Skip to content

Module: ssm_maintenance_window_task

Defines tasks executed during a maintenance window (Run Command, Automation, Lambda, Step Functions, etc.).

Input Map Key Pattern

Root variable: ssm_maintenance_window_tasks (map of objects).

Field Type Required Description
window_id string required Maintenance window key
task_type string required RUN_COMMAND
task_arn string required SSM doc name / AWS document / Lambda ARN
service_role_arn string conditional Required for many task types
priority number optional Ordering (lower runs earlier)
max_concurrency string optional e.g. 50% or 5
max_errors string optional e.g. 25% or 1
targets list(object) conditional Needed for RUN_COMMAND / some automation
task_invocation_parameters object conditional Parameter structure varies by task_type
name string optional Override generated name

Example

ssm_maintenance_window_tasks = {
  patch_instances_task = {
    window_id        = "monthly_patching"
    task_type        = "RUN_COMMAND"
    task_arn         = "AWS-RunPatchBaseline"
    priority         = 3
    service_role_arn = "useast2SSMEC2RoleEpic"
    max_concurrency  = "50%"
    max_errors       = "25%"
    targets = [{
      key    = "WindowTargetIds"
      values = ["windows_wss_servers"]
    }]
    task_invocation_parameters = {
      run_command_parameters = {
        timeout_seconds = 600
        parameter = [
          { name = "Operation"    values = ["Install"] },
          { name = "RebootOption" values = ["RebootIfNeeded"] }
        ]
      }
    }
  }
}