Skip to main content

AWS - System Manager

This Integration is part of the AWS Systems Manager Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.9.0 and later.

AWS Systems Manager is the operations hub for your AWS applications and resources and a secure end-to-end management solution for hybrid cloud environments that enables safe and secure operations at scale. This integration was integrated and tested with Boto3 version 1.28.30 (AWS SDK).

For detailed instructions about setting up authentication, see: AWS Integrations - Authentication.

Configure AWS - System Manager in Cortex#

ParameterDescriptionRequired
AWS Default RegionTrue
Role ArnFalse
Role Session NameFalse
Role Session DurationFalse
Access KeyFalse
Secret KeyFalse
TimeoutThe time in seconds till a timeout exception is reached. You can specify just the read timeout (for example 60) or also the connect timeout followed after a comma (for example 60,10). If a connect timeout is not specified, a default of 10 seconds will be used.False
RetriesThe maximum number of retry attempts when connection or throttling errors are encountered. Set to 0 to disable retries. The default value is 5 and the limit is 10. Note: Increasing the number of retries will increase the execution time.False
Trust any certificate (not secure)False
Use system proxy settingsFalse

Commands#

You can execute these commands from the CLI, as part of an automation, or in a playbook. After you successfully execute a command, a DBot message appears in the War Room with the command details.

aws-ssm-tag-add#


Adds or overwrites one tag for the specified resource. Tags are metadata that you can assign to the automations, documents, managed nodes, maintenance windows, Parameter Store parameters, and patch baselines. Tags enable you to categorize the resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. For example, you could define a set of tags for the account’s managed nodes that helps you track each node’s owner and stack level, Key=Owner Value=SysAdmin.

Base Command#

aws-ssm-tag-add

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
resource_typeSpecifies the type of resource for tagging.
Note: The ManagedInstance type for this API operation is for on-premises managed nodes. Possible values are: Association, Automation, Document, Maintenance Window, Managed Instance, Ops Item, Ops Metadata, Patch Baseline, Parameter.
Required
resource_idThe resource ID to be tagged.
Note: The format of the id depends on the selected resource type (e.g.. MaintenanceWindow: mw-012345abcde, PatchBaseline: pb-012345abcde).
Required
tag_keyThe name of the tag. Note: Don’t enter personally identifiable information in this field.Required
tag_valueThe value of the tag. Note: Don’t enter personally identifiable information in this field.Required

Context Output#

There is no context output for this command.

Command example#

!aws-ssm-tag-add resource_id=demo resource_type=Document tag_key=test_key tag_value=test_value

Human Readable Output#

Tags successfully added to resource demo.

aws-ssm-tag-remove#


Removes tag keys from the specified resource.

Base Command#

aws-ssm-tag-remove

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
resource_typeSpecifies the type of resource for tagging.
Note: The ManagedInstance type for this API operation is for on-premises managed nodes. Possible values are: Association, Automation, Document, Maintenance Window, Managed Instance, Ops Item, Ops Metadata, Patch Baseline, Parameter.
Required
resource_id'The ID of the resource to remove tags.
Note: The format of the id depends on the selected resource type (e.g.. MaintenanceWindow: mw-012345abcde, PatchBaseline: pb-012345abcde).'
Required
tag_keyThe name of the tag to remove.Required

Context Output#

There is no context output for this command.

Command example#

!aws-ssm-tag-remove resource_id=demo resource_type=Document tag_key=test_key

Human Readable Output#

Tag test_key removed from resource demo successfully.

aws-ssm-tag-list#


Returns a list of the tags assigned to the specified resource.

Base Command#

aws-ssm-tag-list

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
resource_typeReturns a list of tags for a specific resource type. Possible values are: Association, Automation, Document, Maintenance Window, Managed Instance, Ops Item, Ops Metadata, Patch Baseline, Parameter.Required
resource_id'The ID of the resource to list tags.
Note: The format of the id depends on the selected resource type (e.g.. MaintenanceWindow: mw-012345abcde, PatchBaseline: pb-012345abcde).'
Required

Context Output#

PathTypeDescription
AWS.SSM.Tag.ResourceIdStringThe ID of the resource to list tags.
AWS.SSM.Tag.KeyStringThe name of the tag.
AWS.SSM.Tag.ValueStringThe value of the tag.

Command example#

!aws-ssm-tag-list resource_id=demo resource_type=Document

Context Example#

{
"AWS": {
"SSM": {
"Tag": {
"ResourceId": "demo",
"TagList": [
{
"Key": "DemoKey",
"Value": "DemoValue"
}
]
}
}
}
}

Human Readable Output#

Tags for demo#

KeyValue
DemoKeyDemoValue

aws-ssm-inventory-list#


Query inventory information. This includes the managed node status, such as Stopped or Terminated.

Base Command#

aws-ssm-inventory-list

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
limitThe maximum number of items to return for this call,. The default and max is 50. The call also returns a token that you can specify in a subsequent call to get the next set of results.Optional
next_tokenThe token for the next set of items to return. (Received this token from a previous call).Optional
include_inactive_instanceDetermines whether to include inactive instances in the query results. (if is true the command use a filter to get also the instance with the status Stopped, Terminated, ConnectionLost). Possible values are: true, false. Default is false.Optional

Context Output#

PathTypeDescription
AWS.SSM.InventoryNextToken.NextTokenStringThe token for the next set of items to return.
AWS.SSM.Inventory.IdStringID of the inventory result entity. For example, for managed node inventory the result will be the managed node ID. For EC2 instance inventory, the result will be the instance ID.
AWS.SSM.Inventory.TypeNameStringThe name of the inventory result item type.
AWS.SSM.Inventory.SchemaVersionStringThe schema version for the inventory result item.
AWS.SSM.Inventory.CaptureTimeStringThe time inventory item data was captured.
AWS.SSM.Inventory.ContentHashStringMD5 hash of the inventory item type contents. The content hash is used to determine whether to update inventory information. The PutInventory API doesn’t update the inventory item type contents if the MD5 hash hasn’t changed since last update.
AWS.SSM.Inventory.Content.AgentTypeStringThe type of SSM agent running on the instance.
AWS.SSM.Inventory.Content.AgentVersionStringThe version of the SSM agent running on the instance.
AWS.SSM.Inventory.Content.ComputerNameStringThe fully qualified host name of the managed node.
AWS.SSM.Inventory.Content.IpAddressStringThe IP address of the managed node.
AWS.SSM.Inventory.Content.PlatformNameStringThe name of the operating system platform running on the managed node.
AWS.SSM.Inventory.Content.PlatformTypeStringThe operating system platform type.
AWS.SSM.Inventory.Content.PlatformVersionStringThe version of the OS platform running on the managed node.
AWS.SSM.Inventory.Content.ResourceTypeStringThe type of instance. Instances are either EC2 instances or managed instances.
AWS.SSM.Inventory.Content.InstanceIdStringThe managed node ID.

Command example#

!aws-ssm-inventory-list limit=2

Context Example#

{
"AWS": {
"SSM": {
"Inventory": {
"CaptureTime": "2023-09-13T06:13:11Z",
"Content": [
{
"AgentType": "agent",
"AgentVersion": "AgentVersion",
"ComputerName": "ComputerName",
"InstanceId": "instance id",
"InstanceStatus": "Active",
"IpAddress": "ip address",
"PlatformName": "Linux",
"PlatformType": "Linux",
"PlatformVersion": "2",
"ResourceType": "EC2"
}
],
"Id": "instance id",
"SchemaVersion": "1.0",
"TypeName": "AWS:InstanceInformation"
}
}
}
}

Human Readable Output#

AWS SSM Inventory#

Agent versionComputer NameIP addressIdInstance IdPlatform NamePlatform TypeResource Type
Agent versionComputer Nameip addressinstance idinstance idAmazon LinuxLinuxEC2

aws-ssm-inventory-entry-list#


A list of inventory items returned by the request.

Base Command#

aws-ssm-inventory-entry-list

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
instance_idThe managed node ID to get inventory information for. Note: to get the instance ID, run the aws-ssm-inventory-get command.Required
type_nameThe type of inventory item to get information for. Possible values are: Instance Information, File, Process, Windows Update, Network, Patch Summary, Patch Compliance, Compliance Item, Instance Detailed Information, Service, Windows Registry, Windows Role, Tag, Resource Group, Billing Info, Application, AWS Components.Required
limitThe maximum number of items to return for this call. The default and max is 50. The call also returns a token that you can specify in a subsequent call to get the next set of results.Optional
next_tokenThe token for the next set of items to return. (Received this token from a previous call).Optional

Context Output#

PathTypeDescription
AWS.SSM.InventoryEntryNextToken.NextTokenStringThe token for the next set of items to return.
AWS.SSM.InventoryEntry.TypeNameStringThe type of inventory item returned by the request.
AWS.SSM.InventoryEntry.InstanceIdStringThe managed node ID targeted by the request to query inventory information.
AWS.SSM.InventoryEntry.SchemaVersionStringThe inventory schema version used by the managed node(s).
AWS.SSM.InventoryEntry.CaptureTimeStringThe time that inventory information was collected for the managed node(s).
AWS.SSM.InventoryEntry.Entries.AgentVersionStringThe version of the SSM agent running on the instance.
AWS.SSM.InventoryEntry.Entries.AgentTypeStringThe type of SSM agent running on the instance.
AWS.SSM.InventoryEntry.Entries.ComputerNameStringThe fully qualified host name of the managed node.
AWS.SSM.InventoryEntry.Entries.IpAddressStringThe IP address of the managed node.
AWS.SSM.InventoryEntry.Entries.PlatformNameStringThe name of the operating system platform running on the managed node.
AWS.SSM.InventoryEntry.Entries.PlatformTypeStringThe operating system platform type.
AWS.SSM.InventoryEntry.Entries.PlatformVersionStringThe version of the OS platform running on the managed node.
AWS.SSM.InventoryEntry.Entries.ResourceTypeStringThe type of instance. Instances are either EC2 instances or managed instances.
AWS.SSM.InventoryEntry.NameStringThe name of the application.
AWS.SSM.InventoryEntry.ApplicationTypeStringThe type of application.
AWS.SSM.InventoryEntry.PublisherStringThe publisher of the application.
AWS.SSM.InventoryEntry.VersionStringThe version of the application.
AWS.SSM.InventoryEntry.ReleaseStringThe release version of the application.
AWS.SSM.InventoryEntry.EpochStringThe epoch value of the application version.
AWS.SSM.InventoryEntry.InstalledTimeStringThe time when the application was installed.
AWS.SSM.InventoryEntry.ArchitectureStringThe architecture of the installed application.
AWS.SSM.InventoryEntry.URLStringThe URL of the application.
AWS.SSM.InventoryEntry.SummaryStringThe summary information of the application.
AWS.SSM.InventoryEntry.PackageIdStringThe package ID of the application.
AWS.SSM.InventoryEntry.NameStringThe name of the file.
AWS.SSM.InventoryEntry.SizeStringThe size of the file in bytes.
AWS.SSM.InventoryEntry.DescriptionStringThe description of the file.
AWS.SSM.InventoryEntry.FileVersionStringThe version of the file.
AWS.SSM.InventoryEntry.InstalledDateStringThe date when the file was installed.
AWS.SSM.InventoryEntry.ModificationTimeStringThe date and time the file was last modified.
AWS.SSM.InventoryEntry.LastAccessTimeStringThe date and time the file was last accessed.
AWS.SSM.InventoryEntry.ProductNameStringThe name of the product the file belongs to.
AWS.SSM.InventoryEntry.InstalledDirStringThe directory where the file is installed.
AWS.SSM.InventoryEntry.ProductLanguageStringThe language of the product the file belongs to.
AWS.SSM.InventoryEntry.CompanyNameStringThe name of the company that created the file.
AWS.SSM.InventoryEntry.ProductVersionStringThe version of the product the file belongs to.
AWS.SSM.InventoryEntry.StartTimeStringThe date and time the process started.
AWS.SSM.InventoryEntry.CommandLineStringThe full command line used to start the process.
AWS.SSM.InventoryEntry.UserStringThe user account that ran the process.
AWS.SSM.InventoryEntry.FileNameStringThe name of the executable file for the process.
AWS.SSM.InventoryEntry.FileVersionStringThe version number of the executable file.
AWS.SSM.InventoryEntry.FileDescriptionStringA description of the executable file.
AWS.SSM.InventoryEntry.FileSizeStringThe size in bytes of the executable file.
AWS.SSM.InventoryEntry.CompanyNameStringThe name of the company that released the process.
AWS.SSM.InventoryEntry.ProductNameStringThe name of the product the process belongs to.
AWS.SSM.InventoryEntry.ProductVersionStringThe version of the product the process belongs to.
AWS.SSM.InventoryEntry.InstalledDateStringThe date the process was installed.
AWS.SSM.InventoryEntry.InstalledDirStringThe directory where the process is installed.
AWS.SSM.InventoryEntry.UsageIdStringThe usage ID for the process.
AWS.SSM.InventoryEntry.NameStringThe name of the AWS component.
AWS.SSM.InventoryEntry.ApplicationTypeStringThe application type of the AWS component.
AWS.SSM.InventoryEntry.PublisherStringThe publisher of the AWS component.
AWS.SSM.InventoryEntry.VersionStringThe version of the AWS component.
AWS.SSM.InventoryEntry.InstalledTimeStringThe time the AWS component was installed.
AWS.SSM.InventoryEntry.ArchitectureStringThe architecture of the AWS component.
AWS.SSM.InventoryEntry.URLStringThe URL for the AWS component.
AWS.SSM.InventoryEntry.HotFixIdStringThe ID of the Windows hotfix.
AWS.SSM.InventoryEntry.DescriptionStringThe description of the Windows hotfix.
AWS.SSM.InventoryEntry.InstalledTimeStringThe time the Windows hotfix was installed.
AWS.SSM.InventoryEntry.InstalledByStringWho installed the Windows hotfix.
AWS.SSM.InventoryEntry.NameStringThe name of the network interface.
AWS.SSM.InventoryEntry.SubnetMaskStringThe subnet mask of the network interface.
AWS.SSM.InventoryEntry.GatewayStringThe gateway for the network interface.
AWS.SSM.InventoryEntry.DHCPServerStringThe DHCP server for the network interface.
AWS.SSM.InventoryEntry.DNSServerStringThe DNS server for the network interface.
AWS.SSM.InventoryEntry.MacAddressStringThe MAC address of the network interface.
AWS.SSM.InventoryEntry.IPV4StringThe IPv4 address of the network interface.
AWS.SSM.InventoryEntry.IPV6StringThe IPv6 address of the network interface.
AWS.SSM.InventoryEntry.PatchGroupStringThe patch group for the patch summary.
AWS.SSM.InventoryEntry.BaselineIdStringThe baseline ID for the patch summary.
AWS.SSM.InventoryEntry.SnapshotIdStringThe snapshot ID for the patch summary.
AWS.SSM.InventoryEntry.OwnerInformationStringThe owner information for the patch summary.
AWS.SSM.InventoryEntry.InstalledCountStringThe number of patches installed for the patch summary.
AWS.SSM.InventoryEntry.InstalledPendingRebootCountStringThe number of patches installed pending reboot for the patch summary.
AWS.SSM.InventoryEntry.InstalledOtherCountStringThe number of other patches installed for the patch summary.
AWS.SSM.InventoryEntry.InstalledRejectedCountStringThe number of patches installed but rejected for the patch summary.
AWS.SSM.InventoryEntry.NotApplicableCountStringThe number of not applicable patches for the patch summary.
AWS.SSM.InventoryEntry.UnreportedNotApplicableCountStringThe number of unreported not applicable patches for the patch summary.
AWS.SSM.InventoryEntry.MissingCountStringThe number of missing patches for the patch summary.
AWS.SSM.InventoryEntry.FailedCountStringThe number of patches that failed for the patch summary.
AWS.SSM.InventoryEntry.OperationTypeStringThe type of operation for the patch summary.
AWS.SSM.InventoryEntry.OperationStartTimeStringThe start time of the operation for the patch summary.
AWS.SSM.InventoryEntry.OperationEndTimeStringThe end time of the operation for the patch summary.
AWS.SSM.InventoryEntry.InstallOverrideListStringThe override list for patch installation for the patch summary.
AWS.SSM.InventoryEntry.RebootOptionStringThe reboot option for the patch summary.
AWS.SSM.InventoryEntry.LastNoRebootInstallOperationTimeStringThe time of the last no-reboot patch installation operation for the patch summary.
AWS.SSM.InventoryEntry.ExecutionIdStringThe execution ID for the patch summary.
AWS.SSM.InventoryEntry.NonCompliantSeverityStringThe severity level for non-compliant patches in the patch summary.
AWS.SSM.InventoryEntry.SecurityNonCompliantCountStringThe number of security patches that are non-compliant in the patch summary.
AWS.SSM.InventoryEntry.CriticalNonCompliantCountStringThe number of critical patches that are non-compliant in the patch summary.
AWS.SSM.InventoryEntry.OtherNonCompliantCountStringThe number of other patches that are non-compliant in the patch summary.
AWS.SSM.InventoryEntry.TitleStringThe title of the patch compliance item.
AWS.SSM.InventoryEntry.KBIdStringThe KB ID for the patch compliance item.
AWS.SSM.InventoryEntry.ClassificationStringThe classification for the patch compliance item.
AWS.SSM.InventoryEntry.SeverityStringThe severity level for the patch compliance item.
AWS.SSM.InventoryEntry.StateStringThe state of the patch compliance item.
AWS.SSM.InventoryEntry.InstalledTimeStringThe time the patch was installed for the patch compliance item.
AWS.SSM.InventoryEntry.ComplianceTypeStringThe compliance type for the compliance item.
AWS.SSM.InventoryEntry.ExecutionIdStringThe execution ID for the compliance item.
AWS.SSM.InventoryEntry.ExecutionTypeStringThe execution type for the compliance item.
AWS.SSM.InventoryEntry.ExecutionTimeStringThe execution time for the compliance item.
AWS.SSM.InventoryEntry.IdStringThe ID for the compliance item.
AWS.SSM.InventoryEntry.TitleStringThe title of the compliance item.
AWS.SSM.InventoryEntry.StatusStringThe status of the compliance item.
AWS.SSM.InventoryEntry.SeverityStringThe severity of the compliance item.
AWS.SSM.InventoryEntry.DocumentNameStringThe name of the document for the compliance item.
AWS.SSM.InventoryEntry.DocumentVersionStringThe version of the document for the compliance item.
AWS.SSM.InventoryEntry.ClassificationStringThe classification of the compliance item.
AWS.SSM.InventoryEntry.PatchBaselineIdStringThe ID of the patch baseline for the compliance item.
AWS.SSM.InventoryEntry.PatchSeverityStringThe severity of the patch for the compliance item.
AWS.SSM.InventoryEntry.PatchStateStringThe patch state for the compliance item.
AWS.SSM.InventoryEntry.PatchGroupStringThe patch group for the compliance item.
AWS.SSM.InventoryEntry.InstalledTimeStringThe time the patch was installed for the compliance item.
AWS.SSM.InventoryEntry.InstallOverrideListStringThe override list for installing the patch for the compliance item.
AWS.SSM.InventoryEntry.DetailedTextStringDetailed text about the compliance item.
AWS.SSM.InventoryEntry.DetailedLinkStringA detailed link related to the compliance item.
AWS.SSM.InventoryEntry.CVEIdsStringCVE IDs associated with the compliance item.
AWS.SSM.InventoryEntry.ComplianceTypeStringThe type of compliance summary.
AWS.SSM.InventoryEntry.PatchGroupStringThe patch group for the compliance summary.
AWS.SSM.InventoryEntry.PatchBaselineIdStringThe ID of the patch baseline for the compliance summary.
AWS.SSM.InventoryEntry.StatusStringThe compliance status for the compliance summary.
AWS.SSM.InventoryEntry.OverallSeverityStringThe overall severity level for the compliance summary.
AWS.SSM.InventoryEntry.ExecutionIdStringThe execution ID for the compliance scan in the compliance summary.
AWS.SSM.InventoryEntry.ExecutionTypeStringThe execution type for the compliance scan in the compliance summary.
AWS.SSM.InventoryEntry.ExecutionTimeStringThe time the compliance scan was executed for the compliance summary.
AWS.SSM.InventoryEntry.CompliantCriticalCountStringThe number of compliant critical severity findings in the compliance summary.
AWS.SSM.InventoryEntry.CompliantHighCountStringThe number of compliant findings with high severity in the compliance summary.
AWS.SSM.InventoryEntry.CompliantMediumCountStringThe number of compliant findings with medium severity in the compliance summary.
AWS.SSM.InventoryEntry.CompliantLowCountStringThe number of compliant findings with low severity in the compliance summary.
AWS.SSM.InventoryEntry.CompliantInformationalCountStringThe number of compliant findings with informational severity in the compliance summary.
AWS.SSM.InventoryEntry.CompliantUnspecifiedCountStringThe number of compliant findings with unspecified severity in the compliance summary.
AWS.SSM.InventoryEntry.NonCompliantCriticalCountStringThe number of non-compliant findings with critical severity in the compliance summary.
AWS.SSM.InventoryEntry.NonCompliantHighCountStringThe number of non-compliant findings with high severity in the compliance summary.
AWS.SSM.InventoryEntry.NonCompliantMediumCountStringThe number of non-compliant findings with medium severity in the compliance summary.
AWS.SSM.InventoryEntry.NonCompliantLowCountStringThe number of non-compliant findings with low severity in the compliance summary.
AWS.SSM.InventoryEntry.NonCompliantInformationalCountStringThe number of non-compliant findings with informational severity in the compliance summary.
AWS.SSM.InventoryEntry.NonCompliantUnspecifiedCountStringThe number of non-compliant findings with unspecified severity in the compliance summary.
AWS.SSM.InventoryEntry.CPUModelStringThe model name of the CPU.
AWS.SSM.InventoryEntry.CPUCoresStringThe number of CPU cores.
AWS.SSM.InventoryEntry.CPUsStringThe number of CPUs.
AWS.SSM.InventoryEntry.CPUSpeedMHzStringThe clock speed of the CPU in MHz.
AWS.SSM.InventoryEntry.CPUSocketsStringThe number of CPU sockets.
AWS.SSM.InventoryEntry.CPUHyperThreadEnabledStringWhether hyperthreading is enabled on the CPU.
AWS.SSM.InventoryEntry.OSServicePackStringThe service pack version of the operating system.
AWS.SSM.InventoryEntry.NameStringThe name of the service.
AWS.SSM.InventoryEntry.DisplayNameStringThe display name of the service.
AWS.SSM.InventoryEntry.ServiceTypeStringThe type of the service.
AWS.SSM.InventoryEntry.StatusStringThe status of the service.
AWS.SSM.InventoryEntry.DependentServicesStringList of services that this service depends on.
AWS.SSM.InventoryEntry.ServicesDependedOnStringList of services that depend on this service.
AWS.SSM.InventoryEntry.StartTypeStringThe startup type of the service.
AWS.SSM.InventoryEntry.KeyPathStringThe path of the registry key.
AWS.SSM.InventoryEntry.ValueNameStringThe name of the registry value.
AWS.SSM.InventoryEntry.ValueTypeStringThe type of the registry value.
AWS.SSM.InventoryEntry.ValueStringThe data contained in the registry value.
AWS.SSM.InventoryEntry.NameStringThe name of the Windows role.
AWS.SSM.InventoryEntry.DisplayNameStringThe display name of the Windows role.
AWS.SSM.InventoryEntry.PathStringThe path of the Windows role.
AWS.SSM.InventoryEntry.FeatureTypeStringThe feature type of the Windows role.
AWS.SSM.InventoryEntry.DependsOnStringList of Windows roles that this role depends on.
AWS.SSM.InventoryEntry.DescriptionStringDescription of the Windows role.
AWS.SSM.InventoryEntry.InstalledStringWhether the Windows role is installed.
AWS.SSM.InventoryEntry.InstalledStateStringInstall state of the Windows role.
AWS.SSM.InventoryEntry.SubFeaturesStringList of subfeatures for the Windows role.
AWS.SSM.InventoryEntry.ServerComponentDescriptorStringServer component descriptor for the Windows role.
AWS.SSM.InventoryEntry.ParentStringParent Windows role.
AWS.SSM.InventoryEntry.Tag.KeyStringThe name of the tag.
AWS.SSM.InventoryEntry.Tag.ValueStringThe value of the tag.
AWS.SSM.InventoryEntry.NameStringThe name of the resource group.
AWS.SSM.InventoryEntry.ArnStringThe Amazon Resource Name (ARN) of the resource group.
AWS.SSM.InventoryEntry.BillingProductIdStringThe ID of the billing product.

Command example#

!aws-ssm-inventory-entry-list instance_id=instance id type_name="Instance Information"

Context Example#

{
"AWS": {
"SSM": {
"InventoryEntry": {
"CaptureTime": "2023-09-13T06:13:11Z",
"Entries": [
{
"AgentType": "agent",
"AgentVersion": "AgentVersion",
"ComputerName": "Computer Name",
"InstanceId": "instance id",
"InstanceStatus": "Active",
"IpAddress": "ip address",
"PlatformName": "Amazon Linux",
"PlatformType": "Linux",
"PlatformVersion": "2",
"ResourceType": "EC2Instance"
}
],
"InstanceId": "instance id",
"SchemaVersion": "1.0",
"TypeName": "AWS:InstanceInformation"
}
}
}
}

Human Readable Output#

AWS SSM Inventory Entry#

AgentTypeAgentVersionComputerNameInstanceIdInstanceStatusIpAddressPlatformNamePlatformTypePlatformVersionResourceType
agentAgentVersionComputer Nameinstance idActiveip addressAmazon LinuxLinux2EC2Instance

aws-ssm-association-list#


Returns all State Manager associations in the current Amazon Web Services account and Amazon Web Services Region. Note: An association is a binding between a document and a set of targets with a schedule.

Base Command#

aws-ssm-association-list

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
limitThe maximum number of items to return for this call. The default and max is 50. The call also returns a token that you can specify in a subsequent call to get the next set of results.Optional
next_tokenThe token for the next set of items to return. (Received this token from a previous call).Optional

Context Output#

PathTypeDescription
AWS.SSM.AssociationNextToken.NextTokenStringThe token for the next set of items to return.
AWS.SSM.Association.NameStringThe name of the SSM document.
AWS.SSM.Association.AssociationNameStringThe association name.
AWS.SSM.Association.InstanceIdStringThe managed node ID.
AWS.SSM.Association.AssociationIdStringThe ID created by the system when creating an association. An association is a binding between a document and a set of targets with a schedule.
AWS.SSM.Association.AssociationVersionStringThe association version.
AWS.SSM.Association.DocumentVersionStringThe version of the document used in the association.
AWS.SSM.Association.Targets.KeyStringUser-defined criteria for sending commands that target managed nodes that meet the criteria.
AWS.SSM.Association.Targets.ValuesStringUser-defined criteria that maps to Key.
AWS.SSM.Association.LastExecutionDateStringThe date on which the association was last run.
AWS.SSM.Association.Overview.StatusStringThe status of the association. Status can be: Pending, Success, or Failed.
AWS.SSM.Association.Overview.DetailedStatusStringA detailed status of the association.
AWS.SSM.Association.Overview.AssociationStatusAggregatedCountStringReturns the number of targets for the association status. For example, if you created an association with two managed nodes, and one of them was successful, this would return the count of managed nodes by status.
AWS.SSM.Association.ScheduleExpressionStringA cron expression that specifies a schedule when the association runs. The schedule runs in Coordinated Universal Time (UTC).
AWS.SSM.Association.ScheduleOffsetNumberNumber of days to wait after the scheduled day to run an association.

Command example#

!aws-ssm-association-list limit=1

Context Example#

{
"AWS": {
"SSM": {
"Association": {
"AssociationId": "id",
"AssociationName": "Inventory-Association-test",
"AssociationVersion": "1",
"LastExecutionDate": "2023-09-14T09:53:37.838000+00:00",
"Name": "AWS",
"Overview": {
"AssociationStatusAggregatedCount": {
"Failed": 1
},
"DetailedStatus": "Failed",
"Status": "Failed"
},
"ScheduleExpression": "rate(30 minutes)",
"Targets": [
{
"Key": "InstanceIds",
"Values": [
"instance id"
]
}
]
},
"InventoryNextToken": {
"NextToken": "AAM"
}
}
}
}

Human Readable Output#

AWS SSM Associations#

Association idAssociation versionDocument nameLast execution dateResource status countStatus
id1AWS2023-09-14T09:53:37.838000+00:00Failed: 1Failed

aws-ssm-association-get#


Describes the association for the specified target or managed node. If the association was established using the Targets parameter, the association details must be retrieved using the associated ID. This command must provide either an association ID, or instance_id and document_name.

Base Command#

aws-ssm-association-get

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
document_nameThe name of the SSM document.Optional
instance_idThe managed node ID.Optional
association_idThe association ID for which information is requested.Optional
association_versionSpecify the association version to retrieve. To view the latest version, either specify $LATEST for this parameter, or omit this parameter.Optional

Context Output#

PathTypeDescription
AWS.SSM.Association.NameStringThe name of the SSM document.
AWS.SSM.Association.InstanceIdStringThe managed node ID.
AWS.SSM.Association.AssociationVersionStringThe association version.
AWS.SSM.Association.DateStringThe date when the association was made.
AWS.SSM.Association.LastUpdateAssociationDateStringThe date when the association was last updated.
AWS.SSM.Association.Status.DateStringThe date when the status changed.
AWS.SSM.Association.Status.NameStringThe status.
AWS.SSM.Association.Status.MessageStringThe reason for the status.
AWS.SSM.Association.Status.AdditionalInfoStringA user-defined string.
AWS.SSM.Association.Overview.StatusStringThe status of the association. Status can be: Pending, Success, or Failed.
AWS.SSM.Association.Overview.DetailedStatusStringA detailed status of the association.
AWS.SSM.Association.Overview.AssociationStatusAggregatedCountNumberReturns the number of targets for the association status. For example, if an association was created with two managed nodes, and one of them was successful, this would return the count of managed nodes by status.
AWS.SSM.Association.DocumentVersionStringThe document version.
AWS.SSM.Association.AutomationTargetParameterNameStringChoose the parameter that will define how the automation will branch out. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of Amazon Web Services Systems Manager.
AWS.SSM.Association.ParametersDictionaryA description of the parameters for a document.
AWS.SSM.Association.AssociationIdStringThe association ID.
AWS.SSM.Association.Targets.KeyStringUser-defined criteria for sending commands that target managed nodes that meet the criteria.
AWS.SSM.Association.Targets.ValuesStringUser-defined criteria that maps to Key.
AWS.SSM.Association.ScheduleExpressionStringA cron expression that specifies a schedule when the association runs.
AWS.SSM.Association.OutputLocationunknownAn S3 bucket where to store the output details of the request.
AWS.SSM.Association.OutputLocation.S3Location.OutputS3RegionStringThe Amazon Web Services Region of the S3 bucket.
AWS.SSM.Association.OutputLocation.S3Location.OutputS3BucketNameStringThe name of the S3 bucket.
AWS.SSM.Association.OutputLocation.S3Location.OutputS3KeyPrefixStringThe S3 bucket subfolder.
AWS.SSM.Association.LastExecutionDateStringThe date on which the association was last run.
AWS.SSM.Association.LastSuccessfulExecutionDateStringThe last date on which the association was successfully run.
AWS.SSM.Association.AssociationNameStringThe association name.
AWS.SSM.Association.MaxErrorsStringThe number of errors that are allowed before the system stops sending requests to run the association on additional targets.
AWS.SSM.Association.MaxConcurrencyStringThe maximum number of targets allowed to run the association at the same time.
AWS.SSM.Association.ComplianceSeverityStringThe severity level that is assigned to the association.
AWS.SSM.Association.SyncComplianceStringThe mode for generating association compliance - AUTO or MANUAL. In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT. If the association execution doesn’t run successfully, the association is NON-COMPLIANT. In MANUAL mode, must specify the AssociationId as a parameter for the PutComplianceItems API operation. In this case, compliance data isn’t managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by a direct call to the PutComplianceItems API operation. By default, all associations use AUTO mode.
AWS.SSM.Association.ApplyOnlyAtCronIntervalBooleanBy default, when creating a new association, the system runs it immediately after it is created and then according to the schedule that was specified. This parameter isn’t supported for rate expressions.
AWS.SSM.Association.CalendarNamesStringThe names or Amazon Resource Names (ARNs) of the Change Calendar type documents the associations are gated under. The associations only run when that change calendar is open.
AWS.SSM.Association.TargetLocations.AccountsStringThe Amazon Web Services accounts targeted by the current Automation execution.
AWS.SSM.Association.TargetLocations.RegionsStringThe Amazon Web Services Regions targeted by the current Automation execution.
AWS.SSM.Association.TargetLocations.TargetLocationMaxConcurrencyStringThe maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
AWS.SSM.Association.TargetLocations.TargetLocationMaxErrorsStringThe maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
AWS.SSM.Association.TargetLocations.ExecutionRoleNameStringThe Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole.
AWS.SSM.Association.TargetLocations.TargetLocationAlarmConfiguration.IgnorePollAlarmFailureBooleanWhen this value is true, the automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.
AWS.SSM.Association.TargetLocations.TargetLocationAlarmConfiguration.Alarms.NameStringThe name of the CloudWatch alarm.
AWS.SSM.Association.ScheduleOffsetNumberNumber of days to wait after the scheduled day to run an association.
AWS.SSM.Association.TargetMapsListA key-value mapping of document parameters to target resources. Both Targets and TargetMaps can’t be specified together.
AWS.SSM.Association.AlarmConfiguration.IgnorePollAlarmFailureBooleanWhen this value is true, the automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.
AWS.SSM.Association.AlarmConfiguration.Alarms.NameStringThe name of the CloudWatch alarm.
AWS.SSM.Association.TriggeredAlarms.NameStringThe CloudWatch alarm that was invoked during the association.
AWS.SSM.Association.TriggeredAlarms.StateStringThe state of the CloudWatch alarm.

Command example#

!aws-ssm-association-get association_id=id

Context Example#

{
"AWS": {
"SSM": {
"Association": {
"ApplyOnlyAtCronInterval": false,
"AssociationId": "id",
"AssociationName": "name",
"AssociationVersion": "1",
"Date": "2023-07-18T10:50:27.691000+00:00",
"DocumentVersion": "$DEFAULT",
"LastExecutionDate": "2023-07-25T15:51:28.607000+00:00",
"LastSuccessfulExecutionDate": "2023-07-25T15:51:28.607000+00:00",
"LastUpdateAssociationDate": "2023-07-18T10:50:27.691000+00:00",
"Name": "AWS",
"Overview": {
"DetailedStatus": "Associated",
"Status": "Pending"
},
"Parameters": {
"applications": [
"Enabled"
],
"awsComponents": [
"Enabled"
]
},
"ScheduleExpression": "rate(30 minutes)",
"Targets": [
{
"Key": "InstanceIds",
"Values": [
"id",
"id_2"
]
}
]
}
}
}
}

Human Readable Output#

AWS SSM Association#

Association idAssociation nameAssociation versionCreate dateDocument nameDocument versionLast execution dateResource status countSchedule expressionStatus
idname12023-07-18T10:50:27.691000+00:00AWS$DEFAULT2023-07-25T15:51:28.607000+00:00rate(30 minutes)Pending

aws-ssm-association-version-list#


Retrieves all versions of an association for a specific association ID.

Base Command#

aws-ssm-association-version-list

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
association_idThe association ID for which to view all versions.Required
limitThe maximum number of items to return for this call. The default and max is 50. The call also returns a token that you can specify in a subsequent call to get the next set of results.Optional
next_tokenThe token for the next set of items to return. (Received this token from a previous call).Optional

Context Output#

PathTypeDescription
AWS.SSM.AssociationVersionNextToken.NextTokenStringThe token for the next set of items to return. Use this token to get the next set of results.
AWS.SSM.AssociationVersion.AssociationIdStringThe ID created by the system when the association was created.
AWS.SSM.AssociationVersion.AssociationVersionStringThe association version.
AWS.SSM.AssociationVersion.CreatedDateStringThe date the association version was created.
AWS.SSM.AssociationVersion.NameStringThe name specified when the association was created.
AWS.SSM.AssociationVersion.DocumentVersionStringThe version of an Amazon Web Services Systems Manager document (SSM document) used when the association version was created.
AWS.SSM.AssociationVersion.ParametersDictionaryParameters specified when the association version was created.
AWS.SSM.AssociationVersion.Targets.KeyStringUser-defined criteria for sending commands that target managed nodes that meet the criteria.
AWS.SSM.AssociationVersion.Targets.ValuesStringUser-defined criteria that maps to Key, Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
AWS.SSM.AssociationVersion.ScheduleExpressionStringThe cron or rate schedule specified for the association when the association version was created.
AWS.SSM.AssociationVersion.OutputLocation.S3LocationDictionaryAn S3 bucket where to store the output details of the request.
AWS.SSM.AssociationVersion.OutputLocation.S3Location.OutputS3RegionStringThe Amazon Web Services Region of the S3 bucket.
AWS.SSM.AssociationVersion.OutputLocation.S3Location.OutputS3BucketNameStringThe name of the S3 bucket.
AWS.SSM.AssociationVersion.OutputLocation.S3Location.OutputS3KeyPrefixStringThe S3 bucket subfolder.
AWS.SSM.AssociationVersion.AssociationNameStringThe name specified for the association version when the association version was created.
AWS.SSM.AssociationVersion.MaxErrorsStringThe number of errors that are allowed before the system stops sending requests to run the association on additional targets. Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well.
AWS.SSM.AssociationVersion.MaxConcurrencyStringThe maximum number of targets allowed to run the association at the same time. If a new managed node starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for MaxConcurrency.
AWS.SSM.AssociationVersion.ComplianceSeverityStringThe severity level that is assigned to the association.
AWS.SSM.AssociationVersion.SyncComplianceStringThe mode for generating association compliance.. Can be AUTO or MANUAL. In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT. If the association execution doesn’t run successfully, the association is NON-COMPLIANT. By default, all associations use AUTO mode. In MANUAL mode, the AssociationId must be specified as a parameter for the PutComplianceItems API operation. In this case, compliance data isn’t managed by State Manager, a capability of Amazon Web Services Systems Manager. It is managed by the direct call to the PutComplianceItems API operation.
AWS.SSM.AssociationVersion.ApplyOnlyAtCronIntervalBooleanBy default, when creating a new association, the system runs it immediately after it is created and then according to the schedule that was specified. This parameter isn’t supported for rate expressions.
AWS.SSM.AssociationVersion.CalendarNamesStringThe names or Amazon Resource Names (ARNs) of the Change Calendar type documents the associations are gated under. The associations for this version only run when that Change Calendar is open.
AWS.SSM.AssociationVersion.TargetLocations.AccountsStringThe Amazon Web Services accounts targeted by the current Automation execution.
AWS.SSM.AssociationVersion.TargetLocations.RegionsStringThe Amazon Web Services Regions targeted by the current Automation execution.
AWS.SSM.AssociationVersion.TargetLocations.TargetLocationMaxConcurrencyStringThe maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
AWS.SSM.AssociationVersion.TargetLocations.TargetLocationMaxErrorsStringThe maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
AWS.SSM.AssociationVersion.TargetLocations.ExecutionRoleNameStringThe Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole.
AWS.SSM.AssociationVersion.TargetLocations.TargetLocationAlarmConfiguration.IgnorePollAlarmFailureBooleanWhen this value is true, the automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.
AWS.SSM.AssociationVersion.TargetLocations.TargetLocationAlarmConfiguration.Alarms.NameStringThe name of the CloudWatch alarm.
AWS.SSM.AssociationVersion.ScheduleOffsetNumberNumber of days to wait after the scheduled day to run an association.
AWS.SSM.AssociationVersion.TargetMapsDictionaryA key-value mapping of document parameters to target resources. Both Targets and TargetMaps can’t be specified together.

Command example#

!aws-ssm-association-version-list association_id=id

Context Example#

{
"AWS": {
"SSM": {
"AssociationVersion": {
"ApplyOnlyAtCronInterval": false,
"AssociationId": "id",
"AssociationName": "name",
"AssociationVersion": "1",
"CalendarNames": [],
"CreatedDate": "2023-07-18T10:50:27.691000+00:00",
"Name": "AWS",
"Parameters": {
"applications": [
"Enabled"
],
"awsComponents": [
"Enabled"
]
},
"ScheduleExpression": "rate(30 minutes)",
"Targets": [
{
"Key": "InstanceIds",
"Values": [
"id",
"id_2"
]
}
]
}
}
}
}

Human Readable Output#

Association Versions#

Association idCreate dateDocument versionMaxConcurrencyMaxErrorsNameOutput locationParametersSchedule expressionTargetsVersion
id2023-07-18T10:50:27.691000+00:00AWSapplications:
values: Enabled
awsComponents:
values: Enabled
billingInfo:
values: Enabled
rate(30 minutes)- Key: InstanceIds
Values:
values: id, id_2
1

aws-ssm-document-list#


Returns all Systems Manager (SSM) documents in the current Amazon Web Services account and Amazon Web Services Region.

Base Command#

aws-ssm-document-list

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
limitThe maximum number of items to return for this call. The default and max is 50. The call also returns a token that you can specify in a subsequent call to get the next set of results.Optional
next_tokenThe token for the next set of items to return. (Received this token from a previous call).Optional

Context Output#

PathTypeDescription
AWS.SSM.DocumentNextToken.NextTokenStringThe token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
AWS.SSM.Document.NameStringThe name of the SSM document.
AWS.SSM.Document.CreatedDateStringThe date the SSM document was created.
AWS.SSM.Document.DisplayNameStringAn optional field allowing the specification of a user-defined, friendly name for the SSM document. This value can vary across different versions of the document.
AWS.SSM.Document.OwnerStringThe Amazon Web Services user that created the document.
AWS.SSM.Document.VersionNameStringAn optional field specifying the version of the artifact associated with the document. For example, “Release 12, Update 6”. This value is unique across all versions of a document, and can’t be changed.
AWS.SSM.Document.PlatformTypesStringThe operating system platform.
AWS.SSM.Document.DocumentVersionStringThe document version.
AWS.SSM.Document.DocumentTypeStringThe document type.
AWS.SSM.Document.SchemaVersionStringThe schema version.
AWS.SSM.Document.DocumentFormatStringThe document format, either JSON or YAML.
AWS.SSM.Document.TargetTypeStringThe target type which defines the kinds of resources the document can run on. For example, /AWS:EC2:Instance. For a list of valid resource types, see Amazon Web Services resource and property types reference in the [CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html\).
AWS.SSM.Document.Tags.KeyStringThe name of the tag.
AWS.SSM.Document.Tags.ValueStringThe value of the tag.
AWS.SSM.Document.Requires.NameStringThe name of the required SSM document. The name can be an Amazon Resource Name (ARN).
AWS.SSM.Document.Requires.VersionStringThe document version required by the current document.
AWS.SSM.Document.Requires.RequireTypeStringThe document type of the required SSM document.
AWS.SSM.Document.Requires.VersionNameStringAn optional field specifying the version of the artifact associated with the document. For example, “Release 12, Update 6”. This value is unique across all versions of a document, and can’t be changed.
AWS.SSM.Document.ReviewStatusStringThe current status of a document review.
AWS.SSM.Document.AuthorStringThe user in the organization who created the document.

Command example#

!aws-ssm-document-list limit=2

Context Example#

{
"AWS": {
"SSM": {
"Document": [
{
"CreatedDate": "2018-02-15T03:03:20.597000+00:00",
"DocumentFormat": "JSON",
"DocumentType": "Automation",
"DocumentVersion": "1",
"Name": "AWS",
"Owner": "Amazon",
"PlatformTypes": [
"Windows",
"Linux",
"MacOS"
],
"SchemaVersion": "0.3",
"Tags": [
{
"Key": "test_key",
"Value": "test_value"
}
],
"TargetType": "Instance"
},
{
"CreatedDate": "2018-02-15T03:03:23.277000+00:00",
"DocumentFormat": "JSON",
"DocumentType": "Automation",
"DocumentVersion": "1",
"Name": "AWS",
"Owner": "Amazon",
"PlatformTypes": [
"Windows",
"Linux",
"MacOS"
],
"SchemaVersion": "0.3",
"Tags": [
{
"Key": "test_key",
"Value": "test_value"
}
],
"TargetType": "Instance"
}
],
"DocumentNextToken": {
"NextToken": "AA"
}
}
}
}

Human Readable Output#

AWS SSM Documents#

NameOwnerDocument versionDocument typePlatform typesCreated date
AWSAmazon1AutomationWindows,
Linux,
MacOS
2018-02-15T03:03:20.597000+00:00
AWSAmazon1AutomationWindows,
Linux,
MacOS
2018-02-15T03:03:23.277000+00:00

aws-ssm-document-get#


Describes the specified Amazon Web Services Systems Manager document (SSM document).

Base Command#

aws-ssm-document-get

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
document_nameThe name of the SSM document.Required
document_versionThe document version. Can be a specific version or the default version. Valid Values: 'default' 'latest' or a specific version number.Optional
version_nameSpecifying the version of the artifact associated with the document. For example, “Release 12, Update 6”. This value is unique across all versions of a document, and can’t be changed.Optional

Context Output#

PathTypeDescription
AWS.SSM.Document.Sha1StringThe SHA1 hash of the document, which you can use for verification.
AWS.SSM.Document.HashStringThe SHA256 or SHA1 hash created by the system when the document was created.
AWS.SSM.Document.HashTypeStringThe hash type of the document. Valid values include SHA256 or SHA1.
AWS.SSM.Document.NameStringThe name of the SSM document.
AWS.SSM.Document.DisplayNameStringThe friendly name of the SSM document. This value can differ for each version of the document.
AWS.SSM.Document.VersionNameStringThe version of the artifact associated with the document.
AWS.SSM.Document.OwnerStringThe Amazon Web Services user that created the document.
AWS.SSM.Document.CreatedDateStringThe date when the document was created.
AWS.SSM.Document.StatusStringThe status of the SSM document.
AWS.SSM.Document.StatusInformationStringA message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, “The specified S3 bucket doesn’t exist. Verify that the URL of the S3 bucket is correct.”.
AWS.SSM.Document.DocumentVersionStringThe document version.
AWS.SSM.Document.DescriptionStringA description of the document.
AWS.SSM.Document.Parameters.NameStringThe name of the parameter.
AWS.SSM.Document.Parameters.TypeStringThe type of parameter. The type can be either String or StringList.
AWS.SSM.Document.Parameters.DescriptionStringA description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.
AWS.SSM.Document.Parameters.DefaultValueStringIf specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.
AWS.SSM.Document.PlatformTypesStringThe list of operating system (OS) platforms compatible with this SSM document.
AWS.SSM.Document.DocumentTypeStringThe type of document.
AWS.SSM.Document.SchemaVersionStringThe schema version.
AWS.SSM.Document.LatestVersionStringThe latest version of the document.
AWS.SSM.Document.DefaultVersionStringThe default version.
AWS.SSM.Document.DocumentFormatStringThe document format, either JSON or YAML.
AWS.SSM.Document.TargetTypeStringThe target type which defines the kinds of resources the document can run on.
AWS.SSM.Document.Tags.KeyStringThe name of the tag.
AWS.SSM.Document.Tags.ValueStringThe value of the tag.
AWS.SSM.Document.AttachmentsInformation.NameStringThe name of the attachment.
AWS.SSM.Document.Requires.NameStringThe name of the required SSM document. The name can be an Amazon Resource Name (ARN).
AWS.SSM.Document.Requires.VersionStringThe document version required by the current document.
AWS.SSM.Document.Requires.RequireTypeStringThe document type of the required SSM document.
AWS.SSM.Document.Requires.VersionNameStringAn optional field specifying the version of the artifact associated with the document.
AWS.SSM.Document.AuthorStringThe user in the organization who created the document.
AWS.SSM.Document.ReviewInformation.ReviewedTimeStringThe time when the reviewer took action on the document review request.
AWS.SSM.Document.ReviewInformation.StatusStringThe current status of the document review request.
AWS.SSM.Document.ReviewInformation.ReviewerStringThe reviewer assigned to take action on the document review request.
AWS.SSM.Document.ApprovedVersionStringThe version of the document currently approved for use in the organization.
AWS.SSM.Document.PendingReviewVersionStringThe version of the document that is currently under review.
AWS.SSM.Document.ReviewStatusStringThe current status of the review.
AWS.SSM.Document.CategoryStringThe classification of a document to help you identify and categorize its use.
AWS.SSM.Document.CategoryEnumStringThe value that identifies a document’s category.

Command example#

!aws-ssm-document-get document_name=AWS

Context Example#

{
"AWS": {
"SSM": {
"Document": {
"Category": [
"Instance management"
],
"CategoryEnum": [
"InstanceManagement"
],
"CreatedDate": "2022-10-10T22:06:56.878000+00:00",
"DefaultVersion": "1",
"Description": "Change the ...",
"DocumentFormat": "JSON",
"DocumentType": "Automation",
"DocumentVersion": "1",
"Hash": "Hash",
"HashType": "Sha256",
"LatestVersion": "1",
"Name": "AWS",
"Owner": "Amazon",
"Parameters": [
{
"Description": "(Required) ID of ...",
"Name": "InstanceId",
"Type": "String"
},
{
"DefaultValue": "",
"Description": "(Optional) The ARN of the ...",
"Name": "LambdaRoleArn",
"Type": "String"
},
{
"DefaultValue": "",
"Description": "(Optional) The ARN of the ...",
"Name": "AutomationAssumeRole",
"Type": "String"
}
],
"PlatformTypes": [
"Windows",
"Linux",
"MacOS"
],
"SchemaVersion": "0.3",
"Status": "Active",
"Tags": [
{
"Key": "test_key",
"Value": "test_value"
}
],
"TargetType": "Instance"
}
}
}
}

Human Readable Output#

AWS SSM Document#

Created dateDescriptionDisplay NameDocument versionNameOwnerPlatform typesStatus
2022-10-10T22:06:56.878000+00:00Change the ...AWSAmazonWindows,
Linux,
MacOS
Active

aws-ssm-automation-execution-run#


Initiates execution of an Automation runbook.

Base Command#

aws-ssm-automation-execution-run

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
document_nameThe name of the SSM document to run. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document ARN. Note: To get the document name, use the aws-ssm-document-list command.Required
client_tokenUser-provided idempotency token. The token must be unique, is case insensitive, enforces the UUID format, and can’t be reused.Optional
document_versionThe version of the Automation runbook to use for this execution. Can be a specific version or the default version. Valid Values: 'default' 'latest' or a specific version number.Optional
max_concurrencyThe maximum number of targets allowed to run this task in parallel. You can specify a number, such as 10, or a percentage, such as 10%. The default value is 10.Optional
max_errorsThe number of errors that are allowed before the system stops running the automation on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%.Optional
modeThe execution mode of the automation. The default mode is Auto. Possible values are: Auto, Interactive.Optional
tag_keyThe name of the tag.Optional
tag_valueThe value of the tag.Optional
interval_in_secondsThe interval in seconds between each poll. Default is 30.Optional
parameters'A key-value map of execution parameters, which match the declared parameters in the Automation runbook. Note: to run on instance(s) use the target_parameter_name argument instead of specifying instances here, e.g. target_parameter_name=InstanceIds.'
Example for execute the command in the war-room:
- "Role":["Admin", "User"]".
Example for execute the command in the playbook (see screenshot below):
in the first input box:
Role (without a quote)
in the second input box:
Admin, User (without a quote, and with a comma between values).
Optional
execution_idThe ID of the execution. This is for the polling to work, not for the user.Optional
timeoutThe timeout in seconds until polling ends. Default is 600.Optional
target_parameter_nameThe name of the parameter used as the target resource for the rate-controlled execution. Required if you specify target_key and target_values arguments. For example, instanceIds, LambdaRoleArn.Optional
target_keyUser-defined criteria for sending commands that target managed nodes that meet the criteria. Required if you specify target_parameter_name argument. Possible values are: Parameter Values, Tag Key, Resource Group.Optional
target_valuesUser-defined criteria that maps to target_key.
For example:
- target_key=ResourceGroup target_values=MyResourceGroup.
- target_key=TagKey target_values=<my-tag-key-1>,<my-tag-key-2>
Note: Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
Optional
How to use parameters argument:#
in playbook:#

parameters argument

in the war room:#

Alt text Alt text

Context Output#

PathTypeDescription
AWS.SSM.AutomationExecution.AutomationExecutionIdStringThe unique ID of a newly scheduled automation execution.

Command example#

``!aws-ssm-automation-execution-run document_name=AWS target_parameter_name=InstanceId target_key="Parameter Values" target_values=instance id parameters={"RoleName":"role_name"}````

Context Example#

{
"AWS": {
"SSM": {
"AutomationExecution": {
"AutomationExecutionId": "bbbbbb"
}
}
}
}

Human Readable Output#

Execution bbbbbb is in progress

aws-ssm-automation-execution-cancel#


Stop an Automation execution.

Base Command#

aws-ssm-automation-execution-cancel

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
interval_in_secondsThe interval in seconds between each poll. Default is 30.Optional
automation_execution_idThe execution ID of the Automation to stop.Required
typeThe stop request type. The default type is Cancel. Can get the value by running the aws-ssm-automation-list command. Possible values are: Cancel, Complete.Optional
include_pollingWhen set to true, will keep polling results until the command returns that the status of the automation execution is updated to Cancelled. Possible values are: true, false. Default is false.Optional
first_runThis argument is used to determine whether the current execution of the command is the initial run. After the command is executed, the argument is updated to 'false.' During polling, the code checks the status only for the first execution. Default is True.Optional
timeoutThe timeout in seconds until polling ends. Default is 600.Optional

Context Output#

There is no context output for this command.

Command example#

!aws-ssm-automation-execution-cancel automation_execution_id=0d66c10f

Human Readable Output#

Cancellation command was sent successfully.

aws-ssm-automation-execution-list#


If the argument execution_id is provided, the command returns detailed information about a particular Automation execution. if not provided, the command provides details about all active and terminated Automation executions.

Base Command#

aws-ssm-automation-execution-list

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
execution_idThe unique identifier for an existing automation execution to examine. The execution ID is returned by aws-ssm-automation-execution-run command when the execution of an Automation runbook is initiated. Note: if execution_id not provide the command return a list of executions.Optional
limitThe maximum number of items to return for this command. The command also returns a token that can specify in a subsequent command to get the next set of results. Default is 50.Optional
next_tokenThe token for the next set of items to return. (Received this token from a previous call).Optional

Context Output#

PathTypeDescription
AWS.SSM.AutomationExecutionNextToken.NextTokenStringThe token for the next set of items to return.
AWS.SSM.AutomationExecution.AutomationExecutionIdStringThe execution ID.
AWS.SSM.AutomationExecution.DocumentNameStringThe name of the Automation runbook used during the execution.
AWS.SSM.AutomationExecution.DocumentVersionStringThe version of the document to use during execution.
AWS.SSM.AutomationExecution.ExecutionStartTimeStringThe time the execution started.
AWS.SSM.AutomationExecution.ExecutionEndTimeStringThe time the execution finished.
AWS.SSM.AutomationExecution.AutomationExecutionStatusStringThe execution status of the Automation.
AWS.SSM.AutomationExecution.StepExecutions.StepNameStringThe name of this execution step.
AWS.SSM.AutomationExecution.StepExecutions.ActionStringThe action this step performs. The action determines the behavior of the step.
AWS.SSM.AutomationExecution.StepExecutions.TimeoutSecondsNumberThe timeout seconds of the step.
AWS.SSM.AutomationExecution.StepExecutions.OnFailureStringThe action to take if the step fails. The default value is Abort.
AWS.SSM.AutomationExecution.StepExecutions.MaxAttemptsNumberThe maximum number of tries to run the action of the step. The default value is 1.
AWS.SSM.AutomationExecution.StepExecutions.ExecutionStartTimeStringIf a step has begun execution, this contains the time the step started. If the step is in Pending status, this field isn’t populated.
AWS.SSM.AutomationExecution.StepExecutions.ExecutionEndTimeStringIf a step has finished execution, this contains the time the execution ended. If the step hasn’t yet concluded, this field isn’t populated.
AWS.SSM.AutomationExecution.StepExecutions.StepStatusStringThe execution status for this step.
AWS.SSM.AutomationExecution.StepExecutions.ResponseCodeStringThe response code returned by the execution of the step.
AWS.SSM.AutomationExecution.StepExecutions.InputsDictionaryFully-resolved values passed into the step before execution.
AWS.SSM.AutomationExecution.StepExecutions.OutputsDictionaryReturned values from the execution of the step.
AWS.SSM.AutomationExecution.StepExecutions.ResponseStringA message associated with the response code for an execution.
AWS.SSM.AutomationExecution.StepExecutions.FailureMessageStringIf a step failed, this message explains why the execution failed.
AWS.SSM.AutomationExecution.StepExecutions.FailureDetails.FailureStageStringThe stage of the Automation execution when the failure occurred. The stages include the following: InputValidation, PreVerification, Invocation, PostVerification.
AWS.SSM.AutomationExecution.StepExecutions.FailureDetails.FailureTypeStringThe type of Automation failure. Failure types include the following: Action, Permission, Throttling, Verification, Internal.
AWS.SSM.AutomationExecution.StepExecutions.FailureDetails.DetailsDictionaryDetailed information about the Automation step failure.
AWS.SSM.AutomationExecution.StepExecutions.StepExecutionIdStringThe unique ID of a step execution.
AWS.SSM.AutomationExecution.StepExecutions.OverriddenParametersDictionaryA user-specified list of parameters to override when running a step.
AWS.SSM.AutomationExecution.StepExecutions.IsEndBooleanThe flag which can be used to end automation no matter whether the step succeeds or fails.
AWS.SSM.AutomationExecution.StepExecutions.NextStepStringThe next step after the step succeeds.
AWS.SSM.AutomationExecution.StepExecutions.IsCriticalBooleanThe flag which can be used to help decide whether the failure of the current step leads to the Automation failure.
AWS.SSM.AutomationExecution.StepExecutions.ValidNextStepsStringStrategies used when a step fails. Supports Continue and Abort. Abort will fail the automation when the step fails. Continue will ignore the failure of the current step and allow automation to run the next step. With conditional branching, AWS added step:stepName to support the automation to go to another specific step.
AWS.SSM.AutomationExecution.StepExecutions.Targets.KeyStringUser-defined criteria for sending commands that target managed nodes that meet the criteria.
AWS.SSM.AutomationExecution.StepExecutions.Targets.ValuesStringUser-defined criteria that maps to Key.
AWS.SSM.AutomationExecution.StepExecutions.TargetLocation.AccountsStringThe Amazon Web Services accounts targeted by the current Automation execution.
AWS.SSM.AutomationExecution.StepExecutions.TargetLocation.RegionsStringThe Amazon Web Services Regions targeted by the current Automation execution.
AWS.SSM.AutomationExecution.StepExecutions.TargetLocation.TargetLocationMaxConcurrencyStringThe maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
AWS.SSM.AutomationExecution.StepExecutions.TargetLocation.TargetLocationMaxErrorsStringThe maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
AWS.SSM.AutomationExecution.StepExecutions.TargetLocation.ExecutionRoleNameStringThe Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole.
AWS.SSM.AutomationExecution.StepExecutions.TargetLocation.TargetLocationAlarmConfiguration.IgnorePollAlarmFailureBooleanWhen this value is true, the automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.
AWS.SSM.AutomationExecution.StepExecutions.TargetLocation.TargetLocationAlarmConfiguration.Alarms.NameStringThe name of the CloudWatch alarm.
AWS.SSM.AutomationExecution.StepExecutions.TriggeredAlarms.NameStringThe name of the CloudWatch alarm.
AWS.SSM.AutomationExecution.StepExecutions.TriggeredAlarms.StateStringThe state of the CloudWatch alarm.
AWS.SSM.AutomationExecution.StepExecutionsTruncatedBooleanA boolean value that indicates if the response contains the full list of the Automation step executions. If true, use the DescribeAutomationStepExecutions API operation to get the full list of step executions.
AWS.SSM.AutomationExecution.Parameters.DictionaryThe key-value map of execution parameters, which were supplied when calling StartAutomationExecution.
AWS.SSM.AutomationExecution.OutputsDictionaryThe list of execution outputs as defined in the Automation runbook.
AWS.SSM.AutomationExecution.FailureMessageStringA message describing why an execution has failed, if the status is set to Failed.
AWS.SSM.AutomationExecution.ModeStringThe automation execution mode.
AWS.SSM.AutomationExecution.ParentAutomationExecutionIdStringThe AutomationExecutionId of the parent automation.
AWS.SSM.AutomationExecution.ExecutedByStringThe Amazon Resource Name (ARN) of the user who ran the automation.
AWS.SSM.AutomationExecution.CurrentStepNameStringThe name of the step that is currently running.
AWS.SSM.AutomationExecution.CurrentActionStringThe action of the step that is currently running.
AWS.SSM.AutomationExecution.TargetParameterNameStringThe parameter name.
AWS.SSM.AutomationExecution.Targets.KeyStringUser-defined criteria for sending commands that target managed nodes that meet the criteria.
AWS.SSM.AutomationExecution.Targets.ValuesStringUser-defined criteria that maps to Key.
AWS.SSM.AutomationExecution.TargetMapsList Of DictionariesThe specified key-value mapping of document parameters to target resources.
AWS.SSM.AutomationExecution.ResolvedTargets.ParameterValuesStringA list of parameter values sent to targets that resolved during the Automation execution.
AWS.SSM.AutomationExecution.ResolvedTargets.TruncatedBooleanA boolean value indicating whether the resolved target list is truncated.
AWS.SSM.AutomationExecution.MaxConcurrencyStringThe MaxConcurrency value specified by the user when the execution started.
AWS.SSM.AutomationExecution.MaxErrorsStringThe MaxErrors value specified by the user when the execution started.
AWS.SSM.AutomationExecution.TargetStringThe target of the execution.
AWS.SSM.AutomationExecution.TargetLocations.AccountsStringThe Amazon Web Services accounts targeted by the current Automation execution.
AWS.SSM.AutomationExecution.TargetLocations.RegionsStringThe Amazon Web Services Regions targeted by the current Automation execution.
AWS.SSM.AutomationExecution.TargetLocations.TargetLocationMaxConcurrencyStringThe maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
AWS.SSM.AutomationExecution.TargetLocations.TargetLocationMaxErrorsStringThe maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
AWS.SSM.AutomationExecution.TargetLocations.ExecutionRoleNameStringThe Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole.
AWS.SSM.AutomationExecution.TargetLocations.TargetLocationAlarmConfiguration.IgnorePollAlarmFailureBooleanWhen this value is true, the automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.
AWS.SSM.AutomationExecution.TargetLocations.TargetLocationAlarmConfiguration.Alarms.NameStringThe name of the CloudWatch alarm.
AWS.SSM.AutomationExecution.ProgressCounters.TotalStepsNumberThe total number of steps run in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
AWS.SSM.AutomationExecution.ProgressCounters.SuccessStepsNumberThe total number of steps that successfully completed in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
AWS.SSM.AutomationExecution.ProgressCounters.FailedStepsNumberThe total number of steps that failed to run in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
AWS.SSM.AutomationExecution.ProgressCounters.CancelledStepsNumberThe total number of steps that the system cancelled in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
AWS.SSM.AutomationExecution.ProgressCounters.TimedOutStepsNumberThe total number of steps that timed out in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.
AWS.SSM.AutomationExecution.AlarmConfiguration.IgnorePollAlarmFailureBooleanWhen this value is true, the automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.
AWS.SSM.AutomationExecution.AlarmConfiguration.Alarms.NameStringThe name of the CloudWatch alarm.
AWS.SSM.AutomationExecution.TriggeredAlarms.NameStringThe name of the CloudWatch alarm.
AWS.SSM.AutomationExecution.TriggeredAlarms.StateStringThe state of the CloudWatch alarm.
AWS.SSM.AutomationExecution.AutomationSubtypeStringThe subtype of the Automation operation. Currently, the only supported value is ChangeRequest.
AWS.SSM.AutomationExecution.ScheduledTimeStringThe date and time the Automation operation is scheduled to start.
AWS.SSM.AutomationExecution.Runbooks.DocumentNameStringThe name of the Automation runbook used in a runbook workflow.
AWS.SSM.AutomationExecution.Runbooks.DocumentVersionStringThe version of the Automation runbook used in a runbook workflow.
AWS.SSM.AutomationExecution.Runbooks.ParametersDictionaryThe key-value map of execution parameters, which were supplied when calling StartChangeRequestExecution.
AWS.SSM.AutomationExecution.Runbooks.TargetParameterNameStringThe name of the parameter used as the target resource for the rate-controlled runbook workflow. Required if you specify Targets.
AWS.SSM.AutomationExecution.Runbooks.Targets.KeyStringUser-defined criteria for sending commands that target managed nodes that meet the criteria.
AWS.SSM.AutomationExecution.Runbooks.Targets.ValuesStringUser-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.
AWS.SSM.AutomationExecution.Runbooks.TargetMapsList Of DictionariesA key-value mapping of runbook parameters to target resources. Both Targets and TargetMaps can’t be specified together.
AWS.SSM.AutomationExecution.Runbooks.MaxConcurrencyStringThe MaxConcurrency value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time.
AWS.SSM.AutomationExecution.Runbooks.MaxErrorsStringThe MaxErrors value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back.
AWS.SSM.AutomationExecution.Runbooks.TargetLocations.AccountsStringThe Amazon Web Services accounts targeted by the current Automation execution.
AWS.SSM.AutomationExecution.Runbooks.TargetLocations.RegionsStringThe Amazon Web Services Regions targeted by the current Automation execution.
AWS.SSM.AutomationExecution.Runbooks.TargetLocations.TargetLocationMaxConcurrencyStringThe maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
AWS.SSM.AutomationExecution.Runbooks.TargetLocations.TargetLocationMaxErrorsStringThe maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
AWS.SSM.AutomationExecution.Runbooks.TargetLocations.ExecutionRoleNameStringThe Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole.
AWS.SSM.AutomationExecution.Runbooks.TargetLocations.TargetLocationAlarmConfiguration.IgnorePollAlarmFailureBooleanWhen this value is true, the automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.
AWS.SSM.AutomationExecution.Runbooks.TargetLocations.TargetLocationAlarmConfiguration.Alarms.NameStringThe name of the CloudWatch alarm.
AWS.SSM.AutomationExecution.OpsItemIdStringThe ID of an OpsItem that is created to represent a Change Manager change request.
AWS.SSM.AutomationExecution.AssociationIdStringThe ID of a State Manager association used in the Automation operation.
AWS.SSM.AutomationExecution.ChangeRequestNameStringThe name of the Change Manager change request.

Command example#

!aws-ssm-automation-execution-list limit=2

Context Example#

{
"AWS": {
"SSM": {
"AutomationExecution": [
{
"AutomationExecutionId": "aaaaaa",
"AutomationExecutionStatus": "Failed",
"AutomationType": "Local",
"DocumentName": "AWS",
"DocumentVersion": "1",
"ExecutedBy": "arn",
"ExecutionEndTime": "2023-09-17T21:41:10.509000+00:00",
"ExecutionStartTime": "2023-09-17T21:41:08.659000+00:00",
"FailureMessage": "Step fails when it ...",
"LogFile": "",
"Mode": "Auto",
"Outputs": {
"AttachIAMProfileToInstance.AssociationId": [
"No output available yet because the step is not successfully executed"
],
"AttachIAMProfileToInstanceWithRetry.AssociationId": [
"No output available yet because the step is not successfully executed"
],
"GetInstanceProfile.InstanceProfileArn": [
"No output available yet because the step is not successfully executed"
],
"GetInstanceProfile.InstanceProfileName": [
"No output available yet because the step is not successfully executed"
],
"ListInstanceProfilesForRole.InstanceProfileArn": [
"No output available yet because the step is not successfully executed"
],
"ListInstanceProfilesForRole.InstanceProfileName": [
"No output available yet because the step is not successfully executed"
]
},
"ParentAutomationExecutionId": "bbbbbb",
"ResolvedTargets": {
"ParameterValues": [],
"Truncated": false
},
"Target": "instance id",
"Targets": []
},
{
"AutomationExecutionId": "bbbbbb",
"AutomationExecutionStatus": "Failed",
"AutomationType": "Local",
"DocumentName": "AWS",
"DocumentVersion": "1",
"ExecutedBy": "arn",
"ExecutionEndTime": "2023-09-17T21:41:10.985000+00:00",
"ExecutionStartTime": "2023-09-17T21:41:08.340000+00:00",
"LogFile": "",
"MaxConcurrency": "10",
"MaxErrors": "100%",
"Mode": "Auto",
"Outputs": {
"AttachIAMProfileToInstance.AssociationId": [
"No output available yet because the step is not successfully executed"
],
"AttachIAMProfileToInstanceWithRetry.AssociationId": [
"No output available yet because the step is not successfully executed"
],
"GetInstanceProfile.InstanceProfileArn": [
"No output available yet because the step is not successfully executed"
],
"GetInstanceProfile.InstanceProfileName": [
"No output available yet because the step is not successfully executed"
],
"ListInstanceProfilesForRole.InstanceProfileArn": [
"No output available yet because the step is not successfully executed"
],
"ListInstanceProfilesForRole.InstanceProfileName": [
"No output available yet because the step is not successfully executed"
]
},
"ResolvedTargets": {
"ParameterValues": [],
"Truncated": false
},
"TargetParameterName": "InstanceId",
"Targets": [
{
"Key": "ParameterValues",
"Values": [
"instance id"
]
}
]
}
],
"AutomationExecutionNextToken": {
"NextToken": "AA"
}
}
}
}

Human Readable Output#

AWS SSM Automation Executions#

Automation Execution IdDocument NameDocument VersionStart TimeEnd TimeAutomation Execution StatusModeExecuted By
aaaaaaAWS12023-09-17T21:41:08.659000+00:002023-09-17T21:41:10.509000+00:00FailedAutoarn
bbbbbbAWS12023-09-17T21:41:08.340000+00:002023-09-17T21:41:10.985000+00:00FailedAutoarn

aws-ssm-command-list#


Lists the commands requested by users of the Amazon Web Services account.

Base Command#

aws-ssm-command-list

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
command_idA unique identifier for this command. If provided, lists only the specified command.Optional
limitThe maximum number of items to return for this call. Default is 50.Optional
next_tokenThe token for the next set of items to return. (Received this token from a previous call).Optional

Context Output#

PathTypeDescription
AWS.SSM.CommandNextToken.NextTokenStringThe token for the next set of items to return. (Received this token from a previous call).
AWS.SSM.Command.CommandIdStringA unique identifier for this command.
AWS.SSM.Command.DocumentNameStringThe name of the document requested for execution.
AWS.SSM.Command.DocumentVersionStringThe Systems Manager document (SSM document) version.
AWS.SSM.Command.CommentStringUser-specified information about the command, such as a brief description of what the command should do.
AWS.SSM.Command.ExpiresAfterStringIf a command expires, it changes status to DeliveryTimedOut for all invocations that have the status InProgress, Pending, or Delayed. ExpiresAfter is calculated based on the total timeout for the overall command.
AWS.SSM.Command.ParametersStringThe parameter values to be inserted in the document when running the command.
AWS.SSM.Command.InstanceIdsStringThe managed node IDs against which this command was requested.
AWS.SSM.Command.Targets.KeyStringUser-defined criteria for sending commands that target managed nodes that meet the criteria.
AWS.SSM.Command.Targets.ValuesStringUser-defined criteria that maps to Key.
AWS.SSM.Command.RequestedDateTimeStringThe date and time the command was requested.
AWS.SSM.Command.StatusStringThe status of the command.
AWS.SSM.Command.StatusDetailsStringA detailed status of the command execution. StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status.
AWS.SSM.Command.OutputS3RegionString(Deprecated) The system ignores it. Instead, Systems Manager automatically determines the Amazon Web Services Region of the S3 bucket.
AWS.SSM.Command.OutputS3BucketNameStringThe S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command.
AWS.SSM.Command.OutputS3KeyPrefixStringThe S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command.
AWS.SSM.Command.MaxConcurrencyStringThe maximum number of managed nodes that are allowed to run the command at the same time.
AWS.SSM.Command.MaxErrorsStringThe maximum number of errors allowed before the system stops sending the command to additional targets.
AWS.SSM.Command.TargetCountNumberThe number of targets for the command.
AWS.SSM.Command.CompletedCountNumberThe number of targets for which the command invocation reached a terminal state. Terminal states include the following: Success, Failed, Execution Timed Out, Delivery Timed Out, Cancelled, Terminated, or Undeliverable.
AWS.SSM.Command.ErrorCountNumberThe number of targets for which the status is Failed or Execution Timed Out.
AWS.SSM.Command.DeliveryTimedOutCountNumberThe number of targets for which the status is Delivery Timed Out.
AWS.SSM.Command.ServiceRoleStringThe Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes.
AWS.SSM.Command.NotificationConfig.NotificationArnStringAn Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic.
AWS.SSM.Command.NotificationConfig.NotificationEventsStringThe different events for receive notifications.
AWS.SSM.Command.NotificationConfig.NotificationTypeStringThe type of notification.
AWS.SSM.Command.CloudWatchOutputConfig.CloudWatchLogGroupNameStringThe name of the CloudWatch Logs log group where to send command output. If a group name is not specified, Amazon Web Services Systems Manager automatically creates a log group. The log group uses the following naming format: `aws/ssm/SystemsManagerDocumentName`.
AWS.SSM.Command.CloudWatchOutputConfig.CloudWatchOutputEnabledBooleanEnables Systems Manager to send command output to CloudWatch Logs.
AWS.SSM.Command.TimeoutSecondsNumberThe TimeoutSeconds value specified for a command.
AWS.SSM.Command.AlarmConfiguration.IgnorePollAlarmFailureBooleanWhen this value is true, the automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.
AWS.SSM.Command.AlarmConfiguration.Alarms.NameStringThe name of the CloudWatch alarm specified in the configuration.
AWS.SSM.Command.TriggeredAlarms.NameStringThe name of the CloudWatch alarm.
AWS.SSM.Command.TriggeredAlarms.StateStringThe name of the CloudWatch alarm.

Command example#

!aws-ssm-command-list limit=2

Context Example#

{
"AWS": {
"SSM": {
"Command": {
"AlarmConfiguration": {
"Alarms": [],
"IgnorePollAlarmFailure": false
},
"CloudWatchOutputConfig": {
"CloudWatchLogGroupName": "",
"CloudWatchOutputEnabled": false
},
"CommandId": "bbbbbb",
"Comment": "",
"CompletedCount": 0,
"DeliveryTimedOutCount": 0,
"DocumentName": "AWS",
"DocumentVersion": "$DEFAULT",
"ErrorCount": 0,
"ExpiresAfter": "2023-09-17T23:41:31.607000+00:00",
"InstanceIds": [],
"MaxConcurrency": "50",
"MaxErrors": "0",
"NotificationConfig": {
"NotificationArn": "",
"NotificationEvents": [],
"NotificationType": ""
},
"OutputS3BucketName": "",
"OutputS3KeyPrefix": "",
"OutputS3Region": "eu",
"Parameters": {},
"RequestedDateTime": "2023-09-17T21:41:31.607000+00:00",
"ServiceRole": "",
"Status": "InProgress",
"StatusDetails": "InProgress",
"TargetCount": 1,
"Targets": [
{
"Key": "InstanceIds",
"Values": [
"instance id"
]
}
],
"TimeoutSeconds": 3600,
"TriggeredAlarms": []
},
"CommandNextToken": {
"NextToken": "AA"
}
}
}
}

Human Readable Output#

AWS SSM Commands#

Command IdStatusRequested dateDocument nameCommentTarget CountError CountDelivery Timed Out CountCompleted Count
bbbbbbInProgress2023-09-17T21:41:31.607000+00:00AWS1000

aws-ssm-command-run#


Runs commands on one or more managed nodes.

Base Command#

aws-ssm-command-run

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
document_nameThe name of the Amazon Web Services Systems Manager document (SSM document) to run. Can get from the aws-ssm-document-list command. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document Amazon Resource Name (ARN).Required
target_keyUser-defined criteria for sending commands that target managed nodes that meet the criteria.
For example:
- target_key=InstanceIds target_values=<instance-id-1>,<instance-id-2>.
- target_key=tag:<my-tag-key> target_values=<my-tag-value-1>,<my-tag-value-2>.
- target_key=resource-groups:Name target_values=<resource-group-name>. Possible values are: Instance Ids, Tag Key, Resource Group.
Required
target_valuesThe value of target_values is determined by what is provided in the "target_key" argument.
Note: the maximum number of values for a key might be lower than the global maximum of 50. .
Required
document_versionThe SSM document version to use in the request. Can specify $DEFAULT, $LATEST, or a specific version number.Optional
max_concurrencyThe maximum number of managed nodes that are allowed to run the command at the same time. can specify a number such as 10 or a percentage such as 10%. Default is 50.Optional
max_errorsThe maximum number of errors allowed without the command failing. When the command fails one more time beyond the value of MaxErrors, the systems stops sending the command to additional targets. Can specify a number like 10 or a percentage like 10%.Optional
parametersThe required and optional parameters specified in the document being run.Optional
commentUser-specified information about the command, such as a brief description of what the command should do.Optional
output_s3_bucket_nameThe name of the S3 bucket where command execution responses should be stored.Optional
output_s3_key_prefixThe directory structure within the S3 bucket where the responses should be stored.Optional
interval_in_secondsThe interval in seconds between each poll. Default is 30.Optional
command_idA unique identifier for this command. This is for the polling to work, not for the user.Optional
polling_timeoutThe timeout in seconds until polling ends. Default is 600.Optional
command_timeoutIf this time is reached and the command hasn’t already started running, it won’t run. Valid Range: Minimum value of 30 seconds. Maximum value of 2592000 seconds (30 days).Optional
How to use parameters argument:#
in playbook:#

parameters argument

in the war room:#

Alt text Alt text

Context Output#

PathTypeDescription
AWS.SSM.Command.CommandIdStringA unique identifier for this command.
AWS.SSM.Command.DocumentNameStringThe name of the document requested for execution.
AWS.SSM.Command.DocumentVersionStringThe Systems Manager document (SSM document) version.
AWS.SSM.Command.CommentStringUser-specified information about the command, such as a brief description of what the command should do.
AWS.SSM.Command.ExpiresAfterStringIf a command expires, it changes status to DeliveryTimedOut for all invocations that have the status InProgress, Pending, or Delayed. ExpiresAfter is calculated based on the total timeout for the overall command.
AWS.SSM.Command.Parameters.stringStringThe parameter values to be inserted in the document when running the command.
AWS.SSM.Command.InstanceIdsStringThe managed node IDs against which this command was requested.
AWS.SSM.Command.Targets.KeyStringUser-defined criteria for sending commands that target managed nodes that meet the criteria.
AWS.SSM.Command.Targets.ValuesStringUser-defined criteria that maps to Key.
AWS.SSM.Command.RequestedDateTimeStringThe date and time the command was requested.
AWS.SSM.Command.StatusStringThe status of the command.
AWS.SSM.Command.StatusDetailsStringA detailed status of the command execution. StatusDetails includes more information than Status because it includes states resulting from error and concurrency control parameters. StatusDetails can show different results than Status.
AWS.SSM.Command.OutputS3RegionString(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Amazon Web Services Region of the S3 bucket.
AWS.SSM.Command.OutputS3BucketNameStringThe S3 bucket where the responses to the command executions should be stored. This was requested when issuing the command.
AWS.SSM.Command.OutputS3KeyPrefixStringThe S3 directory path inside the bucket where the responses to the command executions should be stored. This was requested when issuing the command.
AWS.SSM.Command.MaxConcurrencyStringThe maximum number of managed nodes that are allowed to run the command at the same time.
AWS.SSM.Command.MaxErrorsStringThe maximum number of errors allowed before the system stops sending the command to additional targets.
AWS.SSM.Command.TargetCountNumberThe number of targets for the command.
AWS.SSM.Command.CompletedCountNumberThe number of targets for which the command invocation reached a terminal state. Terminal states include the following: Success, Failed, Execution Timed Out, Delivery Timed Out, Cancelled, Terminated, or Undeliverable.
AWS.SSM.Command.ErrorCountNumberThe number of targets for which the status is Failed or Execution Timed Out.
AWS.SSM.Command.DeliveryTimedOutCountNumberThe number of targets for which the status is Delivery Timed Out.
AWS.SSM.Command.ServiceRoleStringThe Identity and Access Management (IAM) service role that Run Command, a capability of Amazon Web Services Systems Manager, uses to act on your behalf when sending notifications about command status changes.
AWS.SSM.Command.NotificationConfig.NotificationArnStringAn Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
AWS.SSM.Command.NotificationConfig.NotificationEventsStringThe different events for which you can receive notifications.
AWS.SSM.Command.NotificationConfig.NotificationTypeStringThe type of notification.
AWS.SSM.Command.CloudWatchOutputConfig.CloudWatchLogGroupNameStringThe name of the CloudWatch Logs log group where you want to send command output. If you don’t specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format: aws/ssm/SystemsManagerDocumentName.
AWS.SSM.Command.CloudWatchOutputConfig.CloudWatchOutputEnabledBooleanEnables Systems Manager to send command output to CloudWatch Logs.
AWS.SSM.Command.TimeoutSecondsNumberThe TimeoutSeconds value specified for a command.
AWS.SSM.Command.AlarmConfiguration.IgnorePollAlarmFailureBooleanWhen this value is true, your automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch.
AWS.SSM.Command.AlarmConfiguration.Alarms.NameStringThe name of the CloudWatch alarm.
AWS.SSM.Command.TriggeredAlarms.NameStringThe name of the CloudWatch alarm.
AWS.SSM.Command.TriggeredAlarms.StateStringThe state of the CloudWatch alarm.

Command example#

!aws-ssm-command-run document_name=AWS target_key="Instance Ids" target_values=instance id

Context Example#

{
"AWS": {
"SSM": {
"Command": {
"AlarmConfiguration": {
"Alarms": [],
"IgnorePollAlarmFailure": false
},
"CloudWatchOutputConfig": {
"CloudWatchLogGroupName": "",
"CloudWatchOutputEnabled": false
},
"CommandId": "bbbbbb",
"Comment": "",
"CompletedCount": 0,
"DeliveryTimedOutCount": 0,
"DocumentName": "AWS",
"DocumentVersion": "$DEFAULT",
"ErrorCount": 0,
"ExpiresAfter": "2023-09-17T23:41:31.607000+00:00",
"InstanceIds": [],
"MaxConcurrency": "50",
"MaxErrors": "0",
"NotificationConfig": {
"NotificationArn": "",
"NotificationEvents": [],
"NotificationType": ""
},
"OutputS3BucketName": "",
"OutputS3KeyPrefix": "",
"OutputS3Region": "eu",
"Parameters": {},
"RequestedDateTime": "2023-09-17T21:41:31.607000+00:00",
"ServiceRole": "",
"Status": "Pending",
"StatusDetails": "Pending",
"TargetCount": 0,
"Targets": [
{
"Key": "InstanceIds",
"Values": [
"instance id"
]
}
],
"TimeoutSeconds": 3600,
"TriggeredAlarms": []
}
}
}
}

Human Readable Output#

Command bbbbbb was sent successful.

aws-ssm-command-cancel#


Attempts to cancel the command specified by the Command ID. There is no guarantee that the command will be terminated and the underlying process stopped.

Base Command#

aws-ssm-command-cancel

Input#

Argument NameDescriptionRequired
regionThe AWS Region. If not specified, the default region will be used. Possible values are: us-east-1, us-east-2, us-west-1, us-west-2, ca-central-1, eu-west-1, eu-central-1, eu-west-2, ap-northeast-1, ap-northeast-2, ap-southeast-1, ap-southeast-2, ap-south-1, sa-east-1, eu-north-1, eu-west-3.Optional
roleArnThe Amazon Resource Name (ARN) of the role to assume.Optional
roleSessionNameAn identifier for the assumed role session.Optional
roleSessionDurationThe duration, in seconds, of the role session. The value can range from 900 seconds (15 minutes) up to the maximum session duration setting for the role.Optional
command_idThe ID of the command to cancel. Can get from the aws-ssm-command-list command.Required
instance_idsA list of managed node IDs on which you want to cancel the command. If not provided, the command is canceled on every node on which it was requested.Optional
include_pollingWhen set to true, will keep polling results until the command return that the status of the command execution is updated to Cancelled. Possible values are: true, false. Default is false.Optional
interval_in_secondsThe interval in seconds between each poll. Default is 30.Optional
first_runThis argument is used to determine whether the current execution of the command is the initial run. After the command is executed, the argument is updated to 'false.' During polling, the code checks the status only for the first execution. Default is True.Optional
timeoutThe timeout in seconds until polling ends. Default is 600.Optional

Context Output#

There is no context output for this command.

Command example#

!aws-ssm-command-cancel command_id=test

Human Readable Output#

Cancellation command was sent successful.