Class CfnAssociation
A CloudFormation AWS::SSM::Association.
public class CfnAssociation : CfnResource, IInspectable- Inheritance
-
CfnAssociation
- Implements
-
IInspectable
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.SSM;
var parameters;
var cfnAssociation = new CfnAssociation(this, "MyCfnAssociation", new CfnAssociationProps {
Name = "name",
// the properties below are optional
ApplyOnlyAtCronInterval = false,
AssociationName = "associationName",
AutomationTargetParameterName = "automationTargetParameterName",
CalendarNames = new [] { "calendarNames" },
ComplianceSeverity = "complianceSeverity",
DocumentVersion = "documentVersion",
InstanceId = "instanceId",
MaxConcurrency = "maxConcurrency",
MaxErrors = "maxErrors",
OutputLocation = new InstanceAssociationOutputLocationProperty {
S3Location = new S3OutputLocationProperty {
OutputS3BucketName = "outputS3BucketName",
OutputS3KeyPrefix = "outputS3KeyPrefix",
OutputS3Region = "outputS3Region"
}
},
Parameters = parameters,
ScheduleExpression = "scheduleExpression",
ScheduleOffset = 123,
SyncCompliance = "syncCompliance",
Targets = new [] { new TargetProperty {
Key = "key",
Values = new [] { "values" }
} },
WaitForSuccessTimeoutSeconds = 123
});Remarks
The AWS::SSM::Association resource creates a State Manager association for your managed instances. A State Manager association defines the state that you want to maintain on your instances. For example, an association can specify that anti-virus software must be installed and running on your instances, or that certain ports must be closed. For static targets, the association specifies a schedule for when the configuration is reapplied. For dynamic targets, such as an AWS Resource Groups or an AWS Auto Scaling Group, State Manager applies the configuration when new instances are added to the group. The association also specifies actions to take when applying the configuration. For example, an association for anti-virus software might run once a day. If the software is not installed, then State Manager installs it. If the software is installed, but the service is not running, then the association might instruct State Manager to start the service.
CloudformationResource: AWS::SSM::Association
Link: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ssm-association.html
ExampleMetadata: fixture=_generated
Constructors
CfnAssociation(Construct, string, ICfnAssociationProps)
Create a new AWS::SSM::Association.
public CfnAssociation(Construct scope, string id, ICfnAssociationProps props)Parameters
scopeConstruct- scope in which this resource is defined.
idstring- scoped id of the resource.
propsICfnAssociationProps- resource properties.
Properties
ApplyOnlyAtCronInterval
By default, when you create a new association, the system runs it immediately after it is created and then according to the schedule you specified.
public virtual object? ApplyOnlyAtCronInterval { get; set; }Property Value
Remarks
Specify this option if you don't want an association to run immediately after you create it. This parameter is not supported for rate expressions.
AssociationName
Specify a descriptive name for the association.
public virtual string? AssociationName { get; set; }Property Value
Remarks
AttrAssociationId
The association ID.
public virtual string AttrAssociationId { get; }Property Value
Remarks
CloudformationAttribute: AssociationId
AutomationTargetParameterName
Choose the parameter that will define how your automation will branch out.
public virtual string? AutomationTargetParameterName { get; set; }Property Value
Remarks
This target is required for associations that use an Automation runbook and target resources by using rate controls. Automation is a capability of AWS Systems Manager .
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
public static string CFN_RESOURCE_TYPE_NAME { get; }Property Value
CalendarNames
The names or Amazon Resource Names (ARNs) of the Change Calendar type documents your associations are gated under.
public virtual string[]? CalendarNames { get; set; }Property Value
- string[]
Remarks
The associations only run when that Change Calendar is open. For more information, see AWS Systems Manager Change Calendar .
CfnProperties
protected override IDictionary<string, object> CfnProperties { get; }Property Value
ComplianceSeverity
The severity level that is assigned to the association.
public virtual string? ComplianceSeverity { get; set; }Property Value
Remarks
DocumentVersion
The version of the SSM document to associate with the target.
public virtual string? DocumentVersion { get; set; }Property Value
Remarks
Note the following important information.
InstanceId
The ID of the instance that the SSM document is associated with.
public virtual string? InstanceId { get; set; }Property Value
Remarks
You must specify the InstanceId or Targets property.
<code>InstanceId</code> has been deprecated. To specify an instance ID for an association, use the <code>Targets</code> parameter. If you use the parameter <code>InstanceId</code> , you cannot use the parameters <code>AssociationName</code> , <code>DocumentVersion</code> , <code>MaxErrors</code> , <code>MaxConcurrency</code> , <code>OutputLocation</code> , or <code>ScheduleExpression</code> . To use these parameters, you must use the <code>Targets</code> parameter.
MaxConcurrency
The maximum number of targets allowed to run the association at the same time.
public virtual string? MaxConcurrency { get; set; }Property Value
Remarks
You can specify a number, for example 10, or a percentage of the target set, for example 10%. The default value is 100%, which means all targets run the association at the same time.
If a new managed node starts and attempts to run an association while Systems Manager is running MaxConcurrency associations, the association is allowed to run. During the next association interval, the new managed node will process its association within the limit specified for MaxConcurrency .
MaxErrors
The number of errors that are allowed before the system stops sending requests to run the association on additional targets.
public virtual string? MaxErrors { get; set; }Property Value
Remarks
You can specify either an absolute number of errors, for example 10, or a percentage of the target set, for example 10%. If you specify 3, for example, the system stops sending requests when the fourth error is received. If you specify 0, then the system stops sending requests after the first error is returned. If you run an association on 50 managed nodes and set MaxError to 10%, then the system stops sending the request when the sixth error is received.
Executions that are already running an association when MaxErrors is reached are allowed to complete, but some of these executions may fail as well. If you need to ensure that there won't be more than max-errors failed executions, set MaxConcurrency to 1 so that executions proceed one at a time.
Name
The name of the SSM document that contains the configuration information for the instance.
public virtual string Name { get; set; }Property Value
Remarks
You can specify Command or Automation documents. The documents can be AWS -predefined documents, documents you created, or a document that is shared with you from another account. For SSM documents that are shared with you from other AWS accounts , you must specify the complete SSM document ARN, in the following format:
arn:partition:ssm:region:account-id:document/document-name
For example: arn:aws:ssm:us-east-2:12345678912:document/My-Shared-Document
For AWS -predefined documents and SSM documents you created in your account, you only need to specify the document name. For example, AWS -ApplyPatchBaseline or My-Document .
OutputLocation
An Amazon Simple Storage Service (Amazon S3) bucket where you want to store the output details of the request.
public virtual object? OutputLocation { get; set; }Property Value
Remarks
Parameters
The parameters for the runtime configuration of the document.
public virtual object Parameters { get; set; }Property Value
Remarks
ScheduleExpression
A cron expression that specifies a schedule when the association runs.
public virtual string? ScheduleExpression { get; set; }Property Value
Remarks
The schedule runs in Coordinated Universal Time (UTC).
ScheduleOffset
Number of days to wait after the scheduled day to run an association.
public virtual double? ScheduleOffset { get; set; }Property Value
Remarks
SyncCompliance
The mode for generating association compliance.
public virtual string? SyncCompliance { get; set; }Property Value
Remarks
You can specify AUTO or MANUAL . In AUTO mode, the system uses the status of the association execution to determine the compliance status. If the association execution runs successfully, then the association is COMPLIANT . If the association execution doesn't run successfully, the association is NON-COMPLIANT .
In MANUAL mode, you must specify the AssociationId as a parameter for the PutComplianceItems API action. In this case, compliance data is not managed by State Manager. It is managed by your direct call to the PutComplianceItems API action.
By default, all associations use AUTO mode.
Targets
The targets for the association.
public virtual object? Targets { get; set; }Property Value
Remarks
You must specify the InstanceId or Targets property. You can target all instances in an AWS account by specifying the InstanceIds key with a value of * . To view a JSON and a YAML example that targets all instances, see "Create an association for all managed instances in an AWS account " on the Examples page.
WaitForSuccessTimeoutSeconds
The number of seconds the service should wait for the association status to show "Success" before proceeding with the stack execution.
public virtual double? WaitForSuccessTimeoutSeconds { get; set; }Property Value
Remarks
If the association status doesn't show "Success" after the specified number of seconds, then stack creation fails.
Methods
Inspect(TreeInspector)
Examines the CloudFormation resource and discloses attributes.
public virtual void Inspect(TreeInspector inspector)Parameters
inspectorTreeInspector- tree inspector to collect and process attributes.
RenderProperties(IDictionary<string, object>)
protected override IDictionary<string, object> RenderProperties(IDictionary<string, object> props)Parameters
propsIDictionary<string, object>