Amazon Simple Systems Manager (SSM)

2025/04/29 - Amazon Simple Systems Manager (SSM) - 2 new11 updated api methods

Changes  This release adds support for just-In-time node access in AWS Systems Manager. Just-in-time node access enables customers to move towards zero standing privileges by requiring operators to request access and obtain approval before remotely connecting to nodes managed by the SSM Agent.

StartAccessRequest (new) Link ¶

Starts the workflow for just-in-time node access sessions.

See also: AWS API Documentation

Request Syntax

client.start_access_request(
    Reason='string',
    Targets=[
        {
            'Key': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)
type Reason:

string

param Reason:

[REQUIRED]

A brief description explaining why you are requesting access to the node.

type Targets:

list

param Targets:

[REQUIRED]

The node you are requesting access to.

  • (dict) --

    An array of search criteria that targets managed nodes using a key-value pair that you specify.

    Supported formats include the following.

    For all Systems Manager tools:

    • Key=tag-key,Values=tag-value-1,tag-value-2

    For Automation and Change Manager:

    • Key=tag:tag-key,Values=tag-value

    • Key=ResourceGroup,Values=resource-group-name

    • Key=ParameterValues,Values=value-1,value-2,value-3

    • To target all instances in the Amazon Web Services Region:

      • Key=AWS::EC2::Instance,Values=*

      • Key=InstanceIds,Values=*

    For Run Command and Maintenance Windows:

    • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

    • Key=tag:tag-key,Values=tag-value-1,tag-value-2

    • Key=resource-groups:Name,Values=resource-group-name

    • Additionally, Maintenance Windows support targeting resource types:

      • Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2

    For State Manager:

    • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

    • Key=tag:tag-key,Values=tag-value-1,tag-value-2

    • To target all instances in the Amazon Web Services Region:

      • Key=InstanceIds,Values=*

    For more information about how to send commands that target managed nodes using Key,Value parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.

    • Key (string) --

      User-defined criteria for sending commands that target managed nodes that meet the criteria.

    • Values (list) --

      User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.

      Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.

      • (string) --

type Tags:

list

param Tags:

Key-value pairs of metadata you want to assign to the access request.

  • (dict) --

    Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed nodes, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.

    • Key (string) -- [REQUIRED]

      The name of the tag.

    • Value (string) -- [REQUIRED]

      The value of the tag.

rtype:

dict

returns:

Response Syntax

{
    'AccessRequestId': 'string'
}

Response Structure

  • (dict) --

    • AccessRequestId (string) --

      The ID of the access request.

GetAccessToken (new) Link ¶

Returns a credentials set to be used with just-in-time node access.

See also: AWS API Documentation

Request Syntax

client.get_access_token(
    AccessRequestId='string'
)
type AccessRequestId:

string

param AccessRequestId:

[REQUIRED]

The ID of a just-in-time node access request.

rtype:

dict

returns:

Response Syntax

{
    'Credentials': {
        'AccessKeyId': 'string',
        'SecretAccessKey': 'string',
        'SessionToken': 'string',
        'ExpirationTime': datetime(2015, 1, 1)
    },
    'AccessRequestStatus': 'Approved'|'Rejected'|'Revoked'|'Expired'|'Pending'
}

Response Structure

  • (dict) --

    • Credentials (dict) --

      The temporary security credentials which can be used to start just-in-time node access sessions.

      • AccessKeyId (string) --

        The access key ID that identifies the temporary security credentials.

      • SecretAccessKey (string) --

        The secret access key that can be used to sign requests.

      • SessionToken (string) --

        The token that users must pass to the service API to use the temporary credentials.

      • ExpirationTime (datetime) --

        The datetime on which the current credentials expire.

    • AccessRequestStatus (string) --

      The status of the access request.

CreateDocument (updated) Link ¶
Changes (request, response)
Request
{'DocumentType': {'ManualApprovalPolicy', 'AutoApprovalPolicy'}}
Response
{'DocumentDescription': {'DocumentType': {'AutoApprovalPolicy',
                                          'ManualApprovalPolicy'}}}

Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs on your managed nodes. For more information about SSM documents, including information about supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the Amazon Web Services Systems Manager User Guide.

See also: AWS API Documentation

Request Syntax

client.create_document(
    Content='string',
    Requires=[
        {
            'Name': 'string',
            'Version': 'string',
            'RequireType': 'string',
            'VersionName': 'string'
        },
    ],
    Attachments=[
        {
            'Key': 'SourceUrl'|'S3FileUrl'|'AttachmentReference',
            'Values': [
                'string',
            ],
            'Name': 'string'
        },
    ],
    Name='string',
    DisplayName='string',
    VersionName='string',
    DocumentType='Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate'|'CloudFormation'|'ConformancePackTemplate'|'QuickSetup'|'ManualApprovalPolicy'|'AutoApprovalPolicy',
    DocumentFormat='YAML'|'JSON'|'TEXT',
    TargetType='string',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)
type Content:

string

param Content:

[REQUIRED]

The content for the new SSM document in JSON or YAML format. The content of the document must not exceed 64KB. This quota also includes the content specified for input parameters at runtime. We recommend storing the contents for your new document in an external JSON or YAML file and referencing the file in a command.

For examples, see the following topics in the Amazon Web Services Systems Manager User Guide.

type Requires:

list

param Requires:

A list of SSM documents required by a document. This parameter is used exclusively by AppConfig. When a user creates an AppConfig configuration in an SSM document, the user must also specify a required document for validation purposes. In this case, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document for validation purposes. For more information, see What is AppConfig? in the AppConfig User Guide.

  • (dict) --

    An SSM document required by the current document.

    • Name (string) -- [REQUIRED]

      The name of the required SSM document. The name can be an Amazon Resource Name (ARN).

    • Version (string) --

      The document version required by the current document.

    • RequireType (string) --

      The document type of the required SSM document.

    • VersionName (string) --

      An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

type Attachments:

list

param Attachments:

A list of key-value pairs that describe attachments to a version of a document.

  • (dict) --

    Identifying information about a document attachment, including the file name and a key-value pair that identifies the location of an attachment to a document.

    • Key (string) --

      The key of a key-value pair that identifies the location of an attachment to a document.

    • Values (list) --

      The value of a key-value pair that identifies the location of an attachment to a document. The format for Value depends on the type of key you specify.

      • For the key SourceUrl, the value is an S3 bucket location. For example: "Values": [ "s3://amzn-s3-demo-bucket/my-prefix" ]

      • For the key S3FileUrl, the value is a file in an S3 bucket. For example: "Values": [ "s3://amzn-s3-demo-bucket/my-prefix/my-file.py" ]

      • For the key AttachmentReference, the value is constructed from the name of another SSM document in your account, a version number of that document, and a file attached to that document version that you want to reuse. For example: "Values": [ "MyOtherDocument/3/my-other-file.py" ] However, if the SSM document is shared with you from another account, the full SSM document ARN must be specified instead of the document name only. For example: "Values": [ "arn:aws:ssm:us-east-2:111122223333:document/OtherAccountDocument/3/their-file.py" ]

      • (string) --

    • Name (string) --

      The name of the document attachment file.

type Name:

string

param Name:

[REQUIRED]

A name for the SSM document.

type DisplayName:

string

param DisplayName:

An optional field where you can specify a friendly name for the SSM document. This value can differ for each version of the document. You can update this value at a later time using the UpdateDocument operation.

type VersionName:

string

param VersionName:

An optional field specifying the version of the artifact you are creating with the document. For example, Release12.1. This value is unique across all versions of a document, and can't be changed.

type DocumentType:

string

param DocumentType:

The type of document to create.

type DocumentFormat:

string

param DocumentFormat:

Specify the document format for the request. The document format can be JSON, YAML, or TEXT. JSON is the default format.

type TargetType:

string

param TargetType:

Specify a target type to define the kinds of resources the document can run on. For example, to run a document on EC2 instances, specify the following value: /AWS::EC2::Instance. If you specify a value of '/' the document can run on all types of resources. If you don't specify a value, the document can't run on any resources. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.

type Tags:

list

param Tags:

Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an SSM document to identify the types of targets or the environment where it will run. In this case, you could specify the following key-value pairs:

  • Key=OS,Value=Windows

  • Key=Environment,Value=Production

  • (dict) --

    Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed nodes, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.

    • Key (string) -- [REQUIRED]

      The name of the tag.

    • Value (string) -- [REQUIRED]

      The value of the tag.

rtype:

dict

returns:

Response Syntax

{
    'DocumentDescription': {
        'Sha1': 'string',
        'Hash': 'string',
        'HashType': 'Sha256'|'Sha1',
        'Name': 'string',
        'DisplayName': 'string',
        'VersionName': 'string',
        'Owner': 'string',
        'CreatedDate': datetime(2015, 1, 1),
        'Status': 'Creating'|'Active'|'Updating'|'Deleting'|'Failed',
        'StatusInformation': 'string',
        'DocumentVersion': 'string',
        'Description': 'string',
        'Parameters': [
            {
                'Name': 'string',
                'Type': 'String'|'StringList',
                'Description': 'string',
                'DefaultValue': 'string'
            },
        ],
        'PlatformTypes': [
            'Windows'|'Linux'|'MacOS',
        ],
        'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate'|'CloudFormation'|'ConformancePackTemplate'|'QuickSetup'|'ManualApprovalPolicy'|'AutoApprovalPolicy',
        'SchemaVersion': 'string',
        'LatestVersion': 'string',
        'DefaultVersion': 'string',
        'DocumentFormat': 'YAML'|'JSON'|'TEXT',
        'TargetType': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'AttachmentsInformation': [
            {
                'Name': 'string'
            },
        ],
        'Requires': [
            {
                'Name': 'string',
                'Version': 'string',
                'RequireType': 'string',
                'VersionName': 'string'
            },
        ],
        'Author': 'string',
        'ReviewInformation': [
            {
                'ReviewedTime': datetime(2015, 1, 1),
                'Status': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
                'Reviewer': 'string'
            },
        ],
        'ApprovedVersion': 'string',
        'PendingReviewVersion': 'string',
        'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
        'Category': [
            'string',
        ],
        'CategoryEnum': [
            'string',
        ]
    }
}

Response Structure

  • (dict) --

    • DocumentDescription (dict) --

      Information about the SSM document.

      • Sha1 (string) --

        The SHA1 hash of the document, which you can use for verification.

      • Hash (string) --

        The Sha256 or Sha1 hash created by the system when the document was created.

      • HashType (string) --

        The hash type of the document. Valid values include Sha256 or Sha1.

      • Name (string) --

        The name of the SSM document.

      • DisplayName (string) --

        The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.

      • VersionName (string) --

        The version of the artifact associated with the document.

      • Owner (string) --

        The Amazon Web Services user that created the document.

      • CreatedDate (datetime) --

        The date when the document was created.

      • Status (string) --

        The status of the SSM document.

      • StatusInformation (string) --

        A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."

      • DocumentVersion (string) --

        The document version.

      • Description (string) --

        A description of the document.

      • Parameters (list) --

        A description of the parameters for a document.

        • (dict) --

          Parameters specified in a Systems Manager document that run on the server when the command is run.

          • Name (string) --

            The name of the parameter.

          • Type (string) --

            The type of parameter. The type can be either String or StringList.

          • Description (string) --

            A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.

          • DefaultValue (string) --

            If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.

      • PlatformTypes (list) --

        The list of operating system (OS) platforms compatible with this SSM document.

        • (string) --

      • DocumentType (string) --

        The type of document.

      • SchemaVersion (string) --

        The schema version.

      • LatestVersion (string) --

        The latest version of the document.

      • DefaultVersion (string) --

        The default version.

      • DocumentFormat (string) --

        The document format, either JSON or YAML.

      • TargetType (string) --

        The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.

      • Tags (list) --

        The tags, or metadata, that have been applied to the document.

        • (dict) --

          Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed nodes, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.

          • Key (string) --

            The name of the tag.

          • Value (string) --

            The value of the tag.

      • AttachmentsInformation (list) --

        Details about the document attachments, including names, locations, sizes, and so on.

        • (dict) --

          An attribute of an attachment, such as the attachment name.

          • Name (string) --

            The name of the attachment.

      • Requires (list) --

        A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.

        • (dict) --

          An SSM document required by the current document.

          • Name (string) --

            The name of the required SSM document. The name can be an Amazon Resource Name (ARN).

          • Version (string) --

            The document version required by the current document.

          • RequireType (string) --

            The document type of the required SSM document.

          • VersionName (string) --

            An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

      • Author (string) --

        The user in your organization who created the document.

      • ReviewInformation (list) --

        Details about the review of a document.

        • (dict) --

          Information about the result of a document review request.

          • ReviewedTime (datetime) --

            The time that the reviewer took action on the document review request.

          • Status (string) --

            The current status of the document review request.

          • Reviewer (string) --

            The reviewer assigned to take action on the document review request.

      • ApprovedVersion (string) --

        The version of the document currently approved for use in the organization.

      • PendingReviewVersion (string) --

        The version of the document that is currently under review.

      • ReviewStatus (string) --

        The current status of the review.

      • Category (list) --

        The classification of a document to help you identify and categorize its use.

        • (string) --

      • CategoryEnum (list) --

        The value that identifies a document's category.

        • (string) --

DescribeAutomationExecutions (updated) Link ¶
Changes (response)
{'AutomationExecutionMetadataList': {'AutomationSubtype': {'AccessRequest'}}}

Provides details about all active and terminated Automation executions.

See also: AWS API Documentation

Request Syntax

client.describe_automation_executions(
    Filters=[
        {
            'Key': 'DocumentNamePrefix'|'ExecutionStatus'|'ExecutionId'|'ParentExecutionId'|'CurrentAction'|'StartTimeBefore'|'StartTimeAfter'|'AutomationType'|'TagKey'|'TargetResourceGroup'|'AutomationSubtype'|'OpsItemId',
            'Values': [
                'string',
            ]
        },
    ],
    MaxResults=123,
    NextToken='string'
)
type Filters:

list

param Filters:

Filters used to limit the scope of executions that are requested.

  • (dict) --

    A filter used to match specific automation executions. This is used to limit the scope of Automation execution information returned.

    • Key (string) -- [REQUIRED]

      One or more keys to limit the results.

    • Values (list) -- [REQUIRED]

      The values used to limit the execution information associated with the filter's key.

      • (string) --

type MaxResults:

integer

param MaxResults:

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

type NextToken:

string

param NextToken:

The token for the next set of items to return. (You received this token from a previous call.)

rtype:

dict

returns:

Response Syntax

{
    'AutomationExecutionMetadataList': [
        {
            'AutomationExecutionId': 'string',
            'DocumentName': 'string',
            'DocumentVersion': 'string',
            'AutomationExecutionStatus': 'Pending'|'InProgress'|'Waiting'|'Success'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'PendingApproval'|'Approved'|'Rejected'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'CompletedWithSuccess'|'CompletedWithFailure'|'Exited',
            'ExecutionStartTime': datetime(2015, 1, 1),
            'ExecutionEndTime': datetime(2015, 1, 1),
            'ExecutedBy': 'string',
            'LogFile': 'string',
            'Outputs': {
                'string': [
                    'string',
                ]
            },
            'Mode': 'Auto'|'Interactive',
            'ParentAutomationExecutionId': 'string',
            'CurrentStepName': 'string',
            'CurrentAction': 'string',
            'FailureMessage': 'string',
            'TargetParameterName': 'string',
            'Targets': [
                {
                    'Key': 'string',
                    'Values': [
                        'string',
                    ]
                },
            ],
            'TargetMaps': [
                {
                    'string': [
                        'string',
                    ]
                },
            ],
            'ResolvedTargets': {
                'ParameterValues': [
                    'string',
                ],
                'Truncated': True|False
            },
            'MaxConcurrency': 'string',
            'MaxErrors': 'string',
            'Target': 'string',
            'AutomationType': 'CrossAccount'|'Local',
            'AlarmConfiguration': {
                'IgnorePollAlarmFailure': True|False,
                'Alarms': [
                    {
                        'Name': 'string'
                    },
                ]
            },
            'TriggeredAlarms': [
                {
                    'Name': 'string',
                    'State': 'UNKNOWN'|'ALARM'
                },
            ],
            'TargetLocationsURL': 'string',
            'AutomationSubtype': 'ChangeRequest'|'AccessRequest',
            'ScheduledTime': datetime(2015, 1, 1),
            'Runbooks': [
                {
                    'DocumentName': 'string',
                    'DocumentVersion': 'string',
                    'Parameters': {
                        'string': [
                            'string',
                        ]
                    },
                    'TargetParameterName': 'string',
                    'Targets': [
                        {
                            'Key': 'string',
                            'Values': [
                                'string',
                            ]
                        },
                    ],
                    'TargetMaps': [
                        {
                            'string': [
                                'string',
                            ]
                        },
                    ],
                    'MaxConcurrency': 'string',
                    'MaxErrors': 'string',
                    'TargetLocations': [
                        {
                            'Accounts': [
                                'string',
                            ],
                            'Regions': [
                                'string',
                            ],
                            'TargetLocationMaxConcurrency': 'string',
                            'TargetLocationMaxErrors': 'string',
                            'ExecutionRoleName': 'string',
                            'TargetLocationAlarmConfiguration': {
                                'IgnorePollAlarmFailure': True|False,
                                'Alarms': [
                                    {
                                        'Name': 'string'
                                    },
                                ]
                            },
                            'IncludeChildOrganizationUnits': True|False,
                            'ExcludeAccounts': [
                                'string',
                            ],
                            'Targets': [
                                {
                                    'Key': 'string',
                                    'Values': [
                                        'string',
                                    ]
                                },
                            ],
                            'TargetsMaxConcurrency': 'string',
                            'TargetsMaxErrors': 'string'
                        },
                    ]
                },
            ],
            'OpsItemId': 'string',
            'AssociationId': 'string',
            'ChangeRequestName': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • AutomationExecutionMetadataList (list) --

      The list of details about each automation execution which has occurred which matches the filter specification, if any.

      • (dict) --

        Details about a specific Automation execution.

        • AutomationExecutionId (string) --

          The execution ID.

        • DocumentName (string) --

          The name of the Automation runbook used during execution.

        • DocumentVersion (string) --

          The document version used during the execution.

        • AutomationExecutionStatus (string) --

          The status of the execution.

        • ExecutionStartTime (datetime) --

          The time the execution started.

        • ExecutionEndTime (datetime) --

          The time the execution finished. This isn't populated if the execution is still in progress.

        • ExecutedBy (string) --

          The IAM role ARN of the user who ran the automation.

        • LogFile (string) --

          An S3 bucket where execution information is stored.

        • Outputs (dict) --

          The list of execution outputs as defined in the Automation runbook.

          • (string) --

            • (list) --

              • (string) --

        • Mode (string) --

          The Automation execution mode.

        • ParentAutomationExecutionId (string) --

          The execution ID of the parent automation.

        • CurrentStepName (string) --

          The name of the step that is currently running.

        • CurrentAction (string) --

          The action of the step that is currently running.

        • FailureMessage (string) --

          The list of execution outputs as defined in the Automation runbook.

        • TargetParameterName (string) --

          The list of execution outputs as defined in the Automation runbook.

        • Targets (list) --

          The targets defined by the user when starting the automation.

          • (dict) --

            An array of search criteria that targets managed nodes using a key-value pair that you specify.

            Supported formats include the following.

            For all Systems Manager tools:

            • Key=tag-key,Values=tag-value-1,tag-value-2

            For Automation and Change Manager:

            • Key=tag:tag-key,Values=tag-value

            • Key=ResourceGroup,Values=resource-group-name

            • Key=ParameterValues,Values=value-1,value-2,value-3

            • To target all instances in the Amazon Web Services Region:

              • Key=AWS::EC2::Instance,Values=*

              • Key=InstanceIds,Values=*

            For Run Command and Maintenance Windows:

            • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

            • Key=tag:tag-key,Values=tag-value-1,tag-value-2

            • Key=resource-groups:Name,Values=resource-group-name

            • Additionally, Maintenance Windows support targeting resource types:

              • Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2

            For State Manager:

            • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

            • Key=tag:tag-key,Values=tag-value-1,tag-value-2

            • To target all instances in the Amazon Web Services Region:

              • Key=InstanceIds,Values=*

            For more information about how to send commands that target managed nodes using Key,Value parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.

            • Key (string) --

              User-defined criteria for sending commands that target managed nodes that meet the criteria.

            • Values (list) --

              User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.

              Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.

              • (string) --

        • TargetMaps (list) --

          The specified key-value mapping of document parameters to target resources.

          • (dict) --

            • (string) --

              • (list) --

                • (string) --

        • ResolvedTargets (dict) --

          A list of targets that resolved during the execution.

          • ParameterValues (list) --

            A list of parameter values sent to targets that resolved during the Automation execution.

            • (string) --

          • Truncated (boolean) --

            A boolean value indicating whether the resolved target list is truncated.

        • MaxConcurrency (string) --

          The MaxConcurrency value specified by the user when starting the automation.

        • MaxErrors (string) --

          The MaxErrors value specified by the user when starting the automation.

        • Target (string) --

          The list of execution outputs as defined in the Automation runbook.

        • AutomationType (string) --

          Use this filter with DescribeAutomationExecutions. Specify either Local or CrossAccount. CrossAccount is an Automation that runs in multiple Amazon Web Services Regions and Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the Amazon Web Services Systems Manager User Guide.

        • AlarmConfiguration (dict) --

          The details for the CloudWatch alarm applied to your automation.

          • IgnorePollAlarmFailure (boolean) --

            When this value is true, your automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.

          • Alarms (list) --

            The name of the CloudWatch alarm specified in the configuration.

            • (dict) --

              A CloudWatch alarm you apply to an automation or command.

              • Name (string) --

                The name of your CloudWatch alarm.

        • TriggeredAlarms (list) --

          The CloudWatch alarm that was invoked by the automation.

          • (dict) --

            The details about the state of your CloudWatch alarm.

            • Name (string) --

              The name of your CloudWatch alarm.

            • State (string) --

              The state of your CloudWatch alarm.

        • TargetLocationsURL (string) --

          A publicly accessible URL for a file that contains the TargetLocations body. Currently, only files in presigned Amazon S3 buckets are supported

        • AutomationSubtype (string) --

          The subtype of the Automation operation. Currently, the only supported value is ChangeRequest.

        • ScheduledTime (datetime) --

          The date and time the Automation operation is scheduled to start.

        • Runbooks (list) --

          Information about the Automation runbooks that are run during a runbook workflow in Change Manager.

          • (dict) --

            Information about an Automation runbook used in a runbook workflow in Change Manager.

            • DocumentName (string) --

              The name of the Automation runbook used in a runbook workflow.

            • DocumentVersion (string) --

              The version of the Automation runbook used in a runbook workflow.

            • Parameters (dict) --

              The key-value map of execution parameters, which were supplied when calling StartChangeRequestExecution.

              • (string) --

                • (list) --

                  • (string) --

            • TargetParameterName (string) --

              The name of the parameter used as the target resource for the rate-controlled runbook workflow. Required if you specify Targets.

            • Targets (list) --

              A key-value mapping to target resources that the runbook operation performs tasks on. Required if you specify TargetParameterName.

              • (dict) --

                An array of search criteria that targets managed nodes using a key-value pair that you specify.

                Supported formats include the following.

                For all Systems Manager tools:

                • Key=tag-key,Values=tag-value-1,tag-value-2

                For Automation and Change Manager:

                • Key=tag:tag-key,Values=tag-value

                • Key=ResourceGroup,Values=resource-group-name

                • Key=ParameterValues,Values=value-1,value-2,value-3

                • To target all instances in the Amazon Web Services Region:

                  • Key=AWS::EC2::Instance,Values=*

                  • Key=InstanceIds,Values=*

                For Run Command and Maintenance Windows:

                • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

                • Key=tag:tag-key,Values=tag-value-1,tag-value-2

                • Key=resource-groups:Name,Values=resource-group-name

                • Additionally, Maintenance Windows support targeting resource types:

                  • Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2

                For State Manager:

                • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

                • Key=tag:tag-key,Values=tag-value-1,tag-value-2

                • To target all instances in the Amazon Web Services Region:

                  • Key=InstanceIds,Values=*

                For more information about how to send commands that target managed nodes using Key,Value parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.

                • Key (string) --

                  User-defined criteria for sending commands that target managed nodes that meet the criteria.

                • Values (list) --

                  User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.

                  Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.

                  • (string) --

            • TargetMaps (list) --

              A key-value mapping of runbook parameters to target resources. Both Targets and TargetMaps can't be specified together.

              • (dict) --

                • (string) --

                  • (list) --

                    • (string) --

            • MaxConcurrency (string) --

              The MaxConcurrency value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time.

            • MaxErrors (string) --

              The MaxErrors value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back.

            • TargetLocations (list) --

              Information about the Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Runbook operation.

              • (dict) --

                The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation execution.

                • Accounts (list) --

                  The Amazon Web Services accounts targeted by the current Automation execution.

                  • (string) --

                • Regions (list) --

                  The Amazon Web Services Regions targeted by the current Automation execution.

                  • (string) --

                • TargetLocationMaxConcurrency (string) --

                  The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.

                • TargetLocationMaxErrors (string) --

                  The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.

                • ExecutionRoleName (string) --

                  The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole.

                • TargetLocationAlarmConfiguration (dict) --

                  The details for the CloudWatch alarm you want to apply to an automation or command.

                  • IgnorePollAlarmFailure (boolean) --

                    When this value is true, your automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.

                  • Alarms (list) --

                    The name of the CloudWatch alarm specified in the configuration.

                    • (dict) --

                      A CloudWatch alarm you apply to an automation or command.

                      • Name (string) --

                        The name of your CloudWatch alarm.

                • IncludeChildOrganizationUnits (boolean) --

                  Indicates whether to include child organizational units (OUs) that are children of the targeted OUs. The default is false.

                • ExcludeAccounts (list) --

                  Amazon Web Services accounts or organizational units to exclude as expanded targets.

                  • (string) --

                • Targets (list) --

                  A list of key-value mappings to target resources. If you specify values for this data type, you must also specify a value for TargetParameterName.

                  This Targets parameter takes precedence over the StartAutomationExecution:Targets parameter if both are supplied.

                  • (dict) --

                    An array of search criteria that targets managed nodes using a key-value pair that you specify.

                    Supported formats include the following.

                    For all Systems Manager tools:

                    • Key=tag-key,Values=tag-value-1,tag-value-2

                    For Automation and Change Manager:

                    • Key=tag:tag-key,Values=tag-value

                    • Key=ResourceGroup,Values=resource-group-name

                    • Key=ParameterValues,Values=value-1,value-2,value-3

                    • To target all instances in the Amazon Web Services Region:

                      • Key=AWS::EC2::Instance,Values=*

                      • Key=InstanceIds,Values=*

                    For Run Command and Maintenance Windows:

                    • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

                    • Key=tag:tag-key,Values=tag-value-1,tag-value-2

                    • Key=resource-groups:Name,Values=resource-group-name

                    • Additionally, Maintenance Windows support targeting resource types:

                      • Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2

                    For State Manager:

                    • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

                    • Key=tag:tag-key,Values=tag-value-1,tag-value-2

                    • To target all instances in the Amazon Web Services Region:

                      • Key=InstanceIds,Values=*

                    For more information about how to send commands that target managed nodes using Key,Value parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.

                    • Key (string) --

                      User-defined criteria for sending commands that target managed nodes that meet the criteria.

                    • Values (list) --

                      User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.

                      Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.

                      • (string) --

                • TargetsMaxConcurrency (string) --

                  The maximum number of targets allowed to run this task in parallel. This TargetsMaxConcurrency takes precedence over the StartAutomationExecution:MaxConcurrency parameter if both are supplied.

                • TargetsMaxErrors (string) --

                  The maximum number of errors that are allowed before the system stops running the automation on additional targets. This TargetsMaxErrors parameter takes precedence over the StartAutomationExecution:MaxErrors parameter if both are supplied.

        • OpsItemId (string) --

          The ID of an OpsItem that is created to represent a Change Manager change request.

        • AssociationId (string) --

          The ID of a State Manager association used in the Automation operation.

        • ChangeRequestName (string) --

          The name of the Change Manager change request.

    • NextToken (string) --

      The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

DescribeDocument (updated) Link ¶
Changes (response)
{'Document': {'DocumentType': {'ManualApprovalPolicy', 'AutoApprovalPolicy'}}}

Describes the specified Amazon Web Services Systems Manager document (SSM document).

See also: AWS API Documentation

Request Syntax

client.describe_document(
    Name='string',
    DocumentVersion='string',
    VersionName='string'
)
type Name:

string

param Name:

[REQUIRED]

The name of the SSM document.

type DocumentVersion:

string

param DocumentVersion:

The document version for which you want information. Can be a specific version or the default version.

type VersionName:

string

param VersionName:

An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

rtype:

dict

returns:

Response Syntax

{
    'Document': {
        'Sha1': 'string',
        'Hash': 'string',
        'HashType': 'Sha256'|'Sha1',
        'Name': 'string',
        'DisplayName': 'string',
        'VersionName': 'string',
        'Owner': 'string',
        'CreatedDate': datetime(2015, 1, 1),
        'Status': 'Creating'|'Active'|'Updating'|'Deleting'|'Failed',
        'StatusInformation': 'string',
        'DocumentVersion': 'string',
        'Description': 'string',
        'Parameters': [
            {
                'Name': 'string',
                'Type': 'String'|'StringList',
                'Description': 'string',
                'DefaultValue': 'string'
            },
        ],
        'PlatformTypes': [
            'Windows'|'Linux'|'MacOS',
        ],
        'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate'|'CloudFormation'|'ConformancePackTemplate'|'QuickSetup'|'ManualApprovalPolicy'|'AutoApprovalPolicy',
        'SchemaVersion': 'string',
        'LatestVersion': 'string',
        'DefaultVersion': 'string',
        'DocumentFormat': 'YAML'|'JSON'|'TEXT',
        'TargetType': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'AttachmentsInformation': [
            {
                'Name': 'string'
            },
        ],
        'Requires': [
            {
                'Name': 'string',
                'Version': 'string',
                'RequireType': 'string',
                'VersionName': 'string'
            },
        ],
        'Author': 'string',
        'ReviewInformation': [
            {
                'ReviewedTime': datetime(2015, 1, 1),
                'Status': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
                'Reviewer': 'string'
            },
        ],
        'ApprovedVersion': 'string',
        'PendingReviewVersion': 'string',
        'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
        'Category': [
            'string',
        ],
        'CategoryEnum': [
            'string',
        ]
    }
}

Response Structure

  • (dict) --

    • Document (dict) --

      Information about the SSM document.

      • Sha1 (string) --

        The SHA1 hash of the document, which you can use for verification.

      • Hash (string) --

        The Sha256 or Sha1 hash created by the system when the document was created.

      • HashType (string) --

        The hash type of the document. Valid values include Sha256 or Sha1.

      • Name (string) --

        The name of the SSM document.

      • DisplayName (string) --

        The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.

      • VersionName (string) --

        The version of the artifact associated with the document.

      • Owner (string) --

        The Amazon Web Services user that created the document.

      • CreatedDate (datetime) --

        The date when the document was created.

      • Status (string) --

        The status of the SSM document.

      • StatusInformation (string) --

        A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."

      • DocumentVersion (string) --

        The document version.

      • Description (string) --

        A description of the document.

      • Parameters (list) --

        A description of the parameters for a document.

        • (dict) --

          Parameters specified in a Systems Manager document that run on the server when the command is run.

          • Name (string) --

            The name of the parameter.

          • Type (string) --

            The type of parameter. The type can be either String or StringList.

          • Description (string) --

            A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.

          • DefaultValue (string) --

            If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.

      • PlatformTypes (list) --

        The list of operating system (OS) platforms compatible with this SSM document.

        • (string) --

      • DocumentType (string) --

        The type of document.

      • SchemaVersion (string) --

        The schema version.

      • LatestVersion (string) --

        The latest version of the document.

      • DefaultVersion (string) --

        The default version.

      • DocumentFormat (string) --

        The document format, either JSON or YAML.

      • TargetType (string) --

        The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.

      • Tags (list) --

        The tags, or metadata, that have been applied to the document.

        • (dict) --

          Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed nodes, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.

          • Key (string) --

            The name of the tag.

          • Value (string) --

            The value of the tag.

      • AttachmentsInformation (list) --

        Details about the document attachments, including names, locations, sizes, and so on.

        • (dict) --

          An attribute of an attachment, such as the attachment name.

          • Name (string) --

            The name of the attachment.

      • Requires (list) --

        A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.

        • (dict) --

          An SSM document required by the current document.

          • Name (string) --

            The name of the required SSM document. The name can be an Amazon Resource Name (ARN).

          • Version (string) --

            The document version required by the current document.

          • RequireType (string) --

            The document type of the required SSM document.

          • VersionName (string) --

            An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

      • Author (string) --

        The user in your organization who created the document.

      • ReviewInformation (list) --

        Details about the review of a document.

        • (dict) --

          Information about the result of a document review request.

          • ReviewedTime (datetime) --

            The time that the reviewer took action on the document review request.

          • Status (string) --

            The current status of the document review request.

          • Reviewer (string) --

            The reviewer assigned to take action on the document review request.

      • ApprovedVersion (string) --

        The version of the document currently approved for use in the organization.

      • PendingReviewVersion (string) --

        The version of the document that is currently under review.

      • ReviewStatus (string) --

        The current status of the review.

      • Category (list) --

        The classification of a document to help you identify and categorize its use.

        • (string) --

      • CategoryEnum (list) --

        The value that identifies a document's category.

        • (string) --

DescribeOpsItems (updated) Link ¶
Changes (request, response)
Request
{'OpsItemFilters': {'Key': {'AccessRequestByApproverArn',
                            'AccessRequestByApproverId',
                            'AccessRequestByIsReplica',
                            'AccessRequestByRequesterArn',
                            'AccessRequestByRequesterId',
                            'AccessRequestBySourceAccountId',
                            'AccessRequestBySourceOpsItemId',
                            'AccessRequestBySourceRegion',
                            'AccessRequestByTargetResourceId'}}}
Response
{'OpsItemSummaries': {'Status': {'Revoked'}}}

Query a set of OpsItems. You must have permission in Identity and Access Management (IAM) to query a list of OpsItems. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.

Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.

See also: AWS API Documentation

Request Syntax

client.describe_ops_items(
    OpsItemFilters=[
        {
            'Key': 'Status'|'CreatedBy'|'Source'|'Priority'|'Title'|'OpsItemId'|'CreatedTime'|'LastModifiedTime'|'ActualStartTime'|'ActualEndTime'|'PlannedStartTime'|'PlannedEndTime'|'OperationalData'|'OperationalDataKey'|'OperationalDataValue'|'ResourceId'|'AutomationId'|'Category'|'Severity'|'OpsItemType'|'AccessRequestByRequesterArn'|'AccessRequestByRequesterId'|'AccessRequestByApproverArn'|'AccessRequestByApproverId'|'AccessRequestBySourceAccountId'|'AccessRequestBySourceOpsItemId'|'AccessRequestBySourceRegion'|'AccessRequestByIsReplica'|'AccessRequestByTargetResourceId'|'ChangeRequestByRequesterArn'|'ChangeRequestByRequesterName'|'ChangeRequestByApproverArn'|'ChangeRequestByApproverName'|'ChangeRequestByTemplate'|'ChangeRequestByTargetsResourceGroup'|'InsightByType'|'AccountId',
            'Values': [
                'string',
            ],
            'Operator': 'Equal'|'Contains'|'GreaterThan'|'LessThan'
        },
    ],
    MaxResults=123,
    NextToken='string'
)
type OpsItemFilters:

list

param OpsItemFilters:

One or more filters to limit the response.

  • Key: CreatedTime Operations: GreaterThan, LessThan

  • Key: LastModifiedBy Operations: Contains, Equals

  • Key: LastModifiedTime Operations: GreaterThan, LessThan

  • Key: Priority Operations: Equals

  • Key: Source Operations: Contains, Equals

  • Key: Status Operations: Equals

  • Key: Title* Operations: Equals,Contains

  • Key: OperationalData** Operations: Equals

  • Key: OperationalDataKey Operations: Equals

  • Key: OperationalDataValue Operations: Equals, Contains

  • Key: OpsItemId Operations: Equals

  • Key: ResourceId Operations: Contains

  • Key: AutomationId Operations: Equals

  • Key: AccountId Operations: Equals

*The Equals operator for Title matches the first 100 characters. If you specify more than 100 characters, they system returns an error that the filter value exceeds the length limit.

**If you filter the response by using the OperationalData operator, specify a key-value pair by using the following JSON format: {"key":"key_name","value":"a_value"}

  • (dict) --

    Describes an OpsItem filter.

    • Key (string) -- [REQUIRED]

      The name of the filter.

    • Values (list) -- [REQUIRED]

      The filter value.

      • (string) --

    • Operator (string) -- [REQUIRED]

      The operator used by the filter call.

type MaxResults:

integer

param MaxResults:

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

type NextToken:

string

param NextToken:

A token to start the list. Use this token to get the next set of results.

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'OpsItemSummaries': [
        {
            'CreatedBy': 'string',
            'CreatedTime': datetime(2015, 1, 1),
            'LastModifiedBy': 'string',
            'LastModifiedTime': datetime(2015, 1, 1),
            'Priority': 123,
            'Source': 'string',
            'Status': 'Open'|'InProgress'|'Resolved'|'Pending'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'CompletedWithSuccess'|'CompletedWithFailure'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'PendingApproval'|'Approved'|'Revoked'|'Rejected'|'Closed',
            'OpsItemId': 'string',
            'Title': 'string',
            'OperationalData': {
                'string': {
                    'Value': 'string',
                    'Type': 'SearchableString'|'String'
                }
            },
            'Category': 'string',
            'Severity': 'string',
            'OpsItemType': 'string',
            'ActualStartTime': datetime(2015, 1, 1),
            'ActualEndTime': datetime(2015, 1, 1),
            'PlannedStartTime': datetime(2015, 1, 1),
            'PlannedEndTime': datetime(2015, 1, 1)
        },
    ]
}

Response Structure

  • (dict) --

    • NextToken (string) --

      The token for the next set of items to return. Use this token to get the next set of results.

    • OpsItemSummaries (list) --

      A list of OpsItems.

      • (dict) --

        A count of OpsItems.

        • CreatedBy (string) --

          The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem.

        • CreatedTime (datetime) --

          The date and time the OpsItem was created.

        • LastModifiedBy (string) --

          The Amazon Resource Name (ARN) of the IAM entity that created the OpsItem.

        • LastModifiedTime (datetime) --

          The date and time the OpsItem was last updated.

        • Priority (integer) --

          The importance of this OpsItem in relation to other OpsItems in the system.

        • Source (string) --

          The impacted Amazon Web Services resource.

        • Status (string) --

          The OpsItem status.

        • OpsItemId (string) --

          The ID of the OpsItem.

        • Title (string) --

          A short heading that describes the nature of the OpsItem and the impacted resource.

        • OperationalData (dict) --

          Operational data is custom data that provides useful reference details about the OpsItem.

          • (string) --

            • (dict) --

              An object that defines the value of the key and its type in the OperationalData map.

              • Value (string) --

                The value of the OperationalData key.

              • Type (string) --

                The type of key-value pair. Valid types include SearchableString and String.

        • Category (string) --

          A list of OpsItems by category.

        • Severity (string) --

          A list of OpsItems by severity.

        • OpsItemType (string) --

          The type of OpsItem. Systems Manager supports the following types of OpsItems:

          • /aws/issue This type of OpsItem is used for default OpsItems created by OpsCenter.

          • /aws/changerequest This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.

          • /aws/insight This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.

        • ActualStartTime (datetime) --

          The time a runbook workflow started. Currently reported only for the OpsItem type /aws/changerequest.

        • ActualEndTime (datetime) --

          The time a runbook workflow ended. Currently reported only for the OpsItem type /aws/changerequest.

        • PlannedStartTime (datetime) --

          The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type /aws/changerequest.

        • PlannedEndTime (datetime) --

          The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest.

GetAutomationExecution (updated) Link ¶
Changes (response)
{'AutomationExecution': {'AutomationSubtype': {'AccessRequest'}}}

Get detailed information about a particular Automation execution.

See also: AWS API Documentation

Request Syntax

client.get_automation_execution(
    AutomationExecutionId='string'
)
type AutomationExecutionId:

string

param AutomationExecutionId:

[REQUIRED]

The unique identifier for an existing automation execution to examine. The execution ID is returned by StartAutomationExecution when the execution of an Automation runbook is initiated.

rtype:

dict

returns:

Response Syntax

{
    'AutomationExecution': {
        'AutomationExecutionId': 'string',
        'DocumentName': 'string',
        'DocumentVersion': 'string',
        'ExecutionStartTime': datetime(2015, 1, 1),
        'ExecutionEndTime': datetime(2015, 1, 1),
        'AutomationExecutionStatus': 'Pending'|'InProgress'|'Waiting'|'Success'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'PendingApproval'|'Approved'|'Rejected'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'CompletedWithSuccess'|'CompletedWithFailure'|'Exited',
        'StepExecutions': [
            {
                'StepName': 'string',
                'Action': 'string',
                'TimeoutSeconds': 123,
                'OnFailure': 'string',
                'MaxAttempts': 123,
                'ExecutionStartTime': datetime(2015, 1, 1),
                'ExecutionEndTime': datetime(2015, 1, 1),
                'StepStatus': 'Pending'|'InProgress'|'Waiting'|'Success'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'PendingApproval'|'Approved'|'Rejected'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'CompletedWithSuccess'|'CompletedWithFailure'|'Exited',
                'ResponseCode': 'string',
                'Inputs': {
                    'string': 'string'
                },
                'Outputs': {
                    'string': [
                        'string',
                    ]
                },
                'Response': 'string',
                'FailureMessage': 'string',
                'FailureDetails': {
                    'FailureStage': 'string',
                    'FailureType': 'string',
                    'Details': {
                        'string': [
                            'string',
                        ]
                    }
                },
                'StepExecutionId': 'string',
                'OverriddenParameters': {
                    'string': [
                        'string',
                    ]
                },
                'IsEnd': True|False,
                'NextStep': 'string',
                'IsCritical': True|False,
                'ValidNextSteps': [
                    'string',
                ],
                'Targets': [
                    {
                        'Key': 'string',
                        'Values': [
                            'string',
                        ]
                    },
                ],
                'TargetLocation': {
                    'Accounts': [
                        'string',
                    ],
                    'Regions': [
                        'string',
                    ],
                    'TargetLocationMaxConcurrency': 'string',
                    'TargetLocationMaxErrors': 'string',
                    'ExecutionRoleName': 'string',
                    'TargetLocationAlarmConfiguration': {
                        'IgnorePollAlarmFailure': True|False,
                        'Alarms': [
                            {
                                'Name': 'string'
                            },
                        ]
                    },
                    'IncludeChildOrganizationUnits': True|False,
                    'ExcludeAccounts': [
                        'string',
                    ],
                    'Targets': [
                        {
                            'Key': 'string',
                            'Values': [
                                'string',
                            ]
                        },
                    ],
                    'TargetsMaxConcurrency': 'string',
                    'TargetsMaxErrors': 'string'
                },
                'TriggeredAlarms': [
                    {
                        'Name': 'string',
                        'State': 'UNKNOWN'|'ALARM'
                    },
                ],
                'ParentStepDetails': {
                    'StepExecutionId': 'string',
                    'StepName': 'string',
                    'Action': 'string',
                    'Iteration': 123,
                    'IteratorValue': 'string'
                }
            },
        ],
        'StepExecutionsTruncated': True|False,
        'Parameters': {
            'string': [
                'string',
            ]
        },
        'Outputs': {
            'string': [
                'string',
            ]
        },
        'FailureMessage': 'string',
        'Mode': 'Auto'|'Interactive',
        'ParentAutomationExecutionId': 'string',
        'ExecutedBy': 'string',
        'CurrentStepName': 'string',
        'CurrentAction': 'string',
        'TargetParameterName': 'string',
        'Targets': [
            {
                'Key': 'string',
                'Values': [
                    'string',
                ]
            },
        ],
        'TargetMaps': [
            {
                'string': [
                    'string',
                ]
            },
        ],
        'ResolvedTargets': {
            'ParameterValues': [
                'string',
            ],
            'Truncated': True|False
        },
        'MaxConcurrency': 'string',
        'MaxErrors': 'string',
        'Target': 'string',
        'TargetLocations': [
            {
                'Accounts': [
                    'string',
                ],
                'Regions': [
                    'string',
                ],
                'TargetLocationMaxConcurrency': 'string',
                'TargetLocationMaxErrors': 'string',
                'ExecutionRoleName': 'string',
                'TargetLocationAlarmConfiguration': {
                    'IgnorePollAlarmFailure': True|False,
                    'Alarms': [
                        {
                            'Name': 'string'
                        },
                    ]
                },
                'IncludeChildOrganizationUnits': True|False,
                'ExcludeAccounts': [
                    'string',
                ],
                'Targets': [
                    {
                        'Key': 'string',
                        'Values': [
                            'string',
                        ]
                    },
                ],
                'TargetsMaxConcurrency': 'string',
                'TargetsMaxErrors': 'string'
            },
        ],
        'ProgressCounters': {
            'TotalSteps': 123,
            'SuccessSteps': 123,
            'FailedSteps': 123,
            'CancelledSteps': 123,
            'TimedOutSteps': 123
        },
        'AlarmConfiguration': {
            'IgnorePollAlarmFailure': True|False,
            'Alarms': [
                {
                    'Name': 'string'
                },
            ]
        },
        'TriggeredAlarms': [
            {
                'Name': 'string',
                'State': 'UNKNOWN'|'ALARM'
            },
        ],
        'TargetLocationsURL': 'string',
        'AutomationSubtype': 'ChangeRequest'|'AccessRequest',
        'ScheduledTime': datetime(2015, 1, 1),
        'Runbooks': [
            {
                'DocumentName': 'string',
                'DocumentVersion': 'string',
                'Parameters': {
                    'string': [
                        'string',
                    ]
                },
                'TargetParameterName': 'string',
                'Targets': [
                    {
                        'Key': 'string',
                        'Values': [
                            'string',
                        ]
                    },
                ],
                'TargetMaps': [
                    {
                        'string': [
                            'string',
                        ]
                    },
                ],
                'MaxConcurrency': 'string',
                'MaxErrors': 'string',
                'TargetLocations': [
                    {
                        'Accounts': [
                            'string',
                        ],
                        'Regions': [
                            'string',
                        ],
                        'TargetLocationMaxConcurrency': 'string',
                        'TargetLocationMaxErrors': 'string',
                        'ExecutionRoleName': 'string',
                        'TargetLocationAlarmConfiguration': {
                            'IgnorePollAlarmFailure': True|False,
                            'Alarms': [
                                {
                                    'Name': 'string'
                                },
                            ]
                        },
                        'IncludeChildOrganizationUnits': True|False,
                        'ExcludeAccounts': [
                            'string',
                        ],
                        'Targets': [
                            {
                                'Key': 'string',
                                'Values': [
                                    'string',
                                ]
                            },
                        ],
                        'TargetsMaxConcurrency': 'string',
                        'TargetsMaxErrors': 'string'
                    },
                ]
            },
        ],
        'OpsItemId': 'string',
        'AssociationId': 'string',
        'ChangeRequestName': 'string',
        'Variables': {
            'string': [
                'string',
            ]
        }
    }
}

Response Structure

  • (dict) --

    • AutomationExecution (dict) --

      Detailed information about the current state of an automation execution.

      • AutomationExecutionId (string) --

        The execution ID.

      • DocumentName (string) --

        The name of the Automation runbook used during the execution.

      • DocumentVersion (string) --

        The version of the document to use during execution.

      • ExecutionStartTime (datetime) --

        The time the execution started.

      • ExecutionEndTime (datetime) --

        The time the execution finished.

      • AutomationExecutionStatus (string) --

        The execution status of the Automation.

      • StepExecutions (list) --

        A list of details about the current state of all steps that comprise an execution. An Automation runbook contains a list of steps that are run in order.

        • (dict) --

          Detailed information about an the execution state of an Automation step.

          • StepName (string) --

            The name of this execution step.

          • Action (string) --

            The action this step performs. The action determines the behavior of the step.

          • TimeoutSeconds (integer) --

            The timeout seconds of the step.

          • OnFailure (string) --

            The action to take if the step fails. The default value is Abort.

          • MaxAttempts (integer) --

            The maximum number of tries to run the action of the step. The default value is 1.

          • ExecutionStartTime (datetime) --

            If a step has begun execution, this contains the time the step started. If the step is in Pending status, this field isn't populated.

          • ExecutionEndTime (datetime) --

            If a step has finished execution, this contains the time the execution ended. If the step hasn't yet concluded, this field isn't populated.

          • StepStatus (string) --

            The execution status for this step.

          • ResponseCode (string) --

            The response code returned by the execution of the step.

          • Inputs (dict) --

            Fully-resolved values passed into the step before execution.

            • (string) --

              • (string) --

          • Outputs (dict) --

            Returned values from the execution of the step.

            • (string) --

              • (list) --

                • (string) --

          • Response (string) --

            A message associated with the response code for an execution.

          • FailureMessage (string) --

            If a step failed, this message explains why the execution failed.

          • FailureDetails (dict) --

            Information about the Automation failure.

            • FailureStage (string) --

              The stage of the Automation execution when the failure occurred. The stages include the following: InputValidation, PreVerification, Invocation, PostVerification.

            • FailureType (string) --

              The type of Automation failure. Failure types include the following: Action, Permission, Throttling, Verification, Internal.

            • Details (dict) --

              Detailed information about the Automation step failure.

              • (string) --

                • (list) --

                  • (string) --

          • StepExecutionId (string) --

            The unique ID of a step execution.

          • OverriddenParameters (dict) --

            A user-specified list of parameters to override when running a step.

            • (string) --

              • (list) --

                • (string) --

          • IsEnd (boolean) --

            The flag which can be used to end automation no matter whether the step succeeds or fails.

          • NextStep (string) --

            The next step after the step succeeds.

          • IsCritical (boolean) --

            The flag which can be used to help decide whether the failure of current step leads to the Automation failure.

          • ValidNextSteps (list) --

            Strategies used when step fails, we support Continue and Abort. Abort will fail the automation when the step fails. Continue will ignore the failure of current step and allow automation to run the next step. With conditional branching, we add step:stepName to support the automation to go to another specific step.

            • (string) --

          • Targets (list) --

            The targets for the step execution.

            • (dict) --

              An array of search criteria that targets managed nodes using a key-value pair that you specify.

              Supported formats include the following.

              For all Systems Manager tools:

              • Key=tag-key,Values=tag-value-1,tag-value-2

              For Automation and Change Manager:

              • Key=tag:tag-key,Values=tag-value

              • Key=ResourceGroup,Values=resource-group-name

              • Key=ParameterValues,Values=value-1,value-2,value-3

              • To target all instances in the Amazon Web Services Region:

                • Key=AWS::EC2::Instance,Values=*

                • Key=InstanceIds,Values=*

              For Run Command and Maintenance Windows:

              • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

              • Key=tag:tag-key,Values=tag-value-1,tag-value-2

              • Key=resource-groups:Name,Values=resource-group-name

              • Additionally, Maintenance Windows support targeting resource types:

                • Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2

              For State Manager:

              • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

              • Key=tag:tag-key,Values=tag-value-1,tag-value-2

              • To target all instances in the Amazon Web Services Region:

                • Key=InstanceIds,Values=*

              For more information about how to send commands that target managed nodes using Key,Value parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.

              • Key (string) --

                User-defined criteria for sending commands that target managed nodes that meet the criteria.

              • Values (list) --

                User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.

                Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.

                • (string) --

          • TargetLocation (dict) --

            The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation execution.

            • Accounts (list) --

              The Amazon Web Services accounts targeted by the current Automation execution.

              • (string) --

            • Regions (list) --

              The Amazon Web Services Regions targeted by the current Automation execution.

              • (string) --

            • TargetLocationMaxConcurrency (string) --

              The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.

            • TargetLocationMaxErrors (string) --

              The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.

            • ExecutionRoleName (string) --

              The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole.

            • TargetLocationAlarmConfiguration (dict) --

              The details for the CloudWatch alarm you want to apply to an automation or command.

              • IgnorePollAlarmFailure (boolean) --

                When this value is true, your automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.

              • Alarms (list) --

                The name of the CloudWatch alarm specified in the configuration.

                • (dict) --

                  A CloudWatch alarm you apply to an automation or command.

                  • Name (string) --

                    The name of your CloudWatch alarm.

            • IncludeChildOrganizationUnits (boolean) --

              Indicates whether to include child organizational units (OUs) that are children of the targeted OUs. The default is false.

            • ExcludeAccounts (list) --

              Amazon Web Services accounts or organizational units to exclude as expanded targets.

              • (string) --

            • Targets (list) --

              A list of key-value mappings to target resources. If you specify values for this data type, you must also specify a value for TargetParameterName.

              This Targets parameter takes precedence over the StartAutomationExecution:Targets parameter if both are supplied.

              • (dict) --

                An array of search criteria that targets managed nodes using a key-value pair that you specify.

                Supported formats include the following.

                For all Systems Manager tools:

                • Key=tag-key,Values=tag-value-1,tag-value-2

                For Automation and Change Manager:

                • Key=tag:tag-key,Values=tag-value

                • Key=ResourceGroup,Values=resource-group-name

                • Key=ParameterValues,Values=value-1,value-2,value-3

                • To target all instances in the Amazon Web Services Region:

                  • Key=AWS::EC2::Instance,Values=*

                  • Key=InstanceIds,Values=*

                For Run Command and Maintenance Windows:

                • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

                • Key=tag:tag-key,Values=tag-value-1,tag-value-2

                • Key=resource-groups:Name,Values=resource-group-name

                • Additionally, Maintenance Windows support targeting resource types:

                  • Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2

                For State Manager:

                • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

                • Key=tag:tag-key,Values=tag-value-1,tag-value-2

                • To target all instances in the Amazon Web Services Region:

                  • Key=InstanceIds,Values=*

                For more information about how to send commands that target managed nodes using Key,Value parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.

                • Key (string) --

                  User-defined criteria for sending commands that target managed nodes that meet the criteria.

                • Values (list) --

                  User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.

                  Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.

                  • (string) --

            • TargetsMaxConcurrency (string) --

              The maximum number of targets allowed to run this task in parallel. This TargetsMaxConcurrency takes precedence over the StartAutomationExecution:MaxConcurrency parameter if both are supplied.

            • TargetsMaxErrors (string) --

              The maximum number of errors that are allowed before the system stops running the automation on additional targets. This TargetsMaxErrors parameter takes precedence over the StartAutomationExecution:MaxErrors parameter if both are supplied.

          • TriggeredAlarms (list) --

            The CloudWatch alarms that were invoked by the automation.

            • (dict) --

              The details about the state of your CloudWatch alarm.

              • Name (string) --

                The name of your CloudWatch alarm.

              • State (string) --

                The state of your CloudWatch alarm.

          • ParentStepDetails (dict) --

            Information about the parent step.

            • StepExecutionId (string) --

              The unique ID of a step execution.

            • StepName (string) --

              The name of the step.

            • Action (string) --

              The name of the automation action.

            • Iteration (integer) --

              The current repetition of the loop represented by an integer.

            • IteratorValue (string) --

              The current value of the specified iterator in the loop.

      • StepExecutionsTruncated (boolean) --

        A boolean value that indicates if the response contains the full list of the Automation step executions. If true, use the DescribeAutomationStepExecutions API operation to get the full list of step executions.

      • Parameters (dict) --

        The key-value map of execution parameters, which were supplied when calling StartAutomationExecution.

        • (string) --

          • (list) --

            • (string) --

      • Outputs (dict) --

        The list of execution outputs as defined in the Automation runbook.

        • (string) --

          • (list) --

            • (string) --

      • FailureMessage (string) --

        A message describing why an execution has failed, if the status is set to Failed.

      • Mode (string) --

        The automation execution mode.

      • ParentAutomationExecutionId (string) --

        The AutomationExecutionId of the parent automation.

      • ExecutedBy (string) --

        The Amazon Resource Name (ARN) of the user who ran the automation.

      • CurrentStepName (string) --

        The name of the step that is currently running.

      • CurrentAction (string) --

        The action of the step that is currently running.

      • TargetParameterName (string) --

        The parameter name.

      • Targets (list) --

        The specified targets.

        • (dict) --

          An array of search criteria that targets managed nodes using a key-value pair that you specify.

          Supported formats include the following.

          For all Systems Manager tools:

          • Key=tag-key,Values=tag-value-1,tag-value-2

          For Automation and Change Manager:

          • Key=tag:tag-key,Values=tag-value

          • Key=ResourceGroup,Values=resource-group-name

          • Key=ParameterValues,Values=value-1,value-2,value-3

          • To target all instances in the Amazon Web Services Region:

            • Key=AWS::EC2::Instance,Values=*

            • Key=InstanceIds,Values=*

          For Run Command and Maintenance Windows:

          • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

          • Key=tag:tag-key,Values=tag-value-1,tag-value-2

          • Key=resource-groups:Name,Values=resource-group-name

          • Additionally, Maintenance Windows support targeting resource types:

            • Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2

          For State Manager:

          • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

          • Key=tag:tag-key,Values=tag-value-1,tag-value-2

          • To target all instances in the Amazon Web Services Region:

            • Key=InstanceIds,Values=*

          For more information about how to send commands that target managed nodes using Key,Value parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.

          • Key (string) --

            User-defined criteria for sending commands that target managed nodes that meet the criteria.

          • Values (list) --

            User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.

            Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.

            • (string) --

      • TargetMaps (list) --

        The specified key-value mapping of document parameters to target resources.

        • (dict) --

          • (string) --

            • (list) --

              • (string) --

      • ResolvedTargets (dict) --

        A list of resolved targets in the rate control execution.

        • ParameterValues (list) --

          A list of parameter values sent to targets that resolved during the Automation execution.

          • (string) --

        • Truncated (boolean) --

          A boolean value indicating whether the resolved target list is truncated.

      • MaxConcurrency (string) --

        The MaxConcurrency value specified by the user when the execution started.

      • MaxErrors (string) --

        The MaxErrors value specified by the user when the execution started.

      • Target (string) --

        The target of the execution.

      • TargetLocations (list) --

        The combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the Automation.

        • (dict) --

          The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation execution.

          • Accounts (list) --

            The Amazon Web Services accounts targeted by the current Automation execution.

            • (string) --

          • Regions (list) --

            The Amazon Web Services Regions targeted by the current Automation execution.

            • (string) --

          • TargetLocationMaxConcurrency (string) --

            The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.

          • TargetLocationMaxErrors (string) --

            The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.

          • ExecutionRoleName (string) --

            The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole.

          • TargetLocationAlarmConfiguration (dict) --

            The details for the CloudWatch alarm you want to apply to an automation or command.

            • IgnorePollAlarmFailure (boolean) --

              When this value is true, your automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.

            • Alarms (list) --

              The name of the CloudWatch alarm specified in the configuration.

              • (dict) --

                A CloudWatch alarm you apply to an automation or command.

                • Name (string) --

                  The name of your CloudWatch alarm.

          • IncludeChildOrganizationUnits (boolean) --

            Indicates whether to include child organizational units (OUs) that are children of the targeted OUs. The default is false.

          • ExcludeAccounts (list) --

            Amazon Web Services accounts or organizational units to exclude as expanded targets.

            • (string) --

          • Targets (list) --

            A list of key-value mappings to target resources. If you specify values for this data type, you must also specify a value for TargetParameterName.

            This Targets parameter takes precedence over the StartAutomationExecution:Targets parameter if both are supplied.

            • (dict) --

              An array of search criteria that targets managed nodes using a key-value pair that you specify.

              Supported formats include the following.

              For all Systems Manager tools:

              • Key=tag-key,Values=tag-value-1,tag-value-2

              For Automation and Change Manager:

              • Key=tag:tag-key,Values=tag-value

              • Key=ResourceGroup,Values=resource-group-name

              • Key=ParameterValues,Values=value-1,value-2,value-3

              • To target all instances in the Amazon Web Services Region:

                • Key=AWS::EC2::Instance,Values=*

                • Key=InstanceIds,Values=*

              For Run Command and Maintenance Windows:

              • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

              • Key=tag:tag-key,Values=tag-value-1,tag-value-2

              • Key=resource-groups:Name,Values=resource-group-name

              • Additionally, Maintenance Windows support targeting resource types:

                • Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2

              For State Manager:

              • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

              • Key=tag:tag-key,Values=tag-value-1,tag-value-2

              • To target all instances in the Amazon Web Services Region:

                • Key=InstanceIds,Values=*

              For more information about how to send commands that target managed nodes using Key,Value parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.

              • Key (string) --

                User-defined criteria for sending commands that target managed nodes that meet the criteria.

              • Values (list) --

                User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.

                Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.

                • (string) --

          • TargetsMaxConcurrency (string) --

            The maximum number of targets allowed to run this task in parallel. This TargetsMaxConcurrency takes precedence over the StartAutomationExecution:MaxConcurrency parameter if both are supplied.

          • TargetsMaxErrors (string) --

            The maximum number of errors that are allowed before the system stops running the automation on additional targets. This TargetsMaxErrors parameter takes precedence over the StartAutomationExecution:MaxErrors parameter if both are supplied.

      • ProgressCounters (dict) --

        An aggregate of step execution statuses displayed in the Amazon Web Services Systems Manager console for a multi-Region and multi-account Automation execution.

        • TotalSteps (integer) --

          The total number of steps run in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.

        • SuccessSteps (integer) --

          The total number of steps that successfully completed in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.

        • FailedSteps (integer) --

          The total number of steps that failed to run in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.

        • CancelledSteps (integer) --

          The total number of steps that the system cancelled in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.

        • TimedOutSteps (integer) --

          The total number of steps that timed out in all specified Amazon Web Services Regions and Amazon Web Services accounts for the current Automation execution.

      • AlarmConfiguration (dict) --

        The details for the CloudWatch alarm applied to your automation.

        • IgnorePollAlarmFailure (boolean) --

          When this value is true, your automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.

        • Alarms (list) --

          The name of the CloudWatch alarm specified in the configuration.

          • (dict) --

            A CloudWatch alarm you apply to an automation or command.

            • Name (string) --

              The name of your CloudWatch alarm.

      • TriggeredAlarms (list) --

        The CloudWatch alarm that was invoked by the automation.

        • (dict) --

          The details about the state of your CloudWatch alarm.

          • Name (string) --

            The name of your CloudWatch alarm.

          • State (string) --

            The state of your CloudWatch alarm.

      • TargetLocationsURL (string) --

        A publicly accessible URL for a file that contains the TargetLocations body. Currently, only files in presigned Amazon S3 buckets are supported

      • AutomationSubtype (string) --

        The subtype of the Automation operation. Currently, the only supported value is ChangeRequest.

      • ScheduledTime (datetime) --

        The date and time the Automation operation is scheduled to start.

      • Runbooks (list) --

        Information about the Automation runbooks that are run as part of a runbook workflow.

        • (dict) --

          Information about an Automation runbook used in a runbook workflow in Change Manager.

          • DocumentName (string) --

            The name of the Automation runbook used in a runbook workflow.

          • DocumentVersion (string) --

            The version of the Automation runbook used in a runbook workflow.

          • Parameters (dict) --

            The key-value map of execution parameters, which were supplied when calling StartChangeRequestExecution.

            • (string) --

              • (list) --

                • (string) --

          • TargetParameterName (string) --

            The name of the parameter used as the target resource for the rate-controlled runbook workflow. Required if you specify Targets.

          • Targets (list) --

            A key-value mapping to target resources that the runbook operation performs tasks on. Required if you specify TargetParameterName.

            • (dict) --

              An array of search criteria that targets managed nodes using a key-value pair that you specify.

              Supported formats include the following.

              For all Systems Manager tools:

              • Key=tag-key,Values=tag-value-1,tag-value-2

              For Automation and Change Manager:

              • Key=tag:tag-key,Values=tag-value

              • Key=ResourceGroup,Values=resource-group-name

              • Key=ParameterValues,Values=value-1,value-2,value-3

              • To target all instances in the Amazon Web Services Region:

                • Key=AWS::EC2::Instance,Values=*

                • Key=InstanceIds,Values=*

              For Run Command and Maintenance Windows:

              • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

              • Key=tag:tag-key,Values=tag-value-1,tag-value-2

              • Key=resource-groups:Name,Values=resource-group-name

              • Additionally, Maintenance Windows support targeting resource types:

                • Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2

              For State Manager:

              • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

              • Key=tag:tag-key,Values=tag-value-1,tag-value-2

              • To target all instances in the Amazon Web Services Region:

                • Key=InstanceIds,Values=*

              For more information about how to send commands that target managed nodes using Key,Value parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.

              • Key (string) --

                User-defined criteria for sending commands that target managed nodes that meet the criteria.

              • Values (list) --

                User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.

                Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.

                • (string) --

          • TargetMaps (list) --

            A key-value mapping of runbook parameters to target resources. Both Targets and TargetMaps can't be specified together.

            • (dict) --

              • (string) --

                • (list) --

                  • (string) --

          • MaxConcurrency (string) --

            The MaxConcurrency value specified by the user when the operation started, indicating the maximum number of resources that the runbook operation can run on at the same time.

          • MaxErrors (string) --

            The MaxErrors value specified by the user when the execution started, indicating the maximum number of errors that can occur during the operation before the updates are stopped or rolled back.

          • TargetLocations (list) --

            Information about the Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Runbook operation.

            • (dict) --

              The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation execution.

              • Accounts (list) --

                The Amazon Web Services accounts targeted by the current Automation execution.

                • (string) --

              • Regions (list) --

                The Amazon Web Services Regions targeted by the current Automation execution.

                • (string) --

              • TargetLocationMaxConcurrency (string) --

                The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.

              • TargetLocationMaxErrors (string) --

                The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.

              • ExecutionRoleName (string) --

                The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole.

              • TargetLocationAlarmConfiguration (dict) --

                The details for the CloudWatch alarm you want to apply to an automation or command.

                • IgnorePollAlarmFailure (boolean) --

                  When this value is true, your automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.

                • Alarms (list) --

                  The name of the CloudWatch alarm specified in the configuration.

                  • (dict) --

                    A CloudWatch alarm you apply to an automation or command.

                    • Name (string) --

                      The name of your CloudWatch alarm.

              • IncludeChildOrganizationUnits (boolean) --

                Indicates whether to include child organizational units (OUs) that are children of the targeted OUs. The default is false.

              • ExcludeAccounts (list) --

                Amazon Web Services accounts or organizational units to exclude as expanded targets.

                • (string) --

              • Targets (list) --

                A list of key-value mappings to target resources. If you specify values for this data type, you must also specify a value for TargetParameterName.

                This Targets parameter takes precedence over the StartAutomationExecution:Targets parameter if both are supplied.

                • (dict) --

                  An array of search criteria that targets managed nodes using a key-value pair that you specify.

                  Supported formats include the following.

                  For all Systems Manager tools:

                  • Key=tag-key,Values=tag-value-1,tag-value-2

                  For Automation and Change Manager:

                  • Key=tag:tag-key,Values=tag-value

                  • Key=ResourceGroup,Values=resource-group-name

                  • Key=ParameterValues,Values=value-1,value-2,value-3

                  • To target all instances in the Amazon Web Services Region:

                    • Key=AWS::EC2::Instance,Values=*

                    • Key=InstanceIds,Values=*

                  For Run Command and Maintenance Windows:

                  • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

                  • Key=tag:tag-key,Values=tag-value-1,tag-value-2

                  • Key=resource-groups:Name,Values=resource-group-name

                  • Additionally, Maintenance Windows support targeting resource types:

                    • Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2

                  For State Manager:

                  • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

                  • Key=tag:tag-key,Values=tag-value-1,tag-value-2

                  • To target all instances in the Amazon Web Services Region:

                    • Key=InstanceIds,Values=*

                  For more information about how to send commands that target managed nodes using Key,Value parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.

                  • Key (string) --

                    User-defined criteria for sending commands that target managed nodes that meet the criteria.

                  • Values (list) --

                    User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.

                    Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.

                    • (string) --

              • TargetsMaxConcurrency (string) --

                The maximum number of targets allowed to run this task in parallel. This TargetsMaxConcurrency takes precedence over the StartAutomationExecution:MaxConcurrency parameter if both are supplied.

              • TargetsMaxErrors (string) --

                The maximum number of errors that are allowed before the system stops running the automation on additional targets. This TargetsMaxErrors parameter takes precedence over the StartAutomationExecution:MaxErrors parameter if both are supplied.

      • OpsItemId (string) --

        The ID of an OpsItem that is created to represent a Change Manager change request.

      • AssociationId (string) --

        The ID of a State Manager association used in the Automation operation.

      • ChangeRequestName (string) --

        The name of the Change Manager change request.

      • Variables (dict) --

        Variables defined for the automation.

        • (string) --

          • (list) --

            • (string) --

GetDocument (updated) Link ¶
Changes (response)
{'DocumentType': {'ManualApprovalPolicy', 'AutoApprovalPolicy'}}

Gets the contents of the specified Amazon Web Services Systems Manager document (SSM document).

See also: AWS API Documentation

Request Syntax

client.get_document(
    Name='string',
    VersionName='string',
    DocumentVersion='string',
    DocumentFormat='YAML'|'JSON'|'TEXT'
)
type Name:

string

param Name:

[REQUIRED]

The name of the SSM document.

type VersionName:

string

param VersionName:

An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document and can't be changed.

type DocumentVersion:

string

param DocumentVersion:

The document version for which you want information.

type DocumentFormat:

string

param DocumentFormat:

Returns the document in the specified format. The document format can be either JSON or YAML. JSON is the default format.

rtype:

dict

returns:

Response Syntax

{
    'Name': 'string',
    'CreatedDate': datetime(2015, 1, 1),
    'DisplayName': 'string',
    'VersionName': 'string',
    'DocumentVersion': 'string',
    'Status': 'Creating'|'Active'|'Updating'|'Deleting'|'Failed',
    'StatusInformation': 'string',
    'Content': 'string',
    'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate'|'CloudFormation'|'ConformancePackTemplate'|'QuickSetup'|'ManualApprovalPolicy'|'AutoApprovalPolicy',
    'DocumentFormat': 'YAML'|'JSON'|'TEXT',
    'Requires': [
        {
            'Name': 'string',
            'Version': 'string',
            'RequireType': 'string',
            'VersionName': 'string'
        },
    ],
    'AttachmentsContent': [
        {
            'Name': 'string',
            'Size': 123,
            'Hash': 'string',
            'HashType': 'Sha256',
            'Url': 'string'
        },
    ],
    'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED'
}

Response Structure

  • (dict) --

    • Name (string) --

      The name of the SSM document.

    • CreatedDate (datetime) --

      The date the SSM document was created.

    • DisplayName (string) --

      The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.

    • VersionName (string) --

      The version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

    • DocumentVersion (string) --

      The document version.

    • Status (string) --

      The status of the SSM document, such as Creating, Active, Updating, Failed, and Deleting.

    • StatusInformation (string) --

      A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."

    • Content (string) --

      The contents of the SSM document.

    • DocumentType (string) --

      The document type.

    • DocumentFormat (string) --

      The document format, either JSON or YAML.

    • Requires (list) --

      A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.

      • (dict) --

        An SSM document required by the current document.

        • Name (string) --

          The name of the required SSM document. The name can be an Amazon Resource Name (ARN).

        • Version (string) --

          The document version required by the current document.

        • RequireType (string) --

          The document type of the required SSM document.

        • VersionName (string) --

          An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

    • AttachmentsContent (list) --

      A description of the document attachments, including names, locations, sizes, and so on.

      • (dict) --

        A structure that includes attributes that describe a document attachment.

        • Name (string) --

          The name of an attachment.

        • Size (integer) --

          The size of an attachment in bytes.

        • Hash (string) --

          The cryptographic hash value of the document content.

        • HashType (string) --

          The hash algorithm used to calculate the hash value.

        • Url (string) --

          The URL location of the attachment content.

    • ReviewStatus (string) --

      The current review status of a new custom Systems Manager document (SSM document) created by a member of your organization, or of the latest version of an existing SSM document.

      Only one version of an SSM document can be in the APPROVED state at a time. When a new version is approved, the status of the previous version changes to REJECTED.

      Only one version of an SSM document can be in review, or PENDING, at a time.

GetOpsItem (updated) Link ¶
Changes (response)
{'OpsItem': {'Status': {'Revoked'}}}

Get information about an OpsItem by using the ID. You must have permission in Identity and Access Management (IAM) to view information about an OpsItem. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.

Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.

See also: AWS API Documentation

Request Syntax

client.get_ops_item(
    OpsItemId='string',
    OpsItemArn='string'
)
type OpsItemId:

string

param OpsItemId:

[REQUIRED]

The ID of the OpsItem that you want to get.

type OpsItemArn:

string

param OpsItemArn:

The OpsItem Amazon Resource Name (ARN).

rtype:

dict

returns:

Response Syntax

{
    'OpsItem': {
        'CreatedBy': 'string',
        'OpsItemType': 'string',
        'CreatedTime': datetime(2015, 1, 1),
        'Description': 'string',
        'LastModifiedBy': 'string',
        'LastModifiedTime': datetime(2015, 1, 1),
        'Notifications': [
            {
                'Arn': 'string'
            },
        ],
        'Priority': 123,
        'RelatedOpsItems': [
            {
                'OpsItemId': 'string'
            },
        ],
        'Status': 'Open'|'InProgress'|'Resolved'|'Pending'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'CompletedWithSuccess'|'CompletedWithFailure'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'PendingApproval'|'Approved'|'Revoked'|'Rejected'|'Closed',
        'OpsItemId': 'string',
        'Version': 'string',
        'Title': 'string',
        'Source': 'string',
        'OperationalData': {
            'string': {
                'Value': 'string',
                'Type': 'SearchableString'|'String'
            }
        },
        'Category': 'string',
        'Severity': 'string',
        'ActualStartTime': datetime(2015, 1, 1),
        'ActualEndTime': datetime(2015, 1, 1),
        'PlannedStartTime': datetime(2015, 1, 1),
        'PlannedEndTime': datetime(2015, 1, 1),
        'OpsItemArn': 'string'
    }
}

Response Structure

  • (dict) --

    • OpsItem (dict) --

      The OpsItem.

      • CreatedBy (string) --

        The ARN of the Amazon Web Services account that created the OpsItem.

      • OpsItemType (string) --

        The type of OpsItem. Systems Manager supports the following types of OpsItems:

        • /aws/issue This type of OpsItem is used for default OpsItems created by OpsCenter.

        • /aws/changerequest This type of OpsItem is used by Change Manager for reviewing and approving or rejecting change requests.

        • /aws/insight This type of OpsItem is used by OpsCenter for aggregating and reporting on duplicate OpsItems.

      • CreatedTime (datetime) --

        The date and time the OpsItem was created.

      • Description (string) --

        The OpsItem description.

      • LastModifiedBy (string) --

        The ARN of the Amazon Web Services account that last updated the OpsItem.

      • LastModifiedTime (datetime) --

        The date and time the OpsItem was last updated.

      • Notifications (list) --

        The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.

        • (dict) --

          A notification about the OpsItem.

          • Arn (string) --

            The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.

      • Priority (integer) --

        The importance of this OpsItem in relation to other OpsItems in the system.

      • RelatedOpsItems (list) --

        One or more OpsItems that share something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.

        • (dict) --

          An OpsItems that shares something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.

          • OpsItemId (string) --

            The ID of an OpsItem related to the current OpsItem.

      • Status (string) --

        The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.

      • OpsItemId (string) --

        The ID of the OpsItem.

      • Version (string) --

        The version of this OpsItem. Each time the OpsItem is edited the version number increments by one.

      • Title (string) --

        A short heading that describes the nature of the OpsItem and the impacted resource.

      • Source (string) --

        The origin of the OpsItem, such as Amazon EC2 or Systems Manager. The impacted resource is a subset of source.

      • OperationalData (dict) --

        Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.

        You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).

        Use the /aws/resources key in OperationalData to specify a related resource in the request. Use the /aws/automations key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Creating OpsItems manually in the Amazon Web Services Systems Manager User Guide.

        • (string) --

          • (dict) --

            An object that defines the value of the key and its type in the OperationalData map.

            • Value (string) --

              The value of the OperationalData key.

            • Type (string) --

              The type of key-value pair. Valid types include SearchableString and String.

      • Category (string) --

        An OpsItem category. Category options include: Availability, Cost, Performance, Recovery, Security.

      • Severity (string) --

        The severity of the OpsItem. Severity options range from 1 to 4.

      • ActualStartTime (datetime) --

        The time a runbook workflow started. Currently reported only for the OpsItem type /aws/changerequest.

      • ActualEndTime (datetime) --

        The time a runbook workflow ended. Currently reported only for the OpsItem type /aws/changerequest.

      • PlannedStartTime (datetime) --

        The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type /aws/changerequest.

      • PlannedEndTime (datetime) --

        The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest.

      • OpsItemArn (string) --

        The OpsItem Amazon Resource Name (ARN).

ListDocuments (updated) Link ¶
Changes (response)
{'DocumentIdentifiers': {'DocumentType': {'AutoApprovalPolicy',
                                          'ManualApprovalPolicy'}}}

Returns all Systems Manager (SSM) documents in the current Amazon Web Services account and Amazon Web Services Region. You can limit the results of this request by using a filter.

See also: AWS API Documentation

Request Syntax

client.list_documents(
    DocumentFilterList=[
        {
            'key': 'Name'|'Owner'|'PlatformTypes'|'DocumentType',
            'value': 'string'
        },
    ],
    Filters=[
        {
            'Key': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    MaxResults=123,
    NextToken='string'
)
type DocumentFilterList:

list

param DocumentFilterList:

This data type is deprecated. Instead, use Filters.

  • (dict) --

    This data type is deprecated. Instead, use DocumentKeyValuesFilter.

    • key (string) -- [REQUIRED]

      The name of the filter.

    • value (string) -- [REQUIRED]

      The value of the filter.

type Filters:

list

param Filters:

One or more DocumentKeyValuesFilter objects. Use a filter to return a more specific list of results. For keys, you can specify one or more key-value pair tags that have been applied to a document. Other valid keys include Owner, Name, PlatformTypes, DocumentType, and TargetType. For example, to return documents you own use Key=Owner,Values=Self. To specify a custom key-value pair, use the format Key=tag:tagName,Values=valueName.

  • (dict) --

    One or more filters. Use a filter to return a more specific list of documents.

    For keys, you can specify one or more tags that have been applied to a document.

    You can also use Amazon Web Services-provided keys, some of which have specific allowed values. These keys and their associated values are as follows:

    DocumentType

    • ApplicationConfiguration

    • ApplicationConfigurationSchema

    • Automation

    • ChangeCalendar

    • Command

    • Package

    • Policy

    • Session

      Owner

    Note that only one Owner can be specified in a request. For example: Key=Owner,Values=Self.

    • Amazon

    • Private

    • Public

    • Self

    • ThirdParty

      PlatformTypes

    • Linux

    • Windows

    Name is another Amazon Web Services-provided key. If you use Name as a key, you can use a name prefix to return a list of documents. For example, in the Amazon Web Services CLI, to return a list of all documents that begin with Te, run the following command:

    aws ssm list-documents --filters Key=Name,Values=Te

    You can also use the TargetType Amazon Web Services-provided key. For a list of valid resource type values that can be used with this key, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.

    If you specify more than two keys, only documents that are identified by all the tags are returned in the results. If you specify more than two values for a key, documents that are identified by any of the values are returned in the results.

    To specify a custom key-value pair, use the format Key=tag:tagName,Values=valueName.

    For example, if you created a key called region and are using the Amazon Web Services CLI to call the list-documents command:

    aws ssm list-documents --filters Key=tag:region,Values=east,west Key=Owner,Values=Self

    • Key (string) --

      The name of the filter key.

    • Values (list) --

      The value for the filter key.

      • (string) --

type MaxResults:

integer

param MaxResults:

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

type NextToken:

string

param NextToken:

The token for the next set of items to return. (You received this token from a previous call.)

rtype:

dict

returns:

Response Syntax

{
    'DocumentIdentifiers': [
        {
            'Name': 'string',
            'CreatedDate': datetime(2015, 1, 1),
            'DisplayName': 'string',
            'Owner': 'string',
            'VersionName': 'string',
            'PlatformTypes': [
                'Windows'|'Linux'|'MacOS',
            ],
            'DocumentVersion': 'string',
            'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate'|'CloudFormation'|'ConformancePackTemplate'|'QuickSetup'|'ManualApprovalPolicy'|'AutoApprovalPolicy',
            'SchemaVersion': 'string',
            'DocumentFormat': 'YAML'|'JSON'|'TEXT',
            'TargetType': 'string',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ],
            'Requires': [
                {
                    'Name': 'string',
                    'Version': 'string',
                    'RequireType': 'string',
                    'VersionName': 'string'
                },
            ],
            'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
            'Author': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • DocumentIdentifiers (list) --

      The names of the SSM documents.

      • (dict) --

        Describes the name of a SSM document.

        • Name (string) --

          The name of the SSM document.

        • CreatedDate (datetime) --

          The date the SSM document was created.

        • DisplayName (string) --

          An optional field where you can specify a friendly name for the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.

        • Owner (string) --

          The Amazon Web Services user that created the document.

        • VersionName (string) --

          An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

        • PlatformTypes (list) --

          The operating system platform.

          • (string) --

        • DocumentVersion (string) --

          The document version.

        • DocumentType (string) --

          The document type.

        • SchemaVersion (string) --

          The schema version.

        • DocumentFormat (string) --

          The document format, either JSON or YAML.

        • TargetType (string) --

          The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.

        • Tags (list) --

          The tags, or metadata, that have been applied to the document.

          • (dict) --

            Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed nodes, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.

            • Key (string) --

              The name of the tag.

            • Value (string) --

              The value of the tag.

        • Requires (list) --

          A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.

          • (dict) --

            An SSM document required by the current document.

            • Name (string) --

              The name of the required SSM document. The name can be an Amazon Resource Name (ARN).

            • Version (string) --

              The document version required by the current document.

            • RequireType (string) --

              The document type of the required SSM document.

            • VersionName (string) --

              An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

        • ReviewStatus (string) --

          The current status of a document review.

        • Author (string) --

          The user in your organization who created the document.

    • NextToken (string) --

      The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

SendAutomationSignal (updated) Link ¶
Changes (request)
{'SignalType': {'Revoke'}}

Sends a signal to an Automation execution to change the current behavior or status of the execution.

See also: AWS API Documentation

Request Syntax

client.send_automation_signal(
    AutomationExecutionId='string',
    SignalType='Approve'|'Reject'|'StartStep'|'StopStep'|'Resume'|'Revoke',
    Payload={
        'string': [
            'string',
        ]
    }
)
type AutomationExecutionId:

string

param AutomationExecutionId:

[REQUIRED]

The unique identifier for an existing Automation execution that you want to send the signal to.

type SignalType:

string

param SignalType:

[REQUIRED]

The type of signal to send to an Automation execution.

type Payload:

dict

param Payload:

The data sent with the signal. The data schema depends on the type of signal used in the request.

For Approve and Reject signal types, the payload is an optional comment that you can send with the signal type. For example:

Comment="Looks good"

For StartStep and Resume signal types, you must send the name of the Automation step to start or resume as the payload. For example:

StepName="step1"

For the StopStep signal type, you must send the step execution ID as the payload. For example:

StepExecutionId="97fff367-fc5a-4299-aed8-0123456789ab"

  • (string) --

    • (list) --

      • (string) --

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

UpdateDocument (updated) Link ¶
Changes (response)
{'DocumentDescription': {'DocumentType': {'AutoApprovalPolicy',
                                          'ManualApprovalPolicy'}}}

Updates one or more values for an SSM document.

See also: AWS API Documentation

Request Syntax

client.update_document(
    Content='string',
    Attachments=[
        {
            'Key': 'SourceUrl'|'S3FileUrl'|'AttachmentReference',
            'Values': [
                'string',
            ],
            'Name': 'string'
        },
    ],
    Name='string',
    DisplayName='string',
    VersionName='string',
    DocumentVersion='string',
    DocumentFormat='YAML'|'JSON'|'TEXT',
    TargetType='string'
)
type Content:

string

param Content:

[REQUIRED]

A valid JSON or YAML string.

type Attachments:

list

param Attachments:

A list of key-value pairs that describe attachments to a version of a document.

  • (dict) --

    Identifying information about a document attachment, including the file name and a key-value pair that identifies the location of an attachment to a document.

    • Key (string) --

      The key of a key-value pair that identifies the location of an attachment to a document.

    • Values (list) --

      The value of a key-value pair that identifies the location of an attachment to a document. The format for Value depends on the type of key you specify.

      • For the key SourceUrl, the value is an S3 bucket location. For example: "Values": [ "s3://amzn-s3-demo-bucket/my-prefix" ]

      • For the key S3FileUrl, the value is a file in an S3 bucket. For example: "Values": [ "s3://amzn-s3-demo-bucket/my-prefix/my-file.py" ]

      • For the key AttachmentReference, the value is constructed from the name of another SSM document in your account, a version number of that document, and a file attached to that document version that you want to reuse. For example: "Values": [ "MyOtherDocument/3/my-other-file.py" ] However, if the SSM document is shared with you from another account, the full SSM document ARN must be specified instead of the document name only. For example: "Values": [ "arn:aws:ssm:us-east-2:111122223333:document/OtherAccountDocument/3/their-file.py" ]

      • (string) --

    • Name (string) --

      The name of the document attachment file.

type Name:

string

param Name:

[REQUIRED]

The name of the SSM document that you want to update.

type DisplayName:

string

param DisplayName:

The friendly name of the SSM document that you want to update. This value can differ for each version of the document. If you don't specify a value for this parameter in your request, the existing value is applied to the new document version.

type VersionName:

string

param VersionName:

An optional field specifying the version of the artifact you are updating with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

type DocumentVersion:

string

param DocumentVersion:

The version of the document that you want to update. Currently, Systems Manager supports updating only the latest version of the document. You can specify the version number of the latest version or use the $LATEST variable.

type DocumentFormat:

string

param DocumentFormat:

Specify the document format for the new document version. Systems Manager supports JSON and YAML documents. JSON is the default format.

type TargetType:

string

param TargetType:

Specify a new target type for the document.

rtype:

dict

returns:

Response Syntax

{
    'DocumentDescription': {
        'Sha1': 'string',
        'Hash': 'string',
        'HashType': 'Sha256'|'Sha1',
        'Name': 'string',
        'DisplayName': 'string',
        'VersionName': 'string',
        'Owner': 'string',
        'CreatedDate': datetime(2015, 1, 1),
        'Status': 'Creating'|'Active'|'Updating'|'Deleting'|'Failed',
        'StatusInformation': 'string',
        'DocumentVersion': 'string',
        'Description': 'string',
        'Parameters': [
            {
                'Name': 'string',
                'Type': 'String'|'StringList',
                'Description': 'string',
                'DefaultValue': 'string'
            },
        ],
        'PlatformTypes': [
            'Windows'|'Linux'|'MacOS',
        ],
        'DocumentType': 'Command'|'Policy'|'Automation'|'Session'|'Package'|'ApplicationConfiguration'|'ApplicationConfigurationSchema'|'DeploymentStrategy'|'ChangeCalendar'|'Automation.ChangeTemplate'|'ProblemAnalysis'|'ProblemAnalysisTemplate'|'CloudFormation'|'ConformancePackTemplate'|'QuickSetup'|'ManualApprovalPolicy'|'AutoApprovalPolicy',
        'SchemaVersion': 'string',
        'LatestVersion': 'string',
        'DefaultVersion': 'string',
        'DocumentFormat': 'YAML'|'JSON'|'TEXT',
        'TargetType': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'AttachmentsInformation': [
            {
                'Name': 'string'
            },
        ],
        'Requires': [
            {
                'Name': 'string',
                'Version': 'string',
                'RequireType': 'string',
                'VersionName': 'string'
            },
        ],
        'Author': 'string',
        'ReviewInformation': [
            {
                'ReviewedTime': datetime(2015, 1, 1),
                'Status': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
                'Reviewer': 'string'
            },
        ],
        'ApprovedVersion': 'string',
        'PendingReviewVersion': 'string',
        'ReviewStatus': 'APPROVED'|'NOT_REVIEWED'|'PENDING'|'REJECTED',
        'Category': [
            'string',
        ],
        'CategoryEnum': [
            'string',
        ]
    }
}

Response Structure

  • (dict) --

    • DocumentDescription (dict) --

      A description of the document that was updated.

      • Sha1 (string) --

        The SHA1 hash of the document, which you can use for verification.

      • Hash (string) --

        The Sha256 or Sha1 hash created by the system when the document was created.

      • HashType (string) --

        The hash type of the document. Valid values include Sha256 or Sha1.

      • Name (string) --

        The name of the SSM document.

      • DisplayName (string) --

        The friendly name of the SSM document. This value can differ for each version of the document. If you want to update this value, see UpdateDocument.

      • VersionName (string) --

        The version of the artifact associated with the document.

      • Owner (string) --

        The Amazon Web Services user that created the document.

      • CreatedDate (datetime) --

        The date when the document was created.

      • Status (string) --

        The status of the SSM document.

      • StatusInformation (string) --

        A message returned by Amazon Web Services Systems Manager that explains the Status value. For example, a Failed status might be explained by the StatusInformation message, "The specified S3 bucket doesn't exist. Verify that the URL of the S3 bucket is correct."

      • DocumentVersion (string) --

        The document version.

      • Description (string) --

        A description of the document.

      • Parameters (list) --

        A description of the parameters for a document.

        • (dict) --

          Parameters specified in a Systems Manager document that run on the server when the command is run.

          • Name (string) --

            The name of the parameter.

          • Type (string) --

            The type of parameter. The type can be either String or StringList.

          • Description (string) --

            A description of what the parameter does, how to use it, the default value, and whether or not the parameter is optional.

          • DefaultValue (string) --

            If specified, the default values for the parameters. Parameters without a default value are required. Parameters with a default value are optional.

      • PlatformTypes (list) --

        The list of operating system (OS) platforms compatible with this SSM document.

        • (string) --

      • DocumentType (string) --

        The type of document.

      • SchemaVersion (string) --

        The schema version.

      • LatestVersion (string) --

        The latest version of the document.

      • DefaultVersion (string) --

        The default version.

      • DocumentFormat (string) --

        The document format, either JSON or YAML.

      • TargetType (string) --

        The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see Amazon Web Services resource and property types reference in the CloudFormation User Guide.

      • Tags (list) --

        The tags, or metadata, that have been applied to the document.

        • (dict) --

          Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed nodes, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.

          • Key (string) --

            The name of the tag.

          • Value (string) --

            The value of the tag.

      • AttachmentsInformation (list) --

        Details about the document attachments, including names, locations, sizes, and so on.

        • (dict) --

          An attribute of an attachment, such as the attachment name.

          • Name (string) --

            The name of the attachment.

      • Requires (list) --

        A list of SSM documents required by a document. For example, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document.

        • (dict) --

          An SSM document required by the current document.

          • Name (string) --

            The name of the required SSM document. The name can be an Amazon Resource Name (ARN).

          • Version (string) --

            The document version required by the current document.

          • RequireType (string) --

            The document type of the required SSM document.

          • VersionName (string) --

            An optional field specifying the version of the artifact associated with the document. For example, 12.6. This value is unique across all versions of a document, and can't be changed.

      • Author (string) --

        The user in your organization who created the document.

      • ReviewInformation (list) --

        Details about the review of a document.

        • (dict) --

          Information about the result of a document review request.

          • ReviewedTime (datetime) --

            The time that the reviewer took action on the document review request.

          • Status (string) --

            The current status of the document review request.

          • Reviewer (string) --

            The reviewer assigned to take action on the document review request.

      • ApprovedVersion (string) --

        The version of the document currently approved for use in the organization.

      • PendingReviewVersion (string) --

        The version of the document that is currently under review.

      • ReviewStatus (string) --

        The current status of the review.

      • Category (list) --

        The classification of a document to help you identify and categorize its use.

        • (string) --

      • CategoryEnum (list) --

        The value that identifies a document's category.

        • (string) --

UpdateOpsItem (updated) Link ¶
Changes (request)
{'Status': {'Revoked'}}

Edit or change an OpsItem. You must have permission in Identity and Access Management (IAM) to update an OpsItem. For more information, see Set up OpsCenter in the Amazon Web Services Systems Manager User Guide.

Operations engineers and IT professionals use Amazon Web Services Systems Manager OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their Amazon Web Services resources. For more information, see Amazon Web Services Systems Manager OpsCenter in the Amazon Web Services Systems Manager User Guide.

See also: AWS API Documentation

Request Syntax

client.update_ops_item(
    Description='string',
    OperationalData={
        'string': {
            'Value': 'string',
            'Type': 'SearchableString'|'String'
        }
    },
    OperationalDataToDelete=[
        'string',
    ],
    Notifications=[
        {
            'Arn': 'string'
        },
    ],
    Priority=123,
    RelatedOpsItems=[
        {
            'OpsItemId': 'string'
        },
    ],
    Status='Open'|'InProgress'|'Resolved'|'Pending'|'TimedOut'|'Cancelling'|'Cancelled'|'Failed'|'CompletedWithSuccess'|'CompletedWithFailure'|'Scheduled'|'RunbookInProgress'|'PendingChangeCalendarOverride'|'ChangeCalendarOverrideApproved'|'ChangeCalendarOverrideRejected'|'PendingApproval'|'Approved'|'Revoked'|'Rejected'|'Closed',
    OpsItemId='string',
    Title='string',
    Category='string',
    Severity='string',
    ActualStartTime=datetime(2015, 1, 1),
    ActualEndTime=datetime(2015, 1, 1),
    PlannedStartTime=datetime(2015, 1, 1),
    PlannedEndTime=datetime(2015, 1, 1),
    OpsItemArn='string'
)
type Description:

string

param Description:

User-defined text that contains information about the OpsItem, in Markdown format.

type OperationalData:

dict

param OperationalData:

Add new keys or edit existing key-value pairs of the OperationalData map in the OpsItem object.

Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB.

You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API operation).

Use the /aws/resources key in OperationalData to specify a related resource in the request. Use the /aws/automations key in OperationalData to associate an Automation runbook with the OpsItem. To view Amazon Web Services CLI example commands that use these keys, see Creating OpsItems manually in the Amazon Web Services Systems Manager User Guide.

  • (string) --

    • (dict) --

      An object that defines the value of the key and its type in the OperationalData map.

      • Value (string) --

        The value of the OperationalData key.

      • Type (string) --

        The type of key-value pair. Valid types include SearchableString and String.

type OperationalDataToDelete:

list

param OperationalDataToDelete:

Keys that you want to remove from the OperationalData map.

  • (string) --

type Notifications:

list

param Notifications:

The Amazon Resource Name (ARN) of an SNS topic where notifications are sent when this OpsItem is edited or changed.

  • (dict) --

    A notification about the OpsItem.

    • Arn (string) --

      The Amazon Resource Name (ARN) of an Amazon Simple Notification Service (Amazon SNS) topic where notifications are sent when this OpsItem is edited or changed.

type Priority:

integer

param Priority:

The importance of this OpsItem in relation to other OpsItems in the system.

type RelatedOpsItems:

list

param RelatedOpsItems:

One or more OpsItems that share something in common with the current OpsItems. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.

  • (dict) --

    An OpsItems that shares something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.

    • OpsItemId (string) -- [REQUIRED]

      The ID of an OpsItem related to the current OpsItem.

type Status:

string

param Status:

The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.

type OpsItemId:

string

param OpsItemId:

[REQUIRED]

The ID of the OpsItem.

type Title:

string

param Title:

A short heading that describes the nature of the OpsItem and the impacted resource.

type Category:

string

param Category:

Specify a new category for an OpsItem.

type Severity:

string

param Severity:

Specify a new severity for an OpsItem.

type ActualStartTime:

datetime

param ActualStartTime:

The time a runbook workflow started. Currently reported only for the OpsItem type /aws/changerequest.

type ActualEndTime:

datetime

param ActualEndTime:

The time a runbook workflow ended. Currently reported only for the OpsItem type /aws/changerequest.

type PlannedStartTime:

datetime

param PlannedStartTime:

The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type /aws/changerequest.

type PlannedEndTime:

datetime

param PlannedEndTime:

The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest.

type OpsItemArn:

string

param OpsItemArn:

The OpsItem Amazon Resource Name (ARN).

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --