Table of Contents
A low-level client representing Amazon Simple Systems Manager (SSM)
Amazon Web Services Systems Manager is a collection of capabilities that helps you automate management tasks such as collecting system inventory, applying operating system (OS) patches, automating the creation of Amazon Machine Images (AMIs), and configuring operating systems (OSs) and applications at scale. Systems Manager lets you remotely and securely manage the configuration of your managed instances. A managed instance is any Amazon Elastic Compute Cloud instance (EC2 instance), or any on-premises server or virtual machine (VM) in your hybrid environment that has been configured for Systems Manager.
This reference is intended to be used with the Amazon Web Services Systems Manager User Guide .
To get started, verify prerequisites and configure managed instances. For more information, see Setting up Amazon Web Services Systems Manager in the Amazon Web Services Systems Manager User Guide .
Related resources
import boto3
client = boto3.client('ssm')
These are the available methods:
Adds or overwrites one or more tags for the specified resource. Tags are metadata that you can assign to your documents, managed instances, maintenance windows, Parameter Store parameters, and patch baselines. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. For example, you could define a set of tags for your account's managed instances that helps you track each instance's owner and stack level. For example:
Each resource can have a maximum of 50 tags.
We recommend that you devise a set of tag keys that meets your needs for each resource type. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags you add. Tags don't have any semantic meaning to and are interpreted strictly as a string of characters.
For more information about using tags with Amazon Elastic Compute Cloud (Amazon EC2) instances, see Tagging your Amazon EC2 resources in the Amazon EC2 User Guide .
See also: AWS API Documentation
Request Syntax
response = client.add_tags_to_resource(
ResourceType='Document'|'ManagedInstance'|'MaintenanceWindow'|'Parameter'|'PatchBaseline'|'OpsItem'|'OpsMetadata',
ResourceId='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
Specifies the type of resource you are tagging.
Note
The ManagedInstance type for this API operation is for on-premises managed instances. You must specify the name of the managed instance in the following format: mi-*ID_number* `` . For example, ``mi-1a2b3c4d5e6f .
[REQUIRED]
The resource ID you want to tag.
Use the ID of the resource. Here are some examples:
MaintenanceWindow : mw-012345abcdePatchBaseline : pb-012345abcde
OpsMetadata object: ResourceID for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically, ResourceID is created from the strings that come after the word opsmetadata in the ARN. For example, an OpsMetadata object with an ARN of arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager has a ResourceID of either aws/ssm/MyGroup/appmanager or /aws/ssm/MyGroup/appmanager .
For the Document and Parameter values, use the name of the resource.
ManagedInstance : mi-012345abcde
Note
The ManagedInstance type for this API operation is only for on-premises managed instances. You must specify the name of the managed instance in the following format: mi-*ID_number* `` . For example, ``mi-1a2b3c4d5e6f .
[REQUIRED]
One or more tags. The value parameter is required.
Warning
Don't enter personally identifiable information in this field.
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{}
Response Structure
Exceptions
Associates a related resource to a Systems Manager OpsCenter OpsItem. For example, you can associate an Incident Manager incident or analysis with an OpsItem. Incident Manager is a capability of Amazon Web Services Systems Manager.
See also: AWS API Documentation
Request Syntax
response = client.associate_ops_item_related_item(
OpsItemId='string',
AssociationType='string',
ResourceType='string',
ResourceUri='string'
)
[REQUIRED]
The ID of the OpsItem to which you want to associate a resource as a related item.
[REQUIRED]
The type of association that you want to create between an OpsItem and a resource. OpsCenter supports IsParentOf and RelatesTo association types.
[REQUIRED]
The type of resource that you want to associate with an OpsItem. OpsCenter supports the following types:
AWS::SSMIncidents::IncidentRecord : an Incident Manager incident. Incident Manager is a capability of Amazon Web Services Systems Manager.AWS::SSM::Document : a Systems Manager (SSM) document.
[REQUIRED]
The Amazon Resource Name (ARN) of the Amazon Web Services resource that you want to associate with the OpsItem.
dict
Response Syntax
{
'AssociationId': 'string'
}
Response Structure
(dict) --
AssociationId (string) --
The association ID.
Exceptions
Check if an operation can be paginated.
Attempts to cancel the command specified by the Command ID. There is no guarantee that the command will be terminated and the underlying process stopped.
See also: AWS API Documentation
Request Syntax
response = client.cancel_command(
CommandId='string',
InstanceIds=[
'string',
]
)
[REQUIRED]
The ID of the command you want to cancel.
(Optional) A list of instance IDs on which you want to cancel the command. If not provided, the command is canceled on every instance on which it was requested.
dict
Response Syntax
{}
Response Structure
(dict) --
Whether or not the command was successfully canceled. There is no guarantee that a request can be canceled.
Exceptions
Stops a maintenance window execution that is already in progress and cancels any tasks in the window that haven't already starting running. Tasks already in progress will continue to completion.
See also: AWS API Documentation
Request Syntax
response = client.cancel_maintenance_window_execution(
WindowExecutionId='string'
)
[REQUIRED]
The ID of the maintenance window execution to stop.
{
'WindowExecutionId': 'string'
}
Response Structure
The ID of the maintenance window execution that has been stopped.
Exceptions
Generates an activation code and activation ID you can use to register your on-premises server or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and ID when installing SSM Agent on machines in your hybrid environment. For more information about requirements for managing on-premises instances and VMs using Systems Manager, see Setting up Amazon Web Services Systems Manager for hybrid environments in the Amazon Web Services Systems Manager User Guide .
Note
On-premises servers or VMs that are registered with Systems Manager and Amazon Elastic Compute Cloud (Amazon EC2) instances that you manage with Systems Manager are all called managed instances .
See also: AWS API Documentation
Request Syntax
response = client.create_activation(
Description='string',
DefaultInstanceName='string',
IamRole='string',
RegistrationLimit=123,
ExpirationDate=datetime(2015, 1, 1),
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
A user-defined description of the resource that you want to register with Systems Manager.
Warning
Don't enter personally identifiable information in this field.
The name of the registered, managed instance as it will appear in the Amazon Web Services Systems Manager console or when you use the Amazon Web Services command line tools to list Systems Manager resources.
Warning
Don't enter personally identifiable information in this field.
[REQUIRED]
The Identity and Access Management (IAM) role that you want to assign to the managed instance. This IAMrole must provide AssumeRole permissions for the Amazon Web Services Systems Manager service principal ssm.amazonaws.com . For more information, see Create an IAM service role for a hybrid environment in the Amazon Web Services Systems Manager User Guide .
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an activation to identify which servers or virtual machines (VMs) in your on-premises environment you intend to activate. In this case, you could specify the following key-value pairs:
Warning
When you install SSM Agent on your on-premises servers and VMs, you specify an activation ID and code. When you specify the activation ID and code, tags assigned to the activation are automatically applied to the on-premises servers or VMs.
You can't add tags to or delete tags from an existing activation. You can tag your on-premises servers and VMs after they connect to Systems Manager for the first time and are assigned a managed instance ID. This means they are listed in the Amazon Web Services Systems Manager console with an ID that is prefixed with "mi-". For information about how to add tags to your managed instances, see AddTagsToResource . For information about how to remove tags from your managed instances, see RemoveTagsFromResource .
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{
'ActivationId': 'string',
'ActivationCode': 'string'
}
Response Structure
(dict) --
ActivationId (string) --
The ID number generated by the system when it processed the activation. The activation ID functions like a user name.
ActivationCode (string) --
The code the system generates when it processes the activation. The activation code functions like a password to validate the activation ID.
Exceptions
A State Manager association defines the state that you want to maintain on your instances. For example, an association can specify that anti-virus software must be installed and running on your instances, or that certain ports must be closed. For static targets, the association specifies a schedule for when the configuration is reapplied. For dynamic targets, such as an Amazon Web Services resource group or an Amazon Web Services autoscaling group, State Manager, a capability of Amazon Web Services Systems Manager applies the configuration when new instances are added to the group. The association also specifies actions to take when applying the configuration. For example, an association for anti-virus software might run once a day. If the software isn't installed, then State Manager installs it. If the software is installed, but the service isn't running, then the association might instruct State Manager to start the service.
See also: AWS API Documentation
Request Syntax
response = client.create_association(
Name='string',
DocumentVersion='string',
InstanceId='string',
Parameters={
'string': [
'string',
]
},
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
ScheduleExpression='string',
OutputLocation={
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
AssociationName='string',
AutomationTargetParameterName='string',
MaxErrors='string',
MaxConcurrency='string',
ComplianceSeverity='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
SyncCompliance='AUTO'|'MANUAL',
ApplyOnlyAtCronInterval=True|False,
CalendarNames=[
'string',
],
TargetLocations=[
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
)
[REQUIRED]
The name of the SSM Command document or Automation runbook that contains the configuration information for the instance.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.
For Systems Manager documents (SSM documents) that are shared with you from other accounts, you must specify the complete SSM document ARN, in the following format:
``arn:partition :ssm:region :account-id :document/document-name ``
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS-ApplyPatchBaseline or My-Document .
The instance ID.
Note
InstanceId has been deprecated. To specify an instance ID for an association, use the Targets parameter. Requests that include the parameter InstanceID with Systems Manager documents (SSM documents) that use schema version 2.0 or later will fail. In addition, if you use the parameter InstanceId , you can't use the parameters AssociationName , DocumentVersion , MaxErrors , MaxConcurrency , OutputLocation , or ScheduleExpression . To use these parameters, you must use the Targets parameter.
The parameters for the runtime configuration of the document.
The targets for the association. You can target instances by using tags, Amazon Web Services resource groups, all instances in an account, or individual instance IDs. For more information about choosing targets for an association, see Using targets and rate controls with State Manager associations in the Amazon Web Services Systems Manager User Guide .
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
An Amazon Simple Storage Service (Amazon S3) bucket where you want to store the output details of the request.
An S3 bucket where you want to store the results of this request.
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
The name of the S3 bucket.
The S3 bucket subfolder.
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents you want to gate your associations under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
A location is a combination of Regions and accounts where you want to run the association. Use this action to create an association in multiple Regions and multiple accounts.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
dict
Response Syntax
{
'AssociationDescription': {
'Name': 'string',
'InstanceId': 'string',
'AssociationVersion': 'string',
'Date': datetime(2015, 1, 1),
'LastUpdateAssociationDate': datetime(2015, 1, 1),
'Status': {
'Date': datetime(2015, 1, 1),
'Name': 'Pending'|'Success'|'Failed',
'Message': 'string',
'AdditionalInfo': 'string'
},
'Overview': {
'Status': 'string',
'DetailedStatus': 'string',
'AssociationStatusAggregatedCount': {
'string': 123
}
},
'DocumentVersion': 'string',
'AutomationTargetParameterName': 'string',
'Parameters': {
'string': [
'string',
]
},
'AssociationId': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'ScheduleExpression': 'string',
'OutputLocation': {
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
'LastExecutionDate': datetime(2015, 1, 1),
'LastSuccessfulExecutionDate': datetime(2015, 1, 1),
'AssociationName': 'string',
'MaxErrors': 'string',
'MaxConcurrency': 'string',
'ComplianceSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
'SyncCompliance': 'AUTO'|'MANUAL',
'ApplyOnlyAtCronInterval': True|False,
'CalendarNames': [
'string',
],
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
}
}
Response Structure
(dict) --
AssociationDescription (dict) --
Information about the association.
Name (string) --
The name of the SSM document.
InstanceId (string) --
The ID of the instance.
AssociationVersion (string) --
The association version.
Date (datetime) --
The date when the association was made.
LastUpdateAssociationDate (datetime) --
The date when the association was last updated.
Status (dict) --
The association status.
Date (datetime) --
The date when the status changed.
Name (string) --
The status.
Message (string) --
The reason for the status.
AdditionalInfo (string) --
A user-defined string.
Overview (dict) --
Information about the association.
Status (string) --
The status of the association. Status can be: Pending, Success, or Failed.
DetailedStatus (string) --
A detailed status of the association.
AssociationStatusAggregatedCount (dict) --
Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
DocumentVersion (string) --
The document version.
AutomationTargetParameterName (string) --
Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
Parameters (dict) --
A description of the parameters for a document.
AssociationId (string) --
The association ID.
Targets (list) --
The instances targeted by the request.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression (string) --
A cron expression that specifies a schedule when the association runs.
OutputLocation (dict) --
An S3 bucket where you want to store the output details of the request.
S3Location (dict) --
An S3 bucket where you want to store the results of this request.
OutputS3Region (string) --
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
OutputS3BucketName (string) --
The name of the S3 bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
LastExecutionDate (datetime) --
The date on which the association was last run.
LastSuccessfulExecutionDate (datetime) --
The last date on which the association was successfully run.
AssociationName (string) --
The association name.
MaxErrors (string) --
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
MaxConcurrency (string) --
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
ComplianceSeverity (string) --
The severity level that is assigned to the association.
SyncCompliance (string) --
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
ApplyOnlyAtCronInterval (boolean) --
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames (list) --
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
TargetLocations (list) --
The combination of Regions and accounts where you want to run the association.
(dict) --
The combination of Regions and accounts targeted by the current Automation execution.
Accounts (list) --
The accounts targeted by the current Automation execution.
Regions (list) --
The Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency (string) --
The maximum number of Regions and accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors (string) --
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName (string) --
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
Exceptions
Associates the specified Amazon Web Services Systems Manager document (SSM document) with the specified instances or targets.
When you associate a document with one or more instances using instance IDs or tags, Amazon Web Services Systems Manager Agent (SSM Agent) running on the instance processes the document and configures the instance as specified.
If you associate a document with an instance that already has an associated document, the system returns the AssociationAlreadyExists exception.
See also: AWS API Documentation
Request Syntax
response = client.create_association_batch(
Entries=[
{
'Name': 'string',
'InstanceId': 'string',
'Parameters': {
'string': [
'string',
]
},
'AutomationTargetParameterName': 'string',
'DocumentVersion': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'ScheduleExpression': 'string',
'OutputLocation': {
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
'AssociationName': 'string',
'MaxErrors': 'string',
'MaxConcurrency': 'string',
'ComplianceSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
'SyncCompliance': 'AUTO'|'MANUAL',
'ApplyOnlyAtCronInterval': True|False,
'CalendarNames': [
'string',
],
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
},
]
)
[REQUIRED]
One or more associations.
Describes the association of a Amazon Web Services Systems Manager document (SSM document) and an instance.
The name of the SSM document that contains the configuration information for the instance. You can specify Command or Automation runbooks.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.
For SSM documents that are shared with you from other accounts, you must specify the complete SSM document ARN, in the following format:
``arn:aws:ssm:region :account-id :document/document-name ``
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS-ApplyPatchBaseline or My-Document .
The ID of the instance.
A description of the parameters for a document.
Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
The document version.
The instances targeted by the request.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
A cron expression that specifies a schedule when the association runs.
An S3 bucket where you want to store the results of this request.
An S3 bucket where you want to store the results of this request.
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
The name of the S3 bucket.
The S3 bucket subfolder.
Specify a descriptive name for the association.
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
The severity level to assign to the association.
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
Use this action to create an association in multiple Regions and multiple accounts.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
{
'Successful': [
{
'Name': 'string',
'InstanceId': 'string',
'AssociationVersion': 'string',
'Date': datetime(2015, 1, 1),
'LastUpdateAssociationDate': datetime(2015, 1, 1),
'Status': {
'Date': datetime(2015, 1, 1),
'Name': 'Pending'|'Success'|'Failed',
'Message': 'string',
'AdditionalInfo': 'string'
},
'Overview': {
'Status': 'string',
'DetailedStatus': 'string',
'AssociationStatusAggregatedCount': {
'string': 123
}
},
'DocumentVersion': 'string',
'AutomationTargetParameterName': 'string',
'Parameters': {
'string': [
'string',
]
},
'AssociationId': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'ScheduleExpression': 'string',
'OutputLocation': {
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
'LastExecutionDate': datetime(2015, 1, 1),
'LastSuccessfulExecutionDate': datetime(2015, 1, 1),
'AssociationName': 'string',
'MaxErrors': 'string',
'MaxConcurrency': 'string',
'ComplianceSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
'SyncCompliance': 'AUTO'|'MANUAL',
'ApplyOnlyAtCronInterval': True|False,
'CalendarNames': [
'string',
],
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
},
],
'Failed': [
{
'Entry': {
'Name': 'string',
'InstanceId': 'string',
'Parameters': {
'string': [
'string',
]
},
'AutomationTargetParameterName': 'string',
'DocumentVersion': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'ScheduleExpression': 'string',
'OutputLocation': {
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
'AssociationName': 'string',
'MaxErrors': 'string',
'MaxConcurrency': 'string',
'ComplianceSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
'SyncCompliance': 'AUTO'|'MANUAL',
'ApplyOnlyAtCronInterval': True|False,
'CalendarNames': [
'string',
],
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
},
'Message': 'string',
'Fault': 'Client'|'Server'|'Unknown'
},
]
}
Response Structure
Information about the associations that succeeded.
Describes the parameters for a document.
The name of the SSM document.
The ID of the instance.
The association version.
The date when the association was made.
The date when the association was last updated.
The association status.
The date when the status changed.
The status.
The reason for the status.
A user-defined string.
Information about the association.
The status of the association. Status can be: Pending, Success, or Failed.
A detailed status of the association.
Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
The document version.
Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
A description of the parameters for a document.
The association ID.
The instances targeted by the request.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
A cron expression that specifies a schedule when the association runs.
An S3 bucket where you want to store the output details of the request.
An S3 bucket where you want to store the results of this request.
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
The name of the S3 bucket.
The S3 bucket subfolder.
The date on which the association was last run.
The last date on which the association was successfully run.
The association name.
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
The severity level that is assigned to the association.
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
The combination of Regions and accounts where you want to run the association.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
Information about the associations that failed.
Describes a failed association.
The association.
The name of the SSM document that contains the configuration information for the instance. You can specify Command or Automation runbooks.
You can specify Amazon Web Services-predefined documents, documents you created, or a document that is shared with you from another account.
For SSM documents that are shared with you from other accounts, you must specify the complete SSM document ARN, in the following format:
``arn:aws:ssm:region :account-id :document/document-name ``
For example:
arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For Amazon Web Services-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS-ApplyPatchBaseline or My-Document .
The ID of the instance.
A description of the parameters for a document.
Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
The document version.
The instances targeted by the request.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
A cron expression that specifies a schedule when the association runs.
An S3 bucket where you want to store the results of this request.
An S3 bucket where you want to store the results of this request.
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
The name of the S3 bucket.
The S3 bucket subfolder.
Specify a descriptive name for the association.
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
The severity level to assign to the association.
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that Change Calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
Use this action to create an association in multiple Regions and multiple accounts.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
A description of the failure.
The source of the failure.
Exceptions
Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs on your managed instances. For more information about SSM documents, including information about supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the Amazon Web Services Systems Manager User Guide .
See also: AWS API Documentation
Request Syntax
response = client.create_document(
Content='string',
Requires=[
{
'Name': 'string',
'Version': 'string'
},
],
Attachments=[
{
'Key': 'SourceUrl'|'S3FileUrl'|'AttachmentReference',
'Values': [
'string',
],
'Name': 'string'
},
],
Name='string',
DisplayName='string',
VersionName='string',
DocumentType='Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate',
DocumentFormat='YAML'|'JSON'|'TEXT',
TargetType='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The content for the new SSM document in JSON or YAML format. We recommend storing the contents for your new document in an external JSON or YAML file and referencing the file in a command.
For examples, see the following topics in the Amazon Web Services Systems Manager User Guide .
A list of SSM documents required by a document. This parameter is used exclusively by AppConfig. When a user creates an AppConfig configuration in an SSM document, the user must also specify a required document for validation purposes. In this case, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document for validation purposes. For more information, see What is AppConfig? in the AppConfig User Guide .
An SSM document required by the current document.
The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
The document version required by the current document.
A list of key-value pairs that describe attachments to a version of a document.
Identifying information about a document attachment, including the file name and a key-value pair that identifies the location of an attachment to a document.
The key of a key-value pair that identifies the location of an attachment to a document.
The value of a key-value pair that identifies the location of an attachment to a document. The format for Value depends on the type of key you specify.
The name of the document attachment file.
[REQUIRED]
A name for the SSM document.
Warning
You can't use the following strings as document name prefixes. These are reserved by Amazon Web Services for use as document name prefixes:
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an SSM document to identify the types of targets or the environment where it will run. In this case, you could specify the following key-value pairs:
Note
To add tags to an existing SSM document, use the AddTagsToResource operation.
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{
'DocumentDescription': {
'Sha1': 'string',
'Hash': 'string',
'HashType': 'Sha256'|'Sha1',
'Name': 'string',
'DisplayName': 'string',
'VersionName': 'string',
'Owner': 'string',
'CreatedDate': datetime(2015, 1, 1),
'Status': 'Creating'|'Active'|'Updating'|'Deleting'|'Failed',
'StatusInformation': 'string',
'DocumentVersion': 'string',
'Description': 'string',
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList',
'Description': 'string',
'DefaultValue': 'string'
},
],
'PlatformTypes': [
'Windows'|'Linux',
],
'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate',
'SchemaVersion': 'string',
'LatestVersion': 'string',
'DefaultVersion': 'string',
'DocumentFormat': 'YAML'|'JSON'|'TEXT',
'TargetType': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'AttachmentsInformation': [
{
'Name': 'string'
},
],
'Requires': [
{
'Name': 'string',
'Version': 'string'
},
],
'Author': 'string',
'ReviewInformation': [
{
'ReviewedTime': datetime(2015, 1, 1),
'Status': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
'Reviewer': 'string'
},
],
'ApprovedVersion': 'string',
'PendingReviewVersion': 'string',
'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED'
}
}
Response Structure
(dict) --
DocumentDescription (dict) --
Information about the SSM document.
Sha1 (string) --
The SHA1 hash of the document, which you can use for verification.
Hash (string) --
The Sha256 or Sha1 hash created by the system when the document was created.
Note
Sha1 hashes have been deprecated.
HashType (string) --
The hash type of the document. Valid values include Sha256 or Sha1 .
Note
Sha1 hashes have been deprecated.
Name (string) --
The name of the SSM document.
DisplayName (string) --
The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument .
VersionName (string) --
The version of the artifact associated with the document.
Owner (string) --
The Amazon Web Services user account that created the document.
CreatedDate (datetime) --
The date when the document was created.
Status (string) --
The status of the SSM document.
StatusInformation (string) --
A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."
DocumentVersion (string) --
The document version.
Description (string) --
A description of the document.
Parameters (list) --
A description of the parameters for a document.
(dict) --
Parameters specified in a System Manager document that run on the server when the command is run.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. The type can be either String or StringList.
Description (string) --
A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.
DefaultValue (string) --
If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.
PlatformTypes (list) --
The list of OS platforms compatible with this SSM document.
DocumentType (string) --
The type of document.
SchemaVersion (string) --
The schema version.
LatestVersion (string) --
The latest version of the document.
DefaultVersion (string) --
The default version.
DocumentFormat (string) --
The document format, either JSON or YAML.
TargetType (string) --
The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance . For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide .
Tags (list) --
The tags, or metadata, that have been applied to the document.
(dict) --
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
Key (string) --
The name of the tag.
Value (string) --
The value of the tag.
AttachmentsInformation (list) --
Details about the document attachments, including names, locations, sizes, and so on.
(dict) --
An attribute of an attachment, such as the attachment name.
Name (string) --
The name of the attachment.
Requires (list) --
A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.
(dict) --
An SSM document required by the current document.
Name (string) --
The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version (string) --
The document version required by the current document.
Author (string) --
The user in your organization who created the document.
ReviewInformation (list) --
Details about the review of a document.
(dict) --
Information about the result of a document review request.
ReviewedTime (datetime) --
The time that the reviewer took action on the document review request.
Status (string) --
The current status of the document review request.
Reviewer (string) --
The reviewer assigned to take action on the document review request.
ApprovedVersion (string) --
The version of the document currently approved for use in the organization.
PendingReviewVersion (string) --
The version of the document that is currently under review.
ReviewStatus (string) --
The current status of the review.
Exceptions
Creates a new maintenance window.
Note
The value you specify for Duration determines the specific end time for the maintenance window based on the time it begins. No maintenance window tasks are permitted to start after the resulting endtime minus the number of hours you specify for Cutoff . For example, if the maintenance window starts at 3 PM, the duration is three hours, and the value you specify for Cutoff is one hour, no maintenance window tasks can start after 5 PM.
See also: AWS API Documentation
Request Syntax
response = client.create_maintenance_window(
Name='string',
Description='string',
StartDate='string',
EndDate='string',
Schedule='string',
ScheduleTimezone='string',
ScheduleOffset=123,
Duration=123,
Cutoff=123,
AllowUnassociatedTargets=True|False,
ClientToken='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The name of the maintenance window.
[REQUIRED]
The schedule of the maintenance window in the form of a cron or rate expression.
The number of days to wait after the date and time specified by a cron expression before running the maintenance window.
For example, the following cron expression schedules a maintenance window to run on the third Tuesday of every month at 11:30 PM.
cron(30 23 ? * TUE#3 *)
If the schedule offset is 2 , the maintenance window won't run until two days later.
[REQUIRED]
The duration of the maintenance window in hours.
[REQUIRED]
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
[REQUIRED]
Enables a maintenance window task to run on managed instances, even if you haven't registered those instances as targets. If enabled, then you must specify the unregistered instances (by instance ID) when you register a task with the maintenance window.
If you don't enable this option, then you must specify previously-registered targets when you register a task with the maintenance window.
User-provided idempotency token.
This field is autopopulated if not provided.
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a maintenance window to identify the type of tasks it will run, the types of targets, and the environment it will run in. In this case, you could specify the following key-value pairs:
Note
To add tags to an existing maintenance window, use the AddTagsToResource operation.
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{
'WindowId': 'string'
}
Response Structure
(dict) --
WindowId (string) --
The ID of the created maintenance window.
Exceptions
Creates a new OpsItem. You must have permission in Identity and Access Management (IAM) to create a new OpsItem. For more information, see Getting started with OpsCenter in the Amazon Web Services Systems Manager User Guide .
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide .
See also: AWS API Documentation
Request Syntax
response = client.create_ops_item(
Description='string',
OpsItemType='string',
OperationalData={
'string': {
'Value': 'string',
'Type': 'SearchableString'|'String'
}
},
Notifications=[
{
'Arn': 'string'
},
],
Priority=123,
RelatedOpsItems=[
{
'OpsItemId': 'string'
},
],
Source='string',
Title='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
],
Category='string',
Severity='string',
ActualStartTime=datetime(2015, 1, 1),
ActualEndTime=datetime(2015, 1, 1),
PlannedStartTime=datetime(2015, 1, 1),
PlannedEndTime=datetime(2015, 1, 1)
)
[REQUIRED]
Information about the OpsItem.
Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.
Warning
Operational data keys can't begin with the following: amazon , aws , amzn , ssm , /amazon , /aws , /amzn , /ssm .
You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).
Use the /aws/resources key in OperationalData to specify a related resource in the request. Use the /aws/automations key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Creating OpsItems manually in the Amazon Web Services Systems Manager User Guide .
An object that defines the value of the key and its type in the OperationalData map.
The value of the OperationalData key.
The type of key-value pair. Valid types include SearchableString and String .
The Amazon Resource Name (ARN) of an SNS topic where notifications are sent when this OpsItem is edited or changed.
A notification about the OpsItem.
The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.
One or more OpsItems that share something in common with the current OpsItems. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
An OpsItems that shares something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
The ID of an OpsItem related to the current OpsItem.
[REQUIRED]
The origin of the OpsItem, such as Amazon EC2 or Systems Manager.
Note
The source name can't contain the following strings: aws , amazon , and amzn .
[REQUIRED]
A short heading that describes the nature of the OpsItem and the impacted resource.
Optional metadata that you assign to a resource. You can restrict access to OpsItems by using an inline IAM policy that specifies tags. For more information, see Getting started with OpsCenter in the Amazon Web Services Systems Manager User Guide .
Tags use a key-value pair. For example:
Key=Department,Value=Finance
Warning
To add tags to a new OpsItem, a user must have IAM permissions for both the ssm:CreateOpsItems operation and the ssm:AddTagsToResource operation. To add tags to an existing OpsItem, use the AddTagsToResource operation.
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{
'OpsItemId': 'string'
}
Response Structure
(dict) --
OpsItemId (string) --
The ID of the OpsItem.
Exceptions
If you create a new application in Application Manager, Amazon Web Services Systems Manager calls this API operation to specify information about the new application, including the application type.
See also: AWS API Documentation
Request Syntax
response = client.create_ops_metadata(
ResourceId='string',
Metadata={
'string': {
'Value': 'string'
}
},
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
A resource ID for a new Application Manager application.
Metadata for a new Application Manager application.
Metadata to assign to an Application Manager application.
Metadata value to assign to an Application Manager application.
Optional metadata that you assign to a resource. You can specify a maximum of five tags for an OpsMetadata object. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an OpsMetadata object to identify an environment or target Region. In this case, you could specify the following key-value pairs:
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{
'OpsMetadataArn': 'string'
}
Response Structure
(dict) --
OpsMetadataArn (string) --
The Amazon Resource Name (ARN) of the OpsMetadata Object or blob created by the call.
Exceptions
Creates a patch baseline.
Note
For information about valid key-value pairs in PatchFilters for each supported operating system type, see PatchFilter .
See also: AWS API Documentation
Request Syntax
response = client.create_patch_baseline(
OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
Name='string',
GlobalFilters={
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
ApprovalRules={
'PatchRules': [
{
'PatchFilterGroup': {
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApproveAfterDays': 123,
'ApproveUntilDate': 'string',
'EnableNonSecurity': True|False
},
]
},
ApprovedPatches=[
'string',
],
ApprovedPatchesComplianceLevel='CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
ApprovedPatchesEnableNonSecurity=True|False,
RejectedPatches=[
'string',
],
RejectedPatchesAction='ALLOW_AS_DEPENDENCY'|'BLOCK',
Description='string',
Sources=[
{
'Name': 'string',
'Products': [
'string',
],
'Configuration': 'string'
},
],
ClientToken='string',
Tags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
[REQUIRED]
The name of the patch baseline.
A set of global filters used to include patches in the baseline.
The set of patch filters that make up the group.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
A set of rules used to include patches in the baseline.
The rules that make up the rule group.
Defines an approval rule for a patch baseline.
The patch filter group that defines the criteria for the rule.
The set of patch filters that make up the group.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
A compliance severity level for all approved patches in a patch baseline.
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu Server.
The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
Enter dates in the format YYYY-MM-DD . For example, 2021-12-31 .
For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux instances only.
A list of explicitly approved patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide .
A list of explicitly rejected patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide .
The action for Patch Manager to take on patches included in the RejectedPackages list.
Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
The name specified to identify the patch source.
The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter .
The value of the yum repo configuration. For example:
[main]name=MyCustomRepository
baseurl=https://my-custom-repository
enabled=1
Note
For information about other options available for your yum repository configuration, see dnf.conf(5) .
User-provided idempotency token.
This field is autopopulated if not provided.
Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to. In this case, you could specify the following key-value pairs:
Note
To add tags to an existing patch baseline, use the AddTagsToResource operation.
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
The name of the tag.
The value of the tag.
dict
Response Syntax
{
'BaselineId': 'string'
}
Response Structure
(dict) --
BaselineId (string) --
The ID of the created patch baseline.
Exceptions
A resource data sync helps you view data from multiple sources in a single location. Amazon Web Services Systems Manager offers two types of resource data sync: SyncToDestination and SyncFromSource .
You can configure Systems Manager Inventory to use the SyncToDestination type to synchronize Inventory data from multiple Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Configuring resource data sync for Inventory in the Amazon Web Services Systems Manager User Guide .
You can configure Systems Manager Explorer to use the SyncFromSource type to synchronize operational work items (OpsItems) and operational data (OpsData) from multiple Regions to a single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple accounts and Regions or EntireOrganization by using Organizations. For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the Amazon Web Services Systems Manager User Guide .
A resource data sync is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data. To check the status of a sync, use the ListResourceDataSync .
Note
By default, data isn't encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy.
See also: AWS API Documentation
Request Syntax
response = client.create_resource_data_sync(
SyncName='string',
S3Destination={
'BucketName': 'string',
'Prefix': 'string',
'SyncFormat': 'JsonSerDe',
'Region': 'string',
'AWSKMSKeyARN': 'string',
'DestinationDataSharing': {
'DestinationDataSharingType': 'string'
}
},
SyncType='string',
SyncSource={
'SourceType': 'string',
'AwsOrganizationsSource': {
'OrganizationSourceType': 'string',
'OrganizationalUnits': [
{
'OrganizationalUnitId': 'string'
},
]
},
'SourceRegions': [
'string',
],
'IncludeFutureRegions': True|False,
'EnableAllOpsDataSources': True|False
}
)
[REQUIRED]
A name for the configuration.
Amazon S3 configuration details for the sync. This parameter is required if the SyncType value is SyncToDestination.
The name of the S3 bucket where the aggregated data is stored.
An Amazon S3 prefix for the bucket.
A supported sync format. The following format is currently supported: JsonSerDe
The Region with the S3 bucket targeted by the resource data sync.
The ARN of an encryption key for a destination in Amazon S3. Must belong to the same Region as the destination S3 bucket.
Enables destination data sharing. By default, this field is null .
The sharing data type. Only Organization is supported.
Specify information about the data sources to synchronize. This parameter is required if the SyncType value is SyncFromSource.
The type of data source for the resource data sync. SourceType is either AwsOrganizations (if an organization is present in Organizations) or SingleAccountMultiRegions .
Information about the AwsOrganizationsSource resource data sync source. A sync source of this type can synchronize data from Organizations.
If an Amazon Web Services organization is present, this is either OrganizationalUnits or EntireOrganization . For OrganizationalUnits , the data is aggregated from a set of organization units. For EntireOrganization , the data is aggregated from the entire Amazon Web Services organization.
The Organizations organization units included in the sync.
The Organizations organizational unit data source for the sync.
The Organizations unit ID data source for the sync.
The SyncSource Regions included in the resource data sync.
Whether to automatically synchronize and aggregate data from new Regions when those Regions come online.
When you create a resource data sync, if you choose one of the Organizations options, then Systems Manager automatically enables all OpsData sources in the selected Regions for all accounts in your organization (or in the selected organization units). For more information, see About multiple account and Region resource data syncs in the Amazon Web Services Systems Manager User Guide .
dict
Response Syntax
{}
Response Structure
Exceptions
Deletes an activation. You aren't required to delete an activation. If you delete an activation, you can no longer use it to register additional managed instances. Deleting an activation doesn't de-register managed instances. You must manually de-register managed instances.
See also: AWS API Documentation
Request Syntax
response = client.delete_activation(
ActivationId='string'
)
[REQUIRED]
The ID of the activation that you want to delete.
{}
Response Structure
Exceptions
Disassociates the specified Amazon Web Services Systems Manager document (SSM document) from the specified instance.
When you disassociate a document from an instance, it doesn't change the configuration of the instance. To change the configuration state of an instance after you disassociate a document, you must create a new document with the desired configuration and associate it with the instance.
See also: AWS API Documentation
Request Syntax
response = client.delete_association(
Name='string',
InstanceId='string',
AssociationId='string'
)
dict
Response Syntax
{}
Response Structure
Exceptions
Deletes the Amazon Web Services Systems Manager document (SSM document) and all instance associations to the document.
Before you delete the document, we recommend that you use DeleteAssociation to disassociate all instances that are associated with the document.
See also: AWS API Documentation
Request Syntax
response = client.delete_document(
Name='string',
DocumentVersion='string',
VersionName='string',
Force=True|False
)
[REQUIRED]
The name of the document.
dict
Response Syntax
{}
Response Structure
Exceptions
Delete a custom inventory type or the data associated with a custom Inventory type. Deleting a custom inventory type is also referred to as deleting a custom inventory schema.
See also: AWS API Documentation
Request Syntax
response = client.delete_inventory(
TypeName='string',
SchemaDeleteOption='DisableSchema'|'DeleteSchema',
DryRun=True|False,
ClientToken='string'
)
[REQUIRED]
The name of the custom inventory type for which you want to delete either all previously collected data or the inventory type itself.
Use the SchemaDeleteOption to delete a custom inventory type (schema). If you don't choose this option, the system only deletes existing inventory data associated with the custom inventory type. Choose one of the following options:
DisableSchema: If you choose this option, the system ignores all inventory data for the specified version, and any earlier versions. To enable this schema again, you must call the PutInventory operation for a version greater than the disabled version.
DeleteSchema: This option deletes the specified custom type from the Inventory service. You can recreate the schema later, if you want.
User-provided idempotency token.
This field is autopopulated if not provided.
dict
Response Syntax
{
'DeletionId': 'string',
'TypeName': 'string',
'DeletionSummary': {
'TotalCount': 123,
'RemainingCount': 123,
'SummaryItems': [
{
'Version': 'string',
'Count': 123,
'RemainingCount': 123
},
]
}
}
Response Structure
(dict) --
DeletionId (string) --
Every DeleteInventory operation is assigned a unique ID. This option returns a unique ID. You can use this ID to query the status of a delete operation. This option is useful for ensuring that a delete operation has completed before you begin other operations.
TypeName (string) --
The name of the inventory data type specified in the request.
DeletionSummary (dict) --
A summary of the delete operation. For more information about this summary, see Deleting custom inventory in the Amazon Web Services Systems Manager User Guide .
TotalCount (integer) --
The total number of items to delete. This count doesn't change during the delete operation.
RemainingCount (integer) --
Remaining number of items to delete.
SummaryItems (list) --
A list of counts and versions for deleted items.
(dict) --
Either a count, remaining count, or a version number in a delete inventory summary.
Version (string) --
The inventory type version.
Count (integer) --
A count of the number of deleted items.
RemainingCount (integer) --
The remaining number of items to delete.
Exceptions
Deletes a maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.delete_maintenance_window(
WindowId='string'
)
[REQUIRED]
The ID of the maintenance window to delete.
{
'WindowId': 'string'
}
Response Structure
The ID of the deleted maintenance window.
Exceptions
Delete OpsMetadata related to an application.
See also: AWS API Documentation
Request Syntax
response = client.delete_ops_metadata(
OpsMetadataArn='string'
)
[REQUIRED]
The Amazon Resource Name (ARN) of an OpsMetadata Object to delete.
{}
Response Structure
Exceptions
Delete a parameter from the system.
See also: AWS API Documentation
Request Syntax
response = client.delete_parameter(
Name='string'
)
[REQUIRED]
The name of the parameter to delete.
{}
Response Structure
Exceptions
Delete a list of parameters.
See also: AWS API Documentation
Request Syntax
response = client.delete_parameters(
Names=[
'string',
]
)
[REQUIRED]
The names of the parameters to delete.
{
'DeletedParameters': [
'string',
],
'InvalidParameters': [
'string',
]
}
Response Structure
The names of the deleted parameters.
The names of parameters that weren't deleted because the parameters aren't valid.
Exceptions
Deletes a patch baseline.
See also: AWS API Documentation
Request Syntax
response = client.delete_patch_baseline(
BaselineId='string'
)
[REQUIRED]
The ID of the patch baseline to delete.
{
'BaselineId': 'string'
}
Response Structure
The ID of the deleted patch baseline.
Exceptions
Deletes a resource data sync configuration. After the configuration is deleted, changes to data on managed instances are no longer synced to or from the target. Deleting a sync configuration doesn't delete data.
See also: AWS API Documentation
Request Syntax
response = client.delete_resource_data_sync(
SyncName='string',
SyncType='string'
)
[REQUIRED]
The name of the configuration to delete.
dict
Response Syntax
{}
Response Structure
Exceptions
Removes the server or virtual machine from the list of registered servers. You can reregister the instance again at any time. If you don't plan to use Run Command on the server, we suggest uninstalling SSM Agent first.
See also: AWS API Documentation
Request Syntax
response = client.deregister_managed_instance(
InstanceId='string'
)
[REQUIRED]
The ID assigned to the managed instance when you registered it using the activation process.
{}
Response Structure
Exceptions
Removes a patch group from a patch baseline.
See also: AWS API Documentation
Request Syntax
response = client.deregister_patch_baseline_for_patch_group(
BaselineId='string',
PatchGroup='string'
)
[REQUIRED]
The ID of the patch baseline to deregister the patch group from.
[REQUIRED]
The name of the patch group that should be deregistered from the patch baseline.
dict
Response Syntax
{
'BaselineId': 'string',
'PatchGroup': 'string'
}
Response Structure
(dict) --
BaselineId (string) --
The ID of the patch baseline the patch group was deregistered from.
PatchGroup (string) --
The name of the patch group deregistered from the patch baseline.
Exceptions
Removes a target from a maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.deregister_target_from_maintenance_window(
WindowId='string',
WindowTargetId='string',
Safe=True|False
)
[REQUIRED]
The ID of the maintenance window the target should be removed from.
[REQUIRED]
The ID of the target definition to remove.
dict
Response Syntax
{
'WindowId': 'string',
'WindowTargetId': 'string'
}
Response Structure
(dict) --
WindowId (string) --
The ID of the maintenance window the target was removed from.
WindowTargetId (string) --
The ID of the removed target definition.
Exceptions
Removes a task from a maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.deregister_task_from_maintenance_window(
WindowId='string',
WindowTaskId='string'
)
[REQUIRED]
The ID of the maintenance window the task should be removed from.
[REQUIRED]
The ID of the task to remove from the maintenance window.
dict
Response Syntax
{
'WindowId': 'string',
'WindowTaskId': 'string'
}
Response Structure
(dict) --
WindowId (string) --
The ID of the maintenance window the task was removed from.
WindowTaskId (string) --
The ID of the task removed from the maintenance window.
Exceptions
Describes details about the activation, such as the date and time the activation was created, its expiration date, the Identity and Access Management (IAM) role assigned to the instances in the activation, and the number of instances registered by using this activation.
See also: AWS API Documentation
Request Syntax
response = client.describe_activations(
Filters=[
{
'FilterKey': 'ActivationIds'|'DefaultInstanceName'|'IamRole',
'FilterValues': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
A filter to view information about your activations.
Filter for the DescribeActivation API.
The name of the filter.
The filter values.
dict
Response Syntax
{
'ActivationList': [
{
'ActivationId': 'string',
'Description': 'string',
'DefaultInstanceName': 'string',
'IamRole': 'string',
'RegistrationLimit': 123,
'RegistrationsCount': 123,
'ExpirationDate': datetime(2015, 1, 1),
'Expired': True|False,
'CreatedDate': datetime(2015, 1, 1),
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ActivationList (list) --
A list of activations for your account.
(dict) --
An activation registers one or more on-premises servers or virtual machines (VMs) with Amazon Web Services so that you can configure those servers or VMs using Run Command. A server or VM that has been registered with Amazon Web Services Systems Manager is called a managed instance.
ActivationId (string) --
The ID created by Systems Manager when you submitted the activation.
Description (string) --
A user defined description of the activation.
DefaultInstanceName (string) --
A name for the managed instance when it is created.
IamRole (string) --
The Identity and Access Management (IAM) role to assign to the managed instance.
RegistrationLimit (integer) --
The maximum number of managed instances that can be registered using this activation.
RegistrationsCount (integer) --
The number of managed instances already registered with this activation.
ExpirationDate (datetime) --
The date when this activation can no longer be used to register managed instances.
Expired (boolean) --
Whether or not the activation is expired.
CreatedDate (datetime) --
The date the activation was created.
Tags (list) --
Tags assigned to the activation.
(dict) --
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
Key (string) --
The name of the tag.
Value (string) --
The value of the tag.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Describes the association for the specified target or instance. If you created the association by using the Targets parameter, then you must retrieve the association by using the association ID. If you created the association by specifying an instance ID and an Amazon Web Services Systems Manager document (SSM document), then you retrieve the association by specifying the document name and the instance ID.
See also: AWS API Documentation
Request Syntax
response = client.describe_association(
Name='string',
InstanceId='string',
AssociationId='string',
AssociationVersion='string'
)
dict
Response Syntax
{
'AssociationDescription': {
'Name': 'string',
'InstanceId': 'string',
'AssociationVersion': 'string',
'Date': datetime(2015, 1, 1),
'LastUpdateAssociationDate': datetime(2015, 1, 1),
'Status': {
'Date': datetime(2015, 1, 1),
'Name': 'Pending'|'Success'|'Failed',
'Message': 'string',
'AdditionalInfo': 'string'
},
'Overview': {
'Status': 'string',
'DetailedStatus': 'string',
'AssociationStatusAggregatedCount': {
'string': 123
}
},
'DocumentVersion': 'string',
'AutomationTargetParameterName': 'string',
'Parameters': {
'string': [
'string',
]
},
'AssociationId': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'ScheduleExpression': 'string',
'OutputLocation': {
'S3Location': {
'OutputS3Region': 'string',
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string'
}
},
'LastExecutionDate': datetime(2015, 1, 1),
'LastSuccessfulExecutionDate': datetime(2015, 1, 1),
'AssociationName': 'string',
'MaxErrors': 'string',
'MaxConcurrency': 'string',
'ComplianceSeverity': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'UNSPECIFIED',
'SyncCompliance': 'AUTO'|'MANUAL',
'ApplyOnlyAtCronInterval': True|False,
'CalendarNames': [
'string',
],
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
}
}
Response Structure
(dict) --
AssociationDescription (dict) --
Information about the association.
Name (string) --
The name of the SSM document.
InstanceId (string) --
The ID of the instance.
AssociationVersion (string) --
The association version.
Date (datetime) --
The date when the association was made.
LastUpdateAssociationDate (datetime) --
The date when the association was last updated.
Status (dict) --
The association status.
Date (datetime) --
The date when the status changed.
Name (string) --
The status.
Message (string) --
The reason for the status.
AdditionalInfo (string) --
A user-defined string.
Overview (dict) --
Information about the association.
Status (string) --
The status of the association. Status can be: Pending, Success, or Failed.
DetailedStatus (string) --
A detailed status of the association.
AssociationStatusAggregatedCount (dict) --
Returns the number of targets for the association status. For example, if you created an association with two instances, and one of them was successful, this would return the count of instances by status.
DocumentVersion (string) --
The document version.
AutomationTargetParameterName (string) --
Specify the target for the association. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
Parameters (dict) --
A description of the parameters for a document.
AssociationId (string) --
The association ID.
Targets (list) --
The instances targeted by the request.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
ScheduleExpression (string) --
A cron expression that specifies a schedule when the association runs.
OutputLocation (dict) --
An S3 bucket where you want to store the output details of the request.
S3Location (dict) --
An S3 bucket where you want to store the results of this request.
OutputS3Region (string) --
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Amazon Web Services Systems Manager automatically determines the Region of the S3 bucket.
OutputS3BucketName (string) --
The name of the S3 bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
LastExecutionDate (datetime) --
The date on which the association was last run.
LastSuccessfulExecutionDate (datetime) --
The last date on which the association was successfully run.
AssociationName (string) --
The association name.
MaxErrors (string) --
The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
MaxConcurrency (string) --
The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency .
ComplianceSeverity (string) --
The severity level that is assigned to the association.
SyncCompliance (string) --
The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn't managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by your direct call to the PutComplianceItems API operation.
By default, all associations use AUTO mode.
ApplyOnlyAtCronInterval (boolean) --
By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter isn't supported for rate expressions.
CalendarNames (list) --
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that change calendar is open. For more information, see Amazon Web Services Systems Manager Change Calendar .
TargetLocations (list) --
The combination of Regions and accounts where you want to run the association.
(dict) --
The combination of Regions and accounts targeted by the current Automation execution.
Accounts (list) --
The accounts targeted by the current Automation execution.
Regions (list) --
The Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency (string) --
The maximum number of Regions and accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors (string) --
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName (string) --
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
Exceptions
Views information about a specific execution of a specific association.
See also: AWS API Documentation
Request Syntax
response = client.describe_association_execution_targets(
AssociationId='string',
ExecutionId='string',
Filters=[
{
'Key': 'Status'|'ResourceId'|'ResourceType',
'Value': 'string'
},
],
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The association ID that includes the execution for which you want to view details.
[REQUIRED]
The execution ID for which you want to view details.
Filters for the request. You can specify the following filters and values.
Status (EQUAL)
ResourceId (EQUAL)
ResourceType (EQUAL)
Filters for the association execution.
The key value used in the request.
The value specified for the key.
dict
Response Syntax
{
'AssociationExecutionTargets': [
{
'AssociationId': 'string',
'AssociationVersion': 'string',
'ExecutionId': 'string',
'ResourceId': 'string',
'ResourceType': 'string',
'Status': 'string',
'DetailedStatus': 'string',
'LastExecutionDate': datetime(2015, 1, 1),
'OutputSource': {
'OutputSourceId': 'string',
'OutputSourceType': 'string'
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AssociationExecutionTargets (list) --
Information about the execution.
(dict) --
Includes information about the specified association execution.
AssociationId (string) --
The association ID.
AssociationVersion (string) --
The association version.
ExecutionId (string) --
The execution ID.
ResourceId (string) --
The resource ID, for example, the instance ID where the association ran.
ResourceType (string) --
The resource type, for example, instance.
Status (string) --
The association execution status.
DetailedStatus (string) --
Detailed information about the execution status.
LastExecutionDate (datetime) --
The date of the last execution.
OutputSource (dict) --
The location where the association details are saved.
OutputSourceId (string) --
The ID of the output source, for example the URL of an S3 bucket.
OutputSourceType (string) --
The type of source where the association execution details are stored, for example, Amazon S3.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Views all executions for a specific association ID.
See also: AWS API Documentation
Request Syntax
response = client.describe_association_executions(
AssociationId='string',
Filters=[
{
'Key': 'ExecutionId'|'Status'|'CreatedTime',
'Value': 'string',
'Type': 'EQUAL'|'LESS_THAN'|'GREATER_THAN'
},
],
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The association ID for which you want to view execution history details.
Filters for the request. You can specify the following filters and values.
ExecutionId (EQUAL)
Status (EQUAL)
CreatedTime (EQUAL, GREATER_THAN, LESS_THAN)
Filters used in the request.
The key value used in the request.
The value specified for the key.
The filter type specified in the request.
dict
Response Syntax
{
'AssociationExecutions': [
{
'AssociationId': 'string',
'AssociationVersion': 'string',
'ExecutionId': 'string',
'Status': 'string',
'DetailedStatus': 'string',
'CreatedTime': datetime(2015, 1, 1),
'LastExecutionDate': datetime(2015, 1, 1),
'ResourceCountByStatus': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AssociationExecutions (list) --
A list of the executions for the specified association ID.
(dict) --
Includes information about the specified association.
AssociationId (string) --
The association ID.
AssociationVersion (string) --
The association version.
ExecutionId (string) --
The execution ID for the association.
Status (string) --
The status of the association execution.
DetailedStatus (string) --
Detailed status information about the execution.
CreatedTime (datetime) --
The time the execution started.
LastExecutionDate (datetime) --
The date of the last execution.
ResourceCountByStatus (string) --
An aggregate status of the resources in the execution based on the status type.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Provides details about all active and terminated Automation executions.
See also: AWS API Documentation
Request Syntax
response = client.describe_automation_executions(
Filters=[
{
'Key': 'DocumentNamePrefix'|'ExecutionStatus'|'ExecutionId'|'ParentExecutionId'|'CurrentAction'|'StartTimeBefore'|'StartTimeAfter'|'AutomationType'|'TagKey'|'TargetResourceGroup'|'AutomationSubtype'|'OpsItemId',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
Filters used to limit the scope of executions that are requested.
A filter used to match specific automation executions. This is used to limit the scope of Automation execution information returned.
One or more keys to limit the results.
The values used to limit the execution information associated with the filter's key.
dict
Response Syntax
{
'AutomationExecutionMetadataList': [
{
'AutomationExecutionId': 'string',
'DocumentName': 'string',
'DocumentVersion': 'string',
'AutomationExecutionStatus': 'Pending'|'InProgress'|'Waiting'|'Success'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'PendingApproval'|'Approved'|'Rejected'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'CompletedWithSuccess'|'CompletedWithFailure',
'ExecutionStartTime': datetime(2015, 1, 1),
'ExecutionEndTime': datetime(2015, 1, 1),
'ExecutedBy': 'string',
'LogFile': 'string',
'Outputs': {
'string': [
'string',
]
},
'Mode': 'Auto'|'Interactive',
'ParentAutomationExecutionId': 'string',
'CurrentStepName': 'string',
'CurrentAction': 'string',
'FailureMessage': 'string',
'TargetParameterName': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TargetMaps': [
{
'string': [
'string',
]
},
],
'ResolvedTargets': {
'ParameterValues': [
'string',
],
'Truncated': True|False
},
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'Target': 'string',
'AutomationType': 'CrossAccount'|'Local',
'AutomationSubtype': 'ChangeRequest',
'ScheduledTime': datetime(2015, 1, 1),
'Runbooks': [
{
'DocumentName': 'string',
'DocumentVersion': 'string',
'Parameters': {
'string': [
'string',
]
},
'TargetParameterName': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
},
],
'OpsItemId': 'string',
'AssociationId': 'string',
'ChangeRequestName': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AutomationExecutionMetadataList (list) --
The list of details about each automation execution which has occurred which matches the filter specification, if any.
(dict) --
Details about a specific Automation execution.
AutomationExecutionId (string) --
The execution ID.
DocumentName (string) --
The name of the Automation runbook used during execution.
DocumentVersion (string) --
The document version used during the execution.
AutomationExecutionStatus (string) --
The status of the execution.
ExecutionStartTime (datetime) --
The time the execution started.
ExecutionEndTime (datetime) --
The time the execution finished. This isn't populated if the execution is still in progress.
ExecutedBy (string) --
The IAM role ARN of the user who ran the automation.
LogFile (string) --
An S3 bucket where execution information is stored.
Outputs (dict) --
The list of execution outputs as defined in the Automation runbook.
Mode (string) --
The Automation execution mode.
ParentAutomationExecutionId (string) --
The execution ID of the parent automation.
CurrentStepName (string) --
The name of the step that is currently running.
CurrentAction (string) --
The action of the step that is currently running.
FailureMessage (string) --
The list of execution outputs as defined in the Automation runbook.
TargetParameterName (string) --
The list of execution outputs as defined in the Automation runbook.
Targets (list) --
The targets defined by the user when starting the automation.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TargetMaps (list) --
The specified key-value mapping of document parameters to target resources.
ResolvedTargets (dict) --
A list of targets that resolved during the execution.
ParameterValues (list) --
A list of parameter values sent to targets that resolved during the Automation execution.
Truncated (boolean) --
A boolean value indicating whether the resolved target list is truncated.
MaxConcurrency (string) --
The MaxConcurrency value specified by the user when starting the automation.
MaxErrors (string) --
The MaxErrors value specified by the user when starting the automation.
Target (string) --
The list of execution outputs as defined in the Automation runbook.
AutomationType (string) --
Use this filter with DescribeAutomationExecutions . Specify either Local or CrossAccount. CrossAccount is an Automation that runs in multiple Regions and accounts. For more information, see Running Automation workflows in multiple Regions and accounts in the Amazon Web Services Systems Manager User Guide .
AutomationSubtype (string) --
The subtype of the Automation operation. Currently, the only supported value is ChangeRequest .
ScheduledTime (datetime) --
The date and time the Automation operation is scheduled to start.
Runbooks (list) --
Information about the Automation runbooks that are run during a runbook workflow in Change Manager.
Note
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
(dict) --
Information about an Automation runbook used in a runbook workflow in Change Manager.
Note
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
DocumentName (string) --
The name of the Automation runbook used in a runbook workflow.
DocumentVersion (string) --
The version of the Automation runbook used in a runbook workflow.
Parameters (dict) --
The key-value map of execution parameters, which were supplied when calling StartChangeRequestExecution .
TargetParameterName (string) --
The name of the parameter used as the target resource for the rate-controlled runbook workflow. Required if you specify Targets .
Targets (list) --
A key-value mapping to target resources that the runbook operation performs tasks on. Required if you specify TargetParameterName .
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
MaxConcurrency (string) --
The MaxConcurrency value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time.
MaxErrors (string) --
The MaxErrors value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back.
TargetLocations (list) --
Information about the Regions and accounts targeted by the current Runbook operation.
(dict) --
The combination of Regions and accounts targeted by the current Automation execution.
Accounts (list) --
The accounts targeted by the current Automation execution.
Regions (list) --
The Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency (string) --
The maximum number of Regions and accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors (string) --
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName (string) --
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
OpsItemId (string) --
The ID of an OpsItem that is created to represent a Change Manager change request.
AssociationId (string) --
The ID of a State Manager association used in the Automation operation.
ChangeRequestName (string) --
The name of the Change Manager change request.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Information about all active and terminated step executions in an Automation workflow.
See also: AWS API Documentation
Request Syntax
response = client.describe_automation_step_executions(
AutomationExecutionId='string',
Filters=[
{
'Key': 'StartTimeBefore'|'StartTimeAfter'|'StepExecutionStatus'|'StepExecutionId'|'StepName'|'Action',
'Values': [
'string',
]
},
],
NextToken='string',
MaxResults=123,
ReverseOrder=True|False
)
[REQUIRED]
The Automation execution ID for which you want step execution descriptions.
One or more filters to limit the number of step executions returned by the request.
A filter to limit the amount of step execution information returned by the call.
One or more keys to limit the results. Valid filter keys include the following: StepName, Action, StepExecutionId, StepExecutionStatus, StartTimeBefore, StartTimeAfter.
The values of the filter key.
dict
Response Syntax
{
'StepExecutions': [
{
'StepName': 'string',
'Action': 'string',
'TimeoutSeconds': 123,
'OnFailure': 'string',
'MaxAttempts': 123,
'ExecutionStartTime': datetime(2015, 1, 1),
'ExecutionEndTime': datetime(2015, 1, 1),
'StepStatus': 'Pending'|'InProgress'|'Waiting'|'Success'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'PendingApproval'|'Approved'|'Rejected'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'CompletedWithSuccess'|'CompletedWithFailure',
'ResponseCode': 'string',
'Inputs': {
'string': 'string'
},
'Outputs': {
'string': [
'string',
]
},
'Response': 'string',
'FailureMessage': 'string',
'FailureDetails': {
'FailureStage': 'string',
'FailureType': 'string',
'Details': {
'string': [
'string',
]
}
},
'StepExecutionId': 'string',
'OverriddenParameters': {
'string': [
'string',
]
},
'IsEnd': True|False,
'NextStep': 'string',
'IsCritical': True|False,
'ValidNextSteps': [
'string',
],
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TargetLocation': {
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
StepExecutions (list) --
A list of details about the current state of all steps that make up an execution.
(dict) --
Detailed information about an the execution state of an Automation step.
StepName (string) --
The name of this execution step.
Action (string) --
The action this step performs. The action determines the behavior of the step.
TimeoutSeconds (integer) --
The timeout seconds of the step.
OnFailure (string) --
The action to take if the step fails. The default value is Abort .
MaxAttempts (integer) --
The maximum number of tries to run the action of the step. The default value is 1 .
ExecutionStartTime (datetime) --
If a step has begun execution, this contains the time the step started. If the step is in Pending status, this field isn't populated.
ExecutionEndTime (datetime) --
If a step has finished execution, this contains the time the execution ended. If the step hasn't yet concluded, this field isn't populated.
StepStatus (string) --
The execution status for this step.
ResponseCode (string) --
The response code returned by the execution of the step.
Inputs (dict) --
Fully-resolved values passed into the step before execution.
Outputs (dict) --
Returned values from the execution of the step.
Response (string) --
A message associated with the response code for an execution.
FailureMessage (string) --
If a step failed, this message explains why the execution failed.
FailureDetails (dict) --
Information about the Automation failure.
FailureStage (string) --
The stage of the Automation execution when the failure occurred. The stages include the following: InputValidation, PreVerification, Invocation, PostVerification.
FailureType (string) --
The type of Automation failure. Failure types include the following: Action, Permission, Throttling, Verification, Internal.
Details (dict) --
Detailed information about the Automation step failure.
StepExecutionId (string) --
The unique ID of a step execution.
OverriddenParameters (dict) --
A user-specified list of parameters to override when running a step.
IsEnd (boolean) --
The flag which can be used to end automation no matter whether the step succeeds or fails.
NextStep (string) --
The next step after the step succeeds.
IsCritical (boolean) --
The flag which can be used to help decide whether the failure of current step leads to the Automation failure.
ValidNextSteps (list) --
Strategies used when step fails, we support Continue and Abort. Abort will fail the automation when the step fails. Continue will ignore the failure of current step and allow automation to run the next step. With conditional branching, we add step:stepName to support the automation to go to another specific step.
Targets (list) --
The targets for the step execution.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TargetLocation (dict) --
The combination of Regions and accounts targeted by the current Automation execution.
Accounts (list) --
The accounts targeted by the current Automation execution.
Regions (list) --
The Regions targeted by the current Automation execution.
TargetLocationMaxConcurrency (string) --
The maximum number of Regions and accounts allowed to run the Automation concurrently.
TargetLocationMaxErrors (string) --
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName (string) --
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Lists all patches eligible to be included in a patch baseline.
See also: AWS API Documentation
Request Syntax
response = client.describe_available_patches(
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
Each element in the array is a structure containing a key-value pair.
Windows Server
Supported keys for Windows Server instance patches include the following:
Linux
Warning
When specifying filters for Linux patches, you must specify a key-pair for PRODUCT . For example, using the Command Line Interface (CLI), the following command fails:
aws ssm describe-available-patches --filters Key=CVE_ID,Values=CVE-2018-3615
However, the following command succeeds:
aws ssm describe-available-patches --filters Key=PRODUCT,Values=AmazonLinux2018.03 Key=CVE_ID,Values=CVE-2018-3615
Supported keys for Linux instance patches include the following:
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
dict
Response Syntax
{
'Patches': [
{
'Id': 'string',
'ReleaseDate': datetime(2015, 1, 1),
'Title': 'string',
'Description': 'string',
'ContentUrl': 'string',
'Vendor': 'string',
'ProductFamily': 'string',
'Product': 'string',
'Classification': 'string',
'MsrcSeverity': 'string',
'KbNumber': 'string',
'MsrcNumber': 'string',
'Language': 'string',
'AdvisoryIds': [
'string',
],
'BugzillaIds': [
'string',
],
'CVEIds': [
'string',
],
'Name': 'string',
'Epoch': 123,
'Version': 'string',
'Release': 'string',
'Arch': 'string',
'Severity': 'string',
'Repository': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Patches (list) --
An array of patches. Each entry in the array is a patch structure.
(dict) --
Represents metadata about a patch.
Id (string) --
The ID of the patch. Applies to Windows patches only.
Note
This ID isn't the same as the Microsoft Knowledge Base ID.
ReleaseDate (datetime) --
The date the patch was released.
Title (string) --
The title of the patch.
Description (string) --
The description of the patch.
ContentUrl (string) --
The URL where more information can be obtained about the patch.
Vendor (string) --
The name of the vendor providing the patch.
ProductFamily (string) --
The product family the patch is applicable for. For example, Windows or Amazon Linux 2 .
Product (string) --
The specific product the patch is applicable for. For example, WindowsServer2016 or AmazonLinux2018.03 .
Classification (string) --
The classification of the patch. For example, SecurityUpdates , Updates , or CriticalUpdates .
MsrcSeverity (string) --
The severity of the patch, such as Critical , Important , or Moderate . Applies to Windows patches only.
KbNumber (string) --
The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.
MsrcNumber (string) --
The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example, MS14-045 . Applies to Windows patches only.
Language (string) --
The language of the patch if it's language-specific.
AdvisoryIds (list) --
The Advisory ID of the patch. For example, RHSA-2020:3779 . Applies to Linux-based instances only.
BugzillaIds (list) --
The Bugzilla ID of the patch. For example, 1600646 . Applies to Linux-based instances only.
CVEIds (list) --
The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example, CVE-2011-3192 . Applies to Linux-based instances only.
Name (string) --
The name of the patch. Applies to Linux-based instances only.
Epoch (integer) --
The epoch of the patch. For example in pkg-example-EE-20180914-2.2.amzn1.noarch , the epoch value is 20180914-2 . Applies to Linux-based instances only.
Version (string) --
The version number of the patch. For example, in example-pkg-1.710.10-2.7.abcd.x86_64 , the version number is indicated by -1 . Applies to Linux-based instances only.
Release (string) --
The particular release of a patch. For example, in pkg-example-EE-20180914-2.2.amzn1.noarch , the release is 2.amaz1 . Applies to Linux-based instances only.
Arch (string) --
The architecture of the patch. For example, in example-pkg-0.710.10-2.7.abcd.x86_64 , the architecture is indicated by x86_64 . Applies to Linux-based instances only.
Severity (string) --
The severity level of the patch. For example, CRITICAL or MODERATE .
Repository (string) --
The source patch repository for the operating system and version, such as trusty-security for Ubuntu Server 14.04 LTE and focal-security for Ubuntu Server 20.04 LTE. Applies to Linux-based instances only.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Describes the specified Amazon Web Services Systems Manager document (SSM document).
See also: AWS API Documentation
Request Syntax
response = client.describe_document(
Name='string',
DocumentVersion='string',
VersionName='string'
)
[REQUIRED]
The name of the SSM document.
dict
Response Syntax
{
'Document': {
'Sha1': 'string',
'Hash': 'string',
'HashType': 'Sha256'|'Sha1',
'Name': 'string',
'DisplayName': 'string',
'VersionName': 'string',
'Owner': 'string',
'CreatedDate': datetime(2015, 1, 1),
'Status': 'Creating'|'Active'|'Updating'|'Deleting'|'Failed',
'StatusInformation': 'string',
'DocumentVersion': 'string',
'Description': 'string',
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList',
'Description': 'string',
'DefaultValue': 'string'
},
],
'PlatformTypes': [
'Windows'|'Linux',
],
'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate',
'SchemaVersion': 'string',
'LatestVersion': 'string',
'DefaultVersion': 'string',
'DocumentFormat': 'YAML'|'JSON'|'TEXT',
'TargetType': 'string',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'AttachmentsInformation': [
{
'Name': 'string'
},
],
'Requires': [
{
'Name': 'string',
'Version': 'string'
},
],
'Author': 'string',
'ReviewInformation': [
{
'ReviewedTime': datetime(2015, 1, 1),
'Status': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
'Reviewer': 'string'
},
],
'ApprovedVersion': 'string',
'PendingReviewVersion': 'string',
'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED'
}
}
Response Structure
(dict) --
Document (dict) --
Information about the SSM document.
Sha1 (string) --
The SHA1 hash of the document, which you can use for verification.
Hash (string) --
The Sha256 or Sha1 hash created by the system when the document was created.
Note
Sha1 hashes have been deprecated.
HashType (string) --
The hash type of the document. Valid values include Sha256 or Sha1 .
Note
Sha1 hashes have been deprecated.
Name (string) --
The name of the SSM document.
DisplayName (string) --
The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument .
VersionName (string) --
The version of the artifact associated with the document.
Owner (string) --
The Amazon Web Services user account that created the document.
CreatedDate (datetime) --
The date when the document was created.
Status (string) --
The status of the SSM document.
StatusInformation (string) --
A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."
DocumentVersion (string) --
The document version.
Description (string) --
A description of the document.
Parameters (list) --
A description of the parameters for a document.
(dict) --
Parameters specified in a System Manager document that run on the server when the command is run.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. The type can be either String or StringList.
Description (string) --
A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.
DefaultValue (string) --
If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.
PlatformTypes (list) --
The list of OS platforms compatible with this SSM document.
DocumentType (string) --
The type of document.
SchemaVersion (string) --
The schema version.
LatestVersion (string) --
The latest version of the document.
DefaultVersion (string) --
The default version.
DocumentFormat (string) --
The document format, either JSON or YAML.
TargetType (string) --
The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance . For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide .
Tags (list) --
The tags, or metadata, that have been applied to the document.
(dict) --
Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed instances, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.
Key (string) --
The name of the tag.
Value (string) --
The value of the tag.
AttachmentsInformation (list) --
Details about the document attachments, including names, locations, sizes, and so on.
(dict) --
An attribute of an attachment, such as the attachment name.
Name (string) --
The name of the attachment.
Requires (list) --
A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.
(dict) --
An SSM document required by the current document.
Name (string) --
The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version (string) --
The document version required by the current document.
Author (string) --
The user in your organization who created the document.
ReviewInformation (list) --
Details about the review of a document.
(dict) --
Information about the result of a document review request.
ReviewedTime (datetime) --
The time that the reviewer took action on the document review request.
Status (string) --
The current status of the document review request.
Reviewer (string) --
The reviewer assigned to take action on the document review request.
ApprovedVersion (string) --
The version of the document currently approved for use in the organization.
PendingReviewVersion (string) --
The version of the document that is currently under review.
ReviewStatus (string) --
The current status of the review.
Exceptions
Describes the permissions for a Amazon Web Services Systems Manager document (SSM document). If you created the document, you are the owner. If a document is shared, it can either be shared privately (by specifying a user's account ID) or publicly (All ).
See also: AWS API Documentation
Request Syntax
response = client.describe_document_permission(
Name='string',
PermissionType='Share',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The name of the document for which you are the owner.
[REQUIRED]
The permission type for the document. The permission type can be Share .
dict
Response Syntax
{
'AccountIds': [
'string',
],
'AccountSharingInfoList': [
{
'AccountId': 'string',
'SharedDocumentVersion': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
AccountIds (list) --
The account IDs that have permission to use this document. The ID can be either an account or All .
AccountSharingInfoList (list) --
A list of accounts where the current document is shared and the version shared with each account.
(dict) --
Information includes the account ID where the current document is shared and the version shared with that account.
AccountId (string) --
The account ID where the current document is shared.
SharedDocumentVersion (string) --
The version of the current document shared with the account.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
All associations for the instance(s).
See also: AWS API Documentation
Request Syntax
response = client.describe_effective_instance_associations(
InstanceId='string',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The instance ID for which you want to view all associations.
dict
Response Syntax
{
'Associations': [
{
'AssociationId': 'string',
'InstanceId': 'string',
'Content': 'string',
'AssociationVersion': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Associations (list) --
The associations for the requested instance.
(dict) --
One or more association documents on the instance.
AssociationId (string) --
The association ID.
InstanceId (string) --
The instance ID.
Content (string) --
The content of the association document for the instance(s).
AssociationVersion (string) --
Version information for the association on the instance.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline. Applies to patch baselines for Windows only.
See also: AWS API Documentation
Request Syntax
response = client.describe_effective_patches_for_patch_baseline(
BaselineId='string',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The ID of the patch baseline to retrieve the effective patches for.
dict
Response Syntax
{
'EffectivePatches': [
{
'Patch': {
'Id': 'string',
'ReleaseDate': datetime(2015, 1, 1),
'Title': 'string',
'Description': 'string',
'ContentUrl': 'string',
'Vendor': 'string',
'ProductFamily': 'string',
'Product': 'string',
'Classification': 'string',
'MsrcSeverity': 'string',
'KbNumber': 'string',
'MsrcNumber': 'string',
'Language': 'string',
'AdvisoryIds': [
'string',
],
'BugzillaIds': [
'string',
],
'CVEIds': [
'string',
],
'Name': 'string',
'Epoch': 123,
'Version': 'string',
'Release': 'string',
'Arch': 'string',
'Severity': 'string',
'Repository': 'string'
},
'PatchStatus': {
'DeploymentStatus': 'APPROVED'|'PENDING_APPROVAL'|'EXPLICIT_APPROVED'|'EXPLICIT_REJECTED',
'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApprovalDate': datetime(2015, 1, 1)
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
EffectivePatches (list) --
An array of patches and patch status.
(dict) --
The EffectivePatch structure defines metadata about a patch along with the approval state of the patch in a particular patch baseline. The approval state includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.
Patch (dict) --
Provides metadata for a patch, including information such as the KB ID, severity, classification and a URL for where more information can be obtained about the patch.
Id (string) --
The ID of the patch. Applies to Windows patches only.
Note
This ID isn't the same as the Microsoft Knowledge Base ID.
ReleaseDate (datetime) --
The date the patch was released.
Title (string) --
The title of the patch.
Description (string) --
The description of the patch.
ContentUrl (string) --
The URL where more information can be obtained about the patch.
Vendor (string) --
The name of the vendor providing the patch.
ProductFamily (string) --
The product family the patch is applicable for. For example, Windows or Amazon Linux 2 .
Product (string) --
The specific product the patch is applicable for. For example, WindowsServer2016 or AmazonLinux2018.03 .
Classification (string) --
The classification of the patch. For example, SecurityUpdates , Updates , or CriticalUpdates .
MsrcSeverity (string) --
The severity of the patch, such as Critical , Important , or Moderate . Applies to Windows patches only.
KbNumber (string) --
The Microsoft Knowledge Base ID of the patch. Applies to Windows patches only.
MsrcNumber (string) --
The ID of the Microsoft Security Response Center (MSRC) bulletin the patch is related to. For example, MS14-045 . Applies to Windows patches only.
Language (string) --
The language of the patch if it's language-specific.
AdvisoryIds (list) --
The Advisory ID of the patch. For example, RHSA-2020:3779 . Applies to Linux-based instances only.
BugzillaIds (list) --
The Bugzilla ID of the patch. For example, 1600646 . Applies to Linux-based instances only.
CVEIds (list) --
The Common Vulnerabilities and Exposures (CVE) ID of the patch. For example, CVE-2011-3192 . Applies to Linux-based instances only.
Name (string) --
The name of the patch. Applies to Linux-based instances only.
Epoch (integer) --
The epoch of the patch. For example in pkg-example-EE-20180914-2.2.amzn1.noarch , the epoch value is 20180914-2 . Applies to Linux-based instances only.
Version (string) --
The version number of the patch. For example, in example-pkg-1.710.10-2.7.abcd.x86_64 , the version number is indicated by -1 . Applies to Linux-based instances only.
Release (string) --
The particular release of a patch. For example, in pkg-example-EE-20180914-2.2.amzn1.noarch , the release is 2.amaz1 . Applies to Linux-based instances only.
Arch (string) --
The architecture of the patch. For example, in example-pkg-0.710.10-2.7.abcd.x86_64 , the architecture is indicated by x86_64 . Applies to Linux-based instances only.
Severity (string) --
The severity level of the patch. For example, CRITICAL or MODERATE .
Repository (string) --
The source patch repository for the operating system and version, such as trusty-security for Ubuntu Server 14.04 LTE and focal-security for Ubuntu Server 20.04 LTE. Applies to Linux-based instances only.
PatchStatus (dict) --
The status of the patch in a patch baseline. This includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.
DeploymentStatus (string) --
The approval status of a patch.
ComplianceLevel (string) --
The compliance severity level for a patch.
ApprovalDate (datetime) --
The date the patch was approved (or will be approved if the status is PENDING_APPROVAL ).
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
The status of the associations for the instance(s).
See also: AWS API Documentation
Request Syntax
response = client.describe_instance_associations_status(
InstanceId='string',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The instance IDs for which you want association status information.
dict
Response Syntax
{
'InstanceAssociationStatusInfos': [
{
'AssociationId': 'string',
'Name': 'string',
'DocumentVersion': 'string',
'AssociationVersion': 'string',
'InstanceId': 'string',
'ExecutionDate': datetime(2015, 1, 1),
'Status': 'string',
'DetailedStatus': 'string',
'ExecutionSummary': 'string',
'ErrorCode': 'string',
'OutputUrl': {
'S3OutputUrl': {
'OutputUrl': 'string'
}
},
'AssociationName': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
InstanceAssociationStatusInfos (list) --
Status information about the association.
(dict) --
Status information about the instance association.
AssociationId (string) --
The association ID.
Name (string) --
The name of the association.
DocumentVersion (string) --
The association document versions.
AssociationVersion (string) --
The version of the association applied to the instance.
InstanceId (string) --
The instance ID where the association was created.
ExecutionDate (datetime) --
The date the instance association ran.
Status (string) --
Status information about the instance association.
DetailedStatus (string) --
Detailed status information about the instance association.
ExecutionSummary (string) --
Summary information about association execution.
ErrorCode (string) --
An error code returned by the request to create the association.
OutputUrl (dict) --
A URL for an S3 bucket where you want to store the results of this request.
S3OutputUrl (dict) --
The URL of S3 bucket where you want to store the results of this request.
OutputUrl (string) --
A URL for an S3 bucket where you want to store the results of this request.
AssociationName (string) --
The name of the association applied to the instance.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Describes one or more of your instances, including information about the operating system platform, the version of SSM Agent installed on the instance, instance status, and so on.
If you specify one or more instance IDs, it returns information for those instances. If you don't specify instance IDs, it returns information for all your instances. If you specify an instance ID that isn't valid or an instance that you don't own, you receive an error.
Note
The IamRole field for this API operation is the Identity and Access Management (IAM) role assigned to on-premises instances. This call doesn't return the IAM role for EC2 instances.
See also: AWS API Documentation
Request Syntax
response = client.describe_instance_information(
InstanceInformationFilterList=[
{
'key': 'InstanceIds'|'AgentVersion'|'PingStatus'|'PlatformTypes'|'ActivationIds'|'IamRole'|'ResourceType'|'AssociationStatus',
'valueSet': [
'string',
]
},
],
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
This is a legacy method. We recommend that you don't use this method. Instead, use the Filters data type. Filters enables you to return instance information by filtering based on tags applied to managed instances.
Note
Attempting to use InstanceInformationFilterList and Filters leads to an exception error.
Describes a filter for a specific list of instances. You can filter instances information by using tags. You specify tags by using a key-value mapping.
Use this operation instead of the DescribeInstanceInformationRequest$InstanceInformationFilterList method. The InstanceInformationFilterList method is a legacy method and doesn't support tags.
The name of the filter.
The filter values.
One or more filters. Use a filter to return a more specific list of instances. You can filter based on tags applied to EC2 instances. Use this Filters data type instead of InstanceInformationFilterList , which is deprecated.
The filters to describe or get information about your managed instances.
The filter key name to describe your instances. For example:
"InstanceIds"|"AgentVersion"|"PingStatus"|"PlatformTypes"|"ActivationIds"|"IamRole"|"ResourceType"|"AssociationStatus"|"Tag Key"
Warning
Tag key isn't a valid filter. You must specify either tag-key or tag:keyname and a string. Here are some valid examples: tag-key, tag:123, tag:al!, tag:Windows. Here are some invalid examples: tag-keys, Tag Key, tag:, tagKey, abc:keyname.
The filter values.
dict
Response Syntax
{
'InstanceInformationList': [
{
'InstanceId': 'string',
'PingStatus': 'Online'|'ConnectionLost'|'Inactive',
'LastPingDateTime': datetime(2015, 1, 1),
'AgentVersion': 'string',
'IsLatestVersion': True|False,
'PlatformType': 'Windows'|'Linux',
'PlatformName': 'string',
'PlatformVersion': 'string',
'ActivationId': 'string',
'IamRole': 'string',
'RegistrationDate': datetime(2015, 1, 1),
'ResourceType': 'ManagedInstance'|'Document'|'EC2Instance',
'Name': 'string',
'IPAddress': 'string',
'ComputerName': 'string',
'AssociationStatus': 'string',
'LastAssociationExecutionDate': datetime(2015, 1, 1),
'LastSuccessfulAssociationExecutionDate': datetime(2015, 1, 1),
'AssociationOverview': {
'DetailedStatus': 'string',
'InstanceAssociationStatusAggregatedCount': {
'string': 123
}
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
InstanceInformationList (list) --
The instance information list.
(dict) --
Describes a filter for a specific list of instances.
InstanceId (string) --
The instance ID.
PingStatus (string) --
Connection status of SSM Agent.
Note
The status Inactive has been deprecated and is no longer in use.
LastPingDateTime (datetime) --
The date and time when the agent last pinged the Systems Manager service.
AgentVersion (string) --
The version of SSM Agent running on your Linux instance.
IsLatestVersion (boolean) --
Indicates whether the latest version of SSM Agent is running on your Linux Managed Instance. This field doesn't indicate whether or not the latest version is installed on Windows managed instances, because some older versions of Windows Server use the EC2Config service to process Systems Manager requests.
PlatformType (string) --
The operating system platform type.
PlatformName (string) --
The name of the operating system platform running on your instance.
PlatformVersion (string) --
The version of the OS platform running on your instance.
ActivationId (string) --
The activation ID created by Amazon Web Services Systems Manager when the server or virtual machine (VM) was registered.
IamRole (string) --
The Identity and Access Management (IAM) role assigned to the on-premises Systems Manager managed instance. This call doesn't return the IAM role for Amazon Elastic Compute Cloud (Amazon EC2) instances. To retrieve the IAM role for an EC2 instance, use the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference .
RegistrationDate (datetime) --
The date the server or VM was registered with Amazon Web Services as a managed instance.
ResourceType (string) --
The type of instance. Instances are either EC2 instances or managed instances.
Name (string) --
The name assigned to an on-premises server or virtual machine (VM) when it is activated as a Systems Manager managed instance. The name is specified as the DefaultInstanceName property using the CreateActivation command. It is applied to the managed instance by specifying the Activation Code and Activation ID when you install SSM Agent on the instance, as explained in Install SSM Agent for a hybrid environment (Linux) and Install SSM Agent for a hybrid environment (Windows) . To retrieve the Name tag of an EC2 instance, use the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference .
IPAddress (string) --
The IP address of the managed instance.
ComputerName (string) --
The fully qualified host name of the managed instance.
AssociationStatus (string) --
The status of the association.
LastAssociationExecutionDate (datetime) --
The date the association was last run.
LastSuccessfulAssociationExecutionDate (datetime) --
The last date the association was successfully run.
AssociationOverview (dict) --
Information about the association.
DetailedStatus (string) --
Detailed status information about the aggregated associations.
InstanceAssociationStatusAggregatedCount (dict) --
The number of associations for the instance(s).
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves the high-level patch state of one or more instances.
See also: AWS API Documentation
Request Syntax
response = client.describe_instance_patch_states(
InstanceIds=[
'string',
],
NextToken='string',
MaxResults=123
)
[REQUIRED]
The ID of the instance for which patch state information should be retrieved.
dict
Response Syntax
{
'InstancePatchStates': [
{
'InstanceId': 'string',
'PatchGroup': 'string',
'BaselineId': 'string',
'SnapshotId': 'string',
'InstallOverrideList': 'string',
'OwnerInformation': 'string',
'InstalledCount': 123,
'InstalledOtherCount': 123,
'InstalledPendingRebootCount': 123,
'InstalledRejectedCount': 123,
'MissingCount': 123,
'FailedCount': 123,
'UnreportedNotApplicableCount': 123,
'NotApplicableCount': 123,
'OperationStartTime': datetime(2015, 1, 1),
'OperationEndTime': datetime(2015, 1, 1),
'Operation': 'Scan'|'Install',
'LastNoRebootInstallOperationTime': datetime(2015, 1, 1),
'RebootOption': 'RebootIfNeeded'|'NoReboot',
'CriticalNonCompliantCount': 123,
'SecurityNonCompliantCount': 123,
'OtherNonCompliantCount': 123
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
InstancePatchStates (list) --
The high-level patch state for the requested instances.
(dict) --
Defines the high-level patch compliance state for a managed instance, providing information about the number of installed, missing, not applicable, and failed patches along with metadata about the operation when this information was gathered for the instance.
InstanceId (string) --
The ID of the managed instance the high-level patch compliance information was collected for.
PatchGroup (string) --
The name of the patch group the managed instance belongs to.
BaselineId (string) --
The ID of the patch baseline used to patch the instance.
SnapshotId (string) --
The ID of the patch baseline snapshot used during the patching operation when this compliance data was collected.
InstallOverrideList (string) --
An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document AWS-RunPatchBaseline , overrides the patches specified by the default patch baseline.
For more information about the InstallOverrideList parameter, see About the ``AWS-RunPatchBaseline` https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-about-aws-runpatchbaseline.html`__ SSM document in the Amazon Web Services Systems Manager User Guide .
OwnerInformation (string) --
Placeholder information. This field will always be empty in the current release of the service.
InstalledCount (integer) --
The number of patches from the patch baseline that are installed on the instance.
InstalledOtherCount (integer) --
The number of patches not specified in the patch baseline that are installed on the instance.
InstalledPendingRebootCount (integer) --
The number of patches installed by Patch Manager since the last time the instance was rebooted.
InstalledRejectedCount (integer) --
The number of patches installed on an instance that are specified in a RejectedPatches list. Patches with a status of InstalledRejected were typically installed before they were added to a RejectedPatches list.
Note
If ALLOW_AS_DEPENDENCY is the specified option for RejectedPatchesAction , the value of InstalledRejectedCount will always be 0 (zero).
MissingCount (integer) --
The number of patches from the patch baseline that are applicable for the instance but aren't currently installed.
FailedCount (integer) --
The number of patches from the patch baseline that were attempted to be installed during the last patching operation, but failed to install.
UnreportedNotApplicableCount (integer) --
The number of patches beyond the supported limit of NotApplicableCount that aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.
NotApplicableCount (integer) --
The number of patches from the patch baseline that aren't applicable for the instance and therefore aren't installed on the instance. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in UnreportedNotApplicableCount .
OperationStartTime (datetime) --
The time the most recent patching operation was started on the instance.
OperationEndTime (datetime) --
The time the most recent patching operation completed on the instance.
Operation (string) --
The type of patching operation that was performed: or
LastNoRebootInstallOperationTime (datetime) --
The time of the last attempt to patch the instance with NoReboot specified as the reboot option.
RebootOption (string) --
Indicates the reboot option specified in the patch baseline.
Note
Reboot options apply to Install operations only. Reboots aren't attempted for Patch Manager Scan operations.
CriticalNonCompliantCount (integer) --
The number of instances where patches that are specified as Critical for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
SecurityNonCompliantCount (integer) --
The number of instances where patches that are specified as Security in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
OtherNonCompliantCount (integer) --
The number of instances with patches installed that are specified as other than Critical or Security but aren't compliant with the patch baseline. The status of these instances is NON_COMPLIANT .
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves the high-level patch state for the instances in the specified patch group.
See also: AWS API Documentation
Request Syntax
response = client.describe_instance_patch_states_for_patch_group(
PatchGroup='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'LessThan'|'GreaterThan'
},
],
NextToken='string',
MaxResults=123
)
[REQUIRED]
The name of the patch group for which the patch state information should be retrieved.
Each entry in the array is a structure containing:
Defines a filter used in DescribeInstancePatchStatesForPatchGroup to scope down the information returned by the API.
Example : To filter for all instances in a patch group having more than three patches with a FailedCount status, use the following for the filter:
The key for the filter. Supported values include the following:
The value for the filter. Must be an integer greater than or equal to 0.
The type of comparison that should be performed for the value.
dict
Response Syntax
{
'InstancePatchStates': [
{
'InstanceId': 'string',
'PatchGroup': 'string',
'BaselineId': 'string',
'SnapshotId': 'string',
'InstallOverrideList': 'string',
'OwnerInformation': 'string',
'InstalledCount': 123,
'InstalledOtherCount': 123,
'InstalledPendingRebootCount': 123,
'InstalledRejectedCount': 123,
'MissingCount': 123,
'FailedCount': 123,
'UnreportedNotApplicableCount': 123,
'NotApplicableCount': 123,
'OperationStartTime': datetime(2015, 1, 1),
'OperationEndTime': datetime(2015, 1, 1),
'Operation': 'Scan'|'Install',
'LastNoRebootInstallOperationTime': datetime(2015, 1, 1),
'RebootOption': 'RebootIfNeeded'|'NoReboot',
'CriticalNonCompliantCount': 123,
'SecurityNonCompliantCount': 123,
'OtherNonCompliantCount': 123
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
InstancePatchStates (list) --
The high-level patch state for the requested instances.
(dict) --
Defines the high-level patch compliance state for a managed instance, providing information about the number of installed, missing, not applicable, and failed patches along with metadata about the operation when this information was gathered for the instance.
InstanceId (string) --
The ID of the managed instance the high-level patch compliance information was collected for.
PatchGroup (string) --
The name of the patch group the managed instance belongs to.
BaselineId (string) --
The ID of the patch baseline used to patch the instance.
SnapshotId (string) --
The ID of the patch baseline snapshot used during the patching operation when this compliance data was collected.
InstallOverrideList (string) --
An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML format and specify in the SSM document AWS-RunPatchBaseline , overrides the patches specified by the default patch baseline.
For more information about the InstallOverrideList parameter, see About the ``AWS-RunPatchBaseline` https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-about-aws-runpatchbaseline.html`__ SSM document in the Amazon Web Services Systems Manager User Guide .
OwnerInformation (string) --
Placeholder information. This field will always be empty in the current release of the service.
InstalledCount (integer) --
The number of patches from the patch baseline that are installed on the instance.
InstalledOtherCount (integer) --
The number of patches not specified in the patch baseline that are installed on the instance.
InstalledPendingRebootCount (integer) --
The number of patches installed by Patch Manager since the last time the instance was rebooted.
InstalledRejectedCount (integer) --
The number of patches installed on an instance that are specified in a RejectedPatches list. Patches with a status of InstalledRejected were typically installed before they were added to a RejectedPatches list.
Note
If ALLOW_AS_DEPENDENCY is the specified option for RejectedPatchesAction , the value of InstalledRejectedCount will always be 0 (zero).
MissingCount (integer) --
The number of patches from the patch baseline that are applicable for the instance but aren't currently installed.
FailedCount (integer) --
The number of patches from the patch baseline that were attempted to be installed during the last patching operation, but failed to install.
UnreportedNotApplicableCount (integer) --
The number of patches beyond the supported limit of NotApplicableCount that aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.
NotApplicableCount (integer) --
The number of patches from the patch baseline that aren't applicable for the instance and therefore aren't installed on the instance. This number may be truncated if the list of patch names is very large. The number of patches beyond this limit are reported in UnreportedNotApplicableCount .
OperationStartTime (datetime) --
The time the most recent patching operation was started on the instance.
OperationEndTime (datetime) --
The time the most recent patching operation completed on the instance.
Operation (string) --
The type of patching operation that was performed: or
LastNoRebootInstallOperationTime (datetime) --
The time of the last attempt to patch the instance with NoReboot specified as the reboot option.
RebootOption (string) --
Indicates the reboot option specified in the patch baseline.
Note
Reboot options apply to Install operations only. Reboots aren't attempted for Patch Manager Scan operations.
CriticalNonCompliantCount (integer) --
The number of instances where patches that are specified as Critical for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
SecurityNonCompliantCount (integer) --
The number of instances where patches that are specified as Security in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
OtherNonCompliantCount (integer) --
The number of instances with patches installed that are specified as other than Critical or Security but aren't compliant with the patch baseline. The status of these instances is NON_COMPLIANT .
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves information about the patches on the specified instance and their state relative to the patch baseline being used for the instance.
See also: AWS API Documentation
Request Syntax
response = client.describe_instance_patches(
InstanceId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
NextToken='string',
MaxResults=123
)
[REQUIRED]
The ID of the instance whose patch state information should be retrieved.
Each element in the array is a structure containing a key-value pair.
Supported keys for DescribeInstancePatches include the following:
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
dict
Response Syntax
{
'Patches': [
{
'Title': 'string',
'KBId': 'string',
'Classification': 'string',
'Severity': 'string',
'State': 'INSTALLED'|'INSTALLED_OTHER'|'INSTALLED_PENDING_REBOOT'|'INSTALLED_REJECTED'|'MISSING'|'NOT_APPLICABLE'|'FAILED',
'InstalledTime': datetime(2015, 1, 1),
'CVEIds': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Patches (list) --
Each entry in the array is a structure containing:
(dict) --
Information about the state of a patch on a particular instance as it relates to the patch baseline used to patch the instance.
Title (string) --
The title of the patch.
KBId (string) --
The operating system-specific ID of the patch.
Classification (string) --
The classification of the patch, such as SecurityUpdates , Updates , and CriticalUpdates .
Severity (string) --
The severity of the patchsuch as Critical , Important , and Moderate .
State (string) --
The state of the patch on the instance, such as INSTALLED or FAILED.
For descriptions of each patch state, see About patch compliance in the Amazon Web Services Systems Manager User Guide .
InstalledTime (datetime) --
The date/time the patch was installed on the instance. Not all operating systems provide this level of information.
CVEIds (string) --
The IDs of one or more Common Vulnerabilities and Exposure (CVE) issues that are resolved by the patch.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Describes a specific delete inventory operation.
See also: AWS API Documentation
Request Syntax
response = client.describe_inventory_deletions(
DeletionId='string',
NextToken='string',
MaxResults=123
)
dict
Response Syntax
{
'InventoryDeletions': [
{
'DeletionId': 'string',
'TypeName': 'string',
'DeletionStartTime': datetime(2015, 1, 1),
'LastStatus': 'InProgress'|'Complete',
'LastStatusMessage': 'string',
'DeletionSummary': {
'TotalCount': 123,
'RemainingCount': 123,
'SummaryItems': [
{
'Version': 'string',
'Count': 123,
'RemainingCount': 123
},
]
},
'LastStatusUpdateTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
InventoryDeletions (list) --
A list of status items for deleted inventory.
(dict) --
Status information returned by the DeleteInventory operation.
DeletionId (string) --
The deletion ID returned by the DeleteInventory operation.
TypeName (string) --
The name of the inventory data type.
DeletionStartTime (datetime) --
The UTC timestamp when the delete operation started.
LastStatus (string) --
The status of the operation. Possible values are InProgress and Complete.
LastStatusMessage (string) --
Information about the status.
DeletionSummary (dict) --
Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the Amazon Web Services Systems Manager User Guide .
TotalCount (integer) --
The total number of items to delete. This count doesn't change during the delete operation.
RemainingCount (integer) --
Remaining number of items to delete.
SummaryItems (list) --
A list of counts and versions for deleted items.
(dict) --
Either a count, remaining count, or a version number in a delete inventory summary.
Version (string) --
The inventory type version.
Count (integer) --
A count of the number of deleted items.
RemainingCount (integer) --
The remaining number of items to delete.
LastStatusUpdateTime (datetime) --
The UTC timestamp of when the last status report.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Retrieves the individual task executions (one per target) for a particular task run as part of a maintenance window execution.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_window_execution_task_invocations(
WindowExecutionId='string',
TaskId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The ID of the maintenance window execution the task is part of.
[REQUIRED]
The ID of the specific task in the maintenance window task that should be retrieved.
Optional filters used to scope down the returned task invocations. The supported filter key is STATUS with the corresponding values PENDING , IN_PROGRESS , SUCCESS , FAILED , TIMED_OUT , CANCELLING , and CANCELLED .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
dict
Response Syntax
{
'WindowExecutionTaskInvocationIdentities': [
{
'WindowExecutionId': 'string',
'TaskExecutionId': 'string',
'InvocationId': 'string',
'ExecutionId': 'string',
'TaskType': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA',
'Parameters': 'string',
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1),
'OwnerInformation': 'string',
'WindowTargetId': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
WindowExecutionTaskInvocationIdentities (list) --
Information about the task invocation results per invocation.
(dict) --
Describes the information about a task invocation for a particular target as part of a task execution performed as part of a maintenance window execution.
WindowExecutionId (string) --
The ID of the maintenance window execution that ran the task.
TaskExecutionId (string) --
The ID of the specific task execution in the maintenance window execution.
InvocationId (string) --
The ID of the task invocation.
ExecutionId (string) --
The ID of the action performed in the service that actually handled the task invocation. If the task type is RUN_COMMAND , this value is the command ID.
TaskType (string) --
The task type.
Parameters (string) --
The parameters that were provided for the invocation when it was run.
Status (string) --
The status of the task invocation.
StatusDetails (string) --
The details explaining the status of the task invocation. Not available for all status values.
StartTime (datetime) --
The time the invocation started.
EndTime (datetime) --
The time the invocation finished.
OwnerInformation (string) --
User-provided value that was specified when the target was registered with the maintenance window. This was also included in any Amazon CloudWatch Events events raised during the task invocation.
WindowTargetId (string) --
The ID of the target definition in this maintenance window the invocation was performed for.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
For a given maintenance window execution, lists the tasks that were run.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_window_execution_tasks(
WindowExecutionId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The ID of the maintenance window execution whose task executions should be retrieved.
Optional filters used to scope down the returned tasks. The supported filter key is STATUS with the corresponding values PENDING , IN_PROGRESS , SUCCESS , FAILED , TIMED_OUT , CANCELLING , and CANCELLED .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
dict
Response Syntax
{
'WindowExecutionTaskIdentities': [
{
'WindowExecutionId': 'string',
'TaskExecutionId': 'string',
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1),
'TaskArn': 'string',
'TaskType': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
WindowExecutionTaskIdentities (list) --
Information about the task executions.
(dict) --
Information about a task execution performed as part of a maintenance window execution.
WindowExecutionId (string) --
The ID of the maintenance window execution that ran the task.
TaskExecutionId (string) --
The ID of the specific task execution in the maintenance window execution.
Status (string) --
The status of the task execution.
StatusDetails (string) --
The details explaining the status of the task execution. Not available for all status values.
StartTime (datetime) --
The time the task execution started.
EndTime (datetime) --
The time the task execution finished.
TaskArn (string) --
The Amazon Resource Name (ARN) of the task that ran.
TaskType (string) --
The type of task that ran.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Lists the executions of a maintenance window. This includes information about when the maintenance window was scheduled to be active, and information about tasks registered and run with the maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_window_executions(
WindowId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The ID of the maintenance window whose executions should be retrieved.
Each entry in the array is a structure containing:
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
dict
Response Syntax
{
'WindowExecutions': [
{
'WindowId': 'string',
'WindowExecutionId': 'string',
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
WindowExecutions (list) --
Information about the maintenance window executions.
(dict) --
Describes the information about an execution of a maintenance window.
WindowId (string) --
The ID of the maintenance window.
WindowExecutionId (string) --
The ID of the maintenance window execution.
Status (string) --
The status of the execution.
StatusDetails (string) --
The details explaining the status. Not available for all status values.
StartTime (datetime) --
The time the execution started.
EndTime (datetime) --
The time the execution finished.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves information about upcoming executions of a maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_window_schedule(
WindowId='string',
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
ResourceType='INSTANCE'|'RESOURCE_GROUP',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
The instance ID or key-value pair to retrieve information about.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
Filters used to limit the range of results. For example, you can limit maintenance window executions to only those scheduled before or after a certain date and time.
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
dict
Response Syntax
{
'ScheduledWindowExecutions': [
{
'WindowId': 'string',
'Name': 'string',
'ExecutionTime': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ScheduledWindowExecutions (list) --
Information about maintenance window executions scheduled for the specified time range.
(dict) --
Information about a scheduled execution for a maintenance window.
WindowId (string) --
The ID of the maintenance window to be run.
Name (string) --
The name of the maintenance window to be run.
ExecutionTime (string) --
The time, in ISO-8601 Extended format, that the maintenance window is scheduled to be run.
NextToken (string) --
The token for the next set of items to return. (You use this token in the next call.)
Exceptions
Lists the targets registered with the maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_window_targets(
WindowId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The ID of the maintenance window whose targets should be retrieved.
Optional filters that can be used to narrow down the scope of the returned window targets. The supported filter keys are Type , WindowTargetId , and OwnerInformation .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
dict
Response Syntax
{
'Targets': [
{
'WindowId': 'string',
'WindowTargetId': 'string',
'ResourceType': 'INSTANCE'|'RESOURCE_GROUP',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'OwnerInformation': 'string',
'Name': 'string',
'Description': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Targets (list) --
Information about the targets in the maintenance window.
(dict) --
The target registered with the maintenance window.
WindowId (string) --
The ID of the maintenance window to register the target with.
WindowTargetId (string) --
The ID of the target.
ResourceType (string) --
The type of target that is being registered with the maintenance window.
Targets (list) --
The targets, either instances or tags.
Specify instances using the following format:
Key=instanceids,Values=<instanceid1>,<instanceid2>
Tags are specified using the following format:
Key=<tag name>,Values=<tag value> .
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
OwnerInformation (string) --
A user-provided value that will be included in any Amazon CloudWatch Events events that are raised while running tasks for these targets in this maintenance window.
Name (string) --
The name for the maintenance window target.
Description (string) --
A description for the target.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Lists the tasks in a maintenance window.
Note
For maintenance window tasks without a specified target, you can't supply values for --max-errors and --max-concurrency . Instead, the system inserts a placeholder value of 1 , which may be reported in the response to this command. These values don't affect the running of your task and can be ignored.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_window_tasks(
WindowId='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The ID of the maintenance window whose tasks should be retrieved.
Optional filters used to narrow down the scope of the returned tasks. The supported filter keys are WindowTaskId , TaskArn , Priority , and TaskType .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
dict
Response Syntax
{
'Tasks': [
{
'WindowId': 'string',
'WindowTaskId': 'string',
'TaskArn': 'string',
'Type': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TaskParameters': {
'string': {
'Values': [
'string',
]
}
},
'Priority': 123,
'LoggingInfo': {
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'S3Region': 'string'
},
'ServiceRoleArn': 'string',
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'Name': 'string',
'Description': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Tasks (list) --
Information about the tasks in the maintenance window.
(dict) --
Information about a task defined for a maintenance window.
WindowId (string) --
The ID of the maintenance window where the task is registered.
WindowTaskId (string) --
The task ID.
TaskArn (string) --
The resource that the task uses during execution. For RUN_COMMAND and AUTOMATION task types, TaskArn is the Amazon Web Services Systems Manager (SSM document) name or ARN. For LAMBDA tasks, it's the function name or ARN. For STEP_FUNCTIONS tasks, it's the state machine ARN.
Type (string) --
The type of task.
Targets (list) --
The targets (either instances or tags). Instances are specified using Key=instanceids,Values=<instanceid1>,<instanceid2> . Tags are specified using Key=<tag name>,Values=<tag value> .
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TaskParameters (dict) --
The parameters that should be passed to the task when it is run.
Note
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
(string) --
(dict) --
Defines the values for a task parameter.
Values (list) --
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
Priority (integer) --
The priority of the task in the maintenance window. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
LoggingInfo (dict) --
Information about an S3 bucket to write task-level logs to.
Note
LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
S3BucketName (string) --
The name of an S3 bucket where execution logs are stored .
S3KeyPrefix (string) --
(Optional) The S3 bucket subfolder.
S3Region (string) --
The Region where the S3 bucket is located.
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
MaxConcurrency (string) --
The maximum number of targets this task can be run for, in parallel.
MaxErrors (string) --
The maximum number of errors allowed before this task stops being scheduled.
Name (string) --
The task name.
Description (string) --
A description of the task.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves the maintenance windows in an account.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_windows(
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
Optional filters used to narrow down the scope of the returned maintenance windows. Supported filter keys are Name and Enabled . For example, Name=MyMaintenanceWindow and Enabled=True .
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
The name of the filter.
The filter values.
dict
Response Syntax
{
'WindowIdentities': [
{
'WindowId': 'string',
'Name': 'string',
'Description': 'string',
'Enabled': True|False,
'Duration': 123,
'Cutoff': 123,
'Schedule': 'string',
'ScheduleTimezone': 'string',
'ScheduleOffset': 123,
'EndDate': 'string',
'StartDate': 'string',
'NextExecutionTime': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
WindowIdentities (list) --
Information about the maintenance windows.
(dict) --
Information about the maintenance window.
WindowId (string) --
The ID of the maintenance window.
Name (string) --
The name of the maintenance window.
Description (string) --
A description of the maintenance window.
Enabled (boolean) --
Indicates whether the maintenance window is enabled.
Duration (integer) --
The duration of the maintenance window in hours.
Cutoff (integer) --
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
Schedule (string) --
The schedule of the maintenance window in the form of a cron or rate expression.
ScheduleTimezone (string) --
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.
ScheduleOffset (integer) --
The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
EndDate (string) --
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive.
StartDate (string) --
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active.
NextExecutionTime (string) --
The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves information about the maintenance window targets or tasks that an instance is associated with.
See also: AWS API Documentation
Request Syntax
response = client.describe_maintenance_windows_for_target(
Targets=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
ResourceType='INSTANCE'|'RESOURCE_GROUP',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The instance ID or key-value pair to retrieve information about.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
[REQUIRED]
The type of resource you want to retrieve information about. For example, INSTANCE .
dict
Response Syntax
{
'WindowIdentities': [
{
'WindowId': 'string',
'Name': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
WindowIdentities (list) --
Information about the maintenance window targets and tasks an instance is associated with.
(dict) --
The maintenance window to which the specified target belongs.
WindowId (string) --
The ID of the maintenance window.
Name (string) --
The name of the maintenance window.
NextToken (string) --
The token for the next set of items to return. (You use this token in the next call.)
Exceptions
Query a set of OpsItems. You must have permission in Identity and Access Management (IAM) to query a list of OpsItems. For more information, see Getting started with OpsCenter in the Amazon Web Services Systems Manager User Guide .
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see OpsCenter in the Amazon Web Services Systems Manager User Guide .
See also: AWS API Documentation
Request Syntax
response = client.describe_ops_items(
OpsItemFilters=[
{
'Key': 'Status'|'CreatedBy'|'Source'|'Priority'|'Title'|'OpsItemId'|'CreatedTime'|'LastModifiedTime'|'ActualStartTime'|'ActualEndTime'|'PlannedStartTime'|'PlannedEndTime'|'OperationalData'|'OperationalDataKey'|'OperationalDataValue'|'ResourceId'|'AutomationId'|'Category'|'Severity'|'OpsItemType'|'ChangeRequestByRequesterArn'|'ChangeRequestByRequesterName'|'ChangeRequestByApproverArn'|'ChangeRequestByApproverName'|'ChangeRequestByTemplate'|'ChangeRequestByTargetsResourceGroup'|'InsightByType',
'Values': [
'string',
],
'Operator': 'Equal'|'Contains'|'GreaterThan'|'LessThan'
},
],
MaxResults=123,
NextToken='string'
)
One or more filters to limit the response.
*The Equals operator for Title matches the first 100 characters. If you specify more than 100 characters, they system returns an error that the filter value exceeds the length limit.
**If you filter the response by using the OperationalData operator, specify a key-value pair by using the following JSON format: {"key":"key_name","value":"a_value"}
Describes an OpsItem filter.
The name of the filter.
The filter value.
The operator used by the filter call.
dict
Response Syntax
{
'NextToken': 'string',
'OpsItemSummaries': [
{
'CreatedBy': 'string',
'CreatedTime': datetime(2015, 1, 1),
'LastModifiedBy': 'string',
'LastModifiedTime': datetime(2015, 1, 1),
'Priority': 123,
'Source': 'string',
'Status': 'Open'|'InProgress'|'Resolved'|'Pending'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'CompletedWithSuccess'|'CompletedWithFailure'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'PendingApproval'|'Approved'|'Rejected'|'Closed',
'OpsItemId': 'string',
'Title': 'string',
'OperationalData': {
'string': {
'Value': 'string',
'Type': 'SearchableString'|'String'
}
},
'Category': 'string',
'Severity': 'string',
'OpsItemType': 'string',
'ActualStartTime': datetime(2015, 1, 1),
'ActualEndTime': datetime(2015, 1, 1),
'PlannedStartTime': datetime(2015, 1, 1),
'PlannedEndTime': datetime(2015, 1, 1)
},
]
}
Response Structure
(dict) --
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
OpsItemSummaries (list) --
A list of OpsItems.
(dict) --
A count of OpsItems.
CreatedBy (string) --
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem.
CreatedTime (datetime) --
The date and time the OpsItem was created.
LastModifiedBy (string) --
The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem.
LastModifiedTime (datetime) --
The date and time the OpsItem was last updated.
Priority (integer) --
The importance of this OpsItem in relation to other OpsItems in the system.
Source (string) --
The impacted Amazon Web Services resource.
Status (string) --
The OpsItem status. Status can be Open , In Progress , or Resolved .
OpsItemId (string) --
The ID of the OpsItem.
Title (string) --
A short heading that describes the nature of the OpsItem and the impacted resource.
OperationalData (dict) --
Operational data is custom data that provides useful reference details about the OpsItem.
(string) --
(dict) --
An object that defines the value of the key and its type in the OperationalData map.
Value (string) --
The value of the OperationalData key.
Type (string) --
The type of key-value pair. Valid types include SearchableString and String .
Category (string) --
A list of OpsItems by category.
Severity (string) --
A list of OpsItems by severity.
OpsItemType (string) --
The type of OpsItem. Currently, the only valid values are /aws/changerequest and /aws/issue .
ActualStartTime (datetime) --
The time a runbook workflow started. Currently reported only for the OpsItem type /aws/changerequest .
ActualEndTime (datetime) --
The time a runbook workflow ended. Currently reported only for the OpsItem type /aws/changerequest .
PlannedStartTime (datetime) --
The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type /aws/changerequest .
PlannedEndTime (datetime) --
The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest .
Exceptions
Get information about a parameter.
Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults . If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken . You can specify the NextToken in a subsequent call to get the next set of results.
See also: AWS API Documentation
Request Syntax
response = client.describe_parameters(
Filters=[
{
'Key': 'Name'|'Type'|'KeyId',
'Values': [
'string',
]
},
],
ParameterFilters=[
{
'Key': 'string',
'Option': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
This data type is deprecated. Instead, use ParameterFilters .
This data type is deprecated. Instead, use ParameterStringFilter .
The name of the filter.
The filter values.
Filters to limit the request results.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter.
The ParameterStringFilter object is used by the DescribeParameters and GetParametersByPath API operations. However, not all of the pattern values listed for Key can be used with both operations.
For DescribeActions , all of the listed patterns are valid, with the exception of Label .
For GetParametersByPath , the following patterns listed for Key aren't valid: tag , Name , Path , and Tier .
For examples of Amazon Web Services CLI commands demonstrating valid parameter filter constructions, see Searching for Systems Manager parameters in the Amazon Web Services Systems Manager User Guide .
For all filters used with DescribeParameters , valid options include Equals and BeginsWith . The Name filter additionally supports the Contains option. (Exception: For filters using the key Path , valid options include Recursive and OneLevel .)
For filters used with GetParametersByPath , valid options include Equals and BeginsWith . (Exception: For filters using Label as the Key name, the only valid option is Equals .)
The value you want to search for.
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'KeyId': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'LastModifiedUser': 'string',
'Description': 'string',
'AllowedPattern': 'string',
'Version': 123,
'Tier': 'Standard'|'Advanced'|'Intelligent-Tiering',
'Policies': [
{
'PolicyText': 'string',
'PolicyType': 'string',
'PolicyStatus': 'string'
},
],
'DataType': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Parameters (list) --
Parameters returned by the request.
(dict) --
Metadata includes information like the ARN of the last user and the date/time the parameter was last used.
Name (string) --
The parameter name.
Type (string) --
The type of parameter. Valid parameter types include the following: String , StringList , and SecureString .
KeyId (string) --
The ID of the query key used for this parameter.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated.
LastModifiedUser (string) --
Amazon Resource Name (ARN) of the Amazon Web Services user who last changed the parameter.
Description (string) --
Description of the parameter actions.
AllowedPattern (string) --
A parameter name can include only the following letters and symbols.
Version (integer) --
The parameter version.
Tier (string) --
The parameter tier.
Policies (list) --
A list of policies associated with a parameter.
(dict) --
One or more policies assigned to a parameter.
PolicyText (string) --
The JSON text of the policy.
PolicyType (string) --
The type of policy. Parameter Store, a capablility of Amazon Web Services Systems Manager, supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
PolicyStatus (string) --
The status of the policy. Policies report the following statuses: Pending (the policy hasn't been enforced or applied yet), Finished (the policy was applied), Failed (the policy wasn't applied), or InProgress (the policy is being applied now).
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
NextToken (string) --
The token to use when requesting the next set of items.
Exceptions
Lists the patch baselines in your account.
See also: AWS API Documentation
Request Syntax
response = client.describe_patch_baselines(
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
Each element in the array is a structure containing a key-value pair.
Supported keys for DescribePatchBaselines include the following:
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
dict
Response Syntax
{
'BaselineIdentities': [
{
'BaselineId': 'string',
'BaselineName': 'string',
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
'BaselineDescription': 'string',
'DefaultBaseline': True|False
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
BaselineIdentities (list) --
An array of PatchBaselineIdentity elements.
(dict) --
Defines the basic information about a patch baseline.
BaselineId (string) --
The ID of the patch baseline.
BaselineName (string) --
The name of the patch baseline.
OperatingSystem (string) --
Defines the operating system the patch baseline applies to. The default value is WINDOWS .
BaselineDescription (string) --
The description of the patch baseline.
DefaultBaseline (boolean) --
Whether this is the default baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Returns high-level aggregated patch compliance state information for a patch group.
See also: AWS API Documentation
Request Syntax
response = client.describe_patch_group_state(
PatchGroup='string'
)
[REQUIRED]
The name of the patch group whose patch snapshot should be retrieved.
{
'Instances': 123,
'InstancesWithInstalledPatches': 123,
'InstancesWithInstalledOtherPatches': 123,
'InstancesWithInstalledPendingRebootPatches': 123,
'InstancesWithInstalledRejectedPatches': 123,
'InstancesWithMissingPatches': 123,
'InstancesWithFailedPatches': 123,
'InstancesWithNotApplicablePatches': 123,
'InstancesWithUnreportedNotApplicablePatches': 123,
'InstancesWithCriticalNonCompliantPatches': 123,
'InstancesWithSecurityNonCompliantPatches': 123,
'InstancesWithOtherNonCompliantPatches': 123
}
Response Structure
The number of instances in the patch group.
The number of instances with installed patches.
The number of instances with patches installed that aren't defined in the patch baseline.
The number of instances with patches installed by Patch Manager that haven't been rebooted after the patch installation. The status of these instances is NON_COMPLIANT .
The number of instances with patches installed that are specified in a RejectedPatches list. Patches with a status of INSTALLED_REJECTED were typically installed before they were added to a RejectedPatches list.
Note
If ALLOW_AS_DEPENDENCY is the specified option for RejectedPatchesAction , the value of InstancesWithInstalledRejectedPatches will always be 0 (zero).
The number of instances with missing patches from the patch baseline.
The number of instances with patches from the patch baseline that failed to install.
The number of instances with patches that aren't applicable.
The number of instances with NotApplicable patches beyond the supported limit, which aren't reported by name to Inventory. Inventory is a capability of Amazon Web Services Systems Manager.
The number of instances where patches that are specified as Critical for compliance reporting in the patch baseline aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
The number of instances where patches that are specified as Security in a patch advisory aren't installed. These patches might be missing, have failed installation, were rejected, or were installed but awaiting a required instance reboot. The status of these instances is NON_COMPLIANT .
The number of instances with patches installed that are specified as other than Critical or Security but aren't compliant with the patch baseline. The status of these instances is NON_COMPLIANT .
Exceptions
Lists all patch groups that have been registered with patch baselines.
See also: AWS API Documentation
Request Syntax
response = client.describe_patch_groups(
MaxResults=123,
Filters=[
{
'Key': 'string',
'Values': [
'string',
]
},
],
NextToken='string'
)
Each element in the array is a structure containing a key-value pair.
Supported keys for DescribePatchGroups include the following:
Defines a filter used in Patch Manager APIs. Supported filter keys depend on the API operation that includes the filter. Patch Manager API operations that use PatchOrchestratorFilter include the following:
The key for the filter.
The value for the filter.
dict
Response Syntax
{
'Mappings': [
{
'PatchGroup': 'string',
'BaselineIdentity': {
'BaselineId': 'string',
'BaselineName': 'string',
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
'BaselineDescription': 'string',
'DefaultBaseline': True|False
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Mappings (list) --
Each entry in the array contains:
(dict) --
The mapping between a patch group and the patch baseline the patch group is registered with.
PatchGroup (string) --
The name of the patch group registered with the patch baseline.
BaselineIdentity (dict) --
The patch baseline the patch group is registered with.
BaselineId (string) --
The ID of the patch baseline.
BaselineName (string) --
The name of the patch baseline.
OperatingSystem (string) --
Defines the operating system the patch baseline applies to. The default value is WINDOWS .
BaselineDescription (string) --
The description of the patch baseline.
DefaultBaseline (boolean) --
Whether this is the default baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Lists the properties of available patches organized by product, product family, classification, severity, and other properties of available patches. You can use the reported properties in the filters you specify in requests for operations such as CreatePatchBaseline , UpdatePatchBaseline , DescribeAvailablePatches , and DescribePatchBaselines .
The following section lists the properties that can be used in filters for each major operating system type:
AMAZON_LINUX
Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
AMAZON_LINUX_2
Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
CENTOS
Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
DEBIAN
Valid properties: PRODUCT | PRIORITY
MACOS
Valid properties: PRODUCT | CLASSIFICATION
ORACLE_LINUX
Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
REDHAT_ENTERPRISE_LINUX
Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
SUSE
Valid properties: PRODUCT | CLASSIFICATION | SEVERITY
UBUNTU
Valid properties: PRODUCT | PRIORITY
WINDOWS
Valid properties: PRODUCT | PRODUCT_FAMILY | CLASSIFICATION | MSRC_SEVERITY
See also: AWS API Documentation
Request Syntax
response = client.describe_patch_properties(
OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
Property='PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'MSRC_SEVERITY'|'PRIORITY'|'SEVERITY',
PatchSet='OS'|'APPLICATION',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The operating system type for which to list patches.
[REQUIRED]
The patch property for which you want to view patch details.
dict
Response Syntax
{
'Properties': [
{
'string': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Properties (list) --
A list of the properties for patches matching the filter request parameters.
NextToken (string) --
The token for the next set of items to return. (You use this token in the next call.)
Exceptions
Retrieves a list of all active sessions (both connected and disconnected) or terminated sessions from the past 30 days.
See also: AWS API Documentation
Request Syntax
response = client.describe_sessions(
State='Active'|'History',
MaxResults=123,
NextToken='string',
Filters=[
{
'key': 'InvokedAfter'|'InvokedBefore'|'Target'|'Owner'|'Status'|'SessionId',
'value': 'string'
},
]
)
[REQUIRED]
The session status to retrieve a list of sessions for. For example, "Active".
One or more filters to limit the type of sessions returned by the request.
Describes a filter for Session Manager information.
The name of the filter.
The filter value. Valid values for each filter key are as follows:
dict
Response Syntax
{
'Sessions': [
{
'SessionId': 'string',
'Target': 'string',
'Status': 'Connected'|'Connecting'|'Disconnected'|'Terminated'|'Terminating'|'Failed',
'StartDate': datetime(2015, 1, 1),
'EndDate': datetime(2015, 1, 1),
'DocumentName': 'string',
'Owner': 'string',
'Details': 'string',
'OutputUrl': {
'S3OutputUrl': 'string',
'CloudWatchOutputUrl': 'string'
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Sessions (list) --
A list of sessions meeting the request parameters.
(dict) --
Information about a Session Manager connection to an instance.
SessionId (string) --
The ID of the session.
Target (string) --
The instance that the Session Manager session connected to.
Status (string) --
The status of the session. For example, "Connected" or "Terminated".
StartDate (datetime) --
The date and time, in ISO-8601 Extended format, when the session began.
EndDate (datetime) --
The date and time, in ISO-8601 Extended format, when the session was terminated.
DocumentName (string) --
The name of the Session Manager SSM document used to define the parameters and plugin settings for the session. For example, SSM-SessionManagerRunShell .
Owner (string) --
The ID of the Amazon Web Services user account that started the session.
Details (string) --
Reserved for future use.
OutputUrl (dict) --
Reserved for future use.
S3OutputUrl (string) --
Reserved for future use.
CloudWatchOutputUrl (string) --
Reserved for future use.
NextToken (string) --
The token for the next set of items to return. (You received this token from a previous call.)
Exceptions
Deletes the association between an OpsItem and a related resource. For example, this API operation can delete an Incident Manager incident from an OpsItem. Incident Manager is a capability of Amazon Web Services Systems Manager.
See also: AWS API Documentation
Request Syntax
response = client.disassociate_ops_item_related_item(
OpsItemId='string',
AssociationId='string'
)
[REQUIRED]
The ID of the OpsItem for which you want to delete an association between the OpsItem and a related resource.
[REQUIRED]
The ID of the association for which you want to delete an association between the OpsItem and a related resource.
dict
Response Syntax
{}
Response Structure
Exceptions
Generate a presigned url given a client, its method, and arguments
The presigned url
Get detailed information about a particular Automation execution.
See also: AWS API Documentation
Request Syntax
response = client.get_automation_execution(
AutomationExecutionId='string'
)
[REQUIRED]
The unique identifier for an existing automation execution to examine. The execution ID is returned by StartAutomationExecution when the execution of an Automation runbook is initiated.
{
'AutomationExecution': {
'AutomationExecutionId': 'string',
'DocumentName': 'string',
'DocumentVersion': 'string',
'ExecutionStartTime': datetime(2015, 1, 1),
'ExecutionEndTime': datetime(2015, 1, 1),
'AutomationExecutionStatus': 'Pending'|'InProgress'|'Waiting'|'Success'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'PendingApproval'|'Approved'|'Rejected'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'CompletedWithSuccess'|'CompletedWithFailure',
'StepExecutions': [
{
'StepName': 'string',
'Action': 'string',
'TimeoutSeconds': 123,
'OnFailure': 'string',
'MaxAttempts': 123,
'ExecutionStartTime': datetime(2015, 1, 1),
'ExecutionEndTime': datetime(2015, 1, 1),
'StepStatus': 'Pending'|'InProgress'|'Waiting'|'Success'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'PendingApproval'|'Approved'|'Rejected'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'CompletedWithSuccess'|'CompletedWithFailure',
'ResponseCode': 'string',
'Inputs': {
'string': 'string'
},
'Outputs': {
'string': [
'string',
]
},
'Response': 'string',
'FailureMessage': 'string',
'FailureDetails': {
'FailureStage': 'string',
'FailureType': 'string',
'Details': {
'string': [
'string',
]
}
},
'StepExecutionId': 'string',
'OverriddenParameters': {
'string': [
'string',
]
},
'IsEnd': True|False,
'NextStep': 'string',
'IsCritical': True|False,
'ValidNextSteps': [
'string',
],
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TargetLocation': {
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
}
},
],
'StepExecutionsTruncated': True|False,
'Parameters': {
'string': [
'string',
]
},
'Outputs': {
'string': [
'string',
]
},
'FailureMessage': 'string',
'Mode': 'Auto'|'Interactive',
'ParentAutomationExecutionId': 'string',
'ExecutedBy': 'string',
'CurrentStepName': 'string',
'CurrentAction': 'string',
'TargetParameterName': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TargetMaps': [
{
'string': [
'string',
]
},
],
'ResolvedTargets': {
'ParameterValues': [
'string',
],
'Truncated': True|False
},
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'Target': 'string',
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
],
'ProgressCounters': {
'TotalSteps': 123,
'SuccessSteps': 123,
'FailedSteps': 123,
'CancelledSteps': 123,
'TimedOutSteps': 123
},
'AutomationSubtype': 'ChangeRequest',
'ScheduledTime': datetime(2015, 1, 1),
'Runbooks': [
{
'DocumentName': 'string',
'DocumentVersion': 'string',
'Parameters': {
'string': [
'string',
]
},
'TargetParameterName': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'TargetLocations': [
{
'Accounts': [
'string',
],
'Regions': [
'string',
],
'TargetLocationMaxConcurrency': 'string',
'TargetLocationMaxErrors': 'string',
'ExecutionRoleName': 'string'
},
]
},
],
'OpsItemId': 'string',
'AssociationId': 'string',
'ChangeRequestName': 'string'
}
}
Response Structure
Detailed information about the current state of an automation execution.
The execution ID.
The name of the Automation runbook used during the execution.
The version of the document to use during execution.
The time the execution started.
The time the execution finished.
The execution status of the Automation.
A list of details about the current state of all steps that comprise an execution. An Automation runbook contains a list of steps that are run in order.
Detailed information about an the execution state of an Automation step.
The name of this execution step.
The action this step performs. The action determines the behavior of the step.
The timeout seconds of the step.
The action to take if the step fails. The default value is Abort .
The maximum number of tries to run the action of the step. The default value is 1 .
If a step has begun execution, this contains the time the step started. If the step is in Pending status, this field isn't populated.
If a step has finished execution, this contains the time the execution ended. If the step hasn't yet concluded, this field isn't populated.
The execution status for this step.
The response code returned by the execution of the step.
Fully-resolved values passed into the step before execution.
Returned values from the execution of the step.
A message associated with the response code for an execution.
If a step failed, this message explains why the execution failed.
Information about the Automation failure.
The stage of the Automation execution when the failure occurred. The stages include the following: InputValidation, PreVerification, Invocation, PostVerification.
The type of Automation failure. Failure types include the following: Action, Permission, Throttling, Verification, Internal.
Detailed information about the Automation step failure.
The unique ID of a step execution.
A user-specified list of parameters to override when running a step.
The flag which can be used to end automation no matter whether the step succeeds or fails.
The next step after the step succeeds.
The flag which can be used to help decide whether the failure of current step leads to the Automation failure.
Strategies used when step fails, we support Continue and Abort. Abort will fail the automation when the step fails. Continue will ignore the failure of current step and allow automation to run the next step. With conditional branching, we add step:stepName to support the automation to go to another specific step.
The targets for the step execution.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
A boolean value that indicates if the response contains the full list of the Automation step executions. If true, use the DescribeAutomationStepExecutions API operation to get the full list of step executions.
The key-value map of execution parameters, which were supplied when calling StartAutomationExecution .
The list of execution outputs as defined in the Automation runbook.
A message describing why an execution has failed, if the status is set to Failed.
The automation execution mode.
The AutomationExecutionId of the parent automation.
The Amazon Resource Name (ARN) of the user who ran the automation.
The name of the step that is currently running.
The action of the step that is currently running.
The parameter name.
The specified targets.
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
The specified key-value mapping of document parameters to target resources.
A list of resolved targets in the rate control execution.
A list of parameter values sent to targets that resolved during the Automation execution.
A boolean value indicating whether the resolved target list is truncated.
The MaxConcurrency value specified by the user when the execution started.
The MaxErrors value specified by the user when the execution started.
The target of the execution.
The combination of Regions and/or accounts where you want to run the Automation.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
An aggregate of step execution statuses displayed in the Amazon Web Services Systems Manager console for a multi-Region and multi-account Automation execution.
The total number of steps run in all specified Regions and accounts for the current Automation execution.
The total number of steps that successfully completed in all specified Regions and accounts for the current Automation execution.
The total number of steps that failed to run in all specified Regions and accounts for the current Automation execution.
The total number of steps that the system cancelled in all specified Regions and accounts for the current Automation execution.
The total number of steps that timed out in all specified Regions and accounts for the current Automation execution.
The subtype of the Automation operation. Currently, the only supported value is ChangeRequest .
The date and time the Automation operation is scheduled to start.
Information about the Automation runbooks that are run as part of a runbook workflow.
Note
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
Information about an Automation runbook used in a runbook workflow in Change Manager.
Note
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
The name of the Automation runbook used in a runbook workflow.
The version of the Automation runbook used in a runbook workflow.
The key-value map of execution parameters, which were supplied when calling StartChangeRequestExecution .
The name of the parameter used as the target resource for the rate-controlled runbook workflow. Required if you specify Targets .
A key-value mapping to target resources that the runbook operation performs tasks on. Required if you specify TargetParameterName .
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
User-defined criteria for sending commands that target instances that meet the criteria.
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
The MaxConcurrency value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time.
The MaxErrors value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back.
Information about the Regions and accounts targeted by the current Runbook operation.
The combination of Regions and accounts targeted by the current Automation execution.
The accounts targeted by the current Automation execution.
The Regions targeted by the current Automation execution.
The maximum number of Regions and accounts allowed to run the Automation concurrently.
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole .
The ID of an OpsItem that is created to represent a Change Manager change request.
The ID of a State Manager association used in the Automation operation.
The name of the Change Manager change request.
Exceptions
Gets the state of a Amazon Web Services Systems Manager change calendar at the current time or a specified time. If you specify a time, GetCalendarState returns the state of the calendar at that specific time, and returns the next time that the change calendar state will transition. If you don't specify a time, GetCalendarState uses the current time. Change Calendar entries have two possible states: OPEN or CLOSED .
If you specify more than one calendar in a request, the command returns the status of OPEN only if all calendars in the request are open. If one or more calendars in the request are closed, the status returned is CLOSED .
For more information about Change Calendar, a capability of Amazon Web Services Systems Manager, see Amazon Web Services Systems Manager Change Calendar in the Amazon Web Services Systems Manager User Guide .
See also: AWS API Documentation
Request Syntax
response = client.get_calendar_state(
CalendarNames=[
'string',
],
AtTime='string'
)
[REQUIRED]
The names or Amazon Resource Names (ARNs) of the Systems Manager documents (SSM documents) that represent the calendar entries for which you want to get the state.
dict
Response Syntax
{
'State': 'OPEN'|'CLOSED',
'AtTime': 'string',
'NextTransitionTime': 'string'
}
Response Structure
(dict) --
State (string) --
The state of the calendar. An OPEN calendar indicates that actions are allowed to proceed, and a CLOSED calendar indicates that actions aren't allowed to proceed.
AtTime (string) --
The time, as an ISO 8601 string, that you specified in your command. If you don't specify a time, GetCalendarState uses the current time.
NextTransitionTime (string) --
The time, as an ISO 8601 string, that the calendar state will change. If the current calendar state is OPEN , NextTransitionTime indicates when the calendar state changes to CLOSED , and vice-versa.
Exceptions
Returns detailed information about command execution for an invocation or plugin.
GetCommandInvocation only gives the execution status of a plugin in a document. To get the command execution status on a specific instance, use ListCommandInvocations . To get the command execution status across instances, use ListCommands .
See also: AWS API Documentation
Request Syntax
response = client.get_command_invocation(
CommandId='string',
InstanceId='string',
PluginName='string'
)
[REQUIRED]
(Required) The parent command ID of the invocation plugin.
[REQUIRED]
(Required) The ID of the managed instance targeted by the command. A managed instance can be an Amazon Elastic Compute Cloud (Amazon EC2) instance or an instance in your hybrid environment that is configured for Amazon Web Services Systems Manager.
The name of the plugin for which you want detailed results. If the document contains only one plugin, you can omit the name and details for that plugin. If the document contains more than one plugin, you must specify the name of the plugin for which you want to view details.
Plugin names are also referred to as step names in Systems Manager documents (SSM documents). For example, aws:RunShellScript is a plugin.
To find the PluginName , check the document content and find the name of the plugin. Alternatively, use ListCommandInvocations with the CommandId and Details parameters. The PluginName is the Name attribute of the CommandPlugin object in the CommandPlugins list.
dict
Response Syntax
{
'CommandId': 'string',
'InstanceId': 'string',
'Comment': 'string',
'DocumentName': 'string',
'DocumentVersion': 'string',
'PluginName': 'string',
'ResponseCode': 123,
'ExecutionStartDateTime': 'string',
'ExecutionElapsedTime': 'string',
'ExecutionEndDateTime': 'string',
'Status': 'Pending'|'InProgress'|'Delayed'|'Success'|'Cancelled'|'TimedOut'|'Failed'|'Cancelling',
'StatusDetails': 'string',
'StandardOutputContent': 'string',
'StandardOutputUrl': 'string',
'StandardErrorContent': 'string',
'StandardErrorUrl': 'string',
'CloudWatchOutputConfig': {
'CloudWatchLogGroupName': 'string',
'CloudWatchOutputEnabled': True|False
}
}
Response Structure
(dict) --
CommandId (string) --
The parent command ID of the invocation plugin.
InstanceId (string) --
The ID of the managed instance targeted by the command. A managed instance can be an EC2 instance or an instance in your hybrid environment that is configured for Systems Manager.
Comment (string) --
The comment text for the command.
DocumentName (string) --
The name of the document that was run. For example, AWS-RunShellScript .
DocumentVersion (string) --
The Systems Manager document (SSM document) version used in the request.
PluginName (string) --
The name of the plugin, or step name , for which details are reported. For example, aws:RunShellScript is a plugin.
ResponseCode (integer) --
The error level response code for the plugin script. If the response code is -1 , then the command hasn't started running on the instance, or it wasn't received by the instance.
ExecutionStartDateTime (string) --
The date and time the plugin started running. Date and time are written in ISO 8601 format. For example, June 7, 2017 is represented as 2017-06-7. The following sample Amazon Web Services CLI command uses the InvokedBefore filter.
aws ssm list-commands --filters key=InvokedBefore,value=2017-06-07T00:00:00Z
If the plugin hasn't started to run, the string is empty.
ExecutionElapsedTime (string) --
Duration since ExecutionStartDateTime .
ExecutionEndDateTime (string) --
The date and time the plugin finished running. Date and time are written in ISO 8601 format. For example, June 7, 2017 is represented as 2017-06-7. The following sample Amazon Web Services CLI command uses the InvokedAfter filter.
aws ssm list-commands --filters key=InvokedAfter,value=2017-06-07T00:00:00Z
If the plugin hasn't started to run, the string is empty.
Status (string) --
The status of this invocation plugin. This status can be different than StatusDetails .
StatusDetails (string) --
A detailed status of the command execution for an invocation. StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status . For more information about these statuses, see Understanding command statuses in the Amazon Web Services Systems Manager User Guide . StatusDetails can be one of the following values:
StandardOutputContent (string) --
The first 24,000 characters written by the plugin to stdout . If the command hasn't finished running, if ExecutionStatus is neither Succeeded nor Failed, then this string is empty.
StandardOutputUrl (string) --
The URL for the complete text written by the plugin to stdout in Amazon Simple Storage Service (Amazon S3). If an S3 bucket wasn't specified, then this string is empty.
StandardErrorContent (string) --
The first 8,000 characters written by the plugin to stderr . If the command hasn't finished running, then this string is empty.
StandardErrorUrl (string) --
The URL for the complete text written by the plugin to stderr . If the command hasn't finished running, then this string is empty.
CloudWatchOutputConfig (dict) --
Amazon CloudWatch Logs information where Systems Manager sent the command output.
CloudWatchLogGroupName (string) --
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
``aws/ssm/SystemsManagerDocumentName ``
CloudWatchOutputEnabled (boolean) --
Enables Systems Manager to send command output to CloudWatch Logs.
Exceptions
Retrieves the Session Manager connection status for an instance to determine whether it is running and ready to receive Session Manager connections.
See also: AWS API Documentation
Request Syntax
response = client.get_connection_status(
Target='string'
)
[REQUIRED]
The ID of the instance.
{
'Target': 'string',
'Status': 'Connected'|'NotConnected'
}
Response Structure
The ID of the instance to check connection status.
The status of the connection to the instance. For example, 'Connected' or 'Not Connected'.
Exceptions
Retrieves the default patch baseline. Amazon Web Services Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
If you don't specify an operating system value, the default patch baseline for Windows is returned.
See also: AWS API Documentation
Request Syntax
response = client.get_default_patch_baseline(
OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS'
)
{
'BaselineId': 'string',
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS'
}
Response Structure
The ID of the default patch baseline.
The operating system for the returned patch baseline.
Exceptions
Retrieves the current snapshot for the patch baseline the instance uses. This API is primarily used by the AWS-RunPatchBaseline Systems Manager document (SSM document).
Note
If you run the command locally, such as with the Command Line Interface (CLI), the system attempts to use your local AWS credentials and the operation fails. To avoid this, you can run the command in the Amazon Web Services Systems Manager console. Use Run Command, a capability of Amazon Web Services Systems Manager, with an SSM document that enables you to target an instance with a script or command. For example, run the command using the AWS-RunShellScript document or the AWS-RunPowerShellScript document.
See also: AWS API Documentation
Request Syntax
response = client.get_deployable_patch_snapshot_for_instance(
InstanceId='string',
SnapshotId='string',
BaselineOverride={
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
'GlobalFilters': {
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
'ApprovalRules': {
'PatchRules': [
{
'PatchFilterGroup': {
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApproveAfterDays': 123,
'ApproveUntilDate': 'string',
'EnableNonSecurity': True|False
},
]
},
'ApprovedPatches': [
'string',
],
'ApprovedPatchesComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'RejectedPatches': [
'string',
],
'RejectedPatchesAction': 'ALLOW_AS_DEPENDENCY'|'BLOCK',
'ApprovedPatchesEnableNonSecurity': True|False,
'Sources': [
{
'Name': 'string',
'Products': [
'string',
],
'Configuration': 'string'
},
]
}
)
[REQUIRED]
The ID of the instance for which the appropriate patch snapshot should be retrieved.
[REQUIRED]
The snapshot ID provided by the user when running AWS-RunPatchBaseline .
Defines the basic information about a patch baseline override.
The operating system rule used by the patch baseline override.
A set of patch filters, typically used for approval rules.
The set of patch filters that make up the group.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
A set of rules defining the approval rules for a patch baseline.
The rules that make up the rule group.
Defines an approval rule for a patch baseline.
The patch filter group that defines the criteria for the rule.
The set of patch filters that make up the group.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
A compliance severity level for all approved patches in a patch baseline.
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu Server.
The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
Enter dates in the format YYYY-MM-DD . For example, 2021-12-31 .
For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux instances only.
A list of explicitly approved patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide .
Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation.
A list of explicitly rejected patches for the baseline.
For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide .
The action for Patch Manager to take on patches included in the RejectedPackages list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency.
Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is false . Applies to Linux instances only.
Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
The name specified to identify the patch source.
The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter .
The value of the yum repo configuration. For example:
[main]name=MyCustomRepository
baseurl=https://my-custom-repository
enabled=1
Note
For information about other options available for your yum repository configuration, see dnf.conf(5) .
dict
Response Syntax
{
'InstanceId': 'string',
'SnapshotId': 'string',
'SnapshotDownloadUrl': 'string',
'Product': 'string'
}
Response Structure
(dict) --
InstanceId (string) --
The ID of the instance.
SnapshotId (string) --
The user-defined snapshot ID.
SnapshotDownloadUrl (string) --
A pre-signed Amazon Simple Storage Service (Amazon S3) URL that can be used to download the patch snapshot.
Product (string) --
Returns the specific operating system (for example Windows Server 2012 or Amazon Linux 2015.09) on the instance for the specified patch snapshot.
Exceptions
Gets the contents of the specified Amazon Web Services Systems Manager document (SSM document).
See also: AWS API Documentation
Request Syntax
response = client.get_document(
Name='string',
VersionName='string',
DocumentVersion='string',
DocumentFormat='YAML'|'JSON'|'TEXT'
)
[REQUIRED]
The name of the SSM document.
dict
Response Syntax
{
'Name': 'string',
'CreatedDate': datetime(2015, 1, 1),
'DisplayName': 'string',
'VersionName': 'string',
'DocumentVersion': 'string',
'Status': 'Creating'|'Active'|'Updating'|'Deleting'|'Failed',
'StatusInformation': 'string',
'Content': 'string',
'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate',
'DocumentFormat': 'YAML'|'JSON'|'TEXT',
'Requires': [
{
'Name': 'string',
'Version': 'string'
},
],
'AttachmentsContent': [
{
'Name': 'string',
'Size': 123,
'Hash': 'string',
'HashType': 'Sha256',
'Url': 'string'
},
],
'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED'
}
Response Structure
(dict) --
Name (string) --
The name of the SSM document.
CreatedDate (datetime) --
The date the SSM document was created.
DisplayName (string) --
The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument .
VersionName (string) --
The version of the artifact associated with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document, and can't be changed.
DocumentVersion (string) --
The document version.
Status (string) --
The status of the SSM document, such as Creating , Active , Updating , Failed , and Deleting .
StatusInformation (string) --
A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."
Content (string) --
The contents of the SSM document.
DocumentType (string) --
The document type.
DocumentFormat (string) --
The document format, either JSON or YAML.
Requires (list) --
A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.
(dict) --
An SSM document required by the current document.
Name (string) --
The name of the required SSM document. The name can be an Amazon Resource Name (ARN).
Version (string) --
The document version required by the current document.
AttachmentsContent (list) --
A description of the document attachments, including names, locations, sizes, and so on.
(dict) --
A structure that includes attributes that describe a document attachment.
Name (string) --
The name of an attachment.
Size (integer) --
The size of an attachment in bytes.
Hash (string) --
The cryptographic hash value of the document content.
HashType (string) --
The hash algorithm used to calculate the hash value.
Url (string) --
The URL location of the attachment content.
ReviewStatus (string) --
The current review status of a new custom Systems Manager document (SSM document) created by a member of your organization, or of the latest version of an existing SSM document.
Only one version of an SSM document can be in the APPROVED state at a time. When a new version is approved, the status of the previous version changes to REJECTED.
Only one version of an SSM document can be in review, or PENDING, at a time.
Exceptions
Query inventory information.
See also: AWS API Documentation
Request Syntax
response = client.get_inventory(
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'BeginWith'|'LessThan'|'GreaterThan'|'Exists'
},
],
Aggregators=[
{
'Expression': 'string',
'Aggregators': {'... recursive ...'},
'Groups': [
{
'Name': 'string',
'Filters': [
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'BeginWith'|'LessThan'|'GreaterThan'|'Exists'
},
]
},
]
},
],
ResultAttributes=[
{
'TypeName': 'string'
},
],
NextToken='string',
MaxResults=123
)
One or more filters. Use a filter to return a more specific list of results.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter key.
Inventory filter values. Example: inventory filter where instance IDs are specified as values Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal .
The type of filter.
Note
The Exists filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide .
Returns counts of inventory types based on one or more expressions. For example, if you aggregate by using an expression that uses the AWS:InstanceInformation.PlatformType type, you can see a count of how many Windows and Linux instances exist in your inventoried fleet.
Specifies the inventory type and attribute for the aggregation execution.
The inventory type and attribute name for aggregation.
Nested aggregators to further refine aggregation for an inventory type.
A user-defined set of one or more filters on which to aggregate inventory data. Groups return a count of resources that match and don't match the specified criteria.
A user-defined set of one or more filters on which to aggregate inventory data. Groups return a count of resources that match and don't match the specified criteria.
The name of the group.
Filters define the criteria for the group. The matchingCount field displays the number of resources that match the criteria. The notMatchingCount field displays the number of resources that don't match the criteria.
One or more filters. Use a filter to return a more specific list of results.
The name of the filter key.
Inventory filter values. Example: inventory filter where instance IDs are specified as values Key=AWS:InstanceInformation.InstanceId,Values= i-a12b3c4d5e6g, i-1a2b3c4d5e6,Type=Equal .
The type of filter.
Note
The Exists filter must be used with aggregators. For more information, see Aggregating inventory data in the Amazon Web Services Systems Manager User Guide .
The list of inventory item types to return.
The inventory item result attribute.
Name of the inventory item type. Valid value: AWS:InstanceInformation . Default Value: AWS:InstanceInformation .
dict
Response Syntax
{
'Entities': [
{
'Id': 'string',
'Data': {
'string': {
'TypeName': 'string',
'SchemaVersion': 'string',
'CaptureTime': 'string',
'ContentHash': 'string',
'Content': [
{
'string': 'string'
},
]
}
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Entities (list) --
Collection of inventory entities such as a collection of instance inventory.
(dict) --
Inventory query results.
Id (string) --
ID of the inventory result entity. For example, for managed instance inventory the result will be the managed instance ID. For EC2 instance inventory, the result will be the instance ID.
Data (dict) --
The data section in the inventory result entity JSON.
(string) --
(dict) --
The inventory result item.
TypeName (string) --
The name of the inventory result item type.
SchemaVersion (string) --
The schema version for the inventory result item/
CaptureTime (string) --
The time inventory item data was captured.
ContentHash (string) --
MD5 hash of the inventory item type contents. The content hash is used to determine whether to update inventory information. The PutInventory API doesn't update the inventory item type contents if the MD5 hash hasn't changed since last update.
Content (list) --
Contains all the inventory data of the item type. Results include attribute names and values.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Return a list of inventory type names for the account, or return a list of attribute names for a specific Inventory item type.
See also: AWS API Documentation
Request Syntax
response = client.get_inventory_schema(
TypeName='string',
NextToken='string',
MaxResults=123,
Aggregator=True|False,
SubType=True|False
)
dict
Response Syntax
{
'Schemas': [
{
'TypeName': 'string',
'Version': 'string',
'Attributes': [
{
'Name': 'string',
'DataType': 'string'|'number'
},
],
'DisplayName': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Schemas (list) --
Inventory schemas returned by the request.
(dict) --
The inventory item schema definition. Users can use this to compose inventory query filters.
TypeName (string) --
The name of the inventory type. Default inventory item type names start with Amazon Web Services. Custom inventory type names will start with Custom. Default inventory item types include the following: AWS:AWSComponent , AWS:Application , AWS:InstanceInformation , AWS:Network , and AWS:WindowsUpdate .
Version (string) --
The schema version for the inventory item.
Attributes (list) --
The schema attributes for inventory. This contains data type and attribute name.
(dict) --
Attributes are the entries within the inventory item content. It contains name and value.
Name (string) --
Name of the inventory item attribute.
DataType (string) --
The data type of the inventory item attribute.
DisplayName (string) --
The alias name of the inventory type. The alias name is used for display purposes.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Retrieves a maintenance window.
See also: AWS API Documentation
Request Syntax
response = client.get_maintenance_window(
WindowId='string'
)
[REQUIRED]
The ID of the maintenance window for which you want to retrieve information.
{
'WindowId': 'string',
'Name': 'string',
'Description': 'string',
'StartDate': 'string',
'EndDate': 'string',
'Schedule': 'string',
'ScheduleTimezone': 'string',
'ScheduleOffset': 123,
'NextExecutionTime': 'string',
'Duration': 123,
'Cutoff': 123,
'AllowUnassociatedTargets': True|False,
'Enabled': True|False,
'CreatedDate': datetime(2015, 1, 1),
'ModifiedDate': datetime(2015, 1, 1)
}
Response Structure
The ID of the created maintenance window.
The name of the maintenance window.
The description of the maintenance window.
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. The maintenance window won't run before this specified time.
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive. The maintenance window won't run after this specified time.
The schedule of the maintenance window in the form of a cron or rate expression.
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website.
The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
The next time the maintenance window will actually run, taking into account any specified times for the maintenance window to become active or inactive.
The duration of the maintenance window in hours.
The number of hours before the end of the maintenance window that Amazon Web Services Systems Manager stops scheduling new tasks for execution.
Whether targets must be registered with the maintenance window before tasks can be defined for those targets.
Indicates whether the maintenance window is enabled.
The date the maintenance window was created.
The date the maintenance window was last modified.
Exceptions
Retrieves details about a specific a maintenance window execution.
See also: AWS API Documentation
Request Syntax
response = client.get_maintenance_window_execution(
WindowExecutionId='string'
)
[REQUIRED]
The ID of the maintenance window execution that includes the task.
{
'WindowExecutionId': 'string',
'TaskIds': [
'string',
],
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1)
}
Response Structure
The ID of the maintenance window execution.
The ID of the task executions from the maintenance window execution.
The status of the maintenance window execution.
The details explaining the status. Not available for all status values.
The time the maintenance window started running.
The time the maintenance window finished running.
Exceptions
Retrieves the details about a specific task run as part of a maintenance window execution.
See also: AWS API Documentation
Request Syntax
response = client.get_maintenance_window_execution_task(
WindowExecutionId='string',
TaskId='string'
)
[REQUIRED]
The ID of the maintenance window execution that includes the task.
[REQUIRED]
The ID of the specific task execution in the maintenance window task that should be retrieved.
dict
Response Syntax
{
'WindowExecutionId': 'string',
'TaskExecutionId': 'string',
'TaskArn': 'string',
'ServiceRole': 'string',
'Type': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA',
'TaskParameters': [
{
'string': {
'Values': [
'string',
]
}
},
],
'Priority': 123,
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1)
}
Response Structure
(dict) --
WindowExecutionId (string) --
The ID of the maintenance window execution that includes the task.
TaskExecutionId (string) --
The ID of the specific task execution in the maintenance window task that was retrieved.
TaskArn (string) --
The Amazon Resource Name (ARN) of the task that ran.
ServiceRole (string) --
The role that was assumed when running the task.
Type (string) --
The type of task that was run.
TaskParameters (list) --
The parameters passed to the task when it was run.
Note
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
The map has the following format:
(dict) --
(string) --
(dict) --
Defines the values for a task parameter.
Values (list) --
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
Priority (integer) --
The priority of the task.
MaxConcurrency (string) --
The defined maximum number of task executions that could be run in parallel.
MaxErrors (string) --
The defined maximum number of task execution errors allowed before scheduling of the task execution would have been stopped.
Status (string) --
The status of the task.
StatusDetails (string) --
The details explaining the status. Not available for all status values.
StartTime (datetime) --
The time the task execution started.
EndTime (datetime) --
The time the task execution completed.
Exceptions
Retrieves information about a specific task running on a specific target.
See also: AWS API Documentation
Request Syntax
response = client.get_maintenance_window_execution_task_invocation(
WindowExecutionId='string',
TaskId='string',
InvocationId='string'
)
[REQUIRED]
The ID of the maintenance window execution for which the task is a part.
[REQUIRED]
The ID of the specific task in the maintenance window task that should be retrieved.
[REQUIRED]
The invocation ID to retrieve.
dict
Response Syntax
{
'WindowExecutionId': 'string',
'TaskExecutionId': 'string',
'InvocationId': 'string',
'ExecutionId': 'string',
'TaskType': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA',
'Parameters': 'string',
'Status': 'PENDING'|'IN_PROGRESS'|'SUCCESS'|'FAILED'|'TIMED_OUT'|'CANCELLING'|'CANCELLED'|'SKIPPED_OVERLAPPING',
'StatusDetails': 'string',
'StartTime': datetime(2015, 1, 1),
'EndTime': datetime(2015, 1, 1),
'OwnerInformation': 'string',
'WindowTargetId': 'string'
}
Response Structure
(dict) --
WindowExecutionId (string) --
The maintenance window execution ID.
TaskExecutionId (string) --
The task execution ID.
InvocationId (string) --
The invocation ID.
ExecutionId (string) --
The execution ID.
TaskType (string) --
Retrieves the task type for a maintenance window.
Parameters (string) --
The parameters used at the time that the task ran.
Status (string) --
The task status for an invocation.
StatusDetails (string) --
The details explaining the status. Details are only available for certain status values.
StartTime (datetime) --
The time that the task started running on the target.
EndTime (datetime) --
The time that the task finished running on the target.
OwnerInformation (string) --
User-provided value to be included in any Amazon CloudWatch Events or Amazon EventBridge events raised while running tasks for these targets in this maintenance window.
WindowTargetId (string) --
The maintenance window target ID.
Exceptions
Lists the tasks in a maintenance window.
Note
For maintenance window tasks without a specified target, you can't supply values for --max-errors and --max-concurrency . Instead, the system inserts a placeholder value of 1 , which may be reported in the response to this command. These values don't affect the running of your task and can be ignored.
See also: AWS API Documentation
Request Syntax
response = client.get_maintenance_window_task(
WindowId='string',
WindowTaskId='string'
)
[REQUIRED]
The maintenance window ID that includes the task to retrieve.
[REQUIRED]
The maintenance window task ID to retrieve.
dict
Response Syntax
{
'WindowId': 'string',
'WindowTaskId': 'string',
'Targets': [
{
'Key': 'string',
'Values': [
'string',
]
},
],
'TaskArn': 'string',
'ServiceRoleArn': 'string',
'TaskType': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA',
'TaskParameters': {
'string': {
'Values': [
'string',
]
}
},
'TaskInvocationParameters': {
'RunCommand': {
'Comment': 'string',
'CloudWatchOutputConfig': {
'CloudWatchLogGroupName': 'string',
'CloudWatchOutputEnabled': True|False
},
'DocumentHash': 'string',
'DocumentHashType': 'Sha256'|'Sha1',
'DocumentVersion': 'string',
'NotificationConfig': {
'NotificationArn': 'string',
'NotificationEvents': [
'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed',
],
'NotificationType': 'Command'|'Invocation'
},
'OutputS3BucketName': 'string',
'OutputS3KeyPrefix': 'string',
'Parameters': {
'string': [
'string',
]
},
'ServiceRoleArn': 'string',
'TimeoutSeconds': 123
},
'Automation': {
'DocumentVersion': 'string',
'Parameters': {
'string': [
'string',
]
}
},
'StepFunctions': {
'Input': 'string',
'Name': 'string'
},
'Lambda': {
'ClientContext': 'string',
'Qualifier': 'string',
'Payload': b'bytes'
}
},
'Priority': 123,
'MaxConcurrency': 'string',
'MaxErrors': 'string',
'LoggingInfo': {
'S3BucketName': 'string',
'S3KeyPrefix': 'string',
'S3Region': 'string'
},
'Name': 'string',
'Description': 'string'
}
Response Structure
(dict) --
WindowId (string) --
The retrieved maintenance window ID.
WindowTaskId (string) --
The retrieved maintenance window task ID.
Targets (list) --
The targets where the task should run.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide .
Supported formats include the following.
For example:
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide .
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
TaskArn (string) --
The resource that the task used during execution. For RUN_COMMAND and AUTOMATION task types, the value of TaskArn is the SSM document name/ARN. For LAMBDA tasks, the value is the function name/ARN. For STEP_FUNCTIONS tasks, the value is the state machine ARN.
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TaskType (string) --
The type of task to run.
TaskParameters (dict) --
The parameters to pass to the task when it runs.
Note
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
(string) --
(dict) --
Defines the values for a task parameter.
Values (list) --
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
TaskInvocationParameters (dict) --
The parameters to pass to the task when it runs.
RunCommand (dict) --
The parameters for a RUN_COMMAND task type.
Comment (string) --
Information about the commands to run.
CloudWatchOutputConfig (dict) --
Configuration options for sending command output to Amazon CloudWatch Logs.
CloudWatchLogGroupName (string) --
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
``aws/ssm/SystemsManagerDocumentName ``
CloudWatchOutputEnabled (boolean) --
Enables Systems Manager to send command output to CloudWatch Logs.
DocumentHash (string) --
The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
DocumentHashType (string) --
SHA-256 or SHA-1. SHA-1 hashes have been deprecated.
DocumentVersion (string) --
The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify $DEFAULT , $LATEST , or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:
--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
NotificationConfig (dict) --
Configurations for sending notifications about command status changes on a per-instance basis.
NotificationArn (string) --
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents (list) --
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide .
NotificationType (string) --
The type of notification.
OutputS3BucketName (string) --
The name of the Amazon Simple Storage Service (Amazon S3) bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
Parameters (dict) --
The parameters for the RUN_COMMAND task execution.
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TimeoutSeconds (integer) --
If this time is reached and the command hasn't already started running, it doesn't run.
Automation (dict) --
The parameters for an AUTOMATION task type.
DocumentVersion (string) --
The version of an Automation runbook to use during task execution.
Parameters (dict) --
The parameters for the AUTOMATION task.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask .
Note
LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
For AUTOMATION task types, Amazon Web Services Systems Manager ignores any values specified for these parameters.
StepFunctions (dict) --
The parameters for a STEP_FUNCTIONS task type.
Input (string) --
The inputs for the STEP_FUNCTIONS task.
Name (string) --
The name of the STEP_FUNCTIONS task.
Lambda (dict) --
The parameters for a LAMBDA task type.
ClientContext (string) --
Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.
Qualifier (string) --
(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.
Payload (bytes) --
JSON to provide to your Lambda function as input.
Priority (integer) --
The priority of the task when it runs. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
MaxConcurrency (string) --
The maximum number of targets allowed to run this task in parallel.
Note
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1 , which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored.
MaxErrors (string) --
The maximum number of errors allowed before the task stops being scheduled.
Note
For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1 , which may be reported in the response to this command. This value doesn't affect the running of your task and can be ignored.
LoggingInfo (dict) --
The location in Amazon Simple Storage Service (Amazon S3) where the task results are logged.
Note
LoggingInfo has been deprecated. To specify an Amazon Simple Storage Service (Amazon S3) bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Amazon Web Services Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .
S3BucketName (string) --
The name of an S3 bucket where execution logs are stored .
S3KeyPrefix (string) --
(Optional) The S3 bucket subfolder.
S3Region (string) --
The Region where the S3 bucket is located.
Name (string) --
The retrieved task name.
Description (string) --
The retrieved task description.
Exceptions
Get information about an OpsItem by using the ID. You must have permission in Identity and Access Management (IAM) to view information about an OpsItem. For more information, see Getting started with OpsCenter in the Amazon Web Services Systems Manager User Guide .
Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see OpsCenter in the Amazon Web Services Systems Manager User Guide .
See also: AWS API Documentation
Request Syntax
response = client.get_ops_item(
OpsItemId='string'
)
[REQUIRED]
The ID of the OpsItem that you want to get.
{
'OpsItem': {
'CreatedBy': 'string',
'OpsItemType': 'string',
'CreatedTime': datetime(2015, 1, 1),
'Description': 'string',
'LastModifiedBy': 'string',
'LastModifiedTime': datetime(2015, 1, 1),
'Notifications': [
{
'Arn': 'string'
},
],
'Priority': 123,
'RelatedOpsItems': [
{
'OpsItemId': 'string'
},
],
'Status': 'Open'|'InProgress'|'Resolved'|'Pending'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'CompletedWithSuccess'|'CompletedWithFailure'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'PendingApproval'|'Approved'|'Rejected'|'Closed',
'OpsItemId': 'string',
'Version': 'string',
'Title': 'string',
'Source': 'string',
'OperationalData': {
'string': {
'Value': 'string',
'Type': 'SearchableString'|'String'
}
},
'Category': 'string',
'Severity': 'string',
'ActualStartTime': datetime(2015, 1, 1),
'ActualEndTime': datetime(2015, 1, 1),
'PlannedStartTime': datetime(2015, 1, 1),
'PlannedEndTime': datetime(2015, 1, 1)
}
}
Response Structure
The OpsItem.
The ARN of the account that created the OpsItem.
The type of OpsItem. Currently, the only valid values are /aws/changerequest and /aws/issue .
The date and time the OpsItem was created.
The OpsItem description.
The ARN of the account that last updated the OpsItem.
The date and time the OpsItem was last updated.
The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.
A notification about the OpsItem.
The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.
The importance of this OpsItem in relation to other OpsItems in the system.
One or more OpsItems that share something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
An OpsItems that shares something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
The ID of an OpsItem related to the current OpsItem.
The OpsItem status. Status can be Open , In Progress , or Resolved . For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide .
The ID of the OpsItem.
The version of this OpsItem. Each time the OpsItem is edited the version number increments by one.
A short heading that describes the nature of the OpsItem and the impacted resource.
The origin of the OpsItem, such as Amazon EC2 or Systems Manager. The impacted resource is a subset of source.
Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.
Warning
Operational data keys can't begin with the following: amazon , aws , amzn , ssm , /amazon , /aws , /amzn , /ssm .
You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).
Use the /aws/resources key in OperationalData to specify a related resource in the request. Use the /aws/automations key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Creating OpsItems manually in the Amazon Web Services Systems Manager User Guide .
An object that defines the value of the key and its type in the OperationalData map.
The value of the OperationalData key.
The type of key-value pair. Valid types include SearchableString and String .
An OpsItem category. Category options include: Availability, Cost, Performance, Recovery, Security.
The severity of the OpsItem. Severity options range from 1 to 4.
The time a runbook workflow started. Currently reported only for the OpsItem type /aws/changerequest .
The time a runbook workflow ended. Currently reported only for the OpsItem type /aws/changerequest .
The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type /aws/changerequest .
The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest .
Exceptions
View operational metadata related to an application in Application Manager.
See also: AWS API Documentation
Request Syntax
response = client.get_ops_metadata(
OpsMetadataArn='string',
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The Amazon Resource Name (ARN) of an OpsMetadata Object to view.
dict
Response Syntax
{
'ResourceId': 'string',
'Metadata': {
'string': {
'Value': 'string'
}
},
'NextToken': 'string'
}
Response Structure
(dict) --
ResourceId (string) --
The resource ID of the Application Manager application.
Metadata (dict) --
OpsMetadata for an Application Manager application.
(string) --
(dict) --
Metadata to assign to an Application Manager application.
Value (string) --
Metadata value to assign to an Application Manager application.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
View a summary of operations metadata (OpsData) based on specified filters and aggregators. OpsData can include information about Amazon Web Services Systems Manager OpsCenter operational workitems (OpsItems) as well as information about any Amazon Web Services resource or service configured to report OpsData to Amazon Web Services Systems Manager Explorer.
See also: AWS API Documentation
Request Syntax
response = client.get_ops_summary(
SyncName='string',
Filters=[
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'BeginWith'|'LessThan'|'GreaterThan'|'Exists'
},
],
Aggregators=[
{
'AggregatorType': 'string',
'TypeName': 'string',
'AttributeName': 'string',
'Values': {
'string': 'string'
},
'Filters': [
{
'Key': 'string',
'Values': [
'string',
],
'Type': 'Equal'|'NotEqual'|'BeginWith'|'LessThan'|'GreaterThan'|'Exists'
},
],
'Aggregators': {'... recursive ...'}
},
],
ResultAttributes=[
{
'TypeName': 'string'
},
],
NextToken='string',
MaxResults=123
)
Optional filters used to scope down the returned OpsData.
A filter for viewing OpsData summaries.
The name of the filter.
The filter value.
The type of filter.
Optional aggregators that return counts of OpsData based on one or more expressions.
One or more aggregators for viewing counts of OpsData using different dimensions such as Source , CreatedTime , or Source and CreatedTime , to name a few.
Either a Range or Count aggregator for limiting an OpsData summary.
The data type name to use for viewing counts of OpsData.
The name of an OpsData attribute on which to limit the count of OpsData.
The aggregator value.
The aggregator filters.
A filter for viewing OpsData summaries.
The name of the filter.
The filter value.
The type of filter.
A nested aggregator for viewing counts of OpsData.
The OpsData data type to return.
The OpsItem data type to return.
Name of the data type. Valid value: AWS:OpsItem , AWS:EC2InstanceInformation , AWS:OpsItemTrendline , or AWS:ComplianceSummary .
dict
Response Syntax
{
'Entities': [
{
'Id': 'string',
'Data': {
'string': {
'CaptureTime': 'string',
'Content': [
{
'string': 'string'
},
]
}
}
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Entities (list) --
The list of aggregated and filtered OpsData.
(dict) --
The result of the query.
Id (string) --
The query ID.
Data (dict) --
The data returned by the query.
(string) --
(dict) --
The OpsData summary.
CaptureTime (string) --
The time the OpsData was captured.
Content (list) --
The details of an OpsData summary.
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Create a paginator for an operation.
Get information about a parameter by using the parameter name. Don't confuse this API operation with the GetParameters API operation.
See also: AWS API Documentation
Request Syntax
response = client.get_parameter(
Name='string',
WithDecryption=True|False
)
[REQUIRED]
The name of the parameter you want to query.
dict
Response Syntax
{
'Parameter': {
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'Value': 'string',
'Version': 123,
'Selector': 'string',
'SourceResult': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'ARN': 'string',
'DataType': 'string'
}
}
Response Structure
(dict) --
Parameter (dict) --
Information about a parameter.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. Valid values include the following: String , StringList , and SecureString .
Value (string) --
The parameter value.
Version (integer) --
The parameter version.
Selector (string) --
Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:
parameter_name:version
parameter_name:label
SourceResult (string) --
Applies to parameters that reference information in other Amazon Web Services services. SourceResult is the raw result or response from the source.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated and the parameter version was created.
ARN (string) --
The Amazon Resource Name (ARN) of the parameter.
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
Exceptions
Retrieves the history of all changes to a parameter.
See also: AWS API Documentation
Request Syntax
response = client.get_parameter_history(
Name='string',
WithDecryption=True|False,
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The name of the parameter for which you want to review history.
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'KeyId': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'LastModifiedUser': 'string',
'Description': 'string',
'Value': 'string',
'AllowedPattern': 'string',
'Version': 123,
'Labels': [
'string',
],
'Tier': 'Standard'|'Advanced'|'Intelligent-Tiering',
'Policies': [
{
'PolicyText': 'string',
'PolicyType': 'string',
'PolicyStatus': 'string'
},
],
'DataType': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Parameters (list) --
A list of parameters returned by the request.
(dict) --
Information about parameter usage.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter used.
KeyId (string) --
The ID of the query key used for this parameter.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated.
LastModifiedUser (string) --
Amazon Resource Name (ARN) of the Amazon Web Services user who last changed the parameter.
Description (string) --
Information about the parameter.
Value (string) --
The parameter value.
AllowedPattern (string) --
Parameter names can include the following letters and symbols.
Version (integer) --
The parameter version.
Labels (list) --
Labels assigned to the parameter version.
Tier (string) --
The parameter tier.
Policies (list) --
Information about the policies assigned to a parameter.
Assigning parameter policies in the Amazon Web Services Systems Manager User Guide .
(dict) --
One or more policies assigned to a parameter.
PolicyText (string) --
The JSON text of the policy.
PolicyType (string) --
The type of policy. Parameter Store, a capablility of Amazon Web Services Systems Manager, supports the following policy types: Expiration, ExpirationNotification, and NoChangeNotification.
PolicyStatus (string) --
The status of the policy. Policies report the following statuses: Pending (the policy hasn't been enforced or applied yet), Finished (the policy was applied), Failed (the policy wasn't applied), or InProgress (the policy is being applied now).
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
Exceptions
Get details of a parameter. Don't confuse this API operation with the GetParameter API operation.
See also: AWS API Documentation
Request Syntax
response = client.get_parameters(
Names=[
'string',
],
WithDecryption=True|False
)
[REQUIRED]
Names of the parameters for which you want to query information.
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'Value': 'string',
'Version': 123,
'Selector': 'string',
'SourceResult': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'ARN': 'string',
'DataType': 'string'
},
],
'InvalidParameters': [
'string',
]
}
Response Structure
(dict) --
Parameters (list) --
A list of details for a parameter.
(dict) --
An Amazon Web Services Systems Manager parameter in Parameter Store.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. Valid values include the following: String , StringList , and SecureString .
Value (string) --
The parameter value.
Version (integer) --
The parameter version.
Selector (string) --
Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:
parameter_name:version
parameter_name:label
SourceResult (string) --
Applies to parameters that reference information in other Amazon Web Services services. SourceResult is the raw result or response from the source.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated and the parameter version was created.
ARN (string) --
The Amazon Resource Name (ARN) of the parameter.
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
InvalidParameters (list) --
A list of parameters that aren't formatted correctly or don't run during an execution.
Exceptions
Retrieve information about one or more parameters in a specific hierarchy.
Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults . If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken . You can specify the NextToken in a subsequent call to get the next set of results.
See also: AWS API Documentation
Request Syntax
response = client.get_parameters_by_path(
Path='string',
Recursive=True|False,
ParameterFilters=[
{
'Key': 'string',
'Option': 'string',
'Values': [
'string',
]
},
],
WithDecryption=True|False,
MaxResults=123,
NextToken='string'
)
[REQUIRED]
The hierarchy for the parameter. Hierarchies start with a forward slash (/). The hierachy is the parameter name except the last part of the parameter. For the API call to succeeed, the last part of the parameter name can't be in the path. A parameter name hierarchy can have a maximum of 15 levels. Here is an example of a hierarchy: /Finance/Prod/IAD/WinServ2016/license33
Retrieve all parameters within a hierarchy.
Warning
If a user has access to a path, then the user can access all levels of that path. For example, if a user has permission to access path /a , then the user can also access /a/b . Even if a user has explicitly been denied access in IAM for parameter /a/b , they can still call the GetParametersByPath API operation recursively for /a and view /a/b .
Filters to limit the request results.
Note
For GetParametersByPath , the following filter Key names are supported: Type , KeyId , Label , and DataType .
The following Key values are not supported for GetParametersByPath : tag , Name , Path , and Tier .
One or more filters. Use a filter to return a more specific list of results.
The name of the filter.
The ParameterStringFilter object is used by the DescribeParameters and GetParametersByPath API operations. However, not all of the pattern values listed for Key can be used with both operations.
For DescribeActions , all of the listed patterns are valid, with the exception of Label .
For GetParametersByPath , the following patterns listed for Key aren't valid: tag , Name , Path , and Tier .
For examples of Amazon Web Services CLI commands demonstrating valid parameter filter constructions, see Searching for Systems Manager parameters in the Amazon Web Services Systems Manager User Guide .
For all filters used with DescribeParameters , valid options include Equals and BeginsWith . The Name filter additionally supports the Contains option. (Exception: For filters using the key Path , valid options include Recursive and OneLevel .)
For filters used with GetParametersByPath , valid options include Equals and BeginsWith . (Exception: For filters using Label as the Key name, the only valid option is Equals .)
The value you want to search for.
dict
Response Syntax
{
'Parameters': [
{
'Name': 'string',
'Type': 'String'|'StringList'|'SecureString',
'Value': 'string',
'Version': 123,
'Selector': 'string',
'SourceResult': 'string',
'LastModifiedDate': datetime(2015, 1, 1),
'ARN': 'string',
'DataType': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Parameters (list) --
A list of parameters found in the specified hierarchy.
(dict) --
An Amazon Web Services Systems Manager parameter in Parameter Store.
Name (string) --
The name of the parameter.
Type (string) --
The type of parameter. Valid values include the following: String , StringList , and SecureString .
Value (string) --
The parameter value.
Version (integer) --
The parameter version.
Selector (string) --
Either the version number or the label used to retrieve the parameter value. Specify selectors by using one of the following formats:
parameter_name:version
parameter_name:label
SourceResult (string) --
Applies to parameters that reference information in other Amazon Web Services services. SourceResult is the raw result or response from the source.
LastModifiedDate (datetime) --
Date the parameter was last changed or updated and the parameter version was created.
ARN (string) --
The Amazon Resource Name (ARN) of the parameter.
DataType (string) --
The data type of the parameter, such as text or aws:ec2:image . The default is text .
NextToken (string) --
The token for the next set of items to return. Use this token to get the next set of results.
Exceptions
Retrieves information about a patch baseline.
See also: AWS API Documentation
Request Syntax
response = client.get_patch_baseline(
BaselineId='string'
)
[REQUIRED]
The ID of the patch baseline to retrieve.
{
'BaselineId': 'string',
'Name': 'string',
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS',
'GlobalFilters': {
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
'ApprovalRules': {
'PatchRules': [
{
'PatchFilterGroup': {
'PatchFilters': [
{
'Key': 'ARCH'|'ADVISORY_ID'|'BUGZILLA_ID'|'PATCH_SET'|'PRODUCT'|'PRODUCT_FAMILY'|'CLASSIFICATION'|'CVE_ID'|'EPOCH'|'MSRC_SEVERITY'|'NAME'|'PATCH_ID'|'SECTION'|'PRIORITY'|'REPOSITORY'|'RELEASE'|'SEVERITY'|'SECURITY'|'VERSION',
'Values': [
'string',
]
},
]
},
'ComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApproveAfterDays': 123,
'ApproveUntilDate': 'string',
'EnableNonSecurity': True|False
},
]
},
'ApprovedPatches': [
'string',
],
'ApprovedPatchesComplianceLevel': 'CRITICAL'|'HIGH'|'MEDIUM'|'LOW'|'INFORMATIONAL'|'UNSPECIFIED',
'ApprovedPatchesEnableNonSecurity': True|False,
'RejectedPatches': [
'string',
],
'RejectedPatchesAction': 'ALLOW_AS_DEPENDENCY'|'BLOCK',
'PatchGroups': [
'string',
],
'CreatedDate': datetime(2015, 1, 1),
'ModifiedDate': datetime(2015, 1, 1),
'Description': 'string',
'Sources': [
{
'Name': 'string',
'Products': [
'string',
],
'Configuration': 'string'
},
]
}
Response Structure
The ID of the retrieved patch baseline.
The name of the patch baseline.
Returns the operating system specified for the patch baseline.
A set of global filters used to exclude patches from the baseline.
The set of patch filters that make up the group.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
A set of rules used to include patches in the baseline.
The rules that make up the rule group.
Defines an approval rule for a patch baseline.
The patch filter group that defines the criteria for the rule.
The set of patch filters that make up the group.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET , PRODUCT , PRODUCT_FAMILY , CLASSIFICATION , and MSRC_SEVERITY .
The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"] , then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties .
The key for the filter.
Run the DescribePatchProperties command to view lists of valid keys for each operating system type.
The value for the filter key.
Run the DescribePatchProperties command to view lists of valid values for each key based on operating system type.
A compliance severity level for all approved patches in a patch baseline.
The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu Server.
The cutoff date for auto approval of released patches. Any patches released on or before this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
Enter dates in the format YYYY-MM-DD . For example, 2021-12-31 .
For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is false . Applies to Linux instances only.
A list of explicitly approved patches for the baseline.
Returns the specified compliance severity level for approved patches in the patch baseline.
Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is false . Applies to Linux instances only.
A list of explicitly rejected patches for the baseline.
The action specified to take on patches included in the RejectedPatches list. A patch can be allowed only if it is a dependency of another package, or blocked entirely along with packages that include it as a dependency.
Patch groups included in the patch baseline.
The date the patch baseline was created.
The date the patch baseline was last modified.
A description of the patch baseline.
Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only.
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
The name specified to identify the patch source.
The specific operating system versions a patch repository applies to, such as "Ubuntu16.04", "AmazonLinux2016.09", "RedhatEnterpriseLinux7.2" or "Suse12.7". For lists of supported product values, see PatchFilter .
The value of the yum repo configuration. For example:
[main]name=MyCustomRepository
baseurl=https://my-custom-repository
enabled=1
Note
For information about other options available for your yum repository configuration, see dnf.conf(5) .
Exceptions
Retrieves the patch baseline that should be used for the specified patch group.
See also: AWS API Documentation
Request Syntax
response = client.get_patch_baseline_for_patch_group(
PatchGroup='string',
OperatingSystem='WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS'
)
[REQUIRED]
The name of the patch group whose patch baseline should be retrieved.
dict
Response Syntax
{
'BaselineId': 'string',
'PatchGroup': 'string',
'OperatingSystem': 'WINDOWS'|'AMAZON_LINUX'|'AMAZON_LINUX_2'|'UBUNTU'|'REDHAT_ENTERPRISE_LINUX'|'SUSE'|'CENTOS'|'ORACLE_LINUX'|'DEBIAN'|'MACOS'
}
Response Structure
(dict) --
BaselineId (string) --
The ID of the patch baseline that should be used for the patch group.
PatchGroup (string) --
The name of the patch group.
OperatingSystem (string) --
The operating system rule specified for patch groups using the patch baseline.
Exceptions
ServiceSetting is an account-level setting for an Amazon Web Services service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an Amazon Web Services service charges money to the account based on feature or service usage, then the Amazon Web Services service team might create a default setting of false . This means the user can't use this feature unless they change the setting to true and intentionally opt in for a paid feature.
Services map a SettingId object to a setting value. Amazon Web Services services teams define the default value for a SettingId . You can't create a new SettingId , but you can overwrite the default value if you have the ssm:UpdateServiceSetting permission for the setting. Use the UpdateServiceSetting API operation to change the default setting. Or use the ResetServiceSetting to change the value back to the original value defined by the Amazon Web Services service team.
Query the current service setting for the account.
See also: AWS API Documentation
Request Syntax
response = client.get_service_setting(
SettingId='string'
)
[REQUIRED]
The ID of the service setting to get. The setting ID can be one of the following.
{
'ServiceSetting': {
'SettingId': 'string',
'SettingValue':