com.amazonaws.services.simplesystemsmanagement.package-info Maven / Gradle / Ivy
Show all versions of aws-java-sdk-ssm Show documentation
/*
* Copyright 2011-2016 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
/**
*
* Amazon EC2 Simple Systems Manager (SSM) enables you to remotely manage the configuration of your Amazon EC2
* instances, virtual machines (VMs), or servers in your on-premises environment or in an environment provided by other
* cloud providers using scripts, commands, or the Amazon EC2 console. SSM includes an on-demand solution called
* Amazon EC2 Run Command and a lightweight instance configuration solution called SSM Config.
*
*
* This references is intended to be used with the EC2 Run Command User Guide for Linux or Windows.
*
*
*
* You must register your on-premises servers and VMs through an activation process before you can configure them using
* Run Command. Registered servers and VMs are called managed instances. For more information, see Setting Up Run Command On Managed
* Instances (On-Premises Servers and VMs) on Linux or Setting Up Run Command On Managed
* Instances (On-Premises Servers and VMs) on Windows.
*
*
*
* Run Command
*
*
* Run Command provides an on-demand experience for executing commands. You can use pre-defined SSM documents to perform
* the actions listed later in this section, or you can create your own documents. With these documents, you can
* remotely configure your instances by sending commands using the Commands page in the Amazon EC2 console, AWS
* Tools for Windows PowerShell, the AWS
* CLI, or AWS SDKs.
*
*
* Run Command reports the status of the command execution for each instance targeted by a command. You can also audit
* the command execution to understand who executed commands, when, and what changes were made. By switching between
* different SSM documents, you can quickly configure your instances with different types of commands. To get started
* with Run Command, verify that your environment meets the prerequisites for remotely running commands on EC2 instances
* (Linux or Windows).
*
*
*
* SSM Config
*
*
* SSM Config is a lightweight instance configuration solution. SSM Config is currently only available for Windows
* instances. With SSM Config, you can specify a setup configuration for your instances. SSM Config is similar to EC2
* User Data, which is another way of running one-time scripts or applying settings during instance launch. SSM Config
* is an extension of this capability. Using SSM documents, you can specify which actions the system should perform on
* your instances, including which applications to install, which AWS Directory Service directory to join, which
* Microsoft PowerShell modules to install, etc. If an instance is missing one or more of these configurations, the
* system makes those changes. By default, the system checks every five minutes to see if there is a new configuration
* to apply as defined in a new SSM document. If so, the system updates the instances accordingly. In this way, you can
* remotely maintain a consistent configuration baseline on your instances. SSM Config is available using the AWS CLI or
* the AWS Tools for Windows PowerShell. For more information, see Managing Windows Instance
* Configuration.
*
*
* SSM Config and Run Command include the following pre-defined documents.
*
*
* Linux
*
*
* -
*
* AWS-RunShellScript to run shell scripts
*
*
* -
*
* AWS-UpdateSSMAgent to update the Amazon SSM agent
*
*
*
*
*
* Windows
*
*
* -
*
* AWS-JoinDirectoryServiceDomain to join an AWS Directory
*
*
* -
*
* AWS-RunPowerShellScript to run PowerShell commands or scripts
*
*
* -
*
* AWS-UpdateEC2Config to update the EC2Config service
*
*
* -
*
* AWS-ConfigureWindowsUpdate to configure Windows Update settings
*
*
* -
*
* AWS-InstallApplication to install, repair, or uninstall software using an MSI package
*
*
* -
*
* AWS-InstallPowerShellModule to install PowerShell modules
*
*
* -
*
* AWS-ConfigureCloudWatch to configure Amazon CloudWatch Logs to monitor applications and systems
*
*
* -
*
* AWS-ListWindowsInventory to collect information about an EC2 instance running in Windows.
*
*
* -
*
* AWS-FindWindowsUpdates to scan an instance and determines which updates are missing.
*
*
* -
*
* AWS-InstallMissingWindowsUpdates to install missing updates on your EC2 instance.
*
*
* -
*
* AWS-InstallSpecificWindowsUpdates to install one or more specific updates.
*
*
*
*
*
* The commands or scripts specified in SSM documents run with administrative privilege on your instances because the
* Amazon SSM agent runs as root on Linux and the EC2Config service runs in the Local System account on Windows. If a
* user has permission to execute any of the pre-defined SSM documents (any document that begins with AWS-*) then that
* user also has administrator access to the instance. Delegate access to Run Command and SSM Config judiciously. This
* becomes extremely important if you create your own SSM documents. Amazon Web Services does not provide guidance about
* how to create secure SSM documents. You create SSM documents and delegate access to Run Command at your own risk. As
* a security best practice, we recommend that you assign access to "AWS-*" documents, especially the AWS-RunShellScript
* document on Linux and the AWS-RunPowerShellScript document on Windows, to trusted administrators only. You can create
* SSM documents for specific tasks and delegate access to non-administrators.
*
*
*
* For information about creating and sharing SSM documents, see the following topics in the SSM User Guide:
*
*
* -
*
* Creating SSM Documents and Sharing SSM Documents (Linux)
*
*
* -
*
* Creating SSM Documents and Sharing SSM Documents (Windows)
*
*
*
*/
package com.amazonaws.services.simplesystemsmanagement;