associations
Creates, updates, deletes or gets an association resource or lists associations in a region
Overview
| Name | associations |
| Type | Resource |
| Description | The AWS::SSM::Association resource associates an SSM document in AWS Systems Manager with EC2 instances that contain a configuration agent to process the document. |
| Id | aws.ssm.associations |
Fields
| Name | Datatype | Description |
|---|---|---|
association_name | string | The name of the association. |
calendar_names | array | |
schedule_expression | string | A Cron or Rate expression that specifies when the association is applied to the target. |
max_errors | string | |
parameters | object | Parameter values that the SSM document uses at runtime. |
instance_id | string | The ID of the instance that the SSM document is associated with. |
wait_for_success_timeout_seconds | integer | |
max_concurrency | string | |
compliance_severity | string | |
targets | array | The targets that the SSM document sends commands to. |
sync_compliance | string | |
output_location | object | |
schedule_offset | integer | |
name | string | The name of the SSM document. |
apply_only_at_cron_interval | boolean | |
document_version | string | The version of the SSM document to associate with the target. |
association_id | string | Unique identifier of the association. |
automation_target_parameter_name | string | |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | Name, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all associations in a region.
SELECT
region,
association_name,
calendar_names,
schedule_expression,
max_errors,
parameters,
instance_id,
wait_for_success_timeout_seconds,
max_concurrency,
compliance_severity,
targets,
sync_compliance,
output_location,
schedule_offset,
name,
apply_only_at_cron_interval,
document_version,
association_id,
automation_target_parameter_name
FROM aws.ssm.associations
WHERE region = 'us-east-1';
Gets all properties from an individual association.
SELECT
region,
association_name,
calendar_names,
schedule_expression,
max_errors,
parameters,
instance_id,
wait_for_success_timeout_seconds,
max_concurrency,
compliance_severity,
targets,
sync_compliance,
output_location,
schedule_offset,
name,
apply_only_at_cron_interval,
document_version,
association_id,
automation_target_parameter_name
FROM aws.ssm.associations
WHERE region = 'us-east-1' AND data__Identifier = '<AssociationId>';
INSERT example
Use the following StackQL query and manifest file to create a new association resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.ssm.associations (
Name,
region
)
SELECT
'{{ Name }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.ssm.associations (
AssociationName,
CalendarNames,
ScheduleExpression,
MaxErrors,
Parameters,
InstanceId,
WaitForSuccessTimeoutSeconds,
MaxConcurrency,
ComplianceSeverity,
Targets,
SyncCompliance,
OutputLocation,
ScheduleOffset,
Name,
ApplyOnlyAtCronInterval,
DocumentVersion,
AutomationTargetParameterName,
region
)
SELECT
'{{ AssociationName }}',
'{{ CalendarNames }}',
'{{ ScheduleExpression }}',
'{{ MaxErrors }}',
'{{ Parameters }}',
'{{ InstanceId }}',
'{{ WaitForSuccessTimeoutSeconds }}',
'{{ MaxConcurrency }}',
'{{ ComplianceSeverity }}',
'{{ Targets }}',
'{{ SyncCompliance }}',
'{{ OutputLocation }}',
'{{ ScheduleOffset }}',
'{{ Name }}',
'{{ ApplyOnlyAtCronInterval }}',
'{{ DocumentVersion }}',
'{{ AutomationTargetParameterName }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: association
props:
- name: AssociationName
value: '{{ AssociationName }}'
- name: CalendarNames
value:
- '{{ CalendarNames[0] }}'
- name: ScheduleExpression
value: '{{ ScheduleExpression }}'
- name: MaxErrors
value: '{{ MaxErrors }}'
- name: Parameters
value: {}
- name: InstanceId
value: '{{ InstanceId }}'
- name: WaitForSuccessTimeoutSeconds
value: '{{ WaitForSuccessTimeoutSeconds }}'
- name: MaxConcurrency
value: '{{ MaxConcurrency }}'
- name: ComplianceSeverity
value: '{{ ComplianceSeverity }}'
- name: Targets
value:
- Values:
- '{{ Values[0] }}'
Key: '{{ Key }}'
- name: SyncCompliance
value: '{{ SyncCompliance }}'
- name: OutputLocation
value:
S3Location:
OutputS3KeyPrefix: '{{ OutputS3KeyPrefix }}'
OutputS3Region: '{{ OutputS3Region }}'
OutputS3BucketName: '{{ OutputS3BucketName }}'
- name: ScheduleOffset
value: '{{ ScheduleOffset }}'
- name: Name
value: '{{ Name }}'
- name: ApplyOnlyAtCronInterval
value: '{{ ApplyOnlyAtCronInterval }}'
- name: DocumentVersion
value: '{{ DocumentVersion }}'
- name: AutomationTargetParameterName
value: '{{ AutomationTargetParameterName }}'
DELETE example
/*+ delete */
DELETE FROM aws.ssm.associations
WHERE data__Identifier = '<AssociationId>'
AND region = 'us-east-1';
Permissions
To operate on the associations resource, the following permissions are required:
Read
ssm:DescribeAssociation,
resource-groups:GetGroupQuery,
resource-groups:ListGroups,
resource-groups:ListGroupResources
Create
ec2:DescribeInstanceStatus,
iam:PassRole,
iam:CreateServiceLinkedRole,
ssm:CreateAssociation,
ssm:DescribeAssociation,
ssm:GetCalendarState
Update
iam:PassRole,
ssm:UpdateAssociation,
ssm:GetCalendarState
List
ssm:ListAssociations
Delete
ssm:DeleteAssociation