/terraform-aws-ssm-patchmanager

Primary LanguageHCLApache License 2.0Apache-2.0

AWS Terraform SSM Patch Manager

Terraform module to create SSM patch manager baseline and automation.

Overview

This module creates a patch baseline, SSM associations for the AWS-RunPatchBaseline automation document. Enables daily scans based on the baseline and also installs patches every 2 weeks by default.

Terraform-Docs

Requirements

Name Version
terraform ~> 1.0
aws ~> 4.0

Providers

Name Version
aws ~> 4.0

Modules

No modules.

Resources

Name Type
aws_ssm_association.this resource
aws_ssm_default_patch_baseline.this resource
aws_ssm_maintenance_window.this resource
aws_ssm_maintenance_window_target.this resource
aws_ssm_maintenance_window_task.this resource
aws_ssm_patch_baseline.this resource
aws_ssm_patch_group.this resource
aws_caller_identity.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
allow_unassociated_targets Allow unassociated targets bool true no
approval_rules Patch filters 
list(object({
    approve_after_days  = number
    compliance_level    = string
    enable_non_security = bool
    patch_filters = list(object({
      key    = string
      values = list(string)
    }))
  }))
 
[
  {
    "approve_after_days": 7,
    "compliance_level": "HIGH",
    "enable_non_security": true,
    "patch_filters": [
      {
        "key": "PRODUCT",
        "values": [
          "*"
        ]
      }
    ]
  }
]
 no
approved_patches List of approved patches list(string) null no
enable_association Enable default SSM association per OS type bool true no
enable_maintenance_window Enable default maintenance window per OS type bool true no
enable_non_security Enable non-security patches bool true no
env Environment name string "dev" no
global_filters Global filters 
list(object({
    key    = string
    values = list(string)
  }))
 [] no
install_schedule_expression Schedule expression string "cron(0 0 ? * THU#2 *)" no
is_default Set as default patch baseline bool false no
maint_window_cutoff Maintenance window cutoff in hours number 1 no
maint_window_duration Maintenance window duration in hours number 6 no
name_prefix Patch Baseline Name prefix string "standard" no
os Operating system string "REDHAT_ENTERPRISE_LINUX" no
output_location Output location 
list(object({
    output_s3_bucket_name = string
  }))
 [] no
patch_group_name Patch Group Name string null no
rejected_patches List of rejected patches list(string) null no
repo_source Yum Repo source 
list(object({
    name          = string
    configuration = string
    products      = string
  }))
 [] no
scan_schedule_expression Schedule expression string "cron(15 23 ? * * *)" no
schedule_timezone Schedule timezone string "GB" no

Outputs

No outputs.