AWS::SSM::MaintenanceWindow - AWS CloudFormation
SyntaxPropertiesReturn valuesExamplesSee also

AWS::SSM::MaintenanceWindow

The AWS::SSM::MaintenanceWindow resource represents general information about a maintenance window for AWS Systems Manager. Maintenance windows let you define a schedule for when to perform potentially disruptive actions on your instances, such as patching an operating system (OS), updating drivers, or installing software. Each maintenance window has a schedule, a duration, a set of registered targets, and a set of registered tasks.

For more information, see Systems Manager Maintenance Windows in the AWS Systems Manager User Guide and CreateMaintenanceWindow in the AWS Systems Manager API Reference.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::SSM::MaintenanceWindow",
  "Properties" : {
      "AllowUnassociatedTargets" : Boolean,
      "Cutoff" : Integer,
      "Description" : String,
      "Duration" : Integer,
      "EndDate" : String,
      "Name" : String,
      "Schedule" : String,
      "ScheduleOffset" : Integer,
      "ScheduleTimezone" : String,
      "StartDate" : String,
      "Tags" : [ Tag, ... ]
    }
}

YAML

Type: AWS::SSM::MaintenanceWindow
Properties:
  AllowUnassociatedTargets: Boolean
  Cutoff: Integer
  Description: String
  Duration: Integer
  EndDate: String
  Name: String
  Schedule: String
  ScheduleOffset: Integer
  ScheduleTimezone: String
  StartDate: String
  Tags: 
    - Tag

Properties

AllowUnassociatedTargets

Enables a maintenance window task to run on managed instances, even if you have not registered those instances as targets. If enabled, then you must specify the unregistered instances (by instance ID) when you register a task with the maintenance window.

Required: Yes

Type: Boolean

Update requires: No interruption

Cutoff

The number of hours before the end of the maintenance window that AWS Systems Manager stops scheduling new tasks for execution.

Required: Yes

Type: Integer

Minimum: 0

Maximum: 23

Update requires: No interruption

Description

A description of the maintenance window.

Required: No

Type: String

Minimum: 1

Maximum: 128

Update requires: No interruption

Duration

The duration of the maintenance window in hours.

Required: Yes

Type: Integer

Minimum: 1

Maximum: 24

Update requires: No interruption

EndDate

The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive.

Required: No

Type: String

Update requires: No interruption

Name

The name of the maintenance window.

Required: Yes

Type: String

Pattern: ^[a-zA-Z0-9_\-.]{3,128}$

Minimum: 3

Maximum: 128

Update requires: No interruption

Schedule

The schedule of the maintenance window in the form of a cron or rate expression.

Required: Yes

Type: String

Minimum: 1

Maximum: 256

Update requires: No interruption

ScheduleOffset

The number of days to wait to run a maintenance window after the scheduled cron expression date and time.

Required: No

Type: Integer

Minimum: 1

Maximum: 6

Update requires: No interruption

ScheduleTimezone

The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.

Required: No

Type: String

Update requires: No interruption

StartDate

The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. StartDate allows you to delay activation of the maintenance window until the specified future date.

Required: No

Type: String

Update requires: No interruption

Tags

Optional metadata that you assign to a resource in the form of an arbitrary set of tags (key-value pairs). Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a maintenance window to identify the type of tasks it will run, the types of targets, and the environment it will run in.

Required: No

Type: Array of Tag

Maximum: 1000

Update requires: No interruption

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the maintenance window ID, such as mw-abcde1234567890yz.

For more information about using the Ref function, see Ref.

Fn::GetAtt

Examples

Create a maintenance window that does not allow unregistered targets

The following example creates a Systems Manager maintenance window that runs for two hours with a one hour cutoff every Sunday at 04:00 AM US Eastern Time. The maintenance window doesn't allow unregistered targets.

JSON

{
    "Resources": {
        "MaintenanceWindow": {
            "Type": "AWS::SSM::MaintenanceWindow",
            "Properties": {
                "AllowUnassociatedTargets": false,
                "Cutoff": 1,
                "Description": "Maintenance Window to update SSM Agent",
                "Duration": 2,
                "Name": "UpdateSSMAgentMaintenanceWindow",
                "Schedule": "cron(0 4 ? * SUN *)",
                "ScheduleTimezone": "US/Eastern"
            }
        }
    }
}

YAML

---
Resources:
  MaintenanceWindow:
    Type: AWS::SSM::MaintenanceWindow
    Properties:
      AllowUnassociatedTargets: false
      Cutoff: 1
      Description: Maintenance Window to update SSM Agent
      Duration: 2
      Name: UpdateSSMAgentMaintenanceWindow
      Schedule: cron(0 4 ? * SUN *)
      ScheduleTimezone: US/Eastern

See also