# SSM Document CDK
This library provides a code-based utility for implementing SSM Documents. The SSM Document objects can be used to print YAML/JSON documents and to mimic document processing locally.
This library abstracts SSM Documents at a high level, with each step as well as the document itself being objects. The properties needed to build these objects correlate to the settings that apply to them, making them simple to make.
This library can be used to test your document locally before deploying it to SSM.
Since the library is written in JSII, it can be exported to other languages that support JSII (Java, Python).
This is what you'd use if you wanted to:
1. The ability to test without deploying resources or executing an actual SSM on AWS.
2. Reusability of steps between documents by reusing existing items
3. Create logical higher-level groupings of reusable groups of steps ("Patterns")
4. Simple to use interface for writing documents
5. Import existing documents from a file (or string) and mimic them locally to test them.
## Usage
### Document Creation
Typescript usage (Execute AWS API Step)...
The below creates the AutomationDocument in an AWS CDK stack.
```python
import { AutomationDocument } from './automation-document';
export class HelloWorld extends Stack {
constructor(app: Construct, id: string) {
super(app, id);
// Create AutomationDocument
const myDoc = new AutomationDocument(this, "MyDoc", {
documentFormat: DocumentFormat.JSON,
documentName: "MyDoc",
docInputs: [Input.ofTypeString('MyInput', { defaultValue: 'a' })],
});
// Define your steps...
myDoc.addStep(new PauseStep(this, "MyPauseStep", {
name: "MyPauseStep",
explicitNextStep: StepRef.fromName("step1") // Optional (will default to next added step)
}));
myDoc.addStep(new ExecuteScriptStep(this, "MyExecuteStep", {
name: "step1",
language: ScriptLanguage.python(PythonVersion.VERSION_3_11, 'my_func'),
code: ScriptCode.fromFile(resolve("test/test_file.py")),
// OR ScriptCode.inline("def my_func(args, context):\n return {'MyReturn': args['MyInput'] + '-suffix'}\n"),
outputs: [{
outputType: DataTypeEnum.STRING,
name: "MyFuncOut",
selector: "$.Payload.MyReturn"
}],
onFailure: OnFailure.abort(),
inputPayload: { MyInput: StringVariable.of('MyInput') },
}));
}
}
```
### Document JSON/YAML Export as YAML/JSON
You can deploy the above document using CDK.
To print the above document object as a JSON (or YAML), do the following:
```python
const myDocJson = myDoc.print(); // Print YAML by setting the documentFormat to YAML
```
### Document Simulation
To run the document object in simulation mode, use the below. Simulation mode does NOT hit the SSM API, rather it mimics the execution that will happen in an SSM execution. The run happens locally and allows you to mock the calls to external services (AWS APIs for example) or to invoke those services using your local credentials.
```python
import { Simulation } from './simulation';
const myDocJson = Simulation.ofAutomation(myDoc, {}).simulate({ MyInput: "FooBar" });
```
### Command Documents
Below is an example of how to use the library to create Command documents.
Simulation for command documents is not yet supported for all command plugins.
You can use a Docker image/container as a playground for testing the Command document execution for the supported plugins.
In this example there is a complete CDK stack. Notice that the `CommandDocument` is saved as a field so that it can be tested from the test code.
```python
export class HelloCdkStack extends Stack {
readonly myCommandDoc: CommandDocument;
constructor(scope: Construct, id: string, props?: StackProps) {
super(scope, id, props);
this.myCommandDoc = new CommandDocument(this, "MyCommandDoc", {
docInputs: [Input.ofTypeString('FirstCommand', { defaultValue: 'a' })],
})
const runScriptStep = new RunShellScriptStep(this, "MyShellScript", {
runCommand: [
StringVariable.of("FirstCommand"),
HardCodedString.of("mkdir asdf"),
],
});
this.myCommandDoc.addStep(runScriptStep);
}
}
```
Below is an example of how you would run a simulation against the above `CommandDocument`.
Currently, `bash` must be available in the container or the executions against the docker will not succeed.
```python
test('Test command doc', () => {
const app = new cdk.App();
const stack = new HelloCdk.HelloCdkStack(app, 'MyTestStack');
// 1. $ docker pull amazonlinux
// 2. $ docker run -di amazonlinux
const simulation = Simulation.ofCommand(stack.myCommandDoc, {
simulationPlatform: Platform.LINUX,
environment: DockerEnvironment.fromContainer('MY_CONTAINER_ID')
});
simulation.simulate({FirstCommand: 'mkdir foobar'})
// 3. The document should run the first command (create 'foobar') and create file 'asdf'
// 4. $ docker exec -it <container name> bash
// 5. Ensure that 'asdf' and 'foobar' were written to /tmp
});
```
## Patterns (High-Level Constructs)
In typical CDK style, you can assemble often used groups of steps into higher level Constructs.
Consider if you typically create AutomationDocuments that start with logging the time and end with logging the total time taken. You can create a high-level Automation Document and extend that when you implement an Automation.
See the `TimedDocument` class to see such implementation.
Or consider the case of multiple steps that are always run together such as rebooting and instance and waiting for it to be active.
The below example is copied from the `RebootInstanceAndWait` class:
```python
export class RebootInstanceAndWait extends CompositeAutomationStep {
readonly reboot: AwsApiStep;
readonly describe: WaitForResourceStep;
constructor(scope: Construct, id: string, instanceId: IStringVariable) {
super(scope, id);
this.reboot = new AwsApiStep(this, 'RebootInstances', {
service: AwsService.EC2,
pascalCaseApi: 'RebootInstances',
apiParams: { InstanceIds: [instanceId] },
outputs: [],
});
this.describe = new WaitForResourceStep(this, 'DescribeInstances', {
service: AwsService.EC2,
pascalCaseApi: 'DescribeInstances',
apiParams: { InstanceIds: [instanceId] },
selector: '$.Reservations[0].Instances[0].State.Name',
desiredValues: ['running'],
});
}
addToDocument(doc: AutomationDocumentBuilder): void {
doc.addStep(this.reboot);
doc.addStep(this.describe);
}
}
```
Now, you can use `RebootInstanceAndWait` as a step in a document and the child steps will be included.
## Existing Documents
Do you have an existing document that you want to convert to code and/or test locally using the simulation?
### Import Existing Document
Here is an example of how you can import an existing document and then simulate it locally with mocked AWS resources:
```python
// Initialize Mocks
const sleeper = new MockSleep();
const awsInvoker = new MockAwsInvoker();
awsInvoker.whenThen(
// when invoked with...
{awsApi: 'listBuckets', awsParams: {}, service: AwsService.S3},
// then response with...
{Owner: {ID: "BUCKET_ID"}})
// ======> Create document from file <=======
const stack: Stack = new Stack();
const myAutomationDoc = StringDocument.fromFile(stack, "MyAutomationDoc", 'test/myAutomation.json', {
// ======================
});
// Execute simulation
const simOutput = Simulation.ofAutomation(myAutomationDoc, {
sleepHook: sleeper,
awsInvoker: awsInvoker
}).simulate({});
// Assert simulation result
assert.deepEqual(awsInvoker.previousInvocations, [
{ awsApi: 'listBuckets', awsParams: {}, service: AwsService.S3 }]);
assert.deepEqual(sleeper.sleepMilliInvocations, [3000]);
assert.deepEqual(simOutput.outputs['simulationSteps'], ['MySleep', 'GetBucketId']);
```
### Import Existing Steps
You can also grab a string step (or steps) and import them as CDK step constructs.
This can be used to convert existing documents into CDK with each step defined separately.
Doing so will allow you do modify steps and reuse them in other documents.
Here's a simple example of a sleep step copy and pasted from its original yaml:
```python
StringStep.fromYaml(this, `
name: sleep
action: aws:sleep
inputs:
Duration: PT0M
`, {});
```
The above will return the CDK construct SleepStep.
## Incident Manager
This library provides L2 constructs for IncidentResponse as follows:
```python
new IncidentResponse(this, "MyIncidentResponsePlan", {
incidentTemplate: IncidentTemplate.critical('EC2 Instance Utilization Impacted', {
summary: 'EC2 Instance Impacted'
}),
actions: [
IncidentResponseAction.ssmAutomation(myAutomationDoc, ec2CwAlarmRole, {
parameters: {
IncidentRecordArn: StringVariable.of('INCIDENT_RECORD_ARN'),
InvolvedResources: StringVariable.of('INVOLVED_RESOURCES'),
AutomationAssumeRole: HardCodedString.of(ec2CwAlarmRole.roleArn),
}
})
]
});
```
Notice how the `myAutomationDoc` is specified which is a reference to an AutomationDocument created using this library.
## What is Planned?
This library currently contains AutomationDocument and CommandDocument steps.
Simulation for AutomationDocuments is fully supported. Simulation for CommandDocuments is limited.
Stay tuned!
## Related Projects
* https://github.com/udondan/cdk-ssm-document
## Security
See [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.
## License
This project is licensed under the Apache-2.0 License.
Raw data
{
"_id": null,
"home_page": "https://github.com/cdklabs/cdk-ssm-documents.git",
"name": "cdklabs.cdk-ssm-documents",
"maintainer": null,
"docs_url": null,
"requires_python": "~=3.8",
"maintainer_email": null,
"keywords": null,
"author": "Amazon Web Services",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/60/8b/dc44cc66a6cc359d6798f5c68fb532e4b106014da8416eec5cabbbd402c8/cdklabs_cdk_ssm_documents-0.0.47.tar.gz",
"platform": null,
"description": "# SSM Document CDK\n\nThis library provides a code-based utility for implementing SSM Documents. The SSM Document objects can be used to print YAML/JSON documents and to mimic document processing locally.\n\nThis library abstracts SSM Documents at a high level, with each step as well as the document itself being objects. The properties needed to build these objects correlate to the settings that apply to them, making them simple to make.\nThis library can be used to test your document locally before deploying it to SSM.\n\nSince the library is written in JSII, it can be exported to other languages that support JSII (Java, Python).\n\nThis is what you'd use if you wanted to:\n\n1. The ability to test without deploying resources or executing an actual SSM on AWS.\n2. Reusability of steps between documents by reusing existing items\n3. Create logical higher-level groupings of reusable groups of steps (\"Patterns\")\n4. Simple to use interface for writing documents\n5. Import existing documents from a file (or string) and mimic them locally to test them.\n\n## Usage\n\n### Document Creation\n\nTypescript usage (Execute AWS API Step)...\nThe below creates the AutomationDocument in an AWS CDK stack.\n\n```python\nimport { AutomationDocument } from './automation-document';\n\nexport class HelloWorld extends Stack {\n constructor(app: Construct, id: string) {\n super(app, id);\n\n // Create AutomationDocument\n const myDoc = new AutomationDocument(this, \"MyDoc\", {\n documentFormat: DocumentFormat.JSON,\n documentName: \"MyDoc\",\n docInputs: [Input.ofTypeString('MyInput', { defaultValue: 'a' })],\n });\n\n // Define your steps...\n myDoc.addStep(new PauseStep(this, \"MyPauseStep\", {\n name: \"MyPauseStep\",\n explicitNextStep: StepRef.fromName(\"step1\") // Optional (will default to next added step)\n }));\n\n myDoc.addStep(new ExecuteScriptStep(this, \"MyExecuteStep\", {\n name: \"step1\",\n language: ScriptLanguage.python(PythonVersion.VERSION_3_11, 'my_func'),\n code: ScriptCode.fromFile(resolve(\"test/test_file.py\")),\n // OR ScriptCode.inline(\"def my_func(args, context):\\n return {'MyReturn': args['MyInput'] + '-suffix'}\\n\"),\n outputs: [{\n outputType: DataTypeEnum.STRING,\n name: \"MyFuncOut\",\n selector: \"$.Payload.MyReturn\"\n }],\n onFailure: OnFailure.abort(),\n inputPayload: { MyInput: StringVariable.of('MyInput') },\n }));\n }\n}\n```\n\n### Document JSON/YAML Export as YAML/JSON\n\nYou can deploy the above document using CDK.\nTo print the above document object as a JSON (or YAML), do the following:\n\n```python\nconst myDocJson = myDoc.print(); // Print YAML by setting the documentFormat to YAML\n```\n\n### Document Simulation\n\nTo run the document object in simulation mode, use the below. Simulation mode does NOT hit the SSM API, rather it mimics the execution that will happen in an SSM execution. The run happens locally and allows you to mock the calls to external services (AWS APIs for example) or to invoke those services using your local credentials.\n\n```python\nimport { Simulation } from './simulation';\n\nconst myDocJson = Simulation.ofAutomation(myDoc, {}).simulate({ MyInput: \"FooBar\" });\n```\n\n### Command Documents\n\nBelow is an example of how to use the library to create Command documents.\nSimulation for command documents is not yet supported for all command plugins.\nYou can use a Docker image/container as a playground for testing the Command document execution for the supported plugins.\n\nIn this example there is a complete CDK stack. Notice that the `CommandDocument` is saved as a field so that it can be tested from the test code.\n\n```python\nexport class HelloCdkStack extends Stack {\n readonly myCommandDoc: CommandDocument;\n constructor(scope: Construct, id: string, props?: StackProps) {\n super(scope, id, props);\n this.myCommandDoc = new CommandDocument(this, \"MyCommandDoc\", {\n docInputs: [Input.ofTypeString('FirstCommand', { defaultValue: 'a' })],\n })\n const runScriptStep = new RunShellScriptStep(this, \"MyShellScript\", {\n runCommand: [\n StringVariable.of(\"FirstCommand\"),\n HardCodedString.of(\"mkdir asdf\"),\n ],\n });\n this.myCommandDoc.addStep(runScriptStep);\n }\n}\n```\n\nBelow is an example of how you would run a simulation against the above `CommandDocument`.\n\nCurrently, `bash` must be available in the container or the executions against the docker will not succeed.\n\n```python\ntest('Test command doc', () => {\n const app = new cdk.App();\n const stack = new HelloCdk.HelloCdkStack(app, 'MyTestStack');\n // 1. $ docker pull amazonlinux\n // 2. $ docker run -di amazonlinux\n const simulation = Simulation.ofCommand(stack.myCommandDoc, {\n simulationPlatform: Platform.LINUX,\n environment: DockerEnvironment.fromContainer('MY_CONTAINER_ID')\n });\n simulation.simulate({FirstCommand: 'mkdir foobar'})\n // 3. The document should run the first command (create 'foobar') and create file 'asdf'\n // 4. $ docker exec -it <container name> bash\n // 5. Ensure that 'asdf' and 'foobar' were written to /tmp\n});\n```\n\n## Patterns (High-Level Constructs)\n\nIn typical CDK style, you can assemble often used groups of steps into higher level Constructs.\n\nConsider if you typically create AutomationDocuments that start with logging the time and end with logging the total time taken. You can create a high-level Automation Document and extend that when you implement an Automation.\n\nSee the `TimedDocument` class to see such implementation.\n\nOr consider the case of multiple steps that are always run together such as rebooting and instance and waiting for it to be active.\n\nThe below example is copied from the `RebootInstanceAndWait` class:\n\n```python\nexport class RebootInstanceAndWait extends CompositeAutomationStep {\n\n readonly reboot: AwsApiStep;\n readonly describe: WaitForResourceStep;\n\n constructor(scope: Construct, id: string, instanceId: IStringVariable) {\n super(scope, id);\n this.reboot = new AwsApiStep(this, 'RebootInstances', {\n service: AwsService.EC2,\n pascalCaseApi: 'RebootInstances',\n apiParams: { InstanceIds: [instanceId] },\n outputs: [],\n });\n this.describe = new WaitForResourceStep(this, 'DescribeInstances', {\n service: AwsService.EC2,\n pascalCaseApi: 'DescribeInstances',\n apiParams: { InstanceIds: [instanceId] },\n selector: '$.Reservations[0].Instances[0].State.Name',\n desiredValues: ['running'],\n });\n }\n\n addToDocument(doc: AutomationDocumentBuilder): void {\n doc.addStep(this.reboot);\n doc.addStep(this.describe);\n }\n}\n```\n\nNow, you can use `RebootInstanceAndWait` as a step in a document and the child steps will be included.\n\n## Existing Documents\n\nDo you have an existing document that you want to convert to code and/or test locally using the simulation?\n\n### Import Existing Document\n\nHere is an example of how you can import an existing document and then simulate it locally with mocked AWS resources:\n\n```python\n// Initialize Mocks\nconst sleeper = new MockSleep();\nconst awsInvoker = new MockAwsInvoker();\nawsInvoker.whenThen(\n // when invoked with...\n {awsApi: 'listBuckets', awsParams: {}, service: AwsService.S3},\n // then response with...\n {Owner: {ID: \"BUCKET_ID\"}})\n\n// ======> Create document from file <=======\nconst stack: Stack = new Stack();\nconst myAutomationDoc = StringDocument.fromFile(stack, \"MyAutomationDoc\", 'test/myAutomation.json', {\n // ======================\n});\n\n// Execute simulation\nconst simOutput = Simulation.ofAutomation(myAutomationDoc, {\n sleepHook: sleeper,\n awsInvoker: awsInvoker\n}).simulate({});\n\n// Assert simulation result\nassert.deepEqual(awsInvoker.previousInvocations, [\n { awsApi: 'listBuckets', awsParams: {}, service: AwsService.S3 }]);\nassert.deepEqual(sleeper.sleepMilliInvocations, [3000]);\nassert.deepEqual(simOutput.outputs['simulationSteps'], ['MySleep', 'GetBucketId']);\n```\n\n### Import Existing Steps\n\nYou can also grab a string step (or steps) and import them as CDK step constructs.\nThis can be used to convert existing documents into CDK with each step defined separately.\nDoing so will allow you do modify steps and reuse them in other documents.\n\nHere's a simple example of a sleep step copy and pasted from its original yaml:\n\n```python\nStringStep.fromYaml(this, `\n name: sleep\n action: aws:sleep\n inputs:\n Duration: PT0M\n`, {});\n```\n\nThe above will return the CDK construct SleepStep.\n\n## Incident Manager\n\nThis library provides L2 constructs for IncidentResponse as follows:\n\n```python\nnew IncidentResponse(this, \"MyIncidentResponsePlan\", {\n incidentTemplate: IncidentTemplate.critical('EC2 Instance Utilization Impacted', {\n summary: 'EC2 Instance Impacted'\n }),\n actions: [\n IncidentResponseAction.ssmAutomation(myAutomationDoc, ec2CwAlarmRole, {\n parameters: {\n IncidentRecordArn: StringVariable.of('INCIDENT_RECORD_ARN'),\n InvolvedResources: StringVariable.of('INVOLVED_RESOURCES'),\n AutomationAssumeRole: HardCodedString.of(ec2CwAlarmRole.roleArn),\n }\n })\n ]\n});\n```\n\nNotice how the `myAutomationDoc` is specified which is a reference to an AutomationDocument created using this library.\n\n## What is Planned?\n\nThis library currently contains AutomationDocument and CommandDocument steps.\nSimulation for AutomationDocuments is fully supported. Simulation for CommandDocuments is limited.\n\nStay tuned!\n\n## Related Projects\n\n* https://github.com/udondan/cdk-ssm-document\n\n## Security\n\nSee [CONTRIBUTING](CONTRIBUTING.md#security-issue-notifications) for more information.\n\n## License\n\nThis project is licensed under the Apache-2.0 License.\n",
"bugtrack_url": null,
"license": "Apache-2.0",
"summary": "@cdklabs/cdk-ssm-documents",
"version": "0.0.47",
"project_urls": {
"Homepage": "https://github.com/cdklabs/cdk-ssm-documents.git",
"Source": "https://github.com/cdklabs/cdk-ssm-documents.git"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "2f114f3572e03048358f178d86e996642c9c328409a3528066f02557c536c3db",
"md5": "baa1104bd435342e32a504f49c8d5601",
"sha256": "c969f2963506f755a3a554e90569cad7a2952e2e2750986714962a53b668d2d9"
},
"downloads": -1,
"filename": "cdklabs.cdk_ssm_documents-0.0.47-py3-none-any.whl",
"has_sig": false,
"md5_digest": "baa1104bd435342e32a504f49c8d5601",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "~=3.8",
"size": 17712940,
"upload_time": "2024-11-15T21:22:06",
"upload_time_iso_8601": "2024-11-15T21:22:06.956007Z",
"url": "https://files.pythonhosted.org/packages/2f/11/4f3572e03048358f178d86e996642c9c328409a3528066f02557c536c3db/cdklabs.cdk_ssm_documents-0.0.47-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "608bdc44cc66a6cc359d6798f5c68fb532e4b106014da8416eec5cabbbd402c8",
"md5": "7b85f495ec8ea94d3d40ca8ca0b88c92",
"sha256": "2490644ba105c53547340edb033094a64bf3f8643fb60e16830a67b1bfdca29d"
},
"downloads": -1,
"filename": "cdklabs_cdk_ssm_documents-0.0.47.tar.gz",
"has_sig": false,
"md5_digest": "7b85f495ec8ea94d3d40ca8ca0b88c92",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "~=3.8",
"size": 17713276,
"upload_time": "2024-11-15T21:22:09",
"upload_time_iso_8601": "2024-11-15T21:22:09.955729Z",
"url": "https://files.pythonhosted.org/packages/60/8b/dc44cc66a6cc359d6798f5c68fb532e4b106014da8416eec5cabbbd402c8/cdklabs_cdk_ssm_documents-0.0.47.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-11-15 21:22:09",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "cdklabs",
"github_project": "cdk-ssm-documents",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "cdklabs.cdk-ssm-documents"
}
JSON
