ssm-patch-manager
cloudposse/ssm-patch-manager/aws
Terraform module to provision AWS SSM Patch Manager maintenance window tasks, targets, patch baseline, patch groups and an s3 bucket for storing patch task logs
This module provisions AWS SSM Patch manager maintenance window tasks, targets, patch baselines and patch groups and a s3 bucket for storing patch task logs. > [!TIP] > #### 👽 Use Atmos with Terraform > Cloud Posse uses atmos to easily orchestrate multiple environments using Terraform. > Works with Github Actions, Atlantis, or Spacelift. > > > Watch demo of using Atmos with Terraform > > Example of running atmos to manage infrastructure from our Quick Start tutorial. > Introduction Acknowledgements This module was heavily inspired by @jparnaudeau module https://github.com/jparnaudeau/terraform-aws-ssm-patch-management Usage For a complete example, see examples/complete. For automated tests of the complete example using bats and Terratest (which tests and deploys the example on AWS), see te
| Name | Type | Description | Default |
|---|---|---|---|
| scan_maintenance_window_schedule | string | The schedule of the Maintenance Window in the form of a cron or rate expression. | "cron(0 0 18 ? * WED *)" |
| task_install_priority | number | The priority of the task in the Maintenance Window, the lower the number the hig | 1 |
| rejected_patches | list(string) | A list of rejected patches | [] |
| ssm_bucket_policy | string | Custom bucket policy for the SSM log bucket | null |
| scan_maintenance_window_cutoff | number | The number of hours before the end of the Maintenance Window that Systems Manage | 1 |
| additional_tag_map | map(string) | Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not add | {} |
| scan_sns_notification_enabled | bool | Enable/Disable the SNS notification for scans | false |
| sns_notification_role_arn | string | An Amazon Resource Name (ARN) for a Simple Notification Service (SNS) topic. Run | "" |
| scan_maintenance_windows_targets | list(object({ key : string | The map of tags for targetting which EC2 instances will be scaned | [] |
| install_maintenance_window_schedule | string | The schedule of the Maintenance Window in the form of a cron or rate expression | "cron(0 0 21 ? * WED *)" |
| ssm_bucket_versioning_enable | string | To enable or disable S3 bucket versioning for the log bucket. | true |
| tenant | string | ID element _(Rarely used, not included by default)_. A customer identifier, indi | null |
| label_value_case | string | Controls the letter case of ID elements (labels) as included in `id`, set as tag | null |
| install_patch_groups | list(string) | The targets to register with the maintenance window. In other words, the instanc | [
"TOPATCH"
] |
| name | string | ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. Thi | null |
| attributes | list(string) | ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`, | [] |
| label_key_case | string | Controls the letter case of the `tags` keys (label names) for tags generated by | null |
| namespace | string | ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp' | null |
| install_maintenance_window_duration | number | The duration of the maintenence windows (hours) | 3 |
| approved_patches | list(string) | A list of explicitly approved patches for the baseline | [] |
| … and 10 more inputs | |||
ssm_patch_log_s3_bucket_id — SSM Patch Manager s3 log bucket IDscan_maintenance_window_task_id — SSM Patch Manager scan maintenance windows task IDinstall_patch_group_id — SSM Patch Manager install patch group IDssm_patch_log_s3_bucket_arn — SSM Patch Manager s3 log bucket ARNinstall_maintenance_window_task_id — SSM Patch Manager install maintenance windows task IDscan_maintenance_window_target_id — SSM Patch Manager scan maintenance window target IDinstall_maintenance_window_target_id — SSM Patch Manager install maintenance window target IDinstall_maintenance_window_id — SSM Patch Manager install maintenance window IDpatch_baseline_arn — SSM Patch Manager patch baseline ARNscan_patch_group_id — SSM Patch Manager scan patch group IDTerraform module to populate AWS Systems Manager (SSM) Parameter Store with valu
Terraform module to define a generic Bastion host with parameterized user_data a
This module configures AWS Config, a service that enables you to assess, audit,