AWS Systems Manager Document

This page shows how to write Terraform and CloudFormation for Systems Manager Document and write them securely.

aws_ssm_document (Terraform)

The Document in Systems Manager can be configured in Terraform with the resource name aws_ssm_document. The following sections describe 2 examples of how to use the resource and its parameters.

Example Usage from GitHub

main.tf#L3
resource "aws_ssm_document" "s3_enabled_encrypted" {
  name          = "SSM-SessionManagerRunShell"
  document_type = "Session"

  content = <<DOC
  {
main.tf#L3
resource "aws_ssm_document" "s3_enabled_encrypted" {
  name          = "SSM-SessionManagerRunShell"
  document_type = "Session"

  content = <<DOC
  {

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

Explanation in Terraform Registry

Provides an SSM Document resource

NOTE on updating SSM documents: Only documents with a schema version of 2.0 or greater can update their content once created, see [SSM Schema Features][1]. To update a document with an older schema version you must recreate the resource. Not all document types support a schema version of 2.0 or greater. Refer to [SSM document schema features and examples][2] for information about which schema versions are supported for the respective document_type.

AWS::SSM::Document (CloudFormation)

The Document in SSM can be configured in CloudFormation with the resource name AWS::SSM::Document. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

ssm-basics-automation.yml#L8
    Type: "AWS::SSM::Document"
    Properties:
      DocumentType: Automation
      Content:
        description: Restart EC2 instances
        schemaVersion: '0.3'
ssm.yml#L7
    Type: AWS::SSM::Document
    Properties:
      Content:
        schemaVersion: "2.2"
        description: "Reload the Falco configuration and restart the Falco engine without killing the PID."
        mainSteps:
ssm_documents.yml#L7
    Type: "AWS::SSM::Document"
    Properties:
      DocumentType: "Command"
      Content:
        schemaVersion: "1.2"
        description: "Additional Packages"
aws-security-hub-pci-remediations-template1.yml#L466
    Type: AWS::SSM::Document
    Properties:
      DocumentType: Automation
      Name: PCICloudTrail1Automation
      Content:
        schemaVersion: '0.3'
SSMLabCFTemplate.yml#L273
    Type: "AWS::SSM::Document"
    DependsOn: [RestartWindowsUpdate, SSMApprovalSNSTopic]
    Properties:
      DocumentType: 'Automation'
      Content:
        description: Restarts Windows Update with Approval
SSMDocumentSpecification.json#L4
    "AWS::SSM::Document": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html",
      "Properties": {
        "Content": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-content",
          "PrimitiveType": "Json",
SSMDocumentSpecification.json#L4
    "AWS::SSM::Document": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html",
      "Properties": {
        "Content": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-content",
          "PrimitiveType": "Json",
SSMDocumentSpecification.json#L22
    "AWS::SSM::Document": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html",
      "Properties": {
        "Content": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-content",
          "PrimitiveType": "Json",
SSMDocumentSpecification.json#L22
    "AWS::SSM::Document": {
      "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html",
      "Properties": {
        "Content": {
          "Documentation": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-content",
          "PrimitiveType": "Json",
ssm.json#L145
      "Type": "AWS::SSM::Document",
      "Properties": {
        "Content": {
          "schemaVersion": "2.2",
          "description": "installs and configures the aws-samples/amazon-sagemaker-BYOD-template project on the instance.",
          "mainSteps": [

Parameters

Explanation in CloudFormation Registry

The AWS::SSM::Document resource creates a Systems Manager (SSM) document in AWS Systems Manager. This document defines the actions that Systems Manager performs on your AWS resources.

Note This resource does not support CloudFormation drift detection.

Frequently asked questions

What is AWS Systems Manager Document?

AWS Systems Manager Document is a resource for Systems Manager of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Systems Manager Document?

For Terraform, the SnidermanIndustries/checkov-fork and melscoop-test/check source code examples are useful. See the Terraform Example section for further details.

For CloudFormation, the rajjeet/CloudformationStarters, chmreid/2020-falco-cloudwatch-cloudformation and amimoto-ami/ssm_inventry_resources source code examples are useful. See the CloudFormation Example section for further details.