amazon-web-servicesterraformterraform-provider-awsssm

Centralized multi-account patching with AWS Systems Manager Automation using Terraform


I am trying to patch and manage the execution of AWS SSM document from my root account. I am trying to do automation using Terraform version 12. But I dont see the support of multi account in their document.

I am trying to set up this:

https://aws.amazon.com/blogs/mt/centralized-multi-account-and-multi-region-patching-with-aws-systems-manager-automation/

Could someone please help which resource to use


Solution

  • In order to use the automation document for deploying patches to multiple accounts, we need to ensure the below four steps are accomplished:

    1. Create a Resource Group
    2. Create an IAM Role for Master Account and an IAM Role for Target(s) account.
    3. Create a Document
    4. Execute the Automation Document.
    

    We will be able to create the Resource group using aws_resourcegroups_group [1]. While we can create the IAM roles for both accounts using the aws_iam_role resource [2], we will be able to create the automation document using aws_ssm_document [3]. However, the arguments which need to be specified for executing the automation document by specifying the option for multiple account support aren't available publicly.