aws-sdk-ssm 1.104.0 → 1.106.0

data/lib/aws-sdk-ssm/client_api.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 
@@ -117,6 +117,7 @@ module Aws::SSM
     BaselineDescription = Shapes::StringShape.new(name: 'BaselineDescription')
     BaselineId = Shapes::StringShape.new(name: 'BaselineId')
     BaselineName = Shapes::StringShape.new(name: 'BaselineName')
+    BaselineOverride = Shapes::StructureShape.new(name: 'BaselineOverride')
     BatchErrorMessage = Shapes::StringShape.new(name: 'BatchErrorMessage')
     Boolean = Shapes::BooleanShape.new(name: 'Boolean')
     CalendarNameOrARN = Shapes::StringShape.new(name: 'CalendarNameOrARN')
@@ -1417,6 +1418,17 @@ module Aws::SSM
     AutomationStepNotFoundException.add_member(:message, Shapes::ShapeRef.new(shape: String, location_name: "Message"))
     AutomationStepNotFoundException.struct_class = Types::AutomationStepNotFoundException
 
+    BaselineOverride.add_member(:operating_system, Shapes::ShapeRef.new(shape: OperatingSystem, location_name: "OperatingSystem"))
+    BaselineOverride.add_member(:global_filters, Shapes::ShapeRef.new(shape: PatchFilterGroup, location_name: "GlobalFilters"))
+    BaselineOverride.add_member(:approval_rules, Shapes::ShapeRef.new(shape: PatchRuleGroup, location_name: "ApprovalRules"))
+    BaselineOverride.add_member(:approved_patches, Shapes::ShapeRef.new(shape: PatchIdList, location_name: "ApprovedPatches"))
+    BaselineOverride.add_member(:approved_patches_compliance_level, Shapes::ShapeRef.new(shape: PatchComplianceLevel, location_name: "ApprovedPatchesComplianceLevel"))
+    BaselineOverride.add_member(:rejected_patches, Shapes::ShapeRef.new(shape: PatchIdList, location_name: "RejectedPatches"))
+    BaselineOverride.add_member(:rejected_patches_action, Shapes::ShapeRef.new(shape: PatchAction, location_name: "RejectedPatchesAction"))
+    BaselineOverride.add_member(:approved_patches_enable_non_security, Shapes::ShapeRef.new(shape: Boolean, location_name: "ApprovedPatchesEnableNonSecurity"))
+    BaselineOverride.add_member(:sources, Shapes::ShapeRef.new(shape: PatchSourceList, location_name: "Sources"))
+    BaselineOverride.struct_class = Types::BaselineOverride
+
     CalendarNameOrARNList.member = Shapes::ShapeRef.new(shape: CalendarNameOrARN)
 
     CancelCommandRequest.add_member(:command_id, Shapes::ShapeRef.new(shape: CommandId, required: true, location_name: "CommandId"))
@@ -1673,6 +1685,7 @@ module Aws::SSM
 
     CreateOpsMetadataRequest.add_member(:resource_id, Shapes::ShapeRef.new(shape: OpsMetadataResourceId, required: true, location_name: "ResourceId"))
     CreateOpsMetadataRequest.add_member(:metadata, Shapes::ShapeRef.new(shape: MetadataMap, location_name: "Metadata"))
+    CreateOpsMetadataRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
     CreateOpsMetadataRequest.struct_class = Types::CreateOpsMetadataRequest
 
     CreateOpsMetadataResult.add_member(:ops_metadata_arn, Shapes::ShapeRef.new(shape: OpsMetadataArn, location_name: "OpsMetadataArn"))
@@ -2338,6 +2351,7 @@ module Aws::SSM
 
     GetDeployablePatchSnapshotForInstanceRequest.add_member(:instance_id, Shapes::ShapeRef.new(shape: InstanceId, required: true, location_name: "InstanceId"))
     GetDeployablePatchSnapshotForInstanceRequest.add_member(:snapshot_id, Shapes::ShapeRef.new(shape: SnapshotId, required: true, location_name: "SnapshotId"))
+    GetDeployablePatchSnapshotForInstanceRequest.add_member(:baseline_override, Shapes::ShapeRef.new(shape: BaselineOverride, location_name: "BaselineOverride"))
     GetDeployablePatchSnapshotForInstanceRequest.struct_class = Types::GetDeployablePatchSnapshotForInstanceRequest
 
     GetDeployablePatchSnapshotForInstanceResult.add_member(:instance_id, Shapes::ShapeRef.new(shape: InstanceId, location_name: "InstanceId"))

data/lib/aws-sdk-ssm/errors.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 

data/lib/aws-sdk-ssm/resource.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 

data/lib/aws-sdk-ssm/types.rb

@@ -3,7 +3,7 @@
 # WARNING ABOUT GENERATED CODE
 #
 # This file is generated. See the contributing guide for more information:
-# https://github.com/aws/aws-sdk-ruby/blob/master/CONTRIBUTING.md
+# https://github.com/aws/aws-sdk-ruby/blob/version-3/CONTRIBUTING.md
 #
 # WARNING ABOUT GENERATED CODE
 
@@ -100,7 +100,7 @@ module Aws::SSM
     #   data as a hash:
     #
     #       {
-    #         resource_type: "Document", # required, accepts Document, ManagedInstance, MaintenanceWindow, Parameter, PatchBaseline, OpsItem
+    #         resource_type: "Document", # required, accepts Document, ManagedInstance, MaintenanceWindow, Parameter, PatchBaseline, OpsItem, OpsMetadata
     #         resource_id: "ResourceId", # required
     #         tags: [ # required
     #           {
@@ -132,6 +132,15 @@ module Aws::SSM
     #
     #   PatchBaseline: pb-012345abcde
     #
+    #   OpsMetadata object: `ResourceID` for tagging is created from the
+    #   Amazon Resource Name (ARN) for the object. Specifically,
+    #   `ResourceID` is created from the strings that come after the word
+    #   `opsmetadata` in the ARN. For example, an OpsMetadata object with an
+    #   ARN of
+    #   `arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager`
+    #   has a `ResourceID` of either `aws/ssm/MyGroup/appmanager` or
+    #   `/aws/ssm/MyGroup/appmanager`.
+    #
     #   For the Document and Parameter values, use the name of the resource.
     #
     #   <note markdown="1"> The ManagedInstance type for this API action is only for on-premises
@@ -1449,6 +1458,132 @@ module Aws::SSM
       include Aws::Structure
     end
 
+    # Defines the basic information about a patch baseline override.
+    #
+    # @note When making an API call, you may pass BaselineOverride
+    #   data as a hash:
+    #
+    #       {
+    #         operating_system: "WINDOWS", # accepts WINDOWS, AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS
+    #         global_filters: {
+    #           patch_filters: [ # required
+    #             {
+    #               key: "ARCH", # required, accepts ARCH, ADVISORY_ID, BUGZILLA_ID, PATCH_SET, PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, CVE_ID, EPOCH, MSRC_SEVERITY, NAME, PATCH_ID, SECTION, PRIORITY, REPOSITORY, RELEASE, SEVERITY, SECURITY, VERSION
+    #               values: ["PatchFilterValue"], # required
+    #             },
+    #           ],
+    #         },
+    #         approval_rules: {
+    #           patch_rules: [ # required
+    #             {
+    #               patch_filter_group: { # required
+    #                 patch_filters: [ # required
+    #                   {
+    #                     key: "ARCH", # required, accepts ARCH, ADVISORY_ID, BUGZILLA_ID, PATCH_SET, PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, CVE_ID, EPOCH, MSRC_SEVERITY, NAME, PATCH_ID, SECTION, PRIORITY, REPOSITORY, RELEASE, SEVERITY, SECURITY, VERSION
+    #                     values: ["PatchFilterValue"], # required
+    #                   },
+    #                 ],
+    #               },
+    #               compliance_level: "CRITICAL", # accepts CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED
+    #               approve_after_days: 1,
+    #               approve_until_date: "PatchStringDateTime",
+    #               enable_non_security: false,
+    #             },
+    #           ],
+    #         },
+    #         approved_patches: ["PatchId"],
+    #         approved_patches_compliance_level: "CRITICAL", # accepts CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED
+    #         rejected_patches: ["PatchId"],
+    #         rejected_patches_action: "ALLOW_AS_DEPENDENCY", # accepts ALLOW_AS_DEPENDENCY, BLOCK
+    #         approved_patches_enable_non_security: false,
+    #         sources: [
+    #           {
+    #             name: "PatchSourceName", # required
+    #             products: ["PatchSourceProduct"], # required
+    #             configuration: "PatchSourceConfiguration", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] operating_system
+    #   The operating system rule used by the patch baseline override.
+    #   @return [String]
+    #
+    # @!attribute [rw] global_filters
+    #   A set of patch filters, typically used for approval rules.
+    #   @return [Types::PatchFilterGroup]
+    #
+    # @!attribute [rw] approval_rules
+    #   A set of rules defining the approval rules for a patch baseline.
+    #   @return [Types::PatchRuleGroup]
+    #
+    # @!attribute [rw] approved_patches
+    #   A list of explicitly approved patches for the baseline.
+    #
+    #   For information about accepted formats for lists of approved patches
+    #   and rejected patches, see [About package name formats for approved
+    #   and rejected patch lists][1] in the *AWS Systems Manager User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] approved_patches_compliance_level
+    #   Defines the compliance level for approved patches. When an approved
+    #   patch is reported as missing, this value describes the severity of
+    #   the compliance violation.
+    #   @return [String]
+    #
+    # @!attribute [rw] rejected_patches
+    #   A list of explicitly rejected patches for the baseline.
+    #
+    #   For information about accepted formats for lists of approved patches
+    #   and rejected patches, see [About package name formats for approved
+    #   and rejected patch lists][1] in the *AWS Systems Manager User
+    #   Guide*.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/patch-manager-approved-rejected-package-name-formats.html
+    #   @return [Array<String>]
+    #
+    # @!attribute [rw] rejected_patches_action
+    #   The action for Patch Manager to take on patches included in the
+    #   RejectedPackages list. A patch can be allowed only if it is a
+    #   dependency of another package, or blocked entirely along with
+    #   packages that include it as a dependency.
+    #   @return [String]
+    #
+    # @!attribute [rw] approved_patches_enable_non_security
+    #   Indicates whether the list of approved patches includes non-security
+    #   updates that should be applied to the instances. The default value
+    #   is 'false'. Applies to Linux instances only.
+    #   @return [Boolean]
+    #
+    # @!attribute [rw] sources
+    #   Information about the patches to use to update the instances,
+    #   including target operating systems and source repositories. Applies
+    #   to Linux instances only.
+    #   @return [Array<Types::PatchSource>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/BaselineOverride AWS API Documentation
+    #
+    class BaselineOverride < Struct.new(
+      :operating_system,
+      :global_filters,
+      :approval_rules,
+      :approved_patches,
+      :approved_patches_compliance_level,
+      :rejected_patches,
+      :rejected_patches_action,
+      :approved_patches_enable_non_security,
+      :sources)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass CancelCommandRequest
     #   data as a hash:
     #
@@ -3506,6 +3641,12 @@ module Aws::SSM
     #             value: "MetadataValueString",
     #           },
     #         },
+    #         tags: [
+    #           {
+    #             key: "TagKey", # required
+    #             value: "TagValue", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] resource_id
@@ -3516,11 +3657,25 @@ module Aws::SSM
     #   Metadata for a new Application Manager application.
     #   @return [Hash<String,Types::MetadataValue>]
     #
+    # @!attribute [rw] tags
+    #   Optional metadata that you assign to a resource. You can specify a
+    #   maximum of five tags for an OpsMetadata object. Tags enable you to
+    #   categorize a resource in different ways, such as by purpose, owner,
+    #   or environment. For example, you might want to tag an OpsMetadata
+    #   object to identify an environment or target AWS Region. In this
+    #   case, you could specify the following key-value pairs:
+    #
+    #   * `Key=Environment,Value=Production`
+    #
+    #   * `Key=Region,Value=us-east-2`
+    #   @return [Array<Types::Tag>]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/CreateOpsMetadataRequest AWS API Documentation
     #
     class CreateOpsMetadataRequest < Struct.new(
       :resource_id,
-      :metadata)
+      :metadata,
+      :tags)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3623,8 +3778,8 @@ module Aws::SSM
     #   @return [Array<String>]
     #
     # @!attribute [rw] approved_patches_compliance_level
-    #   Defines the compliance level for approved patches. This means that
-    #   if an approved patch is reported as missing, this is the severity of
+    #   Defines the compliance level for approved patches. When an approved
+    #   patch is reported as missing, this value describes the severity of
     #   the compliance violation. The default value is UNSPECIFIED.
     #   @return [String]
     #
@@ -7478,12 +7633,14 @@ module Aws::SSM
     #   @return [String]
     #
     # @!attribute [rw] plugin_name
-    #   (Optional) The name of the plugin for which you want detailed
-    #   results. If the document contains only one plugin, the name can be
-    #   omitted and the details will be returned.
+    #   The name of the plugin for which you want detailed results. If the
+    #   document contains only one plugin, you can omit the name and details
+    #   for that plugin are returned. If the document contains more than one
+    #   plugin, you must specify the name of the plugin for which you want
+    #   to view details.
     #
-    #   Plugin names are also referred to as step names in Systems Manager
-    #   documents.
+    #   Plugin names are also referred to as *step names* in Systems Manager
+    #   documents. For example, `aws:RunShellScript` is a plugin.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/GetCommandInvocationRequest AWS API Documentation
@@ -7520,8 +7677,8 @@ module Aws::SSM
     #   @return [String]
     #
     # @!attribute [rw] plugin_name
-    #   The name of the plugin for which you want detailed results. For
-    #   example, aws:RunShellScript is a plugin.
+    #   The name of the plugin, or *step name*, for which details are
+    #   reported. For example, `aws:RunShellScript` is a plugin.
     #   @return [String]
     #
     # @!attribute [rw] response_code
@@ -7753,6 +7910,47 @@ module Aws::SSM
     #       {
     #         instance_id: "InstanceId", # required
     #         snapshot_id: "SnapshotId", # required
+    #         baseline_override: {
+    #           operating_system: "WINDOWS", # accepts WINDOWS, AMAZON_LINUX, AMAZON_LINUX_2, UBUNTU, REDHAT_ENTERPRISE_LINUX, SUSE, CENTOS, ORACLE_LINUX, DEBIAN, MACOS
+    #           global_filters: {
+    #             patch_filters: [ # required
+    #               {
+    #                 key: "ARCH", # required, accepts ARCH, ADVISORY_ID, BUGZILLA_ID, PATCH_SET, PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, CVE_ID, EPOCH, MSRC_SEVERITY, NAME, PATCH_ID, SECTION, PRIORITY, REPOSITORY, RELEASE, SEVERITY, SECURITY, VERSION
+    #                 values: ["PatchFilterValue"], # required
+    #               },
+    #             ],
+    #           },
+    #           approval_rules: {
+    #             patch_rules: [ # required
+    #               {
+    #                 patch_filter_group: { # required
+    #                   patch_filters: [ # required
+    #                     {
+    #                       key: "ARCH", # required, accepts ARCH, ADVISORY_ID, BUGZILLA_ID, PATCH_SET, PRODUCT, PRODUCT_FAMILY, CLASSIFICATION, CVE_ID, EPOCH, MSRC_SEVERITY, NAME, PATCH_ID, SECTION, PRIORITY, REPOSITORY, RELEASE, SEVERITY, SECURITY, VERSION
+    #                       values: ["PatchFilterValue"], # required
+    #                     },
+    #                   ],
+    #                 },
+    #                 compliance_level: "CRITICAL", # accepts CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED
+    #                 approve_after_days: 1,
+    #                 approve_until_date: "PatchStringDateTime",
+    #                 enable_non_security: false,
+    #               },
+    #             ],
+    #           },
+    #           approved_patches: ["PatchId"],
+    #           approved_patches_compliance_level: "CRITICAL", # accepts CRITICAL, HIGH, MEDIUM, LOW, INFORMATIONAL, UNSPECIFIED
+    #           rejected_patches: ["PatchId"],
+    #           rejected_patches_action: "ALLOW_AS_DEPENDENCY", # accepts ALLOW_AS_DEPENDENCY, BLOCK
+    #           approved_patches_enable_non_security: false,
+    #           sources: [
+    #             {
+    #               name: "PatchSourceName", # required
+    #               products: ["PatchSourceProduct"], # required
+    #               configuration: "PatchSourceConfiguration", # required
+    #             },
+    #           ],
+    #         },
     #       }
     #
     # @!attribute [rw] instance_id
@@ -7764,11 +7962,16 @@ module Aws::SSM
     #   The user-defined snapshot ID.
     #   @return [String]
     #
+    # @!attribute [rw] baseline_override
+    #   Defines the basic information about a patch baseline override.
+    #   @return [Types::BaselineOverride]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/GetDeployablePatchSnapshotForInstanceRequest AWS API Documentation
     #
     class GetDeployablePatchSnapshotForInstanceRequest < Struct.new(
       :instance_id,
-      :snapshot_id)
+      :snapshot_id,
+      :baseline_override)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -9227,6 +9430,8 @@ module Aws::SSM
     #
     # @!attribute [rw] setting_id
     #   The ID of the service setting to get. The setting ID can be
+    #   `/ssm/automation/customer-script-log-destination`,
+    #   `/ssm/automation/customer-script-log-group-name`,
     #   `/ssm/parameter-store/default-parameter-tier`,
     #   `/ssm/parameter-store/high-throughput-enabled`, or
     #   `/ssm/managed-instance/activation-tier`.
@@ -9380,6 +9585,14 @@ module Aws::SSM
 
     # An S3 bucket where you want to store the results of this request.
     #
+    # For the minimal permissions required to enable Amazon S3 output for an
+    # association, see [Creating associations][1] in the *Systems Manager
+    # User Guide*.
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-state-assoc.html
+    #
     # @note When making an API call, you may pass InstanceAssociationOutputLocation
     #   data as a hash:
     #
@@ -9684,6 +9897,11 @@ module Aws::SSM
     #
     #   "InstanceIds"\|"AgentVersion"\|"PingStatus"\|"PlatformTypes"\|"ActivationIds"\|"IamRole"\|"ResourceType"\|"AssociationStatus"\|"Tag
     #   Key"
+    #
+    #   `Tag key` is not a valid filter. You must specify either `tag-key`
+    #   or `tag:keyname` and a string. Here are some valid examples:
+    #   tag-key, tag:123, tag:al!, tag:Windows. Here are some *invalid*
+    #   examples: tag-keys, Tag Key, tag:, tagKey, abc:keyname.
     #   @return [String]
     #
     # @!attribute [rw] values
@@ -12019,7 +12237,7 @@ module Aws::SSM
     #   data as a hash:
     #
     #       {
-    #         resource_type: "Document", # required, accepts Document, ManagedInstance, MaintenanceWindow, Parameter, PatchBaseline, OpsItem
+    #         resource_type: "Document", # required, accepts Document, ManagedInstance, MaintenanceWindow, Parameter, PatchBaseline, OpsItem, OpsMetadata
     #         resource_id: "ResourceId", # required
     #       }
     #
@@ -14808,13 +15026,14 @@ module Aws::SSM
     #   The number of days after the release date of each patch matched by
     #   the rule that the patch is marked as approved in the patch baseline.
     #   For example, a value of `7` means that patches are approved seven
-    #   days after they are released. Not supported on Ubuntu Server.
+    #   days after they are released. Not supported on Debian Server or
+    #   Ubuntu Server.
     #   @return [Integer]
     #
     # @!attribute [rw] approve_until_date
     #   The cutoff date for auto approval of released patches. Any patches
     #   released on or before this date are installed automatically. Not
-    #   supported on Ubuntu Server.
+    #   supported on Debian Server or Ubuntu Server.
     #
     #   Enter dates in the format `YYYY-MM-DD`. For example, `2020-12-31`.
     #   @return [String]
@@ -15198,7 +15417,11 @@ module Aws::SSM
     #     (case-insensitive).
     #
     #   * Parameter names can include only the following symbols and
-    #     letters: `a-zA-Z0-9_.-/`
+    #     letters: `a-zA-Z0-9_.-`
+    #
+    #     In addition, the slash character ( / ) is used to delineate
+    #     hierarchies in parameter names. For example:
+    #     `/Dev/Production/East/Project-ABC/MyParameter`
     #
     #   * A parameter name can't include spaces.
     #
@@ -15206,8 +15429,8 @@ module Aws::SSM
     #     levels.
     #
     #   For additional information about valid values for parameter names,
-    #   see [About requirements and constraints for parameter names][1] in
-    #   the *AWS Systems Manager User Guide*.
+    #   see [Creating Systems Manager parameters][1] in the *AWS Systems
+    #   Manager User Guide*.
     #
     #   <note markdown="1"> The maximum length constraint listed below includes capacity for
     #   additional system attributes that are not part of the name. The
@@ -15221,7 +15444,7 @@ module Aws::SSM
     #
     #
     #
-    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-parameter-name-constraints.html
+    #   [1]: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-su-create.html
     #   @return [String]
     #
     # @!attribute [rw] description
@@ -15587,6 +15810,14 @@ module Aws::SSM
     #   The targets to register with the maintenance window. In other words,
     #   the instances to run commands on when the maintenance window runs.
     #
+    #   <note markdown="1"> If a single maintenance window task is registered with multiple
+    #   targets, its task invocations occur sequentially and not in
+    #   parallel. If your task must run on multiple targets at the same
+    #   time, register a task for each target individually and assign each
+    #   task the same priority level.
+    #
+    #    </note>
+    #
     #   You can specify targets using instance IDs, resource group names, or
     #   tags that have been applied to instances.
     #
@@ -15942,7 +16173,7 @@ module Aws::SSM
     #   data as a hash:
     #
     #       {
-    #         resource_type: "Document", # required, accepts Document, ManagedInstance, MaintenanceWindow, Parameter, PatchBaseline, OpsItem
+    #         resource_type: "Document", # required, accepts Document, ManagedInstance, MaintenanceWindow, Parameter, PatchBaseline, OpsItem, OpsMetadata
     #         resource_id: "ResourceId", # required
     #         tag_keys: ["TagKey"], # required
     #       }
@@ -15967,6 +16198,15 @@ module Aws::SSM
     #
     #   PatchBaseline: pb-012345abcde
     #
+    #   OpsMetadata object: `ResourceID` for tagging is created from the
+    #   Amazon Resource Name (ARN) for the object. Specifically,
+    #   `ResourceID` is created from the strings that come after the word
+    #   `opsmetadata` in the ARN. For example, an OpsMetadata object with an
+    #   ARN of
+    #   `arn:aws:ssm:us-east-2:1234567890:opsmetadata/aws/ssm/MyGroup/appmanager`
+    #   has a `ResourceID` of either `aws/ssm/MyGroup/appmanager` or
+    #   `/aws/ssm/MyGroup/appmanager`.
+    #
     #   For the Document and Parameter values, use the name of the resource.
     #
     #   <note markdown="1"> The ManagedInstance type for this API action is only for on-premises
@@ -16005,7 +16245,9 @@ module Aws::SSM
     #
     # @!attribute [rw] setting_id
     #   The Amazon Resource Name (ARN) of the service setting to reset. The
-    #   setting ID can be `/ssm/parameter-store/default-parameter-tier`,
+    #   setting ID can be `/ssm/automation/customer-script-log-destination`,
+    #   `/ssm/automation/customer-script-log-group-name`,
+    #   `/ssm/parameter-store/default-parameter-tier`,
     #   `/ssm/parameter-store/high-throughput-enabled`, or
     #   `/ssm/managed-instance/activation-tier`. For example,
     #   `arn:aws:ssm:us-east-1:111122223333:servicesetting/ssm/parameter-store/high-throughput-enabled`.
@@ -19997,6 +20239,10 @@ module Aws::SSM
     #   `arn:aws:ssm:us-east-1:111122223333:servicesetting/ssm/parameter-store/high-throughput-enabled`.
     #   The setting ID can be one of the following.
     #
+    #   * `/ssm/automation/customer-script-log-destination`
+    #
+    #   * `/ssm/automation/customer-script-log-group-name`
+    #
     #   * `/ssm/parameter-store/default-parameter-tier`
     #
     #   * `/ssm/parameter-store/high-throughput-enabled`
@@ -20018,6 +20264,12 @@ module Aws::SSM
     #   For the `/ssm/parameter-store/high-throughput-enabled`, and
     #   `/ssm/managed-instance/activation-tier` setting IDs, the setting
     #   value can be true or false.
+    #
+    #   For the `/ssm/automation/customer-script-log-destination` setting
+    #   ID, the setting value can be CloudWatch.
+    #
+    #   For the `/ssm/automation/customer-script-log-group-name` setting ID,
+    #   the setting value can be the name of a CloudWatch Logs log group.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/ssm-2014-11-06/UpdateServiceSettingRequest AWS API Documentation