ssm-patch-manager

cloudposse/ssm-patch-manager/aws

Terraform Module HCL AWS

Terraform module to provision AWS SSM Patch Manager maintenance window tasks, targets, patch baseline, patch groups and an s3 bucket for storing patch task logs

Install

module "ssm-patch-manager" {

source = "cloudposse/ssm-patch-manager/aws"

version = "1.0.2"

}

⭐ Source on GitHub 📦 Registry page

README

This module provisions AWS SSM Patch manager maintenance window tasks, targets, patch baselines and patch groups and a s3 bucket for storing patch task logs. > [!TIP] > #### 👽 Use Atmos with Terraform > Cloud Posse uses atmos to easily orchestrate multiple environments using Terraform. > Works with Github Actions, Atlantis, or Spacelift. > > > Watch demo of using Atmos with Terraform > > Example of running atmos to manage infrastructure from our Quick Start tutorial. > Introduction Acknowledgements This module was heavily inspired by @jparnaudeau module https://github.com/jparnaudeau/terraform-aws-ssm-patch-management Usage For a complete example, see examples/complete. For automated tests of the complete example using bats and Terratest (which tests and deploys the example on AWS), see te

Inputs (50)

Name	Type	Description	Default
scan_maintenance_window_schedule	string	The schedule of the Maintenance Window in the form of a cron or rate expression.	`"cron(0 0 18 ? * WED *)"`
task_install_priority	number	The priority of the task in the Maintenance Window, the lower the number the hig	`1`
rejected_patches	list(string)	A list of rejected patches	`[]`
ssm_bucket_policy	string	Custom bucket policy for the SSM log bucket	`null`
scan_maintenance_window_cutoff	number	The number of hours before the end of the Maintenance Window that Systems Manage	`1`
additional_tag_map	map(string)	Additional key-value pairs to add to each map in `tags_as_list_of_maps`. Not add	`{}`
scan_sns_notification_enabled	bool	Enable/Disable the SNS notification for scans	`false`
sns_notification_role_arn	string	An Amazon Resource Name (ARN) for a Simple Notification Service (SNS) topic. Run	`""`
scan_maintenance_windows_targets	list(object({ key : string	The map of tags for targetting which EC2 instances will be scaned	`[]`
install_maintenance_window_schedule	string	The schedule of the Maintenance Window in the form of a cron or rate expression	`"cron(0 0 21 ? * WED *)"`
ssm_bucket_versioning_enable	string	To enable or disable S3 bucket versioning for the log bucket.	`true`
tenant	string	ID element _(Rarely used, not included by default)_. A customer identifier, indi	`null`
label_value_case	string	Controls the letter case of ID elements (labels) as included in `id`, set as tag	`null`
install_patch_groups	list(string)	The targets to register with the maintenance window. In other words, the instanc	`[ "TOPATCH" ]`
name	string	ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'. Thi	`null`
attributes	list(string)	ID element. Additional attributes (e.g. `workers` or `cluster`) to add to `id`,	`[]`
label_key_case	string	Controls the letter case of the `tags` keys (label names) for tags generated by	`null`
namespace	string	ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp'	`null`
install_maintenance_window_duration	number	The duration of the maintenence windows (hours)	`3`
approved_patches	list(string)	A list of explicitly approved patches for the baseline	`[]`
… and 10 more inputs

Outputs (10)

ssm_patch_log_s3_bucket_id — SSM Patch Manager s3 log bucket ID

scan_maintenance_window_task_id — SSM Patch Manager scan maintenance windows task ID

install_patch_group_id — SSM Patch Manager install patch group ID

ssm_patch_log_s3_bucket_arn — SSM Patch Manager s3 log bucket ARN

install_maintenance_window_task_id — SSM Patch Manager install maintenance windows task ID

scan_maintenance_window_target_id — SSM Patch Manager scan maintenance window target ID

install_maintenance_window_target_id — SSM Patch Manager install maintenance window target ID

install_maintenance_window_id — SSM Patch Manager install maintenance window ID

patch_baseline_arn — SSM Patch Manager patch baseline ARN

scan_patch_group_id — SSM Patch Manager scan patch group ID

Resources (5)

aws_ssm_maintenance_windowaws_ssm_maintenance_window_targetaws_ssm_maintenance_window_taskaws_ssm_patch_baselineaws_ssm_patch_group

Topics & Tags

ssm manager compliance

Details

FrameworkTerraform Module

LanguageHCL

Version1.0.2

Cloud AWS

★ Stars30

Forks19

Total downloads78.7k

Inputs50

Outputs10

Resources5

Examples1

LicenseApache-2.0

Namespacecloudposse

Updated

Similar packages

ssm-parameter-store

Terraform module to populate AWS Systems Manager (SSM) Parameter Store with valu

★ 119ssm

ec2-bastion-server

Terraform module to define a generic Bastion host with parameterized user_data a

★ 169ssm

config

This module configures AWS Config, a service that enables you to assess, audit,

★ 48compliance

waf

★ 52compliance