/
ssm.ts
8674 lines (8673 loc) · 433 KB
/
ssm.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
const completionSpec: Fig.Spec = {
name: "ssm",
description:
"AWS Systems Manager AWS Systems Manager is a collection of capabilities that helps you automate management tasks such as collecting system inventory, applying operating system (OS) patches, automating the creation of Amazon Machine Images (AMIs), and configuring operating systems (OSs) and applications at scale. Systems Manager lets you remotely and securely manage the configuration of your managed instances. A managed instance is any Amazon Elastic Compute Cloud instance (EC2 instance), or any on-premises server or virtual machine (VM) in your hybrid environment that has been configured for Systems Manager. This reference is intended to be used with the AWS Systems Manager User Guide. To get started, verify prerequisites and configure managed instances. For more information, see Setting up AWS Systems Manager in the AWS Systems Manager User Guide. For information about other API actions you can perform on EC2 instances, see the Amazon EC2 API Reference. For information about how to use a Query API, see Making API requests",
subcommands: [
{
name: "add-tags-to-resource",
description:
"Adds or overwrites one or more tags for the specified resource. Tags are metadata that you can assign to your documents, managed instances, maintenance windows, Parameter Store parameters, and patch baselines. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. Each tag consists of a key and an optional value, both of which you define. For example, you could define a set of tags for your account's managed instances that helps you track each instance's owner and stack level. For example: Key=Owner and Value=DbAdmin, SysAdmin, or Dev. Or Key=Stack and Value=Production, Pre-Production, or Test. Each resource can have a maximum of 50 tags. We recommend that you devise a set of tag keys that meets your needs for each resource type. Using a consistent set of tag keys makes it easier for you to manage your resources. You can search and filter the resources based on the tags you add. Tags don't have any semantic meaning to and are interpreted strictly as a string of characters. For more information about using tags with EC2 instances, see Tagging your Amazon EC2 resources in the Amazon EC2 User Guide",
options: [
{
name: "--resource-type",
description:
"Specifies the type of resource you are tagging. The ManagedInstance type for this API action is for on-premises managed instances. You must specify the name of the managed instance in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f",
args: {
name: "string",
},
},
{
name: "--resource-id",
description:
"The resource ID you want to tag. Use the ID of the resource. Here are some examples: ManagedInstance: mi-012345abcde MaintenanceWindow: mw-012345abcde PatchBaseline: pb-012345abcde OpsMetadata object: ResourceID for tagging is created from the Amazon Resource Name (ARN) for the object. Specifically, ResourceID is created from the strings that come after the word opsmetadata in the ARN. For example, an OpsMetadata object with an ARN of arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager has a ResourceID of either aws/ssm/MyGroup/appmanager or /aws/ssm/MyGroup/appmanager. For the Document and Parameter values, use the name of the resource. The ManagedInstance type for this API action is only for on-premises managed instances. You must specify the name of the managed instance in the following format: mi-ID_number. For example, mi-1a2b3c4d5e6f",
args: {
name: "string",
},
},
{
name: "--tags",
description:
"One or more tags. The value parameter is required. Do not enter personally identifiable information in this field",
args: {
name: "list",
},
},
{
name: "--cli-input-json",
description:
"Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally",
args: {
name: "string",
},
},
{
name: "--generate-cli-skeleton",
description:
"Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command",
args: {
name: "string",
suggestions: ["input", "output"],
},
},
],
},
{
name: "cancel-command",
description:
"Attempts to cancel the command specified by the Command ID. There is no guarantee that the command will be terminated and the underlying process stopped",
options: [
{
name: "--command-id",
description: "The ID of the command you want to cancel",
args: {
name: "string",
},
},
{
name: "--instance-ids",
description:
"(Optional) A list of instance IDs on which you want to cancel the command. If not provided, the command is canceled on every instance on which it was requested",
args: {
name: "list",
},
},
{
name: "--cli-input-json",
description:
"Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally",
args: {
name: "string",
},
},
{
name: "--generate-cli-skeleton",
description:
"Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command",
args: {
name: "string",
suggestions: ["input", "output"],
},
},
],
},
{
name: "cancel-maintenance-window-execution",
description:
"Stops a maintenance window execution that is already in progress and cancels any tasks in the window that have not already starting running. (Tasks already in progress will continue to completion.)",
options: [
{
name: "--window-execution-id",
description: "The ID of the maintenance window execution to stop",
args: {
name: "string",
},
},
{
name: "--cli-input-json",
description:
"Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally",
args: {
name: "string",
},
},
{
name: "--generate-cli-skeleton",
description:
"Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command",
args: {
name: "string",
suggestions: ["input", "output"],
},
},
],
},
{
name: "create-activation",
description:
"Generates an activation code and activation ID you can use to register your on-premises server or virtual machine (VM) with Systems Manager. Registering these machines with Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and ID when installing SSM Agent on machines in your hybrid environment. For more information about requirements for managing on-premises instances and VMs using Systems Manager, see Setting up AWS Systems Manager for hybrid environments in the AWS Systems Manager User Guide. On-premises servers or VMs that are registered with Systems Manager and EC2 instances that you manage with Systems Manager are all called managed instances",
options: [
{
name: "--description",
description:
"A user-defined description of the resource that you want to register with Systems Manager. Do not enter personally identifiable information in this field",
args: {
name: "string",
},
},
{
name: "--default-instance-name",
description:
"The name of the registered, managed instance as it will appear in the Systems Manager console or when you use the AWS command line tools to list Systems Manager resources. Do not enter personally identifiable information in this field",
args: {
name: "string",
},
},
{
name: "--iam-role",
description:
"The Amazon Identity and Access Management (IAM) role that you want to assign to the managed instance. This IAM role must provide AssumeRole permissions for the Systems Manager service principal ssm.amazonaws.com. For more information, see Create an IAM service role for a hybrid environment in the AWS Systems Manager User Guide",
args: {
name: "string",
},
},
{
name: "--registration-limit",
description:
"Specify the maximum number of managed instances you want to register. The default value is 1 instance",
args: {
name: "integer",
},
},
{
name: "--expiration-date",
description:
'The date by which this activation request should expire, in timestamp format, such as "2021-07-07T00:00:00". You can specify a date up to 30 days in advance. If you don\'t provide an expiration date, the activation code expires in 24 hours',
args: {
name: "timestamp",
},
},
{
name: "--tags",
description:
'Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an activation to identify which servers or virtual machines (VMs) in your on-premises environment you intend to activate. In this case, you could specify the following key name/value pairs: Key=OS,Value=Windows Key=Environment,Value=Production When you install SSM Agent on your on-premises servers and VMs, you specify an activation ID and code. When you specify the activation ID and code, tags assigned to the activation are automatically applied to the on-premises servers or VMs. You can\'t add tags to or delete tags from an existing activation. You can tag your on-premises servers and VMs after they connect to Systems Manager for the first time and are assigned a managed instance ID. This means they are listed in the AWS Systems Manager console with an ID that is prefixed with "mi-". For information about how to add tags to your managed instances, see AddTagsToResource. For information about how to remove tags from your managed instances, see RemoveTagsFromResource',
args: {
name: "list",
},
},
{
name: "--cli-input-json",
description:
"Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally",
args: {
name: "string",
},
},
{
name: "--generate-cli-skeleton",
description:
"Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command",
args: {
name: "string",
suggestions: ["input", "output"],
},
},
],
},
{
name: "create-association",
description:
"A State Manager association defines the state that you want to maintain on your instances. For example, an association can specify that anti-virus software must be installed and running on your instances, or that certain ports must be closed. For static targets, the association specifies a schedule for when the configuration is reapplied. For dynamic targets, such as an AWS Resource Group or an AWS Autoscaling Group, State Manager applies the configuration when new instances are added to the group. The association also specifies actions to take when applying the configuration. For example, an association for anti-virus software might run once a day. If the software is not installed, then State Manager installs it. If the software is installed, but the service is not running, then the association might instruct State Manager to start the service",
options: [
{
name: "--name",
description:
"The name of the SSM document that contains the configuration information for the instance. You can specify Command or Automation documents. You can specify AWS-predefined documents, documents you created, or a document that is shared with you from another account. For SSM documents that are shared with you from other AWS accounts, you must specify the complete SSM document ARN, in the following format: arn:partition:ssm:region:account-id:document/document-name For example: arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document For AWS-predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS-ApplyPatchBaseline or My-Document",
args: {
name: "string",
},
},
{
name: "--document-version",
description:
"The document version you want to associate with the target(s). Can be a specific version or the default version",
args: {
name: "string",
},
},
{
name: "--instance-id",
description:
"The instance ID. InstanceId has been deprecated. To specify an instance ID for an association, use the Targets parameter. Requests that include the parameter InstanceID with SSM documents that use schema version 2.0 or later will fail. In addition, if you use the parameter InstanceId, you cannot use the parameters AssociationName, DocumentVersion, MaxErrors, MaxConcurrency, OutputLocation, or ScheduleExpression. To use these parameters, you must use the Targets parameter",
args: {
name: "string",
},
},
{
name: "--parameters",
description:
"The parameters for the runtime configuration of the document",
args: {
name: "map",
},
},
{
name: "--targets",
description:
"The targets for the association. You can target instances by using tags, AWS Resource Groups, all instances in an AWS account, or individual instance IDs. For more information about choosing targets for an association, see Using targets and rate controls with State Manager associations in the AWS Systems Manager User Guide",
args: {
name: "list",
},
},
{
name: "--schedule-expression",
description:
"A cron expression when the association will be applied to the target(s)",
args: {
name: "string",
},
},
{
name: "--output-location",
description:
"An S3 bucket where you want to store the output details of the request",
args: {
name: "structure",
},
},
{
name: "--association-name",
description: "Specify a descriptive name for the association",
args: {
name: "string",
},
},
{
name: "--automation-target-parameter-name",
description:
"Specify the target for the association. This target is required for associations that use an Automation document and target resources by using rate controls",
args: {
name: "string",
},
},
{
name: "--max-errors",
description:
"The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 instances and set MaxError to 10%, then the system stops sending the request when the sixth error is received. Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time",
args: {
name: "string",
},
},
{
name: "--max-concurrency",
description:
"The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time. If a new instance starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new instance will process its association within the limit specified for MaxConcurrency",
args: {
name: "string",
},
},
{
name: "--compliance-severity",
description: "The severity level to assign to the association",
args: {
name: "string",
},
},
{
name: "--sync-compliance",
description:
"The mode for generating association compliance. You can specify AUTO or MANUAL. In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT. If the association execution doesn't run successfully, the association is NON-COMPLIANT. In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API action. In this case, compliance data is not managed by State Manager. It is managed by your direct call to the PutComplianceItems API action. By default, all associations use AUTO mode",
args: {
name: "string",
},
},
{
name: "--apply-only-at-cron-interval",
description:
"By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter is not supported for rate expressions",
},
{
name: "--no-apply-only-at-cron-interval",
description:
"By default, when you create a new associations, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter is not supported for rate expressions",
},
{
name: "--target-locations",
description:
"A location is a combination of AWS Regions and AWS accounts where you want to run the association. Use this action to create an association in multiple Regions and multiple accounts",
args: {
name: "list",
},
},
{
name: "--cli-input-json",
description:
"Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally",
args: {
name: "string",
},
},
{
name: "--generate-cli-skeleton",
description:
"Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command",
args: {
name: "string",
suggestions: ["input", "output"],
},
},
],
},
{
name: "create-association-batch",
description:
"Associates the specified Systems Manager document with the specified instances or targets. When you associate a document with one or more instances using instance IDs or tags, SSM Agent running on the instance processes the document and configures the instance as specified. If you associate a document with an instance that already has an associated document, the system returns the AssociationAlreadyExists exception",
options: [
{
name: "--entries",
description: "One or more associations",
args: {
name: "list",
},
},
{
name: "--cli-input-json",
description:
"Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally",
args: {
name: "string",
},
},
{
name: "--generate-cli-skeleton",
description:
"Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command",
args: {
name: "string",
suggestions: ["input", "output"],
},
},
],
},
{
name: "create-document",
description:
"Creates a Systems Manager (SSM) document. An SSM document defines the actions that Systems Manager performs on your managed instances. For more information about SSM documents, including information about supported schemas, features, and syntax, see AWS Systems Manager Documents in the AWS Systems Manager User Guide",
options: [
{
name: "--content",
description:
"The content for the new SSM document in JSON or YAML format. We recommend storing the contents for your new document in an external JSON or YAML file and referencing the file in a command. For examples, see the following topics in the AWS Systems Manager User Guide. Create an SSM document (AWS API) Create an SSM document (AWS CLI) Create an SSM document (API)",
args: {
name: "string",
},
},
{
name: "--requires",
description:
"A list of SSM documents required by a document. This parameter is used exclusively by AWS AppConfig. When a user creates an AppConfig configuration in an SSM document, the user must also specify a required document for validation purposes. In this case, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document for validation purposes. For more information, see AWS AppConfig in the AWS Systems Manager User Guide",
args: {
name: "list",
},
},
{
name: "--attachments",
description:
"A list of key and value pairs that describe attachments to a version of a document",
args: {
name: "list",
},
},
{
name: "--name",
description:
"A name for the Systems Manager document. You can't use the following strings as document name prefixes. These are reserved by AWS for use as document name prefixes: aws- amazon amzn",
args: {
name: "string",
},
},
{
name: "--version-name",
description:
'An optional field specifying the version of the artifact you are creating with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document, and cannot be changed',
args: {
name: "string",
},
},
{
name: "--document-type",
description: "The type of document to create",
args: {
name: "string",
},
},
{
name: "--document-format",
description:
"Specify the document format for the request. The document format can be JSON, YAML, or TEXT. JSON is the default format",
args: {
name: "string",
},
},
{
name: "--target-type",
description:
"Specify a target type to define the kinds of resources the document can run on. For example, to run a document on EC2 instances, specify the following value: /AWS::EC2::Instance. If you specify a value of '/' the document can run on all types of resources. If you don't specify a value, the document can't run on any resources. For a list of valid resource types, see AWS resource and property types reference in the AWS CloudFormation User Guide",
args: {
name: "string",
},
},
{
name: "--tags",
description:
"Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an SSM document to identify the types of targets or the environment where it will run. In this case, you could specify the following key name/value pairs: Key=OS,Value=Windows Key=Environment,Value=Production To add tags to an existing SSM document, use the AddTagsToResource action",
args: {
name: "list",
},
},
{
name: "--cli-input-json",
description:
"Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally",
args: {
name: "string",
},
},
{
name: "--generate-cli-skeleton",
description:
"Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command",
args: {
name: "string",
suggestions: ["input", "output"],
},
},
],
},
{
name: "create-maintenance-window",
description:
"Creates a new maintenance window. The value you specify for Duration determines the specific end time for the maintenance window based on the time it begins. No maintenance window tasks are permitted to start after the resulting endtime minus the number of hours you specify for Cutoff. For example, if the maintenance window starts at 3 PM, the duration is three hours, and the value you specify for Cutoff is one hour, no maintenance window tasks can start after 5 PM",
options: [
{
name: "--name",
description: "The name of the maintenance window",
args: {
name: "string",
},
},
{
name: "--description",
description:
"An optional description for the maintenance window. We recommend specifying a description to help you organize your maintenance windows",
args: {
name: "string",
},
},
{
name: "--start-date",
description:
"The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become active. StartDate allows you to delay activation of the maintenance window until the specified future date",
args: {
name: "string",
},
},
{
name: "--end-date",
description:
"The date and time, in ISO-8601 Extended format, for when you want the maintenance window to become inactive. EndDate allows you to set a date and time in the future when the maintenance window will no longer run",
args: {
name: "string",
},
},
{
name: "--schedule",
description:
"The schedule of the maintenance window in the form of a cron or rate expression",
args: {
name: "string",
},
},
{
name: "--schedule-timezone",
description:
'The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format. For example: "America/Los_Angeles", "UTC", or "Asia/Seoul". For more information, see the Time Zone Database on the IANA website',
args: {
name: "string",
},
},
{
name: "--schedule-offset",
description:
"The number of days to wait after the date and time specified by a CRON expression before running the maintenance window. For example, the following cron expression schedules a maintenance window to run on the third Tuesday of every month at 11:30 PM. cron(30 23 ? * TUE#3 *) If the schedule offset is 2, the maintenance window won't run until two days later",
args: {
name: "integer",
},
},
{
name: "--duration",
description: "The duration of the maintenance window in hours",
args: {
name: "integer",
},
},
{
name: "--cutoff",
description:
"The number of hours before the end of the maintenance window that Systems Manager stops scheduling new tasks for execution",
args: {
name: "integer",
},
},
{
name: "--allow-unassociated-targets",
description:
"Enables a maintenance window task to run on managed instances, even if you have not registered those instances as targets. If enabled, then you must specify the unregistered instances (by instance ID) when you register a task with the maintenance window. If you don't enable this option, then you must specify previously-registered targets when you register a task with the maintenance window",
},
{
name: "--no-allow-unassociated-targets",
description:
"Enables a maintenance window task to run on managed instances, even if you have not registered those instances as targets. If enabled, then you must specify the unregistered instances (by instance ID) when you register a task with the maintenance window. If you don't enable this option, then you must specify previously-registered targets when you register a task with the maintenance window",
},
{
name: "--client-token",
description: "User-provided idempotency token",
args: {
name: "string",
},
},
{
name: "--tags",
description:
"Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a maintenance window to identify the type of tasks it will run, the types of targets, and the environment it will run in. In this case, you could specify the following key name/value pairs: Key=TaskType,Value=AgentUpdate Key=OS,Value=Windows Key=Environment,Value=Production To add tags to an existing maintenance window, use the AddTagsToResource action",
args: {
name: "list",
},
},
{
name: "--cli-input-json",
description:
"Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally",
args: {
name: "string",
},
},
{
name: "--generate-cli-skeleton",
description:
"Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command",
args: {
name: "string",
suggestions: ["input", "output"],
},
},
],
},
{
name: "create-ops-item",
description:
"Creates a new OpsItem. You must have permission in AWS Identity and Access Management (IAM) to create a new OpsItem. For more information, see Getting started with OpsCenter in the AWS Systems Manager User Guide. Operations engineers and IT professionals use OpsCenter to view, investigate, and remediate operational issues impacting the performance and health of their AWS resources. For more information, see AWS Systems Manager OpsCenter in the AWS Systems Manager User Guide",
options: [
{
name: "--description",
description: "Information about the OpsItem",
args: {
name: "string",
},
},
{
name: "--ops-item-type",
description:
"The type of OpsItem to create. Currently, the only valid values are /aws/changerequest and /aws/issue",
args: {
name: "string",
},
},
{
name: "--operational-data",
description:
"Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. You enter operational data as key-value pairs. The key has a maximum length of 128 characters. The value has a maximum size of 20 KB. Operational data keys can't begin with the following: amazon, aws, amzn, ssm, /amazon, /aws, /amzn, /ssm. You can choose to make the data searchable by other users in the account or you can restrict search access. Searchable data means that all users with access to the OpsItem Overview page (as provided by the DescribeOpsItems API action) can view and search on the specified data. Operational data that is not searchable is only viewable by users who have access to the OpsItem (as provided by the GetOpsItem API action). Use the /aws/resources key in OperationalData to specify a related resource in the request. Use the /aws/automations key in OperationalData to associate an Automation runbook with the OpsItem. To view AWS CLI example commands that use these keys, see Creating OpsItems manually in the AWS Systems Manager User Guide",
args: {
name: "map",
},
},
{
name: "--notifications",
description:
"The Amazon Resource Name (ARN) of an SNS topic where notifications are sent when this OpsItem is edited or changed",
args: {
name: "list",
},
},
{
name: "--priority",
description:
"The importance of this OpsItem in relation to other OpsItems in the system",
args: {
name: "integer",
},
},
{
name: "--related-ops-items",
description:
"One or more OpsItems that share something in common with the current OpsItems. For example, related OpsItems can include OpsItems with similar error messages, impacted resources, or statuses for the impacted resource",
args: {
name: "list",
},
},
{
name: "--source",
description:
"The origin of the OpsItem, such as Amazon EC2 or Systems Manager. The source name can't contain the following strings: aws, amazon, and amzn",
args: {
name: "string",
},
},
{
name: "--title",
description:
"A short heading that describes the nature of the OpsItem and the impacted resource",
args: {
name: "string",
},
},
{
name: "--tags",
description:
"Optional metadata that you assign to a resource. You can restrict access to OpsItems by using an inline IAM policy that specifies tags. For more information, see Getting started with OpsCenter in the AWS Systems Manager User Guide. Tags use a key-value pair. For example: Key=Department,Value=Finance To add tags to an existing OpsItem, use the AddTagsToResource action",
args: {
name: "list",
},
},
{
name: "--category",
description: "Specify a category to assign to an OpsItem",
args: {
name: "string",
},
},
{
name: "--severity",
description: "Specify a severity to assign to an OpsItem",
args: {
name: "string",
},
},
{
name: "--actual-start-time",
description:
"The time a runbook workflow started. Currently reported only for the OpsItem type /aws/changerequest",
args: {
name: "timestamp",
},
},
{
name: "--actual-end-time",
description:
"The time a runbook workflow ended. Currently reported only for the OpsItem type /aws/changerequest",
args: {
name: "timestamp",
},
},
{
name: "--planned-start-time",
description:
"The time specified in a change request for a runbook workflow to start. Currently supported only for the OpsItem type /aws/changerequest",
args: {
name: "timestamp",
},
},
{
name: "--planned-end-time",
description:
"The time specified in a change request for a runbook workflow to end. Currently supported only for the OpsItem type /aws/changerequest",
args: {
name: "timestamp",
},
},
{
name: "--cli-input-json",
description:
"Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally",
args: {
name: "string",
},
},
{
name: "--generate-cli-skeleton",
description:
"Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command",
args: {
name: "string",
suggestions: ["input", "output"],
},
},
],
},
{
name: "create-ops-metadata",
description:
"If you create a new application in Application Manager, Systems Manager calls this API action to specify information about the new application, including the application type",
options: [
{
name: "--resource-id",
description:
"A resource ID for a new Application Manager application",
args: {
name: "string",
},
},
{
name: "--metadata",
description: "Metadata for a new Application Manager application",
args: {
name: "map",
},
},
{
name: "--tags",
description:
"Optional metadata that you assign to a resource. You can specify a maximum of five tags for an OpsMetadata object. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an OpsMetadata object to identify an environment or target AWS Region. In this case, you could specify the following key-value pairs: Key=Environment,Value=Production Key=Region,Value=us-east-2",
args: {
name: "list",
},
},
{
name: "--cli-input-json",
description:
"Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally",
args: {
name: "string",
},
},
{
name: "--generate-cli-skeleton",
description:
"Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command",
args: {
name: "string",
suggestions: ["input", "output"],
},
},
],
},
{
name: "create-patch-baseline",
description:
"Creates a patch baseline. For information about valid key and value pairs in PatchFilters for each supported operating system type, see PatchFilter",
options: [
{
name: "--operating-system",
description:
"Defines the operating system the patch baseline applies to. The Default value is WINDOWS",
args: {
name: "string",
},
},
{
name: "--name",
description: "The name of the patch baseline",
args: {
name: "string",
},
},
{
name: "--global-filters",
description:
"A set of global filters used to include patches in the baseline",
args: {
name: "structure",
},
},
{
name: "--approval-rules",
description: "A set of rules used to include patches in the baseline",
args: {
name: "structure",
},
},
{
name: "--approved-patches",
description:
"A list of explicitly approved patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide",
args: {
name: "list",
},
},
{
name: "--approved-patches-compliance-level",
description:
"Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is UNSPECIFIED",
args: {
name: "string",
},
},
{
name: "--approved-patches-enable-non-security",
description:
"Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only",
},
{
name: "--no-approved-patches-enable-non-security",
description:
"Indicates whether the list of approved patches includes non-security updates that should be applied to the instances. The default value is 'false'. Applies to Linux instances only",
},
{
name: "--rejected-patches",
description:
"A list of explicitly rejected patches for the baseline. For information about accepted formats for lists of approved patches and rejected patches, see About package name formats for approved and rejected patch lists in the AWS Systems Manager User Guide",
args: {
name: "list",
},
},
{
name: "--rejected-patches-action",
description:
"The action for Patch Manager to take on patches included in the RejectedPackages list. ALLOW_AS_DEPENDENCY: A package in the Rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as InstalledOther. This is the default action if no option is specified. BLOCK: Packages in the RejectedPatches list, and packages that include them as dependencies, are not installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as InstalledRejected",
args: {
name: "string",
},
},
{
name: "--description",
description: "A description of the patch baseline",
args: {
name: "string",
},
},
{
name: "--sources",
description:
"Information about the patches to use to update the instances, including target operating systems and source repositories. Applies to Linux instances only",
args: {
name: "list",
},
},
{
name: "--client-token",
description: "User-provided idempotency token",
args: {
name: "string",
},
},
{
name: "--tags",
description:
"Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to. In this case, you could specify the following key name/value pairs: Key=PatchSeverity,Value=Critical Key=OS,Value=Windows To add tags to an existing patch baseline, use the AddTagsToResource action",
args: {
name: "list",
},
},
{
name: "--cli-input-json",
description:
"Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally",
args: {
name: "string",
},
},
{
name: "--generate-cli-skeleton",
description:
"Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command",
args: {
name: "string",
suggestions: ["input", "output"],
},
},
],
},
{
name: "create-resource-data-sync",
description:
"A resource data sync helps you view data from multiple sources in a single location. Systems Manager offers two types of resource data sync: SyncToDestination and SyncFromSource. You can configure Systems Manager Inventory to use the SyncToDestination type to synchronize Inventory data from multiple AWS Regions to a single S3 bucket. For more information, see Configuring Resource Data Sync for Inventory in the AWS Systems Manager User Guide. You can configure Systems Manager Explorer to use the SyncFromSource type to synchronize operational work items (OpsItems) and operational data (OpsData) from multiple AWS Regions to a single S3 bucket. This type can synchronize OpsItems and OpsData from multiple AWS accounts and Regions or EntireOrganization by using AWS Organizations. For more information, see Setting up Systems Manager Explorer to display data from multiple accounts and Regions in the AWS Systems Manager User Guide. A resource data sync is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data. To check the status of a sync, use the ListResourceDataSync. By default, data is not encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy",
options: [
{
name: "--sync-name",
description: "A name for the configuration",
args: {
name: "string",
},
},
{
name: "--s3-destination",
description:
"Amazon S3 configuration details for the sync. This parameter is required if the SyncType value is SyncToDestination",
args: {
name: "structure",
},
},
{
name: "--sync-type",
description:
"Specify SyncToDestination to create a resource data sync that synchronizes data to an S3 bucket for Inventory. If you specify SyncToDestination, you must provide a value for S3Destination. Specify SyncFromSource to synchronize data from a single account and multiple Regions, or multiple AWS accounts and Regions, as listed in AWS Organizations for Explorer. If you specify SyncFromSource, you must provide a value for SyncSource. The default value is SyncToDestination",
args: {
name: "string",
},
},
{
name: "--sync-source",
description:
"Specify information about the data sources to synchronize. This parameter is required if the SyncType value is SyncFromSource",
args: {
name: "structure",
},
},
{
name: "--cli-input-json",
description:
"Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally",
args: {
name: "string",
},
},
{
name: "--generate-cli-skeleton",
description:
"Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command",
args: {
name: "string",
suggestions: ["input", "output"],
},
},
],
},
{
name: "delete-activation",
description:
"Deletes an activation. You are not required to delete an activation. If you delete an activation, you can no longer use it to register additional managed instances. Deleting an activation does not de-register managed instances. You must manually de-register managed instances",
options: [
{
name: "--activation-id",
description: "The ID of the activation that you want to delete",
args: {
name: "string",
},
},
{
name: "--cli-input-json",
description:
"Performs service operation based on the JSON string provided. The JSON string follows the format provided by ``--generate-cli-skeleton``. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally",
args: {
name: "string",
},
},
{
name: "--generate-cli-skeleton",
description:
"Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value ``input``, prints a sample input JSON that can be used as an argument for ``--cli-input-json``. If provided with the value ``output``, it validates the command inputs and returns a sample output JSON for that command",
args: {
name: "string",
suggestions: ["input", "output"],
},
},
],
},
{
name: "delete-association",
description:
"Disassociates the specified Systems Manager document from the specified instance. When you disassociate a document from an instance, it does not change the configuration of the instance. To change the configuration state of an instance after you disassociate a document, you must create a new document with the desired configuration and associate it with the instance",
options: [
{
name: "--name",
description: "The name of the Systems Manager document",
args: {
name: "string",
},
},
{
name: "--instance-id",
description: "The ID of the instance",
args: {