Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

AWS CloudFormation Automated Patching

0

Hi i have drafted the below cloudformation template and i endup with an error "template format error: Unrecognized parameter type: List AWS::EC2::i-0d2d51ddccb0a3109" kindly help me to fix the issue { "AWSTemplateFormatVersion": "2010-09-09", "Parameters": { "InstanceIds": { "Type": "List AWS::EC2::i-0d2d51ddccb0a3109", "Description": "List of EC2 instance IDs to patch." } }, "Resources": { "PatchBaseline": { "Type": "AWS::SSM::PatchBaseline", "Properties": { "Name": "MyPatchBaseline", "OperatingSystem": "WINDOWS", "ApprovalRules": { "PatchRules": [ { "PatchFilterGroup": [ { "Key": "PRODUCT", "Values": [ "WindowsServer2019" ] } ] }, { "ApproveAfterDays": 7 }, { "ComplianceLevel": "CRITICAL" } ] }, "GlobalFilters": { "PatchFilters": [ { "Key": "PRODUCT", "Values": [ "WindowsServer2019" ] } ] }, "ApprovedPatchesEnableNonSecurity": true } }, "MaintenanceWindow": { "Type": "AWS::SSM::MaintenanceWindow", "Properties": { "Name": "MyMaintenanceWindow", "Schedule": "cron(0 2 ? * SUN *)", "Duration": 3, "Cutoff": 1, "AllowUnassociatedTargets": false } }, "MaintenanceWindowTarget": { "Type": "AWS::SSM::MaintenanceWindowTarget", "Properties": { "Name": "MyMaintenanceWindowTarget", "WindowId": { "Ref": "MaintenanceWindow" }, "ResourceType": "INSTANCE", "Targets": [ { "Key": "InstanceIds", "Values": { "Ref": "InstanceIds" } } ], "OwnerInformation": "Patch Windows instances" } }, "MaintenanceWindowTask": { "Type": "AWS::SSM::MaintenanceWindowTask", "Properties": { "Name": "MyMaintenanceWindowTask", "TaskArn": "AWS-RunPatchBaseline", "ServiceRoleArn": { "Fn::GetAtt": [ "MaintenanceWindowRole", "Arn" ] }, "TaskInvocationParameters": { "MaintenanceWindowId": { "Ref": "MaintenanceWindow" }, "TaskParameters": { "Operation": [ "Scan", "Install" ] } }, "Priority": 1, "MaxConcurrency": "1", "MaxErrors": "1", "Targets": [ { "Key": "WindowTargetIds", "Values": [ { "Ref": "MaintenanceWindowTarget" } ] } ] } }, "MaintenanceWindowRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "ssm.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "MaintenanceWindowPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:UpdateInstanceInformation", "ssm:ListCommands", "ssm:ListCommandInvocations", "ssm:GetCommandInvocation", "ec2messages:AcknowledgeMessage", "s3:PutObject" ], "Resource": "*" } ] } } ] } }, "PatchingLogsBucket": { "Type": "AWS::S3::Bucket", "Properties": { "BucketName": "my-patching-logs-bucket", "AccessControl": "Private" } }, "PatchingLogsRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "lambda.amazonaws.com" }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "PatchingLogsPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": { "Fn::Sub": "arn:aws:s3:::${PatchingLogsBucket}/*" } } ] } } ] } }, "PatchingLogsLambda": { "Type": "AWS::Lambda::Function", "Properties": { "FunctionName": "PatchingLogsFunction", "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "PatchingLogsRole", "Arn" ] }, "Runtime": "python3.8", "Code": { "S3Bucket": "your-lambda-code-bucket", "S3Key": "your-lambda-code-key.zip" }, "Environment": { "Variables": { "S3_BUCKET": { "Ref": "PatchingLogsBucket" } } } } } }, "Outputs": { "MaintenanceWindowId": { "Description": "ID of the created Maintenance Window", "Value": { "Ref": "MaintenanceWindow" } } } }

Themen
Management & Unternehmensführung
Tags
AWS CloudFormationAWS Systemmanager
Sprache
English
Manoj
gefragt vor 6 Monaten186 Aufrufe
1 Antwort
0

Hello.

Judging from the contents of the error, the problem seems to be the type of "InstanceIds" in "Parameters".
As stated in the document below, the type "List AWS::EC2::i-0d2d51ddccb0a3109" does not exist.
So, what you want to do would be a template like the one below.
The part marked AWS::EC2::Instance::Id is an AWS-specific parameter, so please use it as is without changing it.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/parameters-section-structure.html#parameters-section-structure-properties

{
	"AWSTemplateFormatVersion": "2010-09-09",
	"Parameters": {
		"InstanceIds": {
			"Type": "List<AWS::EC2::Instance::Id>",
			"Description": "List of EC2 instance IDs to patch."
		}
	},
	"Resources": {
		"PatchBaseline": {
			"Type": "AWS::SSM::PatchBaseline",
			"Properties": {
				"Name": "MyPatchBaseline",
				"OperatingSystem": "WINDOWS",
				"ApprovalRules": {
					"PatchRules": [
						{
							"PatchFilterGroup": [
								{
									"Key": "PRODUCT",
									"Values": [
										"WindowsServer2019"
									]
								}
							]
						},
						{
							"ApproveAfterDays": 7
						},
						{
							"ComplianceLevel": "CRITICAL"
						}
					]
				},
				"GlobalFilters": {
					"PatchFilters": [
						{
							"Key": "PRODUCT",
							"Values": [
								"WindowsServer2019"
							]
						}
					]
				},
				"ApprovedPatchesEnableNonSecurity": true
			}
		},
		"MaintenanceWindow": {
			"Type": "AWS::SSM::MaintenanceWindow",
			"Properties": {
				"Name": "MyMaintenanceWindow",
				"Schedule": "cron(0 2 ? * SUN *)",
				"Duration": 3,
				"Cutoff": 1,
				"AllowUnassociatedTargets": false
			}
		},
		"MaintenanceWindowTarget": {
			"Type": "AWS::SSM::MaintenanceWindowTarget",
			"Properties": {
				"Name": "MyMaintenanceWindowTarget",
				"WindowId": {
					"Ref": "MaintenanceWindow"
				},
				"ResourceType": "INSTANCE",
				"Targets": [
					{
						"Key": "InstanceIds",
						"Values": {
							"Ref": "InstanceIds"
						}
					}
				],
				"OwnerInformation": "Patch Windows instances"
			}
		},
		"MaintenanceWindowTask": {
			"Type": "AWS::SSM::MaintenanceWindowTask",
			"Properties": {
				"Name": "MyMaintenanceWindowTask",
				"TaskArn": "AWS-RunPatchBaseline",
				"ServiceRoleArn": {
					"Fn::GetAtt": [
						"MaintenanceWindowRole",
						"Arn"
					]
				},
				"TaskInvocationParameters": {
					"MaintenanceWindowId": {
						"Ref": "MaintenanceWindow"
					},
					"TaskParameters": {
						"Operation": [
							"Scan",
							"Install"
						]
					}
				},
				"Priority": 1,
				"MaxConcurrency": "1",
				"MaxErrors": "1",
				"Targets": [
					{
						"Key": "WindowTargetIds",
						"Values": [
							{
								"Ref": "MaintenanceWindowTarget"
							}
						]
					}
				]
			}
		},
		"MaintenanceWindowRole": {
			"Type": "AWS::IAM::Role",
			"Properties": {
				"AssumeRolePolicyDocument": {
					"Version": "2012-10-17",
					"Statement": [
						{
							"Effect": "Allow",
							"Principal": {
								"Service": "ssm.amazonaws.com"
							},
							"Action": "sts:AssumeRole"
						}
					]
				},
				"Policies": [
					{
						"PolicyName": "MaintenanceWindowPolicy",
						"PolicyDocument": {
							"Version": "2012-10-17",
							"Statement": [
								{
									"Effect": "Allow",
									"Action": [
										"ssm:UpdateInstanceInformation",
										"ssm:ListCommands",
										"ssm:ListCommandInvocations",
										"ssm:GetCommandInvocation",
										"ec2messages:AcknowledgeMessage",
										"s3:PutObject"
									],
									"Resource": "*"
								}
							]
						}
					}
				]
			}
		},
		"PatchingLogsBucket": {
			"Type": "AWS::S3::Bucket",
			"Properties": {
				"BucketName": "my-patching-logs-bucket",
				"AccessControl": "Private"
			}
		},
		"PatchingLogsRole": {
			"Type": "AWS::IAM::Role",
			"Properties": {
				"AssumeRolePolicyDocument": {
					"Version": "2012-10-17",
					"Statement": [
						{
							"Effect": "Allow",
							"Principal": {
								"Service": "lambda.amazonaws.com"
							},
							"Action": "sts:AssumeRole"
						}
					]
				},
				"Policies": [
					{
						"PolicyName": "PatchingLogsPolicy",
						"PolicyDocument": {
							"Version": "2012-10-17",
							"Statement": [
								{
									"Effect": "Allow",
									"Action": [
										"s3:PutObject"
									],
									"Resource": {
										"Fn::Sub": "arn:aws:s3:::${PatchingLogsBucket}/*"
									}
								}
							]
						}
					}
				]
			}
		},
		"PatchingLogsLambda": {
			"Type": "AWS::Lambda::Function",
			"Properties": {
				"FunctionName": "PatchingLogsFunction",
				"Handler": "index.handler",
				"Role": {
					"Fn::GetAtt": [
						"PatchingLogsRole",
						"Arn"
					]
				},
				"Runtime": "python3.8",
				"Code": {
					"S3Bucket": "your-lambda-code-bucket",
					"S3Key": "your-lambda-code-key.zip"
				},
				"Environment": {
					"Variables": {
						"S3_BUCKET": {
							"Ref": "PatchingLogsBucket"
						}
					}
				}
			}
		}
	},
	"Outputs": {
		"MaintenanceWindowId": {
			"Description": "ID of the created Maintenance Window",
			"Value": {
				"Ref": "MaintenanceWindow"
			}
		}
	}
}
profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor 6 Monaten
profile pictureAWS
EXPERTE
Didier_Durand
überprüft vor 6 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt