# SSM run command #resource "aws_ssm_document" "this" { # name = replace(title(var.description), " ", "") # document_type = "Command" # target_type = "/AWS::EC2::Instance" # content = jsonencode( # { # "schemaVersion" : "2.2", # "description" : "Run script for ${var.description}", # "parameters" : { # }, # "mainSteps" : [ # { # "action" : "aws:runShellScript", # "name" : "RunShellScript", # "inputs" : { # "runCommand" : var.shell-script-path # } # } # ] # } # ) #} resource "aws_ssm_maintenance_window" "this" { name = replace(title(var.description), " ", "") description = var.description schedule = var.cron-expression duration = var.maintenance-window-duration cutoff = 1 } resource "aws_ssm_maintenance_window_target" "this" { window_id = aws_ssm_maintenance_window.this.id name = replace(title(var.description), " ", "") description = var.description resource_type = "INSTANCE" targets { key = "InstanceIds" values = [var.instance-id] } } resource "aws_ssm_maintenance_window_task" "this" { name = replace(title(var.description), " ", "") max_concurrency = 1 max_errors = 1 priority = 1 task_arn = "AWS-RunShellScript" task_type = "RUN_COMMAND" window_id = aws_ssm_maintenance_window.this.id targets { key = "InstanceIds" values = [var.instance-id] } task_invocation_parameters { run_command_parameters { timeout_seconds = 60 # If this time is reached and the command has not already started executing, it doesn't run. cloudwatch_config { cloudwatch_log_group_name = aws_cloudwatch_log_group.this.name cloudwatch_output_enabled = true } parameter { name = "commands" values = [var.shell-script-path] } } } } resource "aws_cloudwatch_log_group" "this" { name = "/aws/ssm-maintenance/${replace(title(var.description), " ", "")}" retention_in_days = var.cloudwatch-log-retention-days log_group_class = "STANDARD" # infrequent access logs can only be viewed via insight }