Amazon EC2 Systems Manager
用户指南
AWS 服务或AWS文档中描述的功能,可能因地区/位置而异。点 击 Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Automation 系统变量

以下变量在 Systems Manager Automation 文档中使用。

系统变量

Automation 文档目前支持以下系统变量。

变量 详细信息

global:DATE

格式为 yyyy-MM-dd 的日期 (执行时间)。

global:DATE_TIME

格式为 yyyy-MM-dd_HH.mm.ss 的日期和时间 (执行时间)。

global:REGION

在其中执行文档的区域。例如,us-east-1。

Automation 变量

Automation 文档目前支持以下自动化变量。

变量 详细信息

automation:EXECUTION_ID

分配给当前自动化执行的唯一标识符。例如,1a2b3c-1a2b3c-1a2b3c-1a2b3c1a2b3c1a2b3c。

术语

以下术语描述了如何解析变量和参数。

术语 定义 示例

常量 ARN

没有变量的有效 ARN

arn:aws:iam::123456789012:role/roleName

文档参数

在 Automation 文档的文档级别定义的参数 (例如,instanceId)。可在替换基本字符串时使用该参数。系统会在启动执行时间提供该参数的值。

Copy
{ "description": "Create Image Demo", "version": "0.3", "assumeRole": "Your_Automation_Assume_Role_ARN", "parameters":{ "instanceId": { "type": "STRING", "description": "Instance to create image from" } }

系统变量

在评估文档的任何部分时,被替换到文档中的常规变量。

Copy
"activities": [ { "id": "copyImage", "activityType": "AWS-CopyImage", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "ImageName": "{{imageName}}", "SourceImageId": "{{sourceImageId}}", "SourceRegion": "{{sourceRegion}}", "Encrypted": true, "ImageDescription": "Test CopyImage Description created on {{global:DATE}}" } } ]

Automation 变量

在评估文档的任何部分时,被替换到文档中且与自动化执行相关的变量。

Copy
{ "name": "runFixedCmds", "action": "aws:runCommand", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "DocumentName": "AWS-RunPowerShellScript", "InstanceIds": [ "{{LaunchInstance.InstanceIds}}" ], "Parameters": { "commands": [ "dir", "date", "echo {Hello {{ssm:administratorName}}}", "“{{outputFormat}}” -f “left”,”right”,”{{global:DATE}}”,”{{automation:EXECUTION_ID}}”,”{{global:TIME}}”" ] } } }

SSM 参数

参数服务中定义的变量。该参数未被声明为文档参数。它可能需要相应访问权限。

Copy
{ "description": "Run Command Demo", "schemaVersion": "0.3", "assumeRole": "arn:aws:iam::123456789012:role/roleName", "parameters": { "commands": { "type": "STRING_LIST", "description": "list of commands to execute as part of first step" }, "instanceIds": { "type": "STRING_LIST", "description": "list of instances to execute commands on" } }, "mainSteps": [ { "name": "runFixedCmds", "action": "aws:runCommand", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "DocumentName": "AWS-RunPowerShellScript", "InstanceIds": [ "{{LaunchInstance.InstanceIds}}" ], "Parameters": { "commands": [ "dir", "date", "echo {Hello {{ssm:administratorName}}}", ""{{outputFormat}}" -f "left","right","{{global:DATE}}","{{automation:EXECUTION_ID}}","{{global:TIME}}"" ] } } }

支持的场景

场景 注释 示例

创建时的常量 ARN assumeRole

将执行授权检查,以确定是否允许调用用户传递给定的代入角色。

Copy
{ "description": "Test all Automation resolvable parameters", "schemaVersion": "0.3", "assumeRole": "arn:aws:iam::123456789012:role/roleName", "parameters": { ...

创建时为 assumeRole 提供的文档参数

必须在文档的参数列表中定义。

Copy
{ "description": "Test all Automation resolvable parameters", "schemaVersion": "0.3", "assumeRole": "{{dynamicARN}}", "parameters": { ...

启动时为文档参数提供的值。

客户提供要用于参数的值。需在文档的参数列表中定义在启动时提供的所有执行输入。

Copy
... "parameters": { "amiId": { "type": "STRING", "default": "ami-7f2e6015", "description": "list of commands to execute as part of first step" }, ...

启动 Automation 执行的输入包括:{"amiId" : ["ami-12345678"] }

在步骤定义中引用的 SSM 参数

客户账户中存在的变量,且文档的 assumeRole 有权访问该变量。创建时会执行检查,以确认 assumeRole 是否拥有访问权限。无需在文档的参数列表中设置 SSM 参数。

Copy
... "mainSteps": [ { "name": "RunSomeCommands", "action": "aws:runCommand", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "DocumentName": "AWS:RunPowerShell", "InstanceIds": [{{LaunchInstance.InstanceIds}}], "Parameters": { "commands" : [ "echo {Hello {{ssm:administratorName}}}" ] } } }, ...

在步骤定义中引用的系统变量

执行时被替换到文档中的系统变量。注入到文档中的值与替换发生的时间相关。举例来说,由于在执行步骤之间需要花费一定时间,因此在步骤 1 中注入的时间变量的值将与在步骤 3 中注入的值不同。无需在文档的参数列表中设置系统变量。

Copy
... "mainSteps": [ { "name": "RunSomeCommands", "action": "aws:runCommand", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "DocumentName": "AWS:RunPowerShell", "InstanceIds": [{{LaunchInstance.InstanceIds}}], "Parameters": { "commands" : [ "echo {The time is now {{global:TIME}}}" ] } } }, ...

在步骤定义中引用的 Automation 变量。

无需在文档的参数列表中设置 Automation 变量。唯一的受支持 Automation 变量是 automation:EXECUTION_ID

Copy
... "mainSteps": [ { "name": "invokeLambdaFunction", "action": "aws:invokeLambdaFunction", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "FunctionName": "Hello-World-LambdaFunction", "Payload" : "{ "executionId" : "{{automation:EXECUTION_ID}}" }" } } ...

在下一步的定义中参考上一步的输出。

这是一个参数重定向。可使用语法 {{stepName.OutputName}} 引用上一步的输出。客户不能将该语法用于文档参数。系统会在执行引用步骤时解决该问题。文档参数中未列出该参数。

Copy
... "mainSteps": [ { "name": "LaunchInstance", "action": "aws:runInstances", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "ImageId": "{{amiId}}", "MinInstanceCount": 1, "MaxInstanceCount": 2 } }, { "name":"changeState", "action": "aws:changeInstanceState", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "InstanceIds": ["{{LaunchInstance.InstanceIds}}"], "DesiredState": "terminated" } } ...

不支持的场景

场景 评论 示例

创建时为 assumeRole 提供的 SSM 参数

不支持.

Copy
... { "description": "Test all Automation resolvable parameters", "schemaVersion": "0.3", "assumeRole": "{{ssm:administratorRoleARN}}", "parameters": { ...

启动时为文档参数提供的 SSM 参数

用户在启动时提供了输入参数,而该参数是一个 SSM 参数

Copy
... "parameters": { "amiId": { "type": "STRING", "default": "ami-7f2e6015", "description": "list of commands to execute as part of first step" }, ... User supplies input : { "amiId" : "{{ssm:goldenAMIId}}" }

变量步骤定义

文档中步骤的定义由变量构建而成。

Copy
... "mainSteps": [ { "name": "LaunchInstance", "action": "aws:runInstances", "{{attemptModel}}": 1, "onFailure": "Continue", "inputs": { "ImageId": "ami-12345678", "MinInstanceCount": 1, "MaxInstanceCount": 2 } ... User supplies input : { "attemptModel" : "minAttempts" }

交叉引用文档参数

用户在启动时提供了输入参数,而该参数引用了文档中的另一参数。

Copy
... "parameters": { "amiId": { "type": "STRING", "default": "ami-7f2e6015", "description": "list of commands to execute as part of first step" }, "otherAmiId": { "type": "STRING", "description": "The other amiId to try if this one fails". "default" : "{{amiId}}" }, ...

多层扩展

文档定义了评估变量名称的变量。它位于变量分隔符 (即 {{ }}) 内,并扩展为变量/参数的值。

Copy
... "parameters": { "param1": { "type": "STRING", "default": "param2", "description": "The parameter to reference" }, "param2": { "type": "STRING", "default" : "echo {Hello world}", "description": "What to execute" } }, "mainSteps": [{ "name": "runFixedCmds", "action": "aws:runCommand", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "DocumentName": "AWS-RunPowerShellScript", "InstanceIds" : ""{{LaunchInstance.InstanceIds}}, "Parameters": { "commands": [ "{{ {{param1}} }}"] } ... Note: The customer intention here would be to execute a runCommand of "echo {Hello world}"