Is there a way to run Automation SSM Documents using Terraform?
Typically, when invoking a document such as AWS-StopEC2Instance, the target is specified as an EC2 instance, aligning with the document's purpose of stopping an EC2 instance.
However, in my case, I'm calling the AWS-CreateDSManagementInstance automation document which creates an AWS Directory Service Windows Management instance.
Sample Terraform config.
data "aws_ssm_document" "directory_management" {
name = "AWS-CreateDSManagementInstance"
document_format = "YAML"
}
resource "aws_ssm_association" "domain_service_management_instance" {
name = data.aws_ssm_document.directory_management.name
automation_target_parameter_name = "InstanceId"
parameters = {
DirectoryId = aws_directory_service_directory.aws-managed-ad[0].id
KeyPairName = var.key_name
IamInstanceProfileName = aws_iam_instance_profile.controller.name
SecurityGroupName = aws_security_group.amazon_ssm_directory_service_security_group.id
AmiId = var.directory_management_ami_id
InstanceType = var.windows_instance_type
AutomationAssumeRole = "arn:aws:iam::1234567890:role/aws-service-role/ssm.amazonaws.com/AWSServiceRoleForAmazonSSM"
}
targets {
key = "InstanceIds"
values = [aws_instance.directory_service_mgt_instance[0].id]
}
}
But I get the error
Error: creating SSM association: InvalidTarget: Cannot pass Instance Ids into an automation association
How can I use Terraform to simply execute an automation document while passing in the required parameters?