The IamRole field returned for this API operation is the Identity and Access Management (IAM) role assigned to on-premises managed nodes. This operation does not
- * return the IAM role for EC2 instances.
The IamRole field returned for this API operation is the role assigned to an
+ * Amazon EC2 instance configured with a Systems Manager Quick Setup host management configuration or
+ * the role assigned to an on-premises managed node.
An API operation used by the Systems Manager console to display information about Systems Manager managed nodes.
+ *An API operation used by the Systems Manager console to display information about Systems Manager managed + * nodes.
* @example * Use a bare-bones client and the command you need to make an API call. * ```javascript diff --git a/clients/client-ssm/src/commands/DescribePatchPropertiesCommand.ts b/clients/client-ssm/src/commands/DescribePatchPropertiesCommand.ts index e75d7bef8f46e..ab7b0408b745f 100644 --- a/clients/client-ssm/src/commands/DescribePatchPropertiesCommand.ts +++ b/clients/client-ssm/src/commands/DescribePatchPropertiesCommand.ts @@ -46,6 +46,12 @@ export interface DescribePatchPropertiesCommandOutput extends DescribePatchPrope *SEVERITY
*
*
+ * Valid properties: PRODUCT | CLASSIFICATION |
+ * SEVERITY
+ *
Valid properties: PRODUCT | CLASSIFICATION |
diff --git a/clients/client-ssm/src/commands/GetCommandInvocationCommand.ts b/clients/client-ssm/src/commands/GetCommandInvocationCommand.ts
index 36f96744cfc0b..4dc5469b28de8 100644
--- a/clients/client-ssm/src/commands/GetCommandInvocationCommand.ts
+++ b/clients/client-ssm/src/commands/GetCommandInvocationCommand.ts
@@ -28,7 +28,12 @@ export interface GetCommandInvocationCommandInput extends GetCommandInvocationRe
export interface GetCommandInvocationCommandOutput extends GetCommandInvocationResult, __MetadataBearer {}
/**
- *
Returns detailed information about command execution for an invocation or plugin.
+ *Returns detailed information about command execution for an invocation or plugin. The Run + * Command API follows an eventual consistency model, due to the distributed nature of the system + * supporting the API. This means that the result of an API command you run that affects your + * resources might not be immediately visible to all subsequent commands you run. You should keep + * this in mind when you carry out an API command that immediately follows a previous API + * command.
*
* GetCommandInvocation only gives the execution status of a plugin in a document.
* To get the command execution status on a specific managed node, use ListCommandInvocations. To get the command execution status across managed nodes,
diff --git a/clients/client-ssm/src/models/models_0.ts b/clients/client-ssm/src/models/models_0.ts
index 853ea2f1f3a8d..59ea17de73032 100644
--- a/clients/client-ssm/src/models/models_0.ts
+++ b/clients/client-ssm/src/models/models_0.ts
@@ -3664,17 +3664,26 @@ export interface PatchRule {
/**
*
The number of days after the release date of each patch matched by the rule that the patch
* is marked as approved in the patch baseline. For example, a value of 7 means that
- * patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu
- * Server.
This parameter is marked as not required, but your request must include a value
+ * for either ApproveAfterDays or ApproveUntilDate.
Not supported for Debian Server or Ubuntu Server.
* @public */ ApproveAfterDays?: number; /** *The cutoff date for auto approval of released patches. Any patches released on or before - * this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
+ * this date are installed automatically. *Enter dates in the format YYYY-MM-DD. For example,
* 2021-12-31.
This parameter is marked as not required, but your request must include a value
+ * for either ApproveUntilDate or ApproveAfterDays.
Not supported for Debian Server or Ubuntu Server.
* @public */ ApproveUntilDate?: string; @@ -3850,26 +3859,31 @@ export interface CreatePatchBaselineRequest { /** *The action for Patch Manager to take on patches included in the
* RejectedPackages list.
- *
- * ALLOW_AS_DEPENDENCY
- * : A package in the
- * Rejected patches list is installed only if it is a dependency of another package.
- * It is considered compliant with the patch baseline, and its status is reported as
- * InstalledOther. This is the default action if no option is specified.
INSTALLED_OTHER. This is the
+ * default action if no option is specified.
* - * BLOCK: Packages in the Rejected - * patches list, and packages that include them as dependencies, aren't installed by - * Patch Manager under any circumstances. If a package was installed before it was added to the - * Rejected patches list, or is installed outside of Patch - * Manager afterward, it's considered noncompliant with the patch baseline and its status is - * reported as InstalledRejected.
- *INSTALLED_OTHER. Any package not
+ * already installed on the node is skipped. This is the default action if no option is
+ * specified.
+ *
+ * All OSs: Packages in the rejected patches list, and
+ * packages that include them as dependencies, aren't installed by Patch Manager under any
+ * circumstances. If a package was installed before it was added to the rejected patches list, or
+ * is installed outside of Patch Manager afterward, it's considered noncompliant with the patch
+ * baseline and its status is reported as INSTALLED_REJECTED.
The Identity and Access Management (IAM) role assigned to the on-premises Systems Manager
- * managed node. This call doesn't return the IAM role for Amazon Elastic Compute Cloud
- * (Amazon EC2) instances. To retrieve the IAM role for an EC2 instance, use
- * the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.
The role assigned to an Amazon EC2 instance configured with a Systems Manager + * Quick Setup host management configuration or the role assigned to an on-premises managed + * node.
+ * This call doesn't return the IAM role for unmanaged
+ * Amazon EC2 instances (instances not configured for Systems Manager). To retrieve the
+ * role for an unmanaged instance, use the Amazon EC2 DescribeInstances operation. For
+ * information, see DescribeInstances in the
+ * Amazon EC2 API Reference or describe-instances in the
+ * Amazon Web Services CLI Command Reference.
Describes a filter for a specific list of managed nodes. You can filter node information by using tags. You specify tags by using a key-value mapping.
+ *Describes a filter for a specific list of managed nodes. You can filter node information by + * using tags. You specify tags by using a key-value mapping.
* @public */ export interface InstancePropertyFilter { @@ -8544,7 +8564,7 @@ export interface DescribeInstancePropertiesRequest { /** *The maximum number of items to return for the call. The call also returns a token that you - * can specify in a subsequent call to get the next set of results.
+ * can specify in a subsequent call to get the next set of results. * @public */ MaxResults?: number; @@ -8562,7 +8582,8 @@ export interface DescribeInstancePropertiesRequest { */ export interface InstanceProperty { /** - *The value of the EC2 Name tag associated with the node. If a Name tag hasn't been applied to the node, this value is blank.
The value of the EC2 Name tag associated with the node. If a Name
+ * tag hasn't been applied to the node, this value is blank.
The instance profile attached to the node. If an instance profile isn't attached to the node, this value is blank.
+ *The instance profile attached to the node. If an instance profile isn't attached to the + * node, this value is blank.
* @public */ InstanceRole?: string; /** - *The name of the key pair associated with the node. If a key pair isnt't associated with the node, this value is blank.
+ *The name of the key pair associated with the node. If a key pair isnt't associated with the + * node, this value is blank.
* @public */ KeyName?: string; @@ -8598,13 +8621,14 @@ export interface InstanceProperty { InstanceState?: string; /** - *The CPU architecture of the node. For example, x86_64.
+ *The CPU architecture of the node. For example, x86_64.
The public IPv4 address assigned to the node. If a public IPv4 address isn't assigned to the node, this value is blank.
+ *The public IPv4 address assigned to the node. If a public IPv4 address isn't assigned to the + * node, this value is blank.
* @public */ IPAddress?: string; @@ -8652,13 +8676,15 @@ export interface InstanceProperty { PlatformVersion?: string; /** - *The activation ID created by Systems Manager when the server or virtual machine (VM) was registered
+ *The activation ID created by Systems Manager when the server or virtual machine (VM) was + * registered
* @public */ ActivationId?: string; /** - *The IAM role used in the hybrid activation to register the node with Systems Manager.
+ *The IAM role used in the hybrid activation to register the node with + * Systems Manager.
* @public */ IamRole?: string; @@ -8730,7 +8756,7 @@ export interface DescribeInstancePropertiesResult { /** *The token for the next set of properties to return. Use this token to get the next set of - * results.
+ * results. * @public */ NextToken?: string; diff --git a/clients/client-ssm/src/models/models_1.ts b/clients/client-ssm/src/models/models_1.ts index a766415c5eb47..c18fdeb0d659a 100644 --- a/clients/client-ssm/src/models/models_1.ts +++ b/clients/client-ssm/src/models/models_1.ts @@ -409,8 +409,16 @@ export interface MaintenanceWindowTask { LoggingInfo?: LoggingInfo; /** - *The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service - * (Amazon SNS) notifications for maintenance window Run Command tasks.
+ *The Amazon Resource Name (ARN) of the IAM service role for
+ * Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a
+ * service role ARN, Systems Manager uses a service-linked role in your account. If no
+ * appropriate service-linked role for Systems Manager exists in your account, it is created when
+ * you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom + * policy and custom service role for running your maintenance window tasks. The policy + * can be crafted to provide only the permissions needed for your particular + * maintenance window tasks. For more information, see Setting up maintenance windows in the in the + * Amazon Web Services Systems Manager User Guide.
* @public */ ServiceRoleArn?: string; @@ -1225,8 +1233,9 @@ export interface PatchBaselineIdentity { BaselineDescription?: string; /** - *Whether this is the default baseline. Amazon Web Services Systems Manager supports creating multiple default patch - * baselines. For example, you can create a default patch baseline for each operating system.
+ *Indicates whether this is the default baseline. Amazon Web Services Systems Manager supports creating multiple default + * patch baselines. For example, you can create a default patch baseline for each operating + * system.
* @public */ DefaultBaseline?: boolean; @@ -3942,8 +3951,16 @@ export interface MaintenanceWindowRunCommandParameters { Parameters?: RecordThe Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service - * (Amazon SNS) notifications for maintenance window Run Command tasks.
+ *The Amazon Resource Name (ARN) of the IAM service role for
+ * Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a
+ * service role ARN, Systems Manager uses a service-linked role in your account. If no
+ * appropriate service-linked role for Systems Manager exists in your account, it is created when
+ * you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom + * policy and custom service role for running your maintenance window tasks. The policy + * can be crafted to provide only the permissions needed for your particular + * maintenance window tasks. For more information, see Setting up maintenance windows in the in the + * Amazon Web Services Systems Manager User Guide.
* @public */ ServiceRoleArn?: string; @@ -4051,8 +4068,16 @@ export interface GetMaintenanceWindowTaskResult { TaskArn?: string; /** - *The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service - * (Amazon SNS) notifications for maintenance window Run Command tasks.
+ *The Amazon Resource Name (ARN) of the IAM service role for
+ * Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a
+ * service role ARN, Systems Manager uses a service-linked role in your account. If no
+ * appropriate service-linked role for Systems Manager exists in your account, it is created when
+ * you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom + * policy and custom service role for running your maintenance window tasks. The policy + * can be crafted to provide only the permissions needed for your particular + * maintenance window tasks. For more information, see Setting up maintenance windows in the in the + * Amazon Web Services Systems Manager User Guide.
* @public */ ServiceRoleArn?: string; diff --git a/clients/client-ssm/src/models/models_2.ts b/clients/client-ssm/src/models/models_2.ts index 551c9265ebd72..9bd0c2512a729 100644 --- a/clients/client-ssm/src/models/models_2.ts +++ b/clients/client-ssm/src/models/models_2.ts @@ -1516,8 +1516,16 @@ export interface UpdateMaintenanceWindowTaskResult { TaskArn?: string; /** - *The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service - * (Amazon SNS) notifications for maintenance window Run Command tasks.
+ *The Amazon Resource Name (ARN) of the IAM service role for
+ * Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a
+ * service role ARN, Systems Manager uses a service-linked role in your account. If no
+ * appropriate service-linked role for Systems Manager exists in your account, it is created when
+ * you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom + * policy and custom service role for running your maintenance window tasks. The policy + * can be crafted to provide only the permissions needed for your particular + * maintenance window tasks. For more information, see Setting up maintenance windows in the in the + * Amazon Web Services Systems Manager User Guide.
* @public */ ServiceRoleArn?: string; @@ -1881,26 +1889,31 @@ export interface UpdatePatchBaselineRequest { /** *The action for Patch Manager to take on patches included in the
* RejectedPackages list.
- *
- * ALLOW_AS_DEPENDENCY
- * : A package in the
- * Rejected patches list is installed only if it is a dependency of another package.
- * It is considered compliant with the patch baseline, and its status is reported as
- * InstalledOther. This is the default action if no option is specified.
INSTALLED_OTHER. This is the
+ * default action if no option is specified.
* - * BLOCK: Packages in the Rejected - * patches list, and packages that include them as dependencies, aren't installed by - * Patch Manager under any circumstances. If a package was installed before it was added to the - * Rejected patches list, or is installed outside of Patch - * Manager afterward, it's considered noncompliant with the patch baseline and its status is - * reported as InstalledRejected.
- *INSTALLED_OTHER. Any package not
+ * already installed on the node is skipped. This is the default action if no option is
+ * specified.
+ *
+ *
+ * All OSs: Packages in the rejected patches list, and
+ * packages that include them as dependencies, aren't installed by Patch Manager under any
+ * circumstances. If a package was installed before it was added to the rejected patches list, or
+ * is installed outside of Patch Manager afterward, it's considered noncompliant with the patch
+ * baseline and its status is reported as INSTALLED_REJECTED.
The action for Patch Manager to take on patches included in the\n RejectedPackages list.
\n \n ALLOW_AS_DEPENDENCY\n : A package in the\n Rejected patches list is installed only if it is a dependency of another package.\n It is considered compliant with the patch baseline, and its status is reported as\n InstalledOther. This is the default action if no option is specified.
\n BLOCK: Packages in the Rejected\n patches list, and packages that include them as dependencies, aren't installed by\n Patch Manager under any circumstances. If a package was installed before it was added to the\n Rejected patches list, or is installed outside of Patch\n Manager afterward, it's considered noncompliant with the patch baseline and its status is\n reported as InstalledRejected.
\nThe action for Patch Manager to take on patches included in the\n RejectedPackages list.
\n Linux and macOS: A package in the rejected patches list\n is installed only if it is a dependency of another package. It is considered compliant with\n the patch baseline, and its status is reported as INSTALLED_OTHER. This is the\n default action if no option is specified.
\n Windows Server: Windows Server doesn't support the\n concept of package dependencies. If a package in the rejected patches list and already\n installed on the node, its status is reported as INSTALLED_OTHER. Any package not\n already installed on the node is skipped. This is the default action if no option is\n specified.
\n All OSs: Packages in the rejected patches list, and\n packages that include them as dependencies, aren't installed by Patch Manager under any\n circumstances. If a package was installed before it was added to the rejected patches list, or\n is installed outside of Patch Manager afterward, it's considered noncompliant with the patch\n baseline and its status is reported as INSTALLED_REJECTED.
Provides information about one or more of your managed nodes, including the operating system\n platform, SSM Agent version, association status, and IP address. This operation does not return\n information for nodes that are either Stopped or Terminated.
\nIf you specify one or more node IDs, the operation returns information for those managed\n nodes. If you don't specify node IDs, it returns information for all your managed nodes. If you\n specify a node ID that isn't valid or a node that you don't own, you receive an error.
\nThe IamRole field returned for this API operation is the Identity and Access Management (IAM) role assigned to on-premises managed nodes. This operation does not\n return the IAM role for EC2 instances.
Provides information about one or more of your managed nodes, including the operating system\n platform, SSM Agent version, association status, and IP address. This operation does not return\n information for nodes that are either Stopped or Terminated.
\nIf you specify one or more node IDs, the operation returns information for those managed\n nodes. If you don't specify node IDs, it returns information for all your managed nodes. If you\n specify a node ID that isn't valid or a node that you don't own, you receive an error.
\nThe IamRole field returned for this API operation is the role assigned to an\n Amazon EC2 instance configured with a Systems Manager Quick Setup host management configuration or\n the role assigned to an on-premises managed node.
An API operation used by the Systems Manager console to display information about Systems Manager managed nodes.
", + "smithy.api#documentation": "An API operation used by the Systems Manager console to display information about Systems Manager managed\n nodes.
", "smithy.api#paginated": { "inputToken": "NextToken", "outputToken": "NextToken", @@ -9138,7 +9138,7 @@ "MaxResults": { "target": "com.amazonaws.ssm#DescribeInstancePropertiesMaxResults", "traits": { - "smithy.api#documentation": "The maximum number of items to return for the call. The call also returns a token that you\n can specify in a subsequent call to get the next set of results.
" + "smithy.api#documentation": "The maximum number of items to return for the call. The call also returns a token that you\n can specify in a subsequent call to get the next set of results.
" } }, "NextToken": { @@ -9164,7 +9164,7 @@ "NextToken": { "target": "com.amazonaws.ssm#NextToken", "traits": { - "smithy.api#documentation": "The token for the next set of properties to return. Use this token to get the next set of\n results.
" + "smithy.api#documentation": "The token for the next set of properties to return. Use this token to get the next set of\n results.
" } } }, @@ -10323,7 +10323,7 @@ } ], "traits": { - "smithy.api#documentation": "Lists the properties of available patches organized by product, product family,\n classification, severity, and other properties of available patches. You can use the reported\n properties in the filters you specify in requests for operations such as CreatePatchBaseline, UpdatePatchBaseline, DescribeAvailablePatches, and DescribePatchBaselines.
\nThe following section lists the properties that can be used in filters for each major\n operating system type:
\nValid properties: PRODUCT | CLASSIFICATION |\n SEVERITY\n
Valid properties: PRODUCT | CLASSIFICATION |\n SEVERITY\n
Valid properties: PRODUCT | CLASSIFICATION |\n SEVERITY\n
Valid properties: PRODUCT | PRIORITY\n
Valid properties: PRODUCT | CLASSIFICATION\n
Valid properties: PRODUCT | CLASSIFICATION |\n SEVERITY\n
Valid properties: PRODUCT | CLASSIFICATION |\n SEVERITY\n
Valid properties: PRODUCT | CLASSIFICATION |\n SEVERITY\n
Valid properties: PRODUCT | PRIORITY\n
Valid properties: PRODUCT | PRODUCT_FAMILY |\n CLASSIFICATION | MSRC_SEVERITY\n
Lists the properties of available patches organized by product, product family,\n classification, severity, and other properties of available patches. You can use the reported\n properties in the filters you specify in requests for operations such as CreatePatchBaseline, UpdatePatchBaseline, DescribeAvailablePatches, and DescribePatchBaselines.
\nThe following section lists the properties that can be used in filters for each major\n operating system type:
\nValid properties: PRODUCT | CLASSIFICATION |\n SEVERITY\n
Valid properties: PRODUCT | CLASSIFICATION |\n SEVERITY\n
Valid properties: PRODUCT | CLASSIFICATION |\n SEVERITY\n
Valid properties: PRODUCT | CLASSIFICATION |\n SEVERITY\n
Valid properties: PRODUCT | PRIORITY\n
Valid properties: PRODUCT | CLASSIFICATION\n
Valid properties: PRODUCT | CLASSIFICATION |\n SEVERITY\n
Valid properties: PRODUCT | CLASSIFICATION |\n SEVERITY\n
Valid properties: PRODUCT | CLASSIFICATION |\n SEVERITY\n
Valid properties: PRODUCT | PRIORITY\n
Valid properties: PRODUCT | PRODUCT_FAMILY |\n CLASSIFICATION | MSRC_SEVERITY\n
Returns detailed information about command execution for an invocation or plugin.
\n\n GetCommandInvocation only gives the execution status of a plugin in a document.\n To get the command execution status on a specific managed node, use ListCommandInvocations. To get the command execution status across managed nodes,\n use ListCommands.
Returns detailed information about command execution for an invocation or plugin. The Run\n Command API follows an eventual consistency model, due to the distributed nature of the system\n supporting the API. This means that the result of an API command you run that affects your\n resources might not be immediately visible to all subsequent commands you run. You should keep\n this in mind when you carry out an API command that immediately follows a previous API\n command.
\n\n GetCommandInvocation only gives the execution status of a plugin in a document.\n To get the command execution status on a specific managed node, use ListCommandInvocations. To get the command execution status across managed nodes,\n use ListCommands.
The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service \n(Amazon SNS) notifications for maintenance window Run Command tasks.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "TaskType": { @@ -14797,7 +14797,7 @@ "IamRole": { "target": "com.amazonaws.ssm#IamRole", "traits": { - "smithy.api#documentation": "The Identity and Access Management (IAM) role assigned to the on-premises Systems Manager\n managed node. This call doesn't return the IAM role for Amazon Elastic Compute Cloud\n (Amazon EC2) instances. To retrieve the IAM role for an EC2 instance, use\n the Amazon EC2 DescribeInstances operation. For information, see DescribeInstances in the Amazon EC2 API Reference or describe-instances in the Amazon Web Services CLI Command Reference.
The role assigned to an Amazon EC2 instance configured with a Systems Manager\n Quick Setup host management configuration or the role assigned to an on-premises managed\n node.
\n This call doesn't return the IAM role for unmanaged\n Amazon EC2 instances (instances not configured for Systems Manager). To retrieve the\n role for an unmanaged instance, use the Amazon EC2 DescribeInstances operation. For\n information, see DescribeInstances in the\n Amazon EC2 API Reference or describe-instances in the\n Amazon Web Services CLI Command Reference.
The value of the EC2 Name tag associated with the node. If a Name tag hasn't been applied to the node, this value is blank.
The value of the EC2 Name tag associated with the node. If a Name\n tag hasn't been applied to the node, this value is blank.
The instance profile attached to the node. If an instance profile isn't attached to the node, this value is blank.
" + "smithy.api#documentation": "The instance profile attached to the node. If an instance profile isn't attached to the\n node, this value is blank.
" } }, "KeyName": { "target": "com.amazonaws.ssm#KeyName", "traits": { - "smithy.api#documentation": "The name of the key pair associated with the node. If a key pair isnt't associated with the node, this value is blank.
" + "smithy.api#documentation": "The name of the key pair associated with the node. If a key pair isnt't associated with the\n node, this value is blank.
" } }, "InstanceState": { @@ -15365,13 +15365,13 @@ "Architecture": { "target": "com.amazonaws.ssm#Architecture", "traits": { - "smithy.api#documentation": "The CPU architecture of the node. For example, x86_64.
" + "smithy.api#documentation": "The CPU architecture of the node. For example, x86_64.
The public IPv4 address assigned to the node. If a public IPv4 address isn't assigned to the node, this value is blank.
" + "smithy.api#documentation": "The public IPv4 address assigned to the node. If a public IPv4 address isn't assigned to the\n node, this value is blank.
" } }, "LaunchTime": { @@ -15419,13 +15419,13 @@ "ActivationId": { "target": "com.amazonaws.ssm#ActivationId", "traits": { - "smithy.api#documentation": "The activation ID created by Systems Manager when the server or virtual machine (VM) was registered
" + "smithy.api#documentation": "The activation ID created by Systems Manager when the server or virtual machine (VM) was\n registered
" } }, "IamRole": { "target": "com.amazonaws.ssm#IamRole", "traits": { - "smithy.api#documentation": "The IAM role used in the hybrid activation to register the node with Systems Manager.
" + "smithy.api#documentation": "The IAM role used in the hybrid activation to register the node with\n Systems Manager.
" } }, "RegistrationDate": { @@ -15503,7 +15503,7 @@ } }, "traits": { - "smithy.api#documentation": "Describes a filter for a specific list of managed nodes. You can filter node information by using tags. You specify tags by using a key-value mapping.
" + "smithy.api#documentation": "Describes a filter for a specific list of managed nodes. You can filter node information by\n using tags. You specify tags by using a key-value mapping.
" } }, "com.amazonaws.ssm#InstancePropertyFilterKey": { @@ -19516,7 +19516,7 @@ "ServiceRoleArn": { "target": "com.amazonaws.ssm#ServiceRole", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service \n(Amazon SNS) notifications for maintenance window Run Command tasks.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "TimeoutSeconds": { @@ -19710,7 +19710,7 @@ "ServiceRoleArn": { "target": "com.amazonaws.ssm#ServiceRole", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service \n(Amazon SNS) notifications for maintenance window Run Command tasks.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "MaxConcurrency": { @@ -23262,7 +23262,7 @@ "target": "com.amazonaws.ssm#DefaultBaseline", "traits": { "smithy.api#default": false, - "smithy.api#documentation": "Whether this is the default baseline. Amazon Web Services Systems Manager supports creating multiple default patch\n baselines. For example, you can create a default patch baseline for each operating system.
" + "smithy.api#documentation": "Indicates whether this is the default baseline. Amazon Web Services Systems Manager supports creating multiple default\n patch baselines. For example, you can create a default patch baseline for each operating\n system.
" } } }, @@ -23997,13 +23997,13 @@ "target": "com.amazonaws.ssm#ApproveAfterDays", "traits": { "smithy.api#default": null, - "smithy.api#documentation": "The number of days after the release date of each patch matched by the rule that the patch\n is marked as approved in the patch baseline. For example, a value of 7 means that\n patches are approved seven days after they are released. Not supported on Debian Server or Ubuntu\n Server.
The number of days after the release date of each patch matched by the rule that the patch\n is marked as approved in the patch baseline. For example, a value of 7 means that\n patches are approved seven days after they are released.
This parameter is marked as not required, but your request must include a value\n for either ApproveAfterDays or ApproveUntilDate.
Not supported for Debian Server or Ubuntu Server.
" } }, "ApproveUntilDate": { "target": "com.amazonaws.ssm#PatchStringDateTime", "traits": { - "smithy.api#documentation": "The cutoff date for auto approval of released patches. Any patches released on or before\n this date are installed automatically. Not supported on Debian Server or Ubuntu Server.
\nEnter dates in the format YYYY-MM-DD. For example,\n 2021-12-31.
The cutoff date for auto approval of released patches. Any patches released on or before\n this date are installed automatically.
\nEnter dates in the format YYYY-MM-DD. For example,\n 2021-12-31.
This parameter is marked as not required, but your request must include a value\n for either ApproveUntilDate or ApproveAfterDays.
Not supported for Debian Server or Ubuntu Server.
" } }, "EnableNonSecurity": { @@ -29792,7 +29792,7 @@ "ServiceRoleArn": { "target": "com.amazonaws.ssm#ServiceRole", "traits": { - "smithy.api#documentation": "The Amazon Resource Name (ARN) of the Identity and Access Management (IAM) service role to use to publish Amazon Simple Notification Service \n(Amazon SNS) notifications for maintenance window Run Command tasks.
" + "smithy.api#documentation": "The Amazon Resource Name (ARN) of the IAM service role for\n Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a\n service role ARN, Systems Manager uses a service-linked role in your account. If no\n appropriate service-linked role for Systems Manager exists in your account, it is created when\n you run RegisterTaskWithMaintenanceWindow.
However, for an improved security posture, we strongly recommend creating a custom\n policy and custom service role for running your maintenance window tasks. The policy\n can be crafted to provide only the permissions needed for your particular\n maintenance window tasks. For more information, see Setting up maintenance windows in the in the\n Amazon Web Services Systems Manager User Guide.
" } }, "TaskParameters": { @@ -30203,7 +30203,7 @@ "RejectedPatchesAction": { "target": "com.amazonaws.ssm#PatchAction", "traits": { - "smithy.api#documentation": "The action for Patch Manager to take on patches included in the\n RejectedPackages list.
\n \n ALLOW_AS_DEPENDENCY\n : A package in the\n Rejected patches list is installed only if it is a dependency of another package.\n It is considered compliant with the patch baseline, and its status is reported as\n InstalledOther. This is the default action if no option is specified.
\n BLOCK: Packages in the Rejected\n patches list, and packages that include them as dependencies, aren't installed by\n Patch Manager under any circumstances. If a package was installed before it was added to the\n Rejected patches list, or is installed outside of Patch\n Manager afterward, it's considered noncompliant with the patch baseline and its status is\n reported as InstalledRejected.
\nThe action for Patch Manager to take on patches included in the\n RejectedPackages list.
\n Linux and macOS: A package in the rejected patches list\n is installed only if it is a dependency of another package. It is considered compliant with\n the patch baseline, and its status is reported as INSTALLED_OTHER. This is the\n default action if no option is specified.
\n Windows Server: Windows Server doesn't support the\n concept of package dependencies. If a package in the rejected patches list and already\n installed on the node, its status is reported as INSTALLED_OTHER. Any package not\n already installed on the node is skipped. This is the default action if no option is\n specified.
\n All OSs: Packages in the rejected patches list, and\n packages that include them as dependencies, aren't installed by Patch Manager under any\n circumstances. If a package was installed before it was added to the rejected patches list, or\n is installed outside of Patch Manager afterward, it's considered noncompliant with the patch\n baseline and its status is reported as INSTALLED_REJECTED.