diff --git a/clients/client-ssm/src/commands/CreateActivationCommand.ts b/clients/client-ssm/src/commands/CreateActivationCommand.ts index 03bc1c8d212c4..2522d8358bd03 100644 --- a/clients/client-ssm/src/commands/CreateActivationCommand.ts +++ b/clients/client-ssm/src/commands/CreateActivationCommand.ts @@ -32,9 +32,8 @@ export interface CreateActivationCommandOutput extends CreateActivationResult, _ * servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with * Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and * ID when installing SSM Agent on machines in your hybrid environment. For more information about - * requirements for managing on-premises machines using Systems Manager, see Setting up - * Amazon Web Services Systems Manager for hybrid and multicloud environments in the - * Amazon Web Services Systems Manager User Guide.
+ * requirements for managing on-premises machines using Systems Manager, see Using Amazon Web Services Systems Manager in + * hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide. *Amazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that are * configured for Systems Manager are all called managed nodes.
diff --git a/clients/client-ssm/src/commands/CreateAssociationBatchCommand.ts b/clients/client-ssm/src/commands/CreateAssociationBatchCommand.ts index 58b136dffeb9d..8f9482df0f59b 100644 --- a/clients/client-ssm/src/commands/CreateAssociationBatchCommand.ts +++ b/clients/client-ssm/src/commands/CreateAssociationBatchCommand.ts @@ -102,6 +102,20 @@ export interface CreateAssociationBatchCommandOutput extends CreateAssociationBa * }, * ], * }, + * IncludeChildOrganizationUnits: true || false, + * ExcludeAccounts: [ // ExcludeAccounts + * "STRING_VALUE", + * ], + * Targets: [ + * { + * Key: "STRING_VALUE", + * Values: [ + * "STRING_VALUE", + * ], + * }, + * ], + * TargetsMaxConcurrency: "STRING_VALUE", + * TargetsMaxErrors: "STRING_VALUE", * }, * ], * ScheduleOffset: Number("int"), @@ -201,6 +215,20 @@ export interface CreateAssociationBatchCommandOutput extends CreateAssociationBa * // }, * // ], * // }, + * // IncludeChildOrganizationUnits: true || false, + * // ExcludeAccounts: [ // ExcludeAccounts + * // "STRING_VALUE", + * // ], + * // Targets: [ + * // { + * // Key: "STRING_VALUE", + * // Values: [ + * // "STRING_VALUE", + * // ], + * // }, + * // ], + * // TargetsMaxConcurrency: "STRING_VALUE", + * // TargetsMaxErrors: "STRING_VALUE", * // }, * // ], * // ScheduleOffset: Number("int"), @@ -240,14 +268,7 @@ export interface CreateAssociationBatchCommandOutput extends CreateAssociationBa * // }, * // AutomationTargetParameterName: "STRING_VALUE", * // DocumentVersion: "STRING_VALUE", - * // Targets: [ - * // { - * // Key: "STRING_VALUE", - * // Values: [ - * // "STRING_VALUE", - * // ], - * // }, - * // ], + * // Targets: "Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs * on your managed nodes. For more information about SSM documents, including information about - * supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the + * supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the * Amazon Web Services Systems Manager User Guide.
* @example * Use a bare-bones client and the command you need to make an API call. diff --git a/clients/client-ssm/src/commands/CreateResourceDataSyncCommand.ts b/clients/client-ssm/src/commands/CreateResourceDataSyncCommand.ts index b45541d48e956..74e58439f4e23 100644 --- a/clients/client-ssm/src/commands/CreateResourceDataSyncCommand.ts +++ b/clients/client-ssm/src/commands/CreateResourceDataSyncCommand.ts @@ -32,8 +32,8 @@ export interface CreateResourceDataSyncCommandOutput extends CreateResourceDataS * Amazon Web Services Systems Manager offers two types of resource data sync:SyncToDestination
and
* SyncFromSource
.
* You can configure Systems Manager Inventory to use the SyncToDestination
type to
- * synchronize Inventory data from multiple Amazon Web Services Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Configuring resource data
- * sync for Inventory in the Amazon Web Services Systems Manager User Guide.
You can configure Systems Manager Explorer to use the The specified target managed node for the session isn't fully configured for use with Session Manager.
- * For more information, see Getting started with
+ * For more information, see Setting up
* Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you
* attempt to start a session on a managed node that is located in a different account or
* Region The name of the Identity and Access Management (IAM) role that you want to assign to
* the managed node. This IAM role must provide AssumeRole permissions for the
- * Amazon Web Services Systems Manager service principal SyncFromSource
type to synchronize
* operational work items (OpsItems) and operational data (OpsData) from multiple Amazon Web Services Regions to a
* single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple
diff --git a/clients/client-ssm/src/commands/DescribeAssociationCommand.ts b/clients/client-ssm/src/commands/DescribeAssociationCommand.ts
index 576bde5671810..34bbedfe216cb 100644
--- a/clients/client-ssm/src/commands/DescribeAssociationCommand.ts
+++ b/clients/client-ssm/src/commands/DescribeAssociationCommand.ts
@@ -123,6 +123,20 @@ export interface DescribeAssociationCommandOutput extends DescribeAssociationRes
* // },
* // ],
* // },
+ * // IncludeChildOrganizationUnits: true || false,
+ * // ExcludeAccounts: [ // ExcludeAccounts
+ * // "STRING_VALUE",
+ * // ],
+ * // Targets: [
+ * // {
+ * // Key: "STRING_VALUE",
+ * // Values: [
+ * // "STRING_VALUE",
+ * // ],
+ * // },
+ * // ],
+ * // TargetsMaxConcurrency: "STRING_VALUE",
+ * // TargetsMaxErrors: "STRING_VALUE",
* // },
* // ],
* // ScheduleOffset: Number("int"),
diff --git a/clients/client-ssm/src/commands/DescribeAutomationExecutionsCommand.ts b/clients/client-ssm/src/commands/DescribeAutomationExecutionsCommand.ts
index 7336c3269840b..50eb9a4b13d1d 100644
--- a/clients/client-ssm/src/commands/DescribeAutomationExecutionsCommand.ts
+++ b/clients/client-ssm/src/commands/DescribeAutomationExecutionsCommand.ts
@@ -115,6 +115,7 @@ export interface DescribeAutomationExecutionsCommandOutput
* // State: "UNKNOWN" || "ALARM", // required
* // },
* // ],
+ * // TargetLocationsURL: "STRING_VALUE",
* // AutomationSubtype: "ChangeRequest",
* // ScheduledTime: new Date("TIMESTAMP"),
* // Runbooks: [ // Runbooks
@@ -163,6 +164,13 @@ export interface DescribeAutomationExecutionsCommandOutput
* // },
* // ],
* // },
+ * // IncludeChildOrganizationUnits: true || false,
+ * // ExcludeAccounts: [ // ExcludeAccounts
+ * // "STRING_VALUE",
+ * // ],
+ * // Targets: "ssm.amazonaws.com
. For more information, see Create an
- * IAM service role for a hybrid and multicloud environment in the
- * Amazon Web Services Systems Manager User Guide.ssm.amazonaws.com
. For more information, see Create the IAM service role required for Systems Manager in a hybrid and multicloud
+ * environments in the Amazon Web Services Systems Manager User Guide.
You can't specify an IAM service-linked role for this parameter. You must * create a unique role.
@@ -781,7 +780,7 @@ export interface CreateActivationRequest { /** *The date by which this activation request should expire, in timestamp format, such as - * "2021-07-07T00:00:00". You can specify a date up to 30 days in advance. If you don't provide an + * "2024-07-07T00:00:00". You can specify a date up to 30 days in advance. If you don't provide an * expiration date, the activation code expires in 24 hours.
* @public */ @@ -977,53 +976,6 @@ export const AssociationSyncCompliance = { */ export type AssociationSyncCompliance = (typeof AssociationSyncCompliance)[keyof typeof AssociationSyncCompliance]; -/** - *The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation - * execution.
- * @public - */ -export interface TargetLocation { - /** - *The Amazon Web Services accounts targeted by the current Automation execution.
- * @public - */ - Accounts?: string[]; - - /** - *The Amazon Web Services Regions targeted by the current Automation execution.
- * @public - */ - Regions?: string[]; - - /** - *The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation - * concurrently.
- * @public - */ - TargetLocationMaxConcurrency?: string; - - /** - *The maximum number of errors allowed before the system stops queueing additional Automation - * executions for the currently running Automation.
- * @public - */ - TargetLocationMaxErrors?: string; - - /** - *The Automation execution role used by the currently running Automation. If not specified,
- * the default value is AWS-SystemsManager-AutomationExecutionRole
.
The details for the CloudWatch alarm you want to apply to an automation or - * command.
- * @public - */ - TargetLocationAlarmConfiguration?: AlarmConfiguration; -} - /** *An array of search criteria that targets managed nodes using a key-value pair that you * specify.
@@ -1159,6 +1111,91 @@ export interface Target { Values?: string[]; } +/** + *The combination of Amazon Web Services Regions and Amazon Web Services accounts targeted by the current Automation + * execution.
+ * @public + */ +export interface TargetLocation { + /** + *The Amazon Web Services accounts targeted by the current Automation execution.
+ * @public + */ + Accounts?: string[]; + + /** + *The Amazon Web Services Regions targeted by the current Automation execution.
+ * @public + */ + Regions?: string[]; + + /** + *The maximum number of Amazon Web Services Regions and Amazon Web Services accounts allowed to run the Automation + * concurrently.
+ * @public + */ + TargetLocationMaxConcurrency?: string; + + /** + *The maximum number of errors allowed before the system stops queueing additional Automation + * executions for the currently running Automation.
+ * @public + */ + TargetLocationMaxErrors?: string; + + /** + *The Automation execution role used by the currently running Automation. If not specified,
+ * the default value is AWS-SystemsManager-AutomationExecutionRole
.
The details for the CloudWatch alarm you want to apply to an automation or + * command.
+ * @public + */ + TargetLocationAlarmConfiguration?: AlarmConfiguration; + + /** + *Indicates whether to include child organizational units (OUs) that are children of the
+ * targeted OUs. The default is false
.
Amazon Web Services accounts or organizational units to exclude as expanded targets.
+ * @public + */ + ExcludeAccounts?: string[]; + + /** + *A list of key-value mappings to target resources. If you specify values for this data type,
+ * you must also specify a value for TargetParameterName
.
This Targets
parameter takes precedence over the
+ * StartAutomationExecution:Targets
parameter if both are supplied.
The maximum number of targets allowed to run this task in parallel. This
+ * TargetsMaxConcurrency
takes precedence over the
+ * StartAutomationExecution:MaxConcurrency
parameter if both are supplied.
The maximum number of errors that are allowed before the system stops running the automation
+ * on additional targets. This TargetsMaxErrors
parameter takes precedence over the
+ * StartAutomationExecution:MaxErrors
parameter if both are supplied.
The targets for the association. You can target managed nodes by using tags, Amazon Web Services resource
* groups, all managed nodes in an Amazon Web Services account, or individual managed node IDs. You can target all
* managed nodes in an Amazon Web Services account by specifying the InstanceIds
key with a value of
- * *
. For more information about choosing targets for an association, see About targets and rate controls in State Manager associations in the
+ * *
. For more information about choosing targets for an association, see Understanding targets and rate controls in State Manager associations in the
* Amazon Web Services Systems Manager User Guide.
For the key SourceUrl, the value is an S3 bucket location. For * example:
*
- * "Values": [ "s3://doc-example-bucket/my-folder" ]
+ * "Values": [ "s3://amzn-s3-demo-bucket/my-prefix" ]
*
For the key S3FileUrl, the value is a file in an S3 bucket. For * example:
*
- * "Values": [ "s3://doc-example-bucket/my-folder/my-file.py" ]
+ * "Values": [ "s3://amzn-s3-demo-bucket/my-prefix/my-file.py" ]
*
The number of days after the release date of each patch matched by the rule that the patch
* is marked as approved in the patch baseline. For example, a value of 7
means that
* patches are approved seven days after they are released.
This parameter is marked as not required, but your request must include a value
- * for either ApproveAfterDays
or ApproveUntilDate
.
Not supported for Debian Server or Ubuntu Server.
+ *This parameter is marked as Required: No
, but your request must include a value
+ * for either ApproveAfterDays
or ApproveUntilDate
.
Not supported for Debian Server or Ubuntu Server.
+ *Use caution when setting this value for Windows Server patch baselines. Because patch + * updates that are replaced by later updates are removed, setting too broad a value for this + * parameter can result in crucial patches not being installed. For more information, see the + * Windows Server tab in the topic How security + * patches are selected in the Amazon Web Services Systems Manager User Guide.
+ *The cutoff date for auto approval of released patches. Any patches released on or before * this date are installed automatically.
*Enter dates in the format YYYY-MM-DD
. For example,
- * 2021-12-31
.
This parameter is marked as not required, but your request must include a value
- * for either ApproveUntilDate
or ApproveAfterDays
.
2024-12-31
.
+ * This parameter is marked as Required: No
, but your request must include a value
+ * for either ApproveUntilDate
or ApproveAfterDays
.
Not supported for Debian Server or Ubuntu Server.
+ *Use caution when setting this value for Windows Server patch baselines. Because patch + * updates that are replaced by later updates are removed, setting too broad a value for this + * parameter can result in crucial patches not being installed. For more information, see the + * Windows Server tab in the topic How security + * patches are selected in the Amazon Web Services Systems Manager User Guide.
+ *A list of explicitly approved patches for the baseline.
*For information about accepted formats for lists of approved patches and rejected patches, - * see About - * package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
+ * see Package + * name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide. * @public */ ApprovedPatches?: string[]; @@ -3850,8 +3897,8 @@ export interface CreatePatchBaselineRequest { /** *A list of explicitly rejected patches for the baseline.
*For information about accepted formats for lists of approved patches and rejected patches, - * see About - * package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
+ * see Package + * name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide. * @public */ RejectedPatches?: string[]; @@ -4527,8 +4574,7 @@ export interface DeleteInventoryResult { TypeName?: string; /** - *A summary of the delete operation. For more information about this summary, see Understanding the delete inventory summary in the - * Amazon Web Services Systems Manager User Guide.
+ *A summary of the delete operation. For more information about this summary, see Deleting custom inventory in the Amazon Web Services Systems Manager User Guide.
* @public */ DeletionSummary?: InventoryDeletionSummary; @@ -6079,7 +6125,7 @@ export interface AutomationExecutionMetadata { /** *Use this filter with DescribeAutomationExecutions. Specify either Local or * CrossAccount. CrossAccount is an Automation that runs in multiple Amazon Web Services Regions and - * Amazon Web Services accounts. For more information, see Running Automation workflows in multiple Amazon Web Services Regions and accounts in the + * Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the * Amazon Web Services Systems Manager User Guide.
* @public */ @@ -6097,6 +6143,13 @@ export interface AutomationExecutionMetadata { */ TriggeredAlarms?: AlarmStateInformation[]; + /** + *A publicly accessible URL for a file that contains the TargetLocations
body.
+ * Currently, only files in presigned Amazon S3 buckets are supported
The subtype of the Automation operation. Currently, the only supported value is
* ChangeRequest
.
DefaultInstanceName
* property using the CreateActivation command. It is applied to the managed node
* by specifying the Activation Code and Activation ID when you install SSM Agent on the node, as
- * explained in Install SSM Agent for a
- * hybrid and multicloud environment (Linux) and Install SSM Agent for a
- * hybrid and multicloud environment (Windows). To retrieve the Name
tag of an
- * EC2 instance, use the Amazon EC2 DescribeInstances
operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.
+ * explained in How to
+ * install SSM Agent on hybrid Linux nodes and How to
+ * install SSM Agent on hybrid Windows Server nodes. To retrieve the Name
tag
+ * of an EC2 instance, use the Amazon EC2 DescribeInstances
operation. For information, see
+ * DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.
* @public
*/
Name?: string;
@@ -7889,8 +7943,8 @@ export interface DescribeInstancePatchesRequest {
* Sample values: Installed
| InstalledOther
|
* InstalledPendingReboot
*
For lists of all State
values, see Understanding
- * patch compliance state values in the Amazon Web Services Systems Manager User Guide.
For lists of all State
values, see Patch compliance
+ * state values in the Amazon Web Services Systems Manager User Guide.
The state of the patch on the managed node, such as INSTALLED or FAILED.
- *For descriptions of each patch state, see About patch compliance in the Amazon Web Services Systems Manager User Guide.
+ *For descriptions of each patch state, see About + * patch compliance in the Amazon Web Services Systems Manager User Guide.
* @public */ State: PatchComplianceDataState | undefined; @@ -8119,8 +8174,8 @@ export interface InstancePatchState { * patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML * format and specify in the SSM documentAWS-RunPatchBaseline
, overrides the patches
* specified by the default patch baseline.
- * For more information about the For more information about the Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the
+ * Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the
* Amazon Web Services Systems Manager User Guide. Values. An array of strings, each between 1 and 256 characters. Supported values are
* date/time strings in a valid ISO 8601 date/time format, such as
- * InstallOverrideList
parameter, see About the
- * AWS-RunPatchBaseline SSM document
+ * InstallOverrideList
parameter, see SSM Command
+ * document for patching: AWS-RunPatchBaseline
* in the
* Amazon Web Services Systems Manager User Guide.2021-11-04T05:00:00Z
.2024-11-04T05:00:00Z
.
However, for an improved security posture, we strongly recommend creating a custom * policy and custom service role for running your maintenance window tasks. The policy * can be crafted to provide only the permissions needed for your particular - * maintenance window tasks. For more information, see Setting up maintenance windows in the in the + * maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the * Amazon Web Services Systems Manager User Guide.
* @public */ @@ -737,8 +737,7 @@ export interface OpsItemSummary { Source?: string; /** - *The OpsItem status. Status can be Open
, In Progress
, or
- * Resolved
.
The OpsItem status.
* @public */ Status?: OpsItemStatus; @@ -1581,11 +1580,11 @@ export interface SessionFilter { *InvokedAfter: Specify a timestamp to limit your results. For example, specify - * 2018-08-29T00:00:00Z to see sessions that started August 29, 2018, and later.
+ * 2024-08-29T00:00:00Z to see sessions that started August 29, 2024, and later. *InvokedBefore: Specify a timestamp to limit your results. For example, specify - * 2018-08-29T00:00:00Z to see sessions that started before August 29, 2018.
+ * 2024-08-29T00:00:00Z to see sessions that started before August 29, 2024. *Target: Specify a managed node to which session connections have been made.
@@ -2073,6 +2072,13 @@ export interface AutomationExecution { */ TriggeredAlarms?: AlarmStateInformation[]; + /** + *A publicly accessible URL for a file that contains the TargetLocations
body.
+ * Currently, only files in presigned Amazon S3 buckets are supported
The subtype of the Automation operation. Currently, the only supported value is
* ChangeRequest
.
A list of explicitly approved patches for the baseline.
*For information about accepted formats for lists of approved patches and rejected patches, - * see About - * package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
+ * see Package + * name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide. * @public */ ApprovedPatches?: string[]; @@ -2654,8 +2660,8 @@ export interface BaselineOverride { /** *A list of explicitly rejected patches for the baseline.
*For information about accepted formats for lists of approved patches and rejected patches, - * see About - * package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
+ * see Package + * name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide. * @public */ RejectedPatches?: string[]; @@ -2981,8 +2987,7 @@ export interface InventoryFilter { *The type of filter.
*The Exists
filter must be used with aggregators. For more information, see
- * Aggregating inventory
- * data in the Amazon Web Services Systems Manager User Guide.
However, for an improved security posture, we strongly recommend creating a custom * policy and custom service role for running your maintenance window tasks. The policy * can be crafted to provide only the permissions needed for your particular - * maintenance window tasks. For more information, see Setting up maintenance windows in the in the + * maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the * Amazon Web Services Systems Manager User Guide.
* @public */ @@ -4076,7 +4081,7 @@ export interface GetMaintenanceWindowTaskResult { *However, for an improved security posture, we strongly recommend creating a custom * policy and custom service role for running your maintenance window tasks. The policy * can be crafted to provide only the permissions needed for your particular - * maintenance window tasks. For more information, see Setting up maintenance windows in the in the + * maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the * Amazon Web Services Systems Manager User Guide.
* @public */ @@ -4297,8 +4302,7 @@ export interface OpsItem { RelatedOpsItems?: RelatedOpsItem[]; /** - *The OpsItem status. Status can be Open
, In Progress
, or
- * Resolved
. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.
The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.
* @public */ Status?: OpsItemStatus; @@ -4579,8 +4583,8 @@ export interface GetParameterRequest { * parameters shared with you from another account, you must use the full ARN. *To query by parameter label, use "Name": "name:label"
. To query by parameter
* version, use "Name": "name:version"
.
For more information about shared parameters, see Working with shared parameters in - * the Amazon Web Services Systems Manager User Guide.
+ *For more information about shared parameters, see Working with + * shared parameters in the Amazon Web Services Systems Manager User Guide.
* @public */ Name: string | undefined; @@ -5886,13 +5890,13 @@ export interface CommandFilter { *
* InvokedAfter: Specify a timestamp to limit your results.
- * For example, specify 2021-07-07T00:00:00Z
to see a list of command executions
+ * For example, specify 2024-07-07T00:00:00Z
to see a list of command executions
* occurring July 7, 2021, and later.
* InvokedBefore: Specify a timestamp to limit your results.
- * For example, specify 2021-07-07T00:00:00Z
to see a list of command executions from
+ * For example, specify 2024-07-07T00:00:00Z
to see a list of command executions from
* before July 7, 2021.
The S3 bucket where the responses to the command executions should be stored. This was * requested when issuing the command. For example, in the following response:
*
- * doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript
+ * amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript
*
- * doc-example-bucket
is the name of the S3 bucket;
amzn-s3-demo-bucket
is the name of the S3 bucket;
*
- * ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix
is the name of the S3 prefix;
my-prefix
is the name of the S3 prefix;
*
* i-02573cafcfEXAMPLE
is the managed node ID;
@@ -6266,12 +6270,12 @@ export interface CommandPlugin { * be stored. This was requested when issuing the command. For example, in the following * response:
*
- * doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript
+ * amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript
*
- * doc-example-bucket
is the name of the S3 bucket;
amzn-s3-demo-bucket
is the name of the S3 bucket;
*
- * ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix
is the name of the S3 prefix;
my-prefix
is the name of the S3 prefix;
*
* i-02573cafcfEXAMPLE
is the managed node ID;
@@ -9998,7 +10002,7 @@ export interface RegisterTaskWithMaintenanceWindowRequest { *
However, for an improved security posture, we strongly recommend creating a custom * policy and custom service role for running your maintenance window tasks. The policy * can be crafted to provide only the permissions needed for your particular - * maintenance window tasks. For more information, see Setting up maintenance windows in the in the + * maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the * Amazon Web Services Systems Manager User Guide.
* @public */ @@ -10838,6 +10842,8 @@ export interface StartAutomationExecutionRequest { /** *A key-value mapping to target resources. Required if you specify TargetParameterName.
+ *If both this parameter and the TargetLocation:Targets
parameter are supplied,
+ * TargetLocation:Targets
takes precedence.
The maximum number of targets allowed to run this task in parallel. You can specify a
* number, such as 10, or a percentage, such as 10%. The default value is 10
.
If both this parameter and the TargetLocation:TargetsMaxConcurrency
are
+ * supplied, TargetLocation:TargetsMaxConcurrency
takes precedence.
If this parameter and the TargetLocation:TargetsMaxErrors
parameter are both
+ * supplied, TargetLocation:TargetsMaxErrors
takes precedence.
A location is a combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the * automation. Use this operation to start an automation in multiple Amazon Web Services Regions and multiple - * Amazon Web Services accounts. For more information, see Running Automation workflows in multiple Amazon Web Services Regions and Amazon Web Services accounts in the + * Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the * Amazon Web Services Systems Manager User Guide.
* @public */ @@ -10912,6 +10922,13 @@ export interface StartAutomationExecutionRequest { * @public */ AlarmConfiguration?: AlarmConfiguration; + + /** + *Specify a publicly accessible URL for a file that contains the TargetLocations
+ * body. Currently, only files in presigned Amazon S3 buckets are supported.
The specified target managed node for the session isn't fully configured for use with Session Manager. - * For more information, see Getting started with + * For more information, see Setting up * Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you * attempt to start a session on a managed node that is located in a different account or * Region
@@ -1341,7 +1341,7 @@ export interface UpdateMaintenanceWindowTaskRequest { *However, for an improved security posture, we strongly recommend creating a custom * policy and custom service role for running your maintenance window tasks. The policy * can be crafted to provide only the permissions needed for your particular - * maintenance window tasks. For more information, see Setting up maintenance windows in the in the + * maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the * Amazon Web Services Systems Manager User Guide.
* @public */ @@ -1524,7 +1524,7 @@ export interface UpdateMaintenanceWindowTaskResult { *However, for an improved security posture, we strongly recommend creating a custom * policy and custom service role for running your maintenance window tasks. The policy * can be crafted to provide only the permissions needed for your particular - * maintenance window tasks. For more information, see Setting up maintenance windows in the in the + * maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the * Amazon Web Services Systems Manager User Guide.
* @public */ @@ -1620,9 +1620,8 @@ export interface UpdateManagedInstanceRoleRequest { /** *The name of the Identity and Access Management (IAM) role that you want to assign to
* the managed node. This IAM role must provide AssumeRole permissions for the
- * Amazon Web Services Systems Manager service principal ssm.amazonaws.com
. For more information, see Create an
- * IAM service role for a hybrid and multicloud environment in the
- * Amazon Web Services Systems Manager User Guide.
ssm.amazonaws.com
. For more information, see Create the IAM service role required for Systems Manager in hybrid and multicloud
+ * environments in the Amazon Web Services Systems Manager User Guide.
* You can't specify an IAM service-linked role for this parameter. You must * create a unique role.
@@ -1701,8 +1700,7 @@ export interface UpdateOpsItemRequest { RelatedOpsItems?: RelatedOpsItem[]; /** - *The OpsItem status. Status can be Open
, In Progress
, or
- * Resolved
. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.
The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.
* @public */ Status?: OpsItemStatus; @@ -1857,8 +1855,8 @@ export interface UpdatePatchBaselineRequest { /** *A list of explicitly approved patches for the baseline.
*For information about accepted formats for lists of approved patches and rejected patches, - * see About - * package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
+ * see Package + * name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide. * @public */ ApprovedPatches?: string[]; @@ -1880,8 +1878,8 @@ export interface UpdatePatchBaselineRequest { /** *A list of explicitly rejected patches for the baseline.
*For information about accepted formats for lists of approved patches and rejected patches, - * see About - * package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
+ * see Package + * name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide. * @public */ RejectedPatches?: string[]; diff --git a/clients/client-ssm/src/protocols/Aws_json1_1.ts b/clients/client-ssm/src/protocols/Aws_json1_1.ts index 30507837f0cbd..5f5c4b88e899b 100644 --- a/clients/client-ssm/src/protocols/Aws_json1_1.ts +++ b/clients/client-ssm/src/protocols/Aws_json1_1.ts @@ -8295,6 +8295,8 @@ const se_DeleteInventoryRequest = (input: DeleteInventoryRequest, context: __Ser // se_DocumentReviews omitted. +// se_ExcludeAccounts omitted. + // se_GetAutomationExecutionRequest omitted. // se_GetCalendarStateRequest omitted. @@ -9235,6 +9237,7 @@ const de_AutomationExecution = (output: any, context: __SerdeContext): Automatio StepExecutionsTruncated: __expectBoolean, Target: __expectString, TargetLocations: _json, + TargetLocationsURL: __expectString, TargetMaps: _json, TargetParameterName: __expectString, Targets: _json, @@ -9276,6 +9279,7 @@ const de_AutomationExecutionMetadata = (output: any, context: __SerdeContext): A Runbooks: _json, ScheduledTime: (_: any) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))), Target: __expectString, + TargetLocationsURL: __expectString, TargetMaps: _json, TargetParameterName: __expectString, Targets: _json, @@ -10029,6 +10033,8 @@ const de_EffectivePatchList = (output: any, context: __SerdeContext): EffectiveP return retVal; }; +// de_ExcludeAccounts omitted. + // de_FailedCreateAssociation omitted. // de_FailedCreateAssociationList omitted. diff --git a/codegen/sdk-codegen/aws-models/ssm.json b/codegen/sdk-codegen/aws-models/ssm.json index fd26ae378620f..8530bd2c39f53 100644 --- a/codegen/sdk-codegen/aws-models/ssm.json +++ b/codegen/sdk-codegen/aws-models/ssm.json @@ -3193,7 +3193,7 @@ "Values": { "target": "com.amazonaws.ssm#AttachmentsSourceValues", "traits": { - "smithy.api#documentation": "The value of a key-value pair that identifies the location of an attachment to a document.\n The format for Value depends on the type of key you\n specify.
\nFor the key SourceUrl, the value is an S3 bucket location. For\n example:
\n\n \"Values\": [ \"s3://doc-example-bucket/my-folder\" ]
\n
For the key S3FileUrl, the value is a file in an S3 bucket. For\n example:
\n\n \"Values\": [ \"s3://doc-example-bucket/my-folder/my-file.py\" ]
\n
For the key AttachmentReference, the value is constructed from the\n name of another SSM document in your account, a version number of that document, and a file\n attached to that document version that you want to reuse. For example:
\n\n \"Values\": [ \"MyOtherDocument/3/my-other-file.py\" ]
\n
However, if the SSM document is shared with you from another account, the full SSM\n document ARN must be specified instead of the document name only. For example:
\n\n \"Values\": [\n \"arn:aws:ssm:us-east-2:111122223333:document/OtherAccountDocument/3/their-file.py\"\n ]
\n
The value of a key-value pair that identifies the location of an attachment to a document.\n The format for Value depends on the type of key you\n specify.
\nFor the key SourceUrl, the value is an S3 bucket location. For\n example:
\n\n \"Values\": [ \"s3://amzn-s3-demo-bucket/my-prefix\" ]
\n
For the key S3FileUrl, the value is a file in an S3 bucket. For\n example:
\n\n \"Values\": [ \"s3://amzn-s3-demo-bucket/my-prefix/my-file.py\" ]
\n
For the key AttachmentReference, the value is constructed from the\n name of another SSM document in your account, a version number of that document, and a file\n attached to that document version that you want to reuse. For example:
\n\n \"Values\": [ \"MyOtherDocument/3/my-other-file.py\" ]
\n
However, if the SSM document is shared with you from another account, the full SSM\n document ARN must be specified instead of the document name only. For example:
\n\n \"Values\": [\n \"arn:aws:ssm:us-east-2:111122223333:document/OtherAccountDocument/3/their-file.py\"\n ]
\n
The CloudWatch alarm that was invoked by the automation.
" } }, + "TargetLocationsURL": { + "target": "com.amazonaws.ssm#TargetLocationsURL", + "traits": { + "smithy.api#documentation": "A publicly accessible URL for a file that contains the TargetLocations
body.\n Currently, only files in presigned Amazon S3 buckets are supported
Use this filter with DescribeAutomationExecutions. Specify either Local or\n CrossAccount. CrossAccount is an Automation that runs in multiple Amazon Web Services Regions and\n Amazon Web Services accounts. For more information, see Running Automation workflows in multiple Amazon Web Services Regions and accounts in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "Use this filter with DescribeAutomationExecutions. Specify either Local or\n CrossAccount. CrossAccount is an Automation that runs in multiple Amazon Web Services Regions and\n Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the\n Amazon Web Services Systems Manager User Guide.
" } }, "AlarmConfiguration": { @@ -3852,6 +3858,12 @@ "smithy.api#documentation": "The CloudWatch alarm that was invoked by the automation.
" } }, + "TargetLocationsURL": { + "target": "com.amazonaws.ssm#TargetLocationsURL", + "traits": { + "smithy.api#documentation": "A publicly accessible URL for a file that contains the TargetLocations
body.\n Currently, only files in presigned Amazon S3 buckets are supported
A list of explicitly approved patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see About\n package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A list of explicitly approved patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see Package\n name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" } }, "ApprovedPatchesComplianceLevel": { @@ -4191,7 +4203,7 @@ "RejectedPatches": { "target": "com.amazonaws.ssm#PatchIdList", "traits": { - "smithy.api#documentation": "A list of explicitly rejected patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see About\n package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A list of explicitly rejected patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see Package\n name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" } }, "RejectedPatchesAction": { @@ -4635,7 +4647,7 @@ "value": { "target": "com.amazonaws.ssm#CommandFilterValue", "traits": { - "smithy.api#documentation": "The filter value. Valid values for each filter key are as follows:
\n\n InvokedAfter: Specify a timestamp to limit your results.\n For example, specify 2021-07-07T00:00:00Z
to see a list of command executions\n occurring July 7, 2021, and later.
\n InvokedBefore: Specify a timestamp to limit your results.\n For example, specify 2021-07-07T00:00:00Z
to see a list of command executions from\n before July 7, 2021.
\n Status: Specify a valid command status to see a list of\n all command executions with that status. The status choices depend on the API you call.
\nThe status values you can specify for ListCommands
are:
\n Pending
\n
\n InProgress
\n
\n Success
\n
\n Cancelled
\n
\n Failed
\n
\n TimedOut
(this includes both Delivery and Execution time outs)
\n AccessDenied
\n
\n DeliveryTimedOut
\n
\n ExecutionTimedOut
\n
\n Incomplete
\n
\n NoInstancesInTag
\n
\n LimitExceeded
\n
The status values you can specify for ListCommandInvocations
are:
\n Pending
\n
\n InProgress
\n
\n Delayed
\n
\n Success
\n
\n Cancelled
\n
\n Failed
\n
\n TimedOut
(this includes both Delivery and Execution time outs)
\n AccessDenied
\n
\n DeliveryTimedOut
\n
\n ExecutionTimedOut
\n
\n Undeliverable
\n
\n InvalidPlatform
\n
\n Terminated
\n
\n DocumentName: Specify name of the Amazon Web Services Systems Manager document (SSM\n document) for which you want to see command execution results. For example, specify\n AWS-RunPatchBaseline
to see command executions that used this SSM document to\n perform security patching operations on managed nodes.
\n ExecutionStage: Specify one of the following values\n (ListCommands
operations only):
\n Executing
: Returns a list of command executions that are currently still\n running.
\n Complete
: Returns a list of command executions that have already completed.\n
The filter value. Valid values for each filter key are as follows:
\n\n InvokedAfter: Specify a timestamp to limit your results.\n For example, specify 2024-07-07T00:00:00Z
to see a list of command executions\n occurring July 7, 2021, and later.
\n InvokedBefore: Specify a timestamp to limit your results.\n For example, specify 2024-07-07T00:00:00Z
to see a list of command executions from\n before July 7, 2021.
\n Status: Specify a valid command status to see a list of\n all command executions with that status. The status choices depend on the API you call.
\nThe status values you can specify for ListCommands
are:
\n Pending
\n
\n InProgress
\n
\n Success
\n
\n Cancelled
\n
\n Failed
\n
\n TimedOut
(this includes both Delivery and Execution time outs)
\n AccessDenied
\n
\n DeliveryTimedOut
\n
\n ExecutionTimedOut
\n
\n Incomplete
\n
\n NoInstancesInTag
\n
\n LimitExceeded
\n
The status values you can specify for ListCommandInvocations
are:
\n Pending
\n
\n InProgress
\n
\n Delayed
\n
\n Success
\n
\n Cancelled
\n
\n Failed
\n
\n TimedOut
(this includes both Delivery and Execution time outs)
\n AccessDenied
\n
\n DeliveryTimedOut
\n
\n ExecutionTimedOut
\n
\n Undeliverable
\n
\n InvalidPlatform
\n
\n Terminated
\n
\n DocumentName: Specify name of the Amazon Web Services Systems Manager document (SSM\n document) for which you want to see command execution results. For example, specify\n AWS-RunPatchBaseline
to see command executions that used this SSM document to\n perform security patching operations on managed nodes.
\n ExecutionStage: Specify one of the following values\n (ListCommands
operations only):
\n Executing
: Returns a list of command executions that are currently still\n running.
\n Complete
: Returns a list of command executions that have already completed.\n
The S3 bucket where the responses to the command executions should be stored. This was\n requested when issuing the command. For example, in the following response:
\n\n doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript
\n
\n doc-example-bucket
is the name of the S3 bucket;
\n ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix
is the name of the S3 prefix;
\n i-02573cafcfEXAMPLE
is the managed node ID;
\n awsrunShellScript
is the name of the plugin.
The S3 bucket where the responses to the command executions should be stored. This was\n requested when issuing the command. For example, in the following response:
\n\n amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript
\n
\n amzn-s3-demo-bucket
is the name of the S3 bucket;
\n my-prefix
is the name of the S3 prefix;
\n i-02573cafcfEXAMPLE
is the managed node ID;
\n awsrunShellScript
is the name of the plugin.
The S3 directory path inside the bucket where the responses to the command executions should\n be stored. This was requested when issuing the command. For example, in the following\n response:
\n\n doc-example-bucket/ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix/i-02573cafcfEXAMPLE/awsrunShellScript
\n
\n doc-example-bucket
is the name of the S3 bucket;
\n ab19cb99-a030-46dd-9dfc-8eSAMPLEPre-Fix
is the name of the S3 prefix;
\n i-02573cafcfEXAMPLE
is the managed node ID;
\n awsrunShellScript
is the name of the plugin.
The S3 directory path inside the bucket where the responses to the command executions should\n be stored. This was requested when issuing the command. For example, in the following\n response:
\n\n amzn-s3-demo-bucket/my-prefix/i-02573cafcfEXAMPLE/awsrunShellScript
\n
\n amzn-s3-demo-bucket
is the name of the S3 bucket;
\n my-prefix
is the name of the S3 prefix;
\n i-02573cafcfEXAMPLE
is the managed node ID;
\n awsrunShellScript
is the name of the plugin.
Generates an activation code and activation ID you can use to register your on-premises\n servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with\n Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and\n ID when installing SSM Agent on machines in your hybrid environment. For more information about\n requirements for managing on-premises machines using Systems Manager, see Setting up\n Amazon Web Services Systems Manager for hybrid and multicloud environments in the\n Amazon Web Services Systems Manager User Guide.
\nAmazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that are\n configured for Systems Manager are all called managed nodes.
\nGenerates an activation code and activation ID you can use to register your on-premises\n servers, edge devices, or virtual machine (VM) with Amazon Web Services Systems Manager. Registering these machines with\n Systems Manager makes it possible to manage them using Systems Manager capabilities. You use the activation code and\n ID when installing SSM Agent on machines in your hybrid environment. For more information about\n requirements for managing on-premises machines using Systems Manager, see Using Amazon Web Services Systems Manager in\n hybrid and multicloud environments in the Amazon Web Services Systems Manager User Guide.
\nAmazon Elastic Compute Cloud (Amazon EC2) instances, edge devices, and on-premises servers and VMs that are\n configured for Systems Manager are all called managed nodes.
\nThe name of the Identity and Access Management (IAM) role that you want to assign to\n the managed node. This IAM role must provide AssumeRole permissions for the\n Amazon Web Services Systems Manager service principal ssm.amazonaws.com
. For more information, see Create an\n IAM service role for a hybrid and multicloud environment in the\n Amazon Web Services Systems Manager User Guide.
You can't specify an IAM service-linked role for this parameter. You must\n create a unique role.
\nThe name of the Identity and Access Management (IAM) role that you want to assign to\n the managed node. This IAM role must provide AssumeRole permissions for the\n Amazon Web Services Systems Manager service principal ssm.amazonaws.com
. For more information, see Create the IAM service role required for Systems Manager in a hybrid and multicloud\n environments in the Amazon Web Services Systems Manager User Guide.
You can't specify an IAM service-linked role for this parameter. You must\n create a unique role.
\nThe date by which this activation request should expire, in timestamp format, such as\n \"2021-07-07T00:00:00\". You can specify a date up to 30 days in advance. If you don't provide an\n expiration date, the activation code expires in 24 hours.
" + "smithy.api#documentation": "The date by which this activation request should expire, in timestamp format, such as\n \"2024-07-07T00:00:00\". You can specify a date up to 30 days in advance. If you don't provide an\n expiration date, the activation code expires in 24 hours.
" } }, "Tags": { @@ -6025,7 +6037,7 @@ "Targets": { "target": "com.amazonaws.ssm#Targets", "traits": { - "smithy.api#documentation": "The targets for the association. You can target managed nodes by using tags, Amazon Web Services resource\n groups, all managed nodes in an Amazon Web Services account, or individual managed node IDs. You can target all\n managed nodes in an Amazon Web Services account by specifying the InstanceIds
key with a value of\n *
. For more information about choosing targets for an association, see About targets and rate controls in State Manager associations in the\n Amazon Web Services Systems Manager User Guide.
The targets for the association. You can target managed nodes by using tags, Amazon Web Services resource\n groups, all managed nodes in an Amazon Web Services account, or individual managed node IDs. You can target all\n managed nodes in an Amazon Web Services account by specifying the InstanceIds
key with a value of\n *
. For more information about choosing targets for an association, see Understanding targets and rate controls in State Manager associations in the\n Amazon Web Services Systems Manager User Guide.
Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs\n on your managed nodes. For more information about SSM documents, including information about\n supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "Creates a Amazon Web Services Systems Manager (SSM document). An SSM document defines the actions that Systems Manager performs\n on your managed nodes. For more information about SSM documents, including information about\n supported schemas, features, and syntax, see Amazon Web Services Systems Manager Documents in the\n Amazon Web Services Systems Manager User Guide.
" } }, "com.amazonaws.ssm#CreateDocumentRequest": { @@ -6662,7 +6674,7 @@ "ApprovedPatches": { "target": "com.amazonaws.ssm#PatchIdList", "traits": { - "smithy.api#documentation": "A list of explicitly approved patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see About\n package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A list of explicitly approved patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see Package\n name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" } }, "ApprovedPatchesComplianceLevel": { @@ -6681,7 +6693,7 @@ "RejectedPatches": { "target": "com.amazonaws.ssm#PatchIdList", "traits": { - "smithy.api#documentation": "A list of explicitly rejected patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see About\n package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A list of explicitly rejected patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see Package\n name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" } }, "RejectedPatchesAction": { @@ -6757,7 +6769,7 @@ } ], "traits": { - "smithy.api#documentation": "A resource data sync helps you view data from multiple sources in a single location.\n Amazon Web Services Systems Manager offers two types of resource data sync: SyncToDestination
and\n SyncFromSource
.
You can configure Systems Manager Inventory to use the SyncToDestination
type to\n synchronize Inventory data from multiple Amazon Web Services Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Configuring resource data\n sync for Inventory in the Amazon Web Services Systems Manager User Guide.
You can configure Systems Manager Explorer to use the SyncFromSource
type to synchronize\n operational work items (OpsItems) and operational data (OpsData) from multiple Amazon Web Services Regions to a\n single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple\n Amazon Web Services accounts and Amazon Web Services Regions or EntireOrganization
by using Organizations. For more\n information, see Setting up Systems Manager\n Explorer to display data from multiple accounts and Regions in the\n Amazon Web Services Systems Manager User Guide.
A resource data sync is an asynchronous operation that returns immediately. After a\n successful initial sync is completed, the system continuously syncs data. To check the status of\n a sync, use the ListResourceDataSync.
\nBy default, data isn't encrypted in Amazon S3. We strongly recommend that you\n enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you\n secure access to the Amazon S3 bucket by creating a restrictive bucket policy.
\nA resource data sync helps you view data from multiple sources in a single location.\n Amazon Web Services Systems Manager offers two types of resource data sync: SyncToDestination
and\n SyncFromSource
.
You can configure Systems Manager Inventory to use the SyncToDestination
type to\n synchronize Inventory data from multiple Amazon Web Services Regions to a single Amazon Simple Storage Service (Amazon S3) bucket. For more information, see Creatinga a\n resource data sync for Inventory in the Amazon Web Services Systems Manager User Guide.
You can configure Systems Manager Explorer to use the SyncFromSource
type to synchronize\n operational work items (OpsItems) and operational data (OpsData) from multiple Amazon Web Services Regions to a\n single Amazon S3 bucket. This type can synchronize OpsItems and OpsData from multiple\n Amazon Web Services accounts and Amazon Web Services Regions or EntireOrganization
by using Organizations. For more\n information, see Setting up Systems Manager\n Explorer to display data from multiple accounts and Regions in the\n Amazon Web Services Systems Manager User Guide.
A resource data sync is an asynchronous operation that returns immediately. After a\n successful initial sync is completed, the system continuously syncs data. To check the status of\n a sync, use the ListResourceDataSync.
\nBy default, data isn't encrypted in Amazon S3. We strongly recommend that you\n enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you\n secure access to the Amazon S3 bucket by creating a restrictive bucket policy.
\nA summary of the delete operation. For more information about this summary, see Understanding the delete inventory summary in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A summary of the delete operation. For more information about this summary, see Deleting custom inventory in the Amazon Web Services Systems Manager User Guide.
" } } }, @@ -9030,7 +9042,7 @@ "Filters": { "target": "com.amazonaws.ssm#PatchOrchestratorFilterList", "traits": { - "smithy.api#documentation": "Each element in the array is a structure containing a key-value pair.
\nSupported keys for DescribeInstancePatches
include the following:
\n \n Classification
\n \n
Sample values: Security
| SecurityUpdates
\n
\n \n KBId
\n \n
Sample values: KB4480056
| java-1.7.0-openjdk.x86_64
\n
\n \n Severity
\n \n
Sample values: Important
| Medium
| Low
\n
\n \n State
\n \n
Sample values: Installed
| InstalledOther
|\n InstalledPendingReboot
\n
For lists of all State
values, see Understanding\n patch compliance state values in the Amazon Web Services Systems Manager User Guide.
Each element in the array is a structure containing a key-value pair.
\nSupported keys for DescribeInstancePatches
include the following:
\n \n Classification
\n \n
Sample values: Security
| SecurityUpdates
\n
\n \n KBId
\n \n
Sample values: KB4480056
| java-1.7.0-openjdk.x86_64
\n
\n \n Severity
\n \n
Sample values: Important
| Medium
| Low
\n
\n \n State
\n \n
Sample values: Installed
| InstalledOther
|\n InstalledPendingReboot
\n
For lists of all State
values, see Patch compliance\n state values in the Amazon Web Services Systems Manager User Guide.
Each entry in the array is a structure containing:
\nKey. A string between 1 and 128 characters. Supported keys include\n ExecutedBefore
and ExecutedAfter
.
Values. An array of strings, each between 1 and 256 characters. Supported values are\n date/time strings in a valid ISO 8601 date/time format, such as\n 2021-11-04T05:00:00Z
.
Each entry in the array is a structure containing:
\nKey. A string between 1 and 128 characters. Supported keys include\n ExecutedBefore
and ExecutedAfter
.
Values. An array of strings, each between 1 and 256 characters. Supported values are\n date/time strings in a valid ISO 8601 date/time format, such as\n 2024-11-04T05:00:00Z
.
The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow
.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow
.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "TaskType": { @@ -13845,7 +13879,7 @@ "Name": { "target": "com.amazonaws.ssm#PSParameterName", "traits": { - "smithy.api#documentation": "The name or Amazon Resource Name (ARN) of the parameter that you want to query. For\n parameters shared with you from another account, you must use the full ARN.
\nTo query by parameter label, use \"Name\": \"name:label\"
. To query by parameter\n version, use \"Name\": \"name:version\"
.
For more information about shared parameters, see Working with shared parameters in\n the Amazon Web Services Systems Manager User Guide.
", + "smithy.api#documentation": "The name or Amazon Resource Name (ARN) of the parameter that you want to query. For\n parameters shared with you from another account, you must use the full ARN.
\nTo query by parameter label, use \"Name\": \"name:label\"
. To query by parameter\n version, use \"Name\": \"name:version\"
.
For more information about shared parameters, see Working with\n shared parameters in the Amazon Web Services Systems Manager User Guide.
", "smithy.api#required": {} } }, @@ -14815,7 +14849,7 @@ "Name": { "target": "com.amazonaws.ssm#String", "traits": { - "smithy.api#documentation": "The name assigned to an on-premises server, edge device, or virtual machine (VM) when it is\n activated as a Systems Manager managed node. The name is specified as the DefaultInstanceName
\n property using the CreateActivation command. It is applied to the managed node\n by specifying the Activation Code and Activation ID when you install SSM Agent on the node, as\n explained in Install SSM Agent for a\n hybrid and multicloud environment (Linux) and Install SSM Agent for a\n hybrid and multicloud environment (Windows). To retrieve the Name
tag of an\n EC2 instance, use the Amazon EC2 DescribeInstances
operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.
The name assigned to an on-premises server, edge device, or virtual machine (VM) when it is\n activated as a Systems Manager managed node. The name is specified as the DefaultInstanceName
\n property using the CreateActivation command. It is applied to the managed node\n by specifying the Activation Code and Activation ID when you install SSM Agent on the node, as\n explained in How to\n install SSM Agent on hybrid Linux nodes and How to\n install SSM Agent on hybrid Windows Server nodes. To retrieve the Name
tag\n of an EC2 instance, use the Amazon EC2 DescribeInstances
operation. For information, see\n DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.
An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of\n patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML\n format and specify in the SSM document AWS-RunPatchBaseline
, overrides the patches\n specified by the default patch baseline.
For more information about the InstallOverrideList
parameter, see About the\n AWS-RunPatchBaseline SSM document
\n in the\n Amazon Web Services Systems Manager User Guide.
An https URL or an Amazon Simple Storage Service (Amazon S3) path-style URL to a list of\n patches to be installed. This patch installation list, which you maintain in an S3 bucket in YAML\n format and specify in the SSM document AWS-RunPatchBaseline
, overrides the patches\n specified by the default patch baseline.
For more information about the InstallOverrideList
parameter, see SSM Command\n document for patching: AWS-RunPatchBaseline
\n in the\n Amazon Web Services Systems Manager User Guide.
Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "Information about the delete operation. For more information about this summary, see Understanding the delete inventory summary in the\n Amazon Web Services Systems Manager User Guide.
" } }, "LastStatusUpdateTime": { @@ -16775,7 +16809,7 @@ "Type": { "target": "com.amazonaws.ssm#InventoryQueryOperatorType", "traits": { - "smithy.api#documentation": "The type of filter.
\nThe Exists
filter must be used with aggregators. For more information, see\n Aggregating inventory\n data in the Amazon Web Services Systems Manager User Guide.
The type of filter.
\nThe Exists
filter must be used with aggregators. For more information, see\n Aggregating inventory data in the Amazon Web Services Systems Manager User Guide.
The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow
.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow
.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "TimeoutSeconds": { @@ -19710,7 +19744,7 @@ "ServiceRoleArn": { "target": "com.amazonaws.ssm#ServiceRole", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow
.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow
.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "MaxConcurrency": { @@ -20790,7 +20824,7 @@ "Status": { "target": "com.amazonaws.ssm#OpsItemStatus", "traits": { - "smithy.api#documentation": "The OpsItem status. Status can be Open
, In Progress
, or\n Resolved
. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.
The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.
" } }, "OpsItemId": { @@ -21922,7 +21956,7 @@ "Status": { "target": "com.amazonaws.ssm#OpsItemStatus", "traits": { - "smithy.api#documentation": "The OpsItem status. Status can be Open
, In Progress
, or\n Resolved
.
The OpsItem status.
" } }, "OpsItemId": { @@ -23343,7 +23377,7 @@ "State": { "target": "com.amazonaws.ssm#PatchComplianceDataState", "traits": { - "smithy.api#documentation": "The state of the patch on the managed node, such as INSTALLED or FAILED.
\nFor descriptions of each patch state, see About patch compliance in the Amazon Web Services Systems Manager User Guide.
", + "smithy.api#documentation": "The state of the patch on the managed node, such as INSTALLED or FAILED.
\nFor descriptions of each patch state, see About\n patch compliance in the Amazon Web Services Systems Manager User Guide.
", "smithy.api#required": {} } }, @@ -23997,13 +24031,13 @@ "target": "com.amazonaws.ssm#ApproveAfterDays", "traits": { "smithy.api#default": null, - "smithy.api#documentation": "The number of days after the release date of each patch matched by the rule that the patch\n is marked as approved in the patch baseline. For example, a value of 7
means that\n patches are approved seven days after they are released.
This parameter is marked as not required, but your request must include a value\n for either ApproveAfterDays
or ApproveUntilDate
.
Not supported for Debian Server or Ubuntu Server.
" + "smithy.api#documentation": "The number of days after the release date of each patch matched by the rule that the patch\n is marked as approved in the patch baseline. For example, a value of 7
means that\n patches are approved seven days after they are released.
This parameter is marked as Required: No
, but your request must include a value\n for either ApproveAfterDays
or ApproveUntilDate
.
Not supported for Debian Server or Ubuntu Server.
\nUse caution when setting this value for Windows Server patch baselines. Because patch\n updates that are replaced by later updates are removed, setting too broad a value for this\n parameter can result in crucial patches not being installed. For more information, see the\n Windows Server tab in the topic How security\n patches are selected in the Amazon Web Services Systems Manager User Guide.
\nThe cutoff date for auto approval of released patches. Any patches released on or before\n this date are installed automatically.
\nEnter dates in the format YYYY-MM-DD
. For example,\n 2021-12-31
.
This parameter is marked as not required, but your request must include a value\n for either ApproveUntilDate
or ApproveAfterDays
.
Not supported for Debian Server or Ubuntu Server.
" + "smithy.api#documentation": "The cutoff date for auto approval of released patches. Any patches released on or before\n this date are installed automatically.
\nEnter dates in the format YYYY-MM-DD
. For example,\n 2024-12-31
.
This parameter is marked as Required: No
, but your request must include a value\n for either ApproveUntilDate
or ApproveAfterDays
.
Not supported for Debian Server or Ubuntu Server.
\nUse caution when setting this value for Windows Server patch baselines. Because patch\n updates that are replaced by later updates are removed, setting too broad a value for this\n parameter can result in crucial patches not being installed. For more information, see the\n Windows Server tab in the topic How security\n patches are selected in the Amazon Web Services Systems Manager User Guide.
\nThe Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow
.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow
.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "TaskType": { @@ -27005,7 +27039,7 @@ "value": { "target": "com.amazonaws.ssm#SessionFilterValue", "traits": { - "smithy.api#documentation": "The filter value. Valid values for each filter key are as follows:
\nInvokedAfter: Specify a timestamp to limit your results. For example, specify\n 2018-08-29T00:00:00Z to see sessions that started August 29, 2018, and later.
\nInvokedBefore: Specify a timestamp to limit your results. For example, specify\n 2018-08-29T00:00:00Z to see sessions that started before August 29, 2018.
\nTarget: Specify a managed node to which session connections have been made.
\nOwner: Specify an Amazon Web Services user to see a list of sessions started by that user.
\nStatus: Specify a valid session status to see a list of all sessions with that status.\n Status values you can specify include:
\nConnected
\nConnecting
\nDisconnected
\nTerminated
\nTerminating
\nFailed
\nSessionId: Specify a session ID to return details about the session.
\nThe filter value. Valid values for each filter key are as follows:
\nInvokedAfter: Specify a timestamp to limit your results. For example, specify\n 2024-08-29T00:00:00Z to see sessions that started August 29, 2024, and later.
\nInvokedBefore: Specify a timestamp to limit your results. For example, specify\n 2024-08-29T00:00:00Z to see sessions that started before August 29, 2024.
\nTarget: Specify a managed node to which session connections have been made.
\nOwner: Specify an Amazon Web Services user to see a list of sessions started by that user.
\nStatus: Specify a valid session status to see a list of all sessions with that status.\n Status values you can specify include:
\nConnected
\nConnecting
\nDisconnected
\nTerminated
\nTerminating
\nFailed
\nSessionId: Specify a session ID to return details about the session.
\nA key-value mapping to target resources. Required if you specify TargetParameterName.
" + "smithy.api#documentation": "A key-value mapping to target resources. Required if you specify TargetParameterName.
\nIf both this parameter and the TargetLocation:Targets
parameter are supplied,\n TargetLocation:Targets
takes precedence.
The maximum number of targets allowed to run this task in parallel. You can specify a\n number, such as 10, or a percentage, such as 10%. The default value is 10
.
The maximum number of targets allowed to run this task in parallel. You can specify a\n number, such as 10, or a percentage, such as 10%. The default value is 10
.
If both this parameter and the TargetLocation:TargetsMaxConcurrency
are\n supplied, TargetLocation:TargetsMaxConcurrency
takes precedence.
The number of errors that are allowed before the system stops running the automation on\n additional targets. You can specify either an absolute number of errors, for example 10, or a\n percentage of the target set, for example 10%. If you specify 3, for example, the system stops\n running the automation when the fourth error is received. If you specify 0, then the system stops\n running the automation on additional targets after the first error result is returned. If you run\n an automation on 50 resources and set max-errors to 10%, then the system stops running the\n automation on additional targets when the sixth error is received.
\nExecutions that are already running an automation when max-errors is reached are allowed to\n complete, but some of these executions may fail as well. If you need to ensure that there won't\n be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one\n at a time.
" + "smithy.api#documentation": "The number of errors that are allowed before the system stops running the automation on\n additional targets. You can specify either an absolute number of errors, for example 10, or a\n percentage of the target set, for example 10%. If you specify 3, for example, the system stops\n running the automation when the fourth error is received. If you specify 0, then the system stops\n running the automation on additional targets after the first error result is returned. If you run\n an automation on 50 resources and set max-errors to 10%, then the system stops running the\n automation on additional targets when the sixth error is received.
\nExecutions that are already running an automation when max-errors is reached are allowed to\n complete, but some of these executions may fail as well. If you need to ensure that there won't\n be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one\n at a time.
\nIf this parameter and the TargetLocation:TargetsMaxErrors
parameter are both\n supplied, TargetLocation:TargetsMaxErrors
takes precedence.
A location is a combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the\n automation. Use this operation to start an automation in multiple Amazon Web Services Regions and multiple\n Amazon Web Services accounts. For more information, see Running Automation workflows in multiple Amazon Web Services Regions and Amazon Web Services accounts in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A location is a combination of Amazon Web Services Regions and/or Amazon Web Services accounts where you want to run the\n automation. Use this operation to start an automation in multiple Amazon Web Services Regions and multiple\n Amazon Web Services accounts. For more information, see Running automations in multiple Amazon Web Services Regions and accounts in the\n Amazon Web Services Systems Manager User Guide.
" } }, "Tags": { @@ -27575,6 +27609,12 @@ "traits": { "smithy.api#documentation": "The CloudWatch alarm you want to apply to your automation.
" } + }, + "TargetLocationsURL": { + "target": "com.amazonaws.ssm#TargetLocationsURL", + "traits": { + "smithy.api#documentation": "Specify a publicly accessible URL for a file that contains the TargetLocations
\n body. Currently, only files in presigned Amazon S3 buckets are supported.
Indicates whether to include child organizational units (OUs) that are children of the\n targeted OUs. The default is false
.
Amazon Web Services accounts or organizational units to exclude as expanded targets.
" + } + }, + "Targets": { + "target": "com.amazonaws.ssm#Targets", + "traits": { + "smithy.api#documentation": "A list of key-value mappings to target resources. If you specify values for this data type,\n you must also specify a value for TargetParameterName
.
This Targets
parameter takes precedence over the\n StartAutomationExecution:Targets
parameter if both are supplied.
The maximum number of targets allowed to run this task in parallel. This\n TargetsMaxConcurrency
takes precedence over the\n StartAutomationExecution:MaxConcurrency
parameter if both are supplied.
The maximum number of errors that are allowed before the system stops running the automation\n on additional targets. This TargetsMaxErrors
parameter takes precedence over the\n StartAutomationExecution:MaxErrors
parameter if both are supplied.
The specified target managed node for the session isn't fully configured for use with Session Manager.\n For more information, see Getting started with\n Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you\n attempt to start a session on a managed node that is located in a different account or\n Region
", + "smithy.api#documentation": "The specified target managed node for the session isn't fully configured for use with Session Manager.\n For more information, see Setting up\n Session Manager in the Amazon Web Services Systems Manager User Guide. This error is also returned if you\n attempt to start a session on a managed node that is located in a different account or\n Region
", "smithy.api#error": "client" } }, @@ -29686,7 +29763,7 @@ "ServiceRoleArn": { "target": "com.amazonaws.ssm#ServiceRole", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow
.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow
.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "TaskParameters": { @@ -29792,7 +29869,7 @@ "ServiceRoleArn": { "target": "com.amazonaws.ssm#ServiceRole", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow
.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow
.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up Maintenance Windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "TaskParameters": { @@ -29894,7 +29971,7 @@ "IamRole": { "target": "com.amazonaws.ssm#IamRole", "traits": { - "smithy.api#documentation": "The name of the Identity and Access Management (IAM) role that you want to assign to\n the managed node. This IAM role must provide AssumeRole permissions for the\n Amazon Web Services Systems Manager service principal ssm.amazonaws.com
. For more information, see Create an\n IAM service role for a hybrid and multicloud environment in the\n Amazon Web Services Systems Manager User Guide.
You can't specify an IAM service-linked role for this parameter. You must\n create a unique role.
\nThe name of the Identity and Access Management (IAM) role that you want to assign to\n the managed node. This IAM role must provide AssumeRole permissions for the\n Amazon Web Services Systems Manager service principal ssm.amazonaws.com
. For more information, see Create the IAM service role required for Systems Manager in hybrid and multicloud\n environments in the Amazon Web Services Systems Manager User Guide.
You can't specify an IAM service-linked role for this parameter. You must\n create a unique role.
\nThe OpsItem status. Status can be Open
, In Progress
, or\n Resolved
. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.
The OpsItem status. For more information, see Editing OpsItem details in the Amazon Web Services Systems Manager User Guide.
" } }, "OpsItemId": { @@ -30178,7 +30255,7 @@ "ApprovedPatches": { "target": "com.amazonaws.ssm#PatchIdList", "traits": { - "smithy.api#documentation": "A list of explicitly approved patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see About\n package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A list of explicitly approved patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see Package\n name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" } }, "ApprovedPatchesComplianceLevel": { @@ -30197,7 +30274,7 @@ "RejectedPatches": { "target": "com.amazonaws.ssm#PatchIdList", "traits": { - "smithy.api#documentation": "A list of explicitly rejected patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see About\n package name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" + "smithy.api#documentation": "A list of explicitly rejected patches for the baseline.
\nFor information about accepted formats for lists of approved patches and rejected patches,\n see Package\n name formats for approved and rejected patch lists in the Amazon Web Services Systems Manager User Guide.
" } }, "RejectedPatchesAction": {