AWS SSM Documents

SSM

Simple Server management. This is a feature offered by AWS that allows you to send commands to your instances to update them or install software. This feature can be used in a variety of usecases. Updating already running instances, installing missing software, etc. I have used these documents to creating custom AMIs that will bootstrap a certain base AMI and install whatever i want for my future AMIs. When the instance is installed i create a new AMI with updated features, updates, programs, settings etc.

Automation structures

The feature iv’e been looking mostly into is the automation document. This document is a JSON fil that describes how a certain flow will look like. When started, the document will automating each step in the flow.

Example
{
   "description":"Systems Manager Automation Demo - Patch and Create a New AMI",
   "schemaVersion":"0.3",
   "assumeRole":"the role ARN you created",
   "parameters":{
      "sourceAMIid":{
         "type":"String",
         "description":"AMI to patch"
      },
      "targetAMIname":{
         "type":"String",
         "description":"Name of new AMI",
         "default":"patchedAMI-{{global:DATE_TIME}}"
      }
   },
   "mainSteps":[
      {
         "name":"startInstances",
         "action":"aws:runInstances",
         "timeoutSeconds":1200,
         "maxAttempts":1,
         "onFailure":"Abort",
         "inputs":{
            "ImageId":"{{ sourceAMIid }}",
            "InstanceType":"m3.large",
            "MinInstanceCount":1,
            "MaxInstanceCount":1,
            "IamInstanceProfileName":"the name of the IAM role you created"
         }
      },
      {
         "name":"installMissingWindowsUpdates",
         "action":"aws:runCommand",
         "maxAttempts":1,
         "onFailure":"Continue",
         "inputs":{
            "DocumentName":"AWS-InstallMissingWindowsUpdates",
            "InstanceIds":[
               "{{ startInstances.InstanceIds }}"
            ],
            "Parameters":{
               "UpdateLevel":"Important"
            }
         }
      },
      {
         "name":"stopInstance",
         "action":"aws:changeInstanceState",
         "maxAttempts":1,
         "onFailure":"Continue",
         "inputs":{
            "InstanceIds":[
               "{{ startInstances.InstanceIds }}"
            ],
            "DesiredState":"stopped"
         }
      },
      {
         "name":"createImage",
         "action":"aws:createImage",
         "maxAttempts":1,
         "onFailure":"Continue",
         "inputs":{
            "InstanceId":"{{ startInstances.InstanceIds }}",
            "ImageName":"{{ targetAMIname }}",
            "NoReboot":true,
            "ImageDescription":"AMI created by EC2 Automation"
         }
      },
      {
         "name":"createTags",
         "action":"aws:createTags",
         "maxAttempts":1,
         "onFailure":"Continue",
         "inputs":[
            "ResourceType":"EC2",
            "ResourceIds":[
               "{{createImage.ImageId}}"
            ],
            "Tags":[
               {
                  "Key": "Generated By Automation",
                  "Value: "{{automation:EXECUTION_ID}}"
               },
               {
                  "Key": "From Source AMI",
                  "Value: "{{sourceAMIid}}"
               }
            ]
         }
      },
      {
         "name":"terminateInstance",
         "action":"aws:changeInstanceState",
         "maxAttempts":1,
         "onFailure":"Continue",
         "inputs":{
            "InstanceIds":[
               "{{ startInstances.InstanceIds }}"
            ],
            "DesiredState":"terminated"
         }
      }
   ],
   "outputs":[
      "createImage.ImageId"
   ]
}

Running scripts

creating instance

Caling a lambda function