name: amazonka-ssm version: 1.4.2 synopsis: Amazon Simple Systems Management Service SDK. homepage: https://github.com/brendanhay/amazonka bug-reports: https://github.com/brendanhay/amazonka/issues license: OtherLicense license-file: LICENSE author: Brendan Hay maintainer: Brendan Hay copyright: Copyright (c) 2013-2016 Brendan Hay category: Network, AWS, Cloud, Distributed Computing build-type: Simple cabal-version: >= 1.10 extra-source-files: README.md fixture/*.yaml fixture/*.proto description: Simple Systems Manager (SSM) enables you to remotely manage the configuration of your Amazon EC2 instance. Using SSM, you can run scripts or commands using either EC2 Run Command or SSM Config. (SSM Config is currently available only for Windows instances.) __Run Command__ Run Command provides an on-demand experience for executing commands. You can use pre-defined Amazon SSM documents to perform the actions listed later in this section, or you can create your own documents. With these documents, you can remotely configure your instances by sending commands using the __Commands__ page in the , , or the . Run Command reports the status of the command execution for each instance targeted by a command. You can also audit the command execution to understand who executed commands, when, and what changes were made. By switching between different SSM documents, you can quickly configure your instances with different types of commands. To get started with Run Command, verify that your environment meets the prerequisites for remotely running commands on EC2 instances ( or ). __SSM Config__ SSM Config is a lightweight instance configuration solution. SSM Config is currently only available for Windows instances. With SSM Config, you can specify a setup configuration for your instances. SSM Config is similar to EC2 User Data, which is another way of running one-time scripts or applying settings during instance launch. SSM Config is an extension of this capability. Using SSM documents, you can specify which actions the system should perform on your instances, including which applications to install, which AWS Directory Service directory to join, which Microsoft PowerShell modules to install, etc. If an instance is missing one or more of these configurations, the system makes those changes. By default, the system checks every five minutes to see if there is a new configuration to apply as defined in a new SSM document. If so, the system updates the instances accordingly. In this way, you can remotely maintain a consistent configuration baseline on your instances. SSM Config is available using the AWS CLI or the AWS Tools for Windows PowerShell. For more information, see . SSM Config and Run Command include the following pre-defined documents. Amazon Pre-defined SSM Documents Name Description Platform AWS-RunShellScript Run shell scripts Linux AWS-UpdateSSMAgent Update the Amazon SSM agent Linux AWS-JoinDirectoryServiceDomain Join an AWS Directory Windows AWS-RunPowerShellScript Run PowerShell commands or scripts Windows AWS-UpdateEC2Config Update the EC2Config service Windows AWS-ConfigureWindowsUpdate Configure Windows Update settings Windows AWS-InstallApplication Install, repair, or uninstall software using an MSI package Windows AWS-InstallPowerShellModule Install PowerShell modules Windows AWS-ConfigureCloudWatch Configure Amazon CloudWatch Logs to monitor applications and systems Windows The commands or scripts specified in SSM documents run with administrative privilege on your instances because the Amazon SSM agent runs as root on Linux and the EC2Config service runs in the Local System account on Windows. If a user has permission to execute any of the pre-defined SSM documents (any document that begins with AWS-*) then that user also has administrator access to the instance. Delegate access to SSM and Run Command judiciously. This becomes extremely important if you create your own SSM documents. Amazon Web Services does not provide guidance about how to create secure SSM documents. You create SSM documents and delegate access to Run Command at your own risk. As a security best practice, we recommend that you assign access to \"AWS-*\" documents, especially the AWS-RunShellScript document on Linux and the AWS-RunPowerShellScript document on Windows, to trusted administrators only. You can create SSM documents for specific tasks and delegate access to non-administrators. . The types from this library are intended to be used with , which provides mechanisms for specifying AuthN/AuthZ information and sending requests. . Use of lenses is required for constructing and manipulating types. This is due to the amount of nesting of AWS types and transparency regarding de/serialisation into more palatable Haskell values. The provided lenses should be compatible with any of the major lens libraries such as or . . See "Network.AWS.SSM" or to get started. source-repository head type: git location: git://github.com/brendanhay/amazonka.git library default-language: Haskell2010 hs-source-dirs: src gen ghc-options: -Wall exposed-modules: Network.AWS.SSM , Network.AWS.SSM.CancelCommand , Network.AWS.SSM.CreateAssociation , Network.AWS.SSM.CreateAssociationBatch , Network.AWS.SSM.CreateDocument , Network.AWS.SSM.DeleteAssociation , Network.AWS.SSM.DeleteDocument , Network.AWS.SSM.DescribeAssociation , Network.AWS.SSM.DescribeDocument , Network.AWS.SSM.DescribeInstanceInformation , Network.AWS.SSM.GetDocument , Network.AWS.SSM.ListAssociations , Network.AWS.SSM.ListCommandInvocations , Network.AWS.SSM.ListCommands , Network.AWS.SSM.ListDocuments , Network.AWS.SSM.SendCommand , Network.AWS.SSM.Types , Network.AWS.SSM.UpdateAssociationStatus , Network.AWS.SSM.Waiters other-modules: Network.AWS.SSM.Types.Product , Network.AWS.SSM.Types.Sum build-depends: amazonka-core == 1.4.2.* , base >= 4.7 && < 5 test-suite amazonka-ssm-test type: exitcode-stdio-1.0 default-language: Haskell2010 hs-source-dirs: test main-is: Main.hs ghc-options: -Wall -threaded -- This section is encoded by the template and any modules added by -- hand outside these namespaces will not correctly be added to the -- distribution package. other-modules: Test.AWS.SSM , Test.AWS.Gen.SSM , Test.AWS.SSM.Internal build-depends: amazonka-core == 1.4.2.* , amazonka-test == 1.4.2.* , amazonka-ssm == 1.4.2.* , base , bytestring , tasty , tasty-hunit , text , time , unordered-containers