SendCommand
Runs commands on one or more managed nodes.
Request Syntax
{
"AlarmConfiguration": {
"Alarms": [
{
"Name": "string
"
}
],
"IgnorePollAlarmFailure": boolean
},
"CloudWatchOutputConfig": {
"CloudWatchLogGroupName": "string
",
"CloudWatchOutputEnabled": boolean
},
"Comment": "string
",
"DocumentHash": "string
",
"DocumentHashType": "string
",
"DocumentName": "string
",
"DocumentVersion": "string
",
"InstanceIds": [ "string
" ],
"MaxConcurrency": "string
",
"MaxErrors": "string
",
"NotificationConfig": {
"NotificationArn": "string
",
"NotificationEvents": [ "string
" ],
"NotificationType": "string
"
},
"OutputS3BucketName": "string
",
"OutputS3KeyPrefix": "string
",
"OutputS3Region": "string
",
"Parameters": {
"string
" : [ "string
" ]
},
"ServiceRoleArn": "string
",
"Targets": [
{
"Key": "string
",
"Values": [ "string
" ]
}
],
"TimeoutSeconds": number
}
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
The request accepts the following data in JSON format.
- AlarmConfiguration
-
The CloudWatch alarm you want to apply to your command.
Type: AlarmConfiguration object
Required: No
- CloudWatchOutputConfig
-
Enables AWS Systems Manager to send Run Command output to Amazon CloudWatch Logs. Run Command is a capability of AWS Systems Manager.
Type: CloudWatchOutputConfig object
Required: No
- Comment
-
User-specified information about the command, such as a brief description of what the command should do.
Type: String
Length Constraints: Maximum length of 100.
Required: No
- DocumentHash
-
The Sha256 or Sha1 hash created by the system when the document was created.
Note
Sha1 hashes have been deprecated.
Type: String
Length Constraints: Maximum length of 256.
Required: No
- DocumentHashType
-
Sha256 or Sha1.
Note
Sha1 hashes have been deprecated.
Type: String
Valid Values:
Sha256 | Sha1
Required: No
- DocumentName
-
The name of the AWS Systems Manager document (SSM document) to run. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document Amazon Resource Name (ARN). For more information about how to use shared documents, see Sharing SSM documents in the AWS Systems Manager User Guide.
Note
If you specify a document name or ARN that hasn't been shared with your account, you receive an
InvalidDocument
error.Type: String
Pattern:
^[a-zA-Z0-9_\-.:/]{3,128}$
Required: Yes
- DocumentVersion
-
The SSM document version to use in the request. You can specify $DEFAULT, $LATEST, or a specific version number. If you run commands by using the AWS Command Line Interface (AWS CLI), then you must escape the first two options by using a backslash. If you specify a version number, then you don't need to use the backslash. For example:
--document-version "\$DEFAULT"
--document-version "\$LATEST"
--document-version "3"
Type: String
Pattern:
([$]LATEST|[$]DEFAULT|^[1-9][0-9]*$)
Required: No
- InstanceIds
-
The IDs of the managed nodes where the command should run. Specifying managed node IDs is most useful when you are targeting a limited number of managed nodes, though you can specify up to 50 IDs.
To target a larger number of managed nodes, or if you prefer not to list individual node IDs, we recommend using the
Targets
option instead. UsingTargets
, which accepts tag key-value pairs to identify the managed nodes to send commands to, you can a send command to tens, hundreds, or thousands of nodes at once.For more information about how to use targets, see Run commands at scale in the AWS Systems Manager User Guide.
Type: Array of strings
Array Members: Minimum number of 0 items. Maximum number of 50 items.
Pattern:
(^i-(\w{8}|\w{17})$)|(^mi-\w{17}$)
Required: No
- MaxConcurrency
-
(Optional) The maximum number of managed nodes that are allowed to run the command at the same time. You can specify a number such as 10 or a percentage such as 10%. The default value is
50
. For more information about how to useMaxConcurrency
, see Using concurrency controls in the AWS Systems Manager User Guide.Type: String
Length Constraints: Minimum length of 1. Maximum length of 7.
Pattern:
^([1-9][0-9]*|[1-9][0-9]%|[1-9]%|100%)$
Required: No
- MaxErrors
-
The maximum number of errors allowed without the command failing. When the command fails one more time beyond the value of
MaxErrors
, the systems stops sending the command to additional targets. You can specify a number like 10 or a percentage like 10%. The default value is0
. For more information about how to useMaxErrors
, see Using error controls in the AWS Systems Manager User Guide.Type: String
Length Constraints: Minimum length of 1. Maximum length of 7.
Pattern:
^([1-9][0-9]*|[0]|[1-9][0-9]%|[0-9]%|100%)$
Required: No
- NotificationConfig
-
Configurations for sending notifications.
Type: NotificationConfig object
Required: No
- OutputS3BucketName
-
The name of the S3 bucket where command execution responses should be stored.
Type: String
Length Constraints: Minimum length of 3. Maximum length of 63.
Required: No
- OutputS3KeyPrefix
-
The directory structure within the S3 bucket where the responses should be stored.
Type: String
Length Constraints: Maximum length of 500.
Required: No
- OutputS3Region
-
(Deprecated) You can no longer specify this parameter. The system ignores it. Instead, Systems Manager automatically determines the AWS Region of the S3 bucket.
Type: String
Length Constraints: Minimum length of 3. Maximum length of 20.
Required: No
- Parameters
-
The required and optional parameters specified in the document being run.
Type: String to array of strings map
Required: No
- ServiceRoleArn
-
The ARN of the AWS Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for Run Command commands.
This role must provide the
sns:Publish
permission for your notification topic. For information about creating and using this service role, see Monitoring Systems Manager status changes using Amazon SNS notifications in the AWS Systems Manager User Guide.Type: String
Required: No
- Targets
-
An array of search criteria that targets managed nodes using a
Key,Value
combination that you specify. Specifying targets is most useful when you want to send a command to a large number of managed nodes at once. UsingTargets
, which accepts tag key-value pairs to identify managed nodes, you can send a command to tens, hundreds, or thousands of nodes at once.To send a command to a smaller number of managed nodes, you can use the
InstanceIds
option instead.For more information about how to use targets, see Run commands at scale in the AWS Systems Manager User Guide.
Type: Array of Target objects
Array Members: Minimum number of 0 items. Maximum number of 5 items.
Required: No
- TimeoutSeconds
-
If this time is reached and the command hasn't already started running, it won't run.
Type: Integer
Valid Range: Minimum value of 30. Maximum value of 2592000.
Required: No
Response Syntax
{
"Command": {
"AlarmConfiguration": {
"Alarms": [
{
"Name": "string"
}
],
"IgnorePollAlarmFailure": boolean
},
"CloudWatchOutputConfig": {
"CloudWatchLogGroupName": "string",
"CloudWatchOutputEnabled": boolean
},
"CommandId": "string",
"Comment": "string",
"CompletedCount": number,
"DeliveryTimedOutCount": number,
"DocumentName": "string",
"DocumentVersion": "string",
"ErrorCount": number,
"ExpiresAfter": number,
"InstanceIds": [ "string" ],
"MaxConcurrency": "string",
"MaxErrors": "string",
"NotificationConfig": {
"NotificationArn": "string",
"NotificationEvents": [ "string" ],
"NotificationType": "string"
},
"OutputS3BucketName": "string",
"OutputS3KeyPrefix": "string",
"OutputS3Region": "string",
"Parameters": {
"string" : [ "string" ]
},
"RequestedDateTime": number,
"ServiceRole": "string",
"Status": "string",
"StatusDetails": "string",
"TargetCount": number,
"Targets": [
{
"Key": "string",
"Values": [ "string" ]
}
],
"TimeoutSeconds": number,
"TriggeredAlarms": [
{
"Name": "string",
"State": "string"
}
]
}
}
Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
Errors
For information about the errors that are common to all actions, see Common Errors.
- DuplicateInstanceId
-
You can't specify a managed node ID in more than one association.
HTTP Status Code: 400
- InternalServerError
-
An error occurred on the server side.
HTTP Status Code: 500
- InvalidDocument
-
The specified SSM document doesn't exist.
HTTP Status Code: 400
- InvalidDocumentVersion
-
The document version isn't valid or doesn't exist.
HTTP Status Code: 400
- InvalidInstanceId
-
The following problems can cause this exception:
-
You don't have permission to access the managed node.
-
AWS Systems Manager Agent (SSM Agent) isn't running. Verify that SSM Agent is running.
-
SSM Agent isn't registered with the SSM endpoint. Try reinstalling SSM Agent.
-
The managed node isn't in a valid state. Valid states are:
Running
,Pending
,Stopped
, andStopping
. Invalid states are:Shutting-down
andTerminated
.
HTTP Status Code: 400
-
- InvalidNotificationConfig
-
One or more configuration items isn't valid. Verify that a valid Amazon Resource Name (ARN) was provided for an Amazon Simple Notification Service topic.
HTTP Status Code: 400
- InvalidOutputFolder
-
The S3 bucket doesn't exist.
HTTP Status Code: 400
- InvalidParameters
-
You must specify values for all required parameters in the AWS Systems Manager document (SSM document). You can only supply values to parameters defined in the SSM document.
HTTP Status Code: 400
- InvalidRole
-
The role name can't contain invalid characters. Also verify that you specified an IAM role for notifications that includes the required trust policy. For information about configuring the IAM role for Run Command notifications, see Monitoring Systems Manager status changes using Amazon SNS notifications in the AWS Systems Manager User Guide.
HTTP Status Code: 400
- MaxDocumentSizeExceeded
-
The size limit of a document is 64 KB.
HTTP Status Code: 400
- UnsupportedPlatformType
-
The document doesn't support the platform type of the given managed node IDs. For example, you sent an document for a Windows managed node to a Linux node.
HTTP Status Code: 400
Examples
Example
This example illustrates one usage of SendCommand.
Sample Request
POST / HTTP/1.1
Host: ssm.us-east-2.amazonaws.com
Accept-Encoding: identity
X-Amz-Target: AmazonSSM.SendCommand
Content-Type: application/x-amz-json-1.1
User-Agent: aws-cli/2.0.0 Python/3.7.5 Windows/10 botocore/2.0.0dev4
X-Amz-Date: 20240221T000322Z
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20240221/us-east-2/ssm/aws4_request,
SignedHeaders=content-type;host;x-amz-date;x-amz-target, Signature=39c3b3042cd2aEXAMPLE
Content-Length: 153
{
"CloudWatchOutputConfig": {
"CloudWatchLogGroupName": "my-log-group",
"CloudWatchOutputEnabled": true
},
"DocumentName": "AWS-ConfigureCloudWatch",
"DocumentVersion": "1",
"InstanceIds": [
"i-07be1baa4aEXAMPLE",
"i-017431b35cEXAMPLE",
"i-09c350ed76EXAMPLE"
],
"MaxConcurrency": "2",
"MaxErrors": "1",
"NotificationConfig": {
"NotificationArn": "arn:aws:sns:us-east-2:111122223333:my-us-east-2-notification-arn",
"NotificationEvents": [
"Failed",
"Success"
],
"NotificationType": "Command"
},
"OutputS3BucketName": "amzn-s3-demo-bucket",
"OutputS3KeyPrefix": "my-prefix",
"OutputS3Region": "us-east-2",
"Parameters": {
"string": []
},
"TimeoutSeconds": 30
}
Sample Response
{
"Command": {
"CommandId": "b94bf1dc-fe7d-4e88-851d-e85e5EXAMPLE",
"DocumentName": "AWS-ConfigureCloudWatch",
"DocumentVersion": "1",
"Comment": "",
"ExpiresAfter": 1582250177.7,
"Parameters": {
"properties": [
""
],
"status": [
"Enabled"
]
},
"InstanceIds": [],
"Targets": [
{
"Key": "InstanceIds",
"Values": [
"i-07be1baa4aEXAMPLE",
"i-017431b35cEXAMPLE",
"i-09c350ed76EXAMPLE"
]
}
],
"RequestedDateTime": 1582245977.7,
"Status": "Pending",
"StatusDetails": "Pending",
"OutputS3BucketName": "amzn-s3-demo-bucket",
"OutputS3KeyPrefix": "my-prefix",
"MaxConcurrency": "2",
"MaxErrors": "1",
"TargetCount": 0,
"CompletedCount": 0,
"ErrorCount": 0,
"DeliveryTimedOutCount": 0,
"ServiceRole": "arn:aws:iam::111122223333:role/my-SNS-notifications-role",
"NotificationConfig": {
"NotificationArn": "arn:aws:sns:us-east-2:111122223333:my-us-east-2-notification-arn",
"NotificationEvents": [
"Failed",
"Success"
],
"NotificationType": "Command"
},
"CloudWatchOutputConfig": {
"CloudWatchLogGroupName": "my-log-group",
"CloudWatchOutputEnabled": true
}
}
}
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: