lampidudelj/InstallWindowsUpdatesWithShutdown.json

## InstallWindowsUpdatesWithShutdown.json
{
  "schemaVersion": "0.3",
  "description": "Updates a Microsoft Windows AMI. By default it will install all Windows updates, Amazon software, and Amazon drivers. It will then sysprep and create a new AMI. Supports Windows Server 2008 R2 and greater.",
  "assumeRole": "{{ AutomationAssumeRole }}",
  "parameters": {
    "InstanceId": {
      "type": "String",
      "description": "(Required) EC2 Instance ID."
    },
    "AutomationAssumeRole": {
      "type": "String",
      "description": "(Required) The ARN of the role that allows Automation to perform the actions on your behalf.",
      "default": "arn:aws:iam::{{global:ACCOUNT_ID}}:role/AutomationServiceRole"
    },
    "TopicArn": {
      "type": "String",
      "default": "arn:aws:sns:{{global:REGION}}:{{global:ACCOUNT_ID}}:cloudtrail-alarms",
      "description": "(Required) Specify SNS topic ARN to which message will be published."
    },
    "IncludeKbs": {
      "type": "String",
      "description": "(Optional) Specify one or more Microsoft Knowledge Base (KB) article IDs to include. You can install multiple IDs using comma-separated values. Valid formats: KB9876543 or 9876543.",
      "default": ""
    },
    "ExcludeKbs": {
      "type": "String",
      "description": "(Optional) Specify one or more Microsoft Knowledge Base (KB) article IDs to exclude. You can exclude multiple IDs using comma-separated values. Valid formats: KB9876543 or 9876543.",
      "default": ""
    },
    "Categories": {
      "type": "String",
      "description": "(Optional) Specify one or more update categories. You can filter categories using comma-separated values. Options: Application, Connectors, CriticalUpdates, DefinitionUpdates, DeveloperKits, Drivers, FeaturePacks, Guidance, Microsoft, SecurityUpdates, ServicePacks, Tools, UpdateRollups, Updates. Valid formats include a single entry, for example: CriticalUpdates. Or you can specify a comma separated list: CriticalUpdates,SecurityUpdates. NOTE: There cannot be any spaces around the commas.",
      "default": ""
    },
    "SeverityLevels": {
      "type": "String",
      "description": "(Optional) Specify one or more MSRC severity levels associated with an update. You can filter severity levels using comma-separated values. By default patches for all security levels are selected. If value supplied, the update list is filtered by those values. Options: Critical, Important, Low, Moderate or Unspecified. Valid formats include a single entry, for example: Critical. Or, you can specify a comma separated list: Critical,Important,Low.",
      "default": ""
    },
    "PublishedDaysOld": {
      "type": "String",
      "default": "",
      "description": "(Optional) Specify the amount of days old the updates must be from the published date.  For example, if 10 is specified, any updates that were found during the Windows Update search that have been published 10 or more days ago will be returned."
    },
    "PublishedDateAfter": {
      "type": "String",
      "default": "",
      "description": "(Optional) Specify the date that the updates should be published after.  For example, if 01/01/2017 is specified, any updates that were found during the Windows Update search that have been published on or after 01/01/2017 will be returned."
    },
    "PublishedDateBefore": {
      "type": "String",
      "default": "",
      "description": "(Optional) Specify the date that the updates should be published before.  For example, if 01/01/2017 is specified, any updates that were found during the Windows Update search that have been published on or before 01/01/2017 will be returned."
    }
  },
  "mainSteps": [
    {
      "name": "StartInstance",
      "action": "aws:changeInstanceState",
      "maxAttempts": 3,
      "timeoutSeconds": 7200,
      "onFailure": "step:PublishSNSNotification",
      "inputs": {
        "InstanceIds": [
          "{{ InstanceId }}"
        ],
        "CheckStateOnly": false,
        "DesiredState": "running"
      }
    },
    {
      "name": "InstallWindowsUpdates",
      "action": "aws:runCommand",
      "maxAttempts": 3,
      "onFailure": "step:PublishSNSNotification",
      "timeoutSeconds": 14400,
      "inputs": {
        "DocumentName": "AWS-InstallWindowsUpdates",
        "InstanceIds": [
          "{{ InstanceId }}"
        ],
        "Parameters": {
          "Action": "Install",
          "IncludeKbs": "{{ IncludeKbs }}",
          "ExcludeKbs": "{{ ExcludeKbs }}",
          "Categories": "{{ Categories }}",
          "SeverityLevels": "{{ SeverityLevels }}",
          "PublishedDaysOld": "{{ PublishedDaysOld }}",
          "PublishedDateAfter": "{{ PublishedDateAfter }}",
          "PublishedDateBefore": "{{ PublishedDateBefore }}"
        }
      }
    },
    {
      "name": "StopInstance",
      "action": "aws:changeInstanceState",
      "maxAttempts": 3,
      "timeoutSeconds": 7200,
      "onFailure": "step:PublishSNSNotification",
      "inputs": {
        "InstanceIds": [
          "{{ InstanceId }}"
        ],
        "CheckStateOnly": false,
        "DesiredState": "stopped"
      },
      "isEnd": true
    },
    {
      "name": "PublishSNSNotification",
      "action": "aws:executeAwsApi",
      "maxAttempts": 3,
      "onFailure": "Abort",
      "timeoutSeconds": 7200,
      "inputs": {
        "Service": "sns",
        "Api": "Publish",
        "TopicArn": "{{TopicArn}}",
        "Message": "Windows Instance {{ InstanceId }} failed to update at {{ global:DATE_TIME }}. For more information see https://{{global:REGION}}.console.aws.amazon.com/systems-manager/automation/execution/{{automation:EXECUTION_ID}}?region={{global:REGION}}"
      }
    }
  ],
  "outputs": []
}
	{
	"schemaVersion": "0.3",
	"description": "Updates a Microsoft Windows AMI. By default it will install all Windows updates, Amazon software, and Amazon drivers. It will then sysprep and create a new AMI. Supports Windows Server 2008 R2 and greater.",
	"assumeRole": "{{ AutomationAssumeRole }}",
	"parameters": {
	"InstanceId": {
	"type": "String",
	"description": "(Required) EC2 Instance ID."
	},
	"AutomationAssumeRole": {
	"type": "String",
	"description": "(Required) The ARN of the role that allows Automation to perform the actions on your behalf.",
	"default": "arn:aws:iam::{{global:ACCOUNT_ID}}:role/AutomationServiceRole"
	},
	"TopicArn": {
	"type": "String",
	"default": "arn:aws:sns:{{global:REGION}}:{{global:ACCOUNT_ID}}:cloudtrail-alarms",
	"description": "(Required) Specify SNS topic ARN to which message will be published."
	},
	"IncludeKbs": {
	"type": "String",
	"description": "(Optional) Specify one or more Microsoft Knowledge Base (KB) article IDs to include. You can install multiple IDs using comma-separated values. Valid formats: KB9876543 or 9876543.",
	"default": ""
	},
	"ExcludeKbs": {
	"type": "String",
	"description": "(Optional) Specify one or more Microsoft Knowledge Base (KB) article IDs to exclude. You can exclude multiple IDs using comma-separated values. Valid formats: KB9876543 or 9876543.",
	"default": ""
	},
	"Categories": {
	"type": "String",
	"description": "(Optional) Specify one or more update categories. You can filter categories using comma-separated values. Options: Application, Connectors, CriticalUpdates, DefinitionUpdates, DeveloperKits, Drivers, FeaturePacks, Guidance, Microsoft, SecurityUpdates, ServicePacks, Tools, UpdateRollups, Updates. Valid formats include a single entry, for example: CriticalUpdates. Or you can specify a comma separated list: CriticalUpdates,SecurityUpdates. NOTE: There cannot be any spaces around the commas.",
	"default": ""
	},
	"SeverityLevels": {
	"type": "String",
	"description": "(Optional) Specify one or more MSRC severity levels associated with an update. You can filter severity levels using comma-separated values. By default patches for all security levels are selected. If value supplied, the update list is filtered by those values. Options: Critical, Important, Low, Moderate or Unspecified. Valid formats include a single entry, for example: Critical. Or, you can specify a comma separated list: Critical,Important,Low.",
	"default": ""
	},
	"PublishedDaysOld": {
	"type": "String",
	"default": "",
	"description": "(Optional) Specify the amount of days old the updates must be from the published date. For example, if 10 is specified, any updates that were found during the Windows Update search that have been published 10 or more days ago will be returned."
	},
	"PublishedDateAfter": {
	"type": "String",
	"default": "",
	"description": "(Optional) Specify the date that the updates should be published after. For example, if 01/01/2017 is specified, any updates that were found during the Windows Update search that have been published on or after 01/01/2017 will be returned."
	},
	"PublishedDateBefore": {
	"type": "String",
	"default": "",
	"description": "(Optional) Specify the date that the updates should be published before. For example, if 01/01/2017 is specified, any updates that were found during the Windows Update search that have been published on or before 01/01/2017 will be returned."
	}
	},
	"mainSteps": [
	{
	"name": "StartInstance",
	"action": "aws:changeInstanceState",
	"maxAttempts": 3,
	"timeoutSeconds": 7200,
	"onFailure": "step:PublishSNSNotification",
	"inputs": {
	"InstanceIds": [
	"{{ InstanceId }}"
	],
	"CheckStateOnly": false,
	"DesiredState": "running"
	}
	},
	{
	"name": "InstallWindowsUpdates",
	"action": "aws:runCommand",
	"maxAttempts": 3,
	"onFailure": "step:PublishSNSNotification",
	"timeoutSeconds": 14400,
	"inputs": {
	"DocumentName": "AWS-InstallWindowsUpdates",
	"InstanceIds": [
	"{{ InstanceId }}"
	],
	"Parameters": {
	"Action": "Install",
	"IncludeKbs": "{{ IncludeKbs }}",
	"ExcludeKbs": "{{ ExcludeKbs }}",
	"Categories": "{{ Categories }}",
	"SeverityLevels": "{{ SeverityLevels }}",
	"PublishedDaysOld": "{{ PublishedDaysOld }}",
	"PublishedDateAfter": "{{ PublishedDateAfter }}",
	"PublishedDateBefore": "{{ PublishedDateBefore }}"
	}
	}
	},
	{
	"name": "StopInstance",
	"action": "aws:changeInstanceState",
	"maxAttempts": 3,
	"timeoutSeconds": 7200,
	"onFailure": "step:PublishSNSNotification",
	"inputs": {
	"InstanceIds": [
	"{{ InstanceId }}"
	],
	"CheckStateOnly": false,
	"DesiredState": "stopped"
	},
	"isEnd": true
	},
	{
	"name": "PublishSNSNotification",
	"action": "aws:executeAwsApi",
	"maxAttempts": 3,
	"onFailure": "Abort",
	"timeoutSeconds": 7200,
	"inputs": {
	"Service": "sns",
	"Api": "Publish",
	"TopicArn": "{{TopicArn}}",
	"Message": "Windows Instance {{ InstanceId }} failed to update at {{ global:DATE_TIME }}. For more information see https://{{global:REGION}}.console.aws.amazon.com/systems-manager/automation/execution/{{automation:EXECUTION_ID}}?region={{global:REGION}}"
	}
	}
	],
	"outputs": []
	}