AWS Systems Manager
用户指南
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

教程:更新维护时段 (AWS CLI)

本教程演示如何使用 AWS CLI 更新维护时段。以及如何更新不同的任务类型,包括 Systems Manager Run Command、Systems Manager Automation、AWS Lambda 和 AWS Step Functions 任务类型。

本节中的示例使用以下 Systems Manager 操作来更新维护时段。

有关使用 Systems Manager 控制台来更新维护时段的信息,请参阅更新或删除维护时段(控制台)

As you follow the steps in this tutorial, replace the values in italicized red text with your own options and IDs. For example, replace the maintenance window ID mw-0c50858d01EXAMPLE and the instance ID i-02573cafcfEXAMPLE with IDs of resources you create.

更新维护时段 (AWS CLI)

  1. 打开 AWS CLI 并运行以下命令将目标更新为包括名称和描述:

    aws ssm update-maintenance-window-target --window-id "mw-0c50858d01EXAMPLE" --window-target-id "e32eecb2-646c-4f4b-8ed1-205fbEXAMPLE" --name "My-Maintenance-Window-Target" --description "Description for my maintenance window target"

    系统将返回类似于以下内容的信息:

    {
        "WindowId": "mw-0c50858d01EXAMPLE",
        "WindowTargetId": "e32eecb2-646c-4f4b-8ed1-205fbEXAMPLE",
        "Targets": [
            {
                "Key": "InstanceIds",
                "Values": [
                    "i-02573cafcfEXAMPLE"
                ]
            }
        ],
        "Name": "My-Maintenance-Window-Target",
        "Description": "Description for my maintenance window target"
    }
  2. 运行以下命令,使用 replace 选项来删除描述字段和添加更多目标。描述字段被删除,因为更新未包含该字段 (一个 null 值)。请务必指定已配置为用于 Systems Manager 的其他实例:

    aws ssm update-maintenance-window-target --window-id "mw-0c50858d01EXAMPLE" --window-target-id "d208dedf-3f6b-41ff-ace8-8e751EXAMPLE" --targets "Key=InstanceIds,Values=i-02573cafcfEXAMPLE,i-0471e04240EXAMPLE" --name "My-Maintenance-Window-Target" --replace

    系统将返回类似于以下内容的信息:

    {
        "WindowId": "mw-0c50858d01EXAMPLE",
        "WindowTargetId": "e32eecb2-646c-4f4b-8ed1-205fbEXAMPLE",
        "Targets": [
            {
                "Key": "InstanceIds",
                "Values": [
                    "i-02573cafcfEXAMPLE",
                    "i-0471e04240EXAMPLE"
                ]
            }
        ],
        "Name": "My-Maintenance-Window-Target"
    }
  3. start-date 选项用于将维护时段的激活时间延迟到一个指定的未来日期。end-date 选项用于设置在某个未来的日期和时间后不再运行维护时段。请以 ISO-8601 扩展格式指定这些选项。

    运行下面的命令可为定期执行的维护时段指定日期和时间范围:

    aws ssm update-maintenance-window --window-id "mw-0c50858d01EXAMPLE" --start-date "2020-10-01T10:10:10Z" --end-date "2020-11-01T10:10:10Z"
  4. 如果您创建了 Run Command 任务,请运行以下命令更新它:

    提示

    如果您的目标是 Windows Server 的 Amazon EC2 实例,请在以下命令中将 df 更改为 ipconfig,并将 AWS-RunShellScript 更改为 AWS-RunPowerShellScript

    aws ssm update-maintenance-window-task --window-id "mw-0c50858d01EXAMPLE" --window-task-id "4f7ca192-7e9a-40fe-9192-5cb15EXAMPLE" --targets "Key=WindowTargetIds,Values=e32eecb2-646c-4f4b-8ed1-205fbEXAMPLE" --task-arn "AWS-RunShellScript" --service-role-arn "arn:aws:iam::111122223333:role/MaintenanceWindowsRole" --task-invocation-parameters "RunCommand={Comment=Revising my Run Command task,Parameters={commands=df}}" --priority 1 --max-concurrency 10 --max-errors 4 --name "My-Task-Name" --description "A description for my Run Command task"

    系统将返回类似于以下内容的信息:

    {
        "WindowId": "mw-0c50858d01EXAMPLE",
        "WindowTaskId": "4f7ca192-7e9a-40fe-9192-5cb15EXAMPLE",
        "Targets": [
            {
                "Key": "WindowTargetIds",
                "Values": [
                    "e32eecb2-646c-4f4b-8ed1-205fbEXAMPLE"
                ]
            }
        ],
        "TaskArn": "AWS-RunShellScript",
        "ServiceRoleArn": "arn:aws:iam::111122223333:role/MaintenanceWindowsRole",
        "TaskParameters": {},
        "TaskInvocationParameters": {
            "RunCommand": {
                "Comment": "Revising my Run Command task",
                "Parameters": {
                    "commands": [
                        "df"
                    ]
                }
            }
        },
        "Priority": 1,
        "MaxConcurrency": "10",
        "MaxErrors": "4",
        "Name": "My-Task-Name",
        "Description": "A description for my Run Command task"
    }
  5. 如果您要更新 Lambda 任务,请调整并运行以下命令以更新任务:

    aws ssm update-maintenance-window-task --window-id mw-0c50858d01EXAMPLE --window-task-id 4f7ca192-7e9a-40fe-9192-5cb15EXAMPLE --targets "Key=WindowTargetIds,Values=e32eecb2-646c-4f4b-8ed1-205fbEXAMPLE" --task-arn "arn:aws:lambda:us-west-2:111122223333:function:SSMTestLambda" --service-role-arn "arn:aws:iam::111122223333:role/MaintenanceWindowsRole" --task-invocation-parameters '{"Lambda":{"Payload":"{\"targetId\":\"{{TARGET_ID}}\",\"targetType\":\"{{TARGET_TYPE}}\"}"}}' --priority 1 --max-concurrency 10 --max-errors 5 --name "New-Lambda-Task-Name" --description "A description for my Lambda task"

    系统将返回类似于以下内容的信息:

    {
        "WindowId": "mw-0c50858d01EXAMPLE",
        "WindowTaskId": "4f7ca192-7e9a-40fe-9192-5cb15EXAMPLE",
        "Targets": [
            {
                "Key": "WindowTargetIds",
                "Values": "e32eecb2-646c-4f4b-8ed1-205fbEXAMPLE"
            }
        ],
        "TaskArn": "arn:aws:lambda:us-west-2:111122223333:function:SSMTestLambda",
        "ServiceRoleArn": "arn:aws:iam::111122223333:role/MaintenanceWindowsRole",
        "TaskParameters": {},
        "TaskInvocationParameters": {
            "Lambda": {
                "Payload": "e30="
            }
        },
        "Priority": 1,
        "MaxConcurrency": "10",
        "MaxErrors": "5",
        "Name": "New-Lambda-Task-Name",
        "Description": "A description for my Lambda task"
    }
  6. 如果您要更新 AWS Step Functions 任务,请调整并运行以下命令更新其 task-invocation-parameters:

    aws ssm update-maintenance-window-task --window-id "mw-0c50858d01EXAMPLE" --window-task-id "4f7ca192-7e9a-40fe-9192-5cb15EXAMPLE" --targets "Key=WindowTargetIds,Values=e32eecb2-646c-4f4b-8ed1-205fbEXAMPLE" --task-arn "arn:aws:states:us-west-2:111122223333:execution:SSMStepFunctionTest" --service-role-arn "arn:aws:iam::111122223333:role/MaintenanceWindowsRole" --task-invocation-parameters '{"StepFunctions":{"Input":"{\"instanceId\":\"{{ TARGET_ID }}\"}"}}' --priority 0 --max-concurrency 10 --max-errors 5 --name "My-Step-Functions-Task" --description "A description for my Step Functions task"

    系统将返回类似于以下内容的信息:

    {
        "WindowId": "mw-0c50858d01EXAMPLE",
        "WindowTaskId": "4f7ca192-7e9a-40fe-9192-5cb15EXAMPLE",
        "Targets": [
            {
                "Key": "WindowTargetIds",
                "Values": [
                    "e32eecb2-646c-4f4b-8ed1-205fbEXAMPLE"
                ]
            }
        ],
        "TaskArn": "arn:aws:states:us-west-2:111122223333:execution:SSMStepFunctionTest",
        "ServiceRoleArn": "arn:aws:iam::111122223333:role/MaintenanceWindowsRole",
        "TaskParameters": {},
        "TaskInvocationParameters": {
            "StepFunctions": {
                "Input": "{\"instanceId\":\"{{ TARGET_ID }}\"}"
            }
        },
        "Priority": 0,
        "MaxConcurrency": "10",
        "MaxErrors": "5",
        "Name": "My-Step-Functions-Task",
        "Description": "A description for my Step Functions task"
    }
  7. 运行以下命令可从维护时段中注销目标。本示例使用 safe 参数确定目标是否被任何任务引用,从而确定注销是否安全:

    aws ssm deregister-target-from-maintenance-window --window-id "mw-0c50858d01EXAMPLE" --window-target-id "e32eecb2-646c-4f4b-8ed1-205fbEXAMPLE" --safe

    系统将返回类似于以下内容的信息:

    An error occurred (TargetInUseException) when calling the DeregisterTargetFromMaintenanceWindow operation: This Target cannot be deregistered because it is still referenced in Task: 4f7ca192-7e9a-40fe-9192-5cb15EXAMPLE
  8. 运行以下命令可从维护时段注销目标,即使该目标已被某个任务引用。您可以使用 no-safe 参数强制执行注销操作:

    aws ssm deregister-target-from-maintenance-window --window-id "mw-0c50858d01EXAMPLE" --window-target-id "e32eecb2-646c-4f4b-8ed1-205fbEXAMPLE" --no-safe

    系统将返回类似于以下内容的信息:

    {
        "WindowId": "mw-0c50858d01EXAMPLE",
        "WindowTargetId": "e32eecb2-646c-4f4b-8ed1-205fbEXAMPLE"
    }
    
  9. 运行以下命令可更新 Run Command 任务。此示例使用名为 UpdateLevel 的 Systems Manager Parameter Store 参数,其格式如下所示:“{{ssm:UpdateLevel}}

    aws ssm update-maintenance-window-task --window-id "mw-0c50858d01EXAMPLE" --window-task-id "4f7ca192-7e9a-40fe-9192-5cb15EXAMPLE" --targets "Key=InstanceIds,Values=i-02573cafcfEXAMPLE" --task-invocation-parameters "RunCommand={Comment=A comment for my task update,Parameters={UpdateLevel='{{ssm:UpdateLevel}}'}}"

    系统将返回类似于以下内容的信息:

    {
        "WindowId": "mw-0c50858d01EXAMPLE",
        "WindowTaskId": "4f7ca192-7e9a-40fe-9192-5cb15EXAMPLE",
        "Targets": [
            {
                "Key": "InstanceIds",
                "Values": [
                    "i-02573cafcfEXAMPLE"
                ]
            }
        ],
        "TaskArn": "AWS-RunShellScript",
        "ServiceRoleArn": "arn:aws:iam::111122223333:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM",
        "TaskParameters": {},
        "TaskInvocationParameters": {
            "RunCommand": {
                "Comment": "A comment for my task update",
                "Parameters": {
                    "UpdateLevel": [
                        "{{ssm:UpdateLevel}}"
                    ]
                }
            }
        },
        "Priority": 10,
        "MaxConcurrency": "1",
        "MaxErrors": "1"
    }
  10. 运行以下命令可更新 Automation 任务,为 task-invocation-parameters 参数指定 WINDOW_ID 和 WINDOW_TASK_ID 参数:

    aws ssm update-maintenance-window-task --window-id "mw-0c50858d01EXAMPLE" --window-task-id "4f7ca192-7e9a-40fe-9192-5cb15EXAMPLE" --targets "Key=WindowTargetIds,Values=e32eecb2-646c-4f4b-8ed1-205fbEXAMPLE --task-arn "AutoTestDoc" --service-role-arn arn:aws:iam::111122223333:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM --task-invocation-parameters "Automation={Parameters={instanceId='{{TARGET_ID}}',initiator='{{WINDOW_ID}}.Task-{{WINDOW_TASK_ID}}'}}" --priority 3 --max-concurrency 10 --max-errors 5

    系统将返回类似于以下内容的信息:

    {
        "WindowId": "mw-0c50858d01EXAMPLE",
        "WindowTaskId": "4f7ca192-7e9a-40fe-9192-5cb15EXAMPLE",
        "Targets": [
            {
                "Key": "WindowTargetIds",
                "Values": [
                    "e32eecb2-646c-4f4b-8ed1-205fbEXAMPLE"
                ]
            }
        ],
        "TaskArn": "AutoTestDoc",
        "ServiceRoleArn": "arn:aws:iam::111122223333:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM",
        "TaskParameters": {},
        "TaskInvocationParameters": {
            "Automation": {
                "Parameters": {
                    "multi": [
                        "{{WINDOW_TASK_ID}}"
                    ],
                    "single": [
                        "{{WINDOW_ID}}"
                    ]
                }
            }
        },
        "Priority": 0,
        "MaxConcurrency": "10",
        "MaxErrors": "5",
        "Name": "My-Automation-Task",
        "Description": "A description for my Automation task"
    }