Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Example cloudformation template to enable aws systems manager inventory?

0

Hi all

I'm looking for a Cloudformation template to enable aws systems manager inventory. But I don't see any documentation on it. Anybody can provide a sample template?

Thanks.

Topics
Management & Governance
Tags
AWS Systems ManagerAWS CloudFormation
Language
English
asked 10 months ago352 views
2 Answers
0

Hello.

I assume that you have already created S3, but you can create an SSM inventory using the following CloudFormation template.
The bucket policy to be set for the S3 bucket is described in the following document.
https://docs.aws.amazon.com/systems-manager/latest/userguide/inventory-create-resource-data-sync.html#datasync-before-you-begin

AWSTemplateFormatVersion: 2010-09-09
Description: Systems Managers Inventory

Parameters:
  S3Bucket:
    Type: String

  SSMInventory:
    Type: AWS::SSM::Association
    Properties:
      AssociationName: Inventory-Association
      Name: AWS-GatherSoftwareInventory
      Targets:
        - Key: InstanceIds
          Values:
            - "*"
  ResourceDataSync:
    Type: 'AWS::SSM::ResourceDataSync'
    Properties:
      SyncName: Resource-Data-Sync
      BucketName: !Ref S3Bucket
      BucketRegion: !Sub ${AWS::Region}
      SyncFormat: JsonSerDe
EXPERT
answered 10 months ago
EXPERT
reviewed 10 months ago
-1

While there isn't a direct CloudFormation resource specifically for enabling AWS Systems Manager Inventory, you can achieve this by creating a Systems Manager association using CloudFormation. Here's an example of how you could structure a CloudFormation template to enable Systems Manager Inventory:

AWSTemplateFormatVersion: '2010-09-09'
Description: 'Enable AWS Systems Manager Inventory'

Resources:
  InventoryAssociation:
    Type: 'AWS::SSM::Association'
    Properties:
      Name: 'AWS-GatherSoftwareInventory'
      AssociationName: 'InventoryCollection'
      ScheduleExpression: 'rate(1 day)'
      Targets: 
        - Key: 'InstanceIds'
          Values: 
            - '*'
      Parameters:
        applications: 
          - 'Enabled'
        awsComponents:
          - 'Enabled'
        networkConfig:
          - 'Enabled'
        windowsUpdates:
          - 'Enabled'
        instanceDetailedInformation:
          - 'Enabled'
        services:
          - 'Enabled'

This template creates an AWS::SSM::Association resource that:

  1. Uses the AWS-GatherSoftwareInventory document, which is the Systems Manager document for collecting inventory.
  2. Sets up a schedule to run inventory collection daily.
  3. Targets all instances in the account.
  4. Enables collection of various inventory types like applications, AWS components, network configuration, Windows updates, instance detailed information, and services.

You can modify the ScheduleExpression and the Parameters section to adjust the frequency of inventory collection and the types of inventory data collected according to your needs.

Remember to ensure that your instances have the necessary IAM permissions to communicate with Systems Manager and that the SSM Agent is installed and running on your instances for this to work effectively.
Sources
Configuring inventory collection - AWS Systems Manager
Using Application Manager to manage AWS CloudFormation templates - AWS Systems Manager

answered 10 months ago
  • Sonic
    10 months ago

    This template returns an error, "Resource handler returned message: "Error occurred during operation 'CreateAssociation'.""

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content