AWS Systems Manager Document
This page shows how to write Terraform and CloudFormation for Systems Manager Document and write them securely.
aws_ssm_document (Terraform)
The Document in Systems Manager can be configured in Terraform with the resource name aws_ssm_document. The following sections describe 2 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_ssm_document" "s3_enabled_encrypted" {
name = "SSM-SessionManagerRunShell"
document_type = "Session"
content = <<DOC
{
resource "aws_ssm_document" "s3_enabled_encrypted" {
name = "SSM-SessionManagerRunShell"
document_type = "Session"
content = <<DOC
{
Parameters
-
arnoptional computed - string -
contentrequired - string -
created_dateoptional computed - string -
default_versionoptional computed - string -
descriptionoptional computed - string -
document_formatoptional - string -
document_typerequired - string -
document_versionoptional computed - string -
hashoptional computed - string -
hash_typeoptional computed - string -
idoptional computed - string -
latest_versionoptional computed - string -
namerequired - string -
owneroptional computed - string -
parameteroptional computed - list of object-
default_value- string -
description- string -
name- string -
type- string
-
-
permissionsoptional - map from string to string -
platform_typesoptional computed - list of string -
schema_versionoptional computed - string -
statusoptional computed - string -
tagsoptional - map from string to string -
target_typeoptional - string -
version_nameoptional - string -
attachments_sourcelist block
Explanation in Terraform Registry
Provides an SSM Document resource
NOTE on updating SSM documents: Only documents with a schema version of 2.0 or greater can update their content once created, see [SSM Schema Features][1]. To update a document with an older schema version you must recreate the resource. Not all document types support a schema version of 2.0 or greater. Refer to [SSM document schema features and examples][2] for information about which schema versions are supported for the respective
document_type.
AWS::SSM::Document (CloudFormation)
The Document in SSM can be configured in CloudFormation with the resource name AWS::SSM::Document. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: "AWS::SSM::Document"
Properties:
DocumentType: Automation
Content:
description: Restart EC2 instances
schemaVersion: '0.3'
Type: "AWS::SSM::Document"
Properties:
DocumentType: "Command"
Content:
schemaVersion: "1.2"
description: "Additional Packages"
Type: AWS::SSM::Document
Properties:
Content:
schemaVersion: "2.2"
description: "Reload the Falco configuration and restart the Falco engine without killing the PID."
mainSteps:
Type: AWS::SSM::Document
Properties:
DocumentType: Automation
Name: PCICloudTrail1Automation
Content:
schemaVersion: '0.3'
Type: "AWS::SSM::Document"
DependsOn: [RestartWindowsUpdate, SSMApprovalSNSTopic]
Properties:
DocumentType: 'Automation'
Content:
description: Restarts Windows Update with Approval
"AWS::SSM::Document": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html",
"Properties": {
"Content": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-content",
"PrimitiveType": "Json",
"AWS::SSM::Document": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html",
"Properties": {
"Content": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-content",
"PrimitiveType": "Json",
"AWS::SSM::Document": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html",
"Properties": {
"Content": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-content",
"PrimitiveType": "Json",
"AWS::SSM::Document": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html",
"Properties": {
"Content": {
"Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-content",
"PrimitiveType": "Json",
"Type": "AWS::SSM::Document",
"Properties": {
"Content": {
"schemaVersion": "2.2",
"description": "installs and configures the aws-samples/amazon-sagemaker-BYOD-template project on the instance.",
"mainSteps": [
Parameters
-
Contentrequired - Json -
Attachmentsoptional - List of AttachmentsSource -
Nameoptional - String -
VersionNameoptional - String -
DocumentTypeoptional - String -
DocumentFormatoptional - String -
TargetTypeoptional - String -
Tagsoptional - List of Tag -
Requiresoptional - List of DocumentRequires
Explanation in CloudFormation Registry
The
AWS::SSM::Documentresource creates a Systems Manager (SSM) document in AWS Systems Manager. This document defines the actions that Systems Manager performs on your AWS resources.Note This resource does not support CloudFormation drift detection.
Frequently asked questions
What is AWS Systems Manager Document?
AWS Systems Manager Document is a resource for Systems Manager of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Systems Manager Document?
For Terraform, the SnidermanIndustries/checkov-fork and melscoop-test/check source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the rajjeet/CloudformationStarters, amimoto-ami/ssm_inventry_resources and chmreid/2020-falco-cloudwatch-cloudformation source code examples are useful. See the CloudFormation Example section for further details.
