AWS API Changes

2024/11/22 - Amazon Simple Systems Manager (SSM) - 4 new api methods

Changes Added support for providing high-level overviews of managed nodes and previewing the potential impact of a runbook execution.

ListNodesSummary (new)

Link ¶

Generates a summary of managed instance/node metadata based on the filters and aggregators you specify. Results are grouped by the input aggregator you specify.

See also: AWS API Documentation

Request Syntax

client.list_nodes_summary(
    SyncName='string',
    Filters=[
        {
            'Key': 'AgentType'|'AgentVersion'|'ComputerName'|'InstanceId'|'InstanceStatus'|'IpAddress'|'ManagedStatus'|'PlatformName'|'PlatformType'|'PlatformVersion'|'ResourceType'|'OrganizationalUnitId'|'OrganizationalUnitPath'|'Region'|'AccountId',
            'Values': [
                'string',
            ],
            'Type': 'Equal'|'NotEqual'|'BeginWith'
        },
    ],
    Aggregators=[
        {
            'AggregatorType': 'Count',
            'TypeName': 'Instance',
            'AttributeName': 'AgentVersion'|'PlatformName'|'PlatformType'|'PlatformVersion'|'Region'|'ResourceType',
            'Aggregators': {'... recursive ...'}
        },
    ],
    NextToken='string',
    MaxResults=123
)

type SyncName:

string

param SyncName:

The name of the resource data sync to retrieve information about. Required for cross-account/cross-Region configuration. Optional for single account/single-Region configurations.

type Filters:

list

param Filters:

One or more filters. Use a filter to generate a summary that matches your specified filter criteria.

(dict) --

The filters for the operation.
- Key (string) -- [REQUIRED]
  
  The name of the filter.
- Values (list) -- [REQUIRED]
  
  A filter value supported by the specified key. For example, for the key PlatformType, supported values include Linux and Windows.
  - (string) --
- Type (string) --
  
  The type of filter operator.

type Aggregators:

list

param Aggregators:

[REQUIRED]

Specify one or more aggregators to return a count of managed nodes that match that expression. For example, a count of managed nodes by operating system.

(dict) --

One or more aggregators for viewing counts of nodes using different dimensions.
- AggregatorType (string) -- [REQUIRED]
  
  The aggregator type for limiting a node summary. Currently, only Count is supported.
- TypeName (string) -- [REQUIRED]
  
  The data type name to use for viewing counts of nodes. Currently, only Instance is supported.
- AttributeName (string) -- [REQUIRED]
  
  The name of a node attribute on which to limit the count of nodes.
- Aggregators (list) --
  
  Information about aggregators used to refine a node summary.

type NextToken:

string

param NextToken:

The token for the next set of items to return. (You received this token from a previous call.) The call also returns a token that you can specify in a subsequent call to get the next set of results.

type MaxResults:

integer

param MaxResults:

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

rtype:

dict

returns:

Response Syntax

{
    'Summary': [
        {
            'string': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

(dict) --
- Summary (list) --
  
  A collection of objects reporting information about your managed nodes, such as the count of nodes by operating system.
  - (dict) --
    - (string) --
      - (string) --
- NextToken (string) --
  
  The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.

GetExecutionPreview (new)

Link ¶

Initiates the process of retrieving an existing preview that shows the effects that running a specified Automation runbook would have on the targeted resources.

See also: AWS API Documentation

Request Syntax

client.get_execution_preview(
    ExecutionPreviewId='string'
)

type ExecutionPreviewId:

string

param ExecutionPreviewId:

[REQUIRED]

The ID of the existing execution preview.

rtype:

dict

returns:

Response Syntax

{
    'ExecutionPreviewId': 'string',
    'EndedAt': datetime(2015, 1, 1),
    'Status': 'Pending'|'InProgress'|'Success'|'Failed',
    'StatusMessage': 'string',
    'ExecutionPreview': {
        'Automation': {
            'StepPreviews': {
                'string': 123
            },
            'Regions': [
                'string',
            ],
            'TargetPreviews': [
                {
                    'Count': 123,
                    'TargetType': 'string'
                },
            ],
            'TotalAccounts': 123
        }
    }
}

Response Structure

(dict) --
- ExecutionPreviewId (string) --
  
  The generated ID for the existing execution preview.
- EndedAt (datetime) --
  
  A UTC timestamp indicating when the execution preview operation ended.
- Status (string) --
  
  The current status of the execution preview operation.
- StatusMessage (string) --
  
  Supplemental information about the current status of the execution preview.
- ExecutionPreview (dict) --
  
  Information about the changes that would be made if an execution were run.
  Note
  
  This is a Tagged Union structure. Only one of the following top level keys will be set: Automation. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
```
'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
```
  - Automation (dict) --
    
    Information about the changes that would be made if an Automation workflow were run.
    - StepPreviews (dict) --
      
      Information about the type of impact a runbook step would have on a resource.
      - Mutating: The runbook step would make changes to the targets through actions that create, modify, or delete resources.
      - Non_Mutating: The runbook step would retrieve data about resources but not make changes to them. This category generally includes Describe*, List*, Get*, and similar read-only API actions.
      - Undetermined: An undetermined step invokes executions performed by another orchestration service like Lambda, Step Functions, or Amazon Web Services Systems Manager Run Command. An undetermined step might also call a third-party API. Systems Manager Automation doesn't know the outcome of the orchestration processes or third-party API executions, so the results of the steps are undetermined.
      - (string) --
        
        (integer) --
    - Regions (list) --
      
      Information about the Amazon Web Services Regions targeted by the execution preview.
      - (string) --
    - TargetPreviews (list) --
      
      Information that provides a preview of what the impact of running the specified Automation runbook would be.
      - (dict) --
        
        Information about the resources that would be included in the actual runbook execution, if it were to be run.
        
        Count (integer) --
        
        The number of resources of a certain type included in an execution preview.
        
        TargetType (string) --
        
        A type of resource that was included in the execution preview.
    - TotalAccounts (integer) --
      
      Information about the Amazon Web Services accounts that were included in the execution preview.

StartExecutionPreview (new)

Link ¶

Initiates the process of creating a preview showing the effects that running a specified Automation runbook would have on the targeted resources.

See also: AWS API Documentation

Request Syntax

client.start_execution_preview(
    DocumentName='string',
    DocumentVersion='string',
    ExecutionInputs={
        'Automation': {
            'Parameters': {
                'string': [
                    'string',
                ]
            },
            'TargetParameterName': 'string',
            'Targets': [
                {
                    'Key': 'string',
                    'Values': [
                        'string',
                    ]
                },
            ],
            'TargetMaps': [
                {
                    'string': [
                        'string',
                    ]
                },
            ],
            'TargetLocations': [
                {
                    'Accounts': [
                        'string',
                    ],
                    'Regions': [
                        'string',
                    ],
                    'TargetLocationMaxConcurrency': 'string',
                    'TargetLocationMaxErrors': 'string',
                    'ExecutionRoleName': 'string',
                    'TargetLocationAlarmConfiguration': {
                        'IgnorePollAlarmFailure': True|False,
                        'Alarms': [
                            {
                                'Name': 'string'
                            },
                        ]
                    },
                    'IncludeChildOrganizationUnits': True|False,
                    'ExcludeAccounts': [
                        'string',
                    ],
                    'Targets': [
                        {
                            'Key': 'string',
                            'Values': [
                                'string',
                            ]
                        },
                    ],
                    'TargetsMaxConcurrency': 'string',
                    'TargetsMaxErrors': 'string'
                },
            ],
            'TargetLocationsURL': 'string'
        }
    }
)

type DocumentName:

string

param DocumentName:

[REQUIRED]

The name of the Automation runbook to run. The result of the execution preview indicates what the impact would be of running this runbook.

type DocumentVersion:

string

param DocumentVersion:

The version of the Automation runbook to run. The default value is $DEFAULT.

type ExecutionInputs:

dict

param ExecutionInputs:

Information about the inputs that can be specified for the preview operation.

Automation (dict) --

Information about the optional inputs that can be specified for an automation execution preview.
- Parameters (dict) --
  
  Information about parameters that can be specified for the preview operation.
  - (string) --
    - (list) --
      - (string) --
- TargetParameterName (string) --
  
  The name of the parameter used as the target resource for the rate-controlled execution. Required if you specify targets.
- Targets (list) --
  
  Information about the resources that would be included in the actual runbook execution, if it were to be run. Both Targets and TargetMaps can't be specified together.
  - (dict) --
    
    An array of search criteria that targets managed nodes using a key-value pair that you specify.
    
    Note
    
    One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.
    
    Supported formats include the following.
    
    For all Systems Manager capabilities:
    - Key=tag-key,Values=tag-value-1,tag-value-2
    For Automation and Change Manager:
    - Key=tag:tag-key,Values=tag-value
    - Key=ResourceGroup,Values=resource-group-name
    - Key=ParameterValues,Values=value-1,value-2,value-3
    - To target all instances in the Amazon Web Services Region:
      - Key=AWS::EC2::Instance,Values=*
      - Key=InstanceIds,Values=*
    For Run Command and Maintenance Windows:
    - Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
    - Key=tag:tag-key,Values=tag-value-1,tag-value-2
    - Key=resource-groups:Name,Values=resource-group-name
    - Additionally, Maintenance Windows support targeting resource types:
      - Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2
    For State Manager:
    - Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
    - Key=tag:tag-key,Values=tag-value-1,tag-value-2
    - To target all instances in the Amazon Web Services Region:
      - Key=InstanceIds,Values=*
    For more information about how to send commands that target managed nodes using Key,Value parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.
    - Key (string) --
      
      User-defined criteria for sending commands that target managed nodes that meet the criteria.
    - Values (list) --
      
      User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.
      
      Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
      - (string) --
- TargetMaps (list) --
  
  A key-value mapping of document parameters to target resources. Both Targets and TargetMaps can't be specified together.
  - (dict) --
    - (string) --
      - (list) --
        
        (string) --
- TargetLocations (list) --
  
  Information about the Amazon Web Services Regions and Amazon Web Services accounts targeted by the Automation execution preview operation.
  - (dict) --
    
    The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation execution.
    - Accounts (list) --
      
      The Amazon Web Services accounts targeted by the current Automation execution.
      - (string) --
    - Regions (list) --
      
      The Amazon Web Services Regions targeted by the current Automation execution.
      - (string) --
    - TargetLocationMaxConcurrency (string) --
      
      The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation concurrently.
    - TargetLocationMaxErrors (string) --
      
      The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
    - ExecutionRoleName (string) --
      
      The Automation execution role used by the currently running Automation. If not specified, the default value is AWS-SystemsManager-AutomationExecutionRole.
    - TargetLocationAlarmConfiguration (dict) --
      
      The details for the CloudWatch alarm you want to apply to an automation or command.
      - IgnorePollAlarmFailure (boolean) --
        
        When this value is true, your automation or command continues to run in cases where we can’t retrieve alarm status information from CloudWatch. In cases where we successfully retrieve an alarm status of OK or INSUFFICIENT_DATA, the automation or command continues to run, regardless of this value. Default is false.
      - Alarms (list) -- [REQUIRED]
        
        The name of the CloudWatch alarm specified in the configuration.
        
        (dict) --
        
        A CloudWatch alarm you apply to an automation or command.
        
        Name (string) -- [REQUIRED]
        
        The name of your CloudWatch alarm.
    - IncludeChildOrganizationUnits (boolean) --
      
      Indicates whether to include child organizational units (OUs) that are children of the targeted OUs. The default is false.
    - ExcludeAccounts (list) --
      
      Amazon Web Services accounts or organizational units to exclude as expanded targets.
      - (string) --
    - Targets (list) --
      
      A list of key-value mappings to target resources. If you specify values for this data type, you must also specify a value for TargetParameterName.
      
      This Targets parameter takes precedence over the StartAutomationExecution:Targets parameter if both are supplied.
      - (dict) --
        
        An array of search criteria that targets managed nodes using a key-value pair that you specify.
        
        Note
        
        One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don't specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.
        
        Supported formats include the following.
        
        For all Systems Manager capabilities:
        
        Key=tag-key,Values=tag-value-1,tag-value-2
        
        For Automation and Change Manager:
        
        Key=tag:tag-key,Values=tag-value
        
        Key=ResourceGroup,Values=resource-group-name
        
        Key=ParameterValues,Values=value-1,value-2,value-3
        
        To target all instances in the Amazon Web Services Region:
        
        Key=AWS::EC2::Instance,Values=*
        
        Key=InstanceIds,Values=*
        
        For Run Command and Maintenance Windows:
        
        Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
        
        Key=tag:tag-key,Values=tag-value-1,tag-value-2
        
        Key=resource-groups:Name,Values=resource-group-name
        
        Additionally, Maintenance Windows support targeting resource types:
        
        Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2
        
        For State Manager:
        
        Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
        
        Key=tag:tag-key,Values=tag-value-1,tag-value-2
        
        To target all instances in the Amazon Web Services Region:
        
        Key=InstanceIds,Values=*
        
        For more information about how to send commands that target managed nodes using Key,Value parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.
        
        Key (string) --
        
        User-defined criteria for sending commands that target managed nodes that meet the criteria.
        
        Values (list) --
        
        User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.
        
        Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
        
        (string) --
    - TargetsMaxConcurrency (string) --
      
      The maximum number of targets allowed to run this task in parallel. This TargetsMaxConcurrency takes precedence over the StartAutomationExecution:MaxConcurrency parameter if both are supplied.
    - TargetsMaxErrors (string) --
      
      The maximum number of errors that are allowed before the system stops running the automation on additional targets. This TargetsMaxErrors parameter takes precedence over the StartAutomationExecution:MaxErrors parameter if both are supplied.
- TargetLocationsURL (string) --
  
  A publicly accessible URL for a file that contains the TargetLocations body. Currently, only files in presigned Amazon S3 buckets are supported.

rtype:

dict

returns:

Response Syntax

{
    'ExecutionPreviewId': 'string'
}

Response Structure

(dict) --
- ExecutionPreviewId (string) --
  
  The ID of the execution preview generated by the system.

ListNodes (new)

Link ¶

Takes in filters and returns a list of managed nodes matching the filter criteria.

See also: AWS API Documentation

Request Syntax

client.list_nodes(
    SyncName='string',
    Filters=[
        {
            'Key': 'AgentType'|'AgentVersion'|'ComputerName'|'InstanceId'|'InstanceStatus'|'IpAddress'|'ManagedStatus'|'PlatformName'|'PlatformType'|'PlatformVersion'|'ResourceType'|'OrganizationalUnitId'|'OrganizationalUnitPath'|'Region'|'AccountId',
            'Values': [
                'string',
            ],
            'Type': 'Equal'|'NotEqual'|'BeginWith'
        },
    ],
    NextToken='string',
    MaxResults=123
)

type SyncName:

string

param SyncName:

The name of the resource data sync to retrieve information about. Required for cross-account/cross-Region configurations. Optional for single account/single-Region configurations.

type Filters:

list

param Filters:

One or more filters. Use a filter to return a more specific list of managed nodes.

(dict) --

The filters for the operation.
- Key (string) -- [REQUIRED]
  
  The name of the filter.
- Values (list) -- [REQUIRED]
  
  A filter value supported by the specified key. For example, for the key PlatformType, supported values include Linux and Windows.
  - (string) --
- Type (string) --
  
  The type of filter operator.

type NextToken:

string

param NextToken:

The token for the next set of items to return. (You received this token from a previous call.)

type MaxResults:

integer

param MaxResults:

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

rtype:

dict

returns:

Response Syntax

{
    'Nodes': [
        {
            'CaptureTime': datetime(2015, 1, 1),
            'Id': 'string',
            'Owner': {
                'AccountId': 'string',
                'OrganizationalUnitId': 'string',
                'OrganizationalUnitPath': 'string'
            },
            'Region': 'string',
            'NodeType': {
                'Instance': {
                    'AgentType': 'string',
                    'AgentVersion': 'string',
                    'ComputerName': 'string',
                    'InstanceStatus': 'string',
                    'IpAddress': 'string',
                    'ManagedStatus': 'All'|'Managed'|'Unmanaged',
                    'PlatformType': 'Windows'|'Linux'|'MacOS',
                    'PlatformName': 'string',
                    'PlatformVersion': 'string',
                    'ResourceType': 'ManagedInstance'|'EC2Instance'
                }
            }
        },
    ],
    'NextToken': 'string'
}

Response Structure

(dict) --
- Nodes (list) --
  
  A list of managed nodes that match the specified filter criteria.
  - (dict) --
    
    Details about an individual managed node.
    - CaptureTime (datetime) --
      
      The UTC timestamp for when the managed node data was last captured.
    - Id (string) --
      
      The ID of the managed node.
    - Owner (dict) --
      
      Information about the ownership of the managed node.
      - AccountId (string) --
        
        The ID of the Amazon Web Services account that owns the managed node.
      - OrganizationalUnitId (string) --
        
        The ID of the organization unit (OU) that the account is part of.
      - OrganizationalUnitPath (string) --
        
        The path for the organizational unit (OU) that owns the managed node. The path for the OU is built using the IDs of the organization, root, and all OUs in the path down to and including the OU. For example:
        
        o-a1b2c3d4e5/r-f6g7h8i9j0example/ou-ghi0-awsccccc/ou-jkl0-awsddddd/
    - Region (string) --
      
      The Amazon Web Services Region that a managed node was created in or assigned to.
    - NodeType (dict) --
      
      Information about the type of node.
      Note
      
      This is a Tagged Union structure. Only one of the following top level keys will be set: Instance. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:
      
      'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}
      - Instance (dict) --
        
        Information about a specific managed node.
        
        AgentType (string) --
        
        The type of agent installed on the node.
        
        AgentVersion (string) --
        
        The version number of the agent installed on the node.
        
        ComputerName (string) --
        
        The fully qualified host name of the managed node.
        
        InstanceStatus (string) --
        
        The current status of the managed node.
        
        IpAddress (string) --
        
        The IP address of the managed node.
        
        ManagedStatus (string) --
        
        Indicates whether the node is managed by Systems Manager.
        
        PlatformType (string) --
        
        The operating system platform type of the managed node.
        
        PlatformName (string) --
        
        The name of the operating system platform running on your managed node.
        
        PlatformVersion (string) --
        
        The version of the OS platform running on your managed node.
        
        ResourceType (string) --
        
        The type of instance, either an EC2 instance or another supported machine type in a hybrid fleet.
- NextToken (string) --
  
  The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.