The AWS::SSM::ResourceDataSync resource creates, updates, or deletes a
resource data sync for AWS Systems Manager. A resource data sync helps you view data from
multiple sources in a single location. Systems Manager offers two types of resource data sync:
SyncToDestination and SyncFromSource.
You can configure Systems Manager Inventory to use the SyncToDestination type
to synchronize Inventory data from multiple AWS Regions to a single Amazon S3 bucket.
You can configure Systems Manager Explorer to use the SyncFromSource type to
synchronize operational work items (OpsItems) and operational data (OpsData) from multiple AWS Regions.
This type can synchronize OpsItems and OpsData from multiple AWS accounts and Regions
or from an EntireOrganization by using AWS Organizations.
A resource data sync is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data.
By default, data is not encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy.
For more information, see Configuring Inventory Collection and Setting Up Systems Manager Explorer to Display Data from Multiple Accounts and Regions in the AWS Systems Manager User Guide.
Important
The following Syntax section shows all fields that are supported for a resource data sync. The Examples section below shows the recommended way to specify configurations for each sync type. Refer to the Examples section when you create your resource data sync.
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{
"Type" : "AWS::SSM::ResourceDataSync",
"Properties" : {
"BucketName" : String,
"BucketPrefix" : String,
"BucketRegion" : String,
"KMSKeyArn" : String,
"S3Destination" : S3Destination,
"SyncFormat" : String,
"SyncName" : String,
"SyncSource" : SyncSource,
"SyncType" : String
}
}
YAML
Type: AWS::SSM::ResourceDataSync
Properties:
BucketName: String
BucketPrefix: String
BucketRegion: String
KMSKeyArn: String
S3Destination:
S3Destination
SyncFormat: String
SyncName: String
SyncSource:
SyncSource
SyncType: String
Properties
BucketName-
The name of the S3 bucket where the aggregated data is stored.
Required: No
Type: String
Minimum:
1Maximum:
2048Update requires: Replacement
BucketPrefix-
An Amazon S3 prefix for the bucket.
Required: No
Type: String
Minimum:
0Maximum:
64Update requires: Replacement
BucketRegion-
The AWS Region with the S3 bucket targeted by the resource data sync.
Required: No
Type: String
Minimum:
1Maximum:
64Update requires: Replacement
KMSKeyArn-
The Amazon Resource Name (ARN) of an encryption key for a destination in Amazon S3. You can use a KMS key to encrypt inventory data in Amazon S3. You must specify a key that exist in the same AWS Region as the destination Amazon S3 bucket.
Required: No
Type: String
Minimum:
0Maximum:
512Update requires: Replacement
S3Destination-
Configuration information for the target S3 bucket.
Required: No
Type: S3Destination
Update requires: Replacement
SyncFormat-
A supported sync format. The following format is currently supported: JsonSerDe
Required: No
Type: String
Minimum:
0Maximum:
1024Update requires: Replacement
SyncName-
A name for the resource data sync.
Required: Yes
Type: String
Minimum:
1Maximum:
64Update requires: Replacement
SyncSource-
Information about the source where the data was synchronized.
Required: No
Type: SyncSource
Update requires: No interruption
SyncType-
The type of resource data sync. If
SyncTypeisSyncToDestination, then the resource data sync synchronizes data to an S3 bucket. If theSyncTypeisSyncFromSourcethen the resource data sync synchronizes data from AWS Organizations or from multiple AWS Regions.Required: No
Type: String
Minimum:
1Maximum:
64Update requires: Replacement
Return values
Ref
When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the name of the resource data sync, such as
TestResourceDataSync.
For more information about using the Ref function, see Ref.
Examples
Create a SyncToDestination resource data sync
The following example synchronizes Systems Manager Inventory metadata in the US East (Ohio) Region (us-east-2) to a single Amazon S3 bucket. Resource data sync then automatically updates the centralized data when new data is collected.
JSON
{
"Description": "Create a resource data sync for Systems Manager",
"Resources": {
"BasicResourceDataSync": {
"Type": "AWS::SSM::ResourceDataSync",
"Properties": {
"SyncName": "test-sync",
"SyncType": "SyncToDestination",
"S3Destination": {
"BucketName": "amzn-s3-demo-bucket",
"BucketRegion": "us-east-2",
"SyncFormat": "JsonSerDe",
"BucketPrefix": "cfn",
"KMSKeyArn": "kmsKeyARN"
}
}
}
}
}YAML
---
Description: Create a resource data sync for Systems Manager
Resources:
BasicResourceDataSync:
Type: AWS::SSM::ResourceDataSync
Properties:
SyncName: test-sync
SyncType: SyncToDestination
S3Destination:
BucketName: amzn-s3-demo-bucket
BucketRegion: us-east-2
SyncFormat: JsonSerDe
BucketPrefix: cfn
KMSKeyArn: kmsKeyARNCreate a SyncFromSource resource data sync with type SingleAccountMultipleRegions
The following example synchronizes Systems Manager Explorer OpsData and OpsItems from multiple AWS Regions in a single AWS account.
JSON
{
"Description": "Create a resource data sync for Systems Manager Explorer",
"Resources": {
"BasicResourceDataSync": {
"Type": "AWS::SSM::ResourceDataSync",
"Properties": {
"SyncName": "test-sync",
"SyncType": "SyncFromSource",
"SyncSource": {
"SourceType": "SingleAccountMultiRegions",
"SourceRegions": [
"us-east-1",
"us-west-1",
"us-west-2"
],
"IncludeFutureRegions": false
}
}
}
}
}YAML
---
Description: Create a resource data sync for Systems Manager Explorer
Resources:
BasicResourceDataSync:
Type: AWS::SSM::ResourceDataSync
Properties:
SyncName: test-sync
SyncType: SyncFromSource
SyncSource:
SourceType: SingleAccountMultiRegions
SourceRegions:
- us-east-1
- us-west-1
- us-west-2
IncludeFutureRegions: false Create a SyncFromSource resource data sync with type EntireOrganization
The following example synchronizes Systems Manager Explorer OpsData and OpsItems from your entire organization in AWS Organizationsin the us-west-1 Region.
JSON
{
"Description": "Create a resource data sync for Systems Manager Explorer",
"Resources": {
"BasicResourceDataSync": {
"Type": "AWS::SSM::ResourceDataSync",
"Properties": {
"SyncName": "test-sync",
"SyncType": "SyncFromSource",
"SyncSource": {
"SourceType": "AwsOrganizations",
"AwsOrganizationsSource": {
"OrganizationSourceType": "EntireOrganization"
},
"SourceRegions": [
"us-west-1"
],
"IncludeFutureRegions": false
}
}
}
}
}YAML
---
Description: Create a resource data sync for Systems Manager Explorer
Resources:
BasicResourceDataSync:
Type: AWS::SSM::ResourceDataSync
Properties:
SyncName: test-sync
SyncType: SyncFromSource
SyncSource:
SourceType: AwsOrganizations
AwsOrganizationsSource:
OrganizationSourceType: EntireOrganization
SourceRegions:
- us-west-1
IncludeFutureRegions: falseCreating a SyncFromSource resource data sync with type OrganizationalUnits
The following example synchronizes Systems Manager Explorer OpsData and OpsItems from organization unit 12345 in AWS Organizations in the us-west-1 Region.
JSON
{
"Description": "Create a resource data sync for Systems Manager Explorer",
"Resources": {
"BasicResourceDataSync": {
"Type": "AWS::SSM::ResourceDataSync",
"Properties": {
"SyncName": "test-sync",
"SyncType": "SyncFromSource",
"SyncSource": {
"SourceType": "AwsOrganizations",
"AwsOrganizationsSource": {
"OrganizationSourceType": "OrganizationalUnits",
"OrganizationalUnits": [
"ou-12345"
]
},
"SourceRegions": [
"us-west-1"
],
"IncludeFutureRegions": false
}
}
}
}
}YAML
---
Description: Create a resource data sync for Systems Manager Explorer
Resources:
BasicResourceDataSync:
Type: AWS::SSM::ResourceDataSync
Properties:
SyncName: test-sync
SyncType: SyncFromSource
SyncSource:
SourceType: AwsOrganizations
AwsOrganizationsSource:
OrganizationSourceType: OrganizationalUnits
OrganizationalUnits:
- ou-12345
SourceRegions:
- us-west-1
IncludeFutureRegions: falseSee also
