Menu
Sign In to the Console
Amazon Elastic Compute Cloud
User Guide for Linux Instances

How to Use a Shared SSM Document

When you share an SSM document, the system generates an Amazon Resource Name (ARN) and assigns it to the command. If you select and execute a shared document from the Amazon EC2 console, you do not see the ARN. However, if you want to execute a shared SSM document from a command line application, you must specify a full ARN. You are shown the full ARN for an SSM document when you execute the command to list documents.

Note

You are not required to specify ARNs for AWS public documents (documents that begin with AWS-*) or commands that you own.

This section includes examples of how to view and execute shared SSM documents from the AWS CLI and AWS Tools for Windows PowerShell.

Using a Shared SSM Document from the AWS CLI

To list all public SSM documents

aws ssm list-documents --document-filter-list key=Owner,value=Public

To list private SSM documents that have been shared with you

aws ssm list-documents --document-filter-list key=Owner,value=Private

To list all SSM documents available to you

aws ssm list-documents --document-filter-list key=Owner,value=All

Execute a command from a shared SSM document using a full ARN

aws ssm send-command --document-name <FullARN>/<name>

For example:

aws ssm send-command --document-name arn:aws:ssm:us-east-1:12345678912:document/highAvailabilityServerSetup --instance-ids i-12121212

Using a Shared SSM Document from the AWS Tools for Windows PowerShell

To list all public SSM documents

Get-SSMDocumentList -DocumentFilterList @(New-Object Amazon.SimpleSystemsManagement.Model.DocumentFilter("Owner", "Public"))

To list private SSM documents that have been shared with you

Get-SSMDocumentList -DocumentFilterList @(New-Object Amazon.SimpleSystemsManagement.Model.DocumentFilter("Owner", "Shared"))

To get information about an SSM document that has been shared with you

Get-SSMDocument –Name <FullARN>/<name>

For example:

Get-SSMDocument –Name arn:aws:ssm:us-east-1:12345678912:document/highAvailabilityServerSetup

To get a description of an SSM document that has been shared with you

Get-SSMDocumentDescription –Name <FullARN>/<name>

For example:

Get-SSMDocumentDescription –Name arn:aws:ssm:us-east-1:12345678912:document/highAvailabilityServerSetup

To execute a command from a shared SSM document using a full ARN

Send-SSMCommand –DocumentName <FullARN>/<name> –InstanceId IDs

For example:

Send-SSMCommand –DocumentName arn:aws:ssm:us-east-1:555450671542:document/highAvailabilityServerSetup –InstanceId @{“i-273d4e9e”}