to send command output to CloudWatch Logs.
paginator = client.get_paginator('list_commands')
Creates an iterator that will paginate through responses from SSM.Client.list_commands().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
CommandId='string',
InstanceId='string',
Filters=[
{
'key': 'InvokedAfter'|'InvokedBefore'|'Status'|'ExecutionStage'|'DocumentName',
'value': 'string'
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
(Optional) Lists commands issued against this instance ID.
Note
You can't specify an instance ID in the same command that you specify Status = Pending . This is because the command hasn't reached the instance yet.
(Optional) One or more filters. Use a filter to return a more specific list of results.
Describes a command filter.
Note
An instance ID can't be specified when a command status is Pending because the command hasn't run on the instance yet.
The name of the filter.
The filter value. Valid values for each filter key are as follows:
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Commands': [
{
'CommandId': 'string',
'DocumentName': 'string',
'DocumentVersion': 'string',
'Comment': 'string',
'ExpiresAfter': datetime(2015, 1, 1),
'Parameters': {
'string': [
'string',
]
},
'InstanceIds': [
'string',
],
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'RequestedDateTime': datetime(2015, 1, 1),
'Status': 'Pending'|'InProgress'|'Success'|'Cancelled'|'Failed'|'TimedOut'|'Cancelling',
'StatusDetails': 'string',
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string',
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'TargetCount': 123,
'CompletedCount': 123,
'ErrorCount': 123,
'DeliveryTimedOutCount': 123,
'ServiceRole': 'string',
'NotificationConfig': {
'NotificationArn': 'string',
'NotificationEvents': [
'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed',
],
'NotificationType': 'Command'|'Invocation'
},
'CloudWatchOutputConfig': {
'CloudWatchLogGroupName': 'string',
'CloudWatchOutputEnabled': True|False
},
'TimeoutSeconds': 123
},
],
}
Response Structure
(dict) --
Commands (list) --
(Optional) The list of commands requested by the user.
(dict) --
Describes a command request.
CommandId (string) --
A unique identifier for this command.
DocumentName (string) --
The name of the document requested for execution.
DocumentVersion (string) --
The Systems Manager document (SSM document) version.
Comment (string) --
User-specified information about the command, such as a brief description of what the command should do.
ExpiresAfter (datetime) --
If this time is reached and the command hasn't already started running, it won't run. Calculated based on the ExpiresAfter user input provided as part of the SendCommand API operation.
Parameters (dict) --
The parameter values to be inserted in the document when running the command.
InstanceIds (list) --
The instance IDs against which this command was requested.
Targets (list) --
An array of search criteria that targets instances using a Key,Value combination that you specify. Targets is required if you don't provide one or more instance IDs in the call.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
RequestedDateTime (datetime) --
The date and time the command was requested.
Status (string) --
The status of the command.
StatusDetails (string) --
A detailed status of the command execution. StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status. For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide . StatusDetails can be one of the following values:
OutputS3Region (string) --
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Region of the S3 bucket.
OutputS3BucketName (string) --
The S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command.
OutputS3KeyPrefix (string) --
The S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command.
MaxConcurrency (string) --
The maximum number of instances that are allowed to run the command at the same time. You can specify a number of instances, such as 10, or a percentage of instances, such as 10%. The default value is 50. For more information about how to use MaxConcurrency , see Running commands using Systems Manager Run Command in the Amazon Web Services Systems Manager User Guide .
MaxErrors (string) --
The maximum number of errors allowed before the system stops sending the command to additional targets. You can specify a number of errors, such as 10, or a percentage or errors, such as 10%. The default value is 0 . For more information about how to use MaxErrors , see Running commands using Systems Manager Run Command in the Amazon Web Services Systems Manager User Guide .
TargetCount (integer) --
The number of targets for the command.
CompletedCount (integer) --
The number of targets for which the command invocation reached a terminal state. Terminal states include the following: Success, Failed, Execution Timed Out, Delivery Timed Out, Canceled, Terminated, or Undeliverable.
ErrorCount (integer) --
The number of targets for which the status is Failed or Execution Timed Out.
DeliveryTimedOutCount (integer) --
The number of targets for which the status is Delivery Timed Out.
ServiceRole (string) --
The Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes.
NotificationConfig (dict) --
Configurations for sending notifications about command status changes.
NotificationArn (string) --
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents (list) --
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide .
NotificationType (string) --
The type of notification.
CloudWatchOutputConfig (dict) --
Amazon CloudWatch Logs information where you want Amazon Web Services Systems Manager to send the command output.
CloudWatchLogGroupName (string) --
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
``aws/ssm/SystemsManagerDocumentName ``
CloudWatchOutputEnabled (boolean) --
Enables Systems Manager to send command output to CloudWatch Logs.
TimeoutSeconds (integer) --
The TimeoutSeconds value specified for a command.
paginator = client.get_paginator('list_compliance_items')
Creates an iterator that will paginate through responses from SSM.Client.list_compliance_items().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'EQUAL'|'NOT_EQUAL'|'BEGIN_WITH'|'LESS_THAN'|'GREATER_THAN'
},
],
ResourceIds=[
'string',
],
ResourceTypes=[
'string',
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
One or more compliance filters. Use a filter to return a more specific list of results.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter.
The value for which to search.
The type of comparison that should be performed for the value: Equal, NotEqual, BeginWith, LessThan, or GreaterThan.
The ID for the resources from which to get compliance information. Currently, you can only specify one resource ID.
The type of resource from which to get compliance information. Currently, the only supported resource type is ManagedInstance .
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'ComplianceItems': [
{
'ComplianceType': 'string',
'ResourceType': 'string',
'ResourceId': 'string',
'Id': 'string',
'Title': 'string',
'Status': 'COMPLIANT'|'NON_COMPLIANT',
'Severity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ExecutionSummary': {
'ExecutionTime': datetime(2015, 1, 1),
'ExecutionId': 'string',
'ExecutionType': 'string'
},
'Details': {
'string': 'string'
}
},
],
}
Response Structure
(dict) --
ComplianceItems (list) --
A list of compliance information for the specified resource ID.
(dict) --
Information about the compliance as defined by the resource type. For example, for a patch resource type, Items includes information about the PatchSeverity, Classification, and so on.
ComplianceType (string) --
The compliance type. For example, Association (for a State Manager association), Patch, or Custom:string are all valid compliance types.
ResourceType (string) --
The type of resource. ManagedInstance is currently the only supported resource type.
ResourceId (string) --
An ID for the resource. For a managed instance, this is the instance ID.
Id (string) --
An ID for the compliance item. For example, if the compliance item is a Windows patch, the ID could be the number of the KB article; for example: KB4010320.
Title (string) --
A title for the compliance item. For example, if the compliance item is a Windows patch, the title could be the title of the KB article for the patch; for example: Security Update for Active Directory Federation Services.
Status (string) --
The status of the compliance item. An item is either COMPLIANT, NON_COMPLIANT, or an empty string (for Windows patches that aren't applicable).
Severity (string) --
The severity of the compliance status. Severity can be one of the following: Critical, High, Medium, Low, Informational, Unspecified.
ExecutionSummary (dict) --
A summary for the compliance item. The summary includes an execution ID, the execution type (for example, command), and the execution time.
ExecutionTime (datetime) --
The time the execution ran as a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'.
ExecutionId (string) --
An ID created by the system when PutComplianceItems was called. For example, CommandID is a valid execution ID. You can use this ID in subsequent calls.
ExecutionType (string) --
The type of execution. For example, Command is a valid execution type.
Details (dict) --
A "Key": "Value" tag combination for the compliance item.
paginator = client.get_paginator('list_compliance_summaries')
Creates an iterator that will paginate through responses from SSM.Client.list_compliance_summaries().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'EQUAL'|'NOT_EQUAL'|'BEGIN_WITH'|'LESS_THAN'|'GREATER_THAN'
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
One or more compliance or inventory filters. Use a filter to return a more specific list of results.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter.
The value for which to search.
The type of comparison that should be performed for the value: Equal, NotEqual, BeginWith, LessThan, or GreaterThan.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'ComplianceSummaryItems': [
{
'ComplianceType': 'string',
'CompliantSummary': {
'CompliantCount': 123,
'SeveritySummary': {
'CriticalCount': 123,
'HighCount': 123,
'MediumCount': 123,
'LowCount': 123,
'InformationalCount': 123,
'UnspecifiedCount': 123
}
},
'NonCompliantSummary': {
'NonCompliantCount': 123,
'SeveritySummary': {
'CriticalCount': 123,
'HighCount': 123,
'MediumCount': 123,
'LowCount': 123,
'InformationalCount': 123,
'UnspecifiedCount': 123
}
}
},
],
}
Response Structure
(dict) --
ComplianceSummaryItems (list) --
A list of compliant and non-compliant summary counts based on compliance types. For example, this call returns State Manager associations, patches, or custom compliance types according to the filter criteria that you specified.
(dict) --
A summary of compliance information by compliance type.
ComplianceType (string) --
The type of compliance item. For example, the compliance type can be Association, Patch, or Custom:string.
CompliantSummary (dict) --
A list of COMPLIANT items for the specified compliance type.
CompliantCount (integer) --
The total number of resources that are compliant.
SeveritySummary (dict) --
A summary of the compliance severity by compliance type.
CriticalCount (integer) --
The total number of resources or compliance items that have a severity level of critical. Critical severity is determined by the organization that published the compliance items.
HighCount (integer) --
The total number of resources or compliance items that have a severity level of high. High severity is determined by the organization that published the compliance items.
MediumCount (integer) --
The total number of resources or compliance items that have a severity level of medium. Medium severity is determined by the organization that published the compliance items.
LowCount (integer) --
The total number of resources or compliance items that have a severity level of low. Low severity is determined by the organization that published the compliance items.
InformationalCount (integer) --
The total number of resources or compliance items that have a severity level of informational. Informational severity is determined by the organization that published the compliance items.
UnspecifiedCount (integer) --
The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.
NonCompliantSummary (dict) --
A list of NON_COMPLIANT items for the specified compliance type.
NonCompliantCount (integer) --
The total number of compliance items that aren't compliant.
SeveritySummary (dict) --
A summary of the non-compliance severity by compliance type
CriticalCount (integer) --
The total number of resources or compliance items that have a severity level of critical. Critical severity is determined by the organization that published the compliance items.
HighCount (integer) --
The total number of resources or compliance items that have a severity level of high. High severity is determined by the organization that published the compliance items.
MediumCount (integer) --
The total number of resources or compliance items that have a severity level of medium. Medium severity is determined by the organization that published the compliance items.
LowCount (integer) --
The total number of resources or compliance items that have a severity level of low. Low severity is determined by the organization that published the compliance items.
InformationalCount (integer) --
The total number of resources or compliance items that have a severity level of informational. Informational severity is determined by the organization that published the compliance items.
UnspecifiedCount (integer) --
The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.
paginator = client.get_paginator('list_document_versions')
Creates an iterator that will paginate through responses from SSM.Client.list_document_versions().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Name='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
[REQUIRED]
The name of the document. You can specify an Amazon Resource Name (ARN).
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'DocumentVersions': [
{
'Name': 'string',
'DisplayName': 'string',
'DocumentVersion': 'string',
'VersionName': 'string',
'CreatedDate': datetime(2015, 1, 1),
'IsDefaultVersion': True|False,
'DocumentFormat': 'YAML'|'JSON'|'TEXT',
'Status': 'Creating'|'Active'|'Updating'|'Deleting'|'Failed',
'StatusInformation': 'string',
'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED'
},
],
}
Response Structure
(dict) --
DocumentVersions (list) --
The document versions.
(dict) --
Version information about the document.
Name (string) --
The document name.
DisplayName (string) --
The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument .
DocumentVersion (string) --
The document version.
VersionName (string) --
The version of the artifact associated with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document, and can't be changed.
CreatedDate (datetime) --
The date the document was created.
IsDefaultVersion (boolean) --
An identifier for the default version of the document.
DocumentFormat (string) --
The document format, either JSON or YAML.
Status (string) --
The status of the SSM document, such as Creating , Active , Failed , and Deleting .
StatusInformation (string) --
A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."
ReviewStatus (string) --
The current status of the approval review for the latest version of the document.
paginator = client.get_paginator('list_documents')
Creates an iterator that will paginate through responses from SSM.Client.list_documents().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
DocumentFilterList=[
{
'key': 'Name'|'Owner'|'PlatformTypes'|'DocumentType',
'value': 'string'
},
],
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
This data type is deprecated. Instead, use Filters .
This data type is deprecated. Instead, use DocumentKeyValuesFilter .
The name of the filter.
The value of the filter.
One or more DocumentKeyValuesFilter objects. Use a filter to return a more specific list of results. For keys, you can specify one or more key-value pair tags that have been applied to a document. Other valid keys include Owner , Name , PlatformTypes , DocumentType , and TargetType . For example, to return documents you own use Key=Owner,Values=Self . To specify a custom key-value pair, use the format Key=tag:tagName,Values=valueName .
Note
This API operation only supports filtering documents by using a single tag key and one or more tag values. For example: Key=tag:tagName,Values=valueName1,valueName2
One or more filters. Use a filter to return a more specific list of documents.
For keys, you can specify one or more tags that have been applied to a document.
You can also use Amazon Web Services-provided keys, some of which have specific allowed values. These keys and their associated values are as follows:
DocumentType
Owner
Note that only one Owner can be specified in a request. For example: Key=Owner,Values=Self .
PlatformTypes
Name is another Amazon Web Services-provided key. If you use Name as a key, you can use a name prefix to return a list of documents. For example, in the Amazon Web Services CLI, to return a list of all documents that begin with Te , run the following command:aws ssm list-documents --filters Key=Name,Values=Te
You can also use the TargetType Amazon Web Services-provided key. For a list of valid resource type values that can be used with this key, see Amazon Web Services resource and property types reference in the CloudFormation User Guide .
If you specify more than two keys, only documents that are identified by all the tags are returned in the results. If you specify more than two values for a key, documents that are identified by any of the values are returned in the results.
To specify a custom key-value pair, use the format Key=tag:tagName,Values=valueName .
For example, if you created a key called region and are using the Amazon Web Services CLI to call the list-documents command:
aws ssm list-documents --filters Key=tag:region,Values=east,west Key=Owner,Values=Self
The name of the filter key.
The value for the filter key.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'DocumentIdentifiers': [
{
'Name': 'string',
'CreatedDate': datetime(2015, 1, 1),
'DisplayName': 'string',
'Owner': 'string',
'VersionName': 'string',
'PlatformTypes': [
'Windows'|'Linux',
],
'DocumentVersion': 'string',
'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate',
'SchemaVersion': 'string',
'DocumentFormat': 'YAML'|'JSON'|'TEXT',
'TargetType': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'Requires': [
{
'Name': 'string',
'Version': 'string'
},
],
'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
'Author': 'string'
},
],
}
Response Structure
(dict) --
DocumentIdentifiers (list) --
The names of the SSM documents.
(dict) --
Describes the name of a SSM document.
Name (string) --
The name of the SSM document.
CreatedDate (datetime) --
The date the SSM document was created.
DisplayName (string) --
An optional field where you can specify a friendly name for the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument .
Owner (string) --
The Amazon Web Services user account that created the document.
VersionName (string) --
An optional field specifying the version of the artifact associated with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document, and can't be changed.
PlatformTypes (list) --
The operating system platform.
DocumentVersion (string) --
The document version.
DocumentType (string) --
The document type.
SchemaVersion (string) --
The schema version.
DocumentFormat (string) --
The document format, either JSON or YAML.
TargetType (string) --
The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance . For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide .
Tags (list) --
The tags, or metadata, that have been applied to the document.
(dict) --
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
Key (string) --
The name of the tag.
Value (string) --
The value of the tag.
Requires (list) --
A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.
(dict) --
An SSM document required by the current document.
Name (string) --
The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version (string) --
The document version required by the current document.
ReviewStatus (string) --
The current status of a document review.
Author (string) --
The user in your organization who created the document.
paginator = client.get_paginator('list_ops_item_events')
Creates an iterator that will paginate through responses from SSM.Client.list_ops_item_events().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Filters=[
{
'Key': 'OpsItemId',
'Values': [
'string',
],
'Operator': 'Equal'
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
One or more OpsItem filters. Use a filter to return a more specific list of results.
Describes a filter for a specific list of OpsItem events. You can filter event information by using tags. You specify tags by using a key-value pair mapping.
The name of the filter key. Currently, the only supported value is OpsItemId .
The values for the filter, consisting of one or more OpsItem IDs.
The operator used by the filter call. Currently, the only supported value is Equal .
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Summaries': [
{
'OpsItemId': 'string',
'EventId': 'string',
'Source': 'string',
'DetailType': 'string',
'Detail': 'string',
'CreatedBy': {
'Arn': 'string'
},
'CreatedTime': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
Summaries (list) --
A list of event information for the specified OpsItems.
(dict) --
Summary information about an OpsItem event or that associated an OpsItem with a related item.
OpsItemId (string) --
The ID of the OpsItem.
EventId (string) --
The ID of the OpsItem event.
Source (string) --
The source of the OpsItem event.
DetailType (string) --
The type of information provided as a detail.
Detail (string) --
Specific information about the OpsItem event.
CreatedBy (dict) --
Information about the user or resource that created the OpsItem event.
Arn (string) --
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem event.
CreatedTime (datetime) --
The date and time the OpsItem event was created.
paginator = client.get_paginator('list_ops_item_related_items')
Creates an iterator that will paginate through responses from SSM.Client.list_ops_item_related_items().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
OpsItemId='string',
Filters=[
{
'Key': 'ResourceType'|'AssociationId'|'ResourceUri',
'Values': [
'string',
],
'Operator': 'Equal'
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
One or more OpsItem filters. Use a filter to return a more specific list of results.
Describes a filter for a specific list of related-item resources.
The name of the filter key. Supported values include ResourceUri , ResourceType , or AssociationId .
The values for the filter.
The operator used by the filter call. The only supported operator is EQUAL .
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'Summaries': [
{
'OpsItemId': 'string',
'AssociationId': 'string',
'ResourceType': 'string',
'AssociationType': 'string',
'ResourceUri': 'string',
'CreatedBy': {
'Arn': 'string'
},
'CreatedTime': datetime(2015, 1, 1),
'LastModifiedBy': {
'Arn': 'string'
},
'LastModifiedTime': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
Summaries (list) --
A list of related-item resources for the specified OpsItem.
(dict) --
Summary information about related-item resources for an OpsItem.
OpsItemId (string) --
The OpsItem ID.
AssociationId (string) --
The association ID.
ResourceType (string) --
The resource type.
AssociationType (string) --
The association type.
ResourceUri (string) --
The Amazon Resource Name (ARN) of the related-item resource.
CreatedBy (dict) --
Information about the user or resource that created an OpsItem event.
Arn (string) --
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem event.
CreatedTime (datetime) --
The time the related-item association was created.
LastModifiedBy (dict) --
Information about the user or resource that created an OpsItem event.
Arn (string) --
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem event.
LastModifiedTime (datetime) --
The time the related-item association was last updated.
paginator = client.get_paginator('list_ops_metadata')
Creates an iterator that will paginate through responses from SSM.Client.list_ops_metadata().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
One or more filters to limit the number of OpsMetadata objects returned by the call.
A filter to limit the number of OpsMetadata objects displayed.
A filter key.
A filter value.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'OpsMetadataList': [
{
'ResourceId': 'string',
'OpsMetadataArn': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'LastModifiedUser': 'string',
'CreationDate': datetime(2015, 1, 1)
},
],
}
Response Structure
(dict) --
OpsMetadataList (list) --
Returns a list of OpsMetadata objects.
(dict) --
Operational metadata for an application in Application Manager.
ResourceId (string) --
The ID of the Application Manager application.
OpsMetadataArn (string) --
The Amazon Resource Name (ARN) of the OpsMetadata Object or blob.
LastModifiedDate (datetime) --
The date the OpsMetadata object was last updated.
LastModifiedUser (string) --
The user name who last updated the OpsMetadata object.
CreationDate (datetime) --
The date the OpsMetadata objects was created.
paginator = client.get_paginator('list_resource_compliance_summaries')
Creates an iterator that will paginate through responses from SSM.Client.list_resource_compliance_summaries().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'EQUAL'|'NOT_EQUAL'|'BEGIN_WITH'|'LESS_THAN'|'GREATER_THAN'
},
],
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
One or more filters. Use a filter to return a more specific list of results.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter.
The value for which to search.
The type of comparison that should be performed for the value: Equal, NotEqual, BeginWith, LessThan, or GreaterThan.
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'ResourceComplianceSummaryItems': [
{
'ComplianceType': 'string',
'ResourceType': 'string',
'ResourceId': 'string',
'Status': 'COMPLIANT'|'NON_COMPLIANT',
'OverallSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ExecutionSummary': {
'ExecutionTime': datetime(2015, 1, 1),
'ExecutionId': 'string',
'ExecutionType': 'string'
},
'CompliantSummary': {
'CompliantCount': 123,
'SeveritySummary': {
'CriticalCount': 123,
'HighCount': 123,
'MediumCount': 123,
'LowCount': 123,
'InformationalCount': 123,
'UnspecifiedCount': 123
}
},
'NonCompliantSummary': {
'NonCompliantCount': 123,
'SeveritySummary': {
'CriticalCount': 123,
'HighCount': 123,
'MediumCount': 123,
'LowCount': 123,
'InformationalCount': 123,
'UnspecifiedCount': 123
}
}
},
],
}
Response Structure
(dict) --
ResourceComplianceSummaryItems (list) --
A summary count for specified or targeted managed instances. Summary count includes information about compliant and non-compliant State Manager associations, patch status, or custom items according to the filter criteria that you specify.
(dict) --
Compliance summary information for a specific resource.
ComplianceType (string) --
The compliance type.
ResourceType (string) --
The resource type.
ResourceId (string) --
The resource ID.
Status (string) --
The compliance status for the resource.
OverallSeverity (string) --
The highest severity item found for the resource. The resource is compliant for this item.
ExecutionSummary (dict) --
Information about the execution.
ExecutionTime (datetime) --
The time the execution ran as a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'.
ExecutionId (string) --
An ID created by the system when PutComplianceItems was called. For example, CommandID is a valid execution ID. You can use this ID in subsequent calls.
ExecutionType (string) --
The type of execution. For example, Command is a valid execution type.
CompliantSummary (dict) --
A list of items that are compliant for the resource.
CompliantCount (integer) --
The total number of resources that are compliant.
SeveritySummary (dict) --
A summary of the compliance severity by compliance type.
CriticalCount (integer) --
The total number of resources or compliance items that have a severity level of critical. Critical severity is determined by the organization that published the compliance items.
HighCount (integer) --
The total number of resources or compliance items that have a severity level of high. High severity is determined by the organization that published the compliance items.
MediumCount (integer) --
The total number of resources or compliance items that have a severity level of medium. Medium severity is determined by the organization that published the compliance items.
LowCount (integer) --
The total number of resources or compliance items that have a severity level of low. Low severity is determined by the organization that published the compliance items.
InformationalCount (integer) --
The total number of resources or compliance items that have a severity level of informational. Informational severity is determined by the organization that published the compliance items.
UnspecifiedCount (integer) --
The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.
NonCompliantSummary (dict) --
A list of items that aren't compliant for the resource.
NonCompliantCount (integer) --
The total number of compliance items that aren't compliant.
SeveritySummary (dict) --
A summary of the non-compliance severity by compliance type
CriticalCount (integer) --
The total number of resources or compliance items that have a severity level of critical. Critical severity is determined by the organization that published the compliance items.
HighCount (integer) --
The total number of resources or compliance items that have a severity level of high. High severity is determined by the organization that published the compliance items.
MediumCount (integer) --
The total number of resources or compliance items that have a severity level of medium. Medium severity is determined by the organization that published the compliance items.
LowCount (integer) --
The total number of resources or compliance items that have a severity level of low. Low severity is determined by the organization that published the compliance items.
InformationalCount (integer) --
The total number of resources or compliance items that have a severity level of informational. Informational severity is determined by the organization that published the compliance items.
UnspecifiedCount (integer) --
The total number of resources or compliance items that have a severity level of unspecified. Unspecified severity is determined by the organization that published the compliance items.
paginator = client.get_paginator('list_resource_data_sync')
Creates an iterator that will paginate through responses from SSM.Client.list_resource_data_sync().
See also: AWS API Documentation
Request Syntax
response_iterator = paginator.paginate(
SyncType='string',
PaginationConfig={
'MaxItems': 123,
'PageSize': 123,
'StartingToken': 'string'
}
)
A dictionary that provides parameters to control pagination.
The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.
The size of each page.
A token to specify where to start paginating. This is the NextToken from a previous response.
dict
Response Syntax
{
'ResourceDataSyncItems': [
{
'SyncName': 'string',
'SyncType': 'string',
'SyncSource': {
'SourceType': 'string',
'AwsOrganizationsSource': {
'OrganizationSourceType': 'string',
'OrganizationalUnits': [
{
'OrganizationalUnitId': 'string'
},
]
},
'SourceRegions': [
'string',
],
'IncludeFutureRegions': True|False,
'State': 'string',
'EnableAllOpsDataSources': True|False
},
'S3Destination': {
'BucketName': 'string',
'Prefix': 'string',
'SyncFormat': 'JsonSerDe',
'Region': 'string',
'AWSKMSKeyARN': 'string',
'DestinationDataSharing': {
'DestinationDataSharingType': 'string'
}
},
'LastSyncTime': datetime(2015, 1, 1),
'LastSuccessfulSyncTime': datetime(2015, 1, 1),
'SyncLastModifiedTime': datetime(2015, 1, 1),
'LastStatus': 'Successful'|'Failed'|'InProgress',
'SyncCreatedTime': datetime(2015, 1, 1),
'LastSyncStatusMessage': 'string'
},
],
}
Response Structure
(dict) --
ResourceDataSyncItems (list) --
A list of your current resource data sync configurations and their statuses.
(dict) --
Information about a resource data sync configuration, including its current status and last successful sync.
SyncName (string) --
The name of the resource data sync.
SyncType (string) --
The type of resource data sync. If SyncType is SyncToDestination , then the resource data sync synchronizes data to an S3 bucket. If the SyncType is SyncFromSource then the resource data sync synchronizes data from Organizations or from multiple Regions.
SyncSource (dict) --
Information about the source where the data was synchronized.
SourceType (string) --
The type of data source for the resource data sync. SourceType is either AwsOrganizations (if an organization is present in Organizations) or singleAccountMultiRegions .
AwsOrganizationsSource (dict) --
The field name in SyncSource for the ResourceDataSyncAwsOrganizationsSource type.
OrganizationSourceType (string) --
If an Amazon Web Services organization is present, this is either OrganizationalUnits or EntireOrganization . For OrganizationalUnits , the data is aggregated from a set of organization units. For EntireOrganization , the data is aggregated from the entire Amazon Web Services organization.
OrganizationalUnits (list) --
The Organizations organization units included in the sync.
(dict) --
The Organizations organizational unit data source for the sync.
OrganizationalUnitId (string) --
The Organizations unit ID data source for the sync.
SourceRegions (list) --
The SyncSource Regions included in the resource data sync.
IncludeFutureRegions (boolean) --
Whether to automatically synchronize and aggregate data from new Regions when those Regions come online.
State (string) --
The data type name for including resource data sync state. There are four sync states:
OrganizationNotExists : Your organization doesn't exist.
NoPermissions : The system can't locate the service-linked role. This role is automatically created when a user creates a resource data sync in Explorer.
InvalidOrganizationalUnit : You specified or selected an invalid unit in the resource data sync configuration.
TrustedAccessDisabled : You disabled Systems Manager access in the organization in Organizations.
EnableAllOpsDataSources (boolean) --
When you create a resource data sync, if you choose one of the Organizations options, then Systems Manager automatically enables all OpsData sources in the selected Regions for all accounts in your organization (or in the selected organization units). For more information, see About multiple account and Region resource data syncs in the Amazon Web Services Systems Manager User Guide .
S3Destination (dict) --
Configuration information for the target S3 bucket.
BucketName (string) --
The name of the S3 bucket where the aggregated data is stored.
Prefix (string) --
An Amazon S3 prefix for the bucket.
SyncFormat (string) --
A supported sync format. The following format is currently supported: JsonSerDe
Region (string) --
The Region with the S3 bucket targeted by the resource data sync.
AWSKMSKeyARN (string) --
The ARN of an encryption key for a destination in Amazon S3. Must belong to the same Region as the destination S3 bucket.
DestinationDataSharing (dict) --
Enables destination data sharing. By default, this field is null .
DestinationDataSharingType (string) --
The sharing data type. Only Organization is supported.
LastSyncTime (datetime) --
The last time the configuration attempted to sync (UTC).
LastSuccessfulSyncTime (datetime) --
The last time the sync operations returned a status of SUCCESSFUL (UTC).
SyncLastModifiedTime (datetime) --
The date and time the resource data sync was changed.
LastStatus (string) --
The status reported by the last sync.
SyncCreatedTime (datetime) --
The date and time the configuration was created (UTC).
LastSyncStatusMessage (string) --
The status message details reported by the last sync.
The available waiters are:
waiter = client.get_waiter('command_executed')
Polls SSM.Client.get_command_invocation() every 5 seconds until a successful state is reached. An error is returned after 20 failed checks.
See also: AWS API Documentation
Request Syntax
waiter.wait(
CommandId='string',
InstanceId='string',
PluginName='string',
WaiterConfig={
'Delay': 123,
'MaxAttempts': 123
}
)
[REQUIRED]
(Required) The parent command ID of the invocation plugin.
[REQUIRED]
(Required) The ID of the managed instance targeted by the command. A managed instance can be an Amazon Elastic Compute Cloud (Amazon EC2) instance or an instance in your hybrid environment that is configured for Amazon Web Services Systems Manager.
The name of the plugin for which you want detailed results. If the document contains only one plugin, you can omit the name and details for that plugin. If the document contains more than one plugin, you must specify the name of the plugin for which you want to view details.
Plugin names are also referred to as step names in Systems Manager documents (SSM documents). For example, aws:RunShellScript is a plugin.
To find the PluginName , check the document content and find the name of the plugin. Alternatively, use ListCommandInvocations with the CommandId and Details parameters. The PluginName is the Name attribute of the CommandPlugin object in the CommandPlugins list.
A dictionary that provides parameters to control waiting behavior.
The amount of time in seconds to wait between attempts. Default: 5
The maximum number of attempts to be made. Default: 20
None