AWS::SSM::ResourceDataSync - Amazon CloudFormation
SyntaxPropertiesReturn valuesExamplesSee also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AWS::SSM::ResourceDataSync

The AWS::SSM::ResourceDataSync resource creates, updates, or deletes a resource data sync for Amazon Systems Manager. A resource data sync helps you view data from multiple sources in a single location. Systems Manager offers two types of resource data sync: SyncToDestination and SyncFromSource.

You can configure Systems Manager Inventory to use the SyncToDestination type to synchronize Inventory data from multiple Amazon Web Services Regions to a single Amazon S3 bucket.

You can configure Systems Manager Explorer to use the SyncFromSource type to synchronize operational work items (OpsItems) and operational data (OpsData) from multiple Amazon Web Services Regions. This type can synchronize OpsItems and OpsData from multiple Amazon accounts and Regions or from an EntireOrganization by using Amazon Organizations.

A resource data sync is an asynchronous operation that returns immediately. After a successful initial sync is completed, the system continuously syncs data.

By default, data is not encrypted in Amazon S3. We strongly recommend that you enable encryption in Amazon S3 to ensure secure data storage. We also recommend that you secure access to the Amazon S3 bucket by creating a restrictive bucket policy.

For more information, see Configuring Inventory Collection and Setting Up Systems Manager Explorer to Display Data from Multiple Accounts and Regions in the Amazon Systems Manager User Guide.

Important: The following Syntax section shows all fields that are supported for a resource data sync. The Examples section below shows the recommended way to specify configurations for each sync type. Please see the Examples section when you create your resource data sync.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "Type" : "AWS::SSM::ResourceDataSync",
  "Properties" : {
      "BucketName" : String,
      "BucketPrefix" : String,
      "BucketRegion" : String,
      "KMSKeyArn" : String,
      "S3Destination" : S3Destination,
      "SyncFormat" : String,
      "SyncName" : String,
      "SyncSource" : SyncSource,
      "SyncType" : String
    }
}

YAML

Type: AWS::SSM::ResourceDataSync
Properties: 
  BucketName: String
  BucketPrefix: String
  BucketRegion: String
  KMSKeyArn: String
  S3Destination: 
    S3Destination
  SyncFormat: String
  SyncName: String
  SyncSource: 
    SyncSource
  SyncType: String

Properties

BucketName

The name of the S3 bucket where the aggregated data is stored.

Required: No

Type: String

Minimum: 1

Maximum: 2048

Update requires: Replacement

BucketPrefix

An Amazon S3 prefix for the bucket.

Required: No

Type: String

Minimum: 1

Maximum: 256

Update requires: Replacement

BucketRegion

The Amazon Web Services Region with the S3 bucket targeted by the resource data sync.

Required: No

Type: String

Minimum: 1

Maximum: 64

Update requires: Replacement

KMSKeyArn

The ARN of an encryption key for a destination in Amazon S3. You can use a KMS key to encrypt inventory data in Amazon S3. You must specify a key that exist in the same region as the destination Amazon S3 bucket.

Required: No

Type: String

Minimum: 1

Maximum: 512

Pattern: arn:.*

Update requires: Replacement

S3Destination

Configuration information for the target S3 bucket.

Required: No

Type: S3Destination

Update requires: Replacement

SyncFormat

A supported sync format. The following format is currently supported: JsonSerDe

Required: No

Type: String

Allowed values: JsonSerDe

Update requires: Replacement

SyncName

A name for the resource data sync.

Required: Yes

Type: String

Minimum: 1

Maximum: 64

Update requires: Replacement

SyncSource

Information about the source where the data was synchronized.

Required: No

Type: SyncSource

Update requires: No interruption

SyncType

The type of resource data sync. If SyncType is SyncToDestination, then the resource data sync synchronizes data to an S3 bucket. If the SyncType is SyncFromSource then the resource data sync synchronizes data from Amazon Organizations or from multiple Amazon Web Services Regions.

Required: No

Type: String

Minimum: 1

Maximum: 64

Update requires: Replacement

Return values

Ref

When you pass the logical ID of this resource to the intrinsic Reffunction, Refreturns the name of the resource data sync, such as TestResourceDataSync.

For more information about using the Reffunction, see Ref.

Fn::GetAtt

SyncName

The name of the resource data sync.

Examples

Create a SyncToDestination resource data sync

The following example synchronizes Systems Manager Inventory metadata in the US East (Ohio) Region (us-east-2) to a single Amazon S3 bucket. Resource data sync then automatically updates the centralized data when new data is collected.

JSON

{
    "Description": "Create a resource data sync for Systems Manager",
    "Resources": {
        "BasicResourceDataSync": {
            "Type": "AWS::SSM::ResourceDataSync",
            "Properties": {
                "SyncName": "test-sync",
                "SyncType": "SyncToDestination",
                "S3Destination": {
                    "BucketName": "test-bucket",
                    "BucketRegion": "us-east-2",
                    "SyncFormat": "JsonSerDe",
                    "BucketPrefix": "cfn",
                    "KMSKeyArn": "kmsKeyARN"
                }
            }
        }
    }
}

YAML

---
Description: Create a resource data sync for Systems Manager
Resources:
  BasicResourceDataSync:
    Type: AWS::SSM::ResourceDataSync
    Properties:
      SyncName: test-sync
      SyncType: SyncToDestination
      S3Destination:
        BucketName: test-bucket
        BucketRegion: us-east-2
        SyncFormat: JsonSerDe
        BucketPrefix: cfn
        KMSKeyArn: kmsKeyARN

Create a SyncFromSource resource data sync with type SingleAccountMultipleRegions

The following example synchronizes Systems Manager Explorer OpsData and OpsItems from multiple Amazon Web Services Regions in a single Amazon Web Services account.

JSON

{
    "Description": "Create a resource data sync for Systems Manager Explorer",
    "Resources": {
        "BasicResourceDataSync": {
            "Type": "AWS::SSM::ResourceDataSync",
            "Properties": {
                "SyncName": "test-sync",
                "SyncType": "SyncFromSource",
                "SyncSource": {
                    "SourceType": "SingleAccountMultiRegions",
                    "SourceRegions": [
                        "us-east-1",
                        "us-west-1",
                        "us-west-2"
                    ],
                    "IncludeFutureRegions": false
                }
            }
        }
    }
}

YAML

---
Description: Create a resource data sync for Systems Manager Explorer
Resources:
  BasicResourceDataSync:
    Type: AWS::SSM::ResourceDataSync
    Properties:
      SyncName: test-sync
      SyncType: SyncFromSource
      SyncSource:
        SourceType: SingleAccountMultiRegions
        SourceRegions:
        - us-east-1
        - us-west-1
        - us-west-2
        IncludeFutureRegions: false

Create a SyncFromSource resource data sync with type EntireOrganization

The following example synchronizes Systems Manager Explorer OpsData and OpsItems from your entire organization in Amazon Organizationsin the us-west-1 Region.

JSON

{
    "Description": "Create a resource data sync for Systems Manager Explorer",
    "Resources": {
        "BasicResourceDataSync": {
            "Type": "AWS::SSM::ResourceDataSync",
            "Properties": {
                "SyncName": "test-sync",
                "SyncType": "SyncFromSource",
                "SyncSource": {
                    "SourceType": "AwsOrganizations",
                    "AwsOrganizationsSource": {
                        "OrganizationSourceType": "EntireOrganization"
                    },
                    "SourceRegions": [
                        "us-west-1"
                    ],
                    "IncludeFutureRegions": false
                }
            }
        }
    }
}

YAML

---
Description: Create a resource data sync for Systems Manager Explorer
Resources:
  BasicResourceDataSync:
    Type: AWS::SSM::ResourceDataSync
    Properties:
      SyncName: test-sync
      SyncType: SyncFromSource
      SyncSource:
        SourceType: AwsOrganizations
        AwsOrganizationsSource:
          OrganizationSourceType: EntireOrganization
        SourceRegions:
        - us-west-1
        IncludeFutureRegions: false

Creating a SyncFromSource resource data sync with type OrganizationalUnits

The following example synchronizes Systems Manager Explorer OpsData and OpsItems from organization unit 12345 in Amazon Organizations in the us-west-1 Region.

JSON

{
    "Description": "Create a resource data sync for Systems Manager Explorer",
    "Resources": {
        "BasicResourceDataSync": {
            "Type": "AWS::SSM::ResourceDataSync",
            "Properties": {
                "SyncName": "test-sync",
                "SyncType": "SyncFromSource",
                "SyncSource": {
                    "SourceType": "AwsOrganizations",
                    "AwsOrganizationsSource": {
                        "OrganizationSourceType": "OrganizationalUnits",
                        "OrganizationalUnits": [
                            "ou-12345"
                        ]
                    },
                    "SourceRegions": [
                        "us-west-1"
                    ],
                    "IncludeFutureRegions": false
                }
            }
        }
    }
}

YAML

---
Description: Create a resource data sync for Systems Manager Explorer
Resources:
  BasicResourceDataSync:
    Type: AWS::SSM::ResourceDataSync
    Properties:
      SyncName: test-sync
      SyncType: SyncFromSource
      SyncSource:
        SourceType: AwsOrganizations
        AwsOrganizationsSource:
          OrganizationSourceType: OrganizationalUnits
          OrganizationalUnits:
          - ou-12345
        SourceRegions:
        - us-west-1
        IncludeFutureRegions: false

See also