I have a SSM Automation document which as one of its steps, calls another automation document which return two values.
I can see the output from the call to the child document back in the parent document, but I can't seem to find a way to reference it.
Outputs
ClientToken
38014768-65e1-4a3a-821d-9xxxxxxxxxx
ExecutionId
38014768-65e1-4a3a-821d-97acxxxxxxxxxxx
Output
This is a message to pass into the updatefinding step, SUPPRESSED
Status
Success
If the output was in the parent document I would have used {{ParentDocumentStepName.outputvalue}}, but when I try that as {{ParentDocStepWhichCallsSubDocument.outputvalue}} it doesnt seem to resolve. Does anyone have any suggestions for things to try?
Here is my parent document:
description: |
### Document Name - TestParent
## What does this document do?
This is the parent for a test of Parent to child testing
## Input Parameters
None
## Output Parameters
None
schemaVersion: '0.3'
assumeRole: ''
mainSteps:
- name: Remediation
action: 'aws:executeAutomation'
isEnd: false
inputs:
DocumentName: TestChild
RuntimeParameters:
AutomationAssumeRole: 'arn:{{global:AWS_PARTITION}}:iam::{{global:ACCOUNT_ID}}:role/SO0111-ConfigureS3ServerAccessLogging'
outputs:
- Name: remediationOutputMessage
Selector: $.Payload.RemediationResultStatus
Type: String
- Name: remediationOutputStatus
Selector: $.Payload.RemediationResultMessage
Type: String
- name: UpdateFinding
action: 'aws:executeScript'
inputs:
Runtime: python3.8
Handler: script_handler
Script: |-
def script_handler(events, context):
print(events)
return {'message': 'Hello'}
InputPayload:
message: '{{Remediation.remediationOutputMessage}}'
description: Update finding
isEnd: true
And here is my Child Document:
description: |
### Document Name - TestChild
## What does this document do?
returns a json object fixed for testing
## Input Parameters
* AutomationAssumeRole: (Required) The ARN of the role that allows Automation to perform the actions on your behalf.
## Output Parameters
* Remediation Result Status
* Remediation Result Status
schemaVersion: '0.3'
assumeRole: '{{ AutomationAssumeRole }}'
outputs:
- RemediateTargetBucket.RemediationResultStatus
- RemediateTargetBucket.RemediationResultMessage
parameters:
AutomationAssumeRole:
type: String
description: (Required) The ARN of the role that allows Automation to perform the actions on your behalf.
allowedPattern: '^arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/[\w+=,.@-]+'
mainSteps:
- name: RemediateTargetBucket
action: 'aws:executeScript'
description: |
Returns a fixed json object
```
{
'message': 'This is a message to pass into the updatefinding step',
'resourceBucketName': 'bucket1',
'LoggingBucketName': 'bucket2',
'status': 'SUPPRESSED'
}
```
timeoutSeconds: 60
isCritical: true
isEnd: true
inputs:
Runtime: python3.8
Handler: lambda_handler
Script: |
import json
def lambda_handler(event, context):
return {
'message': 'This is a message to pass into the updatefinding step',
'resourceBucketName': 'bucket1',
'LoggingBucketName': 'bucket2',
'status': 'SUPPRESSED'
}
outputs:
- Name: RemediationResultMessage
Selector: $.Payload.message
Type: String
- Name: RemediationResultStatus
Selector: $.Payload.status
Type: String
what if the next step you need the output in isn't a script you can use to parse 'Output'? how can you reference individual bits? or more directly, how to return individually referenceable data from a script?