@aws-cdk/aws-ssm

constructor

constructor(scope: cdk.Construct, id: string, props: CfnAssociationProps);

• Create a new AWS::SSM::Association.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property applyOnlyAtCronInterval

applyOnlyAtCronInterval: any;

• By default, when you create a new association, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter is not supported for rate expressions.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-applyonlyatcroninterval

property associationName

associationName: string;

• Specify a descriptive name for the association.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-associationname

property attrAssociationId

readonly attrAssociationId: string;

• The association ID. AssociationId

property automationTargetParameterName

automationTargetParameterName: string;

• Choose the parameter that will define how your automation will branch out. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of AWS Systems Manager .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-automationtargetparametername

property calendarNames

calendarNames: string[];

• The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that Change Calendar is open. For more information, see [AWS Systems Manager Change Calendar](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar) .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-calendarnames

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property complianceSeverity

complianceSeverity: string;

• The severity level that is assigned to the association.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-complianceseverity

property documentVersion

documentVersion: string;

• The version of the SSM document to associate with the target.

  > Note the following important information. > > - State Manager doesn't support running associations that use a new version of a document if that document is shared from another account. State Manager always runs the default version of a document if shared from another account, even though the Systems Manager console shows that a new version was processed. If you want to run an association using a new version of a document shared form another account, you must set the document version to default . > - DocumentVersion is not valid for documents owned by AWS , such as AWS-RunPatchBaseline or AWS-UpdateSSMAgent . If you specify DocumentVersion for an AWS document, the system returns the following error: "Error occurred during operation 'CreateAssociation'." (RequestToken: , HandlerErrorCode: GeneralServiceException).

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-documentversion

property instanceId

instanceId: string;

• The ID of the instance that the SSM document is associated with. You must specify the InstanceId or Targets property.

  > InstanceId has been deprecated. To specify an instance ID for an association, use the Targets parameter. If you use the parameter InstanceId , you cannot use the parameters AssociationName , DocumentVersion , MaxErrors , MaxConcurrency , OutputLocation , or ScheduleExpression . To use these parameters, you must use the Targets parameter.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-instanceid

property maxConcurrency

maxConcurrency: string;

• The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.

  If a new managed node starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for MaxConcurrency .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-maxconcurrency

property maxErrors

maxErrors: string;

• The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set MaxError to 10%, then the system stops sending the request when the sixth error is received.

  Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-maxerrors

property name

name: string;

• The name of the SSM document that contains the configuration information for the instance. You can specify Command or Automation documents. The documents can be AWS -predefined documents, documents you created, or a document that is shared with you from another account. For SSM documents that are shared with you from other AWS accounts , you must specify the complete SSM document ARN, in the following format:

  arn:partition:ssm:region:account-id:document/document-name

  For example: arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document

  For AWS -predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS -ApplyPatchBaseline or My-Document .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-name

property outputLocation

outputLocation: any;

• An Amazon Simple Storage Service (Amazon S3) bucket where you want to store the output details of the request.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-outputlocation

property parameters

parameters: any;

• The parameters for the runtime configuration of the document.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-parameters

property scheduleExpression

scheduleExpression: string;

• A cron expression that specifies a schedule when the association runs. The schedule runs in Coordinated Universal Time (UTC).

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-scheduleexpression

property scheduleOffset

scheduleOffset: number;

• Number of days to wait after the scheduled day to run an association.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-scheduleoffset

property syncCompliance

syncCompliance: string;

• The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .

  In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API action. In this case, compliance data is not managed by State Manager. It is managed by your direct call to the PutComplianceItems API action.

  By default, all associations use AUTO mode.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-synccompliance

property targets

targets: any;

• The targets for the association. You must specify the InstanceId or Targets property. You can target all instances in an AWS account by specifying the InstanceIds key with a value of * . To view a JSON and a YAML example that targets all instances, see "Create an association for all managed instances in an AWS account " on the Examples page.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-targets

property waitForSuccessTimeoutSeconds

waitForSuccessTimeoutSeconds: number;

• The number of seconds the service should wait for the association status to show "Success" before proceeding with the stack execution. If the association status doesn't show "Success" after the specified number of seconds, then stack creation fails.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-waitforsuccesstimeoutseconds

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

constructor

constructor(scope: cdk.Construct, id: string, props: CfnDocumentProps);

• Create a new AWS::SSM::Document.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property attachments

attachments: any;

• A list of key-value pairs that describe attachments to a version of a document.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-attachments

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property content

content: any;

• The content for the new SSM document in JSON or YAML. For more information about the schemas for SSM document content, see [SSM document schema features and examples](https://docs.aws.amazon.com/systems-manager/latest/userguide/document-schemas-features.html) in the *AWS Systems Manager User Guide* .

  > This parameter also supports String data types.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-content

property documentFormat

documentFormat: string;

• Specify the document format for the request. JSON is the default format.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-documentformat

property documentType

documentType: string;

• The type of document to create.

  *Allowed Values* : ApplicationConfigurationSchema | Automation | Automation.ChangeTemplate | Command | DeploymentStrategy | Package | Policy | Session

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-documenttype

property name

name: string;

• A name for the SSM document.

  > You can't use the following strings as document name prefixes. These are reserved by AWS for use as document name prefixes: > > - aws > - amazon > - amzn

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-name

property requires

requires: any;

• A list of SSM documents required by a document. This parameter is used exclusively by AWS AppConfig . When a user creates an AWS AppConfig configuration in an SSM document, the user must also specify a required document for validation purposes. In this case, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document for validation purposes. For more information, see [What is AWS AppConfig ?](https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) in the *AWS AppConfig User Guide* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-requires

property tags

readonly tags: cdk.TagManager;

• AWS CloudFormation resource tags to apply to the document. Use tags to help you identify and categorize resources.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-tags

property targetType

targetType: string;

• Specify a target type to define the kinds of resources the document can run on. For example, to run a document on EC2 instances, specify the following value: /AWS::EC2::Instance . If you specify a value of '/' the document can run on all types of resources. If you don't specify a value, the document can't run on any resources. For a list of valid resource types, see [AWS resource and property types reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html) in the *AWS CloudFormation User Guide* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-targettype

property updateMethod

updateMethod: string;

• If the document resource you specify in your template already exists, this parameter determines whether a new version of the existing document is created, or the existing document is replaced. Replace is the default method. If you specify NewVersion for the UpdateMethod parameter, and the Name of the document does not match an existing resource, a new document is created. When you specify NewVersion , the default version of the document is changed to the newly created version.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-updatemethod

property versionName

versionName: string;

• An optional field specifying the version of the artifact you are creating with the document. For example, Release12.1 . This value is unique across all versions of a document, and can't be changed.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-versionname

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

constructor

constructor(scope: cdk.Construct, id: string, props: CfnMaintenanceWindowProps);

• Create a new AWS::SSM::MaintenanceWindow.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property allowUnassociatedTargets

allowUnassociatedTargets: any;

• Enables a maintenance window task to run on managed instances, even if you have not registered those instances as targets. If enabled, then you must specify the unregistered instances (by instance ID) when you register a task with the maintenance window.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-allowunassociatedtargets

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property cutoff

cutoff: number;

• The number of hours before the end of the maintenance window that AWS Systems Manager stops scheduling new tasks for execution.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-cutoff

property description

description: string;

• A description of the maintenance window.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-description

property duration

duration: number;

• The duration of the maintenance window in hours.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-duration

property endDate

endDate: string;

• The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-enddate

property name

name: string;

• The name of the maintenance window.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-name

property schedule

schedule: string;

• The schedule of the maintenance window in the form of a cron or rate expression.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-schedule

property scheduleOffset

scheduleOffset: number;

• The number of days to wait to run a maintenance window after the scheduled cron expression date and time.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-scheduleoffset

property scheduleTimezone

scheduleTimezone: string;

• The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-scheduletimezone

property startDate

startDate: string;

• The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. StartDate allows you to delay activation of the Maintenance Window until the specified future date.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-startdate

property tags

readonly tags: cdk.TagManager;

• Optional metadata that you assign to a resource in the form of an arbitrary set of tags (key-value pairs). Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a maintenance window to identify the type of tasks it will run, the types of targets, and the environment it will run in.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-tags

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

constructor

constructor(
    scope: cdk.Construct,
    id: string,
    props: CfnMaintenanceWindowTargetProps
);

• Create a new AWS::SSM::MaintenanceWindowTarget.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property description

description: string;

• A description for the target.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtarget.html#cfn-ssm-maintenancewindowtarget-description

property name

name: string;

• The name for the maintenance window target.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtarget.html#cfn-ssm-maintenancewindowtarget-name

property ownerInformation

ownerInformation: string;

• A user-provided value that will be included in any Amazon CloudWatch Events events that are raised while running tasks for these targets in this maintenance window.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtarget.html#cfn-ssm-maintenancewindowtarget-ownerinformation

property resourceType

resourceType: string;

• The type of target that is being registered with the maintenance window.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtarget.html#cfn-ssm-maintenancewindowtarget-resourcetype

property targets

targets: any;

• The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs.

  You must specify targets by using the WindowTargetIds parameter.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtarget.html#cfn-ssm-maintenancewindowtarget-targets

property windowId

windowId: string;

• The ID of the maintenance window to register the target with.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtarget.html#cfn-ssm-maintenancewindowtarget-windowid

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

constructor

constructor(
    scope: cdk.Construct,
    id: string,
    props: CfnMaintenanceWindowTaskProps
);

• Create a new AWS::SSM::MaintenanceWindowTask.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property cutoffBehavior

cutoffBehavior: string;

• The specification for whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-cutoffbehavior

property description

description: string;

• A description of the task.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-description

property loggingInfo

loggingInfo: any;

• Information about an Amazon S3 bucket to write Run Command task-level logs to.

  > LoggingInfo has been deprecated. To specify an Amazon S3 bucket to contain logs for Run Command tasks, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see [AWS ::SSM::MaintenanceWindowTask MaintenanceWindowRunCommandParameters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssm-maintenancewindowtask-maintenancewindowruncommandparameters.html) .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-logginginfo

property maxConcurrency

maxConcurrency: string;

• The maximum number of targets this task can be run for, in parallel.

  > Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a [targetless task](https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html) You must provide a value in all other cases. > > For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1 . This value doesn't affect the running of your task.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-maxconcurrency

property maxErrors

maxErrors: string;

• The maximum number of errors allowed before this task stops being scheduled.

  > Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a [targetless task](https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html) You must provide a value in all other cases. > > For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1 . This value doesn't affect the running of your task.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-maxerrors

property name

name: string;

• The task name.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-name

property priority

priority: number;

• The priority of the task in the maintenance window. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-priority

property serviceRoleArn

serviceRoleArn: string;

• The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-servicerolearn

property targets

targets: any;

• The targets, either instances or window target IDs.

  - Specify instances using Key=InstanceIds,Values= *instanceid1* , *instanceid2* . - Specify window target IDs using Key=WindowTargetIds,Values= *window-target-id-1* , *window-target-id-2* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-targets

property taskArn

taskArn: string;

• The resource that the task uses during execution.

  For RUN_COMMAND and AUTOMATION task types, TaskArn is the SSM document name or Amazon Resource Name (ARN).

  For LAMBDA tasks, TaskArn is the function name or ARN.

  For STEP_FUNCTIONS tasks, TaskArn is the state machine ARN.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-taskarn

property taskInvocationParameters

taskInvocationParameters: any;

• The parameters to pass to the task when it runs. Populate only the fields that match the task type. All other fields should be empty.

  > When you update a maintenance window task that has options specified in TaskInvocationParameters , you must provide again all the TaskInvocationParameters values that you want to retain. The values you do not specify again are removed. For example, suppose that when you registered a Run Command task, you specified TaskInvocationParameters values for Comment , NotificationConfig , and OutputS3BucketName . If you update the maintenance window task and specify only a different OutputS3BucketName value, the values for Comment and NotificationConfig are removed.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-taskinvocationparameters

property taskParameters

taskParameters: any;

• The parameters to pass to the task when it runs.

  > TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see [MaintenanceWindowTaskInvocationParameters](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_MaintenanceWindowTaskInvocationParameters.html) .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-taskparameters

property taskType

taskType: string;

• The type of task. Valid values: RUN_COMMAND , AUTOMATION , LAMBDA , STEP_FUNCTIONS .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-tasktype

property windowId

windowId: string;

• The ID of the maintenance window where the task is registered.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-windowid

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

constructor

constructor(scope: cdk.Construct, id: string, props: CfnParameterProps);

• Create a new AWS::SSM::Parameter.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property allowedPattern

allowedPattern: string;

• A regular expression used to validate the parameter value. For example, for String types with values restricted to numbers, you can specify the following: AllowedPattern=^\d+$

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-parameter.html#cfn-ssm-parameter-allowedpattern

property attrType

readonly attrType: string;

• Returns the type of the parameter. Valid values are String or StringList . Type

property attrValue

readonly attrValue: string;

• Returns the value of the parameter. Value

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property dataType

dataType: string;

• The data type of the parameter, such as text or aws:ec2:image . The default is text .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-parameter.html#cfn-ssm-parameter-datatype

property description

description: string;

• Information about the parameter.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-parameter.html#cfn-ssm-parameter-description

property name

name: string;

• The name of the parameter.

  > The maximum length constraint listed below includes capacity for additional system attributes that aren't part of the name. The maximum length for a parameter name, including the full length of the parameter ARN, is 1011 characters. For example, the length of the following parameter name is 65 characters, not 20 characters: arn:aws:ssm:us-east-2:111222333444:parameter/ExampleParameterName

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-parameter.html#cfn-ssm-parameter-name

property policies

policies: string;

• Information about the policies assigned to a parameter.

  [Assigning parameter policies](https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-policies.html) in the *AWS Systems Manager User Guide* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-parameter.html#cfn-ssm-parameter-policies

property tags

readonly tags: cdk.TagManager;

• Optional metadata that you assign to a resource in the form of an arbitrary set of tags (key-value pairs). Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a Systems Manager parameter to identify the type of resource to which it applies, the environment, or the type of configuration data referenced by the parameter.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-parameter.html#cfn-ssm-parameter-tags

property tier

tier: string;

• The parameter tier.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-parameter.html#cfn-ssm-parameter-tier

property type

type: string;

• The type of parameter.

  > AWS CloudFormation doesn't support creating a SecureString parameter type.

  *Allowed Values* : String | StringList

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-parameter.html#cfn-ssm-parameter-type

property value

value: string;

• The parameter value.

  > If type is StringList , the system returns a comma-separated string with no spaces between commas in the Value field.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-parameter.html#cfn-ssm-parameter-value

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

constructor

constructor(scope: cdk.Construct, id: string, props: CfnPatchBaselineProps);

• Create a new AWS::SSM::PatchBaseline.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property approvalRules

approvalRules: any;

• A set of rules used to include patches in the baseline.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-approvalrules

property approvedPatches

approvedPatches: string[];

• A list of explicitly approved patches for the baseline.

  For information about accepted formats for lists of approved patches and rejected patches, see [About package name formats for approved and rejected patch lists](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) in the *AWS Systems Manager User Guide* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-approvedpatches

property approvedPatchesComplianceLevel

approvedPatchesComplianceLevel: string;

• Defines the compliance level for approved patches. When an approved patch is reported as missing, this value describes the severity of the compliance violation. The default value is UNSPECIFIED .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-approvedpatchescompliancelevel

property approvedPatchesEnableNonSecurity

approvedPatchesEnableNonSecurity: any;

• Indicates whether the list of approved patches includes non-security updates that should be applied to the managed nodes. The default value is false . Applies to Linux managed nodes only.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-approvedpatchesenablenonsecurity

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property description

description: string;

• A description of the patch baseline.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-description

property globalFilters

globalFilters: any;

• A set of global filters used to include patches in the baseline.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-globalfilters

property name

name: string;

• The name of the patch baseline.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-name

property operatingSystem

operatingSystem: string;

• Defines the operating system the patch baseline applies to. The default value is WINDOWS .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-operatingsystem

property patchGroups

patchGroups: string[];

• The name of the patch group to be registered with the patch baseline.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-patchgroups

property rejectedPatches

rejectedPatches: string[];

• A list of explicitly rejected patches for the baseline.

  For information about accepted formats for lists of approved patches and rejected patches, see [About package name formats for approved and rejected patch lists](https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html) in the *AWS Systems Manager User Guide* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-rejectedpatches

property rejectedPatchesAction

rejectedPatchesAction: string;

• The action for Patch Manager to take on patches included in the RejectedPackages list.

  - *ALLOW_AS_DEPENDENCY* : A package in the Rejected patches list is installed only if it is a dependency of another package. It is considered compliant with the patch baseline, and its status is reported as InstalledOther . This is the default action if no option is specified. - *BLOCK* : Packages in the RejectedPatches list, and packages that include them as dependencies, aren't installed under any circumstances. If a package was installed before it was added to the Rejected patches list, it is considered non-compliant with the patch baseline, and its status is reported as InstalledRejected .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-rejectedpatchesaction

property sources

sources: any;

• Information about the patches to use to update the managed nodes, including target operating systems and source repositories. Applies to Linux managed nodes only.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-sources

property tags

readonly tags: cdk.TagManager;

• Optional metadata that you assign to a resource. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a patch baseline to identify the severity level of patches it specifies and the operating system family it applies to.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-patchbaseline.html#cfn-ssm-patchbaseline-tags

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

constructor

constructor(scope: cdk.Construct, id: string, props: CfnResourceDataSyncProps);

• Create a new AWS::SSM::ResourceDataSync.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property attrSyncName

readonly attrSyncName: string;

• The name of the resource data sync. SyncName

property bucketName

bucketName: string;

• The name of the S3 bucket where the aggregated data is stored.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-resourcedatasync.html#cfn-ssm-resourcedatasync-bucketname

property bucketPrefix

bucketPrefix: string;

• An Amazon S3 prefix for the bucket.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-resourcedatasync.html#cfn-ssm-resourcedatasync-bucketprefix

property bucketRegion

bucketRegion: string;

• The AWS Region with the S3 bucket targeted by the resource data sync.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-resourcedatasync.html#cfn-ssm-resourcedatasync-bucketregion

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property kmsKeyArn

kmsKeyArn: string;

• The ARN of an encryption key for a destination in Amazon S3 . You can use a KMS key to encrypt inventory data in Amazon S3 . You must specify a key that exist in the same region as the destination Amazon S3 bucket.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-resourcedatasync.html#cfn-ssm-resourcedatasync-kmskeyarn

property s3Destination

s3Destination: any;

• Configuration information for the target S3 bucket.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-resourcedatasync.html#cfn-ssm-resourcedatasync-s3destination

property syncFormat

syncFormat: string;

• A supported sync format. The following format is currently supported: JsonSerDe

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-resourcedatasync.html#cfn-ssm-resourcedatasync-syncformat

property syncName

syncName: string;

• A name for the resource data sync.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-resourcedatasync.html#cfn-ssm-resourcedatasync-syncname

property syncSource

syncSource: any;

• Information about the source where the data was synchronized.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-resourcedatasync.html#cfn-ssm-resourcedatasync-syncsource

property syncType

syncType: string;

• The type of resource data sync. If SyncType is SyncToDestination , then the resource data sync synchronizes data to an S3 bucket. If the SyncType is SyncFromSource then the resource data sync synchronizes data from AWS Organizations or from multiple AWS Regions .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-resourcedatasync.html#cfn-ssm-resourcedatasync-synctype

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

constructor

constructor(scope: cdk.Construct, id: string, props: CfnResourcePolicyProps);

• Create a new AWS::SSM::ResourcePolicy.

  Parameter scope

  scope in which this resource is defined

  Parameter id

  scoped id of the resource

  Parameter props

  resource properties

property attrPolicyHash

readonly attrPolicyHash: string;

• ID of the current policy version. The hash helps to prevent a situation where multiple users attempt to overwrite a policy. You must provide this hash and the policy ID when updating or deleting a policy. PolicyHash

property attrPolicyId

readonly attrPolicyId: string;

• ID of the current policy version. PolicyId

property CFN_RESOURCE_TYPE_NAME

static readonly CFN_RESOURCE_TYPE_NAME: string;

• The CloudFormation resource type name for this resource class.

property cfnProperties

readonly cfnProperties: { [key: string]: any };

property policy

policy: any;

• A policy you want to associate with a resource.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-resourcepolicy.html#cfn-ssm-resourcepolicy-policy

property resourceArn

resourceArn: string;

• Amazon Resource Name (ARN) of the resource to which you want to attach a policy.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-resourcepolicy.html#cfn-ssm-resourcepolicy-resourcearn

method inspect

inspect: (inspector: cdk.TreeInspector) => void;

• Examines the CloudFormation resource and discloses attributes.

  Parameter inspector

  tree inspector to collect and process attributes

method renderProperties

protected renderProperties: (props: { [key: string]: any }) => {
    [key: string]: any;
};

constructor

constructor(scope: Construct, id: string, props: StringListParameterProps);

property parameterArn

readonly parameterArn: string;

property parameterName

readonly parameterName: string;

property parameterType

readonly parameterType: string;

property stringListValue

readonly stringListValue: string[];

method fromStringListParameterName

static fromStringListParameterName: (
    scope: Construct,
    id: string,
    stringListParameterName: string
) => IStringListParameter;

• Imports an external parameter of type string list. Returns a token and should not be parsed.

constructor

constructor(scope: Construct, id: string, props: StringParameterProps);

property parameterArn

readonly parameterArn: string;

property parameterName

readonly parameterName: string;

property parameterType

readonly parameterType: string;

property stringValue

readonly stringValue: string;

method fromSecureStringParameterAttributes

static fromSecureStringParameterAttributes: (
    scope: Construct,
    id: string,
    attrs: SecureStringParameterAttributes
) => IStringParameter;

• Imports a secure string parameter from the SSM parameter store.

method fromStringParameterAttributes

static fromStringParameterAttributes: (
    scope: Construct,
    id: string,
    attrs: StringParameterAttributes
) => IStringParameter;

• Imports an external string parameter with name and optional version.

method fromStringParameterName

static fromStringParameterName: (
    scope: Construct,
    id: string,
    stringParameterName: string
) => IStringParameter;

• Imports an external string parameter by name.

method valueForSecureStringParameter

static valueForSecureStringParameter: (
    scope: Construct,
    parameterName: string,
    version: number
) => string;

• Returns a token that will resolve (during deployment)

  Parameter scope

  Some scope within a stack

  Parameter parameterName

  The name of the SSM parameter

  Parameter version

  The parameter version (required for secure strings)

  Deprecated

  Use SecretValue.ssmSecure() instead, it will correctly type the imported value as a SecretValue and allow importing without version.

method valueForStringParameter

static valueForStringParameter: (
    scope: Construct,
    parameterName: string,
    version?: number
) => string;

• Returns a token that will resolve (during deployment) to the string value of an SSM string parameter.

  Parameter scope

  Some scope within a stack

  Parameter parameterName

  The name of the SSM parameter.

  Parameter version

  The parameter version (recommended in order to ensure that the value won't change during deployment)

method valueForTypedStringParameter

static valueForTypedStringParameter: (
    scope: Construct,
    parameterName: string,
    type?: ParameterType,
    version?: number
) => string;

• Returns a token that will resolve (during deployment) to the string value of an SSM string parameter.

  Parameter scope

  Some scope within a stack

  Parameter parameterName

  The name of the SSM parameter.

  Parameter type

  The type of the SSM parameter.

  Parameter version

  The parameter version (recommended in order to ensure that the value won't change during deployment)

method valueFromLookup

static valueFromLookup: (
    scope: CompatConstruct,
    parameterName: string
) => string;

• Reads the value of an SSM parameter during synthesis through an environmental context provider.

  Requires that the stack this scope is defined in will have explicit account/region information. Otherwise, it will fail during synthesis.

property applyOnlyAtCronInterval

readonly applyOnlyAtCronInterval?: boolean | cdk.IResolvable;

• By default, when you create a new association, the system runs it immediately after it is created and then according to the schedule you specified. Specify this option if you don't want an association to run immediately after you create it. This parameter is not supported for rate expressions.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-applyonlyatcroninterval

property associationName

readonly associationName?: string;

• Specify a descriptive name for the association.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-associationname

property automationTargetParameterName

readonly automationTargetParameterName?: string;

• Choose the parameter that will define how your automation will branch out. This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of AWS Systems Manager .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-automationtargetparametername

property calendarNames

readonly calendarNames?: string[];

• The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under. The associations only run when that Change Calendar is open. For more information, see [AWS Systems Manager Change Calendar](https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-change-calendar) .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-calendarnames

property complianceSeverity

readonly complianceSeverity?: string;

• The severity level that is assigned to the association.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-complianceseverity

property documentVersion

readonly documentVersion?: string;

• The version of the SSM document to associate with the target.

  > Note the following important information. > > - State Manager doesn't support running associations that use a new version of a document if that document is shared from another account. State Manager always runs the default version of a document if shared from another account, even though the Systems Manager console shows that a new version was processed. If you want to run an association using a new version of a document shared form another account, you must set the document version to default . > - DocumentVersion is not valid for documents owned by AWS , such as AWS-RunPatchBaseline or AWS-UpdateSSMAgent . If you specify DocumentVersion for an AWS document, the system returns the following error: "Error occurred during operation 'CreateAssociation'." (RequestToken: , HandlerErrorCode: GeneralServiceException).

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-documentversion

property instanceId

readonly instanceId?: string;

• The ID of the instance that the SSM document is associated with. You must specify the InstanceId or Targets property.

  > InstanceId has been deprecated. To specify an instance ID for an association, use the Targets parameter. If you use the parameter InstanceId , you cannot use the parameters AssociationName , DocumentVersion , MaxErrors , MaxConcurrency , OutputLocation , or ScheduleExpression . To use these parameters, you must use the Targets parameter.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-instanceid

property maxConcurrency

readonly maxConcurrency?: string;

• The maximum number of targets allowed to run the association at the same time. You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.

  If a new managed node starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for MaxConcurrency .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-maxconcurrency

property maxErrors

readonly maxErrors?: string;

• The number of errors that are allowed before the system stops sending requests to run the association on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set MaxError to 10%, then the system stops sending the request when the sixth error is received.

  Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-maxerrors

property name

readonly name: string;

• The name of the SSM document that contains the configuration information for the instance. You can specify Command or Automation documents. The documents can be AWS -predefined documents, documents you created, or a document that is shared with you from another account. For SSM documents that are shared with you from other AWS accounts , you must specify the complete SSM document ARN, in the following format:

  arn:partition:ssm:region:account-id:document/document-name

  For example: arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document

  For AWS -predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS -ApplyPatchBaseline or My-Document .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-name

property outputLocation

readonly outputLocation?:
    | CfnAssociation.InstanceAssociationOutputLocationProperty
    | cdk.IResolvable;

• An Amazon Simple Storage Service (Amazon S3) bucket where you want to store the output details of the request.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-outputlocation

property parameters

readonly parameters?: any | cdk.IResolvable;

• The parameters for the runtime configuration of the document.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-parameters

property scheduleExpression

readonly scheduleExpression?: string;

• A cron expression that specifies a schedule when the association runs. The schedule runs in Coordinated Universal Time (UTC).

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-scheduleexpression

property scheduleOffset

readonly scheduleOffset?: number;

• Number of days to wait after the scheduled day to run an association.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-scheduleoffset

property syncCompliance

readonly syncCompliance?: string;

• The mode for generating association compliance. You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .

  In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API action. In this case, compliance data is not managed by State Manager. It is managed by your direct call to the PutComplianceItems API action.

  By default, all associations use AUTO mode.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-synccompliance

property targets

readonly targets?:
    | Array<CfnAssociation.TargetProperty | cdk.IResolvable>
    | cdk.IResolvable;

• The targets for the association. You must specify the InstanceId or Targets property. You can target all instances in an AWS account by specifying the InstanceIds key with a value of * . To view a JSON and a YAML example that targets all instances, see "Create an association for all managed instances in an AWS account " on the Examples page.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-targets

property waitForSuccessTimeoutSeconds

readonly waitForSuccessTimeoutSeconds?: number;

• The number of seconds the service should wait for the association status to show "Success" before proceeding with the stack execution. If the association status doesn't show "Success" after the specified number of seconds, then stack creation fails.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html#cfn-ssm-association-waitforsuccesstimeoutseconds

property attachments

readonly attachments?:
    | Array<CfnDocument.AttachmentsSourceProperty | cdk.IResolvable>
    | cdk.IResolvable;

• A list of key-value pairs that describe attachments to a version of a document.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-attachments

property content

readonly content: any | cdk.IResolvable;

• The content for the new SSM document in JSON or YAML. For more information about the schemas for SSM document content, see [SSM document schema features and examples](https://docs.aws.amazon.com/systems-manager/latest/userguide/document-schemas-features.html) in the *AWS Systems Manager User Guide* .

  > This parameter also supports String data types.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-content

property documentFormat

readonly documentFormat?: string;

• Specify the document format for the request. JSON is the default format.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-documentformat

property documentType

readonly documentType?: string;

• The type of document to create.

  *Allowed Values* : ApplicationConfigurationSchema | Automation | Automation.ChangeTemplate | Command | DeploymentStrategy | Package | Policy | Session

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-documenttype

property name

readonly name?: string;

• A name for the SSM document.

  > You can't use the following strings as document name prefixes. These are reserved by AWS for use as document name prefixes: > > - aws > - amazon > - amzn

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-name

property requires

readonly requires?:
    | Array<CfnDocument.DocumentRequiresProperty | cdk.IResolvable>
    | cdk.IResolvable;

• A list of SSM documents required by a document. This parameter is used exclusively by AWS AppConfig . When a user creates an AWS AppConfig configuration in an SSM document, the user must also specify a required document for validation purposes. In this case, an ApplicationConfiguration document requires an ApplicationConfigurationSchema document for validation purposes. For more information, see [What is AWS AppConfig ?](https://docs.aws.amazon.com/appconfig/latest/userguide/what-is-appconfig.html) in the *AWS AppConfig User Guide* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-requires

property tags

readonly tags?: cdk.CfnTag[];

• AWS CloudFormation resource tags to apply to the document. Use tags to help you identify and categorize resources.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-tags

property targetType

readonly targetType?: string;

• Specify a target type to define the kinds of resources the document can run on. For example, to run a document on EC2 instances, specify the following value: /AWS::EC2::Instance . If you specify a value of '/' the document can run on all types of resources. If you don't specify a value, the document can't run on any resources. For a list of valid resource types, see [AWS resource and property types reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-template-resource-type-ref.html) in the *AWS CloudFormation User Guide* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-targettype

property updateMethod

readonly updateMethod?: string;

• If the document resource you specify in your template already exists, this parameter determines whether a new version of the existing document is created, or the existing document is replaced. Replace is the default method. If you specify NewVersion for the UpdateMethod parameter, and the Name of the document does not match an existing resource, a new document is created. When you specify NewVersion , the default version of the document is changed to the newly created version.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-updatemethod

property versionName

readonly versionName?: string;

• An optional field specifying the version of the artifact you are creating with the document. For example, Release12.1 . This value is unique across all versions of a document, and can't be changed.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-document.html#cfn-ssm-document-versionname

property allowUnassociatedTargets

readonly allowUnassociatedTargets: boolean | cdk.IResolvable;

• Enables a maintenance window task to run on managed instances, even if you have not registered those instances as targets. If enabled, then you must specify the unregistered instances (by instance ID) when you register a task with the maintenance window.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-allowunassociatedtargets

property cutoff

readonly cutoff: number;

• The number of hours before the end of the maintenance window that AWS Systems Manager stops scheduling new tasks for execution.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-cutoff

property description

readonly description?: string;

• A description of the maintenance window.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-description

property duration

readonly duration: number;

• The duration of the maintenance window in hours.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-duration

property endDate

readonly endDate?: string;

• The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become inactive.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-enddate

property name

readonly name: string;

• The name of the maintenance window.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-name

property schedule

readonly schedule: string;

• The schedule of the maintenance window in the form of a cron or rate expression.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-schedule

property scheduleOffset

readonly scheduleOffset?: number;

• The number of days to wait to run a maintenance window after the scheduled cron expression date and time.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-scheduleoffset

property scheduleTimezone

readonly scheduleTimezone?: string;

• The time zone that the scheduled maintenance window executions are based on, in Internet Assigned Numbers Authority (IANA) format.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-scheduletimezone

property startDate

readonly startDate?: string;

• The date and time, in ISO-8601 Extended format, for when the maintenance window is scheduled to become active. StartDate allows you to delay activation of the Maintenance Window until the specified future date.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-startdate

property tags

readonly tags?: cdk.CfnTag[];

• Optional metadata that you assign to a resource in the form of an arbitrary set of tags (key-value pairs). Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag a maintenance window to identify the type of tasks it will run, the types of targets, and the environment it will run in.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindow.html#cfn-ssm-maintenancewindow-tags

property description

readonly description?: string;

• A description for the target.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtarget.html#cfn-ssm-maintenancewindowtarget-description

property name

readonly name?: string;

• The name for the maintenance window target.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtarget.html#cfn-ssm-maintenancewindowtarget-name

property ownerInformation

readonly ownerInformation?: string;

• A user-provided value that will be included in any Amazon CloudWatch Events events that are raised while running tasks for these targets in this maintenance window.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtarget.html#cfn-ssm-maintenancewindowtarget-ownerinformation

property resourceType

readonly resourceType: string;

• The type of target that is being registered with the maintenance window.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtarget.html#cfn-ssm-maintenancewindowtarget-resourcetype

property targets

readonly targets:
    | Array<CfnMaintenanceWindowTarget.TargetsProperty | cdk.IResolvable>
    | cdk.IResolvable;

• The targets to register with the maintenance window. In other words, the instances to run commands on when the maintenance window runs.

  You must specify targets by using the WindowTargetIds parameter.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtarget.html#cfn-ssm-maintenancewindowtarget-targets

property windowId

readonly windowId: string;

• The ID of the maintenance window to register the target with.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtarget.html#cfn-ssm-maintenancewindowtarget-windowid

property cutoffBehavior

readonly cutoffBehavior?: string;

• The specification for whether tasks should continue to run after the cutoff time specified in the maintenance windows is reached.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-cutoffbehavior

property description

readonly description?: string;

• A description of the task.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-description

property loggingInfo

readonly loggingInfo?:
    | CfnMaintenanceWindowTask.LoggingInfoProperty
    | cdk.IResolvable;

• Information about an Amazon S3 bucket to write Run Command task-level logs to.

  > LoggingInfo has been deprecated. To specify an Amazon S3 bucket to contain logs for Run Command tasks, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see [AWS ::SSM::MaintenanceWindowTask MaintenanceWindowRunCommandParameters](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ssm-maintenancewindowtask-maintenancewindowruncommandparameters.html) .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-logginginfo

property maxConcurrency

readonly maxConcurrency?: string;

• The maximum number of targets this task can be run for, in parallel.

  > Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a [targetless task](https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html) You must provide a value in all other cases. > > For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1 . This value doesn't affect the running of your task.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-maxconcurrency

property maxErrors

readonly maxErrors?: string;

• The maximum number of errors allowed before this task stops being scheduled.

  > Although this element is listed as "Required: No", a value can be omitted only when you are registering or updating a [targetless task](https://docs.aws.amazon.com/systems-manager/latest/userguide/maintenance-windows-targetless-tasks.html) You must provide a value in all other cases. > > For maintenance window tasks without a target specified, you can't supply a value for this option. Instead, the system inserts a placeholder value of 1 . This value doesn't affect the running of your task.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-maxerrors

property name

readonly name?: string;

• The task name.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-name

property priority

readonly priority: number;

• The priority of the task in the maintenance window. The lower the number, the higher the priority. Tasks that have the same priority are scheduled in parallel.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-priority

property serviceRoleArn

readonly serviceRoleArn?: string;

• The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-servicerolearn

property targets

readonly targets?:
    | Array<CfnMaintenanceWindowTask.TargetProperty | cdk.IResolvable>
    | cdk.IResolvable;

• The targets, either instances or window target IDs.

  - Specify instances using Key=InstanceIds,Values= *instanceid1* , *instanceid2* . - Specify window target IDs using Key=WindowTargetIds,Values= *window-target-id-1* , *window-target-id-2* .

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-targets

property taskArn

readonly taskArn: string;

• The resource that the task uses during execution.

  For RUN_COMMAND and AUTOMATION task types, TaskArn is the SSM document name or Amazon Resource Name (ARN).

  For LAMBDA tasks, TaskArn is the function name or ARN.

  For STEP_FUNCTIONS tasks, TaskArn is the state machine ARN.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-taskarn

property taskInvocationParameters

readonly taskInvocationParameters?:
    | CfnMaintenanceWindowTask.TaskInvocationParametersProperty
    | cdk.IResolvable;

• The parameters to pass to the task when it runs. Populate only the fields that match the task type. All other fields should be empty.

  > When you update a maintenance window task that has options specified in TaskInvocationParameters , you must provide again all the TaskInvocationParameters values that you want to retain. The values you do not specify again are removed. For example, suppose that when you registered a Run Command task, you specified TaskInvocationParameters values for Comment , NotificationConfig , and OutputS3BucketName . If you update the maintenance window task and specify only a different OutputS3BucketName value, the values for Comment and NotificationConfig are removed.

  http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-maintenancewindowtask.html#cfn-ssm-maintenancewindowtask-taskinvocationparameters

property taskParameters

readonly taskParameters?: any | cdk.IResolvable;