Resource: awsSsmDocument

Provides an SSM Document resource

\~> NOTE on updating SSM documents: Only documents with a schema version of 2.0 or greater can update their content once created, see SSM Schema Features. To update a document with an older schema version you must recreate the resource. Not all document types support a schema version of 2.0 or greater. Refer to SSM document schema features and examples for information about which schema versions are supported for the respective documentType.

Example Usage

Create an ssm document in JSON format

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ssmDocument.SsmDocument(this, "foo", {
  content:
    '  {\n    "schemaVersion": "1.2",\n    "description": "Check ip configuration of a Linux instance.",\n    "parameters": {\n\n    },\n    "runtimeConfig": {\n      "aws:runShellScript": {\n        "properties": [\n          {\n            "id": "0.aws:runShellScript",\n            "runCommand": ["ifconfig"]\n          }\n        ]\n      }\n    }\n  }\n',
  documentType: "Command",
  name: "test_document",
});

Create an ssm document in YAML format

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.ssmDocument.SsmDocument(this, "foo", {
  content:
    "schemaVersion: '1.2'\ndescription: Check ip configuration of a Linux instance.\nparameters: {}\nruntimeConfig:\n  'aws:runShellScript':\n    properties:\n      - id: '0.aws:runShellScript'\n        runCommand:\n          - ifconfig\n",
  documentFormat: "YAML",
  documentType: "Command",
  name: "test_document",
});

Argument Reference

The following arguments are supported:

name - (Required) The name of the document.
attachmentsSource - (Optional) One or more configuration blocks describing attachments sources to a version of a document. Defined below.
content - (Required) The JSON or YAML content of the document.
documentFormat - (Optional, defaults to JSON) The format of the document. Valid document types include: json and yaml
documentType - (Required) The type of the document. Valid document types include: automation, command, package, policy, and session
permissions - (Optional) Additional Permissions to attach to the document. See Permissions below for details.
targetType - (Optional) The target type which defines the kinds of resources the document can run on. For example, /AWS::EC2::Instance. For a list of valid resource types, see AWS Resource Types Reference (http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html)
tags - (Optional) A map of tags to assign to the object. If configured with a provider defaultTags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
versionName - (Optional) A field specifying the version of the artifact you are creating with the document. For example, "Release 12, Update 6". This value is unique across all versions of a document and cannot be changed for an existing document version.

attachmentsSource

The attachmentsSource block supports the following:

key - (Required) The key describing the location of an attachment to a document. Valid key types include: sourceUrl and s3FileUrl
values - (Required) The value describing the location of an attachment to a document
name - (Optional) The name of the document attachment file

Attributes Reference

In addition to all arguments above, the following attributes are exported:

createdDate - The date the document was created.
description - The description of the document.
schemaVersion - The schema version of the document.
defaultVersion - The default version of the document.
documentVersion - The document version.
hash - The sha1 or sha256 of the document content
hashType - "Sha1" "Sha256". The hashing algorithm used when hashing the content.
latestVersion - The latest version of the document.
owner - The AWS user account of the person who created the document.
status - "Creating", "Active" or "Deleting". The current status of the document.
parameter - The parameters that are available to this document.
platformTypes - A list of OS platforms compatible with this SSM document, either "Windows" or "Linux".
tagsAll - A map of tags assigned to the resource, including those inherited from the provider defaultTags configuration block.

Permissions

The permissions attribute specifies how you want to share the document. If you share a document privately, you must specify the AWS user account IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.

The permissions mapping supports the following:

type - The permission type for the document. The permission type can be share.
accountIds - The AWS user accounts that should have access to the document. The account IDs can either be a group of account IDs or all.

Import

SSM Documents can be imported using the name, e.g.,

$ terraform import aws_ssm_document.example example

The attachmentsSource argument does not have an SSM API method for reading the attachment information detail after creation. If the argument is set in the Terraform configuration on an imported resource, Terraform will always show a difference. To workaround this behavior, either omit the argument from the Terraform configuration or use ignoreChanges to hide the difference, e.g.,

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsSsmDocumentTest = new aws.ssmDocument.SsmDocument(this, "test", {
  attachmentsSource: [
    {
      key: "SourceUrl",
      values: ["s3://${aws_s3_bucket.object_bucket.bucket}/test.zip"],
    },
  ],
  documentType: "Package",
  name: "test_document",
});
awsSsmDocumentTest.addOverride("lifecycle", [
  {
    ignore_changes: ["${attachments_source}"],
  },
]);