Add SNS support for SSM Maintenance Tasks

[nbrys]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

ECS SSM supports SNS subscriptions for RunCommands or Maintenance Tasks. Add this to terraform.

Add support for adding a SNS topic to Maintenance Tasks in terraform. Also extend the documentation on https://www.terraform.io/docs/providers/aws/r/ssm_maintenance_window_task.html#task_parameters

• aws_ssm_maintenance_window_task

Potential Terraform Configuration

logging_info {
    sns_role = "arn"
    sns_topic_name = ""
    sns_notify_on = ["In_Progress", "Sucess"]
    sns_notify_for = "Command"
  }

References

• #0000

[claydanford]

To add to this, if I create the task, and then manually add SNS later, it no longer sees "Install" as the first parameter, so later runs of the terraform plan/apply shows the resource needs to be recreated. Big problem since the infrastructure will always be out of date from the state.

[grumpper]

Hi,

I don't see any work carried out on this.
Are there any plans for this?
Normally one would want to get notified of the patching results...

[sakshi1225]

It's a shame that SNS option in SSM Maintenance task is not available. This is one of the potential enhancement. Can someone please look into it ?

[bflad]

Hi folks 👋 Thank you for your interest in this feature request. Releasing in version 2.20.0 of the Terraform AWS Provider later this week, the aws_ssm_maintenance_window_task resource will now support the new task_invocation_parameters configuration, which was necessary for implementing this functionality with the API, e.g.

resource "aws_ssm_maintenance_window_task" "example" {
  max_concurrency  = 2
  max_errors       = 1
  priority         = 1
  service_role_arn = "${aws_iam_role.example.arn}"
  task_arn         = "AWS-RunShellScript"
  task_type        = "RUN_COMMAND"
  window_id        = "${aws_ssm_maintenance_window.example.id}"

  targets {
    key    = "InstanceIds"
    values = ["${aws_instance.example.id}"]
  }

  task_invocation_parameters {
    run_command_parameters {
      output_s3_bucket = "${aws_s3_bucket.example.bucket}"
      output_s3_prefix = "output"
      service_role_arn = "${aws_iam_role.example.arn}"
      timeout_seconds  = 600

      notification_config {
        notification_arn    = "${aws_sns_topic.example.arn}"
        notification_events = ["All"]
        notification_type   = ["Command"]
      }

      parameter {
        name   = "commands"
        values = ["date"]
      }
    }
  }
}

The notification_config in there contains the relevant configurations for sending notifications via SNS. The documentation will be updated to include this example in #9362

For further feature requests, documentation updates, or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!