This module creates an SSM document that stores preferences for AWS Systems Manager Session Manager.
Session preferences let you specify a location to store log output for all sessions in your account. You can also enable server-side encryption using an AWS Key Management Service (KMS) key for a specified stream to ensure your session records are transferred securely.
Requires aws provider >= 1.36.0
module "session-manager-settings" {
source = "gazoakley/session-manager-settings/aws"
s3_bucket_name = "my-session-logs-bucket"
cloudwatch_log_group_name = "/ssm/session-logs"
}| Name | Version |
|---|---|
| terraform | >= 0.12 |
| aws | >= 1.36.0 |
| Name | Version |
|---|---|
| aws | >= 1.36.0 |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cloudwatch_encryption_enabled | Encrypt log data. | bool |
true |
no |
| cloudwatch_log_group_name | The name of the log group to upload session logs to. Specifying this enables sending session output to CloudWatch Logs. | string |
"" |
no |
| cloudwatch_streaming_enabled | Stream session log data to CloudWatch. Defaults to true. If false logs will be uploaded at the end of the session. | bool |
true |
no |
| idle_session_timeout | Time until a session is closed when left idle. | number |
20 |
no |
| kms_key_id | The KMS key used to to encrypt SSM sessions. | string |
null |
no |
| linux_shell_profile | A set of Linux commands to run when a Linux session is started. | string |
"" |
no |
| max_session_duration | The longest a session can stay open before it will be closed. | number |
null |
no |
| run_as_enabled | Enables the option to start sessions using the credentials of a specified operating system user. | bool |
false |
no |
| s3_bucket_name | The name of bucket to store session logs. Specifying this enables writing session output to an Amazon S3 bucket. | string |
"" |
no |
| s3_encryption_enabled | Encrypt log data. | bool |
true |
no |
| s3_key_prefix | To write output to a sub-folder, enter a sub-folder name. | string |
"" |
no |
| windows_shell_profile | A set of Windows commands to run when a Windows session is started. | string |
"" |
no |
| ssm_document_name | The name of SSM Document that will be created on AWS Account. | string |
"SSM-SessionManagerRunShell" |
no |
| Name | Description |
|---|---|
| document_arn | ARN of the created document. You can use this to create IAM policies that prevent changes to Session Manager preferences. |
| document_name | Name of the created document. |
Apache 2 Licensed. See LICENSE for full details.