Method: Aws::SSM::Types::MaintenanceWindowTask#service_role_arn

Defined in:
lib/aws-sdk-ssm/types.rb

#service_role_arnString

The Amazon Resource Name (ARN) of the IAM service role for Amazon Web Services Systems Manager to assume when running a maintenance window task. If you do not specify a service role ARN, Systems Manager uses a service-linked role in your account. If no appropriate service-linked role for Systems Manager exists in your account, it is created when you run RegisterTaskWithMaintenanceWindow.

However, for an improved security posture, we strongly recommend creating a custom policy and custom service role for running your maintenance window tasks. The policy can be crafted to provide only the permissions needed for your particular maintenance window tasks. For more information, see [Setting up Maintenance Windows] in the in the *Amazon Web Services Systems Manager User Guide*.

[1]: docs.aws.amazon.com/systems-manager/latest/userguide/sysman-maintenance-permissions.html

Returns:

  • (String) 


13488
13489
13490
13491
13492
13493
13494
13495
13496
13497
13498
13499
13500
13501
13502
13503
13504
13505
13506
 
# File 'lib/aws-sdk-ssm/types.rb', line 13488

class MaintenanceWindowTask < Struct.new(
  :window_id,
  :window_task_id,
  :task_arn,
  :type,
  :targets,
  :task_parameters,
  :priority,
  :logging_info,
  :service_role_arn,
  :max_concurrency,
  :max_errors,
  :name,
  :description,
  :cutoff_behavior,
  :alarm_configuration)
  SENSITIVE = [:task_parameters, :description]
  include Aws::Structure
end