AWS API Changes

2021/03/24 - Amazon Simple Systems Manager (SSM) - 3 updated api methods

Changes This release allows SSM Explorer customers to enable OpsData sources across their organization when creating a resource data sync.

CreateResourceDataSync (updated)

Link ¶
Changes (request)

{'SyncSource': {'EnableAllOpsDataSources': 'boolean'}}

A resource data sync helps you view data from multiple sources in a single location. Systems Manager offers two types of resource data sync: SyncToDestination and SyncFromSource .

You can configure Systems Manager Inventory to use the SyncToDestination type to synchronize Inventory data from multiple AWS Regions to a single S3 bucket. For more information, see Configuring Resource Data Sync for Inventory in the AWS Systems Manager User Guide .

You can configure Systems Manager Explorer to use the SyncFromSource type to synchronize operational work items (OpsItems) and operational data (OpsData) from multiple AWS Regions to a single S3 bucket. This type can synchronize OpsItems and OpsData from multiple AWS accounts and Regions or EntireOrganization by using AWS Organizations. For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the AWS Systems Manager User Guide .

A resource data sync is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data. To check the status of a sync, use the ListResourceDataSync.

Note

By default, data is not encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy.

See also: AWS API Documentation

Request Syntax

client.create_resource_data_sync(
    SyncName='string',
    S3Destination={
        'BucketName': 'string',
        'Prefix': 'string',
        'SyncFormat': 'JsonSerDe',
        'Region': 'string',
        'AWSKMSKeyARN': 'string',
        'DestinationDataSharing': {
            'DestinationDataSharingType': 'string'
        }
    },
    SyncType='string',
    SyncSource={
        'SourceType': 'string',
        'AwsOrganizationsSource': {
            'OrganizationSourceType': 'string',
            'OrganizationalUnits': [
                {
                    'OrganizationalUnitId': 'string'
                },
            ]
        },
        'SourceRegions': [
            'string',
        ],
        'IncludeFutureRegions': True|False,
        'EnableAllOpsDataSources': True|False
    }
)

type SyncName

string

param SyncName

[REQUIRED]

A name for the configuration.

type S3Destination

dict

param S3Destination

Amazon S3 configuration details for the sync. This parameter is required if the SyncType value is SyncToDestination.

BucketName (string) -- [REQUIRED]

The name of the S3 bucket where the aggregated data is stored.
Prefix (string) --

An Amazon S3 prefix for the bucket.
SyncFormat (string) -- [REQUIRED]

A supported sync format. The following format is currently supported: JsonSerDe
Region (string) -- [REQUIRED]

The AWS Region with the S3 bucket targeted by the Resource Data Sync.
AWSKMSKeyARN (string) --

The ARN of an encryption key for a destination in Amazon S3. Must belong to the same Region as the destination S3 bucket.
DestinationDataSharing (dict) --

Enables destination data sharing. By default, this field is null .
- DestinationDataSharingType (string) --
  
  The sharing data type. Only Organization is supported.

type SyncType

string

param SyncType

Specify SyncToDestination to create a resource data sync that synchronizes data to an S3 bucket for Inventory. If you specify SyncToDestination , you must provide a value for S3Destination . Specify SyncFromSource to synchronize data from a single account and multiple Regions, or multiple AWS accounts and Regions, as listed in AWS Organizations for Explorer. If you specify SyncFromSource , you must provide a value for SyncSource . The default value is SyncToDestination .

type SyncSource

dict

param SyncSource

Specify information about the data sources to synchronize. This parameter is required if the SyncType value is SyncFromSource.

SourceType (string) -- [REQUIRED]

The type of data source for the resource data sync. SourceType is either AwsOrganizations (if an organization is present in AWS Organizations) or singleAccountMultiRegions .
AwsOrganizationsSource (dict) --

Information about the AwsOrganizationsSource resource data sync source. A sync source of this type can synchronize data from AWS Organizations.
- OrganizationSourceType (string) -- [REQUIRED]
  
  If an AWS Organization is present, this is either OrganizationalUnits or EntireOrganization . For OrganizationalUnits , the data is aggregated from a set of organization units. For EntireOrganization , the data is aggregated from the entire AWS Organization.
- OrganizationalUnits (list) --
  
  The AWS Organizations organization units included in the sync.
  - (dict) --
    
    The AWS Organizations organizational unit data source for the sync.
    - OrganizationalUnitId (string) --
      
      The AWS Organization unit ID data source for the sync.
SourceRegions (list) -- [REQUIRED]

The SyncSource AWS Regions included in the resource data sync.
- (string) --
IncludeFutureRegions (boolean) --

Whether to automatically synchronize and aggregate data from new AWS Regions when those Regions come online.
EnableAllOpsDataSources (boolean) --

When you create a resource data sync, if you choose one of the AWS Organizations options, then Systems Manager automatically enables all OpsData sources in the selected AWS Regions for all AWS accounts in your organization (or in the selected organization units). For more information, see About multiple account and Region resource data syncs in the AWS Systems Manager User Guide .

rtype

dict

returns

Response Syntax

{}

Response Structure

(dict) --

ListResourceDataSync (updated)

Link ¶
Changes (response)

{'ResourceDataSyncItems': {'SyncSource': {'EnableAllOpsDataSources': 'boolean'}}}

Lists your resource data sync configurations. Includes information about the last time a sync attempted to start, the last sync status, and the last time a sync successfully completed.

The number of sync configurations might be too large to return using a single call to ListResourceDataSync . You can limit the number of sync configurations returned by using the MaxResults parameter. To determine whether there are more sync configurations to list, check the value of NextToken in the output. If there are more sync configurations to list, you can request them by specifying the NextToken returned in the call to the parameter of a subsequent call.

See also: AWS API Documentation

Request Syntax

client.list_resource_data_sync(
    SyncType='string',
    NextToken='string',
    MaxResults=123
)

type SyncType

string

param SyncType

View a list of resource data syncs according to the sync type. Specify SyncToDestination to view resource data syncs that synchronize data to an Amazon S3 bucket. Specify SyncFromSource to view resource data syncs from AWS Organizations or from multiple AWS Regions.

type NextToken

string

param NextToken

A token to start the list. Use this token to get the next set of results.

type MaxResults

integer

param MaxResults

The maximum number of items to return for this call. The call also returns a token that you can specify in a subsequent call to get the next set of results.

rtype

dict

returns

Response Syntax

{
    'ResourceDataSyncItems': [
        {
            'SyncName': 'string',
            'SyncType': 'string',
            'SyncSource': {
                'SourceType': 'string',
                'AwsOrganizationsSource': {
                    'OrganizationSourceType': 'string',
                    'OrganizationalUnits': [
                        {
                            'OrganizationalUnitId': 'string'
                        },
                    ]
                },
                'SourceRegions': [
                    'string',
                ],
                'IncludeFutureRegions': True|False,
                'State': 'string',
                'EnableAllOpsDataSources': True|False
            },
            'S3Destination': {
                'BucketName': 'string',
                'Prefix': 'string',
                'SyncFormat': 'JsonSerDe',
                'Region': 'string',
                'AWSKMSKeyARN': 'string',
                'DestinationDataSharing': {
                    'DestinationDataSharingType': 'string'
                }
            },
            'LastSyncTime': datetime(2015, 1, 1),
            'LastSuccessfulSyncTime': datetime(2015, 1, 1),
            'SyncLastModifiedTime': datetime(2015, 1, 1),
            'LastStatus': 'Successful'|'Failed'|'InProgress',
            'SyncCreatedTime': datetime(2015, 1, 1),
            'LastSyncStatusMessage': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

(dict) --
- ResourceDataSyncItems (list) --
  
  A list of your current Resource Data Sync configurations and their statuses.
  - (dict) --
    
    Information about a Resource Data Sync configuration, including its current status and last successful sync.
    - SyncName (string) --
      
      The name of the Resource Data Sync.
    - SyncType (string) --
      
      The type of resource data sync. If SyncType is SyncToDestination , then the resource data sync synchronizes data to an S3 bucket. If the SyncType is SyncFromSource then the resource data sync synchronizes data from AWS Organizations or from multiple AWS Regions.
    - SyncSource (dict) --
      
      Information about the source where the data was synchronized.
      - SourceType (string) --
        
        The type of data source for the resource data sync. SourceType is either AwsOrganizations (if an organization is present in AWS Organizations) or singleAccountMultiRegions .
      - AwsOrganizationsSource (dict) --
        
        The field name in SyncSource for the ResourceDataSyncAwsOrganizationsSource type.
        
        OrganizationSourceType (string) --
        
        If an AWS Organization is present, this is either OrganizationalUnits or EntireOrganization . For OrganizationalUnits , the data is aggregated from a set of organization units. For EntireOrganization , the data is aggregated from the entire AWS Organization.
        
        OrganizationalUnits (list) --
        
        The AWS Organizations organization units included in the sync.
        
        (dict) --
        
        The AWS Organizations organizational unit data source for the sync.
        
        OrganizationalUnitId (string) --
        
        The AWS Organization unit ID data source for the sync.
      - SourceRegions (list) --
        
        The SyncSource AWS Regions included in the resource data sync.
        
        (string) --
      - IncludeFutureRegions (boolean) --
        
        Whether to automatically synchronize and aggregate data from new AWS Regions when those Regions come online.
      - State (string) --
        
        The data type name for including resource data sync state. There are four sync states:
        
        OrganizationNotExists : Your organization doesn't exist.
        
        NoPermissions : The system can't locate the service-linked role. This role is automatically created when a user creates a resource data sync in Explorer.
        
        InvalidOrganizationalUnit : You specified or selected an invalid unit in the resource data sync configuration.
        
        TrustedAccessDisabled : You disabled Systems Manager access in the organization in AWS Organizations.
      - EnableAllOpsDataSources (boolean) --
        
        When you create a resource data sync, if you choose one of the AWS Organizations options, then Systems Manager automatically enables all OpsData sources in the selected AWS Regions for all AWS accounts in your organization (or in the selected organization units). For more information, see About multiple account and Region resource data syncs in the AWS Systems Manager User Guide .
    - S3Destination (dict) --
      
      Configuration information for the target S3 bucket.
      - BucketName (string) --
        
        The name of the S3 bucket where the aggregated data is stored.
      - Prefix (string) --
        
        An Amazon S3 prefix for the bucket.
      - SyncFormat (string) --
        
        A supported sync format. The following format is currently supported: JsonSerDe
      - Region (string) --
        
        The AWS Region with the S3 bucket targeted by the Resource Data Sync.
      - AWSKMSKeyARN (string) --
        
        The ARN of an encryption key for a destination in Amazon S3. Must belong to the same Region as the destination S3 bucket.
      - DestinationDataSharing (dict) --
        
        Enables destination data sharing. By default, this field is null .
        
        DestinationDataSharingType (string) --
        
        The sharing data type. Only Organization is supported.
    - LastSyncTime (datetime) --
      
      The last time the configuration attempted to sync (UTC).
    - LastSuccessfulSyncTime (datetime) --
      
      The last time the sync operations returned a status of SUCCESSFUL (UTC).
    - SyncLastModifiedTime (datetime) --
      
      The date and time the resource data sync was changed.
    - LastStatus (string) --
      
      The status reported by the last sync.
    - SyncCreatedTime (datetime) --
      
      The date and time the configuration was created (UTC).
    - LastSyncStatusMessage (string) --
      
      The status message details reported by the last sync.
- NextToken (string) --
  
  The token for the next set of items to return. Use this token to get the next set of results.

UpdateResourceDataSync (updated)

Link ¶
Changes (request)

{'SyncSource': {'EnableAllOpsDataSources': 'boolean'}}

Update a resource data sync. After you create a resource data sync for a Region, you can't change the account options for that sync. For example, if you create a sync in the us-east-2 (Ohio) Region and you choose the Include only the current account option, you can't edit that sync later and choose the Include all accounts from my AWS Organizations configuration option. Instead, you must delete the first resource data sync, and create a new one.

Note

This API action only supports a resource data sync that was created with a SyncFromSource SyncType .