Initiates execution of an Automation document.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
start-automation-execution
--document-name <value>
[--document-version <value>]
[--parameters <value>]
[--client-token <value>]
[--mode <value>]
[--target-parameter-name <value>]
[--targets <value>]
[--target-maps <value>]
[--max-concurrency <value>]
[--max-errors <value>]
[--target-locations <value>]
[--tags <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--document-name
(string)
The name of the Systems Manager document to run. This can be a public document or a custom document. To run a shared document belonging to another account, specify the document ARN. For more information about how to use shared documents, see Using shared SSM documents in the AWS Systems Manager User Guide .
--document-version
(string)
The version of the Automation document to use for this execution.
--parameters
(map)
A key-value map of execution parameters, which match the declared parameters in the Automation document.
key -> (string)
value -> (list)
(string)
Shorthand Syntax:
KeyName1=string,string,KeyName2=string,string
JSON Syntax:
{"string": ["string", ...]
...}
--client-token
(string)
User-provided idempotency token. The token must be unique, is case insensitive, enforces the UUID format, and can’t be reused.
--mode
(string)
The execution mode of the automation. Valid modes include the following: Auto and Interactive. The default mode is Auto.
Possible values:
Auto
Interactive
--target-parameter-name
(string)
The name of the parameter used as the target resource for the rate-controlled execution. Required if you specify targets.
--targets
(list)
A key-value mapping to target resources. Required if you specify TargetParameterName.
(structure)
An array of search criteria that targets instances using a Key,Value combination that you specify.
Note
One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, AWS Lambda, and AWS Step Functions). For more information about running tasks that do not specify targets, see Registering maintenance window tasks without targets in the AWS Systems Manager User Guide .
Supported formats include the following.
``Key=InstanceIds,Values=*instance-id-1* ,*instance-id-2* ,*instance-id-3* ``
``Key=tag:my-tag-key ,Values=*my-tag-value-1* ,*my-tag-value-2* ``
``Key=tag-key,Values=*my-tag-key-1* ,*my-tag-key-2* ``
Run Command and Maintenance window targets only : ``Key=resource-groups:Name,Values=*resource-group-name* ``
Maintenance window targets only : ``Key=resource-groups:ResourceTypeFilters,Values=*resource-type-1* ,*resource-type-2* ``
Automation targets only : ``Key=ResourceGroup;Values=*resource-group-name* ``
For example:
Key=InstanceIds,Values=i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE,i-07782c72faEXAMPLE
Key=tag:CostCenter,Values=CostCenter1,CostCenter2,CostCenter3
Key=tag-key,Values=Name,Instance-Type,CostCenter
Run Command and Maintenance window targets only :
Key=resource-groups:Name,Values=ProductionResourceGroup
This example demonstrates how to target all resources in the resource group ProductionResourceGroup in your maintenance window.Maintenance window targets only : ``Key=resource-groups:ResourceTypeFilters,Values=*AWS::EC2::INSTANCE* ,*AWS::EC2::VPC* `` This example demonstrates how to target only EC2 instances and VPCs in your maintenance window.
Automation targets only :
Key=ResourceGroup,Values=MyResourceGroup
State Manager association targets only :
Key=InstanceIds,Values=*
This example demonstrates how to target all managed instances in the AWS Region where the association was created.For more information about how to send commands that target instances using
Key,Value
parameters, see Targeting multiple instances in the AWS Systems Manager User Guide .Key -> (string)
User-defined criteria for sending commands that target instances that meet the criteria.
Values -> (list)
User-defined criteria that maps to
Key
. For example, if you specifiedtag:ServerRole
, you could specifyvalue:WebServer
to run a command on instances that include EC2 tags ofServerRole,WebServer
.(string)
Shorthand Syntax:
Key=string,Values=string,string ...
JSON Syntax:
[
{
"Key": "string",
"Values": ["string", ...]
}
...
]
--target-maps
(list)
A key-value mapping of document parameters to target resources. Both Targets and TargetMaps cannot be specified together.
(map)
key -> (string)
value -> (list)
(string)
Shorthand Syntax:
KeyName1=string,string,KeyName2=string,string ...
JSON Syntax:
[
{"string": ["string", ...]
...}
...
]
--max-concurrency
(string)
The maximum number of targets allowed to run this task in parallel. You can specify a number, such as 10, or a percentage, such as 10%. The default value is 10.
--max-errors
(string)
The number of errors that are allowed before the system stops running the automation on additional targets. You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops running the automation when the fourth error is received. If you specify 0, then the system stops running the automation on additional targets after the first error result is returned. If you run an automation on 50 resources and set max-errors to 10%, then the system stops running the automation on additional targets when the sixth error is received.
Executions that are already running an automation when max-errors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won’t be more than max-errors failed executions, set max-concurrency to 1 so the executions proceed one at a time.
--target-locations
(list)
A location is a combination of AWS Regions and/or AWS accounts where you want to run the Automation. Use this action to start an Automation in multiple Regions and multiple accounts. For more information, see Running Automation workflows in multiple AWS Regions and accounts in the AWS Systems Manager User Guide .
(structure)
The combination of AWS Regions and accounts targeted by the current Automation execution.
Accounts -> (list)
The AWS accounts targeted by the current Automation execution.
(string)
Regions -> (list)
The AWS Regions targeted by the current Automation execution.
(string)
TargetLocationMaxConcurrency -> (string)
The maximum number of AWS accounts and AWS regions allowed to run the Automation concurrently.
TargetLocationMaxErrors -> (string)
The maximum number of errors allowed before the system stops queueing additional Automation executions for the currently running Automation.
ExecutionRoleName -> (string)
The Automation execution role used by the currently running Automation. If not specified, the default value is
AWS-SystemsManager-AutomationExecutionRole
.
Shorthand Syntax:
Accounts=string,string,Regions=string,string,TargetLocationMaxConcurrency=string,TargetLocationMaxErrors=string,ExecutionRoleName=string ...
JSON Syntax:
[
{
"Accounts": ["string", ...],
"Regions": ["string", ...],
"TargetLocationMaxConcurrency": "string",
"TargetLocationMaxErrors": "string",
"ExecutionRoleName": "string"
}
...
]
--tags
(list)
Optional metadata that you assign to a resource. You can specify a maximum of five tags for an automation. Tags enable you to categorize a resource in different ways, such as by purpose, owner, or environment. For example, you might want to tag an automation to identify an environment or operating system. In this case, you could specify the following key name/value pairs:
Key=environment,Value=test
Key=OS,Value=Windows
Note
To add tags to an existing patch baseline, use the AddTagsToResource action.
(structure)
Metadata that you assign to your AWS resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Systems Manager, you can apply tags to documents, managed instances, maintenance windows, Parameter Store parameters, and patch baselines.
Key -> (string)
The name of the tag.
Value -> (string)
The value of the tag.
Shorthand Syntax:
Key=string,Value=string ...
JSON Syntax:
[
{
"Key": "string",
"Value": "string"
}
...
]
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
Example 1: To execute an automation document
The following start-automation-execution
example runs an Automation document.
aws ssm start-automation-execution \
--document-name "AWS-UpdateLinuxAmi" \
--parameters "AutomationAssumeRole=arn:aws:iam::123456789012:role/SSMAutomationRole,SourceAmiId=ami-EXAMPLE,IamInstanceProfileName=EC2InstanceRole"
Output:
{
"AutomationExecutionId": "4105a4fc-f944-11e6-9d32-0a1b2EXAMPLE"
}
For more information, see Running an Automation Workflow Manually in the AWS Systems Manager User Guide.
Example 2: To run a shared automation document
The following start-automation-execution
example runs a shared Automation document.
aws ssm start-automation-execution \
--document-name "arn:aws:ssm:us-east-1:123456789012:document/ExampleDocument"
Output:
{
"AutomationExecutionId": "4105a4fc-f944-11e6-9d32-0a1b2EXAMPLE"
}
For more information, see Using shared SSM documents in the AWS Systems Manager User Guide.