使用命令行工具创建更改模板 - AWS Systems Manager

使用命令行工具创建更改模板

以下过程介绍了如何使用 AWS Command Line Interface (AWS CLI)(在 Linux、macOS 或 Windows 上)或 AWS Tools for Windows PowerShell 在 AWS Systems Manager 的功能 Change Manager 中创建更改请求。

创建更改模板

  1. 安装并配置 AWS Tools for PowerShell (AWS CLI)(如果尚未执行该操作)。

    有关信息,请参阅安装或更新 AWS CLI 的最新版本以及安装 AWS Tools for PowerShell

  2. 在本地计算机上使用 MyChangeTemplate.json 之类的名称创建一个 JSON 文件,然后将更改模板的内容粘贴到此文件中。

    注意

    更改模板使用架构 0.3 版本,该版本包含的支持与针对自动化运行手册的支持不完全相同。

    以下是示例。

    注意

    参数 minRequiredApprovals 用于指定对于使用此模板创建的更改请求,必须取得多少指定级别的审阅者批准。

    此示例演示了两个级别的批准。您可以指定最多五个级别的批准,但只需要一个级别。

    在第一级,每个更改请求必须取得指定用户“John-Doe”的批准。然后,该更改请求必须由 IAM 角色 Admin 的任意三个成员批准。

    有关批准更改模板的更多信息,请参阅 关于更改模板中的批准

    {
   "description": "This change template demonstrates the feature set available for creating
  change templates for Change Manager. This template starts a Runbook workflow
  for the Automation runbook called AWS-HelloWorld",
   "templateInformation": "### Document Name: HelloWorldChangeTemplate\n\n
    ## What does this document do?\n
    This change template demonstrates the feature set available for creating change templates for Change Manager. 
    This template starts a Runbook workflow for the Automation runbook called AWS-HelloWorld.\n\n
    ## Input Parameters\n* ApproverSnsTopicArn: (Required) Amazon Simple Notification Service ARN for approvers.\n
    * Approver: (Required) The name of the approver to send this request to.\n
    * ApproverType: (Required) The type of reviewer.  * Allowed Values: IamUser, IamGroup, IamRole, SSOGroup, SSOUser\n\n
    ## Output Parameters\nThis document has no outputs\n",
   "schemaVersion": "0.3",
   "parameters": {
      "ApproverSnsTopicArn": {
         "type": "String",
         "description": "Amazon Simple Notification Service ARN for approvers."
      },
      "Approver": {
         "type": "String",
         "description": "IAM approver"
      },
      "ApproverType": {
         "type": "String",
         "description": "Approver types for the request. Allowed values include IamUser, IamGroup, IamRole, SSOGroup, and SSOUser."
      }
   },
   "executableRunBooks": [
      {
         "name": "AWS-HelloWorld",
         "version": "1"
      }
   ],
   "emergencyChange": false,
   "autoApprovable": false,
   "mainSteps": [
      {
         "name": "ApproveAction1",
         "action": "aws:approve",
         "timeoutSeconds": 3600,
         "inputs": {
            "Message": "A sample change request has been submitted for your review in Change Manager. You can approve or reject this request.",
            "EnhancedApprovals": {
               "NotificationArn": "{{ ApproverSnsTopicArn }}",
               "Approvers": [
                  {
                     "approver": "John-Doe",
                     "type": "IamUser",
                     "minRequiredApprovals": 1
                  }
               ]
            }
         }
      },
        {
         "name": "ApproveAction2",
         "action": "aws:approve",
         "timeoutSeconds": 3600,
         "inputs": {
            "Message": "A sample change request has been submitted for your review in Change Manager. You can approve or reject this request.",
            "EnhancedApprovals": {
               "NotificationArn": "{{ ApproverSnsTopicArn }}",
               "Approvers": [
                  {
                     "approver": "Admin",
                     "type": "IamRole",
                     "minRequiredApprovals": 3                  
                  }
               ]
            }
         }
      }
   ]
}

  3. 运行以下命令创建更改模板。

    Linux & macOS
    aws ssm create-document \
    --name MyChangeTemplate \
    --document-format JSON \
    --document-type Automation.ChangeTemplate \
    --content file://MyChangeTemplate.json \
    --tags Key=tag-key,Value=tag-value
    Windows
    aws ssm create-document ^
    --name MyChangeTemplate ^
    --document-format JSON ^
    --document-type Automation.ChangeTemplate ^
    --content file://MyChangeTemplate.json ^
    --tags Key=tag-key,Value=tag-value
    PowerShell
    $json = Get-Content -Path "C:\path\to\file\MyChangeTemplate.json" | Out-String
New-SSMDocument `
    -Content $json `
    -Name "MyChangeTemplate" `
    -DocumentType "Automation.ChangeTemplate" `
    -Tags "Key=tag-key,Value=tag-value"

    有关可以指定的其他选项的信息,请参阅 create-document

    系统将返回类似于以下内容的信息。

    {
   "DocumentDescription":{
      "CreatedDate":1.585061751738E9,
      "DefaultVersion":"1",
      "Description":"Use this template to update an EC2 Linux AMI. Requires one
      approver specified in the template and an approver specified in the request.",
      "DocumentFormat":"JSON",
      "DocumentType":"Automation",
      "DocumentVersion":"1",
      "Hash":"0d3d879b3ca072e03c12638d0255ebd004d2c65bd318f8354fcde820dEXAMPLE",
      "HashType":"Sha256",
      "LatestVersion":"1",
      "Name":"MyChangeTemplate",
      "Owner":"123456789012",
      "Parameters":[
         {
            "DefaultValue":"",
            "Description":"Level one approvers",
            "Name":"LevelOneApprovers",
            "Type":"String"
         },
         {
            "DefaultValue":"",
            "Description":"Level one approver type",
            "Name":"LevelOneApproverType",
            "Type":"String"
         },
   "cloudWatchMonitors": {
      "monitors": [
         "my-cloudwatch-alarm"
      ]
   }
      ],
      "PlatformTypes":[
         "Windows",
         "Linux"
      ],
      "SchemaVersion":"0.3",
      "Status":"Creating",
      "Tags":[

      ]
   }
}

您的组织或账户内在 Change Manager 中的 Settings (设置) 选项卡上被指定为模板审核人员的用户,将收到新的更改模板正等待其审核的通知。

如果已为更改模板指定 Amazon Simple Notification Service (Amazon SNS) 主题,则当更改模板被拒绝或批准时,系统会发送通知。如果您没有收到与此更改模板相关的通知,可在稍后返回 Change Manager 以检查其状态。