Skip to main content

associations

Creates, updates, deletes or gets an association resource or lists associations in a region

Overview

Nameassociations
TypeResource
DescriptionThe AWS::SSM::Association resource associates an SSM document in AWS Systems Manager with EC2 instances that contain a configuration agent to process the document.
Idawscc.ssm.associations

Fields

NameDatatypeDescription
association_namestringThe name of the association.
calendar_namesarray
schedule_expressionstringA Cron or Rate expression that specifies when the association is applied to the target.
max_errorsstring
parametersobjectParameter values that the SSM document uses at runtime.
instance_idstringThe ID of the instance that the SSM document is associated with.
wait_for_success_timeout_secondsinteger
max_concurrencystring
compliance_severitystring
targetsarrayThe targets that the SSM document sends commands to.
sync_compliancestring
output_locationobject
schedule_offsetinteger
namestringThe name of the SSM document.
apply_only_at_cron_intervalboolean
document_versionstringThe version of the SSM document to associate with the target.
association_idstringUnique identifier of the association.
automation_target_parameter_namestring
regionstringAWS region.

For more information, see AWS::SSM::Association.

Methods

NameResourceAccessible byRequired Params
create_resourceassociationsINSERTName, region
delete_resourceassociationsDELETEIdentifier, region
update_resourceassociationsUPDATEIdentifier, PatchDocument, region
list_resourcesassociations_list_onlySELECTregion
get_resourceassociationsSELECTIdentifier, region

SELECT examples

Gets all properties from an individual association.

SELECT
  region,
  association_name,
  calendar_names,
  schedule_expression,
  max_errors,
  parameters,
  instance_id,
  wait_for_success_timeout_seconds,
  max_concurrency,
  compliance_severity,
  targets,
  sync_compliance,
  output_location,
  schedule_offset,
  name,
  apply_only_at_cron_interval,
  document_version,
  association_id,
  automation_target_parameter_name
FROM awscc.ssm.associations
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ association_id }}';

INSERT example

Use the following StackQL query and manifest file to create a new association resource, using stack-deploy.

/*+ create */
INSERT INTO awscc.ssm.associations (
  Name,
  region
)
SELECT
  '{{ name }}',
  '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

UPDATE example

Use the following StackQL query and manifest file to update a association resource, using stack-deploy.

/*+ update */
UPDATE awscc.ssm.associations
SET PatchDocument = string('{{ {
    "AssociationName": association_name,
    "CalendarNames": calendar_names,
    "ScheduleExpression": schedule_expression,
    "MaxErrors": max_errors,
    "Parameters": parameters,
    "InstanceId": instance_id,
    "WaitForSuccessTimeoutSeconds": wait_for_success_timeout_seconds,
    "MaxConcurrency": max_concurrency,
    "ComplianceSeverity": compliance_severity,
    "Targets": targets,
    "SyncCompliance": sync_compliance,
    "OutputLocation": output_location,
    "ScheduleOffset": schedule_offset,
    "Name": name,
    "ApplyOnlyAtCronInterval": apply_only_at_cron_interval,
    "DocumentVersion": document_version,
    "AutomationTargetParameterName": automation_target_parameter_name
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ association_id }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

DELETE example

/*+ delete */
DELETE FROM awscc.ssm.associations
WHERE
  Identifier = '{{ association_id }}' AND
  region = '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

Additional Parameters

Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:

ParameterDescription
ClientToken
A unique identifier to ensure the idempotency of the resource request.This allows the provider to accurately distinguish between retries and new requests.
A client token is valid for 36 hours once used.
After that, a resource request with the same client token is treated as a new request.
If you do not specify a client token, one is generated for inclusion in the request.
RoleArn
The ARN of the IAM role used to perform this resource operation.The role specified must have the permissions required for this operation.
If you do not specify a role, a temporary session is created using your AWS user credentials.
TypeVersionId
For private resource types, the type version to use in this resource operation.If you do not specify a resource version, the default version is used.

Permissions

To operate on the associations resource, the following permissions are required:

ssm:DescribeAssociation,
resource-groups:GetGroupQuery,
resource-groups:ListGroups,
resource-groups:ListGroupResources