Resource: aws_ssm_document

Provides an SSM Document resource

Example Usage

Create an ssm document in JSON format

resource "aws_ssm_document" "foo" {
  name          = "test_document"
  document_type = "Command"

  content = <<DOC
  {
    "schemaVersion": "1.2",
    "description": "Check ip configuration of a Linux instance.",
    "parameters": {

    },
    "runtimeConfig": {
      "aws:runShellScript": {
        "properties": [
          {
            "id": "0.aws:runShellScript",
            "runCommand": ["ifconfig"]
          }
        ]
      }
    }
  }
DOC
}

Create an ssm document in YAML format

resource "aws_ssm_document" "foo" {
  name            = "test_document"
  document_format = "YAML"
  document_type   = "Command"

  content = <<DOC
schemaVersion: '1.2'
description: Check ip configuration of a Linux instance.
parameters: {}
runtimeConfig:
  'aws:runShellScript':
    properties:
      - id: '0.aws:runShellScript'
        runCommand:
          - ifconfig
DOC
}

Argument Reference

This resource supports the following arguments:

attachments_source block

The attachments_source configuration block supports the following arguments:

Permissions

The permissions attribute specifies how you want to share the document. If you share a document privately, you must specify the AWS user account IDs for those people who can use the document. If you share a document publicly, you must specify All as the account ID.

The permissions map supports the following:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

parameter block

The parameter configuration block provides the following attributes:

Import

In Terraform v1.5.0 and later, use an import block to import SSM Documents using the name. For example:

import {
  to = aws_ssm_document.example
  id = "example"
}

Using terraform import, import SSM Documents using the name. For example:

% terraform import aws_ssm_document.example example

The attachments_source argument does not have an SSM API method for reading the attachment information detail after creation. If the argument is set in the Terraform configuration on an imported resource, Terraform will always show a difference. To workaround this behavior, either omit the argument from the Terraform configuration or use ignore_changes to hide the difference. For example:

resource "aws_ssm_document" "test" {
  name          = "test_document"
  document_type = "Package"

  attachments_source {
    key    = "SourceUrl"
    values = ["s3://${aws_s3_bucket.object_bucket.bucket}/test.zip"]
  }

  # There is no AWS SSM API for reading attachments_source info directly
  lifecycle {
    ignore_changes = [attachments_source]
  }
}