Crate rusoto_ssm
source · [−]Expand description
AWS Systems Manager is a collection of capabilities that helps you automate management tasks such as collecting system inventory, applying operating system (OS) patches, automating the creation of Amazon Machine Images (AMIs), and configuring operating systems (OSs) and applications at scale. Systems Manager lets you remotely and securely manage the configuration of your managed instances. A managed instance is any Amazon Elastic Compute Cloud instance (EC2 instance), or any on-premises server or virtual machine (VM) in your hybrid environment that has been configured for Systems Manager.
This reference is intended to be used with the AWS Systems Manager User Guide.
To get started, verify prerequisites and configure managed instances. For more information, see Setting up AWS Systems Manager in the AWS Systems Manager User Guide.
Related resources
-
For information about how to use a Query API, see Making API requests.
-
For information about other API actions you can perform on EC2 instances, see the Amazon EC2 API Reference.
-
For information about AWS AppConfig, a capability of Systems Manager, see the AWS AppConfig User Guide and the AWS AppConfig API Reference.
-
For information about AWS Incident Manager, a capability of Systems Manager, see the AWS Incident Manager User Guide and the AWS Incident Manager API Reference.
If you’re using the service, you’re probably looking for SsmClient and Ssm.
Structs
Information includes the AWS account ID where the current document is shared and the version shared with that account.
An activation registers one or more on-premises servers or virtual machines (VMs) with AWS so that you can configure those servers or VMs using Run Command. A server or VM that has been registered with AWS is called a managed instance.
Describes an association of a Systems Manager document and an instance.
Describes the parameters for a document.
Includes information about the specified association.
Filters used in the request.
Includes information about the specified association execution.
Filters for the association execution.
Describes a filter.
Information about the association.
Describes an association status.
Information about the association version.
A structure that includes attributes that describe a document attachment.
An attribute of an attachment, such as the attachment name.
Identifying information about a document attachment, including the file name and a key-value pair that identifies the location of an attachment to a document.
Detailed information about the current state of an individual Automation execution.
A filter used to match specific automation executions. This is used to limit the scope of Automation execution information returned.
Details about a specific Automation execution.
Defines the basic information about a patch baseline override.
Whether or not the command was successfully canceled. There is no guarantee that a request can be canceled.
Configuration options for sending command output to CloudWatch Logs.
Describes a command request.
Describes a command filter.
An instance ID can't be specified when a command status is Pending because the command hasn't run on the instance yet.
An invocation is copy of a command sent to a specific instance. A command can apply to one or more instances. A command invocation applies to one instance. For example, if a user runs SendCommand against three instances, then a command invocation is created for each requested instance ID. A command invocation returns status and detail information about a command you ran.
Describes plugin details.
A summary of the call execution that includes an execution ID, the type of execution (for example, Command), and the date/time of the execution using a datetime object that is saved in the following format: yyyy-MM-dd'T'HH:mm:ss'Z'.
Information about the compliance as defined by the resource type. For example, for a patch resource type, Items includes information about the PatchSeverity, Classification, and so on.
Information about a compliance item.
One or more filters. Use a filter to return a more specific list of results.
A summary of compliance information by compliance type.
A summary of resources that are compliant. The summary is organized according to the resource count for each compliance type.
Describes the association of a Systems Manager SSM document and an instance.
Filter for the DescribeActivation API.
A default version of a document.
Describes a Systems Manager document.
This data type is deprecated. Instead, use DocumentKeyValuesFilter.
Describes the name of a Systems Manager document.
One or more filters. Use a filter to return a more specific list of documents.
For keys, you can specify one or more tags that have been applied to a document.
You can also use AWS-provided keys, some of which have specific allowed values. These keys and their associated values are as follows:
- DocumentType
-
-
ApplicationConfiguration
-
ApplicationConfigurationSchema
-
Automation
-
ChangeCalendar
-
Command
-
DeploymentStrategy
-
Package
-
Policy
-
Session
-
- Owner
-
Note that only one
Ownercan be specified in a request. For example:Key=Owner,Values=Self.-
Amazon
-
Private
-
Public
-
Self
-
ThirdParty
-
- PlatformTypes
-
-
Linux
-
Windows
-
Name is another AWS-provided key. If you use Name as a key, you can use a name prefix to return a list of documents. For example, in the AWS CLI, to return a list of all documents that begin with Te, run the following command:
aws ssm list-documents --filters Key=Name,Values=Te
You can also use the TargetType AWS-provided key. For a list of valid resource type values that can be used with this key, see AWS resource and property types reference in the AWS CloudFormation User Guide.
If you specify more than two keys, only documents that are identified by all the tags are returned in the results. If you specify more than two values for a key, documents that are identified by any of the values are returned in the results.
To specify a custom key and value pair, use the format Key=tag:tagName,Values=valueName.
For example, if you created a key called region and are using the AWS CLI to call the list-documents command:
aws ssm list-documents --filters Key=tag:region,Values=east,west Key=Owner,Values=Self
Details about the response to a document review request.
Parameters specified in a System Manager document that run on the server when the command is run.
An SSM document required by the current document.
Information about comments added to a document review request.
Information about a reviewer's response to a document review request.
Information about a document approval review.
Version information about the document.
The EffectivePatch structure defines metadata about a patch along with the approval state of the patch in a particular patch baseline. The approval state includes information about whether the patch is currently approved, due to be approved by a rule, explicitly approved, or explicitly rejected and the date the patch was or will be approved.
Describes a failed association.
Information about an Automation failure.
The request body of the GetServiceSetting API action.
The query result body of the GetServiceSetting API action.
Status information about the aggregated associations.
One or more association documents on the instance.
An S3 bucket where you want to store the results of this request.
For the minimal permissions required to enable Amazon S3 output for an association, see Creating associations in the Systems Manager User Guide.
The URL of S3 bucket where you want to store the results of this request.
Status information about the instance association.
Describes a filter for a specific list of instances.
Describes a filter for a specific list of instances. You can filter instances information by using tags. You specify tags by using a key-value mapping.
Use this action instead of the DescribeInstanceInformationRequest$InstanceInformationFilterList method. The InstanceInformationFilterList method is a legacy method and does not support tags.
The filters to describe or get information about your managed instances.
Defines the high-level patch compliance state for a managed instance, providing information about the number of installed, missing, not applicable, and failed patches along with metadata about the operation when this information was gathered for the instance.
Defines a filter used in DescribeInstancePatchStatesForPatchGroup used to scope down the information returned by the API.
Specifies the inventory type and attribute for the aggregation execution.
Status information returned by the DeleteInventory action.
Information about the delete operation.
Either a count, remaining count, or a version number in a delete inventory summary.
One or more filters. Use a filter to return a more specific list of results.
A user-defined set of one or more filters on which to aggregate inventory data. Groups return a count of resources that match and don't match the specified criteria.
Information collected from managed instances based on your inventory policy document
Attributes are the entries within the inventory item content. It contains name and value.
The inventory item schema definition. Users can use this to compose inventory query filters.
Inventory query results.
The inventory result item.
Information about an S3 bucket to write instance-level logs to.
LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.
The parameters for an AUTOMATION task type.
Describes the information about an execution of a maintenance window.
Information about a task execution performed as part of a maintenance window execution.
Describes the information about a task invocation for a particular target as part of a task execution performed as part of a maintenance window execution.
Filter used in the request. Supported filter keys are Name and Enabled.
Information about the maintenance window.
The maintenance window to which the specified target belongs.
The parameters for a LAMBDA task type.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.
For Lambda tasks, Systems Manager ignores any values specified for TaskParameters and LoggingInfo.
The parameters for a RUN_COMMAND task type.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.
For Run Command tasks, Systems Manager uses specified values for TaskParameters and LoggingInfo only if no values are specified for TaskInvocationParameters.
The parameters for a STEP_FUNCTIONS task.
For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask.
LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.
TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters.
For Step Functions tasks, Systems Manager ignores any values specified for TaskParameters and LoggingInfo.
The target registered with the maintenance window.
Information about a task defined for a maintenance window.
The parameters for task execution.
Defines the values for a task parameter.
Metadata to assign to an Application Manager application.
A summary of resources that are not compliant. The summary is organized according to resource type.
Configurations for sending notifications.
One or more aggregators for viewing counts of OpsItems using different dimensions such as Source, CreatedTime, or Source and CreatedTime, to name a few.
The result of the query.
The OpsItem summaries result item.
A filter for viewing OpsItem summaries.
Operations engineers and IT professionals use OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their AWS resources. For more information, see AWS Systems Manager OpsCenter in the AWS Systems Manager User Guide.
An object that defines the value of the key and its type in the OperationalData map.
Describes a filter for a specific list of OpsItem events. You can filter event information by using tags. You specify tags by using a key-value pair mapping.
Summary information about an OpsItem event or that associated an OpsItem with a related item.
Describes an OpsItem filter.
Information about the user or resource that created an OpsItem event.
A notification about the OpsItem.
Summary information about related-item resources for an OpsItem.
Describes a filter for a specific list of related-item resources.
A count of OpsItems.
Operational metadata for an application in Application Manager.
A filter to limit the number of OpsMetadata objects displayed.
The OpsItem data type to return.
Information about the source where the association execution details are stored.
An Systems Manager parameter in Parameter Store.
Information about parameter usage.
One or more policies assigned to a parameter.
Metadata includes information like the ARN of the last user and the date/time the parameter was last used.
One or more filters. Use a filter to return a more specific list of results.
This data type is deprecated. Instead, use ParameterStringFilter.
Represents metadata about a patch.
Defines the basic information about a patch baseline.
Information about the state of a patch on a particular instance as it relates to the patch baseline used to patch the instance.
Defines which patches should be included in a patch baseline.
A patch filter consists of a key and a set of values. The filter key is a patch property. For example, the available filter keys for WINDOWS are PATCH_SET, PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, and MSRC_SEVERITY. The filter values define a matching criterion for the patch property indicated by the key. For example, if the filter key is PRODUCT and the filter values are ["Office 2013", "Office 2016"], then the filter accepts all patches where product name is either "Office 2013" or "Office 2016". The filter values can be exact values for the patch property given as a key, or a wildcard (*), which matches all values.
You can view lists of valid values for the patch properties by running the DescribePatchProperties command. For information about which patch properties can be used with each major operating system, see DescribePatchProperties.
A set of patch filters, typically used for approval rules.
The mapping between a patch group and the patch baseline the patch group is registered with.
Defines a filter used in Patch Manager APIs.
Defines an approval rule for a patch baseline.
A set of rules defining the approval rules for a patch baseline.
Information about the patches to use to update the instances, including target operating systems and source repository. Applies to Linux instances only.
Information about the approval status of a patch.
An aggregate of step execution statuses displayed in the AWS Console for a multi-Region and multi-account Automation execution.
An OpsItems that shares something in common with the current OpsItem. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource.
The request body of the ResetServiceSetting API action.
The result body of the ResetServiceSetting API action.
Information about targets that resolved during the Automation execution.
Compliance summary information for a specific resource.
Information about the AwsOrganizationsSource resource data sync source. A sync source of this type can synchronize data from AWS Organizations or, if an AWS Organization is not present, from multiple AWS Regions.
Synchronize Systems Manager Inventory data from multiple AWS accounts defined in AWS Organizations to a centralized S3 bucket. Data is synchronized to individual key prefixes in the central bucket. Each key prefix represents a different AWS account ID.
Information about a Resource Data Sync configuration, including its current status and last successful sync.
The AWS Organizations organizational unit data source for the sync.
Information about the target S3 bucket for the Resource Data Sync.
Information about the source of the data included in the resource data sync.
The data type name for including resource data sync state. There are four sync states:
OrganizationNotExists (Your organization doesn't exist)
NoPermissions (The system can't locate the service-linked role. This role is automatically created when a user creates a resource data sync in Explorer.)
InvalidOrganizationalUnit (You specified or selected an invalid unit in the resource data sync configuration.)
TrustedAccessDisabled (You disabled Systems Manager access in the organization in AWS Organizations.)
The inventory item result attribute.
Information about the result of a document review request.
Information about an Automation runbook (Automation document) used in a runbook workflow in Change Manager.
The Automation runbooks specified for the runbook workflow can't run until all required approvals for the change request have been received.
An S3 bucket where you want to store the results of this request.
A URL for the S3 bucket where you want to store the results of this request.
Information about a scheduled execution for a maintenance window.
The service setting data structure.
ServiceSetting is an account-level setting for an AWS service. This setting defines how a user interacts with or uses a service or a feature of a service. For example, if an AWS service charges money to the account based on feature or service usage, then the AWS service team might create a default setting of "false". This means the user can't use this feature unless they change the setting to "true" and intentionally opt in for a paid feature.
Services map a SettingId object to a setting value. AWS services teams define the default value for a SettingId. You can't create a new SettingId, but you can overwrite the default value if you have the ssm:UpdateServiceSetting permission for the setting. Use the UpdateServiceSetting API action to change the default setting. Or, use the ResetServiceSetting to change the value back to the original value defined by the AWS service team.
Information about a Session Manager connection to an instance.
Describes a filter for Session Manager information.
Reserved for future use.
The number of managed instances found for each patch severity level defined in the request filter.
A client for the Amazon SSM API.
Detailed information about an the execution state of an Automation step.
A filter to limit the amount of step execution information returned by the call.
Metadata that you assign to your AWS resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Systems Manager, you can apply tags to documents, managed instances, maintenance windows, Parameter Store parameters, and patch baselines.
An array of search criteria that targets instances using a Key,Value combination that you specify.
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, AWS Lambda, and AWS Step Functions). For more information about running tasks that do not specify targets, see Registering maintenance window tasks without targets in the AWS Systems Manager User Guide.
Supported formats include the following.
-
Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3 -
Key=tag:my-tag-key,Values=my-tag-value-1,my-tag-value-2 -
Key=tag-key,Values=my-tag-key-1,my-tag-key-2 -
Run Command and Maintenance window targets only:
Key=resource-groups:Name,Values=resource-group-name -
Maintenance window targets only:
Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2 -
Automation targets only:
Key=ResourceGroup;Values=resource-group-name
For example:
-
Key=InstanceIds,Values=i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE,i-07782c72faEXAMPLE -
Key=tag:CostCenter,Values=CostCenter1,CostCenter2,CostCenter3 -
Key=tag-key,Values=Name,Instance-Type,CostCenter -
Run Command and Maintenance window targets only:
Key=resource-groups:Name,Values=ProductionResourceGroupThis example demonstrates how to target all resources in the resource group ProductionResourceGroup in your maintenance window.
-
Maintenance window targets only:
Key=resource-groups:ResourceTypeFilters,Values=AWS::EC2::INSTANCE,AWS::EC2::VPCThis example demonstrates how to target only EC2 instances and VPCs in your maintenance window.
-
Automation targets only:
Key=ResourceGroup,Values=MyResourceGroup -
State Manager association targets only:
Key=InstanceIds,Values=*This example demonstrates how to target all managed instances in the AWS Region where the association was created.
For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the AWS Systems Manager User Guide.
The combination of AWS Regions and accounts targeted by the current Automation execution.
The request body of the UpdateServiceSetting API action.
The result body of the UpdateServiceSetting API action.
Enums
Errors returned by AddTagsToResource
Errors returned by AssociateOpsItemRelatedItem
Errors returned by CancelCommand
Errors returned by CancelMaintenanceWindowExecution
Errors returned by CreateActivation
Errors returned by CreateAssociationBatch
Errors returned by CreateAssociation
Errors returned by CreateDocument
Errors returned by CreateMaintenanceWindow
Errors returned by CreateOpsItem
Errors returned by CreateOpsMetadata
Errors returned by CreatePatchBaseline
Errors returned by CreateResourceDataSync
Errors returned by DeleteActivation
Errors returned by DeleteAssociation
Errors returned by DeleteDocument
Errors returned by DeleteInventory
Errors returned by DeleteMaintenanceWindow
Errors returned by DeleteOpsMetadata
Errors returned by DeleteParameter
Errors returned by DeleteParameters
Errors returned by DeletePatchBaseline
Errors returned by DeleteResourceDataSync
Errors returned by DeregisterManagedInstance
Errors returned by DeregisterPatchBaselineForPatchGroup
Errors returned by DeregisterTargetFromMaintenanceWindow
Errors returned by DeregisterTaskFromMaintenanceWindow
Errors returned by DescribeActivations
Errors returned by DescribeAssociation
Errors returned by DescribeAssociationExecutionTargets
Errors returned by DescribeAssociationExecutions
Errors returned by DescribeAutomationExecutions
Errors returned by DescribeAutomationStepExecutions
Errors returned by DescribeAvailablePatches
Errors returned by DescribeDocument
Errors returned by DescribeDocumentPermission
Errors returned by DescribeEffectiveInstanceAssociations
Errors returned by DescribeEffectivePatchesForPatchBaseline
Errors returned by DescribeInstanceAssociationsStatus
Errors returned by DescribeInstanceInformation
Errors returned by DescribeInstancePatchStates
Errors returned by DescribeInstancePatchStatesForPatchGroup
Errors returned by DescribeInstancePatches
Errors returned by DescribeInventoryDeletions
Errors returned by DescribeMaintenanceWindowExecutionTaskInvocations
Errors returned by DescribeMaintenanceWindowExecutionTasks
Errors returned by DescribeMaintenanceWindowExecutions
Errors returned by DescribeMaintenanceWindowSchedule
Errors returned by DescribeMaintenanceWindowTargets
Errors returned by DescribeMaintenanceWindowTasks
Errors returned by DescribeMaintenanceWindows
Errors returned by DescribeMaintenanceWindowsForTarget
Errors returned by DescribeOpsItems
Errors returned by DescribeParameters
Errors returned by DescribePatchBaselines
Errors returned by DescribePatchGroupState
Errors returned by DescribePatchGroups
Errors returned by DescribePatchProperties
Errors returned by DescribeSessions
Errors returned by DisassociateOpsItemRelatedItem
Errors returned by GetAutomationExecution
Errors returned by GetCalendarState
Errors returned by GetCommandInvocation
Errors returned by GetConnectionStatus
Errors returned by GetDefaultPatchBaseline
Errors returned by GetDeployablePatchSnapshotForInstance
Errors returned by GetDocument
Errors returned by GetInventory
Errors returned by GetInventorySchema
Errors returned by GetMaintenanceWindow
Errors returned by GetMaintenanceWindowExecution
Errors returned by GetMaintenanceWindowExecutionTask
Errors returned by GetMaintenanceWindowExecutionTaskInvocation
Errors returned by GetMaintenanceWindowTask
Errors returned by GetOpsItem
Errors returned by GetOpsMetadata
Errors returned by GetOpsSummary
Errors returned by GetParameter
Errors returned by GetParameterHistory
Errors returned by GetParametersByPath
Errors returned by GetParameters
Errors returned by GetPatchBaseline
Errors returned by GetPatchBaselineForPatchGroup
Errors returned by GetServiceSetting
Errors returned by LabelParameterVersion
Errors returned by ListAssociationVersions
Errors returned by ListAssociations
Errors returned by ListCommandInvocations
Errors returned by ListCommands
Errors returned by ListComplianceItems
Errors returned by ListComplianceSummaries
Errors returned by ListDocumentMetadataHistory
Errors returned by ListDocumentVersions
Errors returned by ListDocuments
Errors returned by ListInventoryEntries
Errors returned by ListOpsItemEvents
Errors returned by ListOpsItemRelatedItems
Errors returned by ListOpsMetadata
Errors returned by ListResourceComplianceSummaries
Errors returned by ListResourceDataSync
Errors returned by ListTagsForResource
Errors returned by ModifyDocumentPermission
Errors returned by PutComplianceItems
Errors returned by PutInventory
Errors returned by PutParameter
Errors returned by RegisterDefaultPatchBaseline
Errors returned by RegisterPatchBaselineForPatchGroup
Errors returned by RegisterTargetWithMaintenanceWindow
Errors returned by RegisterTaskWithMaintenanceWindow
Errors returned by RemoveTagsFromResource
Errors returned by ResetServiceSetting
Errors returned by ResumeSession
Errors returned by SendAutomationSignal
Errors returned by SendCommand
Errors returned by StartAssociationsOnce
Errors returned by StartAutomationExecution
Errors returned by StartChangeRequestExecution
Errors returned by StartSession
Errors returned by StopAutomationExecution
Errors returned by TerminateSession
Errors returned by UnlabelParameterVersion
Errors returned by UpdateAssociation
Errors returned by UpdateAssociationStatus
Errors returned by UpdateDocumentDefaultVersion
Errors returned by UpdateDocument
Errors returned by UpdateDocumentMetadata
Errors returned by UpdateMaintenanceWindow
Errors returned by UpdateMaintenanceWindowTarget
Errors returned by UpdateMaintenanceWindowTask
Errors returned by UpdateManagedInstanceRole
Errors returned by UpdateOpsItem
Errors returned by UpdateOpsMetadata
Errors returned by UpdatePatchBaseline
Errors returned by UpdateResourceDataSync
Errors returned by UpdateServiceSetting
Traits
Trait representing the capabilities of the Amazon SSM API. Amazon SSM clients implement this trait.