AWS CloudFormation Automated Patching


Hi i have drafted the below cloudformation template and i endup with an error "template format error: Unrecognized parameter type: List AWS::EC2::i-0d2d51ddccb0a3109" kindly help me to fix the issue { "AWSTemplateFormatVersion": "2010-09-09", "Parameters": { "InstanceIds": { "Type": "List AWS::EC2::i-0d2d51ddccb0a3109", "Description": "List of EC2 instance IDs to patch." } }, "Resources": { "PatchBaseline": { "Type": "AWS::SSM::PatchBaseline", "Properties": { "Name": "MyPatchBaseline", "OperatingSystem": "WINDOWS", "ApprovalRules": { "PatchRules": [ { "PatchFilterGroup": [ { "Key": "PRODUCT", "Values": [ "WindowsServer2019" ] } ] }, { "ApproveAfterDays": 7 }, { "ComplianceLevel": "CRITICAL" } ] }, "GlobalFilters": { "PatchFilters": [ { "Key": "PRODUCT", "Values": [ "WindowsServer2019" ] } ] }, "ApprovedPatchesEnableNonSecurity": true } }, "MaintenanceWindow": { "Type": "AWS::SSM::MaintenanceWindow", "Properties": { "Name": "MyMaintenanceWindow", "Schedule": "cron(0 2 ? * SUN *)", "Duration": 3, "Cutoff": 1, "AllowUnassociatedTargets": false } }, "MaintenanceWindowTarget": { "Type": "AWS::SSM::MaintenanceWindowTarget", "Properties": { "Name": "MyMaintenanceWindowTarget", "WindowId": { "Ref": "MaintenanceWindow" }, "ResourceType": "INSTANCE", "Targets": [ { "Key": "InstanceIds", "Values": { "Ref": "InstanceIds" } } ], "OwnerInformation": "Patch Windows instances" } }, "MaintenanceWindowTask": { "Type": "AWS::SSM::MaintenanceWindowTask", "Properties": { "Name": "MyMaintenanceWindowTask", "TaskArn": "AWS-RunPatchBaseline", "ServiceRoleArn": { "Fn::GetAtt": [ "MaintenanceWindowRole", "Arn" ] }, "TaskInvocationParameters": { "MaintenanceWindowId": { "Ref": "MaintenanceWindow" }, "TaskParameters": { "Operation": [ "Scan", "Install" ] } }, "Priority": 1, "MaxConcurrency": "1", "MaxErrors": "1", "Targets": [ { "Key": "WindowTargetIds", "Values": [ { "Ref": "MaintenanceWindowTarget" } ] } ] } }, "MaintenanceWindowRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "" }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "MaintenanceWindowPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:UpdateInstanceInformation", "ssm:ListCommands", "ssm:ListCommandInvocations", "ssm:GetCommandInvocation", "ec2messages:AcknowledgeMessage", "s3:PutObject" ], "Resource": "*" } ] } } ] } }, "PatchingLogsBucket": { "Type": "AWS::S3::Bucket", "Properties": { "BucketName": "my-patching-logs-bucket", "AccessControl": "Private" } }, "PatchingLogsRole": { "Type": "AWS::IAM::Role", "Properties": { "AssumeRolePolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "" }, "Action": "sts:AssumeRole" } ] }, "Policies": [ { "PolicyName": "PatchingLogsPolicy", "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": { "Fn::Sub": "arn:aws:s3:::${PatchingLogsBucket}/*" } } ] } } ] } }, "PatchingLogsLambda": { "Type": "AWS::Lambda::Function", "Properties": { "FunctionName": "PatchingLogsFunction", "Handler": "index.handler", "Role": { "Fn::GetAtt": [ "PatchingLogsRole", "Arn" ] }, "Runtime": "python3.8", "Code": { "S3Bucket": "your-lambda-code-bucket", "S3Key": "" }, "Environment": { "Variables": { "S3_BUCKET": { "Ref": "PatchingLogsBucket" } } } } } }, "Outputs": { "MaintenanceWindowId": { "Description": "ID of the created Maintenance Window", "Value": { "Ref": "MaintenanceWindow" } } } }

feita há 7 meses208 visualizações
1 Resposta


Judging from the contents of the error, the problem seems to be the type of "InstanceIds" in "Parameters".
As stated in the document below, the type "List AWS::EC2::i-0d2d51ddccb0a3109" does not exist.
So, what you want to do would be a template like the one below.
The part marked AWS::EC2::Instance::Id is an AWS-specific parameter, so please use it as is without changing it.

	"AWSTemplateFormatVersion": "2010-09-09",
	"Parameters": {
		"InstanceIds": {
			"Type": "List<AWS::EC2::Instance::Id>",
			"Description": "List of EC2 instance IDs to patch."
	"Resources": {
		"PatchBaseline": {
			"Type": "AWS::SSM::PatchBaseline",
			"Properties": {
				"Name": "MyPatchBaseline",
				"OperatingSystem": "WINDOWS",
				"ApprovalRules": {
					"PatchRules": [
							"PatchFilterGroup": [
									"Key": "PRODUCT",
									"Values": [
							"ApproveAfterDays": 7
							"ComplianceLevel": "CRITICAL"
				"GlobalFilters": {
					"PatchFilters": [
							"Key": "PRODUCT",
							"Values": [
				"ApprovedPatchesEnableNonSecurity": true
		"MaintenanceWindow": {
			"Type": "AWS::SSM::MaintenanceWindow",
			"Properties": {
				"Name": "MyMaintenanceWindow",
				"Schedule": "cron(0 2 ? * SUN *)",
				"Duration": 3,
				"Cutoff": 1,
				"AllowUnassociatedTargets": false
		"MaintenanceWindowTarget": {
			"Type": "AWS::SSM::MaintenanceWindowTarget",
			"Properties": {
				"Name": "MyMaintenanceWindowTarget",
				"WindowId": {
					"Ref": "MaintenanceWindow"
				"ResourceType": "INSTANCE",
				"Targets": [
						"Key": "InstanceIds",
						"Values": {
							"Ref": "InstanceIds"
				"OwnerInformation": "Patch Windows instances"
		"MaintenanceWindowTask": {
			"Type": "AWS::SSM::MaintenanceWindowTask",
			"Properties": {
				"Name": "MyMaintenanceWindowTask",
				"TaskArn": "AWS-RunPatchBaseline",
				"ServiceRoleArn": {
					"Fn::GetAtt": [
				"TaskInvocationParameters": {
					"MaintenanceWindowId": {
						"Ref": "MaintenanceWindow"
					"TaskParameters": {
						"Operation": [
				"Priority": 1,
				"MaxConcurrency": "1",
				"MaxErrors": "1",
				"Targets": [
						"Key": "WindowTargetIds",
						"Values": [
								"Ref": "MaintenanceWindowTarget"
		"MaintenanceWindowRole": {
			"Type": "AWS::IAM::Role",
			"Properties": {
				"AssumeRolePolicyDocument": {
					"Version": "2012-10-17",
					"Statement": [
							"Effect": "Allow",
							"Principal": {
								"Service": ""
							"Action": "sts:AssumeRole"
				"Policies": [
						"PolicyName": "MaintenanceWindowPolicy",
						"PolicyDocument": {
							"Version": "2012-10-17",
							"Statement": [
									"Effect": "Allow",
									"Action": [
									"Resource": "*"
		"PatchingLogsBucket": {
			"Type": "AWS::S3::Bucket",
			"Properties": {
				"BucketName": "my-patching-logs-bucket",
				"AccessControl": "Private"
		"PatchingLogsRole": {
			"Type": "AWS::IAM::Role",
			"Properties": {
				"AssumeRolePolicyDocument": {
					"Version": "2012-10-17",
					"Statement": [
							"Effect": "Allow",
							"Principal": {
								"Service": ""
							"Action": "sts:AssumeRole"
				"Policies": [
						"PolicyName": "PatchingLogsPolicy",
						"PolicyDocument": {
							"Version": "2012-10-17",
							"Statement": [
									"Effect": "Allow",
									"Action": [
									"Resource": {
										"Fn::Sub": "arn:aws:s3:::${PatchingLogsBucket}/*"
		"PatchingLogsLambda": {
			"Type": "AWS::Lambda::Function",
			"Properties": {
				"FunctionName": "PatchingLogsFunction",
				"Handler": "index.handler",
				"Role": {
					"Fn::GetAtt": [
				"Runtime": "python3.8",
				"Code": {
					"S3Bucket": "your-lambda-code-bucket",
					"S3Key": ""
				"Environment": {
					"Variables": {
						"S3_BUCKET": {
							"Ref": "PatchingLogsBucket"
	"Outputs": {
		"MaintenanceWindowId": {
			"Description": "ID of the created Maintenance Window",
			"Value": {
				"Ref": "MaintenanceWindow"
profile picture
respondido há 7 meses
profile pictureAWS
avaliado há 7 meses

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas