SSM Documents and Run Command

Build on your understanding of SSM by learning about its key features.

AWS SSM documents

AWS SSM documents are predefined or custom documents written in JSON or YAML. SSM documents automate everyday administrative tasks, such as system maintenance and software deployment.

Points to note:

  • SSM documents have actions and parameters.
  • AWS has many prebuilt SSM documents that perform everyday tasks.
  • SSM documents are used with other SSM features like Run Command, AppConfig, State Manager, and more.
  • They can retrieve data from the SSM Parameter Store.

We can make our SSM documents public or share them with specific accounts in the same AWS Region. Here are some best practices for sharing SSM documents:

  • Remove sensitive information like passwords and API keys.
  • Block public sharing for documents unless specifically required.
  • Restrict Run Command actions using an IAM user trust policy.
  • Only use SSM documents from trusted sources.

Types of SSM documents

There are different types of SSM documents that can be used with different SSM services. Let’s look at some of them:

Get hands-on with 1200+ tech skills courses.