[ aws . ssm ]

register-task-with-maintenance-window

Description

Adds a new task to a maintenance window.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  register-task-with-maintenance-window
--window-id <value>
[--targets <value>]
--task-arn <value>
[--service-role-arn <value>]
--task-type <value>
[--task-parameters <value>]
[--task-invocation-parameters <value>]
[--priority <value>]
[--max-concurrency <value>]
[--max-errors <value>]
[--logging-info <value>]
[--name <value>]
[--description <value>]
[--client-token <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--window-id (string)

The ID of the maintenance window the task should be added to.

--targets (list)

The targets (either instances or maintenance window targets).

Note

One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, AWS Lambda, and AWS Step Functions). For more information about running tasks that do not specify targets, see Registering maintenance window tasks without targets in the AWS Systems Manager User Guide .

Specify instances using the following format:

Key=InstanceIds,Values=<instance-id-1>,<instance-id-2>

Specify maintenance window targets using the following format:

Key=WindowTargetIds,Values=<window-target-id-1>,<window-target-id-2>

(structure)

An array of search criteria that targets instances using a Key,Value combination that you specify.

Note

One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, AWS Lambda, and AWS Step Functions). For more information about running tasks that do not specify targets, see Registering maintenance window tasks without targets in the AWS Systems Manager User Guide .

Supported formats include the following.

  • ``Key=InstanceIds,Values=*instance-id-1* ,*instance-id-2* ,*instance-id-3* ``

  • ``Key=tag:my-tag-key ,Values=*my-tag-value-1* ,*my-tag-value-2* ``

  • ``Key=tag-key,Values=*my-tag-key-1* ,*my-tag-key-2* ``

  • Run Command and Maintenance window targets only : ``Key=resource-groups:Name,Values=*resource-group-name* ``

  • Maintenance window targets only : ``Key=resource-groups:ResourceTypeFilters,Values=*resource-type-1* ,*resource-type-2* ``

  • Automation targets only : ``Key=ResourceGroup;Values=*resource-group-name* ``

For example:

  • Key=InstanceIds,Values=i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE,i-07782c72faEXAMPLE

  • Key=tag:CostCenter,Values=CostCenter1,CostCenter2,CostCenter3

  • Key=tag-key,Values=Name,Instance-Type,CostCenter

  • Run Command and Maintenance window targets only : Key=resource-groups:Name,Values=ProductionResourceGroup This example demonstrates how to target all resources in the resource group ProductionResourceGroup in your maintenance window.

  • Maintenance window targets only : ``Key=resource-groups:ResourceTypeFilters,Values=*AWS::EC2::INSTANCE* ,*AWS::EC2::VPC* `` This example demonstrates how to target only EC2 instances and VPCs in your maintenance window.

  • Automation targets only : Key=ResourceGroup,Values=MyResourceGroup

  • State Manager association targets only : Key=InstanceIds,Values=* This example demonstrates how to target all managed instances in the AWS Region where the association was created.

For more information about how to send commands that target instances using Key,Value parameters, see Targeting multiple instances in the AWS Systems Manager User Guide .

Key -> (string)

User-defined criteria for sending commands that target instances that meet the criteria.

Values -> (list)

User-defined criteria that maps to Key . For example, if you specified tag:ServerRole , you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer .

(string)

Shorthand Syntax:

Key=string,Values=string,string ...

JSON Syntax:

[
  {
    "Key": "string",
    "Values": ["string", ...]
  }
  ...
]

--task-arn (string)

The ARN of the task to run.

--service-role-arn (string)

The ARN of the IAM service role for Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses your account’s service-linked role. If no service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow .

For more information, see the following topics in the in the AWS Systems Manager User Guide :

--task-type (string)

The type of task being registered.

Possible values:

  • RUN_COMMAND

  • AUTOMATION

  • STEP_FUNCTIONS

  • LAMBDA

--task-parameters (map)

The parameters that should be passed to the task when it is run.

Note

TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .

key -> (string)

value -> (structure)

Defines the values for a task parameter.

Values -> (list)

This field contains an array of 0 or more strings, each 1 to 255 characters in length.

(string)

Shorthand Syntax:

KeyName1=Values=string,string,KeyName2=Values=string,string

JSON Syntax:

{"string": {
      "Values": ["string", ...]
    }
  ...}

--task-invocation-parameters (structure)

The parameters that the task should use during execution. Populate only the fields that match the task type. All other fields should be empty.

RunCommand -> (structure)

The parameters for a RUN_COMMAND task type.

Comment -> (string)

Information about the commands to run.

CloudWatchOutputConfig -> (structure)

Configuration options for sending command output to CloudWatch Logs.

CloudWatchLogGroupName -> (string)

The name of the CloudWatch log group where you want to send command output. If you don’t specify a group name, Systems Manager automatically creates a log group for you. The log group uses the following naming format: aws/ssm/SystemsManagerDocumentName .

CloudWatchOutputEnabled -> (boolean)

Enables Systems Manager to send command output to CloudWatch Logs.

DocumentHash -> (string)

The SHA-256 or SHA-1 hash created by the system when the document was created. SHA-1 hashes have been deprecated.

DocumentHashType -> (string)

SHA-256 or SHA-1. SHA-1 hashes have been deprecated.

DocumentVersion -> (string)

The SSM document version to use in the request. You can specify $DEFAULT, $LATEST, or a specific version number. If you run commands by using the AWS CLI, then you must escape the first two options by using a backslash. If you specify a version number, then you don’t need to use the backslash. For example:

—document-version “$DEFAULT”

–document-version “$LATEST”

—document-version “3”

NotificationConfig -> (structure)

Configurations for sending notifications about command status changes on a per-instance basis.

NotificationArn -> (string)

An Amazon Resource Name (ARN) for an Amazon Simple Notification Service (Amazon SNS) topic. Run Command pushes notifications about command status changes to this topic.

NotificationEvents -> (list)

The different events for which you can receive notifications. These events include the following: All (events), InProgress, Success, TimedOut, Cancelled, Failed. To learn more about these events, see Monitoring Systems Manager status changes using Amazon SNS notifications in the AWS Systems Manager User Guide .

(string)

NotificationType -> (string)

Command: Receive notification when the status of a command changes. Invocation: For commands sent to multiple instances, receive notification on a per-instance basis when the status of a command changes.

OutputS3BucketName -> (string)

The name of the S3 bucket.

OutputS3KeyPrefix -> (string)

The S3 bucket subfolder.

Parameters -> (map)

The parameters for the RUN_COMMAND task execution.

key -> (string)

value -> (list)

(string)

ServiceRoleArn -> (string)

The ARN of the IAM service role to use to publish Amazon Simple Notification Service (Amazon SNS) notifications for maintenance window Run Command tasks.

TimeoutSeconds -> (integer)

If this time is reached and the command has not already started running, it doesn’t run.

Automation -> (structure)

The parameters for an AUTOMATION task type.

DocumentVersion -> (string)

The version of an Automation document to use during task execution.

Parameters -> (map)

The parameters for the AUTOMATION task.

For information about specifying and updating task parameters, see RegisterTaskWithMaintenanceWindow and UpdateMaintenanceWindowTask .

Note

LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .

TaskParameters has been deprecated. To specify parameters to pass to a task when it runs, instead use the Parameters option in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .

For AUTOMATION task types, Systems Manager ignores any values specified for these parameters.

key -> (string)

value -> (list)

(string)

StepFunctions -> (structure)

The parameters for a STEP_FUNCTIONS task type.

Input -> (string)

The inputs for the STEP_FUNCTIONS task.

Name -> (string)

The name of the STEP_FUNCTIONS task.

Lambda -> (structure)

The parameters for a LAMBDA task type.

ClientContext -> (string)

Pass client-specific information to the Lambda function that you are invoking. You can then process the client information in your Lambda function as you choose through the context variable.

Qualifier -> (string)

(Optional) Specify a Lambda function version or alias name. If you specify a function version, the action uses the qualified function ARN to invoke a specific Lambda function. If you specify an alias name, the action uses the alias ARN to invoke the Lambda function version to which the alias points.

Payload -> (blob)

JSON to provide to your Lambda function as input.

JSON Syntax:

{
  "RunCommand": {
    "Comment": "string",
    "CloudWatchOutputConfig": {
      "CloudWatchLogGroupName": "string",
      "CloudWatchOutputEnabled": true|false
    },
    "DocumentHash": "string",
    "DocumentHashType": "Sha256"|"Sha1",
    "DocumentVersion": "string",
    "NotificationConfig": {
      "NotificationArn": "string",
      "NotificationEvents": ["All"|"InProgress"|"Success"|"TimedOut"|"Cancelled"|"Failed", ...],
      "NotificationType": "Command"|"Invocation"
    },
    "OutputS3BucketName": "string",
    "OutputS3KeyPrefix": "string",
    "Parameters": {"string": ["string", ...]
      ...},
    "ServiceRoleArn": "string",
    "TimeoutSeconds": integer
  },
  "Automation": {
    "DocumentVersion": "string",
    "Parameters": {"string": ["string", ...]
      ...}
  },
  "StepFunctions": {
    "Input": "string",
    "Name": "string"
  },
  "Lambda": {
    "ClientContext": "string",
    "Qualifier": "string",
    "Payload": blob
  }
}

--priority (integer)

The priority of the task in the maintenance window, the lower the number the higher the priority. Tasks in a maintenance window are scheduled in priority order with tasks that have the same priority scheduled in parallel.

--max-concurrency (string)

The maximum number of targets this task can be run for in parallel.

Note

For maintenance window tasks without a target specified, you cannot supply a value for this option. Instead, the system inserts a placeholder value of 1 . This value does not affect the running of your task.

--max-errors (string)

The maximum number of errors allowed before this task stops being scheduled.

Note

For maintenance window tasks without a target specified, you cannot supply a value for this option. Instead, the system inserts a placeholder value of 1 . This value does not affect the running of your task.

--logging-info (structure)

A structure containing information about an S3 bucket to write instance-level logs to.

Note

LoggingInfo has been deprecated. To specify an S3 bucket to contain logs, instead use the OutputS3BucketName and OutputS3KeyPrefix options in the TaskInvocationParameters structure. For information about how Systems Manager handles these options for the supported maintenance window task types, see MaintenanceWindowTaskInvocationParameters .

S3BucketName -> (string)

The name of an S3 bucket where execution logs are stored .

S3KeyPrefix -> (string)

(Optional) The S3 bucket subfolder.

S3Region -> (string)

The Region where the S3 bucket is located.

Shorthand Syntax:

S3BucketName=string,S3KeyPrefix=string,S3Region=string

JSON Syntax:

{
  "S3BucketName": "string",
  "S3KeyPrefix": "string",
  "S3Region": "string"
}

--name (string)

An optional name for the task.

--description (string)

An optional description for the task.

--client-token (string)

User-provided idempotency token.

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Examples

Example 1: To register an Automation task with a maintenance window

The following register-task-with-maintenance-window example registers an Automation task with a maintenance window that is targeted at an instance.

aws ssm register-task-with-maintenance-window \
    --cli-binary-format raw-in-base64-out \
    --window-id "mw-082dcd7649EXAMPLE" \
    --targets Key=InstanceIds,Values=i-1234520122EXAMPLE \
    --task-arn AWS-RestartEC2Instance \
    --service-role-arn arn:aws:iam::111222333444:role/SSM --task-type AUTOMATION \
    --task-invocation-parameters "{\"Automation\":{\"DocumentVersion\":\"\$LATEST\",\"Parameters\":{\"InstanceId\":[\"{{RESOURCE_ID}}\"]}}}" \
    --priority 0 \
    --max-concurrency 1 \
    --max-errors 1 \
    --name "AutomationExample" \
    --description "Restarting EC2 Instance for maintenance"

Output:

{
    "WindowTaskId":"11144444-5555-6666-7777-88888888"
}

For more information, see Register a Task with the Maintenance Window (AWS CLI) in the AWS Systems Manager User Guide.

Example 2: To register a Lambda task with a Maintenance Window

The following register-task-with-maintenance-window example registers a Lambda task with a Maintenance Window that is targeted at an instance.

aws ssm register-task-with-maintenance-window \
    --cli-binary-format raw-in-base64-out \
    --window-id "mw-082dcd7649dee04e4" \
    --targets Key=InstanceIds,Values=i-12344d305eEXAMPLE \
    --task-arn arn:aws:lambda:us-east-1:111222333444:function:SSMTestLAMBDA \
    --service-role-arn arn:aws:iam::111222333444:role/SSM \
    --task-type LAMBDA \
    --task-invocation-parameters '{"Lambda":{"Payload":"{\"InstanceId\":\"{{RESOURCE_ID}}\",\"targetType\":\"{{TARGET_TYPE}}\"}","Qualifier":"$LATEST"}}' \
    --priority 0 \
    --max-concurrency 10 \
    --max-errors 5 \
    --name "Lambda_Example" \
    --description "My Lambda Example"

Output:

{
    "WindowTaskId":"22244444-5555-6666-7777-88888888"
}

For more information, see Register a Task with the Maintenance Window (AWS CLI) in the AWS Systems Manager User Guide.

Example 3: To register a Run Command task with a maintenance window

The following register-task-with-maintenance-window example registers a Run Command task with a maintenance window that is targeted at an instance.

aws ssm register-task-with-maintenance-window \
    --cli-binary-format raw-in-base64-out \
    --window-id "mw-082dcd7649dee04e4" \
    --targets "Key=InstanceIds,Values=i-12344d305eEXAMPLE" \
    --service-role-arn "arn:aws:iam::111222333444:role/SSM" \
    --task-type "RUN_COMMAND" \
    --name "SSMInstallPowerShellModule" \
    --task-arn "AWS-InstallPowerShellModule" \
    --task-invocation-parameters "{\"RunCommand\":{\"Comment\":\"\",\"OutputS3BucketName\":\"runcommandlogs\",\"Parameters\":{\"commands\":[\"Get-Module -ListAvailable\"],\"executionTimeout\":[\"3600\"],\"source\":[\"https:\/\/gallery.technet.microsoft.com\/EZOut-33ae0fb7\/file\/110351\/1\/EZOut.zip\"],\"workingDirectory\":[\"\\\\\"]},\"TimeoutSeconds\":600}}" \
    --max-concurrency 1 \
    --max-errors 1 \
    --priority 10

Output:

{
    "WindowTaskId":"33344444-5555-6666-7777-88888888"
}

For more information, see Register a Task with the Maintenance Window (AWS CLI) in the AWS Systems Manager User Guide.

Example 4: To register a Step Functions task with a maintenance window

The following register-task-with-maintenance-window example registers a Step Functions task with a maintenance window that is targeted at an instance.

aws ssm register-task-with-maintenance-window \
    --cli-binary-format raw-in-base64-out \
    --window-id "mw-1234d787d6EXAMPLE" \
    --targets Key=WindowTargetIds,Values=12347414-69c3-49f8-95b8-ed2dcEXAMPLE \
    --task-arn arn:aws:states:us-east-1:111222333444:stateMachine:SSMTestStateMachine \
    --service-role-arn arn:aws:iam::111222333444:role/MaintenanceWindows \
    --task-type STEP_FUNCTIONS \
    --task-invocation-parameters '{"StepFunctions":{"Input":"{\"InstanceId\":\"{{RESOURCE_ID}}\"}"}}' \
    --priority 0 \
    --max-concurrency 10 \
    --max-errors 5 \
    --name "Step_Functions_Example" \
    --description "My Step Functions Example"

Output:

{
    "WindowTaskId":"44444444-5555-6666-7777-88888888"
}

For more information, see Register a Task with the Maintenance Window (AWS CLI) in the AWS Systems Manager User Guide.

Example 5: To register a task using a maintenance windows target ID

The following register-task-with-maintenance-window example registers a task using a maintenance window target ID. The maintenance window target ID was in the output of the aws ssm register-target-with-maintenance-window command. You can also retrieve it from the output of the aws ssm describe-maintenance-window-targets command.

aws ssm register-task-with-maintenance-window \
    --cli-binary-format raw-in-base64-out \
    --targets "Key=WindowTargetIds,Values=350d44e6-28cc-44e2-951f-4b2c9EXAMPLE" \
    --task-arn "AWS-RunShellScript" \
    --service-role-arn "arn:aws:iam::111222333444:role/MaintenanceWindowsRole" \
    --window-id "mw-ab12cd34eEXAMPLE" \
    --task-type "RUN_COMMAND" \
    --task-parameters  "{\"commands\":{\"Values\":[\"df\"]}}" \
    --max-concurrency 1 \
    --max-errors 1 \
    --priority 10

Output:

{
    "WindowTaskId":"33344444-5555-6666-7777-88888888"
}

For more information, see Register a Task with the Maintenance Window (AWS CLI) in the AWS Systems Manager User Guide.

Output

WindowTaskId -> (string)

The ID of the task in the maintenance window.