Feature Request - Add support for AUTOMATION in aws_ssm_maintenance_window_task resource

[philmadden83]

Add support for automation task types in the aws_ssm_maintenance_window_task resource.

From the current terraform docks

task_type - (Required) The type of task being registered. The only allowed value is RUN_COMMAND.

Docs

AWS SSM Doc

Terraform Version

Terraform v0.11.7

Affected Resource(s)

aws_ssm_maintenance_window_task

[bflad]

@philmadden83 looks like the resource does not currently perform plan-time validation of the task_type argument under the hood so it should just work out of the box currently. Is there something else required for this support?

We can of course update the documentation to support this new value or point to the relevant AWS documentation for the acceptable values.

[philmadden83]

@bflad I can confirm that specifying the task typeAUTOMATION does indeed associate an automation document successfully however, after some false starts I belive there is still an issue that needs addressing.

The task_parameters arguments are not being populated into the maintenance windows task.

for example:

If I create the below widnow task referencing my automation document arn and specify the parameters to use..

resource "aws_ssm_maintenance_window_task" "patch-task" {
  window_id = "${ aws_ssm_maintenance_window.automation-window.id }"
  task_type = "AUTOMATION"
  priority  = 1

  service_role_arn = "arn:aws:iam::xxxxxx:role/SSMMaintenanceWindow"
  max_concurrency  = "1"
  max_errors       = "1"

  task_parameters {
    name   = "InstanceId"
    values = ["i-abcd1234"]
  }

  task_parameters {
    name   = "PreRunTask"
    values = ["a-script"]
  }

  task_parameters {
    name   = "PostRunTask"
    values = ["another-script"]
  }

  targets {
    key = "WindowTargetIds"

    values = [
      "${ aws_ssm_maintenance_window_target.targets.id }",
    ]
  }

  task_arn = "${var.task_arn}"
}

Everything is created as expected however, when I inspect the above window task and look at the input parameters I get the below.

The task paramter values defined in the .tf file have not been set.

If I manually enter the values and save it (as per the below image) and run a plan, Terraform wants to remove the input parameter values I maunally entered (naturally).

-/+ module.run-patch-baseline-jenkins-slaves.aws_ssm_maintenance_window_task.patch-task (new resource required)
      id:                         "xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx" => <computed> (forces new resource)
      max_concurrency:            "1" => "1"
      max_errors:                 "1" => "1"
      priority:                   "1" => "1"
      service_role_arn:           "arn:aws:iam::xxxxxx:role/SSMMaintenanceWindow" => "arn:aws:iam::xxxxxx:role/SSMMaintenanceWindow"
      targets.#:                  "1" => "1"
      targets.0.key:              "WindowTargetIds" => "WindowTargetIds"
      targets.0.values.#:         "1" => "1"
      targets.0.values.0:         "xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx" => "xxxxxx-xxxxxx-xxxxxx-xxxxxx-xxxxxx"
      task_arn:                   "Vivid-PatchInstance" => "Vivid-PatchInstance"
      task_parameters.#:          "0" => "3" (forces new resource)
      task_parameters.0.name:     "" => "InstanceId" (forces new resource)
      task_parameters.0.values.#: "" => "1" (forces new resource)
      task_parameters.0.values.0: "" => "i-abcd1234" (forces new resource)
      task_parameters.1.name:     "" => "PreRunTask" (forces new resource)
      task_parameters.1.values.#: "" => "1" (forces new resource)
      task_parameters.1.values.0: "" => "a-script" (forces new resource)
      task_parameters.2.name:     "" => "PostRunTask" (forces new resource)
      task_parameters.2.values.#: "" => "1" (forces new resource)
      task_parameters.2.values.0: "" => "another-script" (forces new resource)
      task_type:                  "AUTOMATION" => "AUTOMATION"
      window_id:                  "mw-abcd1234" => "mw-abcd1234"


Plan: 1 to add, 3 to change, 1 to destroy.

As a result, any execution of the maintence window fails with the cause "The supplied parameters for invoking the specified Automation document are incorrect.".

[AndrewCi]

Can confirm this is still an issue for automation task parameter values.

[bflad]

Hi folks 👋 Releasing in version 2.20.0 of the Terraform AWS Provider later this, the aws_ssm_maintenance_window_task will have support for the newer API method of defining AUTOMATION tasks with the new task_invocation_parameters configuration block (which deprecates task_parameters to match the API), e.g.

resource "aws_ssm_maintenance_window_task" "example" {
  max_concurrency  = 2
  max_errors       = 1
  priority         = 1
  service_role_arn = "${aws_iam_role.example.arn}"
  task_arn         = "AWS-RestartEC2Instance"
  task_type        = "AUTOMATION"
  window_id        = "${aws_ssm_maintenance_window.example.id}"

  targets {
    key    = "InstanceIds"
    values = ["${aws_instance.example.id}"]
  }

  task_invocation_parameters {
    automation_parameters {
      document_version = "$LATEST"

      parameter {
        name   = "InstanceId"
        values = ["${aws_instance.example.id}"]
      }
    }
  }
}

The resource documentation will be updated to include that example via #9362 and the parameter configuration blocks are setup to not be ordered like task_parameters currently are. For further tracking of the task_parameters ordering issue, you can follow #3218, otherwise for further feature requests, documentation updates, or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!