AWS::SSM::MaintenanceWindow
The AWS::SSM::MaintenanceWindow
resource represents general information about
a maintenance window for AWS Systems Manager. Maintenance windows let you define a schedule
for when to perform potentially disruptive actions on your instances, such as patching an
operating system (OS), updating drivers, or installing software. Each maintenance window has a
schedule, a duration, a set of registered targets, and a set of registered tasks.
For more information, see Systems Manager Maintenance Windows in the AWS Systems Manager User Guide and CreateMaintenanceWindow in the AWS Systems Manager API Reference.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::SSM::MaintenanceWindow", "Properties" : { "AllowUnassociatedTargets" :
Boolean
, "Cutoff" :Integer
, "Description" :String
, "Duration" :Integer
, "EndDate" :String
, "Name" :String
, "Schedule" :String
, "ScheduleOffset" :Integer
, "ScheduleTimezone" :String
, "StartDate" :String
, "Tags" :[ Tag, ... ]
} }
YAML
Type: AWS::SSM::MaintenanceWindow Properties: AllowUnassociatedTargets:
Boolean
Cutoff:Integer
Description:String
Duration:Integer
EndDate:String
Name:String
Schedule:String
ScheduleOffset:Integer
ScheduleTimezone:String
StartDate:String
Tags:- Tag
Properties
AllowUnassociatedTargets
-
Enables a maintenance window task to run on managed instances, even if you have not registered those instances as targets. If enabled, then you must specify the unregistered instances (by instance ID) when you register a task with the maintenance window.
Required: Yes
Type: Boolean
Update requires: No interruption
Cutoff
-
The number of hours before the end of the maintenance window that AWS Systems Manager stops scheduling new tasks for execution.
Required: Yes
Type: Integer
Minimum:
0
Maximum:
23
Update requires: No interruption
Description
-
A description of the maintenance window.
Required: No
Type: String
Minimum:
1
Maximum:
128
Update requires: No interruption
Duration
-
The duration of the maintenance window in hours.
Required: Yes
Type: Integer
Minimum:
1
Maximum:
24
Update requires: No interruption
EndDate
-
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive.
Required: No
Type: String
Update requires: No interruption
Name
-
The name of the maintenance window.
Required: Yes
Type: String
Pattern:
^[a-zA-Z0-9_\-.]{3,128}$
Minimum:
3
Maximum:
128
Update requires: No interruption
Schedule
-
The schedule of the maintenance window in the form of a cron or rate expression.
Required: Yes
Type: String
Minimum:
1
Maximum:
256
Update requires: No interruption
ScheduleOffset
-
The number of days to wait to run a maintenance window after the scheduled cron expression date and time.
Required: No
Type: Integer
Minimum:
1
Maximum:
6
Update requires: No interruption
ScheduleTimezone
-
The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.
Required: No
Type: String
Update requires: No interruption
StartDate
-
The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active.
StartDate
allows you to delay activation of the maintenance window until the specified future date.Required: No
Type: String
Update requires: No interruption
-
Optional metadata that you assign to a resource in the form of an arbitrary set of tags (key-value pairs). Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a maintenance window to identify the type of tasks it will run, the types of targets, and the environment it will run in.
Required: No
Type: Array of Tag
Maximum:
1000
Update requires: No interruption
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref
function, Ref
returns the maintenance window ID, such as
mw-abcde1234567890yz
.
For more information about using the Ref
function, see Ref
.
Fn::GetAtt
Examples
Create a maintenance window that does not allow unregistered targets
The following example creates a Systems Manager maintenance window that runs for two hours with a one hour cutoff every Sunday at 04:00 AM US Eastern Time. The maintenance window doesn't allow unregistered targets.
JSON
{ "Resources": { "MaintenanceWindow": { "Type": "AWS::SSM::MaintenanceWindow", "Properties": { "AllowUnassociatedTargets": false, "Cutoff": 1, "Description": "Maintenance Window to update SSM Agent", "Duration": 2, "Name": "UpdateSSMAgentMaintenanceWindow", "Schedule": "cron(0 4 ? * SUN *)", "ScheduleTimezone": "US/Eastern" } } } }
YAML
--- Resources: MaintenanceWindow: Type: AWS::SSM::MaintenanceWindow Properties: AllowUnassociatedTargets: false Cutoff: 1 Description: Maintenance Window to update SSM Agent Duration: 2 Name: UpdateSSMAgentMaintenanceWindow Schedule: cron(0 4 ? * SUN *) ScheduleTimezone: US/Eastern
See also
-
CreateMaintenanceWindow in the AWS Systems Manager API Reference.