babakc/ssmDocument.json Secret

## ssmDocument.json
{
    "schemaVersion": "2.2",
    "description": "Reset root password on instances.",
    "mainSteps": [{
            "action": "aws:runPowerShellScript",
            "name": "ResetWindows",
            "precondition": {
                "StringEquals": [
                    "platformType",
                    "Windows"
                ]
            },
            "inputs": {
                "runCommand": [
                    "Add-Type -AssemblyName System.web",
                    "$instanceid = (Invoke-WebRequest -UseBasicParsing -Uri http://169.254.169.254/latest/meta-data/instance-id).content",
                    "do {",
                    "   try {",
                    "       $pwd = [System.Web.Security.Membership]::GeneratePassword(14, 4)",
                    "       ([adsi](\"WinNT://$env:computername/administrator,user\")).psbase.invoke('SetPassword', \"$pwd\")",
                    "       $completed = 'true'",
                    "   }",
                    "   catch {",
                    "       write-output 'Password reset failed, trying again.'",
                    "   }",
                    "} while ($completed -ne 'true')",
                    "Write-SSMParameter -name \"pwd-$instanceid\" -value $pwd -type 'SecureString' -keyid \"<insert CMK here!>\" -overwrite $true -region <insert region here!>",
                    "write-output \"Password reset successfully and stored in the parameters store as pwd-$instanceid\""
                ]
            }
        },
        {
            "action": "aws:runShellScript",
            "name": "ResetLinux",
            "precondition": {
                "StringEquals": [
                    "platformType",
                    "Linux"
                ]
            },
            "inputs": {
                "workingDirectory": "/tmp",
                "runCommand": [
                    "export RANDFILE=~/.rnd",
                    "instanceid=$(wget -q -O - http://169.254.169.254/latest/meta-data/instance-id)",
                    "pwd=$(openssl rand -base64 14)",
                    "echo \"root:$pwd\" | chpasswd",
                    "aws ssm put-parameter --name pwd-$instanceid --value $pwd --type 'SecureString' --key-id '<insert CMK here!>' --overwrite --region <insert region here!>",
                    "echo \"Root password reset successfully and stored in the parameter store as pwd-$instanceid\""
                ]
            }
        }
    ]
}
	{
	"schemaVersion": "2.2",
	"description": "Reset root password on instances.",
	"mainSteps": [{
	"action": "aws:runPowerShellScript",
	"name": "ResetWindows",
	"precondition": {
	"StringEquals": [
	"platformType",
	"Windows"
	]
	},
	"inputs": {
	"runCommand": [
	"Add-Type -AssemblyName System.web",
	"$instanceid = (Invoke-WebRequest -UseBasicParsing -Uri http://169.254.169.254/latest/meta-data/instance-id).content",
	"do {",
	" try {",
	" $pwd = [System.Web.Security.Membership]::GeneratePassword(14, 4)",
	" ([adsi](\"WinNT://$env:computername/administrator,user\")).psbase.invoke('SetPassword', \"$pwd\")",
	" $completed = 'true'",
	" }",
	" catch {",
	" write-output 'Password reset failed, trying again.'",
	" }",
	"} while ($completed -ne 'true')",
	"Write-SSMParameter -name \"pwd-$instanceid\" -value $pwd -type 'SecureString' -keyid \"<insert CMK here!>\" -overwrite $true -region <insert region here!>",
	"write-output \"Password reset successfully and stored in the parameters store as pwd-$instanceid\""
	]
	}
	},
	{
	"action": "aws:runShellScript",
	"name": "ResetLinux",
	"precondition": {
	"StringEquals": [
	"platformType",
	"Linux"
	]
	},
	"inputs": {
	"workingDirectory": "/tmp",
	"runCommand": [
	"export RANDFILE=~/.rnd",
	"instanceid=$(wget -q -O - http://169.254.169.254/latest/meta-data/instance-id)",
	"pwd=$(openssl rand -base64 14)",
	"echo \"root:$pwd\" \| chpasswd",
	"aws ssm put-parameter --name pwd-$instanceid --value $pwd --type 'SecureString' --key-id '<insert CMK here!>' --overwrite --region <insert region here!>",
	"echo \"Root password reset successfully and stored in the parameter store as pwd-$instanceid\""
	]
	}
	}
	]
	}