Automation 系统变量 - Amazon Web Services Systems Manager
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

Automation 系统变量

Amazon Web Services Systems ManagerAutomation 运行手册使用以下变量。有关如何使用这些变量的示例,请查看AWS-UpdateWindowsAmi运行手册。

要查看 JSON 源,请查看AWS-UpdateWindowsAmi运行手册

  1. 打开Amazon Web Services Systems Manager控制台https://console.aws.amazon.com/systems-manager/

  2. 在导航窗格中,选择 Documents

  3. 在文档列表中,使用搜索栏或搜索栏右侧的数字选择 RunbookAWS-UpdateWindowsAmi

  4. 选择内容选项卡。

系统变量

Automation 运行手册目前支持以下系统变量。

变量 详细信息

global:ACCOUNT_ID

这些区域有:Amazon Web Services 账户在其中运行 Automation 的 AWS Identity and Access Management (IAM) 用户或角色的 ID。

global:DATE

格式为 yyyy-MM-dd 的日期(运行时间)。

global:DATE_TIME

格式为 Yyy-MM-dd_HHH.mm.ss 的日期和时间(运行时间)。

global:AWS_PARTITION

资源所处的分区。对于标准Amazon Web Services 区域,则分区为aws。对于位于其他分区中的资源,则分区为aws-partitionname。例如,资源的分区位于AmazonGovCloud(美国西部)地区为aws-us-gov

global:REGION

在其中运行 Runbook 的区域。例如,us-east-2。

Automation 变量

Automation Runbook 目前支持以下自动化变量。

变量 详细信息

automation:EXECUTION_ID

分配给当前自动化的唯一标识符。例如:1a2b3c-1a2b3c-1a2b3c-1a2b3c1a2b3c1a2b3c

Terminology

以下术语描述了如何解析变量和参数。

租期 定义 示例

常量 ARN

无变量的有效 Amazon 资源名称 (ARN)。

arn:aws:iam::123456789012:role/roleName

运行簿参数

在 Runbook 级别定义的参数(例如,instanceId)。可在替换基本字符串时使用该参数。系统会在启动执行时间提供该参数的值。

{ "description": "Create Image Demo", "version": "0.3", "assumeRole": "Your_Automation_Assume_Role_ARN", "parameters":{ "instanceId": { "type": "String", "description": "Instance to create image from" } }

系统变量

在评估 Runbook 的任何部分时,被替换到 Runbook 中的常规变量。

"activities": [ { "id": "copyImage", "activityType": "AWS-CopyImage", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "ImageName": "{{imageName}}", "SourceImageId": "{{sourceImageId}}", "SourceRegion": "{{sourceRegion}}", "Encrypted": true, "ImageDescription": "Test CopyImage Description created on {{global:DATE}}" } } ]

Automation 变量

在评估 Runbook 的任何部分时,被替换到 Runbook 中且与自动化相关的变量。

{ "name": "runFixedCmds", "action": "aws:runCommand", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "DocumentName": "AWS-RunPowerShellScript", "InstanceIds": [ "{{LaunchInstance.InstanceIds}}" ], "Parameters": { "commands": [ "dir", "date", "“{{outputFormat}}” -f “left”,”right”,”{{global:DATE}}”,”{{automation:EXECUTION_ID}}” ] } } }

Systems Manager 参数

在内定义的变量Amazon Web Services Systems ManagerParameter Store。该参数不能在步骤输入中直接引用。访问该参数可能需要权限。

description: Launch new Windows test instance schemaVersion: '0.3' assumeRole: '{{AutomationAssumeRole}}' parameters: AutomationAssumeRole: type: String default: '' description: >- (Required) The ARN of the role that allows Automation to perform the actions on your behalf. If no role is specified, Systems Manager Automation uses your IAM permissions to run this runbook. LatestAmi: type: String default: >- {{ssm:/aws/service/ami-windows-latest/Windows_Server-2016-English-Full-Base}} description: The latest Windows Server 2016 AMI queried from the public parameter. mainSteps: - name: launchInstance action: 'aws:runInstances' maxAttempts: 3 timeoutSeconds: 1200 onFailure: Abort inputs: ImageId: '{{LatestAmi}}' ...

支持的场景

场景 注释 示例

创建时的常量 ARN assumeRole

执行授权检查来验证是否允许调用用户传递给定的 assumeRole

{ "description": "Test all Automation resolvable parameters", "schemaVersion": "0.3", "assumeRole": "arn:aws:iam::123456789012:role/roleName", "parameters": { ...

为提供的运行手册参数AssumeRole启动自动化时。

必须在 Runbook 的参数列表中定义。

{ "description": "Test all Automation resolvable parameters", "schemaVersion": "0.3", "assumeRole": "{{dynamicARN}}", "parameters": { ...

启动时为 Runbook 参数提供的值。

客户提供要用于参数的值。开始时提供的所有输入都需要在 Runbook 的参数列表中定义。

... "parameters": { "amiId": { "type": "String", "default": "ami-12345678", "description": "list of commands to run as part of first step" }, ...

“Start Automation Execution (启动 Automation 执行)”的输入包括:{"amiId" : ["ami-12345678"] }

在 Runbook 内容中引用的 Systems Manager 参数。

变量存在于客户账户中,或者是公开访问的参数,并且AssumeRole对于 Runbook 可以访问变量。创建时将执行检查,以确认 AssumeRole 都不能访问它。不能在步骤输入中直接引用参数。

... parameters: LatestAmi: type: String default: >- {{ssm:/aws/service/ami-windows-latest/Windows_Server-2016-English-Full-Base}} description: The latest Windows Server 2016 AMI queried from the public parameter. mainSteps: - name: launchInstance action: 'aws:runInstances' maxAttempts: 3 timeoutSeconds: 1200 onFailure: Abort inputs: ImageId: '{{LatestAmi}}' ...

在步骤定义中引用的系统变量

启动 Automation 时被替换到 Runbook 中的系统变量。注入到 Runbook 中的值与替换发生的时间相关。换言之,由于在运行步骤之间需要花费一定时间,因此在步骤 1 中注入的时间变量的值将与在步骤 3 中注入的值不同。无需在 Runbook 的参数列表中设置系统变量。

... "mainSteps": [ { "name": "RunSomeCommands", "action": "aws:runCommand", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "DocumentName": "AWS:RunPowerShell", "InstanceIds": ["{{LaunchInstance.InstanceIds}}"], "Parameters": { "commands" : [ "echo {The time is now {{global:DATE_TIME}}}" ] } } }, ...

在步骤定义中引用的 Automation 变量。

无需在 Runbook 的参数列表中设置 Automation 变量。唯一的受支持 Automation 变量是 automation:EXECUTION_ID

... "mainSteps": [ { "name": "invokeLambdaFunction", "action": "aws:invokeLambdaFunction", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "FunctionName": "Hello-World-LambdaFunction", "Payload" : "{ "executionId" : "{{automation:EXECUTION_ID}}" }" } } ...

在下一步的定义中参考上一步的输出。

这是一个参数重定向。可使用语法 {{stepName.OutputName}} 引用上一步的输出。客户不能将该语法用于 Runbook 参数。在引用步骤运行时解决此问题。Runbook 参数中未列出该参数。

... "mainSteps": [ { "name": "LaunchInstance", "action": "aws:runInstances", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "ImageId": "{{amiId}}", "MinInstanceCount": 1, "MaxInstanceCount": 2 } }, { "name":"changeState", "action": "aws:changeInstanceState", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "InstanceIds": ["{{LaunchInstance.InstanceIds}}"], "DesiredState": "terminated" } } ...

不支持的场景

场景 评论 示例

为提供的 Systems Manager 参数assumeRole在创建

不支持。

... { "description": "Test all Automation resolvable parameters", "schemaVersion": "0.3", "assumeRole": "{{ssm:administratorRoleARN}}", "parameters": { ...

步骤输入中直接引用的 Systems Manager 参数。

在创建时返回 InvalidDocumentContent 异常。

... mainSteps: - name: launchInstance action: 'aws:runInstances' maxAttempts: 3 timeoutSeconds: 1200 onFailure: Abort inputs: ImageId: '{{ssm:/aws/service/ami-windows-latest/Windows_Server-2016-English-Full-Base}}' ...

变量步骤定义

运行手册中步骤的定义由变量构建而成。

... "mainSteps": [ { "name": "LaunchInstance", "action": "aws:runInstances", "{{attemptModel}}": 1, "onFailure": "Continue", "inputs": { "ImageId": "ami-12345678", "MinInstanceCount": 1, "MaxInstanceCount": 2 } ... User supplies input : { "attemptModel" : "minAttempts" }

交叉引用运行手册参数

用户在启动时提供了输入参数,而该参数引用了 Runbook 中的另一参数。

... "parameters": { "amiId": { "type": "String", "default": "ami-7f2e6015", "description": "list of commands to run as part of first step" }, "alternateAmiId": { "type": "String", "description": "The alternate AMI to try if this first fails". "default" : "{{amiId}}" }, ...

多层扩展

Runbook 定义了评估变量名称的变量。它位于变量分隔符(即 {{ }})内,并扩展为变量/参数的值。

... "parameters": { "firstParameter": { "type": "String", "default": "param2", "description": "The parameter to reference" }, "secondParameter": { "type": "String", "default" : "echo {Hello world}", "description": "What to run" } }, "mainSteps": [{ "name": "runFixedCmds", "action": "aws:runCommand", "maxAttempts": 1, "onFailure": "Continue", "inputs": { "DocumentName": "AWS-RunPowerShellScript", "InstanceIds" : "{{LaunchInstance.InstanceIds}}", "Parameters": { "commands": [ "{{ {{firstParameter}} }}"] } ... Note: The customer intention here would be to run a command of "echo {Hello world}"

引用不同变量类型的 Runbook 步骤的输出

用户在后续步骤中引用前面的 Runbook 步骤的输出。输出是一个不符合后续步骤中的操作要求的变量类型。

... mainSteps: - name: getImageId action: aws:executeAwsApi inputs: Service: ec2 Api: DescribeImages Filters: - Name: "name" Values: - "{{ImageName}}" outputs: - Name: ImageIdList Selector: "$.Images" Type: "StringList" - name: copyMyImages action: aws:copyImage maxAttempts: 3 onFailure: Abort inputs: SourceImageId: {{getImageId.ImageIdList}} SourceRegion: ap-northeast-2 ImageName: Encrypted Copies of LAMP base AMI in ap-northeast-2 Encrypted: true ... Note: You must provide the type required by the Automation action. In this case, aws:copyImage requires a "String" type variable but the preceding step outputs a "StringList" type variable.