EC2 Systems Managerで収集できるインベントリーが追加されました

2017.11.23

はじめに

中山(順)です

みなさん、EC2 Systems Manager使ってますか?

ご紹介が遅れましたが、なんかすごい機能が追加されました。
EC2 Systems Managerで収集できるインベントリーの種類が追加されたという内容です。

Amazon EC2 Systems Manager Adds New Inventory Types

追加されたインベントリーの種類

追加されたのは以下の4種類のようです。

  • Windows Registry
  • Windows services
  • roles and features enabled in Windows Server
  • Windows and Linux file metadata

やってみた

早速やってみました。

事前準備

まずは、管理対象となるWindows Serverを作成します。
EC2 Systems Managerを利用するためにEC2に対して必要な設定は以下の通りです。

  • 適切な権限が付与されたポリシー(AWS Managedなポリシーであれば、AmazonEC2RoleforSSM)がアタッチされたインスタンスプロファイルをアタッチすること
  • SSM Agentのバージョンを2.2.64以上にすること
  • インターネット(EC2 Systems ManagerのAPI)にアクセスできること

ここではインスタンスの作成手順は割愛いたします。

Inventoryの収集

インベントリーの収集には、AWS-GatherSoftwareInventoryというドキュメントをState Managerで関連付ける必要があります。

まず、AWS-GatherSoftwareInventoryに設定できるパラメーターを確認してみます。

aws ssm describe-document \
    --name "AWS-GatherSoftwareInventory"
{
    "Document": {
        "Status": "Active",
        "Hash": "081bb761984920ed219a5117ed8dc69e2caa798b5dea6cb0939b50303832a37b",
        "Name": "AWS-GatherSoftwareInventory",
        "Parameters": [
            {
                "DefaultValue": "Enabled",
                "Type": "String",
                "Name": "applications",
                "Description": "(Optional) Collect data for installed applications."
            },
            {
                "DefaultValue": "Enabled",
                "Type": "String",
                "Name": "awsComponents",
                "Description": "(Optional) Collect data for AWS Components like amazon-ssm-agent."
            },
            {
                "DefaultValue": "",
                "Type": "String",
                "Name": "files",
                "Description": "<p>(Optional, requires SSMAgent version 2.2.64.0 and above)<br/><br/>Linux example:<br/><em>[{\"Path\":\"/usr/bin\", \"Pattern\":[\"aws*\", \"*ssm*\"],\"Recursive\":false},{\"Path\":\"/var/log\", \"Pattern\":[\"amazon*.*\"], \"Recursive\":true, \"DirScanLimit\":1000}]<br/></em><br/>Windows example:<br/><em>[{\"Path\":\"%PROGRAMFILES%\", \"Pattern\":[\"*.exe\"],\"Recursive\":true}]</em><br/><br/>Learn More: http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-about.html#sysman-inventory-file-and-registry  </p>"
            },
            {
                "DefaultValue": "Enabled",
                "Type": "String",
                "Name": "networkConfig",
                "Description": "(Optional) Collect data for Network configurations."
            },
            {
                "DefaultValue": "Enabled",
                "Type": "String",
                "Name": "windowsUpdates",
                "Description": "(Optional, Windows OS only) Collect data for all Windows Updates."
            },
            {
                "DefaultValue": "Enabled",
                "Type": "String",
                "Name": "instanceDetailedInformation",
                "Description": "(Optional) Collect additional information about the instance, including the CPU model, speed, and the number of cores, to name a few."
            },
            {
                "DefaultValue": "Enabled",
                "Type": "String",
                "Name": "services",
                "Description": "(Optional, Windows OS only, requires SSMAgent version 2.2.64.0 and above) Collect data for service configurations."
            },
            {
                "DefaultValue": "",
                "Type": "String",
                "Name": "windowsRegistry",
                "Description": "<p>(Optional, Windows OS only, requires SSMAgent version 2.2.64.0 and above)<br/><br/>Example:<br />[{\"Path\":\"HKEY_CURRENT_CONFIG\\System\",\"Recursive\":true},{\"Path\":\"HKEY_LOCAL_MACHINE\\SOFTWARE\\Amazon\\MachineImage\", \"ValueNames\":[\"AMIName\"]}]<br/><br/>Learn More: http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-about.html#sysman-inventory-file-and-registry </p>"
            },
            {
                "DefaultValue": "Enabled",
                "Type": "String",
                "Name": "windowsRoles",
                "Description": "(Optional, Windows OS only, requires SSMAgent version 2.2.64.0 and above) Collect data for Microsoft Windows role configurations."
            },
            {
                "DefaultValue": "Enabled",
                "Type": "String",
                "Name": "customInventory",
                "Description": "(Optional) Collect data for custom inventory."
            }
        ],
        "DocumentType": "Policy",
        "PlatformTypes": [
            "Windows",
            "Linux"
        ],
        "DocumentVersion": "1",
        "HashType": "Sha256",
        "CreatedDate": 1510018249.23,
        "Owner": "Amazon",
        "SchemaVersion": "2.0",
        "DefaultVersion": "1",
        "LatestVersion": "1",
        "Description": "Software Inventory Policy Document."
    }
}

以下のパラメーターが追加されていることが確認できます。

  • files
  • services
  • windowsRegistry
  • windowsRoles

State ManagerからAWS-GatherSoftwareInventoryドキュメントを関連付けます。

まずはパラメーターを指定します。
ファイルおよびレジストリは、インベントリ収集対象のパスおよびパスの配下のインベントリーを再帰的に収集するかを指定します。
詳細はドキュメントをご確認ください。

Working with File and Windows Registry Inventory

PARAMETER_FILE_NAME="parameter_for_state_manager.json"

cat << EOF > ${PARAMETER_FILE_NAME}
{
    "applications": ["Enabled"],
    "awsComponents": ["Enabled"],
    "files": ["[{\\"Path\\":\\"C:\\\\Program Files\\",\\"Pattern\\":[\\"*.exe\\"],\\"Recursive\\":true}]"],
    "networkConfig": ["Enabled"],
    "windowsUpdates": ["Enabled"],
    "instanceDetailedInformation": ["Enabled"],
    "services": ["Enabled"],
    "windowsRegistry": ["[{\\"Path\\":\\"HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Amazon\\",\\"Recursive\\":true}]"],
    "windowsRoles": ["Enabled"],
    "customInventory": ["Enabled"]
}
EOF

cat ${PARAMETER_FILE_NAME}
{
    "applications": ["Enabled"],
    "awsComponents": ["Enabled"],
    "files": ["[{\"Path\":\"C:\\Program Files\",\"Pattern\":[\"*.exe\"],\"Recursive\":true}]"],
    "networkConfig": ["Enabled"],
    "windowsUpdates": ["Enabled"],
    "instanceDetailedInformation": ["Enabled"],
    "services": ["Enabled"],
    "windowsRegistry": ["[{\"Path\":\"HKEY_LOCAL_MACHINE\\SOFTWARE\\Amazon\",\"Recursive\":true}]"],
    "windowsRoles": ["Enabled"],
    "customInventory": ["Enabled"]
}

(ヒアドキュメントでjsonを生成した場合には、jsonlintなどで検証を行いましょう)

指定したパラメーターでEC2インスタンスにドキュメントを関連付けます。

aws ssm create-association \
    --name AWS-GatherSoftwareInventory \
    --targets Key=instanceids,Values=["i-0xxxxxxxxxxxxxxxx"] \
    --schedule-expression "cron(0 */30 * * * ? *)" \
    --parameters file://${PARAMETER_FILE_NAME}
{
    "AssociationDescription": {
        "ScheduleExpression": "cron(0 */30 * * * ? *)",
        "Name": "AWS-GatherSoftwareInventory",
        "Parameters": {
            "files": [
                "[{\"Path\":\"C:\\Program Files\",\"Pattern\":[\"*.exe\"],\"Recursive\":true}]"
            ],
            "windowsUpdates": [
                "Enabled"
            ],
            "awsComponents": [
                "Enabled"
            ],
            "customInventory": [
                "Enabled"
            ],
            "networkConfig": [
                "Enabled"
            ],
            "windowsRegistry": [
                "[{\"Path\":\"HKEY_LOCAL_MACHINE\\SOFTWARE\\Amazon\",\"Recursive\": true}]"
            ],
            "applications": [
                "Enabled"
            ],
            "instanceDetailedInformation": [
                "Enabled"
            ],
            "services": [
                "Enabled"
            ],
            "windowsRoles": [
                "Enabled"
            ]
        },
        "Overview": {
            "Status": "Pending",
            "DetailedStatus": "Creating"
        },
        "AssociationId": "f4c05957-b87b-487c-901b-27e274d70395",
        "DocumentVersion": "$DEFAULT",
        "LastUpdateAssociationDate": 1511427263.209,
        "Date": 1511427263.209,
        "Targets": [
            {
                "Values": [
                    "i-0xxxxxxxxxxxxxxxx"
                ],
                "Key": "instanceids"
            }
        ]
    }
}

関連付けが終了するまでしばらく待ちましょう。

収集したインベントリーの確認

早速確認していきましょう。

その前に、インベントリースキーマを確認してみましょう。

aws ssm get-inventory-schema
{
    "Schemas": [
        {
            "TypeName": "AWS:AWSComponent",
            "Version": "1.0",
            "Attributes": [
                {
                    "DataType": "STRING",
                    "Name": "Name"
                },
                {
                    "DataType": "STRING",
                    "Name": "ApplicationType"
                },
                {
                    "DataType": "STRING",
                    "Name": "Publisher"
                },
                {
                    "DataType": "STRING",
                    "Name": "Version"
                },
                {
                    "DataType": "STRING",
                    "Name": "InstalledTime"
                },
                {
                    "DataType": "STRING",
                    "Name": "Architecture"
                },
                {
                    "DataType": "STRING",
                    "Name": "URL"
                }
            ]
        },
        {
            "TypeName": "AWS:Application",
            "Version": "1.1",
            "Attributes": [
                {
                    "DataType": "STRING",
                    "Name": "Name"
                },
                {
                    "DataType": "STRING",
                    "Name": "ApplicationType"
                },
                {
                    "DataType": "STRING",
                    "Name": "Publisher"
                },
                {
                    "DataType": "STRING",
                    "Name": "Version"
                },
                {
                    "DataType": "STRING",
                    "Name": "InstalledTime"
                },
                {
                    "DataType": "STRING",
                    "Name": "Architecture"
                },
                {
                    "DataType": "STRING",
                    "Name": "URL"
                },
                {
                    "DataType": "STRING",
                    "Name": "Summary"
                },
                {
                    "DataType": "STRING",
                    "Name": "PackageId"
                }
            ]
        },
        {
            "TypeName": "AWS:ComplianceItem",
            "Version": "1.0",
            "Attributes": [
                {
                    "DataType": "STRING",
                    "Name": "ComplianceType"
                },
                {
                    "DataType": "STRING",
                    "Name": "ExecutionId"
                },
                {
                    "DataType": "STRING",
                    "Name": "ExecutionType"
                },
                {
                    "DataType": "STRING",
                    "Name": "ExecutionTime"
                },
                {
                    "DataType": "STRING",
                    "Name": "Id"
                },
                {
                    "DataType": "STRING",
                    "Name": "Title"
                },
                {
                    "DataType": "STRING",
                    "Name": "Status"
                },
                {
                    "DataType": "STRING",
                    "Name": "Severity"
                },
                {
                    "DataType": "STRING",
                    "Name": "DocumentName"
                },
                {
                    "DataType": "STRING",
                    "Name": "DocumentVersion"
                },
                {
                    "DataType": "STRING",
                    "Name": "Classification"
                },
                {
                    "DataType": "STRING",
                    "Name": "PatchBaselineId"
                },
                {
                    "DataType": "STRING",
                    "Name": "PatchSeverity"
                },
                {
                    "DataType": "STRING",
                    "Name": "PatchState"
                },
                {
                    "DataType": "STRING",
                    "Name": "PatchGroup"
                },
                {
                    "DataType": "STRING",
                    "Name": "InstalledTime"
                }
            ]
        },
        {
            "TypeName": "AWS:File",
            "Version": "1.0",
            "Attributes": [
                {
                    "DataType": "STRING",
                    "Name": "Name"
                },
                {
                    "DataType": "STRING",
                    "Name": "Size"
                },
                {
                    "DataType": "STRING",
                    "Name": "Description"
                },
                {
                    "DataType": "STRING",
                    "Name": "FileVersion"
                },
                {
                    "DataType": "STRING",
                    "Name": "InstalledDate"
                },
                {
                    "DataType": "STRING",
                    "Name": "ModificationTime"
                },
                {
                    "DataType": "STRING",
                    "Name": "LastAccessTime"
                },
                {
                    "DataType": "STRING",
                    "Name": "ProductName"
                },
                {
                    "DataType": "STRING",
                    "Name": "InstalledDir"
                },
                {
                    "DataType": "STRING",
                    "Name": "ProductLanguage"
                },
                {
                    "DataType": "STRING",
                    "Name": "CompanyName"
                },
                {
                    "DataType": "STRING",
                    "Name": "ProductVersion"
                }
            ]
        },
        {
            "TypeName": "AWS:InstanceDetailedInformation",
            "Version": "1.0",
            "Attributes": [
                {
                    "DataType": "STRING",
                    "Name": "CPUModel"
                },
                {
                    "DataType": "NUMBER",
                    "Name": "CPUCores"
                },
                {
                    "DataType": "NUMBER",
                    "Name": "CPUs"
                },
                {
                    "DataType": "NUMBER",
                    "Name": "CPUSpeedMHz"
                },
                {
                    "DataType": "NUMBER",
                    "Name": "CPUSockets"
                },
                {
                    "DataType": "STRING",
                    "Name": "CPUHyperThreadEnabled"
                },
                {
                    "DataType": "STRING",
                    "Name": "OSServicePack"
                }
            ]
        },
        {
            "TypeName": "AWS:InstanceInformation",
            "Version": "1.0",
            "Attributes": [
                {
                    "DataType": "STRING",
                    "Name": "AgentType"
                },
                {
                    "DataType": "STRING",
                    "Name": "AgentVersion"
                },
                {
                    "DataType": "STRING",
                    "Name": "ComputerName"
                },
                {
                    "DataType": "STRING",
                    "Name": "IamRole"
                },
                {
                    "DataType": "STRING",
                    "Name": "InstanceId"
                },
                {
                    "DataType": "STRING",
                    "Name": "IpAddress"
                },
                {
                    "DataType": "STRING",
                    "Name": "PlatformName"
                },
                {
                    "DataType": "STRING",
                    "Name": "PlatformType"
                },
                {
                    "DataType": "STRING",
                    "Name": "PlatformVersion"
                },
                {
                    "DataType": "STRING",
                    "Name": "ResourceType"
                }
            ]
        },
        {
            "TypeName": "AWS:Network",
            "Version": "1.0",
            "Attributes": [
                {
                    "DataType": "STRING",
                    "Name": "Name"
                },
                {
                    "DataType": "STRING",
                    "Name": "SubnetMask"
                },
                {
                    "DataType": "STRING",
                    "Name": "Gateway"
                },
                {
                    "DataType": "STRING",
                    "Name": "DHCPServer"
                },
                {
                    "DataType": "STRING",
                    "Name": "DNSServer"
                },
                {
                    "DataType": "STRING",
                    "Name": "MacAddress"
                },
                {
                    "DataType": "STRING",
                    "Name": "IPV4"
                },
                {
                    "DataType": "STRING",
                    "Name": "IPV6"
                }
            ]
        },
        {
            "TypeName": "AWS:PatchCompliance",
            "Version": "1.0",
            "Attributes": [
                {
                    "DataType": "STRING",
                    "Name": "Title"
                },
                {
                    "DataType": "STRING",
                    "Name": "KBId"
                },
                {
                    "DataType": "STRING",
                    "Name": "Classification"
                },
                {
                    "DataType": "STRING",
                    "Name": "Severity"
                },
                {
                    "DataType": "STRING",
                    "Name": "State"
                },
                {
                    "DataType": "STRING",
                    "Name": "InstalledTime"
                }
            ]
        },
        {
            "TypeName": "AWS:PatchSummary",
            "Version": "1.0",
            "Attributes": [
                {
                    "DataType": "STRING",
                    "Name": "PatchGroup"
                },
                {
                    "DataType": "STRING",
                    "Name": "BaselineId"
                },
                {
                    "DataType": "STRING",
                    "Name": "SnapshotId"
                },
                {
                    "DataType": "STRING",
                    "Name": "OwnerInformation"
                },
                {
                    "DataType": "NUMBER",
                    "Name": "InstalledCount"
                },
                {
                    "DataType": "NUMBER",
                    "Name": "InstalledOtherCount"
                },
                {
                    "DataType": "NUMBER",
                    "Name": "NotApplicableCount"
                },
                {
                    "DataType": "NUMBER",
                    "Name": "MissingCount"
                },
                {
                    "DataType": "NUMBER",
                    "Name": "FailedCount"
                },
                {
                    "DataType": "STRING",
                    "Name": "OperationType"
                },
                {
                    "DataType": "STRING",
                    "Name": "OperationStartTime"
                },
                {
                    "DataType": "STRING",
                    "Name": "OperationEndTime"
                }
            ]
        },
        {
            "TypeName": "AWS:Service",
            "Version": "1.0",
            "Attributes": [
                {
                    "DataType": "STRING",
                    "Name": "Name"
                },
                {
                    "DataType": "STRING",
                    "Name": "DisplayName"
                },
                {
                    "DataType": "STRING",
                    "Name": "ServiceType"
                },
                {
                    "DataType": "STRING",
                    "Name": "Status"
                },
                {
                    "DataType": "STRING",
                    "Name": "DependentServices"
                },
                {
                    "DataType": "STRING",
                    "Name": "ServicesDependedOn"
                },
                {
                    "DataType": "STRING",
                    "Name": "StartType"
                }
            ]
        },
        {
            "TypeName": "AWS:Tag",
            "Version": "1.0",
            "Attributes": [
                {
                    "DataType": "STRING",
                    "Name": "Key"
                },
                {
                    "DataType": "STRING",
                    "Name": "Value"
                }
            ]
        },
        {
            "TypeName": "AWS:WindowsRegistry",
            "Version": "1.0",
            "Attributes": [
                {
                    "DataType": "STRING",
                    "Name": "KeyPath"
                },
                {
                    "DataType": "STRING",
                    "Name": "ValueName"
                },
                {
                    "DataType": "STRING",
                    "Name": "ValueType"
                },
                {
                    "DataType": "STRING",
                    "Name": "Value"
                }
            ]
        },
        {
            "TypeName": "AWS:WindowsRole",
            "Version": "1.0",
            "Attributes": [
                {
                    "DataType": "STRING",
                    "Name": "Name"
                },
                {
                    "DataType": "STRING",
                    "Name": "DisplayName"
                },
                {
                    "DataType": "STRING",
                    "Name": "Path"
                },
                {
                    "DataType": "STRING",
                    "Name": "FeatureType"
                },
                {
                    "DataType": "STRING",
                    "Name": "DependsOn"
                },
                {
                    "DataType": "STRING",
                    "Name": "Description"
                },
                {
                    "DataType": "STRING",
                    "Name": "Installed"
                },
                {
                    "DataType": "STRING",
                    "Name": "InstalledState"
                },
                {
                    "DataType": "STRING",
                    "Name": "SubFeatures"
                },
                {
                    "DataType": "STRING",
                    "Name": "ServerComponentDescriptor"
                },
                {
                    "DataType": "STRING",
                    "Name": "Parent"
                }
            ]
        },
        {
            "TypeName": "AWS:WindowsUpdate",
            "Version": "1.0",
            "Attributes": [
                {
                    "DataType": "STRING",
                    "Name": "HotFixId"
                },
                {
                    "DataType": "STRING",
                    "Name": "Description"
                },
                {
                    "DataType": "STRING",
                    "Name": "InstalledTime"
                },
                {
                    "DataType": "STRING",
                    "Name": "InstalledBy"
                }
            ]
        }
    ]
}

レジストリー

aws ssm list-inventory-entries \
    --instance-id i-0xxxxxxxxxxxxxxxx \
    --type-name AWS:WindowsRegistry
{
    "InstanceId": "i-xxxxxxxxxxxxxxxx",
    "TypeName": "AWS:WindowsRegistry",
    "Entries": [
        {
            "ValueType": "REG_SZ",
            "KeyPath": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Amazon\\MachineImage.Name",
            "Value": "Windows_Server-2016-English-Full-Base",
            "ValueName": "AMIName"
        },
        {
            "ValueType": "REG_SZ",
            "KeyPath": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Amazon\\MachineImage.Name",
            "Value": "2017.10.13",
            "ValueName": "AMIVersion"
        }
    ],
    "SchemaVersion": "1.0",
    "CaptureTime": "2017-11-23T09:04:18Z"
}

サービス

aws ssm list-inventory-entries \
    --instance-id i-xxxxxxxxxxxxxxxx\
    --type-name AWS:Service
{
    "InstanceId": "i-xxxxxxxxxxxxxxxx",
    "TypeName": "AWS:Service",
    "Entries": [
        {
            "Status": "Stopped",
            "ServiceType": "Win32OwnProcess",
            "DisplayName": "Active Directory Federation Services",
            "Name": "adfssrv",
            "ServicesDependedOn": "HTTP",
            "StartType": "Manual",
            "DependentServices": ""
        },
        {
            "Status": "Stopped",
            "ServiceType": "Win32ShareProcess",
            "DisplayName": "AllJoyn Router Service",
            "Name": "AJRouter",
            "ServicesDependedOn": "",
            "StartType": "Manual",
            "DependentServices": ""
        },

            (省略)


        {
            "Status": "Stopped",
            "ServiceType": "Win32ShareProcess",
            "DisplayName": "Encrypting File System (EFS)",
            "Name": "EFS",
            "ServicesDependedOn": "RPCSS",
            "StartType": "Manual",
            "DependentServices": ""
        },
        {
            "Status": "Stopped",
            "ServiceType": "Win32ShareProcess",
            "DisplayName": "Embedded Mode",
            "Name": "embeddedmode",
            "ServicesDependedOn": "BrokerInfrastructure",
            "StartType": "Manual",
            "DependentServices": ""
        }
    ],
    "SchemaVersion": "1.0",
    "NextToken": "AAEAAd7ShEnm042rB8XJzgdZIJcz3unSmWOxyszUSNiSeMTlkB46ys46spQu0dH6zZFXsuThuAcwPnwjd7XaeNU7L7GkbzEkPdYnufDMP6nS9SlzhfH7NaAuWkwKKPWY8XquEzcUy4mFFuwBuQH65PMxJl5WcTBgXJ7OAPBWOlDeJWxFcS5oWkiLba2veg/c/wyMYBnPDvXDfU+izA70YW6+JU+Sy96CudS4Ruj/WJtB9PLIt47Uv0zH0+kgZzngYaGnEQ==",
    "CaptureTime": "2017-11-23T09:04:18Z"
}

役割と機能

aws ssm list-inventory-entries \
    --instance-id i-0xxxxxxxxxxxxxxxx\
    --type-name AWS:WindowsRole
{
    "InstanceId": "i-0xxxxxxxxxxxxxxxx",
    "TypeName": "AWS:WindowsRole",
    "Entries": [
        {
            "FeatureType": "Role",
            "InstalledState": "Available",
            "DisplayName": "Active Directory Certificate Services",
            "Description": "Active Directory Certificate Services (AD CS) is used to create certification authorities and related role services that allow you to issue and manage certificates used in a variety of applications.",
            "Parent": "",
            "SubFeatures": "ADCS-Cert-Authority ADCS-Enroll-Web-Pol ADCS-Enroll-Web-Svc ADCS-Web-Enrollment ADCS-Device-Enrollment ADCS-Online-Cert",
            "Installed": "False",
            "ServerComponentDescriptor": "ServerComponent_AD_Certificate",
            "DependsOn": "",
            "Path": "Active Directory Certificate Services",
            "Name": "AD-Certificate"
        },
        {
            "FeatureType": "Role Service",
            "InstalledState": "Available",
            "DisplayName": "Certification Authority",
            "Description": "Certification Authority (CA) is used to issue and manage certificates. Multiple CAs can be linked to form a public key infrastructure.",
            "Parent": "AD-Certificate",
            "SubFeatures": "",
            "Installed": "False",
            "ServerComponentDescriptor": "ServerComponent_ADCS_Cert_Authority",
            "DependsOn": "",
            "Path": "Active Directory Certificate Services\\Certification Authority",
            "Name": "ADCS-Cert-Authority"
        },

            (省略)

        {
            "FeatureType": "Role Service",
            "InstalledState": "Available",
            "DisplayName": "Remote Desktop Licensing",
            "Description": "Remote Desktop Licensing (RD Licensing) manages the licenses required to connect to a Remote Desktop Session Host server or a virtual desktop. You can use RD Licensing to install, issue, and track the availability of licenses.",
            "Parent": "Remote-Desktop-Services",
            "SubFeatures": "",
            "Installed": "False",
            "ServerComponentDescriptor": "ServerComponent_RDS_Licensing",
            "DependsOn": "",
            "Path": "Remote Desktop Services\\Remote Desktop Licensing",
            "Name": "RDS-Licensing"
        },
        {
            "FeatureType": "Role Service",
            "InstalledState": "Available",
            "DisplayName": "Remote Desktop Session Host",
            "Description": "Remote Desktop Session Host (RD Session Host) enables a server to host RemoteApp programs or session-based desktops. Users can connect to RD Session Host servers in a session collection to run programs, save files, and use resources on those servers. Users can access an RD Session Host server by using the Remote Desktop Connection client or by using RemoteApp programs.",
            "Parent": "Remote-Desktop-Services",
            "SubFeatures": "",
            "Installed": "False",
            "ServerComponentDescriptor": "ServerComponent_RDS_RD_Server",
            "DependsOn": "",
            "Path": "Remote Desktop Services\\Remote Desktop Session Host",
            "Name": "RDS-RD-Server"
        }
    ],
    "SchemaVersion": "1.0",
    "NextToken": "AAEAAfeh9vnu86z3ky19TFPtYivte++dq/twK8/QrswXKUpQAk9lR0vkvAlRo7lvKtRR0Q3Lf9xedfm/MvHw/yQ26UR1fuOIFfwrYLGMysgF2X9lQ1Sx4wu3crauqD5r0OAa8056z3pwncMIu4gVTAbCZw2AiX2UspVBksehS4zru24Rq/3h3zMWF44LNdQOxQmFF6oNS+6qVAERK4nSbRj3zOUcvz/Y76fCkFh6scV6XuYPdjyJc+QWK3QfVhV9FgmysQ==",
    "CaptureTime": "2017-11-23T09:04:18Z"
}

ファイル

aws ssm list-inventory-entries \
    --instance-id i-0xxxxxxxxxxxxxxxx \
    --type-name AWS:File
{
    "InstanceId": "i-0xxxxxxxxxxxxxxxx",
    "TypeName": "AWS:File",
    "Entries": [
        {
            "FileVersion": "4.9.2260",
            "CompanyName": "Amazon Web Services, Inc.",
            "InstalledDate": "2017-11-15T02:04:18Z",
            "LastAccessTime": "2017-11-21T08:03:12Z",
            "ProductLanguage": "Language Neutral",
            "ProductVersion": "4.9.2260",
            "ModificationTime": "2017-11-15T02:04:18Z",
            "InstalledDir": "C:\\Program Files\\Amazon\\SSM\\Plugins\\awsCloudWatch",
            "Description": "EC2Config.CloudWatch",
            "Name": "AWS.CloudWatch.exe",
            "ProductName": "",
            "Size": "18432"
        },
        {
            "FileVersion": "4.9.2260",
            "CompanyName": "Amazon Web Services, Inc.",
            "InstalledDate": "2017-11-15T02:04:20Z",
            "LastAccessTime": "2017-11-21T08:03:13Z",
            "ProductLanguage": "Language Neutral",
            "ProductVersion": "4.9.2260",
            "ModificationTime": "2017-11-15T02:04:20Z",
            "InstalledDir": "C:\\Program Files\\Amazon\\SSM\\Plugins\\awsDomainJoin",
            "Description": "Ec2Config.DomainJoin",
            "Name": "AWS.DomainJoin.exe",
            "ProductName": "",
            "Size": "2285568"
        },

            (省略)

        {
            "FileVersion": "12.0.14393.0 (rs1_release.160715-1616)",
            "CompanyName": "Microsoft Corporation",
            "InstalledDate": "2016-07-16T13:19:56Z",
            "LastAccessTime": "2016-07-16T13:19:56Z",
            "ProductLanguage": "English (United States)",
            "ProductVersion": "12.0.14393.0",
            "ModificationTime": "2016-07-16T13:19:56Z",
            "InstalledDir": "C:\\Program Files\\Windows Media Player",
            "Description": "Windows Media Player Gadget for Windows SideShow capable devices",
            "Name": "WMPSideShowGadget.exe",
            "ProductName": "Microsoftr Windowsr Operating System",
            "Size": "174080"
        },
        {
            "FileVersion": "12.0.14393.0 (rs1_release.160715-1616)",
            "CompanyName": "Microsoft Corporation",
            "InstalledDate": "2016-11-15T08:39:18Z",
            "LastAccessTime": "2016-11-15T08:39:18Z",
            "ProductLanguage": "English (United States)",
            "ProductVersion": "12.0.14393.0",
            "ModificationTime": "2016-10-15T03:54:34Z",
            "InstalledDir": "C:\\Program Files\\Windows Media Player",
            "Description": "Microsoft Windows Media Configuration Utility",
            "Name": "setup_wm.exe",
            "ProductName": "Microsoftr Windowsr Operating System",
            "Size": "1842176"
        }
    ],
    "SchemaVersion": "1.0",
    "NextToken": "AAEAAbuVDLxv4MFgArGOWpYsqcfgbZtFQZYBn/wYJMYMyVpyd87fz/sHP9uGgAcZ/3qa4JnWBA1uMoUTDpg8eskge6071VCFbMjqSqH86eGNQl9tdfhZHCSQ2HPHbU4uOjK6nLtkS76jlnTAhbyZB85yTwZSvRDMOLuGJ8HRsLD6lFMItm9BvmQKC4+yhiElqNaIdK0e2GR/LYTU27X6oYPiHSoQ02dUylPY0Z2rHHsnKt6sUlnAYQT/zskPLL7k4cTmZg==",
    "CaptureTime": "2017-11-23T09:04:18Z"
}

まとめ

これまでは専用のツールなどを使わないと収集が難しかった詳細なインベントリー情報が簡単に収集できるようになりました。

ここまでくると、ISVやMSPでの利用を想定しているような気もしますが、ますます便利になるEC2 Systems Managerはやっぱり良いサービスだと思います。