2021/09/23 - Amazon Simple Systems Manager (SSM) - 4 updated api methods
Changes Added cutoff behavior support for preventing new task invocations from starting when the maintenance window cutoff time is reached.
{'Tasks': {'CutoffBehavior': 'CONTINUE_TASK | CANCEL_TASK'}}
Lists the tasks in a maintenance window.
See also: AWS API Documentation
Request Syntax
client.describe_maintenance_window_tasks( WindowId='string', Filters=[ { 'Key': 'string', 'Values': [ 'string', ] }, ], MaxResults=123, NextToken='string' )
string
[REQUIRED]
The ID of the maintenance window whose tasks should be retrieved.
list
Optional filters used to narrow down the scope of the returned tasks. The supported filter keys are WindowTaskId, TaskArn, Priority, and TaskType.
(dict) --
Filter used in the request. Supported filter keys depend on the API operation that includes the filter. API operations that use MaintenanceWindowFilter> include the following:
DescribeMaintenanceWindowExecutions
DescribeMaintenanceWindowExecutionTaskInvocations
DescribeMaintenanceWindowExecutionTasks
DescribeMaintenanceWindows
DescribeMaintenanceWindowTargets
DescribeMaintenanceWindowTasks
Key (string) --
The name of the filter.
Values (list) --
The filter values.
(string) --
integer
The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.
string
The token for the next set of items to return. (You received this token from a previous call.)
dict
Response Syntax
{ 'Tasks': [ { 'WindowId': 'string', 'WindowTaskId': 'string', 'TaskArn': 'string', 'Type': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA', 'Targets': [ { 'Key': 'string', 'Values': [ 'string', ] }, ], 'TaskParameters': { 'string': { 'Values': [ 'string', ] } }, 'Priority': 123, 'LoggingInfo': { 'S3BucketName': 'string', 'S3KeyPrefix': 'string', 'S3Region': 'string' }, 'ServiceRoleArn': 'string', 'MaxConcurrency': 'string', 'MaxErrors': 'string', 'Name': 'string', 'Description': 'string', 'CutoffBehavior': 'CONTINUE_TASK'|'CANCEL_TASK' }, ], 'NextToken': 'string' }
Response Structure
(dict) --
Tasks (list) --
Information about the tasks in the maintenance window.
(dict) --
Information about a task defined for a maintenance window.
WindowId (string) --
The ID of the maintenance window where the task is registered.
WindowTaskId (string) --
The task ID.
TaskArn (string) --
The resource that the task uses during execution. For RUN_COMMAND and AUTOMATION task types, TaskArn is the Amazon Web Services Systems Manager (SSM document) name or ARN. For LAMBDA tasks, it's the function name or ARN. For STEP_FUNCTIONS tasks, it's the state machine ARN.
Type (string) --
The type of task.
Targets (list) --
The targets (either instances or tags). Instances are specified using Key=instanceids,Values=<instanceid1>,<instanceid2>. Tags are specified using Key=<tag name>,Values=<tag value>.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Supported formats include the following.
Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
Key=tag:my-tag-key,Values=my-tag-value-1,my-tag-value-2
Key=tag-key,Values=my-tag-key-1,my-tag-key-2
Run Command and Maintenance window targets only: Key=resource-groups:Name,Values=resource-group-name
Maintenance window targets only: Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2
Automation targets only: Key=ResourceGroup;Values=resource-group-name
For example:
Key=InstanceIds,Values=i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE,i-07782c72faEXAMPLE
Key=tag:CostCenter,Values=CostCenter1,CostCenter2,CostCenter3
Key=tag-key,Values=Name,Instance-Type,CostCenter
Run Command and Maintenance window targets only: Key=resource-groups:Name,Values=ProductionResourceGroup This example demonstrates how to target all resources in the resource group ProductionResourceGroup in your maintenance window.
Maintenance window targets only: Key=resource-groups:ResourceTypeFilters,Values=AWS::EC2::INSTANCE,AWS::EC2::VPC This example demonstrates how to target only Amazon Elastic Compute Cloud (Amazon EC2) instances and VPCs in your maintenance window.
Automation targets only: Key=ResourceGroup,Values=MyResourceGroup
State Manager association targets only: Key=InstanceIds,Values=* This example demonstrates how to target all managed instances in the Amazon Web Services Region where the association was created.
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide.
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
(string) --
TaskParameters (dict) --
The parameters that should be passed to the task when it is run.
(string) --
(dict) --
Defines the values for a task parameter.
Values (list) --
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
(string) --
Priority (integer) --
The priority of the task in the maintenance window. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
LoggingInfo (dict) --
Information about an S3 bucket to write task-level logs to.
S3BucketName (string) --
The name of an S3 bucket where execution logs are stored .
S3KeyPrefix (string) --
(Optional) The S3 bucket subfolder.
S3Region (string) --
The Amazon Web Services Region where the S3 bucket is located.
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
MaxConcurrency (string) --
The maximum number of targets this task can be run for, in parallel.
MaxErrors (string) --
The maximum number of errors allowed before this task stops being scheduled.
Name (string) --
The task name.
Description (string) --
A description of the task.
CutoffBehavior (string) --
The specification for whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.
NextToken (string) --
The token to use when requesting the next set of items. If there are no additional items to return, the string is empty.
{'CutoffBehavior': 'CONTINUE_TASK | CANCEL_TASK'}
Lists the tasks in a maintenance window.
See also: AWS API Documentation
Request Syntax
client.get_maintenance_window_task( WindowId='string', WindowTaskId='string' )
string
[REQUIRED]
The maintenance window ID that includes the task to retrieve.
string
[REQUIRED]
The maintenance window task ID to retrieve.
dict
Response Syntax
{ 'WindowId': 'string', 'WindowTaskId': 'string', 'Targets': [ { 'Key': 'string', 'Values': [ 'string', ] }, ], 'TaskArn': 'string', 'ServiceRoleArn': 'string', 'TaskType': 'RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA', 'TaskParameters': { 'string': { 'Values': [ 'string', ] } }, 'TaskInvocationParameters': { 'RunCommand': { 'Comment': 'string', 'CloudWatchOutputConfig': { 'CloudWatchLogGroupName': 'string', 'CloudWatchOutputEnabled': True|False }, 'DocumentHash': 'string', 'DocumentHashType': 'Sha256'|'Sha1', 'DocumentVersion': 'string', 'NotificationConfig': { 'NotificationArn': 'string', 'NotificationEvents': [ 'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed', ], 'NotificationType': 'Command'|'Invocation' }, 'OutputS3BucketName': 'string', 'OutputS3KeyPrefix': 'string', 'Parameters': { 'string': [ 'string', ] }, 'ServiceRoleArn': 'string', 'TimeoutSeconds': 123 }, 'Automation': { 'DocumentVersion': 'string', 'Parameters': { 'string': [ 'string', ] } }, 'StepFunctions': { 'Input': 'string', 'Name': 'string' }, 'Lambda': { 'ClientContext': 'string', 'Qualifier': 'string', 'Payload': b'bytes' } }, 'Priority': 123, 'MaxConcurrency': 'string', 'MaxErrors': 'string', 'LoggingInfo': { 'S3BucketName': 'string', 'S3KeyPrefix': 'string', 'S3Region': 'string' }, 'Name': 'string', 'Description': 'string', 'CutoffBehavior': 'CONTINUE_TASK'|'CANCEL_TASK' }
Response Structure
(dict) --
WindowId (string) --
The retrieved maintenance window ID.
WindowTaskId (string) --
The retrieved maintenance window task ID.
Targets (list) --
The targets where the task should run.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Supported formats include the following.
Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
Key=tag:my-tag-key,Values=my-tag-value-1,my-tag-value-2
Key=tag-key,Values=my-tag-key-1,my-tag-key-2
Run Command and Maintenance window targets only: Key=resource-groups:Name,Values=resource-group-name
Maintenance window targets only: Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2
Automation targets only: Key=ResourceGroup;Values=resource-group-name
For example:
Key=InstanceIds,Values=i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE,i-07782c72faEXAMPLE
Key=tag:CostCenter,Values=CostCenter1,CostCenter2,CostCenter3
Key=tag-key,Values=Name,Instance-Type,CostCenter
Run Command and Maintenance window targets only: Key=resource-groups:Name,Values=ProductionResourceGroup This example demonstrates how to target all resources in the resource group ProductionResourceGroup in your maintenance window.
Maintenance window targets only: Key=resource-groups:ResourceTypeFilters,Values=AWS::EC2::INSTANCE,AWS::EC2::VPC This example demonstrates how to target only Amazon Elastic Compute Cloud (Amazon EC2) instances and VPCs in your maintenance window.
Automation targets only: Key=ResourceGroup,Values=MyResourceGroup
State Manager association targets only: Key=InstanceIds,Values=* This example demonstrates how to target all managed instances in the Amazon Web Services Region where the association was created.
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide.
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
(string) --
TaskArn (string) --
The resource that the task used during execution. For RUN_COMMAND and AUTOMATION task types, the value of TaskArn is the SSM document name/ARN. For LAMBDA tasks, the value is the function name/ARN. For STEP_FUNCTIONS tasks, the value is the state machine ARN.
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TaskType (string) --
The type of task to run.
TaskParameters (dict) --
The parameters to pass to the task when it runs.
(string) --
(dict) --
Defines the values for a task parameter.
Values (list) --
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
(string) --
TaskInvocationParameters (dict) --
The parameters to pass to the task when it runs.
RunCommand (dict) --
The parameters for a RUN_COMMAND task type.
Comment (string) --
Information about the commands to run.
CloudWatchOutputConfig (dict) --
Configuration options for sending command output to Amazon CloudWatch Logs.
CloudWatchLogGroupName (string) --
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
CloudWatchOutputEnabled (boolean) --
Enables Systems Manager to send command output to CloudWatch Logs.
DocumentHash (string) --
The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
DocumentHashType (string) --
SHA-256 or SHA-1. SHA-1 hashes have been deprecated.
DocumentVersion (string) --
The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify $DEFAULT, $LATEST, or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:
--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
NotificationConfig (dict) --
Configurations for sending notifications about command status changes on a per-instance basis.
NotificationArn (string) --
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents (list) --
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
(string) --
NotificationType (string) --
The type of notification.
Command: Receive notification when the status of a command changes.
Invocation: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes.
OutputS3BucketName (string) --
The name of the Amazon Simple Storage Service (Amazon S3) bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
Parameters (dict) --
The parameters for the RUN_COMMAND task execution.
(string) --
(list) --
(string) --
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TimeoutSeconds (integer) --
If this time is reached and the command hasn't already started running, it doesn't run.
Automation (dict) --
The parameters for an AUTOMATION task type.
DocumentVersion (string) --
The version of an Automation runbook to use during task execution.
Parameters (dict) --
The parameters for the AUTOMATION task.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
(string) --
(list) --
(string) --
StepFunctions (dict) --
The parameters for a STEP_FUNCTIONS task type.
Input (string) --
The inputs for the STEP_FUNCTIONS task.
Name (string) --
The name of the STEP_FUNCTIONS task.
Lambda (dict) --
The parameters for a LAMBDA task type.
ClientContext (string) --
Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.
Qualifier (string) --
(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.
Payload (bytes) --
JSON to provide to your Lambda function as input.
Priority (integer) --
The priority of the task when it runs. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
MaxConcurrency (string) --
The maximum number of targets allowed to run this task in parallel.
MaxErrors (string) --
The maximum number of errors allowed before the task stops being scheduled.
LoggingInfo (dict) --
The location in Amazon Simple Storage Service (Amazon S3) where the task results are logged.
S3BucketName (string) --
The name of an S3 bucket where execution logs are stored .
S3KeyPrefix (string) --
(Optional) The S3 bucket subfolder.
S3Region (string) --
The Amazon Web Services Region where the S3 bucket is located.
Name (string) --
The retrieved task name.
Description (string) --
The retrieved task description.
CutoffBehavior (string) --
The action to take on tasks when the maintenance window cutoff time is reached. CONTINUE_TASK means that tasks continue to run. For Automation, Lambda, Step Functions tasks, CANCEL_TASK means that currently running task invocations continue, but no new task invocations are started. For Run Command tasks, CANCEL_TASK means the system attempts to stop the task by sending a CancelCommand operation.
{'CutoffBehavior': 'CONTINUE_TASK | CANCEL_TASK'}
Adds a new task to a maintenance window.
See also: AWS API Documentation
Request Syntax
client.register_task_with_maintenance_window( WindowId='string', Targets=[ { 'Key': 'string', 'Values': [ 'string', ] }, ], TaskArn='string', ServiceRoleArn='string', TaskType='RUN_COMMAND'|'AUTOMATION'|'STEP_FUNCTIONS'|'LAMBDA', TaskParameters={ 'string': { 'Values': [ 'string', ] } }, TaskInvocationParameters={ 'RunCommand': { 'Comment': 'string', 'CloudWatchOutputConfig': { 'CloudWatchLogGroupName': 'string', 'CloudWatchOutputEnabled': True|False }, 'DocumentHash': 'string', 'DocumentHashType': 'Sha256'|'Sha1', 'DocumentVersion': 'string', 'NotificationConfig': { 'NotificationArn': 'string', 'NotificationEvents': [ 'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed', ], 'NotificationType': 'Command'|'Invocation' }, 'OutputS3BucketName': 'string', 'OutputS3KeyPrefix': 'string', 'Parameters': { 'string': [ 'string', ] }, 'ServiceRoleArn': 'string', 'TimeoutSeconds': 123 }, 'Automation': { 'DocumentVersion': 'string', 'Parameters': { 'string': [ 'string', ] } }, 'StepFunctions': { 'Input': 'string', 'Name': 'string' }, 'Lambda': { 'ClientContext': 'string', 'Qualifier': 'string', 'Payload': b'bytes' } }, Priority=123, MaxConcurrency='string', MaxErrors='string', LoggingInfo={ 'S3BucketName': 'string', 'S3KeyPrefix': 'string', 'S3Region': 'string' }, Name='string', Description='string', ClientToken='string', CutoffBehavior='CONTINUE_TASK'|'CANCEL_TASK' )
string
[REQUIRED]
The ID of the maintenance window the task should be added to.
list
The targets (either instances or maintenance window targets).
Specify instances using the following format:
Key=InstanceIds,Values=<instance-id-1>,<instance-id-2>
Specify maintenance window targets using the following format:
Key=WindowTargetIds,Values=<window-target-id-1>,<window-target-id-2>
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Supported formats include the following.
Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
Key=tag:my-tag-key,Values=my-tag-value-1,my-tag-value-2
Key=tag-key,Values=my-tag-key-1,my-tag-key-2
Run Command and Maintenance window targets only: Key=resource-groups:Name,Values=resource-group-name
Maintenance window targets only: Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2
Automation targets only: Key=ResourceGroup;Values=resource-group-name
For example:
Key=InstanceIds,Values=i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE,i-07782c72faEXAMPLE
Key=tag:CostCenter,Values=CostCenter1,CostCenter2,CostCenter3
Key=tag-key,Values=Name,Instance-Type,CostCenter
Run Command and Maintenance window targets only: Key=resource-groups:Name,Values=ProductionResourceGroup This example demonstrates how to target all resources in the resource group ProductionResourceGroup in your maintenance window.
Maintenance window targets only: Key=resource-groups:ResourceTypeFilters,Values=AWS::EC2::INSTANCE,AWS::EC2::VPC This example demonstrates how to target only Amazon Elastic Compute Cloud (Amazon EC2) instances and VPCs in your maintenance window.
Automation targets only: Key=ResourceGroup,Values=MyResourceGroup
State Manager association targets only: Key=InstanceIds,Values=* This example demonstrates how to target all managed instances in the Amazon Web Services Region where the association was created.
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide.
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
(string) --
string
[REQUIRED]
The ARN of the task to run.
string
The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses your account's service-linked role. If no service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.
For more information, see the following topics in the in the Amazon Web Services Systems Manager User Guide:
string
[REQUIRED]
The type of task being registered.
dict
The parameters that should be passed to the task when it is run.
(string) --
(dict) --
Defines the values for a task parameter.
Values (list) --
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
(string) --
dict
The parameters that the task should use during execution. Populate only the fields that match the task type. All other fields should be empty.
RunCommand (dict) --
The parameters for a RUN_COMMAND task type.
Comment (string) --
Information about the commands to run.
CloudWatchOutputConfig (dict) --
Configuration options for sending command output to Amazon CloudWatch Logs.
CloudWatchLogGroupName (string) --
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
CloudWatchOutputEnabled (boolean) --
Enables Systems Manager to send command output to CloudWatch Logs.
DocumentHash (string) --
The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
DocumentHashType (string) --
SHA-256 or SHA-1. SHA-1 hashes have been deprecated.
DocumentVersion (string) --
The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify $DEFAULT, $LATEST, or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:
--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
NotificationConfig (dict) --
Configurations for sending notifications about command status changes on a per-instance basis.
NotificationArn (string) --
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents (list) --
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
(string) --
NotificationType (string) --
The type of notification.
Command: Receive notification when the status of a command changes.
Invocation: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes.
OutputS3BucketName (string) --
The name of the Amazon Simple Storage Service (Amazon S3) bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
Parameters (dict) --
The parameters for the RUN_COMMAND task execution.
(string) --
(list) --
(string) --
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TimeoutSeconds (integer) --
If this time is reached and the command hasn't already started running, it doesn't run.
Automation (dict) --
The parameters for an AUTOMATION task type.
DocumentVersion (string) --
The version of an Automation runbook to use during task execution.
Parameters (dict) --
The parameters for the AUTOMATION task.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
(string) --
(list) --
(string) --
StepFunctions (dict) --
The parameters for a STEP_FUNCTIONS task type.
Input (string) --
The inputs for the STEP_FUNCTIONS task.
Name (string) --
The name of the STEP_FUNCTIONS task.
Lambda (dict) --
The parameters for a LAMBDA task type.
ClientContext (string) --
Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.
Qualifier (string) --
(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.
Payload (bytes) --
JSON to provide to your Lambda function as input.
integer
The priority of the task in the maintenance window, the lower the number the higher the priority. Tasks in a maintenance window are scheduled in priority order with tasks that have the same priority scheduled in parallel.
string
The maximum number of targets this task can be run for in parallel.
string
The maximum number of errors allowed before this task stops being scheduled.
dict
A structure containing information about an Amazon Simple Storage Service (Amazon S3) bucket to write instance-level logs to.
S3BucketName (string) -- [REQUIRED]
The name of an S3 bucket where execution logs are stored .
S3KeyPrefix (string) --
(Optional) The S3 bucket subfolder.
S3Region (string) -- [REQUIRED]
The Amazon Web Services Region where the S3 bucket is located.
string
An optional name for the task.
string
An optional description for the task.
string
User-provided idempotency token.
This field is autopopulated if not provided.
string
Indicates whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.
CONTINUE_TASK: When the cutoff time is reached, any tasks that are running continue. The default value.
CANCEL_TASK:
For Automation, Lambda, Step Functions tasks: When the cutoff time is reached, any task invocations that are already running continue, but no new task invocations are started.
For Run Command tasks: When the cutoff time is reached, the system sends a CancelCommand operation that attempts to cancel the command associated with the task. However, there is no guarantee that the command will be terminated and the underlying process stopped.
The status for tasks that are not completed is TIMED_OUT.
dict
Response Syntax
{ 'WindowTaskId': 'string' }
Response Structure
(dict) --
WindowTaskId (string) --
The ID of the task in the maintenance window.
{'CutoffBehavior': 'CONTINUE_TASK | CANCEL_TASK'}
Modifies a task assigned to a maintenance window. You can't change the task type, but you can change the following values:
TaskARN. For example, you can change a RUN_COMMAND task from AWS-RunPowerShellScript to AWS-RunShellScript.
ServiceRoleArn
TaskInvocationParameters
Priority
MaxConcurrency
MaxErrors
If the value for a parameter in UpdateMaintenanceWindowTask is null, then the corresponding field isn't modified. If you set Replace to true, then all fields required by the RegisterTaskWithMaintenanceWindow operation are required for this request. Optional fields that aren't specified are set to null.
See also: AWS API Documentation
Request Syntax
client.update_maintenance_window_task( WindowId='string', WindowTaskId='string', Targets=[ { 'Key': 'string', 'Values': [ 'string', ] }, ], TaskArn='string', ServiceRoleArn='string', TaskParameters={ 'string': { 'Values': [ 'string', ] } }, TaskInvocationParameters={ 'RunCommand': { 'Comment': 'string', 'CloudWatchOutputConfig': { 'CloudWatchLogGroupName': 'string', 'CloudWatchOutputEnabled': True|False }, 'DocumentHash': 'string', 'DocumentHashType': 'Sha256'|'Sha1', 'DocumentVersion': 'string', 'NotificationConfig': { 'NotificationArn': 'string', 'NotificationEvents': [ 'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed', ], 'NotificationType': 'Command'|'Invocation' }, 'OutputS3BucketName': 'string', 'OutputS3KeyPrefix': 'string', 'Parameters': { 'string': [ 'string', ] }, 'ServiceRoleArn': 'string', 'TimeoutSeconds': 123 }, 'Automation': { 'DocumentVersion': 'string', 'Parameters': { 'string': [ 'string', ] } }, 'StepFunctions': { 'Input': 'string', 'Name': 'string' }, 'Lambda': { 'ClientContext': 'string', 'Qualifier': 'string', 'Payload': b'bytes' } }, Priority=123, MaxConcurrency='string', MaxErrors='string', LoggingInfo={ 'S3BucketName': 'string', 'S3KeyPrefix': 'string', 'S3Region': 'string' }, Name='string', Description='string', Replace=True|False, CutoffBehavior='CONTINUE_TASK'|'CANCEL_TASK' )
string
[REQUIRED]
The maintenance window ID that contains the task to modify.
string
[REQUIRED]
The task ID to modify.
list
The targets (either instances or tags) to modify. Instances are specified using the format Key=instanceids,Values=instanceID_1,instanceID_2. Tags are specified using the format Key=tag_name,Values=tag_value.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Supported formats include the following.
Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
Key=tag:my-tag-key,Values=my-tag-value-1,my-tag-value-2
Key=tag-key,Values=my-tag-key-1,my-tag-key-2
Run Command and Maintenance window targets only: Key=resource-groups:Name,Values=resource-group-name
Maintenance window targets only: Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2
Automation targets only: Key=ResourceGroup;Values=resource-group-name
For example:
Key=InstanceIds,Values=i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE,i-07782c72faEXAMPLE
Key=tag:CostCenter,Values=CostCenter1,CostCenter2,CostCenter3
Key=tag-key,Values=Name,Instance-Type,CostCenter
Run Command and Maintenance window targets only: Key=resource-groups:Name,Values=ProductionResourceGroup This example demonstrates how to target all resources in the resource group ProductionResourceGroup in your maintenance window.
Maintenance window targets only: Key=resource-groups:ResourceTypeFilters,Values=AWS::EC2::INSTANCE,AWS::EC2::VPC This example demonstrates how to target only Amazon Elastic Compute Cloud (Amazon EC2) instances and VPCs in your maintenance window.
Automation targets only: Key=ResourceGroup,Values=MyResourceGroup
State Manager association targets only: Key=InstanceIds,Values=* This example demonstrates how to target all managed instances in the Amazon Web Services Region where the association was created.
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide.
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
(string) --
string
The task ARN to modify.
string
The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses your account's service-linked role. If no service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.
For more information, see the following topics in the in the Amazon Web Services Systems Manager User Guide:
dict
The parameters to modify.
The map has the following format:
Key: string, between 1 and 255 characters
Value: an array of strings, each string is between 1 and 255 characters
(string) --
(dict) --
Defines the values for a task parameter.
Values (list) --
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
(string) --
dict
The parameters that the task should use during execution. Populate only the fields that match the task type. All other fields should be empty.
RunCommand (dict) --
The parameters for a RUN_COMMAND task type.
Comment (string) --
Information about the commands to run.
CloudWatchOutputConfig (dict) --
Configuration options for sending command output to Amazon CloudWatch Logs.
CloudWatchLogGroupName (string) --
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
CloudWatchOutputEnabled (boolean) --
Enables Systems Manager to send command output to CloudWatch Logs.
DocumentHash (string) --
The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
DocumentHashType (string) --
SHA-256 or SHA-1. SHA-1 hashes have been deprecated.
DocumentVersion (string) --
The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify $DEFAULT, $LATEST, or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:
--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
NotificationConfig (dict) --
Configurations for sending notifications about command status changes on a per-instance basis.
NotificationArn (string) --
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents (list) --
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
(string) --
NotificationType (string) --
The type of notification.
Command: Receive notification when the status of a command changes.
Invocation: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes.
OutputS3BucketName (string) --
The name of the Amazon Simple Storage Service (Amazon S3) bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
Parameters (dict) --
The parameters for the RUN_COMMAND task execution.
(string) --
(list) --
(string) --
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TimeoutSeconds (integer) --
If this time is reached and the command hasn't already started running, it doesn't run.
Automation (dict) --
The parameters for an AUTOMATION task type.
DocumentVersion (string) --
The version of an Automation runbook to use during task execution.
Parameters (dict) --
The parameters for the AUTOMATION task.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
(string) --
(list) --
(string) --
StepFunctions (dict) --
The parameters for a STEP_FUNCTIONS task type.
Input (string) --
The inputs for the STEP_FUNCTIONS task.
Name (string) --
The name of the STEP_FUNCTIONS task.
Lambda (dict) --
The parameters for a LAMBDA task type.
ClientContext (string) --
Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.
Qualifier (string) --
(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.
Payload (bytes) --
JSON to provide to your Lambda function as input.
integer
The new task priority to specify. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.
string
The new MaxConcurrency value you want to specify. MaxConcurrency is the number of targets that are allowed to run this task in parallel.
string
The new MaxErrors value to specify. MaxErrors is the maximum number of errors that are allowed before the task stops being scheduled.
dict
The new logging location in Amazon S3 to specify.
S3BucketName (string) -- [REQUIRED]
The name of an S3 bucket where execution logs are stored .
S3KeyPrefix (string) --
(Optional) The S3 bucket subfolder.
S3Region (string) -- [REQUIRED]
The Amazon Web Services Region where the S3 bucket is located.
string
The new task name to specify.
string
The new task description to specify.
boolean
If True, then all fields that are required by the RegisterTaskWithMaintenanceWindow operation are also required for this API request. Optional fields that aren't specified are set to null.
string
Indicates whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.
CONTINUE_TASK: When the cutoff time is reached, any tasks that are running continue. The default value.
CANCEL_TASK:
For Automation, Lambda, Step Functions tasks: When the cutoff time is reached, any task invocations that are already running continue, but no new task invocations are started.
For Run Command tasks: When the cutoff time is reached, the system sends a CancelCommand operation that attempts to cancel the command associated with the task. However, there is no guarantee that the command will be terminated and the underlying process stopped.
The status for tasks that are not completed is TIMED_OUT.
dict
Response Syntax
{ 'WindowId': 'string', 'WindowTaskId': 'string', 'Targets': [ { 'Key': 'string', 'Values': [ 'string', ] }, ], 'TaskArn': 'string', 'ServiceRoleArn': 'string', 'TaskParameters': { 'string': { 'Values': [ 'string', ] } }, 'TaskInvocationParameters': { 'RunCommand': { 'Comment': 'string', 'CloudWatchOutputConfig': { 'CloudWatchLogGroupName': 'string', 'CloudWatchOutputEnabled': True|False }, 'DocumentHash': 'string', 'DocumentHashType': 'Sha256'|'Sha1', 'DocumentVersion': 'string', 'NotificationConfig': { 'NotificationArn': 'string', 'NotificationEvents': [ 'All'|'InProgress'|'Success'|'TimedOut'|'Cancelled'|'Failed', ], 'NotificationType': 'Command'|'Invocation' }, 'OutputS3BucketName': 'string', 'OutputS3KeyPrefix': 'string', 'Parameters': { 'string': [ 'string', ] }, 'ServiceRoleArn': 'string', 'TimeoutSeconds': 123 }, 'Automation': { 'DocumentVersion': 'string', 'Parameters': { 'string': [ 'string', ] } }, 'StepFunctions': { 'Input': 'string', 'Name': 'string' }, 'Lambda': { 'ClientContext': 'string', 'Qualifier': 'string', 'Payload': b'bytes' } }, 'Priority': 123, 'MaxConcurrency': 'string', 'MaxErrors': 'string', 'LoggingInfo': { 'S3BucketName': 'string', 'S3KeyPrefix': 'string', 'S3Region': 'string' }, 'Name': 'string', 'Description': 'string', 'CutoffBehavior': 'CONTINUE_TASK'|'CANCEL_TASK' }
Response Structure
(dict) --
WindowId (string) --
The ID of the maintenance window that was updated.
WindowTaskId (string) --
The task ID of the maintenance window that was updated.
Targets (list) --
The updated target values.
(dict) --
An array of search criteria that targets instances using a key-value pair that you specify.
Supported formats include the following.
Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3
Key=tag:my-tag-key,Values=my-tag-value-1,my-tag-value-2
Key=tag-key,Values=my-tag-key-1,my-tag-key-2
Run Command and Maintenance window targets only: Key=resource-groups:Name,Values=resource-group-name
Maintenance window targets only: Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2
Automation targets only: Key=ResourceGroup;Values=resource-group-name
For example:
Key=InstanceIds,Values=i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE,i-07782c72faEXAMPLE
Key=tag:CostCenter,Values=CostCenter1,CostCenter2,CostCenter3
Key=tag-key,Values=Name,Instance-Type,CostCenter
Run Command and Maintenance window targets only: Key=resource-groups:Name,Values=ProductionResourceGroup This example demonstrates how to target all resources in the resource group ProductionResourceGroup in your maintenance window.
Maintenance window targets only: Key=resource-groups:ResourceTypeFilters,Values=AWS::EC2::INSTANCE,AWS::EC2::VPC This example demonstrates how to target only Amazon Elastic Compute Cloud (Amazon EC2) instances and VPCs in your maintenance window.
Automation targets only: Key=ResourceGroup,Values=MyResourceGroup
State Manager association targets only: Key=InstanceIds,Values=* This example demonstrates how to target all managed instances in the Amazon Web Services Region where the association was created.
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the Amazon Web Services Systems Manager User Guide.
Key (string) --
User-defined criteria for sending commands that target instances that meet the criteria.
Values (list) --
User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.
Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.
(string) --
TaskArn (string) --
The updated task ARN value.
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TaskParameters (dict) --
The updated parameter values.
(string) --
(dict) --
Defines the values for a task parameter.
Values (list) --
This field contains an array of 0 or more strings, each 1 to 255 characters in length.
(string) --
TaskInvocationParameters (dict) --
The updated parameter values.
RunCommand (dict) --
The parameters for a RUN_COMMAND task type.
Comment (string) --
Information about the commands to run.
CloudWatchOutputConfig (dict) --
Configuration options for sending command output to Amazon CloudWatch Logs.
CloudWatchLogGroupName (string) --
The name of the CloudWatch Logs log group where you want to send command output. If you don't specify a group name, Amazon Web Services Systems Manager automatically creates a log group for you. The log group uses the following naming format:
aws/ssm/SystemsManagerDocumentName
CloudWatchOutputEnabled (boolean) --
Enables Systems Manager to send command output to CloudWatch Logs.
DocumentHash (string) --
The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.
DocumentHashType (string) --
SHA-256 or SHA-1. SHA-1 hashes have been deprecated.
DocumentVersion (string) --
The Amazon Web Services Systems Manager document (SSM document) version to use in the request. You can specify $DEFAULT, $LATEST, or a specific version number. If you run commands by using the Amazon Web Services CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:
--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
NotificationConfig (dict) --
Configurations for sending notifications about command status changes on a per-instance basis.
NotificationArn (string) --
An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.
NotificationEvents (list) --
The different events for which you can receive notifications. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the Amazon Web Services Systems Manager User Guide.
(string) --
NotificationType (string) --
The type of notification.
Command: Receive notification when the status of a command changes.
Invocation: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes.
OutputS3BucketName (string) --
The name of the Amazon Simple Storage Service (Amazon S3) bucket.
OutputS3KeyPrefix (string) --
The S3 bucket subfolder.
Parameters (dict) --
The parameters for the RUN_COMMAND task execution.
(string) --
(list) --
(string) --
ServiceRoleArn (string) --
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.
TimeoutSeconds (integer) --
If this time is reached and the command hasn't already started running, it doesn't run.
Automation (dict) --
The parameters for an AUTOMATION task type.
DocumentVersion (string) --
The version of an Automation runbook to use during task execution.
Parameters (dict) --
The parameters for the AUTOMATION task.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
(string) --
(list) --
(string) --
StepFunctions (dict) --
The parameters for a STEP_FUNCTIONS task type.
Input (string) --
The inputs for the STEP_FUNCTIONS task.
Name (string) --
The name of the STEP_FUNCTIONS task.
Lambda (dict) --
The parameters for a LAMBDA task type.
ClientContext (string) --
Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.
Qualifier (string) --
(Optional) Specify an Lambda function version or alias name. If you specify a function version, the operation uses the qualified function Amazon Resource Name (ARN) to invoke a specific Lambda function. If you specify an alias name, the operation uses the alias ARN to invoke the Lambda function version to which the alias points.
Payload (bytes) --
JSON to provide to your Lambda function as input.
Priority (integer) --
The updated priority value.
MaxConcurrency (string) --
The updated MaxConcurrency value.
MaxErrors (string) --
The updated MaxErrors value.
LoggingInfo (dict) --
The updated logging information in Amazon S3.
S3BucketName (string) --
The name of an S3 bucket where execution logs are stored .
S3KeyPrefix (string) --
(Optional) The S3 bucket subfolder.
S3Region (string) --
The Amazon Web Services Region where the S3 bucket is located.
Name (string) --
The updated task name.
Description (string) --
The updated task description.
CutoffBehavior (string) --
The specification for whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.