forked from aws/aws-sdk-go
-
Notifications
You must be signed in to change notification settings - Fork 0
/
service.go
153 lines (139 loc) · 6.42 KB
/
service.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
// THIS FILE IS AUTOMATICALLY GENERATED. DO NOT EDIT.
package ssm
import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/client"
"github.com/aws/aws-sdk-go/aws/client/metadata"
"github.com/aws/aws-sdk-go/aws/request"
"github.com/aws/aws-sdk-go/private/protocol/jsonrpc"
"github.com/aws/aws-sdk-go/private/signer/v4"
)
// Simple Systems Manager (SSM) is a set of capabilities that can help you manage
// your Amazon EC2 instances running on Windows. SSM enables you to run scripts
// or other common administrative tasks on your instances using either SSM Run
// Command or SSM Config.
//
// Run Command extends the server administration capabilities of SSM by offering
// an on-demand experience for executing commands. You can use pre-defined Amazon
// SSM documents (formerly called configuration documents) to perform the actions
// listed later in this section, or you can create your own documents. With
// these document, you can then remotely configure your instances by sending
// commands using the AWS command line interface (CLI), AWS Tools for Windows
// PowerShell, or the Commands page in the Amazon EC2 console. Additionally,
// because Run Command enables you to execute PowerShell commands or scripts,
// you can administer your instances remotely using PowerShell as though you
// were logged on locally to the instance. Run Command reports the status of
// the command execution for each instance targeted by a command. You can also
// audit the command execution to understand who executed commands, when, and
// what changes were made. By switching between different SSM documents, you
// can quickly configure your instances with different types of commands.
//
// SSM Config is a lightweight instance configuration solution. With SSM Config,
// you can specify a setup configuration for your instances. SSM Config is similar
// to EC2 User Data, which is another way of running one-time scripts or applying
// settings during instance launch. SSM Config is an extension of this capability.
// Using SSM documents, you can specify which actions the system should perform
// on your instances, including which applications to install, which AWS Directory
// Service directory to join, which Microsoft PowerShell modules to install,
// etc. If an instance is missing one or more of these configurations, the system
// makes those changes. By default, the system checks every five minutes to
// see if there is a new configuration to apply as defined in a new SSM document.
// If so, the system updates the instances accordingly. In this way, you can
// remotely maintain a consistent configuration baseline on your instances.
// SSM Config is available using the AWS CLI or the AWS Tools for Windows PowerShell.
//
// SSM is currently not supported on Linux instances.
//
// You can use Run Command and SSM Config to do the following:
//
// Join an AWS Directory Service directory (SSM Config and Run Command)
//
// Install, repair, or uninstall software using an MSI package (SSM Config
// and Run Command)
//
// Install PowerShell modules (SSM Config and Run Command)
//
// Configure CloudWatch Logs to monitor applications and systems (SSM Config
// and Run Command)
//
// Run PowerShell commands or scripts (Run Command only)
//
// Update the EC2Config service (Run Command only)
//
// Configure Windows Update settings (Run Command only)
//
// SSM documents run with administrative privilege on Windows instances
// because the EC2Config service runs in the Local System account. If a user
// has permission to execute any of the pre-defined SSM documents (any document
// that begins with AWS-*) then that user also has administrator access to the
// instance. Delegate access to SSM Config and Run Command judiciously. This
// becomes extremely important if you create your own SSM documents. Amazon
// Web Services does not provide guidance about how to create secure SSM documents.
// You create SSM documents and delegate access to Run Command actions at your
// own risk. As a security best practice, we recommend that you assign access
// to "AWS-*" documents, especially the AWS-RunPowerShellScript document, to
// trusted administrators only. You can create low-level SSM documents for low
// security tasks and delegate access to non-administrators.
//The service client's operations are safe to be used concurrently.
// It is not safe to mutate any of the client's properties though.
type SSM struct {
*client.Client
}
// Used for custom client initialization logic
var initClient func(*client.Client)
// Used for custom request initialization logic
var initRequest func(*request.Request)
// A ServiceName is the name of the service the client will make API calls to.
const ServiceName = "ssm"
// New creates a new instance of the SSM client with a session.
// If additional configuration is needed for the client instance use the optional
// aws.Config parameter to add your extra config.
//
// Example:
// // Create a SSM client from just a session.
// svc := ssm.New(mySession)
//
// // Create a SSM client with additional configuration
// svc := ssm.New(mySession, aws.NewConfig().WithRegion("us-west-2"))
func New(p client.ConfigProvider, cfgs ...*aws.Config) *SSM {
c := p.ClientConfig(ServiceName, cfgs...)
return newClient(*c.Config, c.Handlers, c.Endpoint, c.SigningRegion)
}
// newClient creates, initializes and returns a new service client instance.
func newClient(cfg aws.Config, handlers request.Handlers, endpoint, signingRegion string) *SSM {
svc := &SSM{
Client: client.New(
cfg,
metadata.ClientInfo{
ServiceName: ServiceName,
SigningRegion: signingRegion,
Endpoint: endpoint,
APIVersion: "2014-11-06",
JSONVersion: "1.1",
TargetPrefix: "AmazonSSM",
},
handlers,
),
}
// Handlers
svc.Handlers.Sign.PushBack(v4.Sign)
svc.Handlers.Build.PushBack(jsonrpc.Build)
svc.Handlers.Unmarshal.PushBack(jsonrpc.Unmarshal)
svc.Handlers.UnmarshalMeta.PushBack(jsonrpc.UnmarshalMeta)
svc.Handlers.UnmarshalError.PushBack(jsonrpc.UnmarshalError)
// Run custom client initialization if present
if initClient != nil {
initClient(svc.Client)
}
return svc
}
// newRequest creates a new request for a SSM operation and runs any
// custom request initialization.
func (c *SSM) newRequest(op *request.Operation, params, data interface{}) *request.Request {
req := c.NewRequest(op, params, data)
// Run custom request initialization if present
if initRequest != nil {
initRequest(req)
}
return req
}