AWS 文档 AWS SDK示例 GitHub 存储库中还有更多SDK示例
本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
使用 Systems Manager 示例 AWS CLI
以下代码示例向您展示了如何使用与 Systems Manager AWS Command Line Interface 配合使用来执行操作和实现常见场景。
操作是大型程序的代码摘录,必须在上下文中运行。您可以通过操作了解如何调用单个服务函数,还可以通过函数相关场景的上下文查看操作。
每个示例都包含一个指向完整源代码的链接,您可以在其中找到有关如何在上下文中设置和运行代码的说明。
主题
操作
以下代码示例演示如何使用 add-tags-to-resource。
- AWS CLI
-
示例 1:向维护时段添加标签
以下
add-tags-to-resource示例向指定的维护时段添加标签。aws ssm add-tags-to-resource \ --resource-type"MaintenanceWindow"\ --resource-id"mw-03eb9db428EXAMPLE"\ --tags"Key=Stack,Value=Production"此命令不生成任何输出。
示例 2:向参数添加标签
以下
add-tags-to-resource示例向指定参数添加两个标签。aws ssm add-tags-to-resource \ --resource-type"Parameter"\ --resource-id"My-Parameter"\ --tags '[{"Key":"Region","Value":"East"},{"Key":"Environment", "Value":"Production"}]'此命令不生成任何输出。
示例 3:为SSM文档添加标签
以下
add-tags-to-resource示例向指定文档添加标签。aws ssm add-tags-to-resource \ --resource-type"Document"\ --resource-id"My-Document"\ --tags"Key=Quarter,Value=Q322"此命令不生成任何输出。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的标记 Systems Manager 资源。
-
有关API详细信息,请参阅 “AddTagsToResource AWS CLI
命令参考”。
-
以下代码示例演示如何使用 associate-ops-item-related-item。
- AWS CLI
-
关联相关项目
以下
associate-ops-item-related-item示例将相关项目与关联起来 OpsItem。aws ssm associate-ops-item-related-item \ --ops-item-id"oi-649fExample"\ --association-type"RelatesTo"\ --resource-type"AWS::SSMIncidents::IncidentRecord"\ --resource-uri"arn:aws:ssm-incidents::111122223333:incident-record/Example-Response-Plan/c2bde883-f7d5-343a-b13a-bf5fe9ea689f"输出:
{ "AssociationId": "61d7178d-a30d-4bc5-9b4e-a9e74EXAMPLE" }有关更多信息,请参阅 S AWS ystem s Manager 用户指南 OpsCenter中的处理事件管理器事件。
-
有关API详细信息,请参阅 “AssociateOpsItemRelatedItem AWS CLI
命令参考”。
-
以下代码示例演示如何使用 cancel-command。
- AWS CLI
-
示例 1:取消所有实例的命令
以下
cancel-command示例尝试取消已对所有实例运行的指定命令。aws ssm cancel-command \ --command-id"662add3d-5831-4a10-b64a-f2ff3EXAMPLE"此命令不生成任何输出。
示例 2:取消特定实例的命令
以下
cancel-command示例仅尝试取消指定实例的命令。aws ssm cancel-command \ --command-id"662add3d-5831-4a10-b64a-f2ff3EXAMPLE"--instance-ids"i-02573cafcfEXAMPLE"此命令不生成任何输出。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的标记 Systems Manager 参数。
-
有关API详细信息,请参阅 “CancelCommand AWS CLI
命令参考”。
-
以下代码示例演示如何使用 cancel-maintenance-window-execution。
- AWS CLI
-
取消维护时段的执行
此
cancel-maintenance-window-execution示例停止已在进行的指定维护时段执行。aws ssm cancel-maintenance-window-execution \ --window-execution-idj2l8d5b5c-mw66-tk4d-r3g9-1d4d1EXAMPLE输出:
{ "WindowExecutionId": "j2l8d5b5c-mw66-tk4d-r3g9-1d4d1EXAMPLE" }有关更多信息,请参阅《系统管理器用户指南》中的 Syst AWS ems Manager 维护 Windows 教程 (AWS CLI)。
-
有关API详细信息,请参阅 “CancelMaintenanceWindowExecution AWS CLI
命令参考”。
-
以下代码示例演示如何使用 create-activation。
- AWS CLI
-
创建托管式实例激活
以下
create-activation示例创建托管式实例激活。aws ssm create-activation \ --default-instance-name"HybridWebServers"\ --iam-role"HybridWebServersRole"\ --registration-limit5输出:
{ "ActivationId": "5743558d-563b-4457-8682-d16c3EXAMPLE", "ActivationCode": "dRmgnYaFv567vEXAMPLE" }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的步骤 4:为混合环境创建托管式实例激活。
-
有关API详细信息,请参阅 “CreateActivation AWS CLI
命令参考”。
-
以下代码示例演示如何使用 create-association-batch。
- AWS CLI
-
创建多个关联
此示例将一个配置文档与多个实例相关联。如果适用,输出将返回成功和失败操作的列表。
命令:
aws ssm create-association-batch --entries"Name=AWS-UpdateSSMAgent,InstanceId=i-1234567890abcdef0""Name=AWS-UpdateSSMAgent,InstanceId=i-9876543210abcdef0"输出:
{ "Successful": [ { "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-1234567890abcdef0", "AssociationVersion": "1", "Date": 1550504725.007, "LastUpdateAssociationDate": 1550504725.007, "Status": { "Date": 1550504725.007, "Name": "Associated", "Message": "Associated with AWS-UpdateSSMAgent" }, "Overview": { "Status": "Pending", "DetailedStatus": "Creating" }, "DocumentVersion": "$DEFAULT", "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "Targets": [ { "Key": "InstanceIds", "Values": [ "i-1234567890abcdef0" ] } ] }, { "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-9876543210abcdef0", "AssociationVersion": "1", "Date": 1550504725.057, "LastUpdateAssociationDate": 1550504725.057, "Status": { "Date": 1550504725.057, "Name": "Associated", "Message": "Associated with AWS-UpdateSSMAgent" }, "Overview": { "Status": "Pending", "DetailedStatus": "Creating" }, "DocumentVersion": "$DEFAULT", "AssociationId": "9c9f7f20-5154-4fed-a83e-0123456789ab", "Targets": [ { "Key": "InstanceIds", "Values": [ "i-9876543210abcdef0" ] } ] } ], "Failed": [] }-
有关API详细信息,请参阅 “CreateAssociationBatch AWS CLI
命令参考”。
-
以下代码示例演示如何使用 create-association。
- AWS CLI
-
示例 1:使用实例关联文档 IDs
此示例使用实例将配置文档与实例关联起来IDs。
aws ssm create-association \ --instance-id"i-0cb2b964d3e14fd9f"\ --name"AWS-UpdateSSMAgent"输出:
{ "AssociationDescription": { "Status": { "Date": 1487875500.33, "Message": "Associated with AWS-UpdateSSMAgent", "Name": "Associated" }, "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-0cb2b964d3e14fd9f", "Overview": { "Status": "Pending", "DetailedStatus": "Creating" }, "AssociationId": "b7c3266e-a544-44db-877e-b20d3a108189", "DocumentVersion": "$DEFAULT", "LastUpdateAssociationDate": 1487875500.33, "Date": 1487875500.33, "Targets": [ { "Values": [ "i-0cb2b964d3e14fd9f" ], "Key": "InstanceIds" } ] } }有关更多信息,请参阅《S AWS ystems Manager API 参考》CreateAssociation中的。
示例 2:使用目标关联文档
此示例使用目标将配置文档与实例关联起来。
aws ssm create-association \ --name"AWS-UpdateSSMAgent"\ --targets"Key=instanceids,Values=i-0cb2b964d3e14fd9f"输出:
{ "AssociationDescription": { "Status": { "Date": 1487875500.33, "Message": "Associated with AWS-UpdateSSMAgent", "Name": "Associated" }, "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-0cb2b964d3e14fd9f", "Overview": { "Status": "Pending", "DetailedStatus": "Creating" }, "AssociationId": "b7c3266e-a544-44db-877e-b20d3a108189", "DocumentVersion": "$DEFAULT", "LastUpdateAssociationDate": 1487875500.33, "Date": 1487875500.33, "Targets": [ { "Values": [ "i-0cb2b964d3e14fd9f" ], "Key": "InstanceIds" } ] } }有关更多信息,请参阅《S AWS ystems Manager API 参考》CreateAssociation中的。
示例 3:创建仅运行一次的关联
此示例创建一个仅在指定日期和时间运行一次的新关联。使用过去或现在的日期创建的关联(处理关联时该日期已过去)会立即运行。
aws ssm create-association \ --name"AWS-UpdateSSMAgent"\ --targets"Key=instanceids,Values=i-0cb2b964d3e14fd9f"\ --schedule-expression"at(2020-05-14T15:55:00)"\ --apply-only-at-cron-interval输出:
{ "AssociationDescription": { "Status": { "Date": 1487875500.33, "Message": "Associated with AWS-UpdateSSMAgent", "Name": "Associated" }, "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-0cb2b964d3e14fd9f", "Overview": { "Status": "Pending", "DetailedStatus": "Creating" }, "AssociationId": "b7c3266e-a544-44db-877e-b20d3a108189", "DocumentVersion": "$DEFAULT", "LastUpdateAssociationDate": 1487875500.33, "Date": 1487875500.33, "Targets": [ { "Values": [ "i-0cb2b964d3e14fd9f" ], "Key": "InstanceIds" } ] } }有关更多信息,请参阅 S AWS ystems Manager 用户指南CreateAssociation中的 Systems Manager API 参考或参考:Systems Manager 的 Cron 和速率表达式。AWS
-
有关API详细信息,请参阅 “CreateAssociation AWS CLI
命令参考”。
-
以下代码示例演示如何使用 create-document。
- AWS CLI
-
创建文档
以下
create-document示例创建一个 Systems Manager 文档。aws ssm create-document \ --contentfile://exampleDocument.yml\ --name"Example"\ --document-type"Automation"\ --document-formatYAML输出:
{ "DocumentDescription": { "Hash": "fc2410281f40779e694a8b95975d0f9f316da8a153daa94e3d9921102EXAMPLE", "HashType": "Sha256", "Name": "Example", "Owner": "29884EXAMPLE", "CreatedDate": 1583256349.452, "Status": "Creating", "DocumentVersion": "1", "Description": "Document Example", "Parameters": [ { "Name": "AutomationAssumeRole", "Type": "String", "Description": "(Required) The ARN of the role that allows Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses your IAM permissions to execute this document.", "DefaultValue": "" }, { "Name": "InstanceId", "Type": "String", "Description": "(Required) The ID of the Amazon EC2 instance.", "DefaultValue": "" } ], "PlatformTypes": [ "Windows", "Linux" ], "DocumentType": "Automation", "SchemaVersion": "0.3", "LatestVersion": "1", "DefaultVersion": "1", "DocumentFormat": "YAML", "Tags": [] } }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的创建 Systems Manager 文档。
-
有关API详细信息,请参阅 “CreateDocument AWS CLI
命令参考”。
-
以下代码示例演示如何使用 create-maintenance-window。
- AWS CLI
-
示例 1:创建维护时段
以下
create-maintenance-window示例创建一个新的维护时段,每五分钟执行一次,最多持续两个小时(根据需要),防止新任务在维护时段执行结束后的一小时内启动,允许未关联的目标(您尚未向维护时段注册的实例),并通过使用自定义标签表明其创建者打算在教程中进行使用。aws ssm create-maintenance-window \ --name"My-Tutorial-Maintenance-Window"\ --schedule"rate(5 minutes)"\ --duration2--cutoff1\ --allow-unassociated-targets \ --tags"Key=Purpose,Value=Tutorial"输出:
{ "WindowId": "mw-0c50858d01EXAMPLE" }示例 2:创建仅运行一次的维护时段
以下
create-maintenance-window示例创建了一个仅在指定日期和时间运行一次的新维护时段。aws ssm create-maintenance-window \ --nameMy-One-Time-Maintenance-Window\ --schedule"at(2020-05-14T15:55:00)"\ --duration5\ --cutoff2\ --allow-unassociated-targets \ --tags"Key=Environment,Value=Production"输出:
{ "WindowId": "mw-01234567890abcdef" }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的维护时段。
-
有关API详细信息,请参阅 “CreateMaintenanceWindow AWS CLI
命令参考”。
-
以下代码示例演示如何使用 create-ops-item。
- AWS CLI
-
要创建 OpsItems
以下
create-ops-item示例使用the /aws/resources密钥创建 OpsItem 带有亚马逊 DynamoDB 相关资源的。 OperationalDataaws ssm create-ops-item \ --title"EC2 instance disk full"\ --description"Log clean up may have failed which caused the disk to be full"\ --priority2\ --sourceec2\ --operational-data '{"/aws/resources":{"Value":"[{\"arn\": \"arn:aws:dynamodb:us-west-2:12345678:table/OpsItems\"}]","Type":"SearchableString"}}' \ --notifications Arn="arn:aws:sns:us-west-2:12345678:TestUser"输出:
{ "OpsItemId": "oi-1a2b3c4d5e6f" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》 OpsItems中的 “创建”。
-
有关API详细信息,请参阅 “CreateOpsItem AWS CLI
命令参考”。
-
以下代码示例演示如何使用 create-patch-baseline。
- AWS CLI
-
示例 1:创建具有自动批准功能的补丁基准
以下
create-patch-baseline示例创建一个 Windows Server 的补丁基准,该基准在 Microsoft 发布补丁 7 天后批准生产环境的补丁。aws ssm create-patch-baseline \ --name"Windows-Production-Baseline-AutoApproval"\ --operating-system"WINDOWS"\ --approval-rules"PatchRules=[{PatchFilterGroup={PatchFilters=[{Key=MSRC_SEVERITY,Values=[Critical,Important,Moderate]},{Key=CLASSIFICATION,Values=[SecurityUpdates,Updates,UpdateRollups,CriticalUpdates]}]},ApproveAfterDays=7}]"\ --description"Baseline containing all updates approved for Windows Server production systems"输出:
{ "BaselineId": "pb-045f10b4f3EXAMPLE" }示例 2:创建带有批准截止日期的补丁基准
以下
create-patch-baseline示例为 Windows Server 创建补丁基准,其批准 2020 年 7 月 7 日或之前在生产环境中发布的所有补丁。aws ssm create-patch-baseline \ --name"Windows-Production-Baseline-AutoApproval"\ --operating-system"WINDOWS"\ --approval-rules"PatchRules=[{PatchFilterGroup={PatchFilters=[{Key=MSRC_SEVERITY,Values=[Critical,Important,Moderate]},{Key=CLASSIFICATION,Values=[SecurityUpdates,Updates,UpdateRollups,CriticalUpdates]}]},ApproveUntilDate=2020-07-07}]"\ --description"Baseline containing all updates approved for Windows Server production systems"输出:
{ "BaselineId": "pb-045f10b4f3EXAMPLE" }示例 3:使用存储在JSON文件中的批准规则创建补丁基准
以下
create-patch-baseline示例为 Amazon Linux 2017.09 创建补丁基准,其将在补丁发布 7 天后批准生产环境的补丁,指定补丁基准的批准规则,并指定补丁的自定义存储库。aws ssm create-patch-baseline \ --cli-input-jsonfile://my-amazon-linux-approval-rules-and-repo.jsonmy-amazon-linux-approval-rules-and-repo.json的内容:{ "Name": "Amazon-Linux-2017.09-Production-Baseline", "Description": "My approval rules patch baseline for Amazon Linux 2017.09 instances", "OperatingSystem": "AMAZON_LINUX", "Tags": [ { "Key": "Environment", "Value": "Production" } ], "ApprovalRules": { "PatchRules": [ { "ApproveAfterDays": 7, "EnableNonSecurity": true, "PatchFilterGroup": { "PatchFilters": [ { "Key": "SEVERITY", "Values": [ "Important", "Critical" ] }, { "Key": "CLASSIFICATION", "Values": [ "Security", "Bugfix" ] }, { "Key": "PRODUCT", "Values": [ "AmazonLinux2017.09" ] } ] } } ] }, "Sources": [ { "Name": "My-AL2017.09", "Products": [ "AmazonLinux2017.09" ], "Configuration": "[amzn-main] \nname=amzn-main-Base\nmirrorlist=http://repo./$awsregion./$awsdomain//$releasever/main/mirror.list //nmirrorlist_expire=300//nmetadata_expire=300 \npriority=10 \nfailovermethod=priority \nfastestmirror_enabled=0 \ngpgcheck=1 \ngpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-amazon-ga \nenabled=1 \nretries=3 \ntimeout=5\nreport_instanceid=yes" } ] }示例 4:创建指定已批准和已拒绝补丁的补丁基准
以下
create-patch-baseline示例明确指定要批准和拒绝的补丁,作为默认批准规则的例外情况。aws ssm create-patch-baseline \ --name"Amazon-Linux-2017.09-Alpha-Baseline"\ --description"My custom approve/reject patch baseline for Amazon Linux 2017.09 instances"\ --operating-system"AMAZON_LINUX"\ --approved-patches"CVE-2018-1234567,example-pkg-EE-2018*.amzn1.noarch"\ --approved-patches-compliance-level"HIGH"\ --approved-patches-enable-non-security \ --tags"Key=Environment,Value=Alpha"有关更多信息,请参阅《AWS Systems Manager 用户指南》中的创建自定义补丁基准。
-
有关API详细信息,请参阅 “CreatePatchBaseline AWS CLI
命令参考”。
-
以下代码示例演示如何使用 create-resource-data-sync。
- AWS CLI
-
创建资源数据同步
此示例创建了资源数据同步。如果此命令成功,则无任何输出。
命令:
aws ssm create-resource-data-sync --sync-name"ssm-resource-data-sync"--s3-destination"BucketName=ssm-bucket,Prefix=inventory,SyncFormat=JsonSerDe,Region=us-east-1"-
有关API详细信息,请参阅 “CreateResourceDataSync AWS CLI
命令参考”。
-
以下代码示例演示如何使用 delete-activation。
- AWS CLI
-
删除托管式实例激活
以下
delete-activation示例删除托管式实例激活。aws ssm delete-activation \ --activation-id"aa673477-d926-42c1-8757-1358cEXAMPLE"此命令不生成任何输出。
有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的为混合环境设置AWS Systems Manager。
-
有关API详细信息,请参阅 “DeleteActivation AWS CLI
命令参考”。
-
以下代码示例演示如何使用 delete-association。
- AWS CLI
-
示例 1:使用关联 ID 删除关联
以下
delete-association示例删除指定关联 ID 的关联。如果此命令成功,则无任何输出。aws ssm delete-association \ --association-id"8dfe3659-4309-493a-8755-0123456789ab"此命令不生成任何输出。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的编辑和创建关联的新版本。
示例 2:删除关联
以下
delete-association示例删除实例和文档之间的关联。如果此命令成功,则无任何输出。aws ssm delete-association \ --instance-id"i-1234567890abcdef0"\ --name"AWS-UpdateSSMAgent"此命令不生成任何输出。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的在 Systems Manager 中使用关联。
-
有关API详细信息,请参阅 “DeleteAssociation AWS CLI
命令参考”。
-
以下代码示例演示如何使用 delete-document。
- AWS CLI
-
删除文档
以下
delete-document示例删除一个 Systems Manager 文档。aws ssm delete-document \ --name"Example"此命令不生成任何输出。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的创建 Systems Manager 文档。
-
有关API详细信息,请参阅 “DeleteDocument AWS CLI
命令参考”。
-
以下代码示例演示如何使用 delete-inventory。
- AWS CLI
-
删除自定义库存类型
此示例删除了自定义清单架构。
命令:
aws ssm delete-inventory --type-name"Custom:RackInfo"--schema-delete-option"DeleteSchema"输出:
{ "DeletionId": "d72ac9e8-1f60-4d40-b1c6-bf8c78c68c4d", "TypeName": "Custom:RackInfo", "DeletionSummary": { "TotalCount": 1, "RemainingCount": 1, "SummaryItems": [ { "Version": "1.0", "Count": 1, "RemainingCount": 1 } ] } }禁用自定义库存类型
此示例禁用了自定义清单架构。
命令:
aws ssm delete-inventory --type-name"Custom:RackInfo"--schema-delete-option"DisableSchema"输出:
{ "DeletionId": "6961492a-8163-44ec-aa1e-923364dd0850", "TypeName": "Custom:RackInformation", "DeletionSummary": { "TotalCount": 0, "RemainingCount": 0, "SummaryItems": [] } }-
有关API详细信息,请参阅 “DeleteInventory AWS CLI
命令参考”。
-
以下代码示例演示如何使用 delete-maintenance-window。
- AWS CLI
-
删除维护时段
此
delete-maintenance-window示例删除指定的维护时段。aws ssm delete-maintenance-window \ --window-id"mw-1a2b3c4d5e6f7g8h9"输出:
{ "WindowId":"mw-1a2b3c4d5e6f7g8h9" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “删除维护窗口” (AWS CLI)。
-
有关API详细信息,请参阅 “DeleteMaintenanceWindow AWS CLI
命令参考”。
-
以下代码示例演示如何使用 delete-parameter。
- AWS CLI
-
删除参数
以下
delete-parameter示例将删除指定的一个参数。aws ssm delete-parameter \ --name"MyParameter"此命令不生成任何输出。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用 Parameter Store。
-
有关API详细信息,请参阅 “DeleteParameter AWS CLI
命令参考”。
-
以下代码示例演示如何使用 delete-parameters。
- AWS CLI
-
删除参数列表
以下
delete-parameters示例删除了指定的参数。aws ssm delete-parameters \ --names"MyFirstParameter""MySecondParameter""MyInvalidParameterName"输出:
{ "DeletedParameters": [ "MyFirstParameter", "MySecondParameter" ], "InvalidParameters": [ "MyInvalidParameterName" ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用 Parameter Store。
-
有关API详细信息,请参阅 “DeleteParameters AWS CLI
命令参考”。
-
以下代码示例演示如何使用 delete-patch-baseline。
- AWS CLI
-
删除补丁基准
以下
delete-patch-baseline示例将删除指定的补丁基准。aws ssm delete-patch-baseline \ --baseline-id"pb-045f10b4f382baeda"输出:
{ "BaselineId": "pb-045f10b4f382baeda" }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的更新或删除补丁基准(控制台)。
-
有关API详细信息,请参阅 “DeletePatchBaseline AWS CLI
命令参考”。
-
以下代码示例演示如何使用 delete-resource-data-sync。
- AWS CLI
-
删除资源数据同步
此示例删除资源数据同步。如果此命令成功,则无任何输出。
命令:
aws ssm delete-resource-data-sync --sync-name"ssm-resource-data-sync"-
有关API详细信息,请参阅 “DeleteResourceDataSync AWS CLI
命令参考”。
-
以下代码示例演示如何使用 deregister-managed-instance。
- AWS CLI
-
取消注册托管式实例
以下
deregister-managed-instance示例取消注册指定的托管式实例。aws ssm deregister-managed-instance --instance-id"mi-08ab247cdfEXAMPLE"此命令不生成任何输出。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的在混合环境中取消注册托管式实例。
-
有关API详细信息,请参阅 “DeregisterManagedInstance AWS CLI
命令参考”。
-
以下代码示例演示如何使用 deregister-patch-baseline-for-patch-group。
- AWS CLI
-
从补丁基准取消注册补丁组
以下
deregister-patch-baseline-for-patch-group示例从指定的补丁基准中取消注册指定的补丁组。aws ssm deregister-patch-baseline-for-patch-group \ --patch-group"Production"\ --baseline-id"pb-0ca44a362fEXAMPLE"输出:
{ "PatchGroup":"Production", "BaselineId":"pb-0ca44a362fEXAMPLE" }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的将补丁组添加到补丁基准。
-
有关API详细信息,请参阅 “DeregisterPatchBaselineForPatchGroup AWS CLI
命令参考”。
-
以下代码示例演示如何使用 deregister-target-from-maintenance-window。
- AWS CLI
-
从维护时段删除目标
以下
deregister-target-from-maintenance-window示例从指定的维护时段中删除指定的目标。aws ssm deregister-target-from-maintenance-window \ --window-id"mw-ab12cd34ef56gh78"\ --window-target-id"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d-1a2"输出:
{ "WindowId":"mw-ab12cd34ef56gh78", "WindowTargetId":"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d-1a2" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “更新维护窗口” (AWS CLI)。
-
有关API详细信息,请参阅 “DeregisterTargetFromMaintenanceWindow AWS CLI
命令参考”。
-
以下代码示例演示如何使用 deregister-task-from-maintenance-window。
- AWS CLI
-
从维护时段删除任务
以下
deregister-task-from-maintenance-window示例从指定的维护时段中删除指定的任务。aws ssm deregister-task-from-maintenance-window \ --window-id"mw-ab12cd34ef56gh78"\ --window-task-id"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d5e6c"输出:
{ "WindowTaskId":"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d5e6c", "WindowId":"mw-ab12cd34ef56gh78" }有关更多信息,请参阅《系统管理器用户指南》中的 Syst AWS ems Manager 维护 Windows 教程 (AWS CLI)。
-
有关API详细信息,请参阅 “DeregisterTaskFromMaintenanceWindow AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-activations。
- AWS CLI
-
描述激活
以下
describe-activations示例列出了有关您 AWS 账户中激活的详细信息。aws ssm describe-activations输出:
{ "ActivationList": [ { "ActivationId": "5743558d-563b-4457-8682-d16c3EXAMPLE", "Description": "Example1", "IamRole": "HybridWebServersRole, "RegistrationLimit": 5, "RegistrationsCount": 5, "ExpirationDate": 1584316800.0, "Expired": false, "CreatedDate": 1581954699.792 }, { "ActivationId": "3ee0322b-f62d-40eb-b672-13ebfEXAMPLE", "Description": "Example2", "IamRole": "HybridDatabaseServersRole", "RegistrationLimit": 5, "RegistrationsCount": 5, "ExpirationDate": 1580515200.0, "Expired": true, "CreatedDate": 1578064132.002 }, ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的步骤 4:为混合环境创建托管式实例激活。
-
有关API详细信息,请参阅 “DescribeActivations AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-association-execution-targets。
- AWS CLI
-
获取关联执行的详细信息
以下
describe-association-execution-targets示例描述指定的关联执行。aws ssm describe-association-execution-targets \ --association-id"8dfe3659-4309-493a-8755-0123456789ab"\ --execution-id"7abb6378-a4a5-4f10-8312-0123456789ab"输出:
{ "AssociationExecutionTargets": [ { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "ExecutionId": "7abb6378-a4a5-4f10-8312-0123456789ab", "ResourceId": "i-1234567890abcdef0", "ResourceType": "ManagedInstance", "Status": "Success", "DetailedStatus": "Success", "LastExecutionDate": 1550505538.497, "OutputSource": { "OutputSourceId": "97fff367-fc5a-4299-aed8-0123456789ab", "OutputSourceType": "RunCommand" } } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的查看关联历史记录。
-
有关API详细信息,请参阅 “DescribeAssociationExecutionTargets AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-association-executions。
- AWS CLI
-
示例 1:获取关联所有执行的详细信息
以下
describe-association-executions示例描述指定关联的所有执行。aws ssm describe-association-executions \ --association-id"8dfe3659-4309-493a-8755-0123456789ab"输出:
{ "AssociationExecutions": [ { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "ExecutionId": "474925ef-1249-45a2-b93d-0123456789ab", "Status": "Success", "DetailedStatus": "Success", "CreatedTime": 1550505827.119, "ResourceCountByStatus": "{Success=1}" }, { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "ExecutionId": "7abb6378-a4a5-4f10-8312-0123456789ab", "Status": "Success", "DetailedStatus": "Success", "CreatedTime": 1550505536.843, "ResourceCountByStatus": "{Success=1}" }, ... ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的查看关联历史记录。
示例 2:获取特定日期和时间之后关联的所有执行的详细信息
以下
describe-association-executions示例描述指定日期和时间之后关联的所有执行。aws ssm describe-association-executions \ --association-id"8dfe3659-4309-493a-8755-0123456789ab"\ --filters"Key=CreatedTime,Value=2019-02-18T16:00:00Z,Type=GREATER_THAN"输出:
{ "AssociationExecutions": [ { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "ExecutionId": "474925ef-1249-45a2-b93d-0123456789ab", "Status": "Success", "DetailedStatus": "Success", "CreatedTime": 1550505827.119, "ResourceCountByStatus": "{Success=1}" }, { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "ExecutionId": "7abb6378-a4a5-4f10-8312-0123456789ab", "Status": "Success", "DetailedStatus": "Success", "CreatedTime": 1550505536.843, "ResourceCountByStatus": "{Success=1}" }, ... ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的查看关联历史记录。
-
有关API详细信息,请参阅 “DescribeAssociationExecutions AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-association。
- AWS CLI
-
示例 1:获取关联的详细信息
以下
describe-association示例描述指定关联 ID 的关联。aws ssm describe-association \ --association-id"8dfe3659-4309-493a-8755-0123456789ab"输出:
{ "AssociationDescription": { "Name": "AWS-GatherSoftwareInventory", "AssociationVersion": "1", "Date": 1534864780.995, "LastUpdateAssociationDate": 1543235759.81, "Overview": { "Status": "Success", "AssociationStatusAggregatedCount": { "Success": 2 } }, "DocumentVersion": "$DEFAULT", "Parameters": { "applications": [ "Enabled" ], "awsComponents": [ "Enabled" ], "customInventory": [ "Enabled" ], "files": [ "" ], "instanceDetailedInformation": [ "Enabled" ], "networkConfig": [ "Enabled" ], "services": [ "Enabled" ], "windowsRegistry": [ "" ], "windowsRoles": [ "Enabled" ], "windowsUpdates": [ "Enabled" ] }, "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "Targets": [ { "Key": "InstanceIds", "Values": [ "*" ] } ], "ScheduleExpression": "rate(24 hours)", "LastExecutionDate": 1550501886.0, "LastSuccessfulExecutionDate": 1550501886.0, "AssociationName": "Inventory-Association" } }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的编辑和创建关联的新版本。
示例 2:获取特定实例和文档的关联的详细信息
以下
describe-association示例描述实例和文档之间的关联。aws ssm describe-association \ --instance-id"i-1234567890abcdef0"\ --name"AWS-UpdateSSMAgent"输出:
{ "AssociationDescription": { "Status": { "Date": 1487876122.564, "Message": "Associated with AWS-UpdateSSMAgent", "Name": "Associated" }, "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-1234567890abcdef0", "Overview": { "Status": "Pending", "DetailedStatus": "Associated", "AssociationStatusAggregatedCount": { "Pending": 1 } }, "AssociationId": "d8617c07-2079-4c18-9847-1234567890ab", "DocumentVersion": "$DEFAULT", "LastUpdateAssociationDate": 1487876122.564, "Date": 1487876122.564, "Targets": [ { "Values": [ "i-1234567890abcdef0" ], "Key": "InstanceIds" } ] } }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的编辑和创建关联的新版本。
-
有关API详细信息,请参阅 “DescribeAssociation AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-automation-executions。
- AWS CLI
-
描述自动化执行
以下
describe-automation-executions示例显示了有关自动化执行的详细信息。aws ssm describe-automation-executions \ --filtersKey=ExecutionId,Values=73c8eef8-f4ee-4a05-820c-e354fEXAMPLE输出:
{ "AutomationExecutionMetadataList": [ { "AutomationExecutionId": "73c8eef8-f4ee-4a05-820c-e354fEXAMPLE", "DocumentName": "AWS-StartEC2Instance", "DocumentVersion": "1", "AutomationExecutionStatus": "Success", "ExecutionStartTime": 1583737233.748, "ExecutionEndTime": 1583737234.719, "ExecutedBy": "arn:aws:sts::29884EXAMPLE:assumed-role/mw_service_role/OrchestrationService", "LogFile": "", "Outputs": {}, "Mode": "Auto", "Targets": [], "ResolvedTargets": { "ParameterValues": [], "Truncated": false }, "AutomationType": "Local" } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的运行简单的自动化工作流程。
-
有关API详细信息,请参阅 “DescribeAutomationExecutions AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-automation-step-executions。
- AWS CLI
-
示例 1:描述自动化执行的所有步骤
以下
describe-automation-step-executions示例显示有关自动化执行步骤的详细信息。aws ssm describe-automation-step-executions \ --automation-execution-id73c8eef8-f4ee-4a05-820c-e354fEXAMPLE输出:
{ "StepExecutions": [ { "StepName": "startInstances", "Action": "aws:changeInstanceState", "ExecutionStartTime": 1583737234.134, "ExecutionEndTime": 1583737234.672, "StepStatus": "Success", "Inputs": { "DesiredState": "\"running\"", "InstanceIds": "[\"i-0cb99161f6EXAMPLE\"]" }, "Outputs": { "InstanceStates": [ "running" ] }, "StepExecutionId": "95e70479-cf20-4d80-8018-7e4e2EXAMPLE", "OverriddenParameters": {} } ] }示例 2:描述自动化执行的特定步骤
以下
describe-automation-step-executions示例显示了有关自动化执行中特定步骤的详细信息。aws ssm describe-automation-step-executions \ --automation-execution-id73c8eef8-f4ee-4a05-820c-e354fEXAMPLE\ --filtersKey=StepExecutionId,Values=95e70479-cf20-4d80-8018-7e4e2EXAMPLE有关更多信息,请参阅《AWS Systems Manager 用户指南》中的分步运行自动化工作流程(命令行)。
-
有关API详细信息,请参阅 “DescribeAutomationStepExecutions AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-available-patches。
- AWS CLI
-
获取可用补丁
以下
describe-available-patches示例检索所有MSRC严重性为 “严重” 的 Windows Server 2019 可用补丁的详细信息。aws ssm describe-available-patches \ --filters"Key=PRODUCT,Values=WindowsServer2019""Key=MSRC_SEVERITY,Values=Critical"输出:
{ "Patches": [ { "Id": "fe6bd8c2-3752-4c8b-ab3e-1a7ed08767ba", "ReleaseDate": 1544047205.0, "Title": "2018-11 Update for Windows Server 2019 for x64-based Systems (KB4470788)", "Description": "Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.", "ContentUrl": "https://support.microsoft.com/en-us/kb/4470788", "Vendor": "Microsoft", "ProductFamily": "Windows", "Product": "WindowsServer2019", "Classification": "SecurityUpdates", "MsrcSeverity": "Critical", "KbNumber": "KB4470788", "MsrcNumber": "", "Language": "All" }, { "Id": "c96115e1-5587-4115-b851-22baa46a3f11", "ReleaseDate": 1549994410.0, "Title": "2019-02 Security Update for Adobe Flash Player for Windows Server 2019 for x64-based Systems (KB4487038)", "Description": "A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.", "ContentUrl": "https://support.microsoft.com/en-us/kb/4487038", "Vendor": "Microsoft", "ProductFamily": "Windows", "Product": "WindowsServer2019", "Classification": "SecurityUpdates", "MsrcSeverity": "Critical", "KbNumber": "KB4487038", "MsrcNumber": "", "Language": "All" }, ... ] }获取特定补丁的详细信息
以下
describe-available-patches示例将检索有关指定补丁的详细信息。aws ssm describe-available-patches \ --filters"Key=PATCH_ID,Values=KB4480979"输出:
{ "Patches": [ { "Id": "680861e3-fb75-432e-818e-d72e5f2be719", "ReleaseDate": 1546970408.0, "Title": "2019-01 Security Update for Adobe Flash Player for Windows Server 2016 for x64-based Systems (KB4480979)", "Description": "A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.", "ContentUrl": "https://support.microsoft.com/en-us/kb/4480979", "Vendor": "Microsoft", "ProductFamily": "Windows", "Product": "WindowsServer2016", "Classification": "SecurityUpdates", "MsrcSeverity": "Critical", "KbNumber": "KB4480979", "MsrcNumber": "", "Language": "All" } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的 Patch Manager 工作原理。
-
有关API详细信息,请参阅 “DescribeAvailablePatches AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-document-permission。
- AWS CLI
-
描述文档权限
以下
describe-document-permission示例显示有关公开共享 Systems Manager 文档的权限详细信息。aws ssm describe-document-permission \ --name"Example"\ --permission-type"Share"输出:
{ "AccountIds": [ "all" ], "AccountSharingInfoList": [ { "AccountId": "all", "SharedDocumentVersion": "$DEFAULT" } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的共享 Systems Manager 文档。
-
有关API详细信息,请参阅 “DescribeDocumentPermission AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-document。
- AWS CLI
-
显示文档的详细信息
以下
describe-document示例显示了有关您 AWS 账户中 Systems Manager 文档的详细信息。aws ssm describe-document \ --name"Example"输出:
{ "Document": { "Hash": "fc2410281f40779e694a8b95975d0f9f316da8a153daa94e3d9921102EXAMPLE", "HashType": "Sha256", "Name": "Example", "Owner": "29884EXAMPLE", "CreatedDate": 1583257938.266, "Status": "Active", "DocumentVersion": "1", "Description": "Document Example", "Parameters": [ { "Name": "AutomationAssumeRole", "Type": "String", "Description": "(Required) The ARN of the role that allows Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses your IAM permissions to execute this document.", "DefaultValue": "" }, { "Name": "InstanceId", "Type": "String", "Description": "(Required) The ID of the Amazon EC2 instance.", "DefaultValue": "" } ], "PlatformTypes": [ "Windows", "Linux" ], "DocumentType": "Automation", "SchemaVersion": "0.3", "LatestVersion": "1", "DefaultVersion": "1", "DocumentFormat": "YAML", "Tags": [] } }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的创建 Systems Manager 文档。
-
有关API详细信息,请参阅 “DescribeDocument AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-effective-instance-associations。
- AWS CLI
-
获取实例有效关联的详细信息
以下
describe-effective-instance-associations示例检索有关实例有效关联的详细信息。命令:
aws ssm describe-effective-instance-associations --instance-id"i-1234567890abcdef0"输出:
{ "Associations": [ { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "InstanceId": "i-1234567890abcdef0", "Content": "{\n \"schemaVersion\": \"1.2\",\n \"description\": \"Update the Amazon SSM Agent to the latest version or specified version.\",\n \"parameters\": {\n \"version\": {\n \"default\": \"\",\n \"description\": \"(Optional) A specific version of the Amazon SSM Agent to install. If not specified, the agent will be updated to the latest version.\",\n \"type\": \"String\"\n },\n \"allowDowngrade\": {\n \"default\": \"false\",\n \"description\": \"(Optional) Allow the Amazon SSM Agent service to be downgraded to an earlier version. If set to false, the service can be upgraded to newer versions only (default). If set to true, specify the earlier version.\",\n \"type\": \"String\",\n \"allowedValues\": [\n \"true\",\n \"false\"\n ]\n }\n },\n \"runtimeConfig\": {\n \"aws:updateSsmAgent\": {\n \"properties\": [\n {\n \"agentName\": \"amazon-ssm-agent\",\n \"source\": \"https://s3.{Region}.amazonaws.com/amazon-ssm-{Region}/ssm-agent-manifest.json\",\n \"allowDowngrade\": \"{{ allowDowngrade }}\",\n \"targetVersion\": \"{{ version }}\"\n }\n ]\n }\n }\n}\n", "AssociationVersion": "1" } ] }-
有关API详细信息,请参阅 “DescribeEffectiveInstanceAssociations AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-effective-patches-for-patch-baseline。
- AWS CLI
-
示例 1:获取自定义补丁基准定义的所有补丁
以下
describe-effective-patches-for-patch-baseline示例返回当前 AWS 账户中由自定义补丁基准定义的补丁。请注意,对于自定义基准,--baseline-id只需要 ID 。aws ssm describe-effective-patches-for-patch-baseline \ --baseline-id"pb-08b654cf9b9681f04"输出:
{ "EffectivePatches": [ { "Patch": { "Id": "fe6bd8c2-3752-4c8b-ab3e-1a7ed08767ba", "ReleaseDate": 1544047205.0, "Title": "2018-11 Update for Windows Server 2019 for x64-based Systems (KB4470788)", "Description": "Install this update to resolve issues in Windows. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article for more information. After you install this item, you may have to restart your computer.", "ContentUrl": "https://support.microsoft.com/en-us/kb/4470788", "Vendor": "Microsoft", "ProductFamily": "Windows", "Product": "WindowsServer2019", "Classification": "SecurityUpdates", "MsrcSeverity": "Critical", "KbNumber": "KB4470788", "MsrcNumber": "", "Language": "All" }, "PatchStatus": { "DeploymentStatus": "APPROVED", "ComplianceLevel": "CRITICAL", "ApprovalDate": 1544047205.0 } }, { "Patch": { "Id": "915a6b1a-f556-4d83-8f50-b2e75a9a7e58", "ReleaseDate": 1549994400.0, "Title": "2019-02 Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows Server 2019 for x64 (KB4483452)", "Description": "A security issue has been identified in a Microsoft software product that could affect your system. You can help protect your system by installing this update from Microsoft. For a complete listing of the issues that are included in this update, see the associated Microsoft Knowledge Base article. After you install this update, you may have to restart your system.", "ContentUrl": "https://support.microsoft.com/en-us/kb/4483452", "Vendor": "Microsoft", "ProductFamily": "Windows", "Product": "WindowsServer2019", "Classification": "SecurityUpdates", "MsrcSeverity": "Important", "KbNumber": "KB4483452", "MsrcNumber": "", "Language": "All" }, "PatchStatus": { "DeploymentStatus": "APPROVED", "ComplianceLevel": "CRITICAL", "ApprovalDate": 1549994400.0 } }, ... ], "NextToken": "--token string truncated--" }示例 2:获取由 AWS 托管补丁基准定义的所有补丁
以下
describe-effective-patches-for-patch-baseline示例返回由 AWS 托管补丁基准定义的修补程序。请注意,对于受 AWS 管理的基线ARN,需要完整的基线--baseline-idaws ssm describe-effective-patches-for-patch-baseline \ --baseline-id"arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-020d361a05defe4ed"有关输出示例,请参阅示例 1。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的如何选择安全补丁。
-
有关API详细信息,请参阅 “DescribeEffectivePatchesForPatchBaseline AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-instance-associations-status。
- AWS CLI
-
描述实例关联的状态
此示例显示实例关联的详细信息。
命令:
aws ssm describe-instance-associations-status --instance-id"i-1234567890abcdef0"输出:
{ "InstanceAssociationStatusInfos": [ { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "Name": "AWS-GatherSoftwareInventory", "DocumentVersion": "1", "AssociationVersion": "1", "InstanceId": "i-1234567890abcdef0", "ExecutionDate": 1550501886.0, "Status": "Success", "ExecutionSummary": "1 out of 1 plugin processed, 1 success, 0 failed, 0 timedout, 0 skipped. ", "AssociationName": "Inventory-Association" }, { "AssociationId": "5c5a31f6-6dae-46f9-944c-0123456789ab", "Name": "AWS-UpdateSSMAgent", "DocumentVersion": "1", "AssociationVersion": "1", "InstanceId": "i-1234567890abcdef0", "ExecutionDate": 1550505828.548, "Status": "Success", "DetailedStatus": "Success", "AssociationName": "UpdateSSMAgent" } ] }-
有关API详细信息,请参阅 “DescribeInstanceAssociationsStatus AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-instance-information。
- AWS CLI
-
示例 1:描述托管式实例信息
以下
describe-instance-information示例检索每个托管式实例的详细信息。aws ssm describe-instance-information示例 2:描述有关特定托管式实例的信息
以下
describe-instance-information示例显示托管式实例i-028ea792daEXAMPLE的详细信息。aws ssm describe-instance-information \ --filters"Key=InstanceIds,Values=i-028ea792daEXAMPLE"示例 3:描述有关具有特定标签键的托管式实例的信息
以下
describe-instance-information示例显示具有标签键DEV的托管式实例的详细信息。aws ssm describe-instance-information \ --filters"Key=tag-key,Values=DEV"输出:
{ "InstanceInformationList": [ { "InstanceId": "i-028ea792daEXAMPLE", "PingStatus": "Online", "LastPingDateTime": 1582221233.421, "AgentVersion": "2.3.842.0", "IsLatestVersion": true, "PlatformType": "Linux", "PlatformName": "SLES", "PlatformVersion": "15.1", "ResourceType": "EC2Instance", "IPAddress": "192.0.2.0", "ComputerName": "ip-198.51.100.0.us-east-2.compute.internal", "AssociationStatus": "Success", "LastAssociationExecutionDate": 1582220806.0, "LastSuccessfulAssociationExecutionDate": 1582220806.0, "AssociationOverview": { "DetailedStatus": "Success", "InstanceAssociationStatusAggregatedCount": { "Success": 2 } } } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的托管式实例。
-
有关API详细信息,请参阅 “DescribeInstanceInformation AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-instance-patch-states-for-patch-group。
- AWS CLI
-
示例 1:获取补丁组的实例状态
以下
describe-instance-patch-states-for-patch-group示例检索有关指定补丁组每个实例的补丁摘要状态的详细信息。aws ssm describe-instance-patch-states-for-patch-group \ --patch-group"Production"输出:
{ "InstancePatchStates": [ { "InstanceId": "i-02573cafcfEXAMPLE", "PatchGroup": "Production", "BaselineId": "pb-0c10e65780EXAMPLE", "SnapshotId": "a3f5ff34-9bc4-4d2c-a665-4d1c1EXAMPLE", "OwnerInformation": "", "InstalledCount": 32, "InstalledOtherCount": 1, "InstalledPendingRebootCount": 0, "InstalledRejectedCount": 0, "MissingCount": 2, "FailedCount": 0, "UnreportedNotApplicableCount": 2671, "NotApplicableCount": 400, "OperationStartTime": "2021-08-04T11:03:50.590000-07:00", "OperationEndTime": "2021-08-04T11:04:21.555000-07:00", "Operation": "Scan", "RebootOption": "NoReboot", "CriticalNonCompliantCount": 0, "SecurityNonCompliantCount": 1, "OtherNonCompliantCount": 0 }, { "InstanceId": "i-0471e04240EXAMPLE", "PatchGroup": "Production", "BaselineId": "pb-09ca3fb51fEXAMPLE", "SnapshotId": "05d8ffb0-1bbe-4812-ba2d-d9b7bEXAMPLE", "OwnerInformation": "", "InstalledCount": 32, "InstalledOtherCount": 1, "InstalledPendingRebootCount": 0, "InstalledRejectedCount": 0, "MissingCount": 2, "FailedCount": 0, "UnreportedNotApplicableCount": 2671, "NotApplicableCount": 400, "OperationStartTime": "2021-08-04T22:06:20.340000-07:00", "OperationEndTime": "2021-08-04T22:07:11.220000-07:00", "Operation": "Scan", "RebootOption": "NoReboot", "CriticalNonCompliantCount": 0, "SecurityNonCompliantCount": 1, "OtherNonCompliantCount": 0 } ] }示例 2:获取缺失五个补丁以上的补丁组的实例状态
以下
describe-instance-patch-states-for-patch-group示例针对缺失五个补丁以上的实例的指定补丁组,检索补丁摘要状态详细信息。aws ssm describe-instance-patch-states-for-patch-group \ --filtersKey=MissingCount,Type=GreaterThan,Values=5\ --patch-group"Production"输出:
{ "InstancePatchStates": [ { "InstanceId": "i-02573cafcfEXAMPLE", "PatchGroup": "Production", "BaselineId": "pb-0c10e65780EXAMPLE", "SnapshotId": "a3f5ff34-9bc4-4d2c-a665-4d1c1EXAMPLE", "OwnerInformation": "", "InstalledCount": 46, "InstalledOtherCount": 4, "InstalledPendingRebootCount": 1, "InstalledRejectedCount": 1, "MissingCount": 7, "FailedCount": 0, "UnreportedNotApplicableCount": 232, "NotApplicableCount": 654, "OperationStartTime": "2021-08-04T11:03:50.590000-07:00", "OperationEndTime": "2021-08-04T11:04:21.555000-07:00", "Operation": "Scan", "RebootOption": "NoReboot", "CriticalNonCompliantCount": 0, "SecurityNonCompliantCount": 1, "OtherNonCompliantCount": 1 } ] }示例 3:获取需要重启的实例少于 10 个的补丁组的实例状态
以下
describe-instance-patch-states-for-patch-group示例针对需要重启的实例少于 10 个实例的指定补丁组,检索补丁摘要状态的详细信息。aws ssm describe-instance-patch-states-for-patch-group \ --filtersKey=InstalledPendingRebootCount,Type=LessThan,Values=10\ --patch-group"Production"输出:
{ "InstancePatchStates": [ { "InstanceId": "i-02573cafcfEXAMPLE", "BaselineId": "pb-0c10e65780EXAMPLE", "SnapshotId": "a3f5ff34-9bc4-4d2c-a665-4d1c1EXAMPLE", "PatchGroup": "Production", "OwnerInformation": "", "InstalledCount": 32, "InstalledOtherCount": 1, "InstalledPendingRebootCount": 4, "InstalledRejectedCount": 0, "MissingCount": 2, "FailedCount": 0, "UnreportedNotApplicableCount": 846, "NotApplicableCount": 212, "OperationStartTime": "2021-08-046T11:03:50.590000-07:00", "OperationEndTime": "2021-08-06T11:04:21.555000-07:00", "Operation": "Scan", "RebootOption": "NoReboot", "CriticalNonCompliantCount": 0, "SecurityNonCompliantCount": 1, "OtherNonCompliantCount": 0 } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的了解补丁合规性状态值。
-
有关API详细信息,请参阅 “DescribeInstancePatchStatesForPatchGroup AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-instance-patch-states。
- AWS CLI
-
获取实例的补丁摘要状态
此
describe-instance-patch-states示例获取实例的补丁摘要状态。aws ssm describe-instance-patch-states \ --instance-ids"i-1234567890abcdef0"输出:
{ "InstancePatchStates": [ { "InstanceId": "i-1234567890abcdef0", "PatchGroup": "my-patch-group", "BaselineId": "pb-0713accee01234567", "SnapshotId": "521c3536-930c-4aa9-950e-01234567abcd", "CriticalNonCompliantCount": 2, "SecurityNonCompliantCount": 2, "OtherNonCompliantCount": 1, "InstalledCount": 123, "InstalledOtherCount": 334, "InstalledPendingRebootCount": 0, "InstalledRejectedCount": 0, "MissingCount": 1, "FailedCount": 2, "UnreportedNotApplicableCount": 11, "NotApplicableCount": 2063, "OperationStartTime": "2021-05-03T11:00:56-07:00", "OperationEndTime": "2021-05-03T11:01:09-07:00", "Operation": "Scan", "LastNoRebootInstallOperationTime": "2020-06-14T12:17:41-07:00", "RebootOption": "RebootIfNeeded" } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的关于补丁合规性。
-
有关API详细信息,请参阅 “DescribeInstancePatchStates AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-instance-patches。
- AWS CLI
-
示例 1:获取实例的补丁状态详细信息
以下
describe-instance-patches示例将检索有关指定实例补丁的详细信息。aws ssm describe-instance-patches \ --instance-id"i-1234567890abcdef0"输出:
{ "Patches": [ { "Title": "2019-01 Security Update for Adobe Flash Player for Windows Server 2016 for x64-based Systems (KB4480979)", "KBId": "KB4480979", "Classification": "SecurityUpdates", "Severity": "Critical", "State": "Installed", "InstalledTime": "2019-01-09T00:00:00+00:00" }, { "Title": "", "KBId": "KB4481031", "Classification": "", "Severity": "", "State": "InstalledOther", "InstalledTime": "2019-02-08T00:00:00+00:00" }, ... ], "NextToken": "--token string truncated--" }示例 2:获取实例的处于“缺失”状态的补丁列表
以下
describe-instance-patches示例检索有关指定实例处于“缺失”状态的补丁的信息。aws ssm describe-instance-patches \ --instance-id"i-1234567890abcdef0"\ --filtersKey=State,Values=Missing输出:
{ "Patches": [ { "Title": "Windows Malicious Software Removal Tool x64 - February 2019 (KB890830)", "KBId": "KB890830", "Classification": "UpdateRollups", "Severity": "Unspecified", "State": "Missing", "InstalledTime": "1970-01-01T00:00:00+00:00" }, ... ], "NextToken": "--token string truncated--" }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的关于补丁合规性状态。
示例 3:获取自指定 InstalledTime 实例以来安装的补丁列表
以下
describe-instance-patches示例通过组合使用--filters和--query,检索指定实例自指定时间以来所安装补丁的信息。aws ssm describe-instance-patches \ --instance-id"i-1234567890abcdef0"\ --filtersKey=State,Values=Installed\ --query"Patches[?InstalledTime >= `2023-01-01T16:00:00`]"输出:
{ "Patches": [ { "Title": "2023-03 Cumulative Update for Windows Server 2019 (1809) for x64-based Systems (KB5023702)", "KBId": "KB5023702", "Classification": "SecurityUpdates", "Severity": "Critical", "State": "Installed", "InstalledTime": "2023-03-16T11:00:00+00:00" }, ... ], "NextToken": "--token string truncated--" }-
有关API详细信息,请参阅 “DescribeInstancePatches AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-inventory-deletions。
- AWS CLI
-
要删除库存
此示例检索库存删除操作的详细信息。
命令:
aws ssm describe-inventory-deletions输出:
{ "InventoryDeletions": [ { "DeletionId": "6961492a-8163-44ec-aa1e-01234567850", "TypeName": "Custom:RackInformation", "DeletionStartTime": 1550254911.0, "LastStatus": "InProgress", "LastStatusMessage": "The Delete is in progress", "DeletionSummary": { "TotalCount": 0, "RemainingCount": 0, "SummaryItems": [] }, "LastStatusUpdateTime": 1550254911.0 }, { "DeletionId": "d72ac9e8-1f60-4d40-b1c6-987654321c4d", "TypeName": "Custom:RackInfo", "DeletionStartTime": 1550254859.0, "LastStatus": "InProgress", "LastStatusMessage": "The Delete is in progress", "DeletionSummary": { "TotalCount": 1, "RemainingCount": 1, "SummaryItems": [ { "Version": "1.0", "Count": 1, "RemainingCount": 1 } ] }, "LastStatusUpdateTime": 1550254859.0 } ] }获取特定库存删除的详情
此示例检索特定库存删除操作的详细信息。
命令:
aws ssm describe-inventory-deletions --deletion-id"d72ac9e8-1f60-4d40-b1c6-987654321c4d"输出:
{ "InventoryDeletions": [ { "DeletionId": "d72ac9e8-1f60-4d40-b1c6-987654321c4d", "TypeName": "Custom:RackInfo", "DeletionStartTime": 1550254859.0, "LastStatus": "InProgress", "LastStatusMessage": "The Delete is in progress", "DeletionSummary": { "TotalCount": 1, "RemainingCount": 1, "SummaryItems": [ { "Version": "1.0", "Count": 1, "RemainingCount": 1 } ] }, "LastStatusUpdateTime": 1550254859.0 } ] }-
有关API详细信息,请参阅 “DescribeInventoryDeletions AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-maintenance-window-execution-task-invocations。
- AWS CLI
-
获取为执行维护时段任务而执行的特定任务调用
以下
describe-maintenance-window-execution-task-invocations示例列出作为指定维护时段执行组成部分来执行的指定任务的调用。aws ssm describe-maintenance-window-execution-task-invocations \ --window-execution-id"518d5565-5969-4cca-8f0e-da3b2a638355"\ --task-id"ac0c6ae1-daa3-4a89-832e-d384503b6586"输出:
{ "WindowExecutionTaskInvocationIdentities": [ { "Status": "SUCCESS", "Parameters": "{\"documentName\":\"AWS-RunShellScript\",\"instanceIds\":[\"i-0000293ffd8c57862\"],\"parameters\":{\"commands\":[\"df\"]},\"maxConcurrency\":\"1\",\"maxErrors\":\"1\"}", "InvocationId": "e274b6e1-fe56-4e32-bd2a-8073c6381d8b", "StartTime": 1487692834.723, "EndTime": 1487692834.871, "WindowExecutionId": "518d5565-5969-4cca-8f0e-da3b2a638355", "TaskExecutionId": "ac0c6ae1-daa3-4a89-832e-d384503b6586" } ] }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “查看有关任务和任务执行的信息” (AWS CLI)。
-
有关API详细信息,请参阅 “DescribeMaintenanceWindowExecutionTaskInvocations AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-maintenance-window-execution-tasks。
- AWS CLI
-
列出与维护时段执行相关的所有任务
以下
ssm describe-maintenance-window-execution-tasks示例列出与指定维护时段执行相关的任务。aws ssm describe-maintenance-window-execution-tasks \ --window-execution-id"518d5565-5969-4cca-8f0e-da3b2EXAMPLE"输出:
{ "WindowExecutionTaskIdentities": [ { "Status": "SUCCESS", "TaskArn": "AWS-RunShellScript", "StartTime": 1487692834.684, "TaskType": "RUN_COMMAND", "EndTime": 1487692835.005, "WindowExecutionId": "518d5565-5969-4cca-8f0e-da3b2EXAMPLE", "TaskExecutionId": "ac0c6ae1-daa3-4a89-832e-d3845EXAMPLE" } ] }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “查看有关任务和任务执行的信息” (AWS CLI)。
-
有关API详细信息,请参阅 “DescribeMaintenanceWindowExecutionTasks AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-maintenance-window-executions。
- AWS CLI
-
示例 1:列出维护时段内的所有执行
以下
describe-maintenance-window-executions示例列出指定维护时段的所有执行。aws ssm describe-maintenance-window-executions \ --window-id"mw-ab12cd34eEXAMPLE"输出:
{ "WindowExecutions": [ { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowExecutionId": "6027b513-64fe-4cf0-be7d-1191aEXAMPLE", "Status": "IN_PROGRESS", "StartTime": "2021-08-04T11:00:00.000000-07:00" }, { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowExecutionId": "ff75b750-4834-4377-8f61-b3cadEXAMPLE", "Status": "SUCCESS", "StartTime": "2021-08-03T11:00:00.000000-07:00", "EndTime": "2021-08-03T11:37:21.450000-07:00" }, { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowExecutionId": "9fac7dd9-ff21-42a5-96ad-bbc4bEXAMPLE", "Status": "FAILED", "StatusDetails": "One or more tasks in the orchestration failed.", "StartTime": "2021-08-02T11:00:00.000000-07:00", "EndTime": "2021-08-02T11:22:36.190000-07:00" } ] }示例 2:列出指定日期之前维护时段内的所有执行
以下
describe-maintenance-window-executions示例列出指定日期之前指定维护时段内的所有执行。aws ssm describe-maintenance-window-executions \ --window-id"mw-ab12cd34eEXAMPLE"\ --filters"Key=ExecutedBefore,Values=2021-08-03T00:00:00Z"输出:
{ "WindowExecutions": [ { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowExecutionId": "9fac7dd9-ff21-42a5-96ad-bbc4bEXAMPLE", "Status": "FAILED", "StatusDetails": "One or more tasks in the orchestration failed.", "StartTime": "2021-08-02T11:00:00.000000-07:00", "EndTime": "2021-08-02T11:22:36.190000-07:00" } ] }示例 3:列出指定日期之后维护时段内的所有执行
以下
describe-maintenance-window-executions示例列出指定日期之后指定维护时段内的所有执行。aws ssm describe-maintenance-window-executions \ --window-id"mw-ab12cd34eEXAMPLE"\ --filters"Key=ExecutedAfter,Values=2021-08-04T00:00:00Z"输出:
{ "WindowExecutions": [ { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowExecutionId": "6027b513-64fe-4cf0-be7d-1191aEXAMPLE", "Status": "IN_PROGRESS", "StartTime": "2021-08-04T11:00:00.000000-07:00" } ] }有关更多信息,请参阅 S AWS ystems Manager 用户指南中的查看有关任务和任务执行的信息 (AWS CLI)。
-
有关API详细信息,请参阅 “DescribeMaintenanceWindowExecutions AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-maintenance-window-schedule。
- AWS CLI
-
示例 1:列出维护时段即将执行的任务
以下
describe-maintenance-window-schedule示例列出了指定维护时段内所有即将执行的任务。aws ssm describe-maintenance-window-schedule \ --window-idmw-ab12cd34eEXAMPLE输出:
{ "ScheduledWindowExecutions": [ { "WindowId": "mw-ab12cd34eEXAMPLE", "Name": "My-First-Maintenance-Window", "ExecutionTime": "2020-02-19T16:00Z" }, { "WindowId": "mw-ab12cd34eEXAMPLE", "Name": "My-First-Maintenance-Window", "ExecutionTime": "2020-02-26T16:00Z" }, ... ] }示例 2:列出指定日期之前维护时段内所有即将执行的任务
以下
describe-maintenance-window-schedule示例列出了在指定日期之前在指定维护时段内即将执行的所有任务。aws ssm describe-maintenance-window-schedule \ --window-idmw-0ecb1226dd7b2e9a6\ --filters"Key=ScheduledBefore,Values=2020-02-15T06:00:00Z"示例 3:列出指定日期之后维护时段内所有即将执行的任务
以下
describe-maintenance-window-schedule示例列出了在指定日期之后在指定维护时段内即将执行的所有任务。aws ssm describe-maintenance-window-schedule \ --window-idmw-0ecb1226dd7b2e9a6\ --filters"Key=ScheduledAfter,Values=2020-02-15T06:00:00Z"有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “查看有关维护窗口的信息” (AWS CLI)。
-
有关API详细信息,请参阅 “DescribeMaintenanceWindowSchedule AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-maintenance-window-targets。
- AWS CLI
-
示例 1:列出维护时段内的所有目标
以下
describe-maintenance-window-targets示例列出维护时段内的所有目标。aws ssm describe-maintenance-window-targets \ --window-id"mw-06cf17cbefEXAMPLE"输出:
{ "Targets": [ { "ResourceType": "INSTANCE", "OwnerInformation": "Single instance", "WindowId": "mw-06cf17cbefEXAMPLE", "Targets": [ { "Values": [ "i-0000293ffdEXAMPLE" ], "Key": "InstanceIds" } ], "WindowTargetId": "350d44e6-28cc-44e2-951f-4b2c9EXAMPLE" }, { "ResourceType": "INSTANCE", "OwnerInformation": "Two instances in a list", "WindowId": "mw-06cf17cbefEXAMPLE", "Targets": [ { "Values": [ "i-0000293ffdEXAMPLE", "i-0cb2b964d3EXAMPLE" ], "Key": "InstanceIds" } ], "WindowTargetId": "e078a987-2866-47be-bedd-d9cf4EXAMPLE" } ] }示例 2:列出匹配特定所有者信息值的维护时段的所有目标
此
describe-maintenance-window-targets示例列出具有特定值的维护时段的所有目标。aws ssm describe-maintenance-window-targets \ --window-id"mw-0ecb1226ddEXAMPLE"\ --filters"Key=OwnerInformation,Values=CostCenter1"输出:
{ "Targets": [ { "WindowId": "mw-0ecb1226ddEXAMPLE", "WindowTargetId": "da89dcc3-7f9c-481d-ba2b-edcb7d0057f9", "ResourceType": "INSTANCE", "Targets": [ { "Key": "tag:Environment", "Values": [ "Prod" ] } ], "OwnerInformation": "CostCenter1", "Name": "ProdTarget1" } ] }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “查看有关维护窗口的信息” (AWS CLI)。
-
有关API详细信息,请参阅 “DescribeMaintenanceWindowTargets AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-maintenance-window-tasks。
- AWS CLI
-
示例 1:列出维护时段内的所有任务
以下
describe-maintenance-window-tasks示例列出指定维护时段内的所有任务。aws ssm describe-maintenance-window-tasks \ --window-id"mw-06cf17cbefEXAMPLE"输出:
{ "Tasks": [ { "WindowId": "mw-06cf17cbefEXAMPLE", "WindowTaskId": "018b31c3-2d77-4b9e-bd48-c91edEXAMPLE", "TaskArn": "AWS-RestartEC2Instance", "TaskParameters": {}, "Type": "AUTOMATION", "Description": "Restarting EC2 Instance for maintenance", "MaxConcurrency": "1", "MaxErrors": "1", "Name": "My-Automation-Example-Task", "Priority": 0, "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "Targets": [ { "Key": "WindowTargetIds", "Values": [ "da89dcc3-7f9c-481d-ba2b-edcb7EXAMPLE" ] } ] }, { "WindowId": "mw-06cf17cbefEXAMPLE", "WindowTaskId": "1943dee0-0a17-4978-9bf4-3cc2fEXAMPLE", "TaskArn": "AWS-DisableS3BucketPublicReadWrite", "TaskParameters": {}, "Type": "AUTOMATION", "Description": "Automation task to disable read/write access on public S3 buckets", "MaxConcurrency": "10", "MaxErrors": "5", "Name": "My-Disable-S3-Public-Read-Write-Access-Automation-Task", "Priority": 0, "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "Targets": [ { "Key": "WindowTargetIds", "Values": [ "da89dcc3-7f9c-481d-ba2b-edcb7EXAMPLE" ] } ] } ] }示例 2:列出调用 AWS-RunPowerShellScript 命令文档的维护时段的所有任务
以下
describe-maintenance-window-tasks示例列出在调用AWS-RunPowerShellScript命令文档的指定维护时段内的所有任务。aws ssm describe-maintenance-window-tasks \ --window-id"mw-ab12cd34eEXAMPLE"\ --filters"Key=TaskArn,Values=AWS-RunPowerShellScript"输出:
{ "Tasks": [ { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowTaskId": "0d36e6b4-3a4f-411e-adcb-3558eEXAMPLE", "TaskArn": "AWS-RunPowerShellScript", "Type": "RUN_COMMAND", "Targets": [ { "Key": "WindowTargetIds", "Values": [ "da89dcc3-7f9c-481d-ba2b-edcb7EXAMPLE" ] } ], "TaskParameters": {}, "Priority": 1, "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "MaxConcurrency": "1", "MaxErrors": "1", "Name": "MyTask" } ] }示例 3:列出优先级为 3 的维护时段内的所有任务
以下
describe-maintenance-window-tasks示例列出指定维护时段内Priority为3的所有任务。aws ssm describe-maintenance-window-tasks \ --window-id"mw-ab12cd34eEXAMPLE"\ --filters"Key=Priority,Values=3"输出:
{ "Tasks": [ { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowTaskId": "0d36e6b4-3a4f-411e-adcb-3558eEXAMPLE", "TaskArn": "AWS-RunPowerShellScript", "Type": "RUN_COMMAND", "Targets": [ { "Key": "WindowTargetIds", "Values": [ "da89dcc3-7f9c-481d-ba2b-edcb7EXAMPLE" ] } ], "TaskParameters": {}, "Priority": 3, "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "MaxConcurrency": "1", "MaxErrors": "1", "Name": "MyRunCommandTask" }, { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowTaskId": "ee45feff-ad65-4a6c-b478-5cab8EXAMPLE", "TaskArn": "AWS-RestartEC2Instance", "Type": "AUTOMATION", "Targets": [ { "Key": "WindowTargetIds", "Values": [ "da89dcc3-7f9c-481d-ba2b-edcb7EXAMPLE" ] } ], "TaskParameters": {}, "Priority": 3, "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "MaxConcurrency": "10", "MaxErrors": "5", "Name": "My-Automation-Task", "Description": "A description for my Automation task" } ] }示例 4:列出优先级为 1 并使用 Run Command 的维护时段内的所有任务
此
describe-maintenance-window-tasks示例列出指定维护时段内Priority为1并使用Run Command的所有任务。aws ssm describe-maintenance-window-tasks \ --window-id"mw-ab12cd34eEXAMPLE"\ --filters"Key=Priority,Values=1""Key=TaskType,Values=RUN_COMMAND"输出:
{ "Tasks": [ { "WindowId": "mw-ab12cd34eEXAMPLE", "WindowTaskId": "0d36e6b4-3a4f-411e-adcb-3558eEXAMPLE", "TaskArn": "AWS-RunPowerShellScript", "Type": "RUN_COMMAND", "Targets": [ { "Key": "WindowTargetIds", "Values": [ "da89dcc3-7f9c-481d-ba2b-edcb7EXAMPLE" ] } ], "TaskParameters": {}, "Priority": 1, "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "MaxConcurrency": "1", "MaxErrors": "1", "Name": "MyRunCommandTask" } ] }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “查看有关维护窗口的信息 (AWS CLI)”。
-
有关API详细信息,请参阅 “DescribeMaintenanceWindowTasks AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-maintenance-windows-for-target。
- AWS CLI
-
列出与特定实例关联的所有维护时段
以下
describe-maintenance-windows-for-target示例列出了目标或任务与指定实例关联的维护时段。aws ssm describe-maintenance-windows-for-target \ --targetsKey=InstanceIds,Values=i-1234567890EXAMPLE\ --resource-typeINSTANCE输出:
{ "WindowIdentities": [ { "WindowId": "mw-0c5ed765acEXAMPLE", "Name": "My-First-Maintenance-Window" } ] }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “查看有关维护窗口的信息” (AWS CLI)。
-
有关API详细信息,请参阅 “DescribeMaintenanceWindowsForTarget AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-maintenance-windows。
- AWS CLI
-
示例 1:列出所有维护时段
以下
describe-maintenance-windows示例列出了当前区域中您 AWS 账户中的所有维护时段。aws ssm describe-maintenance-windows输出:
{ "WindowIdentities": [ { "WindowId": "mw-0ecb1226ddEXAMPLE", "Name": "MyMaintenanceWindow-1", "Enabled": true, "Duration": 2, "Cutoff": 1, "Schedule": "rate(180 minutes)", "NextExecutionTime": "2020-02-12T23:19:20.596Z" }, { "WindowId": "mw-03eb9db428EXAMPLE", "Name": "MyMaintenanceWindow-2", "Enabled": true, "Duration": 3, "Cutoff": 1, "Schedule": "rate(7 days)", "NextExecutionTime": "2020-02-17T23:22:00.956Z" }, ] }示例 2:列出所有已启用的维护时段
以下
describe-maintenance-windows示例列出所有已启用的维护时段。aws ssm describe-maintenance-windows \ --filters"Key=Enabled,Values=true"示例 3:列出与特定名称匹配的维护时段
此
describe-maintenance-windows示例列出具有指定名称的所有维护时段。aws ssm describe-maintenance-windows \ --filters"Key=Name,Values=MyMaintenanceWindow"有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “查看有关维护窗口的信息” (AWS CLI)。
-
有关API详细信息,请参阅 “DescribeMaintenanceWindows AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-ops-items。
- AWS CLI
-
列出一组 OpsItems
以下
describe-ops-items示例显示了您账户 OpsItems 中所有未结 AWS 账款项的列表。aws ssm describe-ops-items \ --ops-item-filters"Key=Status,Values=Open,Operator=Equal"输出:
{ "OpsItemSummaries": [ { "CreatedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "CreatedTime": "2020-03-14T17:02:46.375000-07:00", "LastModifiedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "LastModifiedTime": "2020-03-14T17:02:46.375000-07:00", "Source": "SSM", "Status": "Open", "OpsItemId": "oi-7cfc5EXAMPLE", "Title": "SSM Maintenance Window execution failed", "OperationalData": { "/aws/dedup": { "Value": "{\"dedupString\":\"SSMOpsItems-SSM-maintenance-window-execution-failed\"}", "Type": "SearchableString" }, "/aws/resources": { "Value": "[{\"arn\":\"arn:aws:ssm:us-east-2:111222333444:maintenancewindow/mw-034093d322EXAMPLE\"}]", "Type": "SearchableString" } }, "Category": "Availability", "Severity": "3" }, { "CreatedBy": "arn:aws:sts::1112223233444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "CreatedTime": "2020-02-26T11:43:15.426000-08:00", "LastModifiedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "LastModifiedTime": "2020-02-26T11:43:15.426000-08:00", "Source": "EC2", "Status": "Open", "OpsItemId": "oi-6f966EXAMPLE", "Title": "EC2 instance stopped", "OperationalData": { "/aws/automations": { "Value": "[ { \"automationType\": \"AWS:SSM:Automation\", \"automationId\": \"AWS-RestartEC2Instance\" } ]", "Type": "SearchableString" }, "/aws/dedup": { "Value": "{\"dedupString\":\"SSMOpsItems-EC2-instance-stopped\"}", "Type": "SearchableString" }, "/aws/resources": { "Value": "[{\"arn\":\"arn:aws:ec2:us-east-2:111222333444:instance/i-0beccfbc02EXAMPLE\"}]", "Type": "SearchableString" } }, "Category": "Availability", "Severity": "3" } ] }有关更多信息,请参阅《S AWS ystems Manager 用户指南》 OpsItems中的 “使用”。
-
有关API详细信息,请参阅 “DescribeOpsItems AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-parameters。
- AWS CLI
-
示例 1:列出所有参数
以下
describe-parameters示例列出了当前 AWS 账户和区域中的所有参数。aws ssm describe-parameters输出:
{ "Parameters": [ { "Name": "MySecureStringParameter", "Type": "SecureString", "KeyId": "alias/aws/ssm", "LastModifiedDate": 1582155479.205, "LastModifiedUser": "arn:aws:sts::111222333444:assumed-role/Admin/Richard-Roe-Managed", "Description": "This is a SecureString parameter", "Version": 2, "Tier": "Advanced", "Policies": [ { "PolicyText": "{\"Type\":\"Expiration\",\"Version\":\"1.0\",\"Attributes\":{\"Timestamp\":\"2020-07-07T22:30:00Z\"}}", "PolicyType": "Expiration", "PolicyStatus": "Pending" }, { "PolicyText": "{\"Type\":\"ExpirationNotification\",\"Version\":\"1.0\",\"Attributes\":{\"Before\":\"12\",\"Unit\":\"Hours\"}}", "PolicyType": "ExpirationNotification", "PolicyStatus": "Pending" } ] }, { "Name": "MyStringListParameter", "Type": "StringList", "LastModifiedDate": 1582154764.222, "LastModifiedUser": "arn:aws:iam::111222333444:user/Mary-Major", "Description": "This is a StringList parameter", "Version": 1, "Tier": "Standard", "Policies": [] }, { "Name": "MyStringParameter", "Type": "String", "LastModifiedDate": 1582154711.976, "LastModifiedUser": "arn:aws:iam::111222333444:user/Alejandro-Rosalez", "Description": "This is a String parameter", "Version": 1, "Tier": "Standard", "Policies": [] }, { "Name": "latestAmi", "Type": "String", "LastModifiedDate": 1580862415.521, "LastModifiedUser": "arn:aws:sts::111222333444:assumed-role/lambda-ssm-role/Automation-UpdateSSM-Param", "Version": 3, "Tier": "Standard", "Policies": [] } ] }示例 2:列出与特定元数据匹配的所有参数
以下
describe-parameters示例列出了与筛选器匹配的所有参数。aws ssm 描述参数——过滤器 “键=类型,值=” StringList
输出:
{ "Parameters": [ { "Name": "MyStringListParameter", "Type": "StringList", "LastModifiedDate": 1582154764.222, "LastModifiedUser": "arn:aws:iam::111222333444:user/Mary-Major", "Description": "This is a StringList parameter", "Version": 1, "Tier": "Standard", "Policies": [] } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的搜索 Systems Manager 参数。
-
有关API详细信息,请参阅 “DescribeParameters AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-patch-baselines。
- AWS CLI
-
示例 1:列出所有补丁基准
以下
describe-patch-baselines示例检索您账户中当前区域所有补丁基准的详细信息。aws ssm describe-patch-baselines输出:
{ "BaselineIdentities": [ { "BaselineName": "AWS-SuseDefaultPatchBaseline", "DefaultBaseline": true, "BaselineDescription": "Default Patch Baseline for Suse Provided by AWS.", "BaselineId": "arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0123fdb36e334a3b2", "OperatingSystem": "SUSE" }, { "BaselineName": "AWS-DefaultPatchBaseline", "DefaultBaseline": false, "BaselineDescription": "Default Patch Baseline Provided by AWS.", "BaselineId": "arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-020d361a05defe4ed", "OperatingSystem": "WINDOWS" }, ... { "BaselineName": "MyWindowsPatchBaseline", "DefaultBaseline": true, "BaselineDescription": "My patch baseline for EC2 instances for Windows Server", "BaselineId": "pb-0ad00e0dd7EXAMPLE", "OperatingSystem": "WINDOWS" } ] }示例 2:列出提供的所有补丁基准 AWS
以下
describe-patch-baselines示例列出了提供的所有补丁基准。 AWSaws ssm describe-patch-baselines \ --filters"Key=OWNER,Values=[AWS]"示例 3:列出您拥有的所有补丁基准
以下
describe-patch-baselines示例列出当前区域在您的账户中创建的所有自定义补丁基准。aws ssm describe-patch-baselines \ --filters"Key=OWNER,Values=[Self]"有关更多信息,请参阅《AWS Systems Manager 用户指南》中的关于预定义和自定义补丁基准。
-
有关API详细信息,请参阅 “DescribePatchBaselines AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-patch-group-state。
- AWS CLI
-
获取补丁组的状态
以下
describe-patch-group-state示例检索补丁组的高级补丁合规性摘要。aws ssm describe-patch-group-state \ --patch-group"Production"输出:
{ "Instances": 21, "InstancesWithCriticalNonCompliantPatches": 1, "InstancesWithFailedPatches": 2, "InstancesWithInstalledOtherPatches": 3, "InstancesWithInstalledPatches": 21, "InstancesWithInstalledPendingRebootPatches": 2, "InstancesWithInstalledRejectedPatches": 1, "InstancesWithMissingPatches": 3, "InstancesWithNotApplicablePatches": 4, "InstancesWithOtherNonCompliantPatches": 1, "InstancesWithSecurityNonCompliantPatches": 1, "InstancesWithUnreportedNotApplicablePatches": 2 }有关更多信息,请参阅 Systems Manager 用户指南中的关于补丁组 < https://docs.aws.amazon.com/systems-manager/ latest/userguide/sysman-patch-patchgroups.html>__ 和了解补丁合规性状态值。AWS
-
有关API详细信息,请参阅 “DescribePatchGroupState AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-patch-groups。
- AWS CLI
-
显示补丁组注册
以下
describe-patch-groups示例列出补丁组注册。aws ssm describe-patch-groups输出:
{ "Mappings": [ { "PatchGroup": "Production", "BaselineIdentity": { "BaselineId": "pb-0123456789abcdef0", "BaselineName": "ProdPatching", "OperatingSystem": "WINDOWS", "BaselineDescription": "Patches for Production", "DefaultBaseline": false } }, { "PatchGroup": "Development", "BaselineIdentity": { "BaselineId": "pb-0713accee01234567", "BaselineName": "DevPatching", "OperatingSystem": "WINDOWS", "BaselineDescription": "Patches for Development", "DefaultBaseline": true } }, ... ] }有关更多信息,请参阅《Systems Manager AWS 用户指南》中的创建补丁组 < https://docs.aws.amazon.com/systems-manager/ latest/userguide/sysman-patch-group-tagging .html>__ 和向补丁基准添加补丁组。
-
有关API详细信息,请参阅 “DescribePatchGroups AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-patch-properties。
- AWS CLI
-
列出亚马逊 Linux 补丁的可用性
以下
describe-patch-properties示例显示了您的 AWS 账户中已提供补丁的 Amazon Linux 产品列表。aws ssm describe-patch-properties \ --operating-systemAMAZON_LINUX\ --propertyPRODUCT输出:
{ "Properties": [ { "Name": "AmazonLinux2012.03" }, { "Name": "AmazonLinux2012.09" }, { "Name": "AmazonLinux2013.03" }, { "Name": "AmazonLinux2013.09" }, { "Name": "AmazonLinux2014.03" }, { "Name": "AmazonLinux2014.09" }, { "Name": "AmazonLinux2015.03" }, { "Name": "AmazonLinux2015.09" }, { "Name": "AmazonLinux2016.03" }, { "Name": "AmazonLinux2016.09" }, { "Name": "AmazonLinux2017.03" }, { "Name": "AmazonLinux2017.09" }, { "Name": "AmazonLinux2018.03" } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的关于补丁基准。
-
有关API详细信息,请参阅 “DescribePatchProperties AWS CLI
命令参考”。
-
以下代码示例演示如何使用 describe-sessions。
- AWS CLI
-
示例 1:列出所有活动的会话管理器会话
此
describe-sessions示例检索指定用户在过去 30 天内最近创建的活动会话(包括已连接和已断开连接的会话)的列表。此命令仅返回使用会话管理器启动的与目标的连接的结果。它没有列出通过其他方式建立的连接,例如远程桌面连接或SSH。aws ssm describe-sessions \ --state"Active"\ --filters"key=Owner,value=arn:aws:sts::123456789012:assumed-role/Administrator/Shirley-Rodriguez"输出:
{ "Sessions": [ { "SessionId": "John-07a16060613c408b5", "Target": "i-1234567890abcdef0", "Status": "Connected", "StartDate": 1550676938.352, "Owner": "arn:aws:sts::123456789012:assumed-role/Administrator/Shirley-Rodriguez", "OutputUrl": {} }, { "SessionId": "John-01edf534b8b56e8eb", "Target": "i-9876543210abcdef0", "Status": "Connected", "StartDate": 1550676842.194, "Owner": "arn:aws:sts::123456789012:assumed-role/Administrator/Shirley-Rodriguez", "OutputUrl": {} } ] }示例 2:列出所有已终止的会话管理器会话
此
describe-sessions示例检索过去 30 天内所有用户最近终止的会话列表。aws ssm describe-sessions \ --state"History"输出:
{ "Sessions": [ { "SessionId": "Mary-Major-0022b1eb2b0d9e3bd", "Target": "i-1234567890abcdef0", "Status": "Terminated", "StartDate": 1550520701.256, "EndDate": 1550521931.563, "Owner": "arn:aws:sts::123456789012:assumed-role/Administrator/Mary-Major" }, { "SessionId": "Jane-Roe-0db53f487931ed9d4", "Target": "i-9876543210abcdef0", "Status": "Terminated", "StartDate": 1550161369.149, "EndDate": 1550162580.329, "Owner": "arn:aws:sts::123456789012:assumed-role/Administrator/Jane-Roe" }, ... ], "NextToken": "--token string truncated--" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “查看会话历史记录”。
-
有关API详细信息,请参阅 “DescribeSessions AWS CLI
命令参考”。
-
以下代码示例演示如何使用 disassociate-ops-item-related-item。
- AWS CLI
-
删除相关项目关联
以下
disassociate-ops-item-related-item示例删除了与相关项目之间的关联。 OpsItemaws ssm disassociate-ops-item-related-item \ --ops-item-id"oi-f99f2EXAMPLE"\ --association-id"e2036148-cccb-490e-ac2a-390e5EXAMPLE"此命令不生成任何输出。
有关更多信息,请参阅 S AWS ystem s Manager 用户指南 OpsCenter中的处理事件管理器事件。
-
有关API详细信息,请参阅 “DisassociateOpsItemRelatedItem AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-automation-execution。
- AWS CLI
-
显示有关自动化执行的详细信息
以下
get-automation-execution示例显示有关自动化执行的详细信息。aws ssm get-automation-execution \ --automation-execution-id73c8eef8-f4ee-4a05-820c-e354fEXAMPLE输出:
{ "AutomationExecution": { "AutomationExecutionId": "73c8eef8-f4ee-4a05-820c-e354fEXAMPLE", "DocumentName": "AWS-StartEC2Instance", "DocumentVersion": "1", "ExecutionStartTime": 1583737233.748, "ExecutionEndTime": 1583737234.719, "AutomationExecutionStatus": "Success", "StepExecutions": [ { "StepName": "startInstances", "Action": "aws:changeInstanceState", "ExecutionStartTime": 1583737234.134, "ExecutionEndTime": 1583737234.672, "StepStatus": "Success", "Inputs": { "DesiredState": "\"running\"", "InstanceIds": "[\"i-0cb99161f6EXAMPLE\"]" }, "Outputs": { "InstanceStates": [ "running" ] }, "StepExecutionId": "95e70479-cf20-4d80-8018-7e4e2EXAMPLE", "OverriddenParameters": {} } ], "StepExecutionsTruncated": false, "Parameters": { "AutomationAssumeRole": [ "" ], "InstanceId": [ "i-0cb99161f6EXAMPLE" ] }, "Outputs": {}, "Mode": "Auto", "ExecutedBy": "arn:aws:sts::29884EXAMPLE:assumed-role/mw_service_role/OrchestrationService", "Targets": [], "ResolvedTargets": { "ParameterValues": [], "Truncated": false } } }有关更多信息,请参阅 S AWS ystems Manager 用户指南中的演练:修补 Linux AMI (AWS CLI)。
-
有关API详细信息,请参阅 “GetAutomationExecution AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-calendar-state。
- AWS CLI
-
示例 1:获取更改日历的当前状态
此
get-calendar-state示例返回日历在当前时间的状态。由于该示例未指定时间,因此会报告日历的当前状态。aws ssm get-calendar-state \ --calendar-names"MyCalendar"输出:
{ "State": "OPEN", "AtTime": "2020-02-19T22:28:51Z", "NextTransitionTime": "2020-02-24T21:15:19Z" }示例 2:获取更改日历在指定时间的状态
此
get-calendar-state示例返回日历在指定时间的状态。aws ssm get-calendar-state \ --calendar-names"MyCalendar"\ --at-time"2020-07-19T21:15:19Z"输出:
{ "State": "CLOSED", "AtTime": "2020-07-19T21:15:19Z" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “获取变更日历的状态”。
-
有关API详细信息,请参阅 “GetCalendarState AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-command-invocation。
- AWS CLI
-
显示命令调用的详细信息
以下
get-command-invocation示例列出对指定实例上指定命令的所有调用。aws ssm get-command-invocation \ --command-id"ef7fdfd8-9b57-4151-a15c-db9a12345678"\ --instance-id"i-1234567890abcdef0"输出:
{ "CommandId": "ef7fdfd8-9b57-4151-a15c-db9a12345678", "InstanceId": "i-1234567890abcdef0", "Comment": "b48291dd-ba76-43e0-b9df-13e11ddaac26:6960febb-2907-4b59-8e1a-d6ce8EXAMPLE", "DocumentName": "AWS-UpdateSSMAgent", "DocumentVersion": "", "PluginName": "aws:updateSsmAgent", "ResponseCode": 0, "ExecutionStartDateTime": "2020-02-19T18:18:03.419Z", "ExecutionElapsedTime": "PT0.091S", "ExecutionEndDateTime": "2020-02-19T18:18:03.419Z", "Status": "Success", "StatusDetails": "Success", "StandardOutputContent": "Updating amazon-ssm-agent from 2.3.842.0 to latest\nSuccessfully downloaded https://s3.us-east-2.amazonaws.com/amazon-ssm-us-east-2/ssm-agent-manifest.json\namazon-ssm-agent 2.3.842.0 has already been installed, update skipped\n", "StandardOutputUrl": "", "StandardErrorContent": "", "StandardErrorUrl": "", "CloudWatchOutputConfig": { "CloudWatchLogGroupName": "", "CloudWatchOutputEnabled": false } }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的了解命令状态。
-
有关API详细信息,请参阅 “GetCommandInvocation AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-connection-status。
- AWS CLI
-
显示托管式实例的连接状态
此
get-connection-status示例返回指定托管式实例的连接状态。aws ssm get-connection-status \ --targeti-1234567890abcdef0输出:
{ "Target": "i-1234567890abcdef0", "Status": "connected" }-
有关API详细信息,请参阅 “GetConnectionStatus AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-default-patch-baseline。
- AWS CLI
-
示例 1:显示默认 Windows 补丁基准
以下
get-default-patch-baseline示例检索 Windows Server 默认补丁基准的详细信息。aws ssm get-default-patch-baseline输出:
{ "BaselineId": "pb-0713accee01612345", "OperatingSystem": "WINDOWS" }示例 2:显示 Amazon Linux 的默认补丁基准
以下
get-default-patch-baseline示例检索 Amazon Linux 默认补丁基准的详细信息。aws ssm get-default-patch-baseline \ --operating-systemAMAZON_LINUX输出:
{ "BaselineId": "pb-047c6eb9c8fc12345", "OperatingSystem": "AMAZON_LINUX" }有关更多信息,请参阅《Systems Manager 用户指南》中的 “关于预定义和自定义补丁基准 < https://docs.aws.amazon.com/systems-manager/ latest/userguide/sysman-patch-baselines.html>__” 和 “将现有补丁基准设置为默认补丁基准”。AWS
-
有关API详细信息,请参阅 “GetDefaultPatchBaseline AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-deployable-patch-snapshot-for-instance。
- AWS CLI
-
检索实例使用的补丁基准的当前快照
以下
get-deployable-patch-snapshot-for-instance示例检索实例使用的指定补丁基准当前快照的详细信息。此命令必须使用实例凭证从实例运行。为确保其使用实例凭证,请运行aws configure并仅指定您的实例的区域。将Access Key和Secret Key字段留空。提示:使用
uuidgen生成snapshot-id。aws ssm get-deployable-patch-snapshot-for-instance \ --instance-id"i-1234567890abcdef0"\ --snapshot-id"521c3536-930c-4aa9-950e-01234567abcd"输出:
{ "InstanceId": "i-1234567890abcdef0", "SnapshotId": "521c3536-930c-4aa9-950e-01234567abcd", "Product": "AmazonLinux2018.03", "SnapshotDownloadUrl": "https://patch-baseline-snapshot-us-east-1.s3.amazonaws.com/ed85194ef27214f5984f28b4d664d14f7313568fea7d4b6ac6c10ad1f729d7e7-773304212436/AMAZON_LINUX-521c3536-930c-4aa9-950e-01234567abcd?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Date=20190215T164031Z&X-Amz-SignedHeaders=host&X-Amz-Expires=86400&X-Amz-Credential=AKIAJ5C56P35AEBRX2QQ%2F20190215%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Signature=efaaaf6e3878e77f48a6697e015efdbda9c426b09c5822055075c062f6ad2149" }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的参数名称:快照 ID。
-
有关API详细信息,请参阅 “GetDeployablePatchSnapshotForInstance AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-document。
- AWS CLI
-
获取文档内容
以下
get-document示例显示 Systems Manager 文档的内容。aws ssm get-document \ --name"AWS-RunShellScript"输出:
{ "Name": "AWS-RunShellScript", "DocumentVersion": "1", "Status": "Active", "Content": "{\n \"schemaVersion\":\"1.2\",\n \"description\":\"Run a shell script or specify the commands to run.\",\n \"parameters\":{\n \"commands\":{\n \"type\":\"StringList\",\n \"description\":\"(Required) Specify a shell script or a command to run.\",\n \"minItems\":1,\n \"displayType\":\"textarea\"\n },\n \"workingDirectory\":{\n \"type\":\"String\",\n \"default\":\"\",\n \"description\":\"(Optional) The path to the working directory on your instance.\",\n \"maxChars\":4096\n },\n \"executionTimeout\":{\n \"type\":\"String\",\n \"default\":\"3600\",\n \"description\":\"(Optional) The time in seconds for a command to complete before it is considered to have failed. Default is 3600 (1 hour). Maximum is 172800 (48 hours).\",\n \"allowedPattern\":\"([1-9][0-9]{0,4})|(1[0-6][0-9]{4})|(17[0-1][0-9]{3})|(172[0-7][0-9]{2})|(172800)\"\n }\n },\n \"runtimeConfig\":{\n \"aws:runShellScript\":{\n \"properties\":[\n {\n \"id\":\"0.aws:runShellScript\",\n \"runCommand\":\"{{ commands }}\",\n \"workingDirectory\":\"{{ workingDirectory }}\",\n \"timeoutSeconds\":\"{{ executionTimeout }}\"\n }\n ]\n }\n }\n}\n", "DocumentType": "Command", "DocumentFormat": "JSON" }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的 AWS Systems Manager 文档。
-
有关API详细信息,请参阅 “GetDocument AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-inventory-schema。
- AWS CLI
-
查看您的清单架构
此示例返回账户清单类型名称列表。
命令:
aws ssm get-inventory-schema输出:
{ "Schemas": [ { "TypeName": "AWS:AWSComponent", "Version": "1.0", "Attributes": [ { "Name": "Name", "DataType": "STRING" }, { "Name": "ApplicationType", "DataType": "STRING" }, { "Name": "Publisher", "DataType": "STRING" }, { "Name": "Version", "DataType": "STRING" }, { "Name": "InstalledTime", "DataType": "STRING" }, { "Name": "Architecture", "DataType": "STRING" }, { "Name": "URL", "DataType": "STRING" } ] }, ... ], "NextToken": "--token string truncated--" }查看特定清单类型的清单架构
此示例返回 AWS:AWS组件清单类型的清单架构。
命令:
aws ssm get-inventory-schema --type-name"AWS:AWSComponent"-
有关API详细信息,请参阅 “GetInventorySchema AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-inventory。
- AWS CLI
-
查看您的清单
此示例获取清单的自定义元数据。
命令:
aws ssm get-inventory输出:
{ "Entities": [ { "Data": { "AWS:InstanceInformation": { "Content": [ { "ComputerName": "ip-172-31-44-222.us-west-2.compute.internal", "InstanceId": "i-0cb2b964d3e14fd9f", "IpAddress": "172.31.44.222", "AgentType": "amazon-ssm-agent", "ResourceType": "EC2Instance", "AgentVersion": "2.0.672.0", "PlatformVersion": "2016.09", "PlatformName": "Amazon Linux AMI", "PlatformType": "Linux" } ], "TypeName": "AWS:InstanceInformation", "SchemaVersion": "1.0", "CaptureTime": "2017-02-20T18:03:58Z" } }, "Id": "i-0cb2b964d3e14fd9f" } ] }-
有关API详细信息,请参阅 “GetInventory AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-maintenance-window-execution-task-invocation。
- AWS CLI
-
获取有关维护时段任务调用的信息
以下
get-maintenance-window-execution-task-invocation示例列出了有关指定任务调用的信息,该任务调用是指定维护时段执行的一部分。aws ssm get-maintenance-window-execution-task-invocation \ --window-execution-id"bc494bfa-e63b-49f6-8ad1-aa9f2EXAMPLE"\ --task-id"96f2ad59-97e3-461d-a63d-40c8aEXAMPLE"\ --invocation-id"a5273e2c-d2c6-4880-b3e1-5e550EXAMPLE"输出:
{ "Status": "SUCCESS", "Parameters": "{\"comment\":\"\",\"documentName\":\"AWS-RunPowerShellScript\",\"instanceIds\":[\"i-1234567890EXAMPLE\"],\"maxConcurrency\":\"1\",\"maxErrors\":\"1\",\"parameters\":{\"executionTimeout\":[\"3600\"],\"workingDirectory\":[\"\"],\"commands\":[\"echo Hello\"]},\"timeoutSeconds\":600}", "ExecutionId": "03b6baa0-5460-4e15-83f2-ea685EXAMPLE", "InvocationId": "a5273e2c-d2c6-4880-b3e1-5e550EXAMPLE", "StartTime": 1549998326.421, "TaskType": "RUN_COMMAND", "EndTime": 1550001931.784, "WindowExecutionId": "bc494bfa-e63b-49f6-8ad1-aa9f2EXAMPLE", "StatusDetails": "Failed", "TaskExecutionId": "96f2ad59-97e3-461d-a63d-40c8aEXAMPLE" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “查看有关任务和任务执行的信息” (AWS CLI)。
-
有关API详细信息,请参阅 “GetMaintenanceWindowExecutionTaskInvocation AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-maintenance-window-execution-task。
- AWS CLI
-
获取有关维护时段任务执行的信息
以下
get-maintenance-window-execution-task示例列出有关作为指定维护时段执行组成部分的任务的信息。aws ssm get-maintenance-window-execution-task \ --window-execution-id"518d5565-5969-4cca-8f0e-da3b2EXAMPLE"\ --task-id"ac0c6ae1-daa3-4a89-832e-d3845EXAMPLE"输出:
{ "WindowExecutionId": "518d5565-5969-4cca-8f0e-da3b2EXAMPLE", "TaskExecutionId": "ac0c6ae1-daa3-4a89-832e-d3845EXAMPLE", "TaskArn": "AWS-RunPatchBaseline", "ServiceRole": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "Type": "RUN_COMMAND", "TaskParameters": [ { "BaselineOverride": { "Values": [ "" ] }, "InstallOverrideList": { "Values": [ "" ] }, "Operation": { "Values": [ "Scan" ] }, "RebootOption": { "Values": [ "RebootIfNeeded" ] }, "SnapshotId": { "Values": [ "{{ aws:ORCHESTRATION_ID }}" ] }, "aws:InstanceId": { "Values": [ "i-02573cafcfEXAMPLE", "i-0471e04240EXAMPLE", "i-07782c72faEXAMPLE" ] } } ], "Priority": 1, "MaxConcurrency": "1", "MaxErrors": "3", "Status": "SUCCESS", "StartTime": "2021-08-04T11:45:35.088000-07:00", "EndTime": "2021-08-04T11:53:09.079000-07:00" }有关更多信息,请参阅 S AWS ystems Manager 用户指南中的查看有关任务和任务执行的信息 (AWS CLI)。
-
有关API详细信息,请参阅 “GetMaintenanceWindowExecutionTask AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-maintenance-window-execution。
- AWS CLI
-
获取有关维护时段任务执行的信息
以下
get-maintenance-window-execution示例列出有关指定维护时段执行组成部分来执行的任务的信息。aws ssm get-maintenance-window-execution \ --window-execution-id"518d5565-5969-4cca-8f0e-da3b2EXAMPLE"输出:
{ "Status": "SUCCESS", "TaskIds": [ "ac0c6ae1-daa3-4a89-832e-d3845EXAMPLE" ], "StartTime": 1487692834.595, "EndTime": 1487692835.051, "WindowExecutionId": "518d5565-5969-4cca-8f0e-da3b2EXAMPLE", }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “查看有关任务和任务执行的信息” (AWS CLI)。
-
有关API详细信息,请参阅 “GetMaintenanceWindowExecution AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-maintenance-window-task。
- AWS CLI
-
获取有关维护时段任务的信息
以下
get-maintenance-window-task示例检索有关指定维护时段任务的详细信息。aws ssm get-maintenance-window-task \ --window-idmw-0c5ed765acEXAMPLE\ --window-task-id0e842a8d-2d44-4886-bb62-af8dcEXAMPLE输出:
{ "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "MaxErrors": "1", "TaskArn": "AWS-RunPowerShellScript", "MaxConcurrency": "1", "WindowTaskId": "0e842a8d-2d44-4886-bb62-af8dcEXAMPLE", "TaskParameters": {}, "Priority": 1, "TaskInvocationParameters": { "RunCommand": { "Comment": "", "TimeoutSeconds": 600, "Parameters": { "commands": [ "echo Hello" ], "executionTimeout": [ "3600" ], "workingDirectory": [ "" ] } } }, "WindowId": "mw-0c5ed765acEXAMPLE", "TaskType": "RUN_COMMAND", "Targets": [ { "Values": [ "84c818da-b619-4d3d-9651-946f3EXAMPLE" ], "Key": "WindowTargetIds" } ], "Name": "ExampleTask" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “查看有关维护窗口的信息” (AWS CLI)。
-
有关API详细信息,请参阅 “GetMaintenanceWindowTask AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-maintenance-window。
- AWS CLI
-
查看有关维护时段的信息
以下
get-maintenance-window示例将检索指定维护时段的详细信息。aws ssm get-maintenance-window \ --window-id"mw-03eb9db428EXAMPLE"输出:
{ "AllowUnassociatedTargets": true, "CreatedDate": 1515006912.957, "Cutoff": 1, "Duration": 6, "Enabled": true, "ModifiedDate": 2020-01-01T10:04:04.099Z, "Name": "My-Maintenance-Window", "Schedule": "rate(3 days)", "WindowId": "mw-03eb9db428EXAMPLE", "NextExecutionTime": "2020-02-25T00:08:15.099Z" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “查看有关维护窗口的信息 (AWS CLI)”。
-
有关API详细信息,请参阅 “GetMaintenanceWindow AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-ops-item。
- AWS CLI
-
查看有关某人的信息 OpsItem
以下
get-ops-item示例显示了有关指定项的详细信息 OpsItem。aws ssm get-ops-item \ --ops-item-idoi-0b725EXAMPLE输出:
{ "OpsItem": { "CreatedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "CreatedTime": "2019-12-04T15:52:16.793000-08:00", "Description": "CloudWatch Event Rule SSMOpsItems-EC2-instance-terminated was triggered. Your EC2 instance has terminated. See below for more details.", "LastModifiedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "LastModifiedTime": "2019-12-04T15:52:16.793000-08:00", "Notifications": [], "RelatedOpsItems": [], "Status": "Open", "OpsItemId": "oi-0b725EXAMPLE", "Title": "EC2 instance terminated", "Source": "EC2", "OperationalData": { "/aws/automations": { "Value": "[ { \"automationType\": \"AWS:SSM:Automation\", \"automationId\": \"AWS-CreateManagedWindowsInstance\" }, { \"automationType\": \"AWS:SSM:Automation\", \"automationId\": \"AWS-CreateManagedLinuxInstance\" } ]", "Type": "SearchableString" }, "/aws/dedup": { "Value": "{\"dedupString\":\"SSMOpsItems-EC2-instance-terminated\"}", "Type": "SearchableString" }, "/aws/resources": { "Value": "[{\"arn\":\"arn:aws:ec2:us-east-2:111222333444:instance/i-05adec7e97EXAMPLE\"}]", "Type": "SearchableString" }, "event-time": { "Value": "2019-12-04T23:52:16Z", "Type": "String" }, "instance-state": { "Value": "terminated", "Type": "String" } }, "Category": "Availability", "Severity": "4" } }有关更多信息,请参阅《S AWS ystems Manager 用户指南》 OpsItems中的 “使用”。
-
有关API详细信息,请参阅 “GetOpsItem AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-ops-summary。
- AWS CLI
-
查看所有内容的摘要 OpsItems
以下
get-ops-summary示例显示了您 AWS 账户 OpsItems 中所有内容的摘要。aws ssm get-ops-summary输出:
{ "Entities": [ { "Id": "oi-4309fEXAMPLE", "Data": { "AWS:OpsItem": { "CaptureTime": "2020-02-26T18:58:32.918Z", "Content": [ { "AccountId": "111222333444", "Category": "Availability", "CreatedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "CreatedTime": "2020-02-26T19:10:44.149Z", "Description": "CloudWatch Event Rule SSMOpsItems-EC2-instance-terminated was triggered. Your EC2 instance has terminated. See below for more details.", "LastModifiedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "LastModifiedTime": "2020-02-26T19:10:44.149Z", "Notifications": "", "OperationalData": "{\"/aws/automations\":{\"type\":\"SearchableString\",\"value\":\"[ { \\\"automationType\\\": \\\"AWS:SSM:Automation\\\", \\\"automationId\\\": \\\"AWS-CreateManagedWindowsInstance\\\" }, { \\\"automationType\\\": \\\"AWS:SSM:Automation\\\", \\\"automationId\\\": \\\"AWS-CreateManagedLinuxInstance\\\" } ]\"},\"/aws/resources\":{\"type\":\"SearchableString\",\"value\":\"[{\\\"arn\\\":\\\"arn:aws:ec2:us-east-2:111222333444:instance/i-0acbd0800fEXAMPLE\\\"}]\"},\"/aws/dedup\":{\"type\":\"SearchableString\",\"value\":\"{\\\"dedupString\\\":\\\"SSMOpsItems-EC2-instance-terminated\\\"}\"}}", "OpsItemId": "oi-4309fEXAMPLE", "RelatedItems": "", "Severity": "3", "Source": "EC2", "Status": "Open", "Title": "EC2 instance terminated" } ] } } }, { "Id": "oi-bb2a0e6a4541", "Data": { "AWS:OpsItem": { "CaptureTime": "2019-11-26T19:20:06.161Z", "Content": [ { "AccountId": "111222333444", "Category": "Availability", "CreatedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "CreatedTime": "2019-11-26T20:00:07.237Z", "Description": "CloudWatch Event Rule SSMOpsItems-SSM-maintenance-window-execution-failed was triggered. Your SSM Maintenance Window execution has failed. See below for more details.", "LastModifiedBy": "arn:aws:sts::111222333444:assumed-role/OpsItem-CWE-Role/fbf77cbe264a33509569f23e4EXAMPLE", "LastModifiedTime": "2019-11-26T20:00:07.237Z", "Notifications": "", "OperationalData": "{\"/aws/resources\":{\"type\":\"SearchableString\",\"value\":\"[{\\\"arn\\\":\\\"arn:aws:ssm:us-east-2:111222333444:maintenancewindow/mw-0e83ba440dEXAMPLE\\\"}]\"},\"/aws/dedup\":{\"type\":\"SearchableString\",\"value\":\"{\\\"dedupString\\\":\\\"SSMOpsItems-SSM-maintenance-window-execution-failed\\\"}\"}}", "OpsItemId": "oi-bb2a0EXAMPLE", "RelatedItems": "", "Severity": "3", "Source": "SSM", "Status": "Open", "Title": "SSM Maintenance Window execution failed" } ] } } } ] }有关更多信息,请参阅《S AWS ystems Manager 用户指南》 OpsItems中的 “使用”。
-
有关API详细信息,请参阅 “GetOpsSummary AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-parameter-history。
- AWS CLI
-
获取参数的值历史记录
以下
get-parameter-history示例列出指定参数的更改历史记录,包括其值。aws ssm get-parameter-history \ --name"MyStringParameter"输出:
{ "Parameters": [ { "Name": "MyStringParameter", "Type": "String", "LastModifiedDate": 1582154711.976, "LastModifiedUser": "arn:aws:iam::111222333444:user/Mary-Major", "Description": "This is the first version of my String parameter", "Value": "Veni", "Version": 1, "Labels": [], "Tier": "Standard", "Policies": [] }, { "Name": "MyStringParameter", "Type": "String", "LastModifiedDate": 1582156093.471, "LastModifiedUser": "arn:aws:iam::111222333444:user/Mary-Major", "Description": "This is the second version of my String parameter", "Value": "Vidi", "Version": 2, "Labels": [], "Tier": "Standard", "Policies": [] }, { "Name": "MyStringParameter", "Type": "String", "LastModifiedDate": 1582156117.545, "LastModifiedUser": "arn:aws:iam::111222333444:user/Mary-Major", "Description": "This is the third version of my String parameter", "Value": "Vici", "Version": 3, "Labels": [], "Tier": "Standard", "Policies": [] } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用参数版本。
-
有关API详细信息,请参阅 “GetParameterHistory AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-parameter。
- AWS CLI
-
示例 1:显示参数的值
以下
get-parameter示例列出指定单个参数的值。aws ssm get-parameter \ --name"MyStringParameter"输出:
{ "Parameter": { "Name": "MyStringParameter", "Type": "String", "Value": "Veni", "Version": 1, "LastModifiedDate": 1530018761.888, "ARN": "arn:aws:ssm:us-east-2:111222333444:parameter/MyStringParameter" "DataType": "text" } }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用 Parameter Store。
示例 2:解密参数的值 SecureString
以下
get-parameter示例解密指定SecureString参数的值。aws ssm get-parameter \ --name"MySecureStringParameter"\ --with-decryption输出:
{ "Parameter": { "Name": "MySecureStringParameter", "Type": "SecureString", "Value": "16679b88-310b-4895-a943-e0764EXAMPLE", "Version": 2, "LastModifiedDate": 1582155479.205, "ARN": "arn:aws:ssm:us-east-2:111222333444:parameter/MySecureStringParameter" "DataType": "text" } }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用 Parameter Store。
示例 3:使用标签显示参数的值
以下
get-parameter示例列出具有指定标签的指定单个参数的值。aws ssm get-parameter \ --name"MyParameter:label"输出:
{ "Parameter": { "Name": "MyParameter", "Type": "String", "Value": "parameter version 2", "Version": 2, "Selector": ":label", "LastModifiedDate": "2021-07-12T09:49:15.865000-07:00", "ARN": "arn:aws:ssm:us-west-2:786973925828:parameter/MyParameter", "DataType": "text" } }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用参数标签。
示例 4:使用版本显示参数的值
以下
get-parameter示例列出指定单个参数版本的值。aws ssm get-parameter \ --name"MyParameter:2"输出:
{ "Parameter": { "Name": "MyParameter", "Type": "String", "Value": "parameter version 2", "Version": 2, "Selector": ":2", "LastModifiedDate": "2021-07-12T09:49:15.865000-07:00", "ARN": "arn:aws:ssm:us-west-2:786973925828:parameter/MyParameter", "DataType": "text" } }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用参数标签。
-
有关API详细信息,请参阅 “GetParameter AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-parameters-by-path。
- AWS CLI
-
列出特定路径中的参数
以下
get-parameters-by-path示例列出了指定层次结构中的参数。aws ssm get-parameters-by-path \ --path"/site/newyork/department/"输出:
{ "Parameters": [ { "Name": "/site/newyork/department/marketing", "Type": "String", "Value": "Floor 2", "Version": 1, "LastModifiedDate": 1530018761.888, "ARN": "arn:aws:ssm:us-east-1:111222333444:parameter/site/newyork/department/marketing" }, { "Name": "/site/newyork/department/infotech", "Type": "String", "Value": "Floor 3", "Version": 1, "LastModifiedDate": 1530018823.429, "ARN": "arn:aws:ssm:us-east-1:111222333444:parameter/site/newyork/department/infotech" }, ... ] }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的使用参数层次结构。
-
有关API详细信息,请参阅 “GetParametersByPath AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-parameters。
- AWS CLI
-
示例 1:列出参数的值
以下
get-parameters示例列出三个指定参数的值。aws ssm get-parameters \ --names"MyStringParameter""MyStringListParameter""MyInvalidParameterName"输出:
{ "Parameters": [ { "Name": "MyStringListParameter", "Type": "StringList", "Value": "alpha,beta,gamma", "Version": 1, "LastModifiedDate": 1582154764.222, "ARN": "arn:aws:ssm:us-east-2:111222333444:parameter/MyStringListParameter" "DataType": "text" }, { "Name": "MyStringParameter", "Type": "String", "Value": "Vici", "Version": 3, "LastModifiedDate": 1582156117.545, "ARN": "arn:aws:ssm:us-east-2:111222333444:parameter/MyStringParameter" "DataType": "text" } ], "InvalidParameters": [ "MyInvalidParameterName" ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用 Parameter Store。
示例 2:使用 ``--query`` 选项列出多个参数的名称和值
以下
get-parameters示例列出指定参数的名称和值。aws ssm get-parameters \ --namesMyStringParameterMyStringListParameter\ --query"Parameters[*].{Name:Name,Value:Value}"输出:
[ { "Name": "MyStringListParameter", "Value": "alpha,beta,gamma" }, { "Name": "MyStringParameter", "Value": "Vidi" } ]有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用 Parameter Store。
示例 3:使用标签显示参数的值
以下
get-parameter示例列出具有指定标签的指定单个参数的值。aws ssm get-parameter \ --name"MyParameter:label"输出:
{ "Parameters": [ { "Name": "MyLabelParameter", "Type": "String", "Value": "parameter by label", "Version": 1, "Selector": ":label", "LastModifiedDate": "2021-07-12T09:49:15.865000-07:00", "ARN": "arn:aws:ssm:us-west-2:786973925828:parameter/MyParameter", "DataType": "text" }, { "Name": "MyVersionParameter", "Type": "String", "Value": "parameter by version", "Version": 2, "Selector": ":2", "LastModifiedDate": "2021-03-24T16:20:28.236000-07:00", "ARN": "arn:aws:ssm:us-west-2:786973925828:parameter/unlabel-param", "DataType": "text" } ], "InvalidParameters": [] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用参数标签。
-
有关API详细信息,请参阅 “GetParameters AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-patch-baseline-for-patch-group。
- AWS CLI
-
显示补丁组的补丁基准
以下
get-patch-baseline-for-patch-group示例检索有关指定补丁组补丁基准的详细信息。aws ssm get-patch-baseline-for-patch-group \ --patch-group"DEV"输出:
{ "PatchGroup": "DEV", "BaselineId": "pb-0123456789abcdef0", "OperatingSystem": "WINDOWS" }有关更多信息,请参阅《Systems Manager AWS 用户指南》中的创建补丁组 < https://docs.aws.amazon.com/systems-manager/ latest/userguide/sysman-patch-group-tagging .html>__ 和向补丁基准添加补丁组。
-
有关API详细信息,请参阅 “GetPatchBaselineForPatchGroup AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-patch-baseline。
- AWS CLI
-
显示补丁基准
以下
get-patch-baseline示例检索指定补丁基准的详细信息。aws ssm get-patch-baseline \ --baseline-id"pb-0123456789abcdef0"输出:
{ "BaselineId": "pb-0123456789abcdef0", "Name": "WindowsPatching", "OperatingSystem": "WINDOWS", "GlobalFilters": { "PatchFilters": [] }, "ApprovalRules": { "PatchRules": [ { "PatchFilterGroup": { "PatchFilters": [ { "Key": "PRODUCT", "Values": [ "WindowsServer2016" ] } ] }, "ComplianceLevel": "CRITICAL", "ApproveAfterDays": 0, "EnableNonSecurity": false } ] }, "ApprovedPatches": [], "ApprovedPatchesComplianceLevel": "UNSPECIFIED", "ApprovedPatchesEnableNonSecurity": false, "RejectedPatches": [], "RejectedPatchesAction": "ALLOW_AS_DEPENDENCY", "PatchGroups": [ "QA", "DEV" ], "CreatedDate": 1550244180.465, "ModifiedDate": 1550244180.465, "Description": "Patches for Windows Servers", "Sources": [] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的关于补丁基准。
-
有关API详细信息,请参阅 “GetPatchBaseline AWS CLI
命令参考”。
-
以下代码示例演示如何使用 get-service-setting。
- AWS CLI
-
检索参数存储吞吐量的服务设置
以下
get-service-setting示例检索指定区域中参数存储吞吐量的当前服务设置。aws ssm get-service-setting \ --setting-idarn:aws:ssm:us-east-1:123456789012:servicesetting/ssm/parameter-store/high-throughput-enabled输出:
{ "ServiceSetting": { "SettingId": "/ssm/parameter-store/high-throughput-enabled", "SettingValue": "false", "LastModifiedDate": 1555532818.578, "LastModifiedUser": "System", "ARN": "arn:aws:ssm:us-east-1:123456789012:servicesetting/ssm/parameter-store/high-throughput-enabled", "Status": "Default" } }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “提高参数存储吞吐量”。
-
有关API详细信息,请参阅 “GetServiceSetting AWS CLI
命令参考”。
-
以下代码示例演示如何使用 label-parameter-version。
- AWS CLI
-
示例 1:为最新版本的参数添加标签
以下
label-parameter-version示例为指定参数的最新版本添加标签。aws ssm label-parameter-version \ --name"MyStringParameter"\ --labels"ProductionReady"输出:
{ "InvalidLabels": [], "ParameterVersion": 3 }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用参数标签。
示例 2:为参数的特定版本添加标签
以下
label-parameter-version示例为参数的指定版本添加标签。aws ssm label-parameter-version \ --name"MyStringParameter"\ --labels"ProductionReady"\ --parameter-version"2"--labels"DevelopmentReady"有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用参数标签。
-
有关API详细信息,请参阅 “LabelParameterVersion AWS CLI
命令参考”。
-
以下代码示例演示如何使用 list-association-versions。
- AWS CLI
-
列出特定关联 ID 的关联的所有版本
以下
list-association-versions示例列出指定关联的所有版本。aws ssm list-association-versions \ --association-id"8dfe3659-4309-493a-8755-0123456789ab"输出:
{ "AssociationVersions": [ { "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "CreatedDate": 1550505536.726, "Name": "AWS-UpdateSSMAgent", "Parameters": { "allowDowngrade": [ "false" ], "version": [ "" ] }, "Targets": [ { "Key": "InstanceIds", "Values": [ "i-1234567890abcdef0" ] } ], "ScheduleExpression": "cron(0 00 12 ? * SUN *)", "AssociationName": "UpdateSSMAgent" } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的在 Systems Manager 中使用关联。
-
有关API详细信息,请参阅 “ListAssociationVersions AWS CLI
命令参考”。
-
以下代码示例演示如何使用 list-associations。
- AWS CLI
-
示例 1:列出特定实例的关联
以下列表关联示例列出了与 U 的所有关联。 AssociationName pdateSSMAgent
aws ssm list-associations/--association-filter-list"key=AssociationName,value=UpdateSSMAgent"输出:
{ "Associations": [ { "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-1234567890abcdef0", "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "Targets": [ { "Key": "InstanceIds", "Values": [ "i-016648b75dd622dab" ] } ], "Overview": { "Status": "Pending", "DetailedStatus": "Associated", "AssociationStatusAggregatedCount": { "Pending": 1 } }, "ScheduleExpression": "cron(0 00 12 ? * SUN *)", "AssociationName": "UpdateSSMAgent" } ] }有关更多信息,请参阅《Systems Manager 用户指南》中的在 Systems Manager 中使用关联。
示例 2:列出特定文档的关联
以下 list-associations 示例列出指定文档的所有关联。
aws ssm list-associations/--association-filter-list"key=Name,value=AWS-UpdateSSMAgent"输出:
{ "Associations": [ { "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-1234567890abcdef0", "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "AssociationVersion": "1", "Targets": [ { "Key": "InstanceIds", "Values": [ "i-1234567890abcdef0" ] } ], "LastExecutionDate": 1550505828.548, "Overview": { "Status": "Success", "DetailedStatus": "Success", "AssociationStatusAggregatedCount": { "Success": 1 } }, "ScheduleExpression": "cron(0 00 12 ? * SUN *)", "AssociationName": "UpdateSSMAgent" }, { "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-9876543210abcdef0", "AssociationId": "fbc07ef7-b985-4684-b82b-0123456789ab", "AssociationVersion": "1", "Targets": [ { "Key": "InstanceIds", "Values": [ "i-9876543210abcdef0" ] } ], "LastExecutionDate": 1550507531.0, "Overview": { "Status": "Success", "AssociationStatusAggregatedCount": { "Success": 1 } } } ] }有关更多信息,请参阅《 Systems Manager 用户指南》中的在 Systems Manager 中使用关联。
-
有关API详细信息,请参阅 “ListAssociations AWS CLI
命令参考”。
-
以下代码示例演示如何使用 list-command-invocations。
- AWS CLI
-
列出特定命令的调用
以下
list-command-invocations示例列出命令的所有调用。aws ssm list-command-invocations \ --command-id"ef7fdfd8-9b57-4151-a15c-db9a12345678"\ --details输出:
{ "CommandInvocations": [ { "CommandId": "ef7fdfd8-9b57-4151-a15c-db9a12345678", "InstanceId": "i-02573cafcfEXAMPLE", "InstanceName": "", "Comment": "b48291dd-ba76-43e0-b9df-13e11ddaac26:6960febb-2907-4b59-8e1a-d6ce8EXAMPLE", "DocumentName": "AWS-UpdateSSMAgent", "DocumentVersion": "", "RequestedDateTime": 1582136283.089, "Status": "Success", "StatusDetails": "Success", "StandardOutputUrl": "", "StandardErrorUrl": "", "CommandPlugins": [ { "Name": "aws:updateSsmAgent", "Status": "Success", "StatusDetails": "Success", "ResponseCode": 0, "ResponseStartDateTime": 1582136283.419, "ResponseFinishDateTime": 1582136283.51, "Output": "Updating amazon-ssm-agent from 2.3.842.0 to latest\nSuccessfully downloaded https://s3.us-east-2.amazonaws.com/amazon-ssm-us-east-2/ssm-agent-manifest.json\namazon-ssm-agent 2.3.842.0 has already been installed, update skipped\n", "StandardOutputUrl": "", "StandardErrorUrl": "", "OutputS3Region": "us-east-2", "OutputS3BucketName": "", "OutputS3KeyPrefix": "" } ], "ServiceRole": "", "NotificationConfig": { "NotificationArn": "", "NotificationEvents": [], "NotificationType": "" }, "CloudWatchOutputConfig": { "CloudWatchLogGroupName": "", "CloudWatchOutputEnabled": false } }, { "CommandId": "ef7fdfd8-9b57-4151-a15c-db9a12345678", "InstanceId": "i-0471e04240EXAMPLE", "InstanceName": "", "Comment": "b48291dd-ba76-43e0-b9df-13e11ddaac26:6960febb-2907-4b59-8e1a-d6ce8EXAMPLE", "DocumentName": "AWS-UpdateSSMAgent", "DocumentVersion": "", "RequestedDateTime": 1582136283.02, "Status": "Success", "StatusDetails": "Success", "StandardOutputUrl": "", "StandardErrorUrl": "", "CommandPlugins": [ { "Name": "aws:updateSsmAgent", "Status": "Success", "StatusDetails": "Success", "ResponseCode": 0, "ResponseStartDateTime": 1582136283.812, "ResponseFinishDateTime": 1582136295.031, "Output": "Updating amazon-ssm-agent from 2.3.672.0 to latest\nSuccessfully downloaded https://s3.us-east-2.amazonaws.com/amazon-ssm-us-east-2/ssm-agent-manifest.json\nSuccessfully downloaded https://s3.us-east-2.amazonaws.com/amazon-ssm-us-east-2/amazon-ssm-agent-updater/2.3.842.0/amazon-ssm-agent-updater-snap-amd64.tar.gz\nSuccessfully downloaded https://s3.us-east-2.amazonaws.com/amazon-ssm-us-east-2/amazon-ssm-agent/2.3.672.0/amazon-ssm-agent-snap-amd64.tar.gz\nSuccessfully downloaded https://s3.us-east-2.amazonaws.com/amazon-ssm-us-east-2/amazon-ssm-agent/2.3.842.0/amazon-ssm-agent-snap-amd64.tar.gz\nInitiating amazon-ssm-agent update to 2.3.842.0\namazon-ssm-agent updated successfully to 2.3.842.0", "StandardOutputUrl": "", "StandardErrorUrl": "", "OutputS3Region": "us-east-2", "OutputS3BucketName": "", "OutputS3KeyPrefix": "8bee3135-398c-4d31-99b6-e42d2EXAMPLE/i-0471e04240EXAMPLE/awsupdateSsmAgent" } ], "ServiceRole": "", "NotificationConfig": { "NotificationArn": "", "NotificationEvents": [], "NotificationType": "" }, "CloudWatchOutputConfig": { "CloudWatchLogGroupName": "", "CloudWatchOutputEnabled": false } } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的了解命令状态。
-
有关API详细信息,请参阅 “ListCommandInvocations AWS CLI
命令参考”。
-
以下代码示例演示如何使用 list-commands。
- AWS CLI
-
示例 1:获取特定命令的状态
以下
list-commands示例检索并显示指定命令的状态。aws ssm list-commands \ --command-id"0831e1a8-a1ac-4257-a1fd-c831bEXAMPLE"示例 2:获取特定日期之后请求的命令的状态
以下
list-commands示例检索在指定日期之后请求的命令的详细信息。aws ssm list-commands \ --filter"key=InvokedAfter,value=2020-02-01T00:00:00Z"示例 3:列出 AWS 账户中请求的所有命令
以下
list-commands示例列出了当前 AWS 账户和区域中的用户请求的所有命令。aws ssm list-commands输出:
{ "Commands": [ { "CommandId": "8bee3135-398c-4d31-99b6-e42d2EXAMPLE", "DocumentName": "AWS-UpdateSSMAgent", "DocumentVersion": "", "Comment": "b48291dd-ba76-43e0-b9df-13e11ddaac26:6960febb-2907-4b59-8e1a-d6ce8EXAMPLE", "ExpiresAfter": "2020-02-19T11:28:02.500000-08:00", "Parameters": {}, "InstanceIds": [ "i-028ea792daEXAMPLE", "i-02feef8c46EXAMPLE", "i-038613f3f0EXAMPLE", "i-03a530a2d4EXAMPLE", "i-083b678d37EXAMPLE", "i-0dee81debaEXAMPLE" ], "Targets": [], "RequestedDateTime": "2020-02-19T10:18:02.500000-08:00", "Status": "Success", "StatusDetails": "Success", "OutputS3BucketName": "", "OutputS3KeyPrefix": "", "MaxConcurrency": "50", "MaxErrors": "100%", "TargetCount": 6, "CompletedCount": 6, "ErrorCount": 0, "DeliveryTimedOutCount": 0, "ServiceRole": "", "NotificationConfig": { "NotificationArn": "", "NotificationEvents": [], "NotificationType": "" }, "CloudWatchOutputConfig": { "CloudWatchLogGroupName": "", "CloudWatchOutputEnabled": false } } { "CommandId": "e9ade581-c03d-476b-9b07-26667EXAMPLE", "DocumentName": "AWS-FindWindowsUpdates", "DocumentVersion": "1", "Comment": "", "ExpiresAfter": "2020-01-24T12:37:31.874000-08:00", "Parameters": { "KbArticleIds": [ "" ], "UpdateLevel": [ "All" ] }, "InstanceIds": [], "Targets": [ { "Key": "InstanceIds", "Values": [ "i-00ec29b21eEXAMPLE", "i-09911ddd90EXAMPLE" ] } ], "RequestedDateTime": "2020-01-24T11:27:31.874000-08:00", "Status": "Success", "StatusDetails": "Success", "OutputS3BucketName": "my-us-east-2-bucket", "OutputS3KeyPrefix": "my-rc-output", "MaxConcurrency": "50", "MaxErrors": "0", "TargetCount": 2, "CompletedCount": 2, "ErrorCount": 0, "DeliveryTimedOutCount": 0, "ServiceRole": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "NotificationConfig": { "NotificationArn": "arn:aws:sns:us-east-2:111222333444:my-us-east-2-notification-arn", "NotificationEvents": [ "All" ], "NotificationType": "Invocation" }, "CloudWatchOutputConfig": { "CloudWatchLogGroupName": "", "CloudWatchOutputEnabled": false } } { "CommandId": "d539b6c3-70e8-4853-80e5-0ce4fEXAMPLE", "DocumentName": "AWS-RunPatchBaseline", "DocumentVersion": "1", "Comment": "", "ExpiresAfter": "2020-01-24T12:21:04.350000-08:00", "Parameters": { "InstallOverrideList": [ "" ], "Operation": [ "Install" ], "RebootOption": [ "RebootIfNeeded" ], "SnapshotId": [ "" ] }, "InstanceIds": [], "Targets": [ { "Key": "InstanceIds", "Values": [ "i-00ec29b21eEXAMPLE", "i-09911ddd90EXAMPLE" ] } ], "RequestedDateTime": "2020-01-24T11:11:04.350000-08:00", "Status": "Success", "StatusDetails": "Success", "OutputS3BucketName": "my-us-east-2-bucket", "OutputS3KeyPrefix": "my-rc-output", "MaxConcurrency": "50", "MaxErrors": "0", "TargetCount": 2, "CompletedCount": 2, "ErrorCount": 0, "DeliveryTimedOutCount": 0, "ServiceRole": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "NotificationConfig": { "NotificationArn": "arn:aws:sns:us-east-2:111222333444:my-us-east-2-notification-arn", "NotificationEvents": [ "All" ], "NotificationType": "Invocation" }, "CloudWatchOutputConfig": { "CloudWatchLogGroupName": "", "CloudWatchOutputEnabled": false } } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用 Systems Manager Run Command 运行命令。
-
有关API详细信息,请参阅 “ListCommands AWS CLI
命令参考”。
-
以下代码示例演示如何使用 list-compliance-items。
- AWS CLI
-
列出特定实例的合规性项目
此示例列出指定实例的所有合规性项目。
命令:
aws ssm list-compliance-items --resource-ids"i-1234567890abcdef0"--resource-types"ManagedInstance"输出:
{ "ComplianceItems": [ { "ComplianceType": "Association", "ResourceType": "ManagedInstance", "ResourceId": "i-1234567890abcdef0", "Id": "8dfe3659-4309-493a-8755-0123456789ab", "Title": "", "Status": "COMPLIANT", "Severity": "UNSPECIFIED", "ExecutionSummary": { "ExecutionTime": 1550408470.0 }, "Details": { "DocumentName": "AWS-GatherSoftwareInventory", "DocumentVersion": "1" } }, { "ComplianceType": "Association", "ResourceType": "ManagedInstance", "ResourceId": "i-1234567890abcdef0", "Id": "e4c2ed6d-516f-41aa-aa2a-0123456789ab", "Title": "", "Status": "COMPLIANT", "Severity": "UNSPECIFIED", "ExecutionSummary": { "ExecutionTime": 1550508475.0 }, "Details": { "DocumentName": "AWS-UpdateSSMAgent", "DocumentVersion": "1" } }, ... ], "NextToken": "--token string truncated--" }列出特定实例和关联 ID 的合规性项目
此示例列出指定实例和关联 ID 的所有合规性项目。
命令:
aws ssm list-compliance-items --resource-ids"i-1234567890abcdef0"--resource-types"ManagedInstance"--filters"Key=ComplianceType,Values=Association,Type=EQUAL""Key=Id,Values=e4c2ed6d-516f-41aa-aa2a-0123456789ab,Type=EQUAL"列出特定日期和时间之后实例的合规性项目
此示例列出指定日期和时间之后实例的所有合规性项目。
命令:
aws ssm list-compliance-items --resource-ids"i-1234567890abcdef0"--resource-types"ManagedInstance"--filters"Key=ExecutionTime,Values=2019-02-18T16:00:00Z,Type=GREATER_THAN"-
有关API详细信息,请参阅 “ListComplianceItems AWS CLI
命令参考”。
-
以下代码示例演示如何使用 list-compliance-summaries。
- AWS CLI
-
列出所有合规性类型的合规性摘要
此示例列出您账户中所有合规性类型的合规性摘要。
命令:
aws ssm list-compliance-summaries输出:
{ "ComplianceSummaryItems": [ { "ComplianceType": "Association", "CompliantSummary": { "CompliantCount": 2, "SeveritySummary": { "CriticalCount": 0, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 2 } }, "NonCompliantSummary": { "NonCompliantCount": 0, "SeveritySummary": { "CriticalCount": 0, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 0 } } }, { "ComplianceType": "Patch", "CompliantSummary": { "CompliantCount": 1, "SeveritySummary": { "CriticalCount": 0, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 1 } }, "NonCompliantSummary": { "NonCompliantCount": 1, "SeveritySummary": { "CriticalCount": 1, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 0 } } }, ... ], "NextToken": "eyJOZXh0VG9rZW4iOiBudWxsLCAiYm90b190cnVuY2F0ZV9hbW91bnQiOiAyfQ==" }列出特定合规性类型的合规性摘要
此示例列出补丁合规性类型的合规性摘要。
命令:
aws ssm list-compliance-summaries --filters"Key=ComplianceType,Values=Patch,Type=EQUAL"-
有关API详细信息,请参阅 “ListComplianceSummaries AWS CLI
命令参考”。
-
以下代码示例演示如何使用 list-document-metadata-history。
- AWS CLI
-
示例:查看更改模板的批准历史记录和状态
以下
list-document-metadata-history示例返回指定 Change Manager 变更模板的批准历史记录。aws ssm list-document-metadata-history \ --nameMyChangeManageTemplate\ --metadataDocumentReviews输出:
{ "Name": "MyChangeManagerTemplate", "DocumentVersion": "1", "Author": "arn:aws:iam::111222333444;:user/JohnDoe", "Metadata": { "ReviewerResponse": [ { "CreateTime": "2021-07-30T11:58:28.025000-07:00", "UpdatedTime": "2021-07-30T12:01:19.274000-07:00", "ReviewStatus": "APPROVED", "Comment": [ { "Type": "COMMENT", "Content": "I approve this template version" } ], "Reviewer": "arn:aws:iam::111222333444;:user/ShirleyRodriguez" }, { "CreateTime": "2021-07-30T11:58:28.025000-07:00", "UpdatedTime": "2021-07-30T11:58:28.025000-07:00", "ReviewStatus": "PENDING" } ] } }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的审阅、批准或拒绝变更模板。
-
有关API详细信息,请参阅 “ListDocumentMetadataHistory AWS CLI
命令参考”。
-
以下代码示例演示如何使用 list-document-versions。
- AWS CLI
-
列出文档版本
以下
list-document-versions示例列出 Systems Manager 文档的所有版本。aws ssm list-document-versions \ --name"Example"输出:
{ "DocumentVersions": [ { "Name": "Example", "DocumentVersion": "1", "CreatedDate": 1583257938.266, "IsDefaultVersion": true, "DocumentFormat": "YAML", "Status": "Active" } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的发送使用文档版本参数的命令。
-
有关API详细信息,请参阅 “ListDocumentVersions AWS CLI
命令参考”。
-
以下代码示例演示如何使用 list-documents。
- AWS CLI
-
示例 1:列出文档
以下
list-documents示例列出标有自定义标签的请求账户拥有的文档。aws ssm list-documents \ --filtersKey=Owner,Values=SelfKey=tag:DocUse,Values=Testing输出:
{ "DocumentIdentifiers": [ { "Name": "Example", "Owner": "29884EXAMPLE", "PlatformTypes": [ "Windows", "Linux" ], "DocumentVersion": "1", "DocumentType": "Automation", "SchemaVersion": "0.3", "DocumentFormat": "YAML", "Tags": [ { "Key": "DocUse", "Value": "Testing" } ] } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的 AWS Systems Manager 文档。
示例 2:列出共享文档
以下
list-documents示例列出了共享文档,包括不属于的私有共享文档 AWS。aws ssm list-documents \ --filtersKey=Name,Values=sharedDocNamePrefixKey=Owner,Values=Private输出:
{ "DocumentIdentifiers": [ { "Name": "Example", "Owner": "12345EXAMPLE", "PlatformTypes": [ "Windows", "Linux" ], "DocumentVersion": "1", "DocumentType": "Command", "SchemaVersion": "0.3", "DocumentFormat": "YAML", "Tags": [] } ] }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的 AWS Systems Manager 文档。
-
有关API详细信息,请参阅 “ListDocuments AWS CLI
命令参考”。
-
以下代码示例演示如何使用 list-inventory-entries。
- AWS CLI
-
示例 1:查看实例的特定清单类型条目
以下
list-inventory-entries示例列出了特定实例上:Application AWS清单类型的清单条目。aws ssm list-inventory-entries \ --instance-id"i-1234567890abcdef0"\ --type-name"AWS:Application"输出:
{ "TypeName": "AWS:Application", "InstanceId": "i-1234567890abcdef0", "SchemaVersion": "1.1", "CaptureTime": "2019-02-15T12:17:55Z", "Entries": [ { "Architecture": "i386", "Name": "Amazon SSM Agent", "PackageId": "{88a60be2-89a1-4df8-812a-80863c2a2b68}", "Publisher": "Amazon Web Services", "Version": "2.3.274.0" }, { "Architecture": "x86_64", "InstalledTime": "2018-05-03T13:42:34Z", "Name": "AmazonCloudWatchAgent", "Publisher": "", "Version": "1.200442.0" } ] }示例 2:查看分配给实例的自定义清单条目
以下
list-inventory-entries示例列出分配给实例的自定义清单条目。aws ssm list-inventory-entries \ --instance-id"i-1234567890abcdef0"\ --type-name"Custom:RackInfo"输出:
{ "TypeName": "Custom:RackInfo", "InstanceId": "i-1234567890abcdef0", "SchemaVersion": "1.0", "CaptureTime": "2021-05-22T10:01:01Z", "Entries": [ { "RackLocation": "Bay B/Row C/Rack D/Shelf E" } ] }-
有关API详细信息,请参阅 “ListInventoryEntries AWS CLI
命令参考”。
-
以下代码示例演示如何使用 list-ops-item-related-items。
- AWS CLI
-
列出某人的相关物品资源 OpsItem
以下
list-ops-item-related-items示例列出了的相关项目资源。 OpsItemaws ssm list-ops-item-related-items \ --ops-item-id"oi-f99f2EXAMPLE"输出:
{ "Summaries": [ { "OpsItemId": "oi-f99f2EXAMPLE", "AssociationId": "e2036148-cccb-490e-ac2a-390e5EXAMPLE", "ResourceType": "AWS::SSMIncidents::IncidentRecord", "AssociationType": "IsParentOf", "ResourceUri": "arn:aws:ssm-incidents::111122223333:incident-record/example-response/64bd9b45-1d0e-2622-840d-03a87a1451fa", "CreatedBy": { "Arn": "arn:aws:sts::111122223333:assumed-role/AWSServiceRoleForIncidentManager/IncidentResponse" }, "CreatedTime": "2021-08-11T18:47:14.994000+00:00", "LastModifiedBy": { "Arn": "arn:aws:sts::111122223333:assumed-role/AWSServiceRoleForIncidentManager/IncidentResponse" }, "LastModifiedTime": "2021-08-11T18:47:14.994000+00:00" } ] }有关更多信息,请参阅 S AWS ystem s Manager 用户指南 OpsCenter中的处理事件管理器事件。
-
有关API详细信息,请参阅 “ListOpsItemRelatedItems AWS CLI
命令参考”。
-
以下代码示例演示如何使用 list-resource-compliance-summaries。
- AWS CLI
-
列出资源级合规性摘要计数
此示例列出资源级合规性摘要计数。
命令:
aws ssm list-resource-compliance-summaries输出:
{ "ResourceComplianceSummaryItems": [ { "ComplianceType": "Association", "ResourceType": "ManagedInstance", "ResourceId": "i-1234567890abcdef0", "Status": "COMPLIANT", "OverallSeverity": "UNSPECIFIED", "ExecutionSummary": { "ExecutionTime": 1550509273.0 }, "CompliantSummary": { "CompliantCount": 2, "SeveritySummary": { "CriticalCount": 0, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 2 } }, "NonCompliantSummary": { "NonCompliantCount": 0, "SeveritySummary": { "CriticalCount": 0, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 0 } } }, { "ComplianceType": "Patch", "ResourceType": "ManagedInstance", "ResourceId": "i-9876543210abcdef0", "Status": "COMPLIANT", "OverallSeverity": "UNSPECIFIED", "ExecutionSummary": { "ExecutionTime": 1550248550.0, "ExecutionId": "7abb6378-a4a5-4f10-8312-0123456789ab", "ExecutionType": "Command" }, "CompliantSummary": { "CompliantCount": 397, "SeveritySummary": { "CriticalCount": 0, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 397 } }, "NonCompliantSummary": { "NonCompliantCount": 0, "SeveritySummary": { "CriticalCount": 0, "HighCount": 0, "MediumCount": 0, "LowCount": 0, "InformationalCount": 0, "UnspecifiedCount": 0 } } } ], "NextToken": "--token string truncated--" }列出特定合性规类型的资源级合规性摘要
此示例列出补丁合规性类型的资源级合规性摘要。
命令:
aws ssm list-resource-compliance-summaries --filters"Key=ComplianceType,Values=Patch,Type=EQUAL"-
有关API详细信息,请参阅 “ListResourceComplianceSummaries AWS CLI
命令参考”。
-
以下代码示例演示如何使用 list-resource-data-sync。
- AWS CLI
-
列出您的资源数据同步配置
此示例检索有关您的资源数据同步配置的信息。
aws ssm list-resource-data-sync输出:
{ "ResourceDataSyncItems": [ { "SyncName": "MyResourceDataSync", "S3Destination": { "BucketName": "ssm-resource-data-sync", "SyncFormat": "JsonSerDe", "Region": "us-east-1" }, "LastSyncTime": 1550261472.003, "LastSuccessfulSyncTime": 1550261472.003, "LastStatus": "Successful", "SyncCreatedTime": 1543235736.72, "LastSyncStatusMessage": "The sync was successfully completed" } ] }-
有关API详细信息,请参阅 “ListResourceDataSync AWS CLI
命令参考”。
-
以下代码示例演示如何使用 list-tags-for-resource。
- AWS CLI
-
列出应用于补丁基准的标签
以下
list-tags-for-resource示例列出了补丁基准的标签。aws ssm list-tags-for-resource \ --resource-type"PatchBaseline"\ --resource-id"pb-0123456789abcdef0"输出:
{ "TagList": [ { "Key": "Environment", "Value": "Production" }, { "Key": "Region", "Value": "EMEA" } ] }有关更多信息,请参阅《AWS 一般参考》中的 “为AWS 资源添加标签”。
-
有关API详细信息,请参阅 “ListTagsForResource AWS CLI
命令参考”。
-
以下代码示例演示如何使用 modify-document-permission。
- AWS CLI
-
修改文档权限
以下
modify-document-permission示例公开共享一个 Systems Manager 文档。aws ssm modify-document-permission \ --name"Example"\ --permission-type"Share"\ --account-ids-to-add"All"此命令不生成任何输出。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的共享 Systems Manager 文档。
-
有关API详细信息,请参阅 “ModifyDocumentPermission AWS CLI
命令参考”。
-
以下代码示例演示如何使用 put-compliance-items。
- AWS CLI
-
向指定实例注册合规性类型和合规性详细信息
此示例将合规性类型
Custom:AVCheck注册到指定的托管式实例。如果此命令成功,则无任何输出。命令:
aws ssm put-compliance-items --resource-id"i-1234567890abcdef0"--resource-type"ManagedInstance"--compliance-type"Custom:AVCheck"--execution-summary"ExecutionTime=2019-02-18T16:00:00Z"--items"Id=Version2.0,Title=ScanHost,Severity=CRITICAL,Status=COMPLIANT"-
有关API详细信息,请参阅 “PutComplianceItems AWS CLI
命令参考”。
-
以下代码示例演示如何使用 put-inventory。
- AWS CLI
-
将客户元数据分配给实例
此示例将机架位置信息分配给某个实例。如果此命令成功,则无任何输出。
命令(Linux):
aws ssm put-inventory --instance-id"i-016648b75dd622dab"--items '[{"TypeName": "Custom:RackInfo","SchemaVersion": "1.0","CaptureTime": "2019-01-22T10:01:01Z","Content":[{"RackLocation": "Bay B/Row C/Rack D/Shelf E"}]}]'命令(Windows):
aws ssm put-inventory --instance-id"i-016648b75dd622dab"--items"TypeName=Custom:RackInfo,SchemaVersion=1.0,CaptureTime=2019-01-22T10:01:01Z,Content=[{RackLocation='Bay B/Row C/Rack D/Shelf F'}]"-
有关API详细信息,请参阅 “PutInventory AWS CLI
命令参考”。
-
以下代码示例演示如何使用 put-parameter。
- AWS CLI
-
示例 1:更改参数值
以下
put-parameter示例更改了指定参数的值。aws ssm put-parameter \ --name"MyStringParameter"\ --type"String"\ --value"Vici"\ --overwrite输出:
{ "Version": 2, "Tier": "Standard" }有关更多信息,请参阅《S ystems Manager 用户指南》中的创建 Systems Manager 参数 (AWS CLI) 、“管理参数层 < https://docs.aws.amazon.com/systems-manager/ latest/userguide/parameter-store-advanced-parameters .html>`__” 和 “使用参数策略”。AWS
示例 2:创建高级参数
以下
put-parameter示例将创建高级参数。aws ssm put-parameter \ --name"MyAdvancedParameter"\ --description"This is an advanced parameter"\ --value"Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat [truncated]"\ --type"String"\ --tierAdvanced输出:
{ "Version": 1, "Tier": "Advanced" }有关更多信息,请参阅《S ystems Manager 用户指南》中的创建 Systems Manager 参数 (AWS CLI) 、“管理参数层 < https://docs.aws.amazon.com/systems-manager/ latest/userguide/parameter-store-advanced-parameters .html>`__” 和 “使用参数策略”。AWS
示例 3:将标准参数转换为高级参数
以下
put-parameter示例将现有标准参数转换为高级参数。aws ssm put-parameter \ --name"MyConvertedParameter"\ --value"abc123"\ --type"String"\ --tierAdvanced\ --overwrite输出:
{ "Version": 2, "Tier": "Advanced" }有关更多信息,请参阅《S ystems Manager 用户指南》中的创建 Systems Manager 参数 (AWS CLI) 、“管理参数层 < https://docs.aws.amazon.com/systems-manager/ latest/userguide/parameter-store-advanced-parameters .html>`__” 和 “使用参数策略”。AWS
示例 4:创建附加有策略的参数
以下
put-parameter示例创建了一个附加参数策略的高级参数。aws ssm put-parameter \ --name"/Finance/Payroll/q2accesskey"\ --value"P@sSwW)rd"\ --type"SecureString"\ --tierAdvanced\ --policies "[{\"Type\":\"Expiration\",\"Version\":\"1.0\",\"Attributes\":{\"Timestamp\":\"2020-06-30T00:00:00.000Z\"}},{\"Type\":\"ExpirationNotification\",\"Version\":\"1.0\",\"Attributes\":{\"Before\":\"5\",\"Unit\":\"Days\"}},{\"Type\":\"NoChangeNotification\",\"Version\":\"1.0\",\"Attributes\":{\"After\":\"60\",\"Unit\":\"Days\"}}]"输出:
{ "Version": 1, "Tier": "Advanced" }有关更多信息,请参阅《S ystems Manager 用户指南》中的创建 Systems Manager 参数 (AWS CLI) 、“管理参数层 < https://docs.aws.amazon.com/systems-manager/ latest/userguide/parameter-store-advanced-parameters .html>`__” 和 “使用参数策略”。AWS
示例 5:向现有参数添加策略
以下
put-parameter示例将策略附加到现有高级参数。aws ssm put-parameter \ --name"/Finance/Payroll/q2accesskey"\ --value"N3wP@sSwW)rd"\ --type"SecureString"\ --tierAdvanced\ --policies "[{\"Type\":\"Expiration\",\"Version\":\"1.0\",\"Attributes\":{\"Timestamp\":\"2020-06-30T00:00:00.000Z\"}},{\"Type\":\"ExpirationNotification\",\"Version\":\"1.0\",\"Attributes\":{\"Before\":\"5\",\"Unit\":\"Days\"}},{\"Type\":\"NoChangeNotification\",\"Version\":\"1.0\",\"Attributes\":{\"After\":\"60\",\"Unit\":\"Days\"}}]" --overwrite输出:
{ "Version": 2, "Tier": "Advanced" }有关更多信息,请参阅《S ystems Manager 用户指南》中的创建 Systems Manager 参数 (AWS CLI) 、“管理参数层 < https://docs.aws.amazon.com/systems-manager/ latest/userguide/parameter-store-advanced-parameters .html>`__” 和 “使用参数策略”。AWS
-
有关API详细信息,请参阅 “PutParameter AWS CLI
命令参考”。
-
以下代码示例演示如何使用 register-default-patch-baseline。
- AWS CLI
-
设置默认补丁基准
以下
register-default-patch-baseline示例将指定的自定义补丁基准注册为其支持的操作系统类型的默认补丁基准。aws ssm register-default-patch-baseline \ --baseline-id"pb-abc123cf9bEXAMPLE"输出:
{ "BaselineId":"pb-abc123cf9bEXAMPLE" }以下
register-default-patch-baseline示例将 CentOS 提供的默认补丁基准注册 AWS 为默认补丁基准。aws ssm register-default-patch-baseline \ --baseline-id"arn:aws:ssm:us-east-2:733109147000:patchbaseline/pb-0574b43a65ea646ed"输出:
{ "BaselineId":"pb-abc123cf9bEXAMPLE" }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的关于预定义和自定义补丁基准。
-
有关API详细信息,请参阅 “RegisterDefaultPatchBaseline AWS CLI
命令参考”。
-
以下代码示例演示如何使用 register-patch-baseline-for-patch-group。
- AWS CLI
-
为补丁组注册补丁基准
以下
register-patch-baseline-for-patch-group示例为补丁组注册补丁基准。aws ssm register-patch-baseline-for-patch-group \ --baseline-id"pb-045f10b4f382baeda"\ --patch-group"Production"输出:
{ "BaselineId": "pb-045f10b4f382baeda", "PatchGroup": "Production" }有关更多信息,请参阅《Systems Manager AWS 用户指南》中的创建补丁组 < https://docs.aws.amazon.com/systems-manager/ latest/userguide/sysman-patch-group-tagging .html>__ 和向补丁基准添加补丁组。
-
有关API详细信息,请参阅 “RegisterPatchBaselineForPatchGroup AWS CLI
命令参考”。
-
以下代码示例演示如何使用 register-target-with-maintenance-window。
- AWS CLI
-
示例 1:向维护时段注册单个目标
以下
register-target-with-maintenance-window示例向维护时段注册实例。aws ssm register-target-with-maintenance-window \ --window-id"mw-ab12cd34ef56gh78"\ --target"Key=InstanceIds,Values=i-0000293ffd8c57862"\ --owner-information"Single instance"\ --resource-type"INSTANCE"输出:
{ "WindowTargetId":"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d-1a2" }示例 2:使用实例在维护时段注册多个目标 IDs
以下
register-target-with-maintenance-window示例通过指定实例在维护时段注册两个实例IDs。aws ssm register-target-with-maintenance-window \ --window-id"mw-ab12cd34ef56gh78"\ --target"Key=InstanceIds,Values=i-0000293ffd8c57862,i-0cb2b964d3e14fd9f"\ --owner-information"Two instances in a list"\ --resource-type"INSTANCE"输出:
{ "WindowTargetId":"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d-1a2" }示例 3:使用资源标签向维护时段注册目标
以下
register-target-with-maintenance-window示例通过指定已应用于实例的资源标签,向维护时段注册实例。aws ssm register-target-with-maintenance-window \ --window-id"mw-06cf17cbefcb4bf4f"\ --targets"Key=tag:Environment,Values=Prod""Key=Role,Values=Web"\ --owner-information"Production Web Servers"\ --resource-type"INSTANCE"输出:
{ "WindowTargetId":"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d-1a2" }示例 4:使用一组标签键注册目标
以下
register-target-with-maintenance-window示例注册所有被分配了一个或多个标签键的实例(不考虑其键值)。aws ssm register-target-with-maintenance-window \ --window-id"mw-0c50858d01EXAMPLE"\ --resource-type"INSTANCE"\ --target"Key=tag-key,Values=Name,Instance-Type,CostCenter"输出:
{ "WindowTargetId":"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d-1a2" }示例 5:使用资源组名称注册目标
以下
register-target-with-maintenance-window示例注册指定的资源组,无论其包含的资源类型如何。aws ssm register-target-with-maintenance-window \ --window-id"mw-0c50858d01EXAMPLE"\ --resource-type"RESOURCE_GROUP"\ --target"Key=resource-groups:Name,Values=MyResourceGroup"输出:
{ "WindowTargetId":"1a2b3c4d-1a2b-1a2b-1a2b-1a2b3c4d-1a2" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的在维护时段注册目标实例 (AWS CLI)。
-
有关API详细信息,请参阅 “RegisterTargetWithMaintenanceWindow AWS CLI
命令参考”。
-
以下代码示例演示如何使用 register-task-with-maintenance-window。
- AWS CLI
-
示例 1:向维护时段注册 Automation 任务
以下
register-task-with-maintenance-window示例向针对实例的维护时段注册 Automation 任务。aws ssm register-task-with-maintenance-window \ --window-id"mw-082dcd7649EXAMPLE"\ --targetsKey=InstanceIds,Values=i-1234520122EXAMPLE\ --task-arnAWS-RestartEC2Instance\ --service-role-arnarn:aws:iam::111222333444:role/SSM--task-typeAUTOMATION\ --task-invocation-parameters "{\"Automation\":{\"DocumentVersion\":\"\$LATEST\",\"Parameters\":{\"InstanceId\":[\"{{RESOURCE_ID}}\"]}}}" \ --priority0\ --max-concurrency1\ --max-errors1\ --name"AutomationExample"\ --description"Restarting EC2 Instance for maintenance"输出:
{ "WindowTaskId":"11144444-5555-6666-7777-88888888" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “在维护时段注册任务” (AWS CLI)。
示例 2:向维护时段注册 Lambda 任务
以下
register-task-with-maintenance-window示例向针对实例的维护时段注册 Lambda 任务。aws ssm register-task-with-maintenance-window \ --window-id"mw-082dcd7649dee04e4"\ --targetsKey=InstanceIds,Values=i-12344d305eEXAMPLE\ --task-arnarn:aws:lambda:us-east-1:111222333444:function:SSMTestLAMBDA\ --service-role-arnarn:aws:iam::111222333444:role/SSM\ --task-typeLAMBDA\ --task-invocation-parameters '{"Lambda":{"Payload":"{\"InstanceId\":\"{{RESOURCE_ID}}\",\"targetType\":\"{{TARGET_TYPE}}\"}","Qualifier":"$LATEST"}}' \ --priority0\ --max-concurrency10\ --max-errors5\ --name"Lambda_Example"\ --description"My Lambda Example"输出:
{ "WindowTaskId":"22244444-5555-6666-7777-88888888" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “在维护时段注册任务” (AWS CLI)。
示例 3:向维护时段注册 Run Command 任务
以下
register-task-with-maintenance-window示例向针对实例的维护时段注册 Run Command 任务。aws ssm register-task-with-maintenance-window \ --window-id"mw-082dcd7649dee04e4"\ --targets"Key=InstanceIds,Values=i-12344d305eEXAMPLE"\ --service-role-arn"arn:aws:iam::111222333444:role/SSM"\ --task-type"RUN_COMMAND"\ --name"SSMInstallPowerShellModule"\ --task-arn"AWS-InstallPowerShellModule"\ --task-invocation-parameters "{\"RunCommand\":{\"Comment\":\"\",\"OutputS3BucketName\":\"runcommandlogs\",\"Parameters\":{\"commands\":[\"Get-Module -ListAvailable\"],\"executionTimeout\":[\"3600\"],\"source\":[\"https:\/\/gallery.technet.microsoft.com\/EZOut-33ae0fb7\/file\/110351\/1\/EZOut.zip\"],\"workingDirectory\":[\"\\\\\"]},\"TimeoutSeconds\":600}}" \ --max-concurrency 1 \ --max-errors 1 \ --priority10输出:
{ "WindowTaskId":"33344444-5555-6666-7777-88888888" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “在维护时段注册任务” (AWS CLI)。
示例 4:向维护时段注册 Step Functions 任务
以下
register-task-with-maintenance-window示例向针对实例的维护时段注册 Step Functions 任务。aws ssm register-task-with-maintenance-window \ --window-id"mw-1234d787d6EXAMPLE"\ --targetsKey=WindowTargetIds,Values=12347414-69c3-49f8-95b8-ed2dcEXAMPLE\ --task-arnarn:aws:states:us-east-1:111222333444:stateMachine:SSMTestStateMachine\ --service-role-arnarn:aws:iam::111222333444:role/MaintenanceWindows\ --task-typeSTEP_FUNCTIONS\ --task-invocation-parameters '{"StepFunctions":{"Input":"{\"InstanceId\":\"{{RESOURCE_ID}}\"}"}}' \ --priority0\ --max-concurrency10\ --max-errors5\ --name"Step_Functions_Example"\ --description"My Step Functions Example"输出:
{ "WindowTaskId":"44444444-5555-6666-7777-88888888" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “在维护时段注册任务” (AWS CLI)。
示例 5:使用维护时段目标 ID 注册任务
以下
register-task-with-maintenance-window示例使用维护时段目标 ID 注册任务。维护时段目标 ID 位于aws ssm register-target-with-maintenance-window命令的输出中。您也可以从aws ssm describe-maintenance-window-targets命令输出中进行检索。aws ssm register-task-with-maintenance-window \ --targets"Key=WindowTargetIds,Values=350d44e6-28cc-44e2-951f-4b2c9EXAMPLE"\ --task-arn"AWS-RunShellScript"\ --service-role-arn"arn:aws:iam::111222333444:role/MaintenanceWindowsRole"\ --window-id"mw-ab12cd34eEXAMPLE"\ --task-type"RUN_COMMAND"\ --task-parameters "{\"commands\":{\"Values\":[\"df\"]}}" \ --max-concurrency1\ --max-errors1\ --priority10输出:
{ "WindowTaskId":"33344444-5555-6666-7777-88888888" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “在维护时段注册任务” (AWS CLI)。
-
有关API详细信息,请参阅 “RegisterTaskWithMaintenanceWindow AWS CLI
命令参考”。
-
以下代码示例演示如何使用 remove-tags-from-resource。
- AWS CLI
-
从补丁基准删除标签
以下
remove-tags-from-resource示例将从补丁基准中删除标签。aws ssm remove-tags-from-resource \ --resource-type"PatchBaseline"\ --resource-id"pb-0123456789abcdef0"\ --tag-keys"Region"此命令不生成任何输出。
有关更多信息,请参阅《AWS 一般参考》中的 “为AWS 资源添加标签”。
-
有关API详细信息,请参阅 “RemoveTagsFromResource AWS CLI
命令参考”。
-
以下代码示例演示如何使用 reset-service-setting。
- AWS CLI
-
重置参数存储吞吐量的服务设置
以下
reset-service-setting示例将指定区域中参数存储吞吐量的服务设置重置为不再使用增加的吞吐量。aws ssm reset-service-setting \ --setting-idarn:aws:ssm:us-east-1:123456789012:servicesetting/ssm/parameter-store/high-throughput-enabled输出:
{ "ServiceSetting": { "SettingId": "/ssm/parameter-store/high-throughput-enabled", "SettingValue": "false", "LastModifiedDate": 1555532818.578, "LastModifiedUser": "System", "ARN": "arn:aws:ssm:us-east-1:123456789012:servicesetting/ssm/parameter-store/high-throughput-enabled", "Status": "Default" } }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “提高参数存储吞吐量”。
-
有关API详细信息,请参阅 “ResetServiceSetting AWS CLI
命令参考”。
-
以下代码示例演示如何使用 resume-session。
- AWS CLI
-
恢复会话管理器会话
此
resume-session示例在实例断开连接后恢复与该实例的会话管理器会话。请注意,此交互式命令要求在进行调用的客户端计算机上安装会话管理器插件。aws ssm resume-session \ --session-idMary-Major-07a16060613c408b5输出:
{ "SessionId": "Mary-Major-07a16060613c408b5", "TokenValue": "AAEAAVbTGsaOnyvcUoNGqifbv5r/8lgxuQljCuY8qVcvOnoBAAAAAFxtd3jIXAFUUXGTJ7zF/AWJPwDviOlF5p3dlAgrqVIVO6IEXhkHLz0/1gXKRKEME71E6TLOplLDJAMZ+kREejkZu4c5AxMkrQjMF+gtHP1bYJKTwtHQd1wjulPLexO8SHl7g5R/wekrj6WsDUpnEegFBfGftpAIz2GXQVfTJXKfkc5qepQ11C11DOIT2dozOqXgHwfQHfAKLErM5dWDZqKwyT1Z3iw7unQdm3p5qsbrugiOZ7CRANTE+ihfGa6MEJJ97Jmat/a2TspEnOjNn9Mvu5iwXIW2yCvWZrGUj+/QI5Xr7s1XJBEnSKR54o4fN0GV9RWl0RZsZm1m1ki0JJtiwwgZ", "StreamUrl": "wss://ssmmessages.us-east-2.amazonaws.com/v1/data-channel/Mary-Major-07a16060613c408b5?role=publish_subscribe" }有关更多信息,请参阅《Syst AWS ems Manager 用户指南》 AWS CLI中的安装会话管理器插件。
-
有关API详细信息,请参阅 “ResumeSession AWS CLI
命令参考”。
-
以下代码示例演示如何使用 send-automation-signal。
- AWS CLI
-
向自动化执行发送信号
以下
send-automation-signal示例向自动化执行发送批准信号。aws ssm send-automation-signal \ --automation-execution-id73c8eef8-f4ee-4a05-820c-e354fEXAMPLE\ --signal-type"Approve"此命令不生成任何输出。
有关更多信息,请参阅 S AWS ystems Manager 用户指南中的使用批准者运行自动化工作流程。
-
有关API详细信息,请参阅 “SendAutomationSignal AWS CLI
命令参考”。
-
以下代码示例演示如何使用 send-command。
- AWS CLI
-
示例 1:在一个或多个远程实例上运行命令
以下
send-command示例在目标实例上运行echo命令。aws ssm send-command \ --document-name"AWS-RunShellScript"\ --parameters 'commands=["echo HelloWorld"]' \ --targets"Key=instanceids,Values=i-1234567890abcdef0"\ --comment"echo HelloWorld"输出:
{ "Command": { "CommandId": "92853adf-ba41-4cd6-9a88-142d1EXAMPLE", "DocumentName": "AWS-RunShellScript", "DocumentVersion": "", "Comment": "echo HelloWorld", "ExpiresAfter": 1550181014.717, "Parameters": { "commands": [ "echo HelloWorld" ] }, "InstanceIds": [ "i-0f00f008a2dcbefe2" ], "Targets": [], "RequestedDateTime": 1550173814.717, "Status": "Pending", "StatusDetails": "Pending", "OutputS3BucketName": "", "OutputS3KeyPrefix": "", "MaxConcurrency": "50", "MaxErrors": "0", "TargetCount": 1, "CompletedCount": 0, "ErrorCount": 0, "DeliveryTimedOutCount": 0, "ServiceRole": "", "NotificationConfig": { "NotificationArn": "", "NotificationEvents": [], "NotificationType": "" }, "CloudWatchOutputConfig": { "CloudWatchLogGroupName": "", "CloudWatchOutputEnabled": false } } }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用 Systems Manager Run Command 运行命令。
示例 2:获取有关实例的 IP 信息
以下
send-command示例检索关于实例的 IP 信息。aws ssm send-command \ --instance-ids"i-1234567890abcdef0"\ --document-name"AWS-RunShellScript"\ --comment"IP config"\ --parameters"commands=ifconfig"有关输出示例,请参阅示例 1。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用 Systems Manager Run Command 运行命令。
示例 3:在具有特定标签的实例上运行命令
以下
send-command示例在标签键为 ENV “” 且值为 “Dev” 的实例上运行命令。aws ssm send-command \ --targets"Key=tag:ENV,Values=Dev"\ --document-name"AWS-RunShellScript"\ --parameters"commands=ifconfig"有关输出示例,请参阅示例 1。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用 Systems Manager Run Command 运行命令。
示例 4:运行发送SNS通知的命令
以下
send-command示例运行一个命令,该命令针对所有通知事件和Command通知类型发送SNS通知。aws ssm send-command \ --instance-ids"i-1234567890abcdef0"\ --document-name"AWS-RunShellScript"\ --comment"IP config"\ --parameters"commands=ifconfig"\ --service-role-arn"arn:aws:iam::123456789012:role/SNS_Role"\ --notification-config"NotificationArn=arn:aws:sns:us-east-1:123456789012:SNSTopicName,NotificationEvents=All,NotificationType=Command"有关输出示例,请参阅示例 1。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用 Systems Manager Run Command 运行命令。
示例 5:运行输出到 S3 的命令和 CloudWatch
以下
send-command示例运行一个命令,该命令将命令详细信息输出到 S3 存储桶和 CloudWatch 日志组。aws ssm send-command \ --instance-ids"i-1234567890abcdef0"\ --document-name"AWS-RunShellScript"\ --comment"IP config"\ --parameters"commands=ifconfig"\ --output-s3-bucket-name"s3-bucket-name" \ --output-s3-key-prefix"runcommand"\ --cloud-watch-output-config"CloudWatchOutputEnabled=true,CloudWatchLogGroupName=CWLGroupName"有关输出示例,请参阅示例 1。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用 Systems Manager Run Command 运行命令。
示例 6:在具有不同标签的多个实例上运行命令
以下
send-command示例对具有两个不同标签键和值的实例运行命令。aws ssm send-command \ --document-name"AWS-RunPowerShellScript"\ --parameters commands=["echo helloWorld"] \ --targetsKey=tag:Env,Values=DevKey=tag:Role,Values=WebServers有关输出示例,请参阅示例 1。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用 Systems Manager Run Command 运行命令。
示例 7:将具有相同标签键的多个实例设为目标
以下
send-command示例在具有相同标签键但不同值的实例上运行命令。aws ssm send-command \ --document-name"AWS-RunPowerShellScript"\ --parameters commands=["echo helloWorld"] \ --targetsKey=tag:Env,Values=Dev,Test有关输出示例,请参阅示例 1。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的使用 Systems Manager Run Command 运行命令。
示例 8:运行使用共享文档的命令
以下
send-command示例在目标实例上运行共享文档。aws ssm send-command \ --document-name"arn:aws:ssm:us-east-1:123456789012:document/ExampleDocument"\ --targets"Key=instanceids,Values=i-1234567890abcdef0"有关输出示例,请参阅示例 1。
有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的使用共享SSM文档。
-
有关API详细信息,请参阅 “SendCommand AWS CLI
命令参考”。
-
以下代码示例演示如何使用 start-associations-once。
- AWS CLI
-
立即运行一个协会,并且只运行一次
以下
start-associations-once示例立即运行指定的关联,且仅运行一次。如果此命令成功,则无任何输出。aws ssm start-associations-once \ --association-id"8dfe3659-4309-493a-8755-0123456789ab"此命令不生成任何输出。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的查看关联历史记录。
-
有关API详细信息,请参阅 “StartAssociationsOnce AWS CLI
命令参考”。
-
以下代码示例演示如何使用 start-automation-execution。
- AWS CLI
-
示例 1:执行自动化文档
以下
start-automation-execution示例运行自动化文档。aws ssm start-automation-execution \ --document-name"AWS-UpdateLinuxAmi"\ --parameters"AutomationAssumeRole=arn:aws:iam::123456789012:role/SSMAutomationRole,SourceAmiId=ami-EXAMPLE,IamInstanceProfileName=EC2InstanceRole"输出:
{ "AutomationExecutionId": "4105a4fc-f944-11e6-9d32-0a1b2EXAMPLE" }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的手动运行自动化工作流程。
示例 2:运行共享自动化文档
以下
start-automation-execution示例运行一个共享的自动化文档。aws ssm start-automation-execution \ --document-name"arn:aws:ssm:us-east-1:123456789012:document/ExampleDocument"输出:
{ "AutomationExecutionId": "4105a4fc-f944-11e6-9d32-0a1b2EXAMPLE" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的使用共享SSM文档。
-
有关API详细信息,请参阅AWS CLI 命令参考StartAutomationExecution
中的。
-
以下代码示例演示如何使用 start-change-request-execution。
- AWS CLI
-
示例 1:启动变更请求
以下
start-change-request-execution示例使用最少的指定选项启动变更请求。aws ssm start-change-request-execution \ --change-request-nameMyChangeRequest\ --document-nameAWS-HelloWorldChangeTemplate\ --runbooks '[{"DocumentName": "AWS-HelloWorld","Parameters": {"AutomationAssumeRole": ["arn:aws:iam:us-east-2:1112223233444:role/MyChangeManagerAssumeRole"]}}]' \ --parameters Approver="JohnDoe",ApproverType="IamUser",ApproverSnsTopicArn="arn:aws:sns:us-east-2:1112223233444:MyNotificationTopic"输出:
{ "AutomationExecutionId": "9d32a4fc-f944-11e6-4105-0a1b2EXAMPLE" }示例 2:使用外部JSON文件启动变更请求
以下
start-automation-execution示例使用JSON文件中指定的多个选项启动变更请求。aws ssm start-change-request-execution \ --cli-input-jsonfile://MyChangeRequest.jsonMyChangeRequest.json的内容:{ "ChangeRequestName": "MyChangeRequest", "DocumentName": "AWS-HelloWorldChangeTemplate", "DocumentVersion": "$DEFAULT", "ScheduledTime": "2021-12-30T03:00:00", "ScheduledEndTime": "2021-12-30T03:05:00", "Tags": [ { "Key": "Purpose", "Value": "Testing" } ], "Parameters": { "Approver": [ "JohnDoe" ], "ApproverType": [ "IamUser" ], "ApproverSnsTopicArn": [ "arn:aws:sns:us-east-2:111222333444;:MyNotificationTopic ] }, "Runbooks": [ { "DocumentName": "AWS-HelloWorld", "DocumentVersion": "1", "MaxConcurrency": "1", "MaxErrors": "1", "Parameters": { "AutomationAssumeRole": [ "arn:aws:iam::111222333444:role/MyChangeManagerAssumeRole" ] } } ], "ChangeDetails": "### Document Name: HelloWorldChangeTemplate\n\n## What does this document do?\nThis change template demonstrates the feature set available for creating change templates for Change Manager. This template starts a Runbook workflow for the Automation document called AWS-HelloWorld.\n\n## Input Parameters\n* ApproverSnsTopicArn: (Required) Amazon Simple Notification Service ARN for approvers.\n* Approver: (Required) The name of the approver to send this request to.\n* ApproverType: (Required) The type of reviewer.\n * Allowed Values: IamUser, IamGroup, IamRole, SSOGroup, SSOUser\n\n## Output Parameters\nThis document has no outputs \n" }输出:
{ "AutomationExecutionId": "9d32a4fc-f944-11e6-4105-0a1b2EXAMPLE" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的创建变更请求。
-
有关API详细信息,请参阅AWS CLI 命令参考StartChangeRequestExecution
中的。
-
以下代码示例演示如何使用 start-session。
- AWS CLI
-
示例 1:启动会话管理器会话
此
start-session示例为会话管理器会话建立与实例的连接。请注意,此交互式命令要求在进行调用的客户端计算机上安装会话管理器插件。aws ssm start-session \ --target"i-1234567890abcdef0"输出:
Starting session with SessionId: Jane-Roe-07a16060613c408b5示例 2:使用启动会话管理器会话 SSH
此
start-session示例使用与会话管理器会话的实例建立连接SSH。请注意,此交互式命令要求在进行调用的客户端计算机上安装会话管理器插件,并且该命令在实例上使用默认用户,ec2-user例如 Linux EC2 实例。ssh -i /path/my-key-pair.pem ec2-user@i-02573cafcfEXAMPLE输出:
Starting session with SessionId: ec2-user-07a16060613c408b5有关更多信息,请参阅《Syst AWS ems Manager 用户指南》 AWS CLI中的 “启动会话并安装会话管理器插件”。
-
有关API详细信息,请参阅AWS CLI 命令参考StartSession
中的。
-
以下代码示例演示如何使用 stop-automation-execution。
- AWS CLI
-
停止自动化执行
以下
stop-automation-execution示例停止自动化文档。aws ssm stop-automation-execution --automation-execution-id"4105a4fc-f944-11e6-9d32-0a1b2EXAMPLE"此命令不生成任何输出。
有关更多信息,请参阅《AWS Systems Manager 用户指南》中的手动运行自动化工作流程。
-
有关API详细信息,请参阅AWS CLI 命令参考StopAutomationExecution
中的。
-
以下代码示例演示如何使用 terminate-session。
- AWS CLI
-
结束会话管理器会话
此
terminate-session示例永久结束用户 “Shirley-Rodriguez” 创建的会话,并关闭会话管理器客户端和实例上的SSM代理之间的数据连接。aws ssm terminate-session \ --session-id"Shirley-Rodriguez-07a16060613c408b5"输出:
{ "SessionId": "Shirley-Rodriguez-07a16060613c408b5" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的终止会话。
-
有关API详细信息,请参阅AWS CLI 命令参考TerminateSession
中的。
-
以下代码示例演示如何使用 unlabel-parameter-version。
- AWS CLI
-
删除参数标签
以下
unlabel-parameter-version示例从给定参数版本中删除指定的标签。aws ssm unlabel-parameter-version \ --name"parameterName"\ --parameter-version"version" \ --labels"label_1""label_2""label_3"输出:
{ "RemovedLabels": [ "label_1" "label_2" "label_3" ], "InvalidLabels": [] }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的删除参数标签 (AWS CLI)。
-
有关API详细信息,请参阅AWS CLI 命令参考UnlabelParameterVersion
中的。
-
以下代码示例演示如何使用 update-association-status。
- AWS CLI
-
更新关联状态
以下
update-association-status示例更新了实例和文档之间关联的关联状态。aws ssm update-association-status \ --name"AWS-UpdateSSMAgent"\ --instance-id"i-1234567890abcdef0"\ --association-status"Date=1424421071.939,Name=Pending,Message=temp_status_change,AdditionalInfo=Additional-Config-Needed"输出:
{ "AssociationDescription": { "Name": "AWS-UpdateSSMAgent", "InstanceId": "i-1234567890abcdef0", "AssociationVersion": "1", "Date": 1550507529.604, "LastUpdateAssociationDate": 1550507806.974, "Status": { "Date": 1424421071.0, "Name": "Pending", "Message": "temp_status_change", "AdditionalInfo": "Additional-Config-Needed" }, "Overview": { "Status": "Success", "AssociationStatusAggregatedCount": { "Success": 1 } }, "DocumentVersion": "$DEFAULT", "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "Targets": [ { "Key": "InstanceIds", "Values": [ "i-1234567890abcdef0" ] } ], "LastExecutionDate": 1550507808.0, "LastSuccessfulExecutionDate": 1550507808.0 } }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的在 Systems Manager 中使用关联。
-
有关API详细信息,请参阅AWS CLI 命令参考UpdateAssociationStatus
中的。
-
以下代码示例演示如何使用 update-association。
- AWS CLI
-
示例 1:更新文档关联
以下
update-association示例使用新文档版本更新关联。aws ssm update-association \ --association-id"8dfe3659-4309-493a-8755-0123456789ab"\ --document-version"\$LATEST"输出:
{ "AssociationDescription": { "Name": "AWS-UpdateSSMAgent", "AssociationVersion": "2", "Date": 1550508093.293, "LastUpdateAssociationDate": 1550508106.596, "Overview": { "Status": "Pending", "DetailedStatus": "Creating" }, "DocumentVersion": "$LATEST", "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "Targets": [ { "Key": "tag:Name", "Values": [ "Linux" ] } ], "LastExecutionDate": 1550508094.879, "LastSuccessfulExecutionDate": 1550508094.879 } }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的编辑和创建关联的新版本。
示例 2:更新关联的计划表达式
以下
update-association示例更新了指定关联的计划表达式。aws ssm update-association \ --association-id"8dfe3659-4309-493a-8755-0123456789ab"\ --schedule-expression"cron(0 0 0/4 1/1 * ? *)"输出:
{ "AssociationDescription": { "Name": "AWS-HelloWorld", "AssociationVersion": "2", "Date": "2021-02-08T13:54:19.203000-08:00", "LastUpdateAssociationDate": "2021-06-29T11:51:07.933000-07:00", "Overview": { "Status": "Pending", "DetailedStatus": "Creating" }, "DocumentVersion": "$DEFAULT", "AssociationId": "8dfe3659-4309-493a-8755-0123456789ab", "Targets": [ { "Key": "aws:NoOpAutomationTag", "Values": [ "AWS-NoOpAutomationTarget-Value" ] } ], "ScheduleExpression": "cron(0 0 0/4 1/1 * ? *)", "LastExecutionDate": "2021-06-26T19:00:48.110000-07:00", "ApplyOnlyAtCronInterval": false } }有关更多信息,请参阅《AWS Systems Manager 用户指南》中的编辑和创建关联的新版本。
-
有关API详细信息,请参阅AWS CLI 命令参考UpdateAssociation
中的。
-
以下代码示例演示如何使用 update-document-default-version。
- AWS CLI
-
更新文档的默认版本
以下
update-document-default-version示例更新了 Systems Manager 文档的默认版本。aws ssm update-document-default-version \ --name"Example"\ --document-version"2"输出:
{ "Description": { "Name": "Example", "DefaultVersion": "2" } }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “编写SSM文档内容”。
-
有关API详细信息,请参阅AWS CLI 命令参考UpdateDocumentDefaultVersion
中的。
-
以下代码示例演示如何使用 update-document-metadata。
- AWS CLI
-
示例:批准最新版本的更改模板
以下内容
update-document-metadata提供了对已提交审核的最新版本变更模板的批准。aws ssm update-document-metadata \ --nameMyChangeManagerTemplate\ --document-reviews 'Action=Approve,Comment=[{Type=Comment,Content=Approved!}]'此命令不生成任何输出。
有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的审阅、批准或拒绝变更模板。
-
有关API详细信息,请参阅AWS CLI 命令参考UpdateDocumentMetadata
中的。
-
以下代码示例演示如何使用 update-document。
- AWS CLI
-
创建文档的新版本
以下
update-document示例在 Windows 计算机上运行时创建文档的新版本。指定的文档--document必须采用JSON格式。请注意,必须先引用file://,后跟内容文件的路径。由于--document-version参数的开头有$,因此在 Windows 上,必须用双引号将该值括起来。在 Linux、macOS 上或 PowerShell 出现提示时,必须用单引号将值括起来。Windows 版本:
aws ssm update-document \ --name"RunShellScript"\ --content"file://RunShellScript.json"\ --document-version"$LATEST"Linux/Mac 版本:
aws ssm update-document \ --name"RunShellScript"\ --content"file://RunShellScript.json"\ --document-version '$LATEST'输出:
{ "DocumentDescription": { "Status": "Updating", "Hash": "f775e5df4904c6fa46686c4722fae9de1950dace25cd9608ff8d622046b68d9b", "Name": "RunShellScript", "Parameters": [ { "Type": "StringList", "Name": "commands", "Description": "(Required) Specify a shell script or a command to run." } ], "DocumentType": "Command", "PlatformTypes": [ "Linux" ], "DocumentVersion": "2", "HashType": "Sha256", "CreatedDate": 1487899655.152, "Owner": "809632081692", "SchemaVersion": "2.0", "DefaultVersion": "1", "LatestVersion": "2", "Description": "Run an updated script" } }-
有关API详细信息,请参阅AWS CLI 命令参考UpdateDocument
中的。
-
以下代码示例演示如何使用 update-maintenance-window-target。
- AWS CLI
-
更新维护时段目标
以下
update-maintenance-window-target示例仅更新维护时段目标的名称。aws ssm update-maintenance-window-target \ --window-id"mw-0c5ed765acEXAMPLE"\ --window-target-id"57e8344e-fe64-4023-8191-6bf05EXAMPLE"\ --name"NewName"\ --no-replace输出:
{ "Description": "", "OwnerInformation": "", "WindowTargetId": "57e8344e-fe64-4023-8191-6bf05EXAMPLE", "WindowId": "mw-0c5ed765acEXAMPLE", "Targets": [ { "Values": [ "i-1234567890EXAMPLE" ], "Key": "InstanceIds" } ], "Name": "NewName" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “更新维护窗口” (AWS CLI)。
-
有关API详细信息,请参阅AWS CLI 命令参考UpdateMaintenanceWindowTarget
中的。
-
以下代码示例演示如何使用 update-maintenance-window-task。
- AWS CLI
-
更新维护时段任务
以下
update-maintenance-window-task示例更新维护时段任务的服务角色。aws ssm update-maintenance-window-task \ --window-id"mw-0c5ed765acEXAMPLE"\ --window-task-id"23d3809e-9fbe-4ddf-b41a-b49d7EXAMPLE"\ --service-role-arn"arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM"输出:
{ "ServiceRoleArn": "arn:aws:iam::111222333444:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM", "MaxErrors": "1", "TaskArn": "AWS-UpdateEC2Config", "MaxConcurrency": "1", "WindowTaskId": "23d3809e-9fbe-4ddf-b41a-b49d7EXAMPLE", "TaskParameters": {}, "Priority": 1, "TaskInvocationParameters": { "RunCommand": { "TimeoutSeconds": 600, "Parameters": { "allowDowngrade": [ "false" ] } } }, "WindowId": "mw-0c5ed765acEXAMPLE", "Description": "UpdateEC2Config", "Targets": [ { "Values": [ "57e8344e-fe64-4023-8191-6bf05EXAMPLE" ], "Key": "WindowTargetIds" } ], "Name": "UpdateEC2Config" }有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “更新维护窗口” (AWS CLI)。
-
有关API详细信息,请参阅AWS CLI 命令参考UpdateMaintenanceWindowTask
中的。
-
以下代码示例演示如何使用 update-maintenance-window。
- AWS CLI
-
示例 1:更新维护时段
以下
update-maintenance-window示例更新了维护时段的名称。aws ssm update-maintenance-window \ --window-id"mw-1a2b3c4d5e6f7g8h9"\ --name"My-Renamed-MW"输出:
{ "Cutoff": 1, "Name": "My-Renamed-MW", "Schedule": "cron(0 16 ? * TUE *)", "Enabled": true, "AllowUnassociatedTargets": true, "WindowId": "mw-1a2b3c4d5e6f7g8h9", "Duration": 4 }示例 2:禁用维护时段
以下
update-maintenance-window示例禁用维护时段。aws ssm update-maintenance-window \ --window-id"mw-1a2b3c4d5e6f7g8h9"\ --no-enabled示例 3:启用维护时段
以下
update-maintenance-window示例启用维护时段。aws ssm update-maintenance-window \ --window-id"mw-1a2b3c4d5e6f7g8h9"\ --enabled有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “更新维护窗口” (AWS CLI)。
-
有关API详细信息,请参阅AWS CLI 命令参考UpdateMaintenanceWindow
中的。
-
以下代码示例演示如何使用 update-managed-instance-role。
- AWS CLI
-
更新托管实例的IAM角色
以下
update-managed-instance-role示例更新托管IAM实例的实例配置文件。aws ssm update-managed-instance-role \ --instance-id"mi-08ab247cdfEXAMPLE"\ --iam-role"ExampleRole"此命令不生成任何输出。
有关更多信息,请参阅《Systems Manager 用户指南》中的步骤 4:为 Syst AWS ems Manager 创建IAM实例配置文件。
-
有关API详细信息,请参阅AWS CLI 命令参考UpdateManagedInstanceRole
中的。
-
以下代码示例演示如何使用 update-ops-item。
- AWS CLI
-
要更新 OpsItem
以下
update-ops-item示例更新了的描述、优先级和类别 OpsItem。此外,该命令还指定一个SNS主题,当编辑或更改该主题时,通知将发送到该 OpsItem 主题。aws ssm update-ops-item \ --ops-item-id"oi-287b5EXAMPLE"\ --description"Primary OpsItem for failover event 2020-01-01-fh398yf"\ --priority2\ --category"Security"\ --notifications"Arn=arn:aws:sns:us-east-2:111222333444:my-us-east-2-topic"输出:
This command produces no output.有关更多信息,请参阅《S AWS ystems Manager 用户指南》 OpsItems中的 “使用”。
-
有关API详细信息,请参阅AWS CLI 命令参考UpdateOpsItem
中的。
-
以下代码示例演示如何使用 update-patch-baseline。
- AWS CLI
-
示例 1:更新补丁基准
以下
update-patch-baseline示例将指定的两个补丁(作为已拒绝的补丁)和一个补丁(作为已批准的补丁)添加到指定的补丁基准。aws ssm update-patch-baseline \ --baseline-id"pb-0123456789abcdef0"\ --rejected-patches"KB2032276""MS10-048"\ --approved-patches"KB2124261"输出:
{ "BaselineId": "pb-0123456789abcdef0", "Name": "WindowsPatching", "OperatingSystem": "WINDOWS", "GlobalFilters": { "PatchFilters": [] }, "ApprovalRules": { "PatchRules": [ { "PatchFilterGroup": { "PatchFilters": [ { "Key": "PRODUCT", "Values": [ "WindowsServer2016" ] } ] }, "ComplianceLevel": "CRITICAL", "ApproveAfterDays": 0, "EnableNonSecurity": false } ] }, "ApprovedPatches": [ "KB2124261" ], "ApprovedPatchesComplianceLevel": "UNSPECIFIED", "ApprovedPatchesEnableNonSecurity": false, "RejectedPatches": [ "KB2032276", "MS10-048" ], "RejectedPatchesAction": "ALLOW_AS_DEPENDENCY", "CreatedDate": 1550244180.465, "ModifiedDate": 1550244180.465, "Description": "Patches for Windows Servers", "Sources": [] }示例 2:重命名补丁基准
以下
update-patch-baseline示例重命名指定的补丁基准。aws ssm update-patch-baseline \ --baseline-id"pb-0713accee01234567"\ --name"Windows-Server-2012-R2-Important-and-Critical-Security-Updates"有关更多信息,请参阅 Systems Manager AWS 用户指南中的更新或删除补丁基准 < https://docs.aws.amazon.com/systems-manager/ latest/userguide/patch-baseline-update-or-delete .html>`__。
-
有关API详细信息,请参阅AWS CLI 命令参考UpdatePatchBaseline
中的。
-
以下代码示例演示如何使用 update-resource-data-sync。
- AWS CLI
-
更新资源数据同步
以下
update-resource-data-sync示例更新了 SyncFromSource 资源数据同步。aws ssm update-resource-data-sync \ --sync-nameexampleSync\ --sync-typeSyncFromSource\ --sync-source '{"SourceType":"SingleAccountMultiRegions", "SourceRegions":["us-east-1", "us-west-2"]}'此命令不生成任何输出。
有关更多信息,请参阅《S ystems Manager 用户指南》中的 “将 Syst AWS ems Manager Explorer 设置为显示来自多个账户和地区的数据”。
-
有关API详细信息,请参阅AWS CLI 命令参考UpdateResourceDataSync
中的。
-
以下代码示例演示如何使用 update-service-setting。
- AWS CLI
-
更新参数存储吞吐量的服务设置
以下
update-service-setting示例更新了指定区域中参数存储吞吐量的当前服务设置,以使用更高的吞吐量。aws ssm update-service-setting \ --setting-idarn:aws:ssm:us-east-1:123456789012:servicesetting/ssm/parameter-store/high-throughput-enabled\ --setting-valuetrue此命令不生成任何输出。
有关更多信息,请参阅《S AWS ystems Manager 用户指南》中的 “提高参数存储吞吐量”。
-
有关API详细信息,请参阅AWS CLI 命令参考UpdateServiceSetting
中的。
-
