forked from brendanhay/amazonka
-
Notifications
You must be signed in to change notification settings - Fork 0
/
amazonka-ssm.cabal
161 lines (124 loc) · 10.2 KB
/
amazonka-ssm.cabal
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
name: amazonka-ssm
version: 1.4.3
synopsis: Amazon Simple Systems Management Service SDK.
homepage: https://github.com/brendanhay/amazonka
bug-reports: https://github.com/brendanhay/amazonka/issues
license: OtherLicense
license-file: LICENSE
author: Brendan Hay
maintainer: Brendan Hay <[email protected]>
copyright: Copyright (c) 2013-2016 Brendan Hay
category: Network, AWS, Cloud, Distributed Computing
build-type: Simple
cabal-version: >= 1.10
extra-source-files: README.md fixture/*.yaml fixture/*.proto
description:
This is the Amazon EC2 Simple Systems Manager (SSM) API Reference. SSM enables you to remotely manage the configuration of your Amazon EC2 instances, virtual machines (VMs), or servers in your on-premises environment or in an environment provided by other cloud providers using scripts, commands, or the Amazon EC2 console. SSM includes an on-demand solution called /Amazon EC2 Run Command/ and a lightweight instance configuration solution called /SSM Config/.
This references is intended to be used with the EC2 Run Command User Guide for <http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/execute-remote-commands.html Linux> or <http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/execute-remote-commands.html Windows>.
You must register your on-premises servers and VMs through an activation process before you can configure them using Run Command. Registered servers and VMs are called /managed instances/. For more information, see <http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/managed-instances.html Setting Up Run Command On Managed Instances (On-Premises Servers and VMs) on Linux> or <http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/managed-instances.html Setting Up Run Command On Managed Instances (On-Premises Servers and VMs) on Windows>.
__Run Command__
Run Command provides an on-demand experience for executing commands. You can use pre-defined SSM documents to perform the actions listed later in this section, or you can create your own documents. With these documents, you can remotely configure your instances by sending commands using the __Commands__ page in the <http://console.aws.amazon.com/ec2/ Amazon EC2 console>, <http://docs.aws.amazon.com/powershell/latest/reference/items/Amazon_Simple_Systems_Management_cmdlets.html AWS Tools for Windows PowerShell>, the <http://docs.aws.amazon.com/cli/latest/reference/ssm/index.html AWS CLI>, or AWS SDKs.
Run Command reports the status of the command execution for each instance targeted by a command. You can also audit the command execution to understand who executed commands, when, and what changes were made. By switching between different SSM documents, you can quickly configure your instances with different types of commands. To get started with Run Command, verify that your environment meets the prerequisites for remotely running commands on EC2 instances (<http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/remote-commands-prereq.html Linux> or <http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/remote-commands-prereq.html Windows>).
__SSM Config__
SSM Config is a lightweight instance configuration solution. SSM Config is currently only available for Windows instances. With SSM Config, you can specify a setup configuration for your instances. SSM Config is similar to EC2 User Data, which is another way of running one-time scripts or applying settings during instance launch. SSM Config is an extension of this capability. Using SSM documents, you can specify which actions the system should perform on your instances, including which applications to install, which AWS Directory Service directory to join, which Microsoft PowerShell modules to install, etc. If an instance is missing one or more of these configurations, the system makes those changes. By default, the system checks every five minutes to see if there is a new configuration to apply as defined in a new SSM document. If so, the system updates the instances accordingly. In this way, you can remotely maintain a consistent configuration baseline on your instances. SSM Config is available using the AWS CLI or the AWS Tools for Windows PowerShell. For more information, see <http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ec2-configuration-manage.html Managing Windows Instance Configuration>.
SSM Config and Run Command include the following pre-defined documents.
__Linux__
- __AWS-RunShellScript__ to run shell scripts
- __AWS-UpdateSSMAgent__ to update the Amazon SSM agent
__Windows__
- __AWS-JoinDirectoryServiceDomain__ to join an AWS Directory
- __AWS-RunPowerShellScript__ to run PowerShell commands or scripts
- __AWS-UpdateEC2Config__ to update the EC2Config service
- __AWS-ConfigureWindowsUpdate__ to configure Windows Update settings
- __AWS-InstallApplication__ to install, repair, or uninstall software using an MSI package
- __AWS-InstallPowerShellModule__ to install PowerShell modules
- __AWS-ConfigureCloudWatch__ to configure Amazon CloudWatch Logs to monitor applications and systems
- __AWS-ListWindowsInventory__ to collect information about an EC2 instance running in Windows.
- __AWS-FindWindowsUpdates__ to scan an instance and determines which updates are missing.
- __AWS-InstallMissingWindowsUpdates__ to install missing updates on your EC2 instance.
- __AWS-InstallSpecificWindowsUpdates__ to install one or more specific updates.
The commands or scripts specified in SSM documents run with administrative privilege on your instances because the Amazon SSM agent runs as root on Linux and the EC2Config service runs in the Local System account on Windows. If a user has permission to execute any of the pre-defined SSM documents (any document that begins with AWS-*) then that user also has administrator access to the instance. Delegate access to Run Command and SSM Config judiciously. This becomes extremely important if you create your own SSM documents. Amazon Web Services does not provide guidance about how to create secure SSM documents. You create SSM documents and delegate access to Run Command at your own risk. As a security best practice, we recommend that you assign access to \"AWS-*\" documents, especially the AWS-RunShellScript document on Linux and the AWS-RunPowerShellScript document on Windows, to trusted administrators only. You can create SSM documents for specific tasks and delegate access to non-administrators.
For information about creating and sharing SSM documents, see the following topics in the SSM User Guide:
- <http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-ssm-doc.html Creating SSM Documents> and <http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ssm-sharing.html Sharing SSM Documents> (Linux)
- <http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/create-ssm-doc.html Creating SSM Documents> and <http://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ssm-sharing.html Sharing SSM Documents> (Windows)
.
The types from this library are intended to be used with
<http://hackage.haskell.org/package/amazonka amazonka>, which provides
mechanisms for specifying AuthN/AuthZ information and sending requests.
.
Use of lenses is required for constructing and manipulating types.
This is due to the amount of nesting of AWS types and transparency regarding
de/serialisation into more palatable Haskell values.
The provided lenses should be compatible with any of the major lens libraries
such as <http://hackage.haskell.org/package/lens lens> or
<http://hackage.haskell.org/package/lens-family-core lens-family-core>.
.
See "Network.AWS.SSM" or <https://aws.amazon.com/documentation/ the AWS Documentation>
to get started.
source-repository head
type: git
location: git://github.com/brendanhay/amazonka.git
library
default-language: Haskell2010
hs-source-dirs: src gen
ghc-options: -Wall
exposed-modules:
Network.AWS.SSM
, Network.AWS.SSM.AddTagsToResource
, Network.AWS.SSM.CancelCommand
, Network.AWS.SSM.CreateActivation
, Network.AWS.SSM.CreateAssociation
, Network.AWS.SSM.CreateAssociationBatch
, Network.AWS.SSM.CreateDocument
, Network.AWS.SSM.DeleteActivation
, Network.AWS.SSM.DeleteAssociation
, Network.AWS.SSM.DeleteDocument
, Network.AWS.SSM.DeregisterManagedInstance
, Network.AWS.SSM.DescribeActivations
, Network.AWS.SSM.DescribeAssociation
, Network.AWS.SSM.DescribeDocument
, Network.AWS.SSM.DescribeDocumentPermission
, Network.AWS.SSM.DescribeInstanceInformation
, Network.AWS.SSM.GetDocument
, Network.AWS.SSM.ListAssociations
, Network.AWS.SSM.ListCommandInvocations
, Network.AWS.SSM.ListCommands
, Network.AWS.SSM.ListDocuments
, Network.AWS.SSM.ListTagsForResource
, Network.AWS.SSM.ModifyDocumentPermission
, Network.AWS.SSM.RemoveTagsFromResource
, Network.AWS.SSM.SendCommand
, Network.AWS.SSM.Types
, Network.AWS.SSM.Types.Product
, Network.AWS.SSM.UpdateAssociationStatus
, Network.AWS.SSM.UpdateManagedInstanceRole
, Network.AWS.SSM.Waiters
other-modules:
Network.AWS.SSM.Types.Sum
build-depends:
amazonka-core == 1.4.3.*
, base >= 4.7 && < 5
test-suite amazonka-ssm-test
type: exitcode-stdio-1.0
default-language: Haskell2010
hs-source-dirs: test
main-is: Main.hs
ghc-options: -Wall -threaded
-- This section is encoded by the template and any modules added by
-- hand outside these namespaces will not correctly be added to the
-- distribution package.
other-modules:
Test.AWS.SSM
, Test.AWS.Gen.SSM
, Test.AWS.SSM.Internal
build-depends:
amazonka-core == 1.4.3.*
, amazonka-test == 1.4.3.*
, amazonka-ssm == 1.4.3.*
, base
, bytestring
, tasty
, tasty-hunit
, text
, time
, unordered-containers