AWS Systems Manager Inventoryの有効化（AWS Systems Manager State Managerの関連付け）を Terraform で構築する場合 aws_ssm_associationリソースを使って設定できる💡

• aws_ssm_association | hashicorp/aws

aws_ssm_associationの parametersに関しては Terraform のドキュメントには詳しく載っていないため，マネジメントコンソールの「セットアップインベントリ」画面と AWS Systems Manager Documentsの AWS-GatherSoftwareInventoryを参考にしながら設定すると良いと思う❗️

docs.aws.amazon.com

Terraform コード

設定としては以下のように仮置きしている👌

• 収集対象にする Amazon EC2 インスタンスにはタグ Inventory: trueを追加しておく
• 1時間に1回実行する（早めに動作確認ができるように）
• Windows は対象外にする

resource"aws_ssm_association""inventory"{name = "AWS-GatherSoftwareInventory"association_name = "Inventory"targets{key    = "tag:Inventory"values = ["true"]}parameters = {applications                = "Enabled"awsComponents               = "Enabled"files                       = ""networkConfig               = "Enabled"windowsUpdates              = "Disabled"instanceDetailedInformation = "Enabled"services                    = "Disabled"windowsRegistry             = ""windowsRoles                = "Disabled"customInventory             = "Enabled"billingInfo                 = "Enabled"}schedule_expression = "rate(1 hour)"
}

結果

期待通りに構築できて，AWS Systems Manager Inventory でメタデータも収集できた❗️

参考: AWS Systems Manager Documents

AWS Systems Manager Documents の AWS-GatherSoftwareInventoryのコンテンツ（バージョン1）を載せておく．Terraform で指定する Enabledや Disabledという値の期待値やデフォルト値などを確認できる💡

{"schemaVersion": "2.0",
  "description": "Software Inventory Policy Document.",
  "parameters": {"applications": {"type": "String",
      "default": "Enabled",
      "description": "(Optional) Collect data for installed applications.",
      "allowedValues": ["Enabled",
        "Disabled"
      ]},
    "awsComponents": {"type": "String",
      "default": "Enabled",
      "description": "(Optional) Collect data for AWS Components like amazon-ssm-agent.",
      "allowedValues": ["Enabled",
        "Disabled"
      ]},
    "files": {"type": "String",
      "default": "",
      "description": "<p>(Optional, requires SSMAgent version 2.2.64.0 and above)<br/><br/>Linux example:<br/><em>[{\"Path\":\"/usr/bin\", \"Pattern\":[\"aws*\", \"*ssm*\"],\"Recursive\":false},{\"Path\":\"/var/log\", \"Pattern\":[\"amazon*.*\"], \"Recursive\":true, \"DirScanLimit\":1000}]<br/></em><br/>Windowsexample:<br/><em>[{\"Path\":\"%PROGRAMFILES%\", \"Pattern\":[\"*.exe\"],\"Recursive\":true}]</em><br/><br/>LearnMore: http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-about.html#sysman-inventory-file-and-registry  </p>","displayType": "textarea"
    },
    "networkConfig": {"type": "String",
      "default": "Enabled",
      "description": "(Optional) Collect data for Network configurations.",
      "allowedValues": ["Enabled",
        "Disabled"
      ]},
    "windowsUpdates": {"type": "String",
      "default": "Enabled",
      "description": "(Optional, Windows OS only) Collect data for all Windows Updates.",
      "allowedValues": ["Enabled",
        "Disabled"
      ]},
    "instanceDetailedInformation": {"type": "String",
      "default": "Enabled",
      "description": "(Optional) Collect additional information about the instance, including the CPU model, speed, and the number of cores, to name a few.",
      "allowedValues": ["Enabled",
        "Disabled"
      ]},
    "services": {"type": "String",
      "default": "Enabled",
      "description": "(Optional, Windows OS only, requires SSMAgent version 2.2.64.0 and above) Collect data for service configurations.",
      "allowedValues": ["Enabled",
        "Disabled"
      ]},
    "windowsRegistry": {"type": "String",
      "default": "",
      "description": "<p>(Optional, Windows OS only, requires SSMAgent version 2.2.64.0 and above)<br/><br/>Example:<br />[{\"Path\":\"HKEY_CURRENT_CONFIG\\System\",\"Recursive\":true},{\"Path\":\"HKEY_LOCAL_MACHINE\\SOFTWARE\\Amazon\\MachineImage\", \"ValueNames\":[\"AMIName\"]}]<br/><br/>Learn More: http://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-inventory-about.html#sysman-inventory-file-and-registry </p>",
      "displayType": "textarea"
    },
    "windowsRoles": {"type": "String",
      "default": "Enabled",
      "description": "(Optional, Windows OS only, requires SSMAgent version 2.2.64.0 and above) Collect data for Microsoft Windows role configurations.",
      "allowedValues": ["Enabled",
        "Disabled"
      ]},
    "customInventory": {"type": "String",
      "default": "Enabled",
      "description": "(Optional) Collect data for custom inventory.",
      "allowedValues": ["Enabled",
        "Disabled"
      ]},
    "billingInfo": {"type": "String",
      "default": "Enabled",
      "description": "(Optional) Collect billing info for license included applications.",
      "allowedValues": ["Enabled",
        "Disabled"
      ]}
  },
  "mainSteps": [{"action": "aws:softwareInventory",
      "name": "collectSoftwareInventoryItems",
      "inputs": {"applications": "{{ applications }}",
        "awsComponents": "{{ awsComponents }}",
        "networkConfig": "{{ networkConfig }}",
        "files": "{{ files }}",
        "services": "{{ services }}",
        "windowsRoles": "{{ windowsRoles }}",
        "windowsRegistry": "{{ windowsRegistry}}",
        "windowsUpdates": "{{ windowsUpdates }}",
        "instanceDetailedInformation": "{{ instanceDetailedInformation }}",
        "billingInfo": "{{ billingInfo }}",
        "customInventory": "{{ customInventory }}"
      }}]
}