aws-sdk-ssm 1.101.0 → 1.106.0

data/lib/aws-sdk-ssm/client_api.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 
@@ -117,6 +117,7 @@ module Aws::SSM
     BaselineDescription = Shapes::StringShape.new(name: 'BaselineDescription')
     BaselineId = Shapes::StringShape.new(name: 'BaselineId')
     BaselineName = Shapes::StringShape.new(name: 'BaselineName')
+    BaselineOverride = Shapes::StructureShape.new(name: 'BaselineOverride')
     BatchErrorMessage = Shapes::StringShape.new(name: 'BatchErrorMessage')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     CalendarNameOrARN = Shapes::StringShape.new(name: 'CalendarNameOrARN')
@@ -337,6 +338,7 @@ module Aws::SSM
     DocumentParameterName = Shapes::StringShape.new(name: 'DocumentParameterName')
     DocumentParameterType = Shapes::StringShape.new(name: 'DocumentParameterType')
     DocumentPermissionLimit = Shapes::StructureShape.new(name: 'DocumentPermissionLimit')
+    DocumentPermissionMaxResults = Shapes::IntegerShape.new(name: 'DocumentPermissionMaxResults')
     DocumentPermissionType = Shapes::StringShape.new(name: 'DocumentPermissionType')
     DocumentRequires = Shapes::StructureShape.new(name: 'DocumentRequires')
     DocumentRequiresList = Shapes::ListShape.new(name: 'DocumentRequiresList')
@@ -1416,6 +1418,17 @@ module Aws::SSM
     AutomationStepNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "Message"))
     AutomationStepNotFoundException.struct_class = Types::AutomationStepNotFoundException
 
+    BaselineOverride.add_member(:operating_system, Shapes::ShapeRef.new(shape: OperatingSystem, location_name: "OperatingSystem"))
+    BaselineOverride.add_member(:global_filters, Shapes::ShapeRef.new(shape: PatchFilterGroup, location_name: "GlobalFilters"))
+    BaselineOverride.add_member(:approval_rules, Shapes::ShapeRef.new(shape: PatchRuleGroup, location_name: "ApprovalRules"))
+    BaselineOverride.add_member(:approved_patches, Shapes::ShapeRef.new(shape: PatchIdList, location_name: "ApprovedPatches"))
+    BaselineOverride.add_member(:approved_patches_compliance_level, Shapes::ShapeRef.new(shape: PatchComplianceLevel, location_name: "ApprovedPatchesComplianceLevel"))
+    BaselineOverride.add_member(:rejected_patches, Shapes::ShapeRef.new(shape: PatchIdList, location_name: "RejectedPatches"))
+    BaselineOverride.add_member(:rejected_patches_action, Shapes::ShapeRef.new(shape: PatchAction, location_name: "RejectedPatchesAction"))
+    BaselineOverride.add_member(:approved_patches_enable_non_security, Shapes::ShapeRef.new(shape: Boolean, location_name: "ApprovedPatchesEnableNonSecurity"))
+    BaselineOverride.add_member(:sources, Shapes::ShapeRef.new(shape: PatchSourceList, location_name: "Sources"))
+    BaselineOverride.struct_class = Types::BaselineOverride
+
     CalendarNameOrARNList.member = Shapes::ShapeRef.new(shape: CalendarNameOrARN)
 
     CancelCommandRequest.add_member(:command_id, Shapes::ShapeRef.new(shape: CommandId, required: true, location_name: "CommandId"))
@@ -1672,6 +1685,7 @@ module Aws::SSM
 
     CreateOpsMetadataRequest.add_member(:resource_id, Shapes::ShapeRef.new(shape: OpsMetadataResourceId, required: true, location_name: "ResourceId"))
     CreateOpsMetadataRequest.add_member(:metadata, Shapes::ShapeRef.new(shape: MetadataMap, location_name: "Metadata"))
+    CreateOpsMetadataRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
     CreateOpsMetadataRequest.struct_class = Types::CreateOpsMetadataRequest
 
     CreateOpsMetadataResult.add_member(:ops_metadata_arn, Shapes::ShapeRef.new(shape: OpsMetadataArn, location_name: "OpsMetadataArn"))
@@ -1878,10 +1892,13 @@ module Aws::SSM
 
     DescribeDocumentPermissionRequest.add_member(:name, Shapes::ShapeRef.new(shape: DocumentName, required: true, location_name: "Name"))
     DescribeDocumentPermissionRequest.add_member(:permission_type, Shapes::ShapeRef.new(shape: DocumentPermissionType, required: true, location_name: "PermissionType"))
+    DescribeDocumentPermissionRequest.add_member(:max_results, Shapes::ShapeRef.new(shape: DocumentPermissionMaxResults, location_name: "MaxResults", metadata: {"box"=>true}))
+    DescribeDocumentPermissionRequest.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
     DescribeDocumentPermissionRequest.struct_class = Types::DescribeDocumentPermissionRequest
 
     DescribeDocumentPermissionResponse.add_member(:account_ids, Shapes::ShapeRef.new(shape: AccountIdList, location_name: "AccountIds"))
     DescribeDocumentPermissionResponse.add_member(:account_sharing_info_list, Shapes::ShapeRef.new(shape: AccountSharingInfoList, location_name: "AccountSharingInfoList"))
+    DescribeDocumentPermissionResponse.add_member(:next_token, Shapes::ShapeRef.new(shape: NextToken, location_name: "NextToken"))
     DescribeDocumentPermissionResponse.struct_class = Types::DescribeDocumentPermissionResponse
 
     DescribeDocumentRequest.add_member(:name, Shapes::ShapeRef.new(shape: DocumentARN, required: true, location_name: "Name"))
@@ -2334,6 +2351,7 @@ module Aws::SSM
 
     GetDeployablePatchSnapshotForInstanceRequest.add_member(:instance_id, Shapes::ShapeRef.new(shape: InstanceId, required: true, location_name: "InstanceId"))
     GetDeployablePatchSnapshotForInstanceRequest.add_member(:snapshot_id, Shapes::ShapeRef.new(shape: SnapshotId, required: true, location_name: "SnapshotId"))
+    GetDeployablePatchSnapshotForInstanceRequest.add_member(:baseline_override, Shapes::ShapeRef.new(shape: BaselineOverride, location_name: "BaselineOverride"))
     GetDeployablePatchSnapshotForInstanceRequest.struct_class = Types::GetDeployablePatchSnapshotForInstanceRequest
 
     GetDeployablePatchSnapshotForInstanceResult.add_member(:instance_id, Shapes::ShapeRef.new(shape: InstanceId, location_name: "InstanceId"))
@@ -4842,7 +4860,9 @@ module Aws::SSM
         o.output = Shapes::ShapeRef.new(shape: DescribeDocumentPermissionResponse)
         o.errors << Shapes::ShapeRef.new(shape: InternalServerError)
         o.errors << Shapes::ShapeRef.new(shape: InvalidDocument)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidNextToken)
         o.errors << Shapes::ShapeRef.new(shape: InvalidPermissionType)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidDocumentOperation)
       end)
 
       api.add_operation(:describe_effective_instance_associations, Seahorse::Model::Operation.new.tap do |o|

data/lib/aws-sdk-ssm/errors.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 

data/lib/aws-sdk-ssm/resource.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 

data/lib/aws-sdk-ssm/types.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 
@@ -100,7 +100,7 @@ module Aws::SSM
     #   data as a hash:
     #
     #       {
-    #         resource_type: "Document", # required, accepts Document, ManagedInstance, MaintenanceWindow, Parameter, PatchBaseline, OpsItem
+    #         resource_type: "Document", # required, accepts Document, ManagedInstance, MaintenanceWindow, Parameter, PatchBaseline, OpsItem, OpsMetadata
     #         resource_id: "ResourceId", # required
     #         tags: [ # required
     #           {
@@ -132,6 +132,15 @@ module Aws::SSM
     #
     #   PatchBaseline: pb-012345abcde
     #
+    #   OpsMetadata object: `ResourceID` for tagging is created from the
+    #   Amazon Resource Name (ARN) for the object. Specifically,
+    #   `ResourceID` is created from the strings that come after the word
+    #   `opsmetadata` in the ARN. For example, an OpsMetadata object with an
+    #   ARN of
+    #   `arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager`
+    #   has a `ResourceID` of either `aws/ssm/MyGroup/appmanager` or
+    #   `/aws/ssm/MyGroup/appmanager`.
+    #
     #   For the Document and Parameter values, use the name of the resource.
     #
     #   <note markdown="1"> The ManagedInstance type for this API action is only for on-premises
@@ -1219,10 +1228,7 @@ module Aws::SSM
     #       }
     #
     # @!attribute [rw] key
-    #   One or more keys to limit the results. Valid filter keys include the
-    #   following: DocumentNamePrefix, ExecutionStatus, ExecutionId,
-    #   ParentExecutionId, CurrentAction, StartTimeBefore, StartTimeAfter,
-    #   TargetResourceGroup.
+    #   One or more keys to limit the results.
     #   @return [String]
     #
     # @!attribute [rw] values
@@ -1452,6 +1458,132 @@ module Aws::SSM
       include Aws::Structure
     end
 
+    # Defines the basic information about a patch baseline override.
+    #
+    # @note When making an API call, you may pass BaselineOverride
+    #   data as a hash:
+    #
+    #       {
+    #         operating_system: "WINDOWS", # accepts WINDOWS, AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS
+    #         global_filters: {
+    #           patch_filters: [ # required
+    #             {
+    #               key: "ARCH", # required, accepts ARCH, ADVISORY_ID, BUGZILLA_ID, PATCH_SET, PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, CVE_ID, EPOCH, MSRC_SEVERITY, NAME, PATCH_ID, SECTION, PRIORITY, REPOSITORY, RELEASE, SEVERITY, SECURITY, VERSION
+    #               values: ["PatchFilterValue"], # required
+    #             },
+    #           ],
+    #         },
+    #         approval_rules: {
+    #           patch_rules: [ # required
+    #             {
+    #               patch_filter_group: { # required
+    #                 patch_filters: [ # required
+    #                   {
+    #                     key: "ARCH", # required, accepts ARCH, ADVISORY_ID, BUGZILLA_ID, PATCH_SET, PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, CVE_ID, EPOCH, MSRC_SEVERITY, NAME, PATCH_ID, SECTION, PRIORITY, REPOSITORY, RELEASE, SEVERITY, SECURITY, VERSION
+    #                     values: ["PatchFilterValue"], # required
+    #                   },
+    #                 ],
+    #               },
+    #               compliance_level: "CRITICAL", # accepts CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED
+    #               approve_after_days: 1,
+    #               approve_until_date: "PatchStringDateTime",
+    #               enable_non_security: false,
+    #             },
+    #           ],
+    #         },
+    #         approved_patches: ["PatchId"],
+    #         approved_patches_compliance_level: "CRITICAL", # accepts CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED
+    #         rejected_patches: ["PatchId"],
+    #         rejected_patches_action: "ALLOW_AS_DEPENDENCY", # accepts ALLOW_AS_DEPENDENCY, BLOCK
+    #         approved_patches_enable_non_security: false,
+    #         sources: [
+    #           {
+    #             name: "PatchSourceName", # required
+    #             products: ["PatchSourceProduct"], # required
+    #             configuration: "PatchSourceConfiguration", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] operating_system
+    #   The operating system rule used by the patch baseline override.
+    #   @return [String]
+    #
+    # @!attribute [rw] global_filters
+    #   A set of patch filters, typically used for approval rules.
+    #   @return [Types::PatchFilterGroup]
+    #
+    # @!attribute [rw] approval_rules
+    #   A set of rules defining the approval rules for a patch baseline.
+    #   @return [Types::PatchRuleGroup]
+    #
+    # @!attribute [rw] approved_patches
+    #   A list of explicitly approved patches for the baseline.
+    #
+    #   For information about accepted formats for lists of approved patches
+    #   and rejected patches, see [About package name formats for approved
+    #   and rejected patch lists][1] in the *AWS Systems Manager User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] approved_patches_compliance_level
+    #   Defines the compliance level for approved patches. When an approved
+    #   patch is reported as missing, this value describes the severity of
+    #   the compliance violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] rejected_patches
+    #   A list of explicitly rejected patches for the baseline.
+    #
+    #   For information about accepted formats for lists of approved patches
+    #   and rejected patches, see [About package name formats for approved
+    #   and rejected patch lists][1] in the *AWS Systems Manager User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] rejected_patches_action
+    #   The action for Patch Manager to take on patches included in the
+    #   RejectedPackages list. A patch can be allowed only if it is a
+    #   dependency of another package, or blocked entirely along with
+    #   packages that include it as a dependency.
+    #   @return [String]
+    #
+    # @!attribute [rw] approved_patches_enable_non_security
+    #   Indicates whether the list of approved patches includes non-security
+    #   updates that should be applied to the instances. The default value
+    #   is 'false'. Applies to Linux instances only.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] sources
+    #   Information about the patches to use to update the instances,
+    #   including target operating systems and source repositories. Applies
+    #   to Linux instances only.
+    #   @return [Array<Types::PatchSource>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/BaselineOverride AWS API Documentation
+    #
+    class BaselineOverride < Struct.new(
+      :operating_system,
+      :global_filters,
+      :approval_rules,
+      :approved_patches,
+      :approved_patches_compliance_level,
+      :rejected_patches,
+      :rejected_patches_action,
+      :approved_patches_enable_non_security,
+      :sources)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CancelCommandRequest
     #   data as a hash:
     #
@@ -3509,6 +3641,12 @@ module Aws::SSM
     #             value: "MetadataValueString",
     #           },
     #         },
+    #         tags: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] resource_id
@@ -3519,11 +3657,25 @@ module Aws::SSM
     #   Metadata for a new Application Manager application.
     #   @return [Hash<String,Types::MetadataValue>]
     #
+    # @!attribute [rw] tags
+    #   Optional metadata that you assign to a resource. You can specify a
+    #   maximum of five tags for an OpsMetadata object. Tags enable you to
+    #   categorize a resource in different ways, such as by purpose, owner,
+    #   or environment. For example, you might want to tag an OpsMetadata
+    #   object to identify an environment or target AWS Region. In this
+    #   case, you could specify the following key-value pairs:
+    #
+    #   * `Key=Environment,Value=Production`
+    #
+    #   * `Key=Region,Value=us-east-2`
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/CreateOpsMetadataRequest AWS API Documentation
     #
     class CreateOpsMetadataRequest < Struct.new(
       :resource_id,
-      :metadata)
+      :metadata,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3626,8 +3778,8 @@ module Aws::SSM
     #   @return [Array<String>]
     #
     # @!attribute [rw] approved_patches_compliance_level
-    #   Defines the compliance level for approved patches. This means that
-    #   if an approved patch is reported as missing, this is the severity of
+    #   Defines the compliance level for approved patches. When an approved
+    #   patch is reported as missing, this value describes the severity of
     #   the compliance violation. The default value is UNSPECIFIED.
     #   @return [String]
     #
@@ -4822,6 +4974,8 @@ module Aws::SSM
     #       {
     #         name: "DocumentName", # required
     #         permission_type: "Share", # required, accepts Share
+    #         max_results: 1,
+    #         next_token: "NextToken",
     #       }
     #
     # @!attribute [rw] name
@@ -4833,11 +4987,24 @@ module Aws::SSM
     #   *Share*.
     #   @return [String]
     #
+    # @!attribute [rw] max_results
+    #   The maximum number of items to return for this call. The call also
+    #   returns a token that you can specify in a subsequent call to get the
+    #   next set of results.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_token
+    #   The token for the next set of items to return. (You received this
+    #   token from a previous call.)
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DescribeDocumentPermissionRequest AWS API Documentation
     #
     class DescribeDocumentPermissionRequest < Struct.new(
       :name,
-      :permission_type)
+      :permission_type,
+      :max_results,
+      :next_token)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4852,11 +5019,17 @@ module Aws::SSM
     #   version shared with each account.
     #   @return [Array<Types::AccountSharingInfo>]
     #
+    # @!attribute [rw] next_token
+    #   The token for the next set of items to return. Use this token to get
+    #   the next set of results.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/DescribeDocumentPermissionResponse AWS API Documentation
     #
     class DescribeDocumentPermissionResponse < Struct.new(
       :account_ids,
-      :account_sharing_info_list)
+      :account_sharing_info_list,
+      :next_token)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -7460,12 +7633,14 @@ module Aws::SSM
     #   @return [String]
     #
     # @!attribute [rw] plugin_name
-    #   (Optional) The name of the plugin for which you want detailed
-    #   results. If the document contains only one plugin, the name can be
-    #   omitted and the details will be returned.
+    #   The name of the plugin for which you want detailed results. If the
+    #   document contains only one plugin, you can omit the name and details
+    #   for that plugin are returned. If the document contains more than one
+    #   plugin, you must specify the name of the plugin for which you want
+    #   to view details.
     #
-    #   Plugin names are also referred to as step names in Systems Manager
-    #   documents.
+    #   Plugin names are also referred to as *step names* in Systems Manager
+    #   documents. For example, `aws:RunShellScript` is a plugin.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/GetCommandInvocationRequest AWS API Documentation
@@ -7502,8 +7677,8 @@ module Aws::SSM
     #   @return [String]
     #
     # @!attribute [rw] plugin_name
-    #   The name of the plugin for which you want detailed results. For
-    #   example, aws:RunShellScript is a plugin.
+    #   The name of the plugin, or *step name*, for which details are
+    #   reported. For example, `aws:RunShellScript` is a plugin.
     #   @return [String]
     #
     # @!attribute [rw] response_code
@@ -7735,6 +7910,47 @@ module Aws::SSM
     #       {
     #         instance_id: "InstanceId", # required
     #         snapshot_id: "SnapshotId", # required
+    #         baseline_override: {
+    #           operating_system: "WINDOWS", # accepts WINDOWS, AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS
+    #           global_filters: {
+    #             patch_filters: [ # required
+    #               {
+    #                 key: "ARCH", # required, accepts ARCH, ADVISORY_ID, BUGZILLA_ID, PATCH_SET, PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, CVE_ID, EPOCH, MSRC_SEVERITY, NAME, PATCH_ID, SECTION, PRIORITY, REPOSITORY, RELEASE, SEVERITY, SECURITY, VERSION
+    #                 values: ["PatchFilterValue"], # required
+    #               },
+    #             ],
+    #           },
+    #           approval_rules: {
+    #             patch_rules: [ # required
+    #               {
+    #                 patch_filter_group: { # required
+    #                   patch_filters: [ # required
+    #                     {
+    #                       key: "ARCH", # required, accepts ARCH, ADVISORY_ID, BUGZILLA_ID, PATCH_SET, PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, CVE_ID, EPOCH, MSRC_SEVERITY, NAME, PATCH_ID, SECTION, PRIORITY, REPOSITORY, RELEASE, SEVERITY, SECURITY, VERSION
+    #                       values: ["PatchFilterValue"], # required
+    #                     },
+    #                   ],
+    #                 },
+    #                 compliance_level: "CRITICAL", # accepts CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED
+    #                 approve_after_days: 1,
+    #                 approve_until_date: "PatchStringDateTime",
+    #                 enable_non_security: false,
+    #               },
+    #             ],
+    #           },
+    #           approved_patches: ["PatchId"],
+    #           approved_patches_compliance_level: "CRITICAL", # accepts CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED
+    #           rejected_patches: ["PatchId"],
+    #           rejected_patches_action: "ALLOW_AS_DEPENDENCY", # accepts ALLOW_AS_DEPENDENCY, BLOCK
+    #           approved_patches_enable_non_security: false,
+    #           sources: [
+    #             {
+    #               name: "PatchSourceName", # required
+    #               products: ["PatchSourceProduct"], # required
+    #               configuration: "PatchSourceConfiguration", # required
+    #             },
+    #           ],
+    #         },
     #       }
     #
     # @!attribute [rw] instance_id
@@ -7746,11 +7962,16 @@ module Aws::SSM
     #   The user-defined snapshot ID.
     #   @return [String]
     #
+    # @!attribute [rw] baseline_override
+    #   Defines the basic information about a patch baseline override.
+    #   @return [Types::BaselineOverride]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/GetDeployablePatchSnapshotForInstanceRequest AWS API Documentation
     #
     class GetDeployablePatchSnapshotForInstanceRequest < Struct.new(
       :instance_id,
-      :snapshot_id)
+      :snapshot_id,
+      :baseline_override)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -8917,9 +9138,11 @@ module Aws::SSM
     #
     # @!attribute [rw] path
     #   The hierarchy for the parameter. Hierarchies start with a forward
-    #   slash (/) and end with the parameter name. A parameter name
-    #   hierarchy can have a maximum of 15 levels. Here is an example of a
-    #   hierarchy: `/Finance/Prod/IAD/WinServ2016/license33`
+    #   slash (/). The hierachy is the parameter name except the last part
+    #   of the parameter. For the API call to succeeed, the last part of the
+    #   parameter name cannot be in the path. A parameter name hierarchy can
+    #   have a maximum of 15 levels. Here is an example of a hierarchy:
+    #   `/Finance/Prod/IAD/WinServ2016/license33 `
     #   @return [String]
     #
     # @!attribute [rw] recursive
@@ -9207,6 +9430,8 @@ module Aws::SSM
     #
     # @!attribute [rw] setting_id
     #   The ID of the service setting to get. The setting ID can be
+    #   `/ssm/automation/customer-script-log-destination`,
+    #   `/ssm/automation/customer-script-log-group-name`,
     #   `/ssm/parameter-store/default-parameter-tier`,
     #   `/ssm/parameter-store/high-throughput-enabled`, or
     #   `/ssm/managed-instance/activation-tier`.
@@ -9360,6 +9585,14 @@ module Aws::SSM
 
     # An S3 bucket where you want to store the results of this request.
     #
+    # For the minimal permissions required to enable Amazon S3 output for an
+    # association, see [Creating associations][1] in the *Systems Manager
+    # User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-state-assoc.html
+    #
     # @note When making an API call, you may pass InstanceAssociationOutputLocation
     #   data as a hash:
     #
@@ -9664,6 +9897,11 @@ module Aws::SSM
     #
     #   "InstanceIds"\|"AgentVersion"\|"PingStatus"\|"PlatformTypes"\|"ActivationIds"\|"IamRole"\|"ResourceType"\|"AssociationStatus"\|"Tag
     #   Key"
+    #
+    #   `Tag key` is not a valid filter. You must specify either `tag-key`
+    #   or `tag:keyname` and a string. Here are some valid examples:
+    #   tag-key, tag:123, tag:al!, tag:Windows. Here are some *invalid*
+    #   examples: tag-keys, Tag Key, tag:, tagKey, abc:keyname.
     #   @return [String]
     #
     # @!attribute [rw] values
@@ -11611,13 +11849,19 @@ module Aws::SSM
     #   @return [Array<Types::DocumentFilter>]
     #
     # @!attribute [rw] filters
-    #   One or more DocumentKeyValuesFilter objects. Use a filter to return
-    #   a more specific list of results. For keys, you can specify one or
-    #   more key-value pair tags that have been applied to a document. Other
-    #   valid keys include `Owner`, `Name`, `PlatformTypes`, `DocumentType`,
-    #   and `TargetType`. For example, to return documents you own use
-    #   `Key=Owner,Values=Self`. To specify a custom key-value pair, use the
-    #   format `Key=tag:tagName,Values=valueName`.
+    #   One or more `DocumentKeyValuesFilter` objects. Use a filter to
+    #   return a more specific list of results. For keys, you can specify
+    #   one or more key-value pair tags that have been applied to a
+    #   document. Other valid keys include `Owner`, `Name`, `PlatformTypes`,
+    #   `DocumentType`, and `TargetType`. For example, to return documents
+    #   you own use `Key=Owner,Values=Self`. To specify a custom key-value
+    #   pair, use the format `Key=tag:tagName,Values=valueName`.
+    #
+    #   <note markdown="1"> This API action only supports filtering documents by using a single
+    #   tag key and one or more tag values. For example:
+    #   `Key=tag:tagName,Values=valueName1,valueName2`
+    #
+    #    </note>
     #   @return [Array<Types::DocumentKeyValuesFilter>]
     #
     # @!attribute [rw] max_results
@@ -11993,7 +12237,7 @@ module Aws::SSM
     #   data as a hash:
     #
     #       {
-    #         resource_type: "Document", # required, accepts Document, ManagedInstance, MaintenanceWindow, Parameter, PatchBaseline, OpsItem
+    #         resource_type: "Document", # required, accepts Document, ManagedInstance, MaintenanceWindow, Parameter, PatchBaseline, OpsItem, OpsMetadata
     #         resource_id: "ResourceId", # required
     #       }
     #
@@ -14782,13 +15026,14 @@ module Aws::SSM
     #   The number of days after the release date of each patch matched by
     #   the rule that the patch is marked as approved in the patch baseline.
     #   For example, a value of `7` means that patches are approved seven
-    #   days after they are released. Not supported on Ubuntu Server.
+    #   days after they are released. Not supported on Debian Server or
+    #   Ubuntu Server.
     #   @return [Integer]
     #
     # @!attribute [rw] approve_until_date
     #   The cutoff date for auto approval of released patches. Any patches
     #   released on or before this date are installed automatically. Not
-    #   supported on Ubuntu Server.
+    #   supported on Debian Server or Ubuntu Server.
     #
     #   Enter dates in the format `YYYY-MM-DD`. For example, `2020-12-31`.
     #   @return [String]
@@ -14877,11 +15122,20 @@ module Aws::SSM
     #
     #   `[main]`
     #
-    #   `cachedir=/var/cache/yum/$basesearch$releasever`
+    #   `name=MyCustomRepository`
     #
-    #   `keepcache=0`
+    #   `baseurl=https://my-custom-repository`
     #
-    #   `debuglevel=2`
+    #   `enabled=1`
+    #
+    #   <note markdown="1"> For information about other options available for your yum
+    #   repository configuration, see [dnf.conf(5)][1].
+    #
+    #    </note>
+    #
+    #
+    #
+    #   [1]: https://man7.org/linux/man-pages/man5/dnf.conf.5.html
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/PatchSource AWS API Documentation
@@ -15163,7 +15417,11 @@ module Aws::SSM
     #     (case-insensitive).
     #
     #   * Parameter names can include only the following symbols and
-    #     letters: `a-zA-Z0-9_.-/`
+    #     letters: `a-zA-Z0-9_.-`
+    #
+    #     In addition, the slash character ( / ) is used to delineate
+    #     hierarchies in parameter names. For example:
+    #     `/Dev/Production/East/Project-ABC/MyParameter`
     #
     #   * A parameter name can't include spaces.
     #
@@ -15171,8 +15429,8 @@ module Aws::SSM
     #     levels.
     #
     #   For additional information about valid values for parameter names,
-    #   see [About requirements and constraints for parameter names][1] in
-    #   the *AWS Systems Manager User Guide*.
+    #   see [Creating Systems Manager parameters][1] in the *AWS Systems
+    #   Manager User Guide*.
     #
     #   <note markdown="1"> The maximum length constraint listed below includes capacity for
     #   additional system attributes that are not part of the name. The
@@ -15186,7 +15444,7 @@ module Aws::SSM
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-parameter-name-constraints.html
+    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-create.html
     #   @return [String]
     #
     # @!attribute [rw] description
@@ -15552,6 +15810,14 @@ module Aws::SSM
     #   The targets to register with the maintenance window. In other words,
     #   the instances to run commands on when the maintenance window runs.
     #
+    #   <note markdown="1"> If a single maintenance window task is registered with multiple
+    #   targets, its task invocations occur sequentially and not in
+    #   parallel. If your task must run on multiple targets at the same
+    #   time, register a task for each target individually and assign each
+    #   task the same priority level.
+    #
+    #    </note>
+    #
     #   You can specify targets using instance IDs, resource group names, or
     #   tags that have been applied to instances.
     #
@@ -15722,7 +15988,7 @@ module Aws::SSM
     #   Command-type tasks. Depending on the task, targets are optional for
     #   other maintenance window task types (Automation, AWS Lambda, and AWS
     #   Step Functions). For more information about running tasks that do
-    #   not specify targets, see see [Registering maintenance window tasks
+    #   not specify targets, see [Registering maintenance window tasks
     #   without targets][1] in the *AWS Systems Manager User Guide*.
     #
     #    </note>
@@ -15907,7 +16173,7 @@ module Aws::SSM
     #   data as a hash:
     #
     #       {
-    #         resource_type: "Document", # required, accepts Document, ManagedInstance, MaintenanceWindow, Parameter, PatchBaseline, OpsItem
+    #         resource_type: "Document", # required, accepts Document, ManagedInstance, MaintenanceWindow, Parameter, PatchBaseline, OpsItem, OpsMetadata
     #         resource_id: "ResourceId", # required
     #         tag_keys: ["TagKey"], # required
     #       }
@@ -15932,6 +16198,15 @@ module Aws::SSM
     #
     #   PatchBaseline: pb-012345abcde
     #
+    #   OpsMetadata object: `ResourceID` for tagging is created from the
+    #   Amazon Resource Name (ARN) for the object. Specifically,
+    #   `ResourceID` is created from the strings that come after the word
+    #   `opsmetadata` in the ARN. For example, an OpsMetadata object with an
+    #   ARN of
+    #   `arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager`
+    #   has a `ResourceID` of either `aws/ssm/MyGroup/appmanager` or
+    #   `/aws/ssm/MyGroup/appmanager`.
+    #
     #   For the Document and Parameter values, use the name of the resource.
     #
     #   <note markdown="1"> The ManagedInstance type for this API action is only for on-premises
@@ -15970,7 +16245,9 @@ module Aws::SSM
     #
     # @!attribute [rw] setting_id
     #   The Amazon Resource Name (ARN) of the service setting to reset. The
-    #   setting ID can be `/ssm/parameter-store/default-parameter-tier`,
+    #   setting ID can be `/ssm/automation/customer-script-log-destination`,
+    #   `/ssm/automation/customer-script-log-group-name`,
+    #   `/ssm/parameter-store/default-parameter-tier`,
     #   `/ssm/parameter-store/high-throughput-enabled`, or
     #   `/ssm/managed-instance/activation-tier`. For example,
     #   `arn:aws:ssm:us-east-1:111122223333:servicesetting/ssm/parameter-store/high-throughput-enabled`.
@@ -16908,8 +17185,15 @@ module Aws::SSM
     #   @return [Array<Types::Target>]
     #
     # @!attribute [rw] document_name
-    #   Required. The name of the Systems Manager document to run. This can
-    #   be a public document or a custom document.
+    #   The name of the Systems Manager document to run. This can be a
+    #   public document or a custom document. To run a shared document
+    #   belonging to another account, specify the document ARN. For more
+    #   information about how to use shared documents, see [Using shared SSM
+    #   documents][1] in the *AWS Systems Manager User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-using-shared.html
     #   @return [String]
     #
     # @!attribute [rw] document_version
@@ -17387,7 +17671,15 @@ module Aws::SSM
     #       }
     #
     # @!attribute [rw] document_name
-    #   The name of the Automation document to use for this execution.
+    #   The name of the Systems Manager document to run. This can be a
+    #   public document or a custom document. To run a shared document
+    #   belonging to another account, specify the document ARN. For more
+    #   information about how to use shared documents, see [Using shared SSM
+    #   documents][1] in the *AWS Systems Manager User Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/ssm-using-shared.html
     #   @return [String]
     #
     # @!attribute [rw] document_version
@@ -17971,7 +18263,7 @@ module Aws::SSM
     # Command-type tasks. Depending on the task, targets are optional for
     # other maintenance window task types (Automation, AWS Lambda, and AWS
     # Step Functions). For more information about running tasks that do not
-    # specify targets, see see [Registering maintenance window tasks without
+    # specify targets, see [Registering maintenance window tasks without
     # targets][1] in the *AWS Systems Manager User Guide*.
     #
     #  </note>
@@ -19154,7 +19446,7 @@ module Aws::SSM
     #   Command-type tasks. Depending on the task, targets are optional for
     #   other maintenance window task types (Automation, AWS Lambda, and AWS
     #   Step Functions). For more information about running tasks that do
-    #   not specify targets, see see [Registering maintenance window tasks
+    #   not specify targets, see [Registering maintenance window tasks
     #   without targets][1] in the *AWS Systems Manager User Guide*.
     #
     #    </note>
@@ -19947,6 +20239,10 @@ module Aws::SSM
     #   `arn:aws:ssm:us-east-1:111122223333:servicesetting/ssm/parameter-store/high-throughput-enabled`.
     #   The setting ID can be one of the following.
     #
+    #   * `/ssm/automation/customer-script-log-destination`
+    #
+    #   * `/ssm/automation/customer-script-log-group-name`
+    #
     #   * `/ssm/parameter-store/default-parameter-tier`
     #
     #   * `/ssm/parameter-store/high-throughput-enabled`
@@ -19968,6 +20264,12 @@ module Aws::SSM
     #   For the `/ssm/parameter-store/high-throughput-enabled`, and
     #   `/ssm/managed-instance/activation-tier` setting IDs, the setting
     #   value can be true or false.
+    #
+    #   For the `/ssm/automation/customer-script-log-destination` setting
+    #   ID, the setting value can be CloudWatch.
+    #
+    #   For the `/ssm/automation/customer-script-log-group-name` setting ID,
+    #   the setting value can be the name of a CloudWatch Logs log group.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/UpdateServiceSettingRequest AWS API Documentation