Icon

AWS Systems Manager (version v1.*.*)

add_tags_to_resource

Adds or overwrites one or more tags for the specified resource. Tags are metadata that you can assign to your documents, managed instances, maintenance windows, Parameter Store parameters, and patch baselines. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. For example, you could define a set of tags for your account's managed instances that helps you track each instance's owner and stack level. For example: Key=Owner and Value=DbAdmin, SysAdmin, or Dev. Or Key=Stack and Value=Production, Pre-Production, or Test.
Each resource can have a maximum of 50 tags.
We recommend that you devise a set of tag keys that meets your needs for each resource type. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags you add. Tags don't have any semantic meaning to Amazon EC2 and are interpreted strictly as a string of characters.
For more information about tags, see Tagging Your Amazon EC2 Resources in the Amazon EC2 User Guide.

Parameters

$body

Type: object

{
"ResourceId" : "The resource ID you want to tag. \nUse the ID of the resource. Here are some examples: \nManagedInstance: mi-012345abcde \nMaintenanceWindow: mw-012345abcde \nPatchBaseline: pb-012345abcde \nFor the Document and Parameter values, use the name of the resource. \nThe ManagedInstance type for this API action is only for on-premises managed instances. You must specify the name of the managed instance in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f.",
"ResourceType" : "Specifies the type of resource you are tagging. \nThe ManagedInstance type for this API action is for on-premises managed instances. You must specify the name of the managed instance in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f.",
"Tags" : [ {
"Value" : "The value of the tag.",
"Key" : "The name of the tag."
} ]
}

cancel_command

Attempts to cancel the command specified by the Command ID. There is no guarantee that the command will be terminated and the underlying process stopped.

Parameters

$body

Type: object

{
"CommandId" : "The ID of the command you want to cancel.",
"InstanceIds" : [ "string" ]
}

cancel_maintenance_window_execution

Stops a maintenance window execution that is already in progress and cancels any tasks in the window that have not already starting running. (Tasks already in progress will continue to completion.)

Parameters

$body

Type: object

{
"WindowExecutionId" : "The ID of the maintenance window execution to stop."
}

create_activation

Registers your on-premises server or virtual machine with Amazon EC2 so that you can manage these resources using Run Command. An on-premises server or virtual machine that has been registered with EC2 is called a managed instance. For more information about activations, see Setting Up AWS Systems Manager for Hybrid Environments.

Parameters

$body

Type: object

{
"RegistrationLimit" : "Specify the maximum number of managed instances you want to register. The default value is 1 instance.",
"Description" : "A user-defined description of the resource that you want to register with Amazon EC2. \nDo not enter personally identifiable information in this field.",
"ExpirationDate" : "The date by which this activation request should expire. The default value is 24 hours.",
"IamRole" : "The Amazon Identity and Access Management (IAM) role that you want to assign to the managed instance. ",
"DefaultInstanceName" : "The name of the registered, managed instance as it will appear in the Amazon EC2 console or when you use the AWS command line tools to list EC2 resources. \nDo not enter personally identifiable information in this field.",
"Tags" : [ {
"Value" : "The value of the tag.",
"Key" : "The name of the tag."
} ]
}

create_association

Associates the specified Systems Manager document with the specified instances or targets.
When you associate a document with one or more instances using instance IDs or tags, SSM Agent running on the instance processes the document and configures the instance as specified.
If you associate a document with an instance that already has an associated document, the system returns the AssociationAlreadyExists exception.

Parameters

$body

Type: object

{
"AssociationName" : "Specify a descriptive name for the association.",
"ScheduleExpression" : "A cron expression when the association will be applied to the target(s).",
"MaxErrors" : "The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received. \nExecutions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.",
"Parameters" : "The parameters for the runtime configuration of the document.",
"InstanceId" : "The instance ID. \n InstanceId has been deprecated. To specify an instance ID for an association, use the Targets parameter. If you use the parameter InstanceId, you cannot use the parameters AssociationName, DocumentVersion, MaxErrors, MaxConcurrency, OutputLocation, or ScheduleExpression. To use these parameters, you must use the Targets parameter.",
"MaxConcurrency" : "The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time. \nIf a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency.",
"ComplianceSeverity" : "The severity level to assign to the association.",
"Targets" : [ {
"Values" : [ "string" ],
"Key" : "User-defined criteria for sending commands that target instances that meet the criteria."
} ],
"DocumentVersion" : "The document version you want to associate with the target(s). Can be a specific version or the default version.",
"OutputLocation" : {
"S3Location" : {
"OutputS3KeyPrefix" : "The Amazon S3 bucket subfolder.",
"OutputS3Region" : "(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Amazon S3 bucket region.",
"OutputS3BucketName" : "The name of the Amazon S3 bucket."
}
},
"AutomationTargetParameterName" : "Specify the target for the association. This target is required for associations that use an Automation document and target resources by using rate controls.",
"Name" : "The name of the SSM document that contains the configuration information for the instance. You can specify Command or Automation documents. \nYou can specify AWS-predefined documents, documents you created, or a document that is shared with you from another account. \nFor SSM documents that are shared with you from other AWS accounts, you must specify the complete SSM document ARN, in the following format: \n arn:partition:ssm:region:account-id:document/document-name \nFor example: \n arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document \nFor AWS-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS-ApplyPatchBaseline or My-Document."
}

create_association_batch

Associates the specified Systems Manager document with the specified instances or targets.
When you associate a document with one or more instances using instance IDs or tags, SSM Agent running on the instance processes the document and configures the instance as specified.
If you associate a document with an instance that already has an associated document, the system returns the AssociationAlreadyExists exception.

Parameters

$body

Type: object

{
"Entries" : [ {
"AssociationName" : "Specify a descriptive name for the association.",
"ScheduleExpression" : "A cron expression that specifies a schedule when the association runs.",
"MaxErrors" : "The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received. \nExecutions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.",
"Parameters" : "A description of the parameters for a document. ",
"InstanceId" : "The ID of the instance. ",
"MaxConcurrency" : "The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time. \nIf a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency.",
"ComplianceSeverity" : "The severity level to assign to the association.",
"Targets" : [ {
"Values" : [ "string" ],
"Key" : "User-defined criteria for sending commands that target instances that meet the criteria."
} ],
"DocumentVersion" : "The document version.",
"OutputLocation" : {
"S3Location" : {
"OutputS3KeyPrefix" : "The Amazon S3 bucket subfolder.",
"OutputS3Region" : "(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Amazon S3 bucket region.",
"OutputS3BucketName" : "The name of the Amazon S3 bucket."
}
},
"AutomationTargetParameterName" : "Specify the target for the association. This target is required for associations that use an Automation document and target resources by using rate controls.",
"Name" : "The name of the SSM document that contains the configuration information for the instance. You can specify Command or Automation documents. \nYou can specify AWS-predefined documents, documents you created, or a document that is shared with you from another account. \nFor SSM documents that are shared with you from other AWS accounts, you must specify the complete SSM document ARN, in the following format: \n arn:aws:ssm:region:account-id:document/document-name \nFor example: \n arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document \nFor AWS-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS-ApplyPatchBaseline or My-Document."
} ]
}

create_document

Creates a Systems Manager document.
After you create a document, you can use CreateAssociation to associate it with one or more running instances.

Parameters

$body

Type: object

{
"DocumentFormat" : "Specify the document format for the request. The document format can be either JSON or YAML. JSON is the default format.",
"Content" : "A valid JSON or YAML string.",
"TargetType" : "Specify a target type to define the kinds of resources the document can run on. For example, to run a document on EC2 instances, specify the following value: /AWS::EC2::Instance. If you specify a value of '/' the document can run on all types of resources. If you don't specify a value, the document can't run on any resources. For a list of valid resource types, see AWS Resource Types Reference in the AWS CloudFormation User Guide. ",
"DocumentType" : "The type of document to create. Valid document types include: Command, Policy, Automation, Session, and Package.",
"VersionName" : "An optional field specifying the version of the artifact you are creating with the document. For example, \"Release 12, Update 6\". This value is unique across all versions of a document, and cannot be changed.",
"Attachments" : [ {
"Values" : [ "string" ],
"Key" : "The key of a key and value pair that identifies the location of an attachment to a document."
} ],
"Tags" : [ {
"Value" : "The value of the tag.",
"Key" : "The name of the tag."
} ],
"Name" : "A name for the Systems Manager document. \nDo not use the following to begin the names of documents you create. They are reserved by AWS for use as document prefixes: \n aws \n amazon \n amzn "
}

create_maintenance_window

Creates a new maintenance window.
The value you specify for Duration determines the specific end time for the maintenance window based on the time it begins. No maintenance window tasks are permitted to start after the resulting endtime minus the number of hours you specify for Cutoff. For example, if the maintenance window starts at 3 PM, the duration is three hours, and the value you specify for Cutoff is one hour, no maintenance window tasks can start after 5 PM.

Parameters

$body

Type: object

{
"StartDate" : "The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become active. StartDate allows you to delay activation of the maintenance window until the specified future date.",
"Description" : "An optional description for the maintenance window. We recommend specifying a description to help you organize your maintenance windows. ",
"AllowUnassociatedTargets" : "Enables a maintenance window task to run on managed instances, even if you have not registered those instances as targets. If enabled, then you must specify the unregistered instances (by instance ID) when you register a task with the maintenance window. \nIf you don't enable this option, then you must specify previously-registered targets when you register a task with the maintenance window.",
"Cutoff" : "The number of hours before the end of the maintenance window that Systems Manager stops scheduling new tasks for execution.",
"Schedule" : "The schedule of the maintenance window in the form of a cron or rate expression.",
"Duration" : "The duration of the maintenance window in hours.",
"ClientToken" : "User-provided idempotency token.",
"EndDate" : "The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become inactive. EndDate allows you to set a date and time in the future when the maintenance window will no longer run.",
"Tags" : [ {
"Value" : "The value of the tag.",
"Key" : "The name of the tag."
} ],
"Name" : "The name of the maintenance window.",
"ScheduleTimezone" : "The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: \"America/Los_Angeles\", \"etc/UTC\", or \"Asia/Seoul\". For more information, see the Time Zone Database on the IANA website."
}

create_ops_item

Creates a new OpsItem. You must have permission in AWS Identity and Access Management (IAM) to create a new OpsItem. For more information, see Getting Started with OpsCenter in the AWS Systems Manager User Guide.
Operations engineers and IT professionals use OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their AWS resources. For more information, see AWS Systems Manager OpsCenter in the AWS Systems Manager User Guide.

Parameters

$body

Type: object

{
"Description" : "Information about the OpsItem. ",
"Priority" : "The importance of this OpsItem in relation to other OpsItems in the system.",
"OperationalData" : "Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB. \nOperational data keys can't begin with the following: amazon, aws, amzn, ssm, /amazon, /aws, /amzn, /ssm. \nYou can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API action) can view and search on the specified data. Operational data that is not searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API action). \nUse the /aws/resources key in OperationalData to specify a related resource in the request. Use the /aws/automations key in OperationalData to associate an Automation runbook with the OpsItem. To view AWS CLI example commands that use these keys, see Creating OpsItems Manually in the AWS Systems Manager User Guide.",
"Title" : "A short heading that describes the nature of the OpsItem and the impacted resource.",
"Notifications" : [ {
"Arn" : "The Amazon Resource Name (ARN) of an SNS topic where notifications are sent when this OpsItem is edited or changed."
} ],
"RelatedOpsItems" : [ {
"OpsItemId" : "The ID of an OpsItem related to the current OpsItem."
} ],
"Source" : "The origin of the OpsItem, such as Amazon EC2 or AWS Systems Manager.",
"Tags" : [ {
"Value" : "The value of the tag.",
"Key" : "The name of the tag."
} ]
}

create_patch_baseline

Creates a patch baseline.
For information about valid key and value pairs in PatchFilters for each supported operating system type, see PatchFilter.

Parameters

$body

Type: object

{
"OperatingSystem" : "Defines the operating system the patch baseline applies to. The Default value is WINDOWS.",
"Description" : "A description of the patch baseline.",
"ApprovalRules" : {
"PatchRules" : [ {
"EnableNonSecurity" : "For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is 'false'. Applies to Linux instances only.",
"PatchFilterGroup" : {
"PatchFilters" : [ {
"Values" : [ "string" ],
"Key" : "The key for the filter. \nRun the DescribePatchProperties command to view lists of valid keys for each operating system type."
} ]
},
"ApproveAfterDays" : "The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released. ",
"ComplianceLevel" : "A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: Unspecified, Critical, High, Medium, Low, and Informational."
} ]
},
"Sources" : [ {
"Products" : [ "string" ],
"Configuration" : "The value of the yum repo configuration. For example: \n [main] \n cachedir=/var/cache/yum/$basesearch$releasever \n keepcache=0 \n debuglevel=2 ",
"Name" : "The name specified to identify the patch source."
} ],
"Name" : "The name of the patch baseline.",
"RejectedPatches" : [ "string" ],
"ApprovedPatches" : [ "string" ],
"RejectedPatchesAction" : "The action for Patch Manager to take on patches included in the RejectedPackages list. \n ALLOW_AS_DEPENDENCY: A package in the Rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as InstalledOther. This is the default action if no option is specified. \n BLOCK: Packages in the RejectedPatches list, and packages that include them as dependencies, are not installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as InstalledRejected. ",
"ApprovedPatchesComplianceLevel" : "Defines the compliance level for approved patches. This means that if an approved patch is reported as missing, this is the severity of the compliance violation. The default value is UNSPECIFIED.",
"ApprovedPatchesEnableNonSecurity" : "Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.",
"ClientToken" : "User-provided idempotency token.",
"GlobalFilters" : {
"PatchFilters" : [ {
"Values" : [ "string" ],
"Key" : "The key for the filter. \nRun the DescribePatchProperties command to view lists of valid keys for each operating system type."
} ]
},
"Tags" : [ {
"Value" : "The value of the tag.",
"Key" : "The name of the tag."
} ]
}

create_resource_data_sync

Creates a resource data sync configuration to a single bucket in Amazon S3. This is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data to the Amazon S3 bucket. To check the status of the sync, use the ListResourceDataSync.
By default, data is not encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy. For more information, see Configuring Resource Data Sync for Inventory in the AWS Systems Manager User Guide.

Parameters

$body

Type: object

{
"S3Destination" : {
"AWSKMSKeyARN" : "The ARN of an encryption key for a destination in Amazon S3. Must belong to the same Region as the destination Amazon S3 bucket.",
"BucketName" : "The name of the Amazon S3 bucket where the aggregated data is stored.",
"SyncFormat" : "A supported sync format. The following format is currently supported: JsonSerDe",
"Region" : "The AWS Region with the Amazon S3 bucket targeted by the Resource Data Sync.",
"Prefix" : "An Amazon S3 prefix for the bucket."
},
"SyncName" : "A name for the configuration."
}

delete_activation

Deletes an activation. You are not required to delete an activation. If you delete an activation, you can no longer use it to register additional managed instances. Deleting an activation does not de-register managed instances. You must manually de-register managed instances.

Parameters

$body

Type: object

{
"ActivationId" : "The ID of the activation that you want to delete."
}

delete_association

Disassociates the specified Systems Manager document from the specified instance.
When you disassociate a document from an instance, it does not change the configuration of the instance. To change the configuration state of an instance after you disassociate a document, you must create a new document with the desired configuration and associate it with the instance.

Parameters

$body

Type: object

{
"InstanceId" : "The ID of the instance.",
"AssociationId" : "The association ID that you want to delete.",
"Name" : "The name of the Systems Manager document."
}

delete_document

Deletes the Systems Manager document and all instance associations to the document.
Before you delete the document, we recommend that you use DeleteAssociation to disassociate all instances that are associated with the document.

Parameters

$body

Type: object

{
"VersionName" : "The version name of the document that you want to delete. If not provided, all versions of the document are deleted.",
"DocumentVersion" : "The version of the document that you want to delete. If not provided, all versions of the document are deleted.",
"Name" : "The name of the document."
}

delete_inventory

Delete a custom inventory type, or the data associated with a custom Inventory type. Deleting a custom inventory type is also referred to as deleting a custom inventory schema.

Parameters

$body

Type: object

{
"TypeName" : "The name of the custom inventory type for which you want to delete either all previously collected data, or the inventory type itself. ",
"SchemaDeleteOption" : "Use the SchemaDeleteOption to delete a custom inventory type (schema). If you don't choose this option, the system only deletes existing inventory data associated with the custom inventory type. Choose one of the following options: \nDisableSchema: If you choose this option, the system ignores all inventory data for the specified version, and any earlier versions. To enable this schema again, you must call the PutInventory action for a version greater than the disabled version. \nDeleteSchema: This option deletes the specified custom type from the Inventory service. You can recreate the schema later, if you want.",
"DryRun" : "Use this option to view a summary of the deletion request without deleting any data or the data type. This option is useful when you only want to understand what will be deleted. Once you validate that the data to be deleted is what you intend to delete, you can run the same command without specifying the DryRun option.",
"ClientToken" : "User-provided idempotency token."
}

delete_maintenance_window

Deletes a maintenance window.

Parameters

$body

Type: object

{
"WindowId" : "The ID of the maintenance window to delete."
}

delete_parameter

Delete a parameter from the system.

Parameters

$body

Type: object

{
"Name" : "The name of the parameter to delete."
}

delete_parameters

Delete a list of parameters.

Parameters

$body

Type: object

{
"Names" : [ "string" ]
}

delete_patch_baseline

Deletes a patch baseline.

Parameters

$body

Type: object

{
"BaselineId" : "The ID of the patch baseline to delete."
}

delete_resource_data_sync

Deletes a Resource Data Sync configuration. After the configuration is deleted, changes to inventory data on managed instances are no longer synced with the target Amazon S3 bucket. Deleting a sync configuration does not delete data in the target Amazon S3 bucket.

Parameters

$body

Type: object

{
"SyncName" : "The name of the configuration to delete."
}

deregister_managed_instance

Removes the server or virtual machine from the list of registered servers. You can reregister the instance again at any time. If you don't plan to use Run Command on the server, we suggest uninstalling SSM Agent first.

Parameters

$body

Type: object

{
"InstanceId" : "The ID assigned to the managed instance when you registered it using the activation process. "
}

deregister_patch_baseline_for_patch_group

Removes a patch group from a patch baseline.

Parameters

$body

Type: object

{
"BaselineId" : "The ID of the patch baseline to deregister the patch group from.",
"PatchGroup" : "The name of the patch group that should be deregistered from the patch baseline."
}

deregister_target_from_maintenance_window

Removes a target from a maintenance window.

Parameters

$body

Type: object

{
"WindowId" : "The ID of the maintenance window the target should be removed from.",
"Safe" : "The system checks if the target is being referenced by a task. If the target is being referenced, the system returns an error and does not deregister the target from the maintenance window.",
"WindowTargetId" : "The ID of the target definition to remove."
}

deregister_task_from_maintenance_window

Removes a task from a maintenance window.

Parameters

$body

Type: object

{
"WindowTaskId" : "The ID of the task to remove from the maintenance window.",
"WindowId" : "The ID of the maintenance window the task should be removed from."
}

describe_activations

Describes details about the activation, such as the date and time the activation was created, its expiration date, the IAM role assigned to the instances in the activation, and the number of instances registered by using this activation.

Parameters

$body

Type: object

{
"Filters" : [ {
"FilterValues" : [ "string" ],
"FilterKey" : "The name of the filter."
} ]
}

describe_association

Describes the association for the specified target or instance. If you created the association by using the Targets parameter, then you must retrieve the association by using the association ID. If you created the association by specifying an instance ID and a Systems Manager document, then you retrieve the association by specifying the document name and the instance ID.

Parameters

$body

Type: object

{
"InstanceId" : "The instance ID.",
"AssociationVersion" : "Specify the association version to retrieve. To view the latest version, either specify $LATEST for this parameter, or omit this parameter. To view a list of all associations for an instance, use ListAssociations. To get a list of versions for a specific association, use ListAssociationVersions. ",
"AssociationId" : "The association ID for which you want information.",
"Name" : "The name of the Systems Manager document."
}

describe_association_execution_targets

Use this API action to view information about a specific execution of a specific association.

Parameters

$body

Type: object

{
"Filters" : [ {
"Value" : "The value specified for the key.",
"Key" : "The key value used in the request."
} ],
"AssociationId" : "The association ID that includes the execution for which you want to view details.",
"ExecutionId" : "The execution ID for which you want to view details."
}

describe_association_executions

Use this API action to view all executions for a specific association ID.

Parameters

$body

Type: object

{
"Filters" : [ {
"Type" : "The filter type specified in the request.",
"Value" : "The value specified for the key.",
"Key" : "The key value used in the request."
} ],
"AssociationId" : "The association ID for which you want to view execution history details."
}

describe_automation_executions

Provides details about all active and terminated Automation executions.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "One or more keys to limit the results. Valid filter keys include the following: DocumentNamePrefix, ExecutionStatus, ExecutionId, ParentExecutionId, CurrentAction, StartTimeBefore, StartTimeAfter."
} ]
}

describe_automation_step_executions

Information about all active and terminated step executions in an Automation workflow.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "One or more keys to limit the results. Valid filter keys include the following: StepName, Action, StepExecutionId, StepExecutionStatus, StartTimeBefore, StartTimeAfter."
} ],
"ReverseOrder" : "A boolean that indicates whether to list step executions in reverse order by start time. The default value is false.",
"AutomationExecutionId" : "The Automation execution ID for which you want step execution descriptions."
}

describe_available_patches

Lists all patches eligible to be included in a patch baseline.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "The key for the filter."
} ]
}

describe_document

Describes the specified Systems Manager document.

Parameters

$body

Type: object

{
"VersionName" : "An optional field specifying the version of the artifact associated with the document. For example, \"Release 12, Update 6\". This value is unique across all versions of a document, and cannot be changed.",
"DocumentVersion" : "The document version for which you want information. Can be a specific version or the default version.",
"Name" : "The name of the Systems Manager document."
}

describe_document_permission

Describes the permissions for a Systems Manager document. If you created the document, you are the owner. If a document is shared, it can either be shared privately (by specifying a user's AWS account ID) or publicly (All).

Parameters

$body

Type: object

{
"PermissionType" : "The permission type for the document. The permission type can be Share.",
"Name" : "The name of the document for which you are the owner."
}

describe_effective_instance_associations

All associations for the instance(s).

Parameters

$body

Type: object

{
"InstanceId" : "The instance ID for which you want to view all associations."
}

describe_effective_patches_for_patch_baseline

Retrieves the current effective patches (the patch and the approval state) for the specified patch baseline. Note that this API applies only to Windows patch baselines.

Parameters

$body

Type: object

{
"BaselineId" : "The ID of the patch baseline to retrieve the effective patches for."
}

describe_instance_associations_status

The status of the associations for the instance(s).

Parameters

$body

Type: object

{
"InstanceId" : "The instance IDs for which you want association status information."
}

describe_instance_information

Describes one or more of your instances. You can use this to get information about instances like the operating system platform, the SSM Agent version (Linux), status etc. If you specify one or more instance IDs, it returns information for those instances. If you do not specify instance IDs, it returns information for all your instances. If you specify an instance ID that is not valid or an instance that you do not own, you receive an error.
The IamRole field for this API action is the Amazon Identity and Access Management (IAM) role assigned to on-premises instances. This call does not return the IAM role for Amazon EC2 instances.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "The filter key name to describe your instances. For example: \n\"InstanceIds\"|\"AgentVersion\"|\"PingStatus\"|\"PlatformTypes\"|\"ActivationIds\"|\"IamRole\"|\"ResourceType\"|\"AssociationStatus\"|\"Tag Key\""
} ],
"InstanceInformationFilterList" : [ {
"valueSet" : [ "string" ],
"key" : "The name of the filter. "
} ]
}

describe_instance_patch_states

Retrieves the high-level patch state of one or more instances.

Parameters

$body

Type: object

{
"InstanceIds" : [ "string" ]
}

describe_instance_patch_states_for_patch_group

Retrieves the high-level patch state for the instances in the specified patch group.

Parameters

$body

Type: object

{
"Filters" : [ {
"Type" : "The type of comparison that should be performed for the value: Equal, NotEqual, LessThan or GreaterThan.",
"Values" : [ "string" ],
"Key" : "The key for the filter. Supported values are FailedCount, InstalledCount, InstalledOtherCount, MissingCount and NotApplicableCount."
} ],
"PatchGroup" : "The name of the patch group for which the patch state information should be retrieved."
}

describe_instance_patches

Retrieves information about the patches on the specified instance and their state relative to the patch baseline being used for the instance.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "The key for the filter."
} ],
"InstanceId" : "The ID of the instance whose patch state information should be retrieved."
}

describe_inventory_deletions

Describes a specific delete inventory operation.

Parameters

$body

Type: object

{
"DeletionId" : "Specify the delete inventory ID for which you want information. This ID was returned by the DeleteInventory action."
}

describe_maintenance_window_execution_task_invocations

Retrieves the individual task executions (one per target) for a particular task run as part of a maintenance window execution.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "The name of the filter."
} ],
"TaskId" : "The ID of the specific task in the maintenance window task that should be retrieved.",
"WindowExecutionId" : "The ID of the maintenance window execution the task is part of."
}

describe_maintenance_window_execution_tasks

For a given maintenance window execution, lists the tasks that were run.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "The name of the filter."
} ],
"WindowExecutionId" : "The ID of the maintenance window execution whose task executions should be retrieved."
}

describe_maintenance_window_executions

Lists the executions of a maintenance window. This includes information about when the maintenance window was scheduled to be active, and information about tasks registered and run with the maintenance window.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "The name of the filter."
} ],
"WindowId" : "The ID of the maintenance window whose executions should be retrieved."
}

describe_maintenance_window_schedule

Retrieves information about upcoming executions of a maintenance window.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "The key for the filter."
} ],
"WindowId" : "The ID of the maintenance window to retrieve information about.",
"Targets" : [ {
"Values" : [ "string" ],
"Key" : "User-defined criteria for sending commands that target instances that meet the criteria."
} ],
"ResourceType" : "The type of resource you want to retrieve information about. For example, \"INSTANCE\"."
}

describe_maintenance_window_targets

Lists the targets registered with the maintenance window.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "The name of the filter."
} ],
"WindowId" : "The ID of the maintenance window whose targets should be retrieved."
}

describe_maintenance_window_tasks

Lists the tasks in a maintenance window.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "The name of the filter."
} ],
"WindowId" : "The ID of the maintenance window whose tasks should be retrieved."
}

describe_maintenance_windows

Retrieves the maintenance windows in an AWS account.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "The name of the filter."
} ]
}

describe_maintenance_windows_for_target

Retrieves information about the maintenance window targets or tasks that an instance is associated with.

Parameters

$body

Type: object

{
"Targets" : [ {
"Values" : [ "string" ],
"Key" : "User-defined criteria for sending commands that target instances that meet the criteria."
} ],
"ResourceType" : "The type of resource you want to retrieve information about. For example, \"INSTANCE\"."
}

describe_ops_items

Query a set of OpsItems. You must have permission in AWS Identity and Access Management (IAM) to query a list of OpsItems. For more information, see Getting Started with OpsCenter in the AWS Systems Manager User Guide.
Operations engineers and IT professionals use OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their AWS resources. For more information, see AWS Systems Manager OpsCenter in the AWS Systems Manager User Guide.

Parameters

$body

Type: object

{
"NextToken" : "A token to start the list. Use this token to get the next set of results.",
"MaxResults" : "The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.",
"OpsItemFilters" : [ {
"Operator" : "The operator used by the filter call.",
"Values" : [ "string" ],
"Key" : "The name of the filter."
} ]
}

describe_parameters

Get information about a parameter.
Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults. If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken. You can specify the NextToken in a subsequent call to get the next set of results.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "The name of the filter."
} ],
"ParameterFilters" : [ {
"Values" : [ "string" ],
"Option" : "Valid options are Equals and BeginsWith. For Path filter, valid options are Recursive and OneLevel.",
"Key" : "The name of the filter."
} ]
}

describe_patch_baselines

Lists the patch baselines in your AWS account.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "The key for the filter."
} ]
}

describe_patch_group_state

Returns high-level aggregated patch compliance state for a patch group.

Parameters

$body

Type: object

{
"PatchGroup" : "The name of the patch group whose patch snapshot should be retrieved."
}

describe_patch_groups

Lists all patch groups that have been registered with patch baselines.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "The key for the filter."
} ]
}

describe_patch_properties

Lists the properties of available patches organized by product, product family, classification, severity, and other properties of available patches. You can use the reported properties in the filters you specify in requests for actions such as CreatePatchBaseline, UpdatePatchBaseline, DescribeAvailablePatches, and DescribePatchBaselines.
The following section lists the properties that can be used in filters for each major operating system type: WINDOWS
Valid properties: PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, MSRC_SEVERITY AMAZON_LINUX
Valid properties: PRODUCT, CLASSIFICATION, SEVERITY AMAZON_LINUX_2
Valid properties: PRODUCT, CLASSIFICATION, SEVERITY UBUNTU
Valid properties: PRODUCT, PRIORITY REDHAT_ENTERPRISE_LINUX
Valid properties: PRODUCT, CLASSIFICATION, SEVERITY SUSE
Valid properties: PRODUCT, CLASSIFICATION, SEVERITY CENTOS
Valid properties: PRODUCT, CLASSIFICATION, SEVERITY

Parameters

$body

Type: object

{
"OperatingSystem" : "The operating system type for which to list patches.",
"NextToken" : "The token for the next set of items to return. (You received this token from a previous call.)",
"MaxResults" : "The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.",
"PatchSet" : "Indicates whether to list patches for the Windows operating system or for Microsoft applications. Not applicable for Linux operating systems.",
"Property" : "The patch property for which you want to view patch details. "
}

describe_sessions

Retrieves a list of all active sessions (both connected and disconnected) or terminated sessions from the past 30 days.

Parameters

$body

Type: object

{
"Filters" : [ {
"value" : "The filter value. Valid values for each filter key are as follows: \n InvokedAfter: Specify a timestamp to limit your results. For example, specify 2018-08-29T00:00:00Z to see sessions that started August 29, 2018, and later. \n InvokedBefore: Specify a timestamp to limit your results. For example, specify 2018-08-29T00:00:00Z to see sessions that started before August 29, 2018. \n Target: Specify an instance to which session connections have been made. \n Owner: Specify an AWS user account to see a list of sessions started by that user. \n Status: Specify a valid session status to see a list of all sessions with that status. Status values you can specify include: Connected Connecting Disconnected Terminated Terminating Failed ",
"key" : "The name of the filter."
} ],
"State" : "The session status to retrieve a list of sessions for. For example, \"Active\"."
}

get_automation_execution

Get detailed information about a particular Automation execution.

Parameters

$body

Type: object

{
"AutomationExecutionId" : "The unique identifier for an existing automation execution to examine. The execution ID is returned by StartAutomationExecution when the execution of an Automation document is initiated."
}

get_command_invocation

Returns detailed information about command execution for an invocation or plugin.

Parameters

$body

Type: object

{
"PluginName" : "(Optional) The name of the plugin for which you want detailed results. If the document contains only one plugin, the name can be omitted and the details will be returned.",
"InstanceId" : "(Required) The ID of the managed instance targeted by the command. A managed instance can be an Amazon EC2 instance or an instance in your hybrid environment that is configured for Systems Manager.",
"CommandId" : "(Required) The parent command ID of the invocation plugin."
}

get_connection_status

Retrieves the Session Manager connection status for an instance to determine whether it is connected and ready to receive Session Manager connections.

Parameters

$body

Type: object

{
"Target" : "The ID of the instance."
}

get_default_patch_baseline

Retrieves the default patch baseline. Note that Systems Manager supports creating multiple default patch baselines. For example, you can create a default patch baseline for each operating system.
If you do not specify an operating system value, the default patch baseline for Windows is returned.

Parameters

$body

Type: object

{
"OperatingSystem" : "Returns the default patch baseline for the specified operating system."
}

get_deployable_patch_snapshot_for_instance

Retrieves the current snapshot for the patch baseline the instance uses. This API is primarily used by the AWS-RunPatchBaseline Systems Manager document.

Parameters

$body

Type: object

{
"SnapshotId" : "The user-defined snapshot ID.",
"InstanceId" : "The ID of the instance for which the appropriate patch snapshot should be retrieved."
}

get_document

Gets the contents of the specified Systems Manager document.

Parameters

$body

Type: object

{
"DocumentFormat" : "Returns the document in the specified format. The document format can be either JSON or YAML. JSON is the default format.",
"VersionName" : "An optional field specifying the version of the artifact associated with the document. For example, \"Release 12, Update 6\". This value is unique across all versions of a document, and cannot be changed.",
"DocumentVersion" : "The document version for which you want information.",
"Name" : "The name of the Systems Manager document."
}

get_inventory

Query inventory information.

Parameters

$body

Type: object

{
"Filters" : [ {
"Type" : "The type of filter. Valid values include the following: \"Equal\"|\"NotEqual\"|\"BeginWith\"|\"LessThan\"|\"GreaterThan\"",
"Values" : [ "string" ],
"Key" : "The name of the filter key."
} ],
"Aggregators" : [ {
"Expression" : "The inventory type and attribute name for aggregation.",
"Groups" : [ {
"Filters" : [ {
"Type" : "The type of filter. Valid values include the following: \"Equal\"|\"NotEqual\"|\"BeginWith\"|\"LessThan\"|\"GreaterThan\"",
"Values" : [ "string" ],
"Key" : "The name of the filter key."
} ],
"Name" : "The name of the group."
} ],
"Aggregators" : "InventoryAggregatorList"
} ],
"ResultAttributes" : [ {
"TypeName" : "Name of the inventory item type. Valid value: AWS:InstanceInformation. Default Value: AWS:InstanceInformation."
} ]
}

get_inventory_schema

Return a list of inventory type names for the account, or return a list of attribute names for a specific Inventory item type.

Parameters

$body

Type: object

{
"TypeName" : "The type of inventory item to return.",
"SubType" : "Returns the sub-type schema for a specified inventory type.",
"Aggregator" : "Returns inventory schemas that support aggregation. For example, this call returns the AWS:InstanceInformation type, because it supports aggregation based on the PlatformName, PlatformType, and PlatformVersion attributes."
}

get_maintenance_window

Retrieves a maintenance window.

Parameters

$body

Type: object

{
"WindowId" : "The ID of the maintenance window for which you want to retrieve information."
}

get_maintenance_window_execution

Retrieves details about a specific a maintenance window execution.

Parameters

$body

Type: object

{
"WindowExecutionId" : "The ID of the maintenance window execution that includes the task."
}

get_maintenance_window_execution_task

Retrieves the details about a specific task run as part of a maintenance window execution.

Parameters

$body

Type: object

{
"TaskId" : "The ID of the specific task execution in the maintenance window task that should be retrieved.",
"WindowExecutionId" : "The ID of the maintenance window execution that includes the task."
}

get_maintenance_window_execution_task_invocation

Retrieves information about a specific task running on a specific target.

Parameters

$body

Type: object

{
"TaskId" : "The ID of the specific task in the maintenance window task that should be retrieved. ",
"InvocationId" : "The invocation ID to retrieve.",
"WindowExecutionId" : "The ID of the maintenance window execution for which the task is a part."
}

get_maintenance_window_task

Lists the tasks in a maintenance window.

Parameters

$body

Type: object

{
"WindowTaskId" : "The maintenance window task ID to retrieve.",
"WindowId" : "The maintenance window ID that includes the task to retrieve."
}

get_ops_item

Get information about an OpsItem by using the ID. You must have permission in AWS Identity and Access Management (IAM) to view information about an OpsItem. For more information, see Getting Started with OpsCenter in the AWS Systems Manager User Guide.
Operations engineers and IT professionals use OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their AWS resources. For more information, see AWS Systems Manager OpsCenter in the AWS Systems Manager User Guide.

Parameters

$body

Type: object

{
"OpsItemId" : "The ID of the OpsItem that you want to get."
}

get_ops_summary

View a summary of OpsItems based on specified filters and aggregators.

Parameters

$body

Type: object

{
"Filters" : [ {
"Type" : "The type of filter.",
"Values" : [ "string" ],
"Key" : "The name of the filter."
} ],
"NextToken" : "A token to start the list. Use this token to get the next set of results. ",
"MaxResults" : "The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.",
"Aggregators" : [ {
"TypeName" : "The data type name to use for viewing counts of OpsItems.",
"Filters" : [ {
"Type" : "The type of filter.",
"Values" : [ "string" ],
"Key" : "The name of the filter."
} ],
"Values" : "The aggregator value.",
"Aggregators" : "OpsAggregatorList",
"AttributeName" : "The name of an OpsItem attribute on which to limit the count of OpsItems.",
"AggregatorType" : "Either a Range or Count aggregator for limiting an OpsItem summary."
} ]
}

get_parameter

Get information about a parameter by using the parameter name. Don't confuse this API action with the GetParameters API action.

Parameters

$body

Type: object

{
"WithDecryption" : "Return decrypted values for secure string parameters. This flag is ignored for String and StringList parameter types.",
"Name" : "The name of the parameter you want to query."
}

get_parameter_history

Query a list of all parameters used by the AWS account.

Parameters

$body

Type: object

{
"WithDecryption" : "Return decrypted values for secure string parameters. This flag is ignored for String and StringList parameter types.",
"Name" : "The name of a parameter you want to query."
}

get_parameters

Get details of a parameter. Don't confuse this API action with the GetParameter API action.

Parameters

$body

Type: object

{
"Names" : [ "string" ],
"WithDecryption" : "Return decrypted secure string value. Return decrypted values for secure string parameters. This flag is ignored for String and StringList parameter types."
}

get_parameters_by_path

Retrieve parameters in a specific hierarchy. For more information, see Working with Systems Manager Parameters in the AWS Systems Manager User Guide.
Request results are returned on a best-effort basis. If you specify MaxResults in the request, the response includes information up to the limit specified. The number of items returned, however, can be between zero and the value of MaxResults. If the service reaches an internal limit while processing the results, it stops the operation and returns the matching values up to that point and a NextToken. You can specify the NextToken in a subsequent call to get the next set of results.
This API action doesn't support filtering by tags.

Parameters

$body

Type: object

{
"Path" : "The hierarchy for the parameter. Hierarchies start with a forward slash (/) and end with the parameter name. A parameter name hierarchy can have a maximum of 15 levels. Here is an example of a hierarchy: /Finance/Prod/IAD/WinServ2016/license33 ",
"ParameterFilters" : [ {
"Values" : [ "string" ],
"Option" : "Valid options are Equals and BeginsWith. For Path filter, valid options are Recursive and OneLevel.",
"Key" : "The name of the filter."
} ],
"Recursive" : "Retrieve all parameters within a hierarchy. \nIf a user has access to a path, then the user can access all levels of that path. For example, if a user has permission to access path /a, then the user can also access /a/b. Even if a user has explicitly been denied access in IAM for parameter /a/b, they can still call the GetParametersByPath API action recursively for /a and view /a/b.",
"WithDecryption" : "Retrieve all parameters in a hierarchy with their value decrypted."
}

get_patch_baseline

Retrieves information about a patch baseline.

Parameters

$body

Type: object

{
"BaselineId" : "The ID of the patch baseline to retrieve."
}

get_patch_baseline_for_patch_group

Retrieves the patch baseline that should be used for the specified patch group.

Parameters

$body

Type: object

{
"OperatingSystem" : "Returns he operating system rule specified for patch groups using the patch baseline.",
"PatchGroup" : "The name of the patch group whose patch baseline should be retrieved."
}

get_service_setting

ServiceSetting is an account-level setting for an AWS service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an AWS service charges money to the account based on feature or service usage, then the AWS service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.
Services map a SettingId object to a setting value. AWS services teams define the default value for a SettingId. You can't create a new SettingId, but you can overwrite the default value if you have the ssm:UpdateServiceSetting permission for the setting. Use the UpdateServiceSetting API action to change the default setting. Or use the ResetServiceSetting to change the value back to the original value defined by the AWS service team.
Query the current service setting for the account.

Parameters

$body

The request body of the GetServiceSetting API action.

Type: object

{
"SettingId" : "The ID of the service setting to get."
}

label_parameter_version

A parameter label is a user-defined alias to help you manage different versions of a parameter. When you modify a parameter, Systems Manager automatically saves a new version and increments the version number by one. A label can help you remember the purpose of a parameter when there are multiple versions.
Parameter labels have the following requirements and restrictions.
A version of a parameter can have a maximum of 10 labels.
You can't attach the same label to different versions of the same parameter. For example, if version 1 has the label Production, then you can't attach Production to version 2.
You can move a label from one version of a parameter to another.
You can't create a label when you create a new parameter. You must attach a label to a specific version of a parameter.
You can't delete a parameter label. If you no longer want to use a parameter label, then you must move it to a different version of a parameter.
A label can have a maximum of 100 characters.
Labels can contain letters (case sensitive), numbers, periods (.), hyphens (-), or underscores (_).
Labels can't begin with a number, "aws," or "ssm" (not case sensitive). If a label fails to meet these requirements, then the label is not associated with a parameter and the system displays it in the list of InvalidLabels.

Parameters

$body

Type: object

{
"ParameterVersion" : "The specific version of the parameter on which you want to attach one or more labels. If no version is specified, the system attaches the label to the latest version.",
"Labels" : [ "string" ],
"Name" : "The parameter name on which you want to attach one or more labels."
}

list_association_versions

Retrieves all versions of an association for a specific association ID.

Parameters

$body

Type: object

{
"AssociationId" : "The association ID for which you want to view all versions."
}

list_associations

Lists the associations for the specified Systems Manager document or instance.

Parameters

$body

Type: object

{
"AssociationFilterList" : [ {
"value" : "The filter value.",
"key" : "The name of the filter."
} ]
}

list_command_invocations

An invocation is copy of a command sent to a specific instance. A command can apply to one or more instances. A command invocation applies to one instance. For example, if a user runs SendCommand against three instances, then a command invocation is created for each requested instance ID. ListCommandInvocations provide status about command execution.

Parameters

$body

Type: object

{
"Filters" : [ {
"value" : "The filter value. Valid values for each filter key are as follows: \n InvokedAfter: Specify a timestamp to limit your results. For example, specify 2018-07-07T00:00:00Z to see a list of command executions occurring July 7, 2018, and later. \n InvokedBefore: Specify a timestamp to limit your results. For example, specify 2018-07-07T00:00:00Z to see a list of command executions from before July 7, 2018. \n Status: Specify a valid command status to see a list of all command executions with that status. Status values you can specify include: Pending InProgress Success Cancelled Failed TimedOut Cancelling \n DocumentName: Specify name of the SSM document for which you want to see command execution results. For example, specify AWS-RunPatchBaseline to see command executions that used this SSM document to perform security patching operations on instances. \n ExecutionStage: Specify one of the following values: Executing: Returns a list of command executions that are currently still running. Complete: Returns a list of command executions that have already completed. ",
"key" : "The name of the filter."
} ],
"Details" : "(Optional) If set this returns the response of the command executions and any command output. By default this is set to False. ",
"InstanceId" : "(Optional) The command execution details for a specific instance ID.",
"CommandId" : "(Optional) The invocations for a specific command ID."
}

list_commands

Lists the commands requested by users of the AWS account.

Parameters

$body

Type: object

{
"Filters" : [ {
"value" : "The filter value. Valid values for each filter key are as follows: \n InvokedAfter: Specify a timestamp to limit your results. For example, specify 2018-07-07T00:00:00Z to see a list of command executions occurring July 7, 2018, and later. \n InvokedBefore: Specify a timestamp to limit your results. For example, specify 2018-07-07T00:00:00Z to see a list of command executions from before July 7, 2018. \n Status: Specify a valid command status to see a list of all command executions with that status. Status values you can specify include: Pending InProgress Success Cancelled Failed TimedOut Cancelling \n DocumentName: Specify name of the SSM document for which you want to see command execution results. For example, specify AWS-RunPatchBaseline to see command executions that used this SSM document to perform security patching operations on instances. \n ExecutionStage: Specify one of the following values: Executing: Returns a list of command executions that are currently still running. Complete: Returns a list of command executions that have already completed. ",
"key" : "The name of the filter."
} ],
"InstanceId" : "(Optional) Lists commands issued against this instance ID.",
"CommandId" : "(Optional) If provided, lists only the specified command."
}

list_compliance_items

For a specified resource ID, this API action returns a list of compliance statuses for different resource types. Currently, you can only specify one resource ID per call. List results depend on the criteria specified in the filter.

Parameters

$body

Type: object

{
"ResourceTypes" : [ "string" ],
"Filters" : [ {
"Type" : "The type of comparison that should be performed for the value: Equal, NotEqual, BeginWith, LessThan, or GreaterThan.",
"Values" : [ "string" ],
"Key" : "The name of the filter."
} ],
"ResourceIds" : [ "string" ]
}

list_compliance_summaries

Returns a summary count of compliant and non-compliant resources for a compliance type. For example, this call can return State Manager associations, patches, or custom compliance types according to the filter criteria that you specify.

Parameters

$body

Type: object

{
"Filters" : [ {
"Type" : "The type of comparison that should be performed for the value: Equal, NotEqual, BeginWith, LessThan, or GreaterThan.",
"Values" : [ "string" ],
"Key" : "The name of the filter."
} ]
}

list_document_versions

List all versions for a document.

Parameters

$body

Type: object

{
"Name" : "The name of the document about which you want version information."
}

list_documents

Describes one or more of your Systems Manager documents.

Parameters

$body

Type: object

{
"Filters" : [ {
"Values" : [ "string" ],
"Key" : "The name of the filter key."
} ],
"DocumentFilterList" : [ {
"value" : "The value of the filter.",
"key" : "The name of the filter."
} ]
}

list_inventory_entries

A list of inventory items returned by the request.

Parameters

$body

Type: object

{
"TypeName" : "The type of inventory item for which you want information.",
"Filters" : [ {
"Type" : "The type of filter. Valid values include the following: \"Equal\"|\"NotEqual\"|\"BeginWith\"|\"LessThan\"|\"GreaterThan\"",
"Values" : [ "string" ],
"Key" : "The name of the filter key."
} ],
"NextToken" : "The token for the next set of items to return. (You received this token from a previous call.)",
"InstanceId" : "The instance ID for which you want inventory information.",
"MaxResults" : "The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results."
}

list_resource_compliance_summaries

Returns a resource-level summary count. The summary includes information about compliant and non-compliant statuses and detailed compliance-item severity counts, according to the filter criteria you specify.

Parameters

$body

Type: object

{
"Filters" : [ {
"Type" : "The type of comparison that should be performed for the value: Equal, NotEqual, BeginWith, LessThan, or GreaterThan.",
"Values" : [ "string" ],
"Key" : "The name of the filter."
} ]
}

list_resource_data_sync

Lists your resource data sync configurations. Includes information about the last time a sync attempted to start, the last sync status, and the last time a sync successfully completed.
The number of sync configurations might be too large to return using a single call to ListResourceDataSync. You can limit the number of sync configurations returned by using the MaxResults parameter. To determine whether there are more sync configurations to list, check the value of NextToken in the output. If there are more sync configurations to list, you can request them by specifying the NextToken returned in the call to the parameter of a subsequent call.

This operation has no parameters

list_tags_for_resource

Returns a list of the tags assigned to the specified resource.

Parameters

$body

Type: object

{
"ResourceId" : "The resource ID for which you want to see a list of tags.",
"ResourceType" : "Returns a list of tags for a specific resource type."
}

modify_document_permission

Shares a Systems Manager document publicly or privately. If you share a document privately, you must specify the AWS user account IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.

Parameters

$body

Type: object

{
"AccountIdsToRemove" : [ "string" ],
"AccountIdsToAdd" : [ "string" ],
"PermissionType" : "The permission type for the document. The permission type can be Share.",
"Name" : "The name of the document that you want to share."
}

put_compliance_items

Registers a compliance type and other compliance details on a designated resource. This action lets you register custom compliance details with a resource. This call overwrites existing compliance information on the resource, so you must provide a full list of compliance items each time that you send the request.
ComplianceType can be one of the following:
ExecutionId: The execution ID when the patch, association, or custom compliance item was applied.
ExecutionType: Specify patch, association, or Custom:string.
ExecutionTime. The time the patch, association, or custom compliance item was applied to the instance.
Id: The patch, association, or custom compliance ID.
Title: A title.
Status: The status of the compliance item. For example, approved for patches, or Failed for associations.
Severity: A patch severity. For example, critical.
DocumentName: A SSM document name. For example, AWS-RunPatchBaseline.
DocumentVersion: An SSM document version number. For example, 4.
Classification: A patch classification. For example, security updates.
PatchBaselineId: A patch baseline ID.
PatchSeverity: A patch severity. For example, Critical.
PatchState: A patch state. For example, InstancesWithFailedPatches.
PatchGroup: The name of a patch group.
InstalledTime: The time the association, patch, or custom compliance item was applied to the resource. Specify the time by using the following format: yyyy-MM-dd'T'HH:mm:ss'Z'

Parameters

$body

Type: object

{
"ItemContentHash" : "MD5 or SHA-256 content hash. The content hash is used to determine if existing information should be overwritten or ignored. If the content hashes match, the request to put compliance information is ignored.",
"ResourceId" : "Specify an ID for this resource. For a managed instance, this is the instance ID.",
"ComplianceType" : "Specify the compliance type. For example, specify Association (for a State Manager association), Patch, or Custom:string.",
"ResourceType" : "Specify the type of resource. ManagedInstance is currently the only supported resource type.",
"ExecutionSummary" : {
"ExecutionTime" : "The time the execution ran as a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'.",
"ExecutionType" : "The type of execution. For example, Command is a valid execution type.",
"ExecutionId" : "An ID created by the system when PutComplianceItems was called. For example, CommandID is a valid execution ID. You can use this ID in subsequent calls."
},
"Items" : [ {
"Status" : "The status of the compliance item. An item is either COMPLIANT or NON_COMPLIANT.",
"Details" : "A \"Key\": \"Value\" tag combination for the compliance item.",
"Title" : "The title of the compliance item. For example, if the compliance item is a Windows patch, the title could be the title of the KB article for the patch; for example: Security Update for Active Directory Federation Services. ",
"Severity" : "The severity of the compliance status. Severity can be one of the following: Critical, High, Medium, Low, Informational, Unspecified.",
"Id" : "The compliance item ID. For example, if the compliance item is a Windows patch, the ID could be the number of the KB article."
} ]
}

put_inventory

Bulk update custom inventory items on one more instance. The request adds an inventory item, if it doesn't already exist, or updates an inventory item, if it does exist.

Parameters

$body

Type: object

{
"InstanceId" : "One or more instance IDs where you want to add or update inventory items.",
"Items" : [ {
"Context" : "A map of associated properties for a specified inventory type. For example, with this attribute, you can specify the ExecutionId, ExecutionType, ComplianceType properties of the AWS:ComplianceItem type.",
"TypeName" : "The name of the inventory type. Default inventory item type names start with AWS. Custom inventory type names will start with Custom. Default inventory item types include the following: AWS:AWSComponent, AWS:Application, AWS:InstanceInformation, AWS:Network, and AWS:WindowsUpdate.",
"CaptureTime" : "The time the inventory information was collected.",
"SchemaVersion" : "The schema version for the inventory item.",
"ContentHash" : "MD5 hash of the inventory item type contents. The content hash is used to determine whether to update inventory information. The PutInventory API does not update the inventory item type contents if the MD5 hash has not changed since last update. ",
"Content" : [ {
"<string>" : "string"
} ]
} ]
}

put_parameter

Add a parameter to the system.

Parameters

$body

Type: object

{
"Type" : "The type of parameter that you want to add to the system. \nItems in a StringList must be separated by a comma (,). You can't use other punctuation or special character to escape items in the list. If you have a parameter value that requires a comma, then use the String data type. \n SecureString is not currently supported for AWS CloudFormation templates or in the China Regions.",
"Overwrite" : "Overwrite an existing parameter. If not specified, will default to \"false\".",
"Description" : "Information about the parameter that you want to add to the system. Optional but recommended. \nDo not enter personally identifiable information in this field.",
"Policies" : "One or more policies to apply to a parameter. This action takes a JSON array. Parameter Store supports the following policy types: \nExpiration: This policy deletes the parameter after it expires. When you create the policy, you specify the expiration date. You can update the expiration date and time by updating the policy. Updating the parameter does not affect the expiration date and time. When the expiration time is reached, Parameter Store deletes the parameter. \nExpirationNotification: This policy triggers an event in Amazon CloudWatch Events that notifies you about the expiration. By using this policy, you can receive notification before or after the expiration time is reached, in units of days or hours. \nNoChangeNotification: This policy triggers a CloudWatch event if a parameter has not been modified for a specified period of time. This policy type is useful when, for example, a secret needs to be changed within a period of time, but it has not been changed. \nAll existing policies are preserved until you send new policies or an empty policy. For more information about parameter policies, see Working with Parameter Policies. ",
"AllowedPattern" : "A regular expression used to validate the parameter value. For example, for String types with values restricted to numbers, you can specify the following: AllowedPattern=^\\d+$ ",
"Tier" : "The parameter tier to assign to a parameter. \nParameter Store offers a standard tier and an advanced tier for parameters. Standard parameters have a content size limit of 4 KB and can't be configured to use parameter policies. You can create a maximum of 10,000 standard parameters for each Region in an AWS account. Standard parameters are offered at no additional cost. \nAdvanced parameters have a content size limit of 8 KB and can be configured to use parameter policies. You can create a maximum of 100,000 advanced parameters for each Region in an AWS account. Advanced parameters incur a charge. For more information, see About Advanced Parameters in the AWS Systems Manager User Guide. \nYou can change a standard parameter to an advanced parameter any time. But you can't revert an advanced parameter to a standard parameter. Reverting an advanced parameter to a standard parameter would result in data loss because the system would truncate the size of the parameter from 8 KB to 4 KB. Reverting would also remove any policies attached to the parameter. Lastly, advanced parameters use a different form of encryption than standard parameters. \nIf you no longer need an advanced parameter, or if you no longer want to incur charges for an advanced parameter, you must delete it and recreate it as a new standard parameter. \n Using the Default Tier Configuration \nIn PutParameter requests, you can specify the tier to create the parameter in. Whenever you specify a tier in the request, Parameter Store creates or updates the parameter according to that request. However, if you do not specify a tier in a request, Parameter Store assigns the tier based on the current Parameter Store default tier configuration. \nThe default tier when you begin using Parameter Store is the standard-parameter tier. If you use the advanced-parameter tier, you can specify one of the following as the default: \n Advanced: With this option, Parameter Store evaluates all requests as advanced parameters. \n Intelligent-Tiering: With this option, Parameter Store evaluates each request to determine if the parameter is standard or advanced. If the request doesn't include any options that require an advanced parameter, the parameter is created in the standard-parameter tier. If one or more options requiring an advanced parameter are included in the request, Parameter Store create a parameter in the advanced-parameter tier. This approach helps control your parameter-related costs by always creating standard parameters unless an advanced parameter is necessary. \nOptions that require an advanced parameter include the following: \n The content size of the parameter is more than 4 KB. \n The parameter uses a parameter policy. \n More than 10,000 parameters already exist in your AWS account in the current Region. \nFor more information about configuring the default tier option, see Specifying a Default Parameter Tier in the AWS Systems Manager User Guide.",
"Value" : "The parameter value that you want to add to the system. Standard parameters have a value limit of 4 KB. Advanced parameters have a value limit of 8 KB.",
"KeyId" : "The KMS Key ID that you want to use to encrypt a parameter. Either the default AWS Key Management Service (AWS KMS) key automatically assigned to your AWS account or a custom key. Required for parameters that use the SecureString data type. \nIf you don't specify a key ID, the system uses the default key associated with your AWS account. \n To use your default AWS KMS key, choose the SecureString data type, and do not specify the Key ID when you create the parameter. The system automatically populates Key ID with your default KMS key. \n To use a custom KMS key, choose the SecureString data type with the Key ID parameter. ",
"Tags" : [ {
"Value" : "The value of the tag.",
"Key" : "The name of the tag."
} ],
"Name" : "The fully qualified name of the parameter that you want to add to the system. The fully qualified name includes the complete hierarchy of the parameter path and name. For example: /Dev/DBServer/MySQL/db-string13 \nNaming Constraints: \n Parameter names are case sensitive. \n A parameter name must be unique within an AWS Region \n A parameter name can't be prefixed with \"aws\" or \"ssm\" (case-insensitive). \n Parameter names can include only the following symbols and letters: a-zA-Z0-9_.-/ \n A parameter name can't include spaces. \n Parameter hierarchies are limited to a maximum depth of fifteen levels. \nFor additional information about valid values for parameter names, see Requirements and Constraints for Parameter Names in the AWS Systems Manager User Guide. \nThe maximum length constraint listed below includes capacity for additional system attributes that are not part of the name. The maximum length for the fully qualified parameter name is 1011 characters. "
}

register_default_patch_baseline

Defines the default patch baseline for the relevant operating system.
To reset the AWS predefined patch baseline as the default, specify the full patch baseline ARN as the baseline ID value. For example, for CentOS, specify arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed instead of pb-0574b43a65ea646ed.

Parameters

$body

Type: object

{
"BaselineId" : "The ID of the patch baseline that should be the default patch baseline."
}

register_patch_baseline_for_patch_group

Registers a patch baseline for a patch group.

Parameters

$body

Type: object

{
"BaselineId" : "The ID of the patch baseline to register the patch group with.",
"PatchGroup" : "The name of the patch group that should be registered with the patch baseline."
}

register_target_with_maintenance_window

Registers a target with a maintenance window.

Parameters

$body

Type: object

{
"OwnerInformation" : "User-provided value that will be included in any CloudWatch events raised while running tasks for these targets in this maintenance window.",
"Description" : "An optional description for the target.",
"WindowId" : "The ID of the maintenance window the target should be registered with.",
"ResourceType" : "The type of target being registered with the maintenance window.",
"Targets" : [ {
"Values" : [ "string" ],
"Key" : "User-defined criteria for sending commands that target instances that meet the criteria."
} ],
"ClientToken" : "User-provided idempotency token.",
"Name" : "An optional name for the target."
}

register_task_with_maintenance_window

Adds a new task to a maintenance window.

Parameters

$body

Type: object

{
"MaxErrors" : "The maximum number of errors allowed before this task stops being scheduled.",
"Description" : "An optional description for the task.",
"ServiceRoleArn" : "The ARN of the IAM service role for Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses your account's service-linked role. If no service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow. \nFor more information, see the following topics in the in the AWS Systems Manager User Guide: \n Service-Linked Role Permissions for Systems Manager \n Should I Use a Service-Linked Role or a Custom Service Role to Run Maintenance Window Tasks? ",
"Priority" : "The priority of the task in the maintenance window, the lower the number the higher the priority. Tasks in a maintenance window are scheduled in priority order with tasks that have the same priority scheduled in parallel.",
"MaxConcurrency" : "The maximum number of targets this task can be run for in parallel.",
"Targets" : [ {
"Values" : [ "string" ],
"Key" : "User-defined criteria for sending commands that target instances that meet the criteria."
} ],
"TaskArn" : "The ARN of the task to run.",
"Name" : "An optional name for the task.",
"TaskInvocationParameters" : {
"Automation" : {
"Parameters" : "The parameters for the AUTOMATION task. \nFor information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask. \n LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. \n TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. \nFor AUTOMATION task types, Systems Manager ignores any values specified for these parameters.",
"DocumentVersion" : "The version of an Automation document to use during task execution."
},
"StepFunctions" : {
"Input" : "The inputs for the STEP_FUNCTIONS task.",
"Name" : "The name of the STEP_FUNCTIONS task."
},
"RunCommand" : {
"TimeoutSeconds" : "If this time is reached and the command has not already started running, it doesn't run.",
"Comment" : "Information about the commands to run.",
"OutputS3KeyPrefix" : "The Amazon S3 bucket subfolder.",
"Parameters" : "The parameters for the RUN_COMMAND task execution.",
"DocumentHashType" : "SHA-256 or SHA-1. SHA-1 hashes have been deprecated.",
"ServiceRoleArn" : "The ARN of the IAM service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.",
"NotificationConfig" : {
"NotificationArn" : "An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.",
"NotificationType" : "Command: Receive notification when the status of a command changes. Invocation: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes. ",
"NotificationEvents" : [ "string. Possible values: All | InProgress | Success | TimedOut | Cancelled | Failed" ]
},
"OutputS3BucketName" : "The name of the Amazon S3 bucket.",
"DocumentHash" : "The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated."
},
"Lambda" : {
"ClientContext" : "Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.",
"Qualifier" : "(Optional) Specify a Lambda function version or alias name. If you specify a function version, the action uses the qualified function ARN to invoke a specific Lambda function. If you specify an alias name, the action uses the alias ARN to invoke the Lambda function version to which the alias points.",
"Payload" : "JSON to provide to your Lambda function as input."
}
},
"WindowId" : "The ID of the maintenance window the task should be added to.",
"TaskParameters" : "The parameters that should be passed to the task when it is run. \n TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.",
"TaskType" : "The type of task being registered.",
"ClientToken" : "User-provided idempotency token.",
"LoggingInfo" : {
"S3KeyPrefix" : "(Optional) The Amazon S3 bucket subfolder. ",
"S3Region" : "The region where the Amazon S3 bucket is located.",
"S3BucketName" : "The name of an Amazon S3 bucket where execution logs are stored ."
}
}

remove_tags_from_resource

Removes tag keys from the specified resource.

Parameters

$body

Type: object

{
"ResourceId" : "The ID of the resource from which you want to remove tags. For example: \nManagedInstance: mi-012345abcde \nMaintenanceWindow: mw-012345abcde \nPatchBaseline: pb-012345abcde \nFor the Document and Parameter values, use the name of the resource. \nThe ManagedInstance type for this API action is only for on-premises managed instances. Specify the name of the managed instance in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f.",
"ResourceType" : "The type of resource from which you want to remove a tag. \nThe ManagedInstance type for this API action is only for on-premises managed instances. Specify the name of the managed instance in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f.",
"TagKeys" : [ "string" ]
}

reset_service_setting

ServiceSetting is an account-level setting for an AWS service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an AWS service charges money to the account based on feature or service usage, then the AWS service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.
Services map a SettingId object to a setting value. AWS services teams define the default value for a SettingId. You can't create a new SettingId, but you can overwrite the default value if you have the ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting API action to view the current value. Use the UpdateServiceSetting API action to change the default setting.
Reset the service setting for the account to the default value as provisioned by the AWS service team.

Parameters

$body

The request body of the ResetServiceSetting API action.

Type: object

{
"SettingId" : "The ID of the service setting to reset."
}

resume_session

Reconnects a session to an instance after it has been disconnected. Connections can be resumed for disconnected sessions, but not terminated sessions.
This command is primarily for use by client machines to automatically reconnect during intermittent network issues. It is not intended for any other use.

Parameters

$body

Type: object

{
"SessionId" : "The ID of the disconnected session to resume."
}

send_automation_signal

Sends a signal to an Automation execution to change the current behavior or status of the execution.

Parameters

$body

Type: object

{
"SignalType" : "The type of signal to send to an Automation execution. ",
"Payload" : "The data sent with the signal. The data schema depends on the type of signal used in the request. \nFor Approve and Reject signal types, the payload is an optional comment that you can send with the signal type. For example: \n Comment=\"Looks good\" \nFor StartStep and Resume signal types, you must send the name of the Automation step to start or resume as the payload. For example: \n StepName=\"step1\" \nFor the StopStep signal type, you must send the step execution ID as the payload. For example: \n StepExecutionId=\"97fff367-fc5a-4299-aed8-0123456789ab\" ",
"AutomationExecutionId" : "The unique identifier for an existing Automation execution that you want to send the signal to."
}

send_command

Runs commands on one or more managed instances.

Parameters

$body

Type: object

{
"Comment" : "User-specified information about the command, such as a brief description of what the command should do.",
"MaxErrors" : "The maximum number of errors allowed without the command failing. When the command fails one more time beyond the value of MaxErrors, the systems stops sending the command to additional targets. You can specify a number like 10 or a percentage like 10%. The default value is 0. For more information about how to use MaxErrors, see Using Error Controls in the AWS Systems Manager User Guide.",
"Parameters" : "The required and optional parameters specified in the document being run.",
"DocumentHashType" : "Sha256 or Sha1. \nSha1 hashes have been deprecated.",
"ServiceRoleArn" : "The ARN of the IAM service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for Run Command commands.",
"MaxConcurrency" : "(Optional) The maximum number of instances that are allowed to run the command at the same time. You can specify a number such as 10 or a percentage such as 10%. The default value is 50. For more information about how to use MaxConcurrency, see Using Concurrency Controls in the AWS Systems Manager User Guide.",
"Targets" : [ {
"Values" : [ "string" ],
"Key" : "User-defined criteria for sending commands that target instances that meet the criteria."
} ],
"OutputS3Region" : "(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Amazon S3 bucket region.",
"TimeoutSeconds" : "If this time is reached and the command has not already started running, it will not run.",
"OutputS3KeyPrefix" : "The directory structure within the S3 bucket where the responses should be stored.",
"CloudWatchOutputConfig" : {
"CloudWatchOutputEnabled" : "Enables Systems Manager to send command output to CloudWatch Logs.",
"CloudWatchLogGroupName" : "The name of the CloudWatch log group where you want to send command output. If you don't specify a group name, Systems Manager automatically creates a log group for you. The log group uses the following naming format: aws/ssm/SystemsManagerDocumentName."
},
"NotificationConfig" : {
"NotificationArn" : "An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.",
"NotificationType" : "Command: Receive notification when the status of a command changes. Invocation: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes. ",
"NotificationEvents" : [ "string. Possible values: All | InProgress | Success | TimedOut | Cancelled | Failed" ]
},
"DocumentVersion" : "The SSM document version to use in the request. You can specify $DEFAULT, $LATEST, or a specific version number. If you run commands by using the AWS CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example: \n--document-version \"\\$DEFAULT\" \n--document-version \"\\$LATEST\" \n--document-version \"3\"",
"InstanceIds" : [ "string" ],
"OutputS3BucketName" : "The name of the S3 bucket where command execution responses should be stored.",
"DocumentName" : "Required. The name of the Systems Manager document to run. This can be a public document or a custom document.",
"DocumentHash" : "The Sha256 or Sha1 hash created by the system when the document was created. \nSha1 hashes have been deprecated."
}

start_associations_once

Use this API action to run an association immediately and only one time. This action can be helpful when troubleshooting associations.

Parameters

$body

Type: object

{
"AssociationIds" : [ "string" ]
}

start_automation_execution

Initiates execution of an Automation document.

Parameters

$body

Type: object

{
"TargetParameterName" : "The name of the parameter used as the target resource for the rate-controlled execution. Required if you specify targets.",
"MaxErrors" : "The number of errors that are allowed before the system stops running the automation on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops running the automation when the fourth error is received. If you specify 0, then the system stops running the automation on additional targets after the first error result is returned. If you run an automation on 50 resources and set max-errors to 10%, then the system stops running the automation on additional targets when the sixth error is received. \nExecutions that are already running an automation when max-errors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one at a time.",
"Parameters" : "A key-value map of execution parameters, which match the declared parameters in the Automation document.",
"Mode" : "The execution mode of the automation. Valid modes include the following: Auto and Interactive. The default mode is Auto.",
"TargetMaps" : [ {
"<string>" : [ "string" ]
} ],
"MaxConcurrency" : "The maximum number of targets allowed to run this task in parallel. You can specify a number, such as 10, or a percentage, such as 10%. The default value is 10.",
"Targets" : [ {
"Values" : [ "string" ],
"Key" : "User-defined criteria for sending commands that target instances that meet the criteria."
} ],
"DocumentVersion" : "The version of the Automation document to use for this execution.",
"ClientToken" : "User-provided idempotency token. The token must be unique, is case insensitive, enforces the UUID format, and can't be reused.",
"DocumentName" : "The name of the Automation document to use for this execution.",
"TargetLocations" : [ {
"TargetLocationMaxErrors" : "The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation. ",
"ExecutionRoleName" : "The Automation execution role used by the currently running Automation.",
"Regions" : [ "string" ],
"TargetLocationMaxConcurrency" : "The maximum number of AWS accounts and AWS regions allowed to run the Automation concurrently ",
"Accounts" : [ "string" ]
} ]
}

start_session

Initiates a connection to a target (for example, an instance) for a Session Manager session. Returns a URL and token that can be used to open a WebSocket connection for sending input and receiving outputs.
AWS CLI usage: start-session is an interactive command that requires the Session Manager plugin to be installed on the client machine making the call. For information, see Install the Session Manager Plugin for the AWS CLI in the AWS Systems Manager User Guide.
AWS Tools for PowerShell usage: Start-SSMSession is not currently supported by AWS Tools for PowerShell on Windows local machines.

Parameters

$body

Type: object

{
"Target" : "The instance to connect to for the session.",
"Parameters" : "Reserved for future use.",
"DocumentName" : "The name of the SSM document to define the parameters and plugin settings for the session. For example, SSM-SessionManagerRunShell. If no document name is provided, a shell to the instance is launched by default."
}

stop_automation_execution

Stop an Automation that is currently running.

Parameters

$body

Type: object

{
"Type" : "The stop request type. Valid types include the following: Cancel and Complete. The default type is Cancel.",
"AutomationExecutionId" : "The execution ID of the Automation to stop."
}

terminate_session

Permanently ends a session and closes the data connection between the Session Manager client and SSM Agent on the instance. A terminated session cannot be resumed.

Parameters

$body

Type: object

{
"SessionId" : "The ID of the session to terminate."
}

update_association

Updates an association. You can update the association name and version, the document version, schedule, parameters, and Amazon S3 output.
In order to call this API action, your IAM user account, group, or role must be configured with permission to call the DescribeAssociation API action. If you don't have permission to call DescribeAssociation, then you receive the following error: An error occurred (AccessDeniedException) when calling the UpdateAssociation operation: User: <user_arn> is not authorized to perform: ssm:DescribeAssociation on resource: <resource_arn>
When you update an association, the association immediately runs against the specified targets.

Parameters

$body

Type: object

{
"AssociationName" : "The name of the association that you want to update.",
"ScheduleExpression" : "The cron expression used to schedule the association that you want to update.",
"MaxErrors" : "The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received. \nExecutions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.",
"Parameters" : "The parameters you want to update for the association. If you create a parameter using Parameter Store, you can reference the parameter using ",
"AssociationVersion" : "This parameter is provided for concurrency control purposes. You must specify the latest association version in the service. If you want to ensure that this request succeeds, either specify $LATEST, or omit this parameter.",
"MaxConcurrency" : "The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time. \nIf a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency.",
"ComplianceSeverity" : "The severity level to assign to the association.",
"Targets" : [ {
"Values" : [ "string" ],
"Key" : "User-defined criteria for sending commands that target instances that meet the criteria."
} ],
"OutputLocation" : {
"S3Location" : {
"OutputS3KeyPrefix" : "The Amazon S3 bucket subfolder.",
"OutputS3Region" : "(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the Amazon S3 bucket region.",
"OutputS3BucketName" : "The name of the Amazon S3 bucket."
}
},
"Name" : "The name of the SSM document that contains the configuration information for the instance. You can specify Command or Automation documents. \nYou can specify AWS-predefined documents, documents you created, or a document that is shared with you from another account. \nFor SSM documents that are shared with you from other AWS accounts, you must specify the complete SSM document ARN, in the following format: \n arn:aws:ssm:region:account-id:document/document-name \nFor example: \n arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document \nFor AWS-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS-ApplyPatchBaseline or My-Document.",
"DocumentVersion" : "The document version you want update for the association. ",
"AssociationId" : "The ID of the association you want to update. ",
"AutomationTargetParameterName" : "Specify the target for the association. This target is required for associations that use an Automation document and target resources by using rate controls."
}

update_association_status

Updates the status of the Systems Manager document associated with the specified instance.

Parameters

$body

Type: object

{
"InstanceId" : "The ID of the instance.",
"AssociationStatus" : {
"AdditionalInfo" : "A user-defined string.",
"Message" : "The reason for the status.",
"Date" : "The date when the status changed.",
"Name" : "The status."
},
"Name" : "The name of the Systems Manager document."
}

update_document

Updates one or more values for an SSM document.

Parameters

$body

Type: object

{
"DocumentFormat" : "Specify the document format for the new document version. Systems Manager supports JSON and YAML documents. JSON is the default format.",
"Content" : "A valid JSON or YAML string.",
"TargetType" : "Specify a new target type for the document.",
"VersionName" : "An optional field specifying the version of the artifact you are updating with the document. For example, \"Release 12, Update 6\". This value is unique across all versions of a document, and cannot be changed.",
"DocumentVersion" : "(Required) The version of the document that you want to update. ",
"Attachments" : [ {
"Values" : [ "string" ],
"Key" : "The key of a key and value pair that identifies the location of an attachment to a document."
} ],
"Name" : "The name of the document that you want to update."
}

update_document_default_version

Set the default version of a document.

Parameters

$body

Type: object

{
"DocumentVersion" : "The version of a custom document that you want to set as the default version.",
"Name" : "The name of a custom document that you want to set as the default version."
}

update_maintenance_window

Updates an existing maintenance window. Only specified parameters are modified.
The value you specify for Duration determines the specific end time for the maintenance window based on the time it begins. No maintenance window tasks are permitted to start after the resulting endtime minus the number of hours you specify for Cutoff. For example, if the maintenance window starts at 3 PM, the duration is three hours, and the value you specify for Cutoff is one hour, no maintenance window tasks can start after 5 PM.

Parameters

$body

Type: object

{
"StartDate" : "The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: \"America/Los_Angeles\", \"etc/UTC\", or \"Asia/Seoul\". For more information, see the Time Zone Database on the IANA website.",
"Replace" : "If True, then all fields that are required by the CreateMaintenanceWindow action are also required for this API request. Optional fields that are not specified are set to null. ",
"Description" : "An optional description for the update request.",
"WindowId" : "The ID of the maintenance window to update.",
"AllowUnassociatedTargets" : "Whether targets must be registered with the maintenance window before tasks can be defined for those targets.",
"Cutoff" : "The number of hours before the end of the maintenance window that Systems Manager stops scheduling new tasks for execution.",
"Schedule" : "The schedule of the maintenance window in the form of a cron or rate expression.",
"Enabled" : "Whether the maintenance window is enabled.",
"Duration" : "The duration of the maintenance window in hours.",
"EndDate" : "The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become inactive. EndDate allows you to set a date and time in the future when the maintenance window will no longer run.",
"Name" : "The name of the maintenance window.",
"ScheduleTimezone" : "The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: \"America/Los_Angeles\", \"etc/UTC\", or \"Asia/Seoul\". For more information, see the Time Zone Database on the IANA website."
}

update_maintenance_window_target

Modifies the target of an existing maintenance window. You can change the following:
Name
Description
Owner
IDs for an ID target
Tags for a Tag target
From any supported tag type to another. The three supported tag types are ID target, Tag target, and resource group. For more information, see Target.
If a parameter is null, then the corresponding field is not modified.

Parameters

$body

Type: object

{
"Replace" : "If True, then all fields that are required by the RegisterTargetWithMaintenanceWindow action are also required for this API request. Optional fields that are not specified are set to null.",
"OwnerInformation" : "User-provided value that will be included in any CloudWatch events raised while running tasks for these targets in this maintenance window.",
"Description" : "An optional description for the update.",
"WindowId" : "The maintenance window ID with which to modify the target.",
"Targets" : [ {
"Values" : [ "string" ],
"Key" : "User-defined criteria for sending commands that target instances that meet the criteria."
} ],
"WindowTargetId" : "The target ID to modify.",
"Name" : "A name for the update."
}

update_maintenance_window_task

Modifies a task assigned to a maintenance window. You can't change the task type, but you can change the following values:
TaskARN. For example, you can change a RUN_COMMAND task from AWS-RunPowerShellScript to AWS-RunShellScript.
ServiceRoleArn
TaskInvocationParameters
Priority
MaxConcurrency
MaxErrors
If a parameter is null, then the corresponding field is not modified. Also, if you set Replace to true, then all fields required by the RegisterTaskWithMaintenanceWindow action are required for this request. Optional fields that aren't specified are set to null.

Parameters

$body

Type: object

{
"Replace" : "If True, then all fields that are required by the RegisterTaskWithMaintenanceWndow action are also required for this API request. Optional fields that are not specified are set to null.",
"MaxErrors" : "The new MaxErrors value to specify. MaxErrors is the maximum number of errors that are allowed before the task stops being scheduled.",
"Description" : "The new task description to specify.",
"ServiceRoleArn" : "The ARN of the IAM service role for Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses your account's service-linked role. If no service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow. \nFor more information, see the following topics in the in the AWS Systems Manager User Guide: \n Service-Linked Role Permissions for Systems Manager \n Should I Use a Service-Linked Role or a Custom Service Role to Run Maintenance Window Tasks? ",
"Priority" : "The new task priority to specify. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.",
"MaxConcurrency" : "The new MaxConcurrency value you want to specify. MaxConcurrency is the number of targets that are allowed to run this task in parallel.",
"Targets" : [ {
"Values" : [ "string" ],
"Key" : "User-defined criteria for sending commands that target instances that meet the criteria."
} ],
"TaskArn" : "The task ARN to modify.",
"Name" : "The new task name to specify.",
"TaskInvocationParameters" : {
"Automation" : {
"Parameters" : "The parameters for the AUTOMATION task. \nFor information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask. \n LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. \n TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. \nFor AUTOMATION task types, Systems Manager ignores any values specified for these parameters.",
"DocumentVersion" : "The version of an Automation document to use during task execution."
},
"StepFunctions" : {
"Input" : "The inputs for the STEP_FUNCTIONS task.",
"Name" : "The name of the STEP_FUNCTIONS task."
},
"RunCommand" : {
"TimeoutSeconds" : "If this time is reached and the command has not already started running, it doesn't run.",
"Comment" : "Information about the commands to run.",
"OutputS3KeyPrefix" : "The Amazon S3 bucket subfolder.",
"Parameters" : "The parameters for the RUN_COMMAND task execution.",
"DocumentHashType" : "SHA-256 or SHA-1. SHA-1 hashes have been deprecated.",
"ServiceRoleArn" : "The ARN of the IAM service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.",
"NotificationConfig" : {
"NotificationArn" : "An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.",
"NotificationType" : "Command: Receive notification when the status of a command changes. Invocation: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes. ",
"NotificationEvents" : [ "string. Possible values: All | InProgress | Success | TimedOut | Cancelled | Failed" ]
},
"OutputS3BucketName" : "The name of the Amazon S3 bucket.",
"DocumentHash" : "The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated."
},
"Lambda" : {
"ClientContext" : "Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.",
"Qualifier" : "(Optional) Specify a Lambda function version or alias name. If you specify a function version, the action uses the qualified function ARN to invoke a specific Lambda function. If you specify an alias name, the action uses the alias ARN to invoke the Lambda function version to which the alias points.",
"Payload" : "JSON to provide to your Lambda function as input."
}
},
"WindowTaskId" : "The task ID to modify.",
"WindowId" : "The maintenance window ID that contains the task to modify.",
"TaskParameters" : "The parameters to modify. \n TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters. \nThe map has the following format: \nKey: string, between 1 and 255 characters \nValue: an array of strings, each string is between 1 and 255 characters",
"LoggingInfo" : {
"S3KeyPrefix" : "(Optional) The Amazon S3 bucket subfolder. ",
"S3Region" : "The region where the Amazon S3 bucket is located.",
"S3BucketName" : "The name of an Amazon S3 bucket where execution logs are stored ."
}
}

update_managed_instance_role

Assigns or changes an Amazon Identity and Access Management (IAM) role for the managed instance.

Parameters

$body

Type: object

{
"InstanceId" : "The ID of the managed instance where you want to update the role.",
"IamRole" : "The IAM role you want to assign or change."
}

update_ops_item

Edit or change an OpsItem. You must have permission in AWS Identity and Access Management (IAM) to update an OpsItem. For more information, see Getting Started with OpsCenter in the AWS Systems Manager User Guide.
Operations engineers and IT professionals use OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their AWS resources. For more information, see AWS Systems Manager OpsCenter in the AWS Systems Manager User Guide.

Parameters

$body

Type: object

{
"Status" : "The OpsItem status. Status can be Open, In Progress, or Resolved. For more information, see Editing OpsItem Details in the AWS Systems Manager User Guide.",
"OpsItemId" : "The ID of the OpsItem.",
"Description" : "Update the information about the OpsItem. Provide enough information so that users reading this OpsItem for the first time understand the issue. ",
"Priority" : "The importance of this OpsItem in relation to other OpsItems in the system.",
"OperationalDataToDelete" : [ "string" ],
"OperationalData" : "Add new keys or edit existing key-value pairs of the OperationalData map in the OpsItem object. \nOperational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB. \nOperational data keys can't begin with the following: amazon, aws, amzn, ssm, /amazon, /aws, /amzn, /ssm. \nYou can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API action) can view and search on the specified data. Operational data that is not searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API action). \nUse the /aws/resources key in OperationalData to specify a related resource in the request. Use the /aws/automations key in OperationalData to associate an Automation runbook with the OpsItem. To view AWS CLI example commands that use these keys, see Creating OpsItems Manually in the AWS Systems Manager User Guide.",
"Title" : "A short heading that describes the nature of the OpsItem and the impacted resource.",
"Notifications" : [ {
"Arn" : "The Amazon Resource Name (ARN) of an SNS topic where notifications are sent when this OpsItem is edited or changed."
} ],
"RelatedOpsItems" : [ {
"OpsItemId" : "The ID of an OpsItem related to the current OpsItem."
} ]
}

update_patch_baseline

Modifies an existing patch baseline. Fields not specified in the request are left unchanged.
For information about valid key and value pairs in PatchFilters for each supported operating system type, see PatchFilter.

Parameters

$body

Type: object

{
"BaselineId" : "The ID of the patch baseline to update.",
"ApprovedPatches" : [ "string" ],
"RejectedPatchesAction" : "The action for Patch Manager to take on patches included in the RejectedPackages list. \n ALLOW_AS_DEPENDENCY: A package in the Rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as InstalledOther. This is the default action if no option is specified. \n BLOCK: Packages in the RejectedPatches list, and packages that include them as dependencies, are not installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as InstalledRejected. ",
"Replace" : "If True, then all fields that are required by the CreatePatchBaseline action are also required for this API request. Optional fields that are not specified are set to null.",
"Description" : "A description of the patch baseline.",
"ApprovedPatchesComplianceLevel" : "Assigns a new compliance severity level to an existing patch baseline.",
"ApprovedPatchesEnableNonSecurity" : "Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only.",
"ApprovalRules" : {
"PatchRules" : [ {
"EnableNonSecurity" : "For instances identified by the approval rule filters, enables a patch baseline to apply non-security updates available in the specified repository. The default value is 'false'. Applies to Linux instances only.",
"PatchFilterGroup" : {
"PatchFilters" : [ {
"Values" : [ "string" ],
"Key" : "The key for the filter. \nRun the DescribePatchProperties command to view lists of valid keys for each operating system type."
} ]
},
"ApproveAfterDays" : "The number of days after the release date of each patch matched by the rule that the patch is marked as approved in the patch baseline. For example, a value of 7 means that patches are approved seven days after they are released. ",
"ComplianceLevel" : "A compliance severity level for all approved patches in a patch baseline. Valid compliance severity levels include the following: Unspecified, Critical, High, Medium, Low, and Informational."
} ]
},
"GlobalFilters" : {
"PatchFilters" : [ {
"Values" : [ "string" ],
"Key" : "The key for the filter. \nRun the DescribePatchProperties command to view lists of valid keys for each operating system type."
} ]
},
"Sources" : [ {
"Products" : [ "string" ],
"Configuration" : "The value of the yum repo configuration. For example: \n [main] \n cachedir=/var/cache/yum/$basesearch$releasever \n keepcache=0 \n debuglevel=2 ",
"Name" : "The name specified to identify the patch source."
} ],
"Name" : "The name of the patch baseline.",
"RejectedPatches" : [ "string" ]
}

update_service_setting

ServiceSetting is an account-level setting for an AWS service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an AWS service charges money to the account based on feature or service usage, then the AWS service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.
Services map a SettingId object to a setting value. AWS services teams define the default value for a SettingId. You can't create a new SettingId, but you can overwrite the default value if you have the ssm:UpdateServiceSetting permission for the setting. Use the GetServiceSetting API action to view the current value. Or, use the ResetServiceSetting to change the value back to the original value defined by the AWS service team.
Update the service setting for the account.

Parameters

$body

The request body of the UpdateServiceSetting API action.

Type: object

{
"SettingValue" : "The new value to specify for the service setting.",
"SettingId" : "The ID of the service setting to update."
}