aws.ssm resources

• aws.ssm-activation

• aws.ssm-managed-instance

• aws.ssm-parameter

aws.ssm-activation

Filters

• event

• finding

• value

Actions

• delete

• invoke-lambda

• invoke-sfn

• notify

• put-metric

• webhook

delete

properties:
  type:
    enum:
    - delete
required:
- type

aws.ssm-managed-instance

Filters

• event

• finding

• value

Actions

• invoke-lambda

• invoke-sfn

• notify

• post-finding

• put-metric

• send-command

• webhook

send-command

Run an SSM Automation Document on an instance.

Example

Find ubuntu 18.04 instances are active with ssm.

policies:
  - name: ec2-osquery-install
    resource: ec2
    filters:
      - type: ssm
        key: PingStatus
        value: Online
      - type: ssm
        key: PlatformName
        value: Ubuntu
      - type: ssm
        key: PlatformVersion
        value: 18.04
    actions:
      - type: send-command
        command:
          DocumentName: AWS-RunShellScript
          Parameters:
            commands:
              - wget https://pkg.osquery.io/deb/osquery_3.3.0_1.linux.amd64.deb
              - dpkg -i osquery_3.3.0_1.linux.amd64.deb

properties:
  command:
    type: object
  type:
    enum:
    - send-command
required:
- command

aws.ssm-parameter

Filters

• event

• finding

• marked-for-op

• tag-count

• value

Actions

• auto-tag-user

• copy-related-tag

• invoke-lambda

• invoke-sfn

• mark-for-op

• notify

• post-finding

• put-metric

• remove-tag

• tag

• webhook