AWS Systems Manager Inventory の有効化(AWS Systems Manager State Manager の関連付け)を Terraform で構築する場合 aws_ssm_association
リソースを使って設定できる💡
aws_ssm_association
の parameters
に関しては Terraform のドキュメントには詳しく載っていないため,マネジメントコンソールの「セットアップインベントリ」画面と AWS Systems Manager Documents の AWS-GatherSoftwareInventory
を参考にしながら設定すると良いと思う❗️
Terraform コード
設定としては以下のように仮置きしている👌
- 収集対象にする Amazon EC2 インスタンスにはタグ
Inventory: true
を追加しておく - 1時間に1回実行する(早めに動作確認ができるように)
- Windows は対象外にする
resource "aws_ssm_association" "inventory" { name = "AWS-GatherSoftwareInventory" association_name = "Inventory" targets { key = "tag:Inventory" values = ["true"] } parameters = { applications = "Enabled" awsComponents = "Enabled" files = "" networkConfig = "Enabled" windowsUpdates = "Disabled" instanceDetailedInformation = "Enabled" services = "Disabled" windowsRegistry = "" windowsRoles = "Disabled" customInventory = "Enabled" billingInfo = "Enabled" } schedule_expression = "rate(1 hour)" }
結果
期待通りに構築できて,AWS Systems Manager Inventory でメタデータも収集できた❗️
参考: AWS Systems Manager Documents
AWS Systems Manager Documents の AWS-GatherSoftwareInventory
のコンテンツ(バージョン1)を載せておく.Terraform で指定する Enabled
や Disabled
という値の期待値やデフォルト値などを確認できる💡
{ "schemaVersion": "2.0", "description": "Software Inventory Policy Document.", "parameters": { "applications": { "type": "String", "default": "Enabled", "description": "(Optional) Collect data for installed applications.", "allowedValues": [ "Enabled", "Disabled" ] }, "awsComponents": { "type": "String", "default": "Enabled", "description": "(Optional) Collect data for AWS Components like amazon-ssm-agent.", "allowedValues": [ "Enabled", "Disabled" ] }, "files": { "type": "String", "default": "", "description": "<p>(Optional, requires SSMAgent version 2.2.64.0 and above)<br/><br/>Linux example:<br/><em>[{\"Path\":\"/usr/bin\", \"Pattern\":[\"aws*\", \"*ssm*\"],\"Recursive\":false},{\"Path\":\"/var/log\", \"Pattern\":[\"amazon*.*\"], \"Recursive\":true, \"DirScanLimit\":1000}]<br/></em><br/>Windows example:<br/><em>[{\"Path\":\"%PROGRAMFILES%\", \"Pattern\":[\"*.exe\"],\"Recursive\":true}]</em><br/><br/>Learn More: http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-about.html#sysman-inventory-file-and-registry </p>", "displayType": "textarea" }, "networkConfig": { "type": "String", "default": "Enabled", "description": "(Optional) Collect data for Network configurations.", "allowedValues": [ "Enabled", "Disabled" ] }, "windowsUpdates": { "type": "String", "default": "Enabled", "description": "(Optional, Windows OS only) Collect data for all Windows Updates.", "allowedValues": [ "Enabled", "Disabled" ] }, "instanceDetailedInformation": { "type": "String", "default": "Enabled", "description": "(Optional) Collect additional information about the instance, including the CPU model, speed, and the number of cores, to name a few.", "allowedValues": [ "Enabled", "Disabled" ] }, "services": { "type": "String", "default": "Enabled", "description": "(Optional, Windows OS only, requires SSMAgent version 2.2.64.0 and above) Collect data for service configurations.", "allowedValues": [ "Enabled", "Disabled" ] }, "windowsRegistry": { "type": "String", "default": "", "description": "<p>(Optional, Windows OS only, requires SSMAgent version 2.2.64.0 and above)<br/><br/>Example:<br />[{\"Path\":\"HKEY_CURRENT_CONFIG\\System\",\"Recursive\":true},{\"Path\":\"HKEY_LOCAL_MACHINE\\SOFTWARE\\Amazon\\MachineImage\", \"ValueNames\":[\"AMIName\"]}]<br/><br/>Learn More: http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-about.html#sysman-inventory-file-and-registry </p>", "displayType": "textarea" }, "windowsRoles": { "type": "String", "default": "Enabled", "description": "(Optional, Windows OS only, requires SSMAgent version 2.2.64.0 and above) Collect data for Microsoft Windows role configurations.", "allowedValues": [ "Enabled", "Disabled" ] }, "customInventory": { "type": "String", "default": "Enabled", "description": "(Optional) Collect data for custom inventory.", "allowedValues": [ "Enabled", "Disabled" ] }, "billingInfo": { "type": "String", "default": "Enabled", "description": "(Optional) Collect billing info for license included applications.", "allowedValues": [ "Enabled", "Disabled" ] } }, "mainSteps": [ { "action": "aws:softwareInventory", "name": "collectSoftwareInventoryItems", "inputs": { "applications": "{{ applications }}", "awsComponents": "{{ awsComponents }}", "networkConfig": "{{ networkConfig }}", "files": "{{ files }}", "services": "{{ services }}", "windowsRoles": "{{ windowsRoles }}", "windowsRegistry": "{{ windowsRegistry}}", "windowsUpdates": "{{ windowsUpdates }}", "instanceDetailedInformation": "{{ instanceDetailedInformation }}", "billingInfo": "{{ billingInfo }}", "customInventory": "{{ customInventory }}" } } ] }