SSM / Client / start_access_request

start_access_request

SSM.Client.start_access_request(**kwargs)

Starts the workflow for just-in-time node access sessions.

See also: AWS API Documentation

Request Syntax

response = client.start_access_request(
    Reason='string',
    Targets=[
        {
            'Key': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)
Parameters:

  • Reason (string) –

    [REQUIRED]

    A brief description explaining why you are requesting access to the node.

  • Targets (list) –

    [REQUIRED]

    The node you are requesting access to.

    • (dict) –

      An array of search criteria that targets managed nodes using a key-value pair that you specify.

      Note

      One or more targets must be specified for maintenance window Run Command-type tasks. Depending on the task, targets are optional for other maintenance window task types (Automation, Lambda, and Step Functions). For more information about running tasks that don’t specify targets, see Registering maintenance window tasks without targets in the Amazon Web Services Systems Manager User Guide.

      Supported formats include the following.

      For all Systems Manager tools:

      • Key=tag-key,Values=tag-value-1,tag-value-2

      For Automation and Change Manager:

      • Key=tag:tag-key,Values=tag-value

      • Key=ResourceGroup,Values=resource-group-name

      • Key=ParameterValues,Values=value-1,value-2,value-3

      • To target all instances in the Amazon Web Services Region:

        • Key=AWS::EC2::Instance,Values=*

        • Key=InstanceIds,Values=*

      For Run Command and Maintenance Windows:

      • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

      • Key=tag:tag-key,Values=tag-value-1,tag-value-2

      • Key=resource-groups:Name,Values=resource-group-name

      • Additionally, Maintenance Windows support targeting resource types:

        • Key=resource-groups:ResourceTypeFilters,Values=resource-type-1,resource-type-2

      For State Manager:

      • Key=InstanceIds,Values=instance-id-1,instance-id-2,instance-id-3

      • Key=tag:tag-key,Values=tag-value-1,tag-value-2

      • To target all instances in the Amazon Web Services Region:

        • Key=InstanceIds,Values=*

      For more information about how to send commands that target managed nodes using Key,Value parameters, see Targeting multiple managed nodes in the Amazon Web Services Systems Manager User Guide.

      • Key (string) –

        User-defined criteria for sending commands that target managed nodes that meet the criteria.

      • Values (list) –

        User-defined criteria that maps to Key. For example, if you specified tag:ServerRole, you could specify value:WebServer to run a command on instances that include EC2 tags of ServerRole,WebServer.

        Depending on the type of target, the maximum number of values for a key might be lower than the global maximum of 50.

        • (string) –

  • Tags (list) –

    Key-value pairs of metadata you want to assign to the access request.

    • (dict) –

      Metadata that you assign to your Amazon Web Services resources. Tags enable you to categorize your resources in different ways, for example, by purpose, owner, or environment. In Amazon Web Services Systems Manager, you can apply tags to Systems Manager documents (SSM documents), managed nodes, maintenance windows, parameters, patch baselines, OpsItems, and OpsMetadata.

      • Key (string) – [REQUIRED]

        The name of the tag.

      • Value (string) – [REQUIRED]

        The value of the tag.

Return type:

dict

Returns:

Response Syntax

{
    'AccessRequestId': 'string'
}

Response Structure

  • (dict) –

    • AccessRequestId (string) –

      The ID of the access request.

Exceptions