Top / Amazon Web Service / AWS Systems Manager / Maintenance Window

AWS Systems Manager Maintenance Window

This page shows how to write Terraform and CloudFormation for Systems Manager Maintenance Window and write them securely.

terraform-logo

Review your .tf file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

aws_ssm_maintenance_window (Terraform)

The Maintenance Window in Systems Manager can be configured in Terraform with the resource name aws_ssm_maintenance_window. The following sections describe 1 example of how to use the resource and its parameters.

Example Usage from GitHub

maintenance_window.tf#L1
resource "aws_ssm_maintenance_window" "maintance_Window" {
  cutoff   = 1
  duration = 4
  name     = "maintenance-window"
  schedule = "cron(0 0 ? * SUN *)"

Review your Terraform file for AWS best practices

Shisho Cloud, our free checker to make sure your Terraform configuration follows best practices, is available (beta).

Parameters

>> from Terraform Registry

Explanation in Terraform Registry

Provides an SSM Maintenance Window resource

>> from Terraform Registry

AWS::SSM::MaintenanceWindow (CloudFormation)

The MaintenanceWindow in SSM can be configured in CloudFormation with the resource name AWS::SSM::MaintenanceWindow. The following sections describe 10 examples of how to use the resource and its parameters.

Example Usage from GitHub

enable-ssm-patch.yml#L91
    Type: AWS::SSM::MaintenanceWindow
    Properties:
      AllowUnassociatedTargets: true
      Cutoff: 0 # h
      Schedule: "cron(0 18 ? * SAT *)" # JST: SUN-03:00
      Duration: 1 # h
ssm-maintenancewindow.yml#L6
    Type: "AWS::SSM::MaintenanceWindow"
    Properties:
      Description: Maintenance Window to patch Windows Server 2016 daily at 10pm
      AllowUnassociatedTargets: true
      Cutoff: 1
      Schedule: cron(0 11 ? * * *)
ssm-maintenance-window-reboot.yml#L57
    Type: AWS::SSM::MaintenanceWindow
    Properties:
      AllowUnassociatedTargets: true
      Cutoff: 0
      Description: Scheduled reboot
      Duration: 2
Schwduled-stop-start-ec2.yml#L46
    Type: AWS::SSM::MaintenanceWindow
    Properties:
      AllowUnassociatedTargets: True
      Cutoff: 0
      Description: "毎日21時にEC2を停止します"
      Duration: 1
ssm-basics-patch-manager.yml#L31
    Type: "AWS::SSM::MaintenanceWindow"
    Properties:
      AllowUnassociatedTargets: true
      Cutoff: 1
      Schedule: rate(3 hours)
      Duration: 2
cf-dev-environments-patchbaseline.json#L81
                "Type" : "AWS::SSM::MaintenanceWindow",
                "Properties" : {
                    "Name": { "Fn::Join": ["-",[{ "Fn::FindInMap": ["CustomVariables", "PatchBaselineName","Value"]},"MaintenanceWindow","Group1","Schedule1"  ]]},
                    "Description": { "Fn::Join": [" ",["MaintenanceWindow","Securitypatch","Updates",{ "Fn::FindInMap": ["CustomVariables", "PatchBaselineName","Value"]},"PatchGroup1","Schedule1" ]]},
                    "AllowUnassociatedTargets" : true,
                    "Cutoff" : 1,
CF_DeployNoRebootSSMResource.json#L78
            "Type": "AWS::SSM::MaintenanceWindow",
            "Properties": {
                "Description": "Maintenance window for ScanPatchInfoNoRebootSystems",
                "AllowUnassociatedTargets": {
                    "Ref": "AllowUnregisteredTargets"
                },
aws_ssm.json#L4
    "path": "/ResourceTypes/AWS::SSM::MaintenanceWindow/Properties/Cutoff/Value",
    "value": {
      "ValueType": "AWS::SSM::MaintenanceWindow.Cutoff"
    }
  },
  {
patching.template.json#L4
      "Type": "AWS::SSM::MaintenanceWindow",
      "Properties": {
        "AllowUnassociatedTargets": true,
        "Cutoff": 1,
        "Duration": 2,
        "Name": "Windows-Maintainance-Window",
aws_ssm.json#L4
    "path": "/ResourceTypes/AWS::SSM::MaintenanceWindow/Properties/Cutoff/Value",
    "value": {
      "ValueType": "AWS::SSM::MaintenanceWindow.Cutoff"
    }
  },
  {

Parameters

>> from AWS CloudFormation Documentation

Explanation in CloudFormation Registry

The AWS::SSM::MaintenanceWindow resource represents general information about a maintenance window for AWS Systems Manager. Maintenance Windows let you define a schedule for when to perform potentially disruptive actions on your instances, such as patching an operating system (OS), updating drivers, or installing software. Each maintenance window has a schedule, a duration, a set of registered targets, and a set of registered tasks. For more information, see Systems Manager Maintenance Windows in the AWS Systems Manager User Guide and CreateMaintenanceWindow in the AWS Systems Manager API Reference.

>> from AWS CloudFormation Documentation

The Other Related AWS Systems Manager Resources

Frequently asked questions

What is AWS Systems Manager Maintenance Window?

AWS Systems Manager Maintenance Window is a resource for Systems Manager of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.

Where can I find the example code for the AWS Systems Manager Maintenance Window?

For Terraform, the Ndomi/terraform source code example is useful. See the Terraform Example section for further details.

For CloudFormation, the matsuura0831/aws, sednanref/learning and stuartellis/ec2-evergreen source code examples are useful. See the CloudFormation Example section for further details.

security-icon

Automate config file reviews on your commits

Fix issues in your infrastructure as code with auto-generated patches.

Table of Contents