steampipe plugin install awssteampipe plugin install aws
aws_accessanalyzer_analyzeraws_accountaws_account_alternate_contactaws_account_contactaws_acm_certificateaws_amplify_appaws_api_gateway_api_keyaws_api_gateway_authorizeraws_api_gateway_domain_nameaws_api_gateway_methodaws_api_gateway_rest_apiaws_api_gateway_stageaws_api_gateway_usage_planaws_api_gatewayv2_apiaws_api_gatewayv2_domain_nameaws_api_gatewayv2_integrationaws_api_gatewayv2_routeaws_api_gatewayv2_stageaws_appautoscaling_policyaws_appautoscaling_targetaws_appconfig_applicationaws_appstream_fleetaws_appstream_imageaws_appsync_graphql_apiaws_athena_query_executionaws_athena_workgroupaws_auditmanager_assessmentaws_auditmanager_controlaws_auditmanager_evidenceaws_auditmanager_evidence_folderaws_auditmanager_frameworkaws_availability_zoneaws_backup_frameworkaws_backup_legal_holdaws_backup_planaws_backup_protected_resourceaws_backup_recovery_pointaws_backup_report_planaws_backup_selectionaws_backup_vaultaws_cloudcontrol_resourceaws_cloudformation_stackaws_cloudformation_stack_resourceaws_cloudformation_stack_setaws_cloudfront_cache_policyaws_cloudfront_distributionaws_cloudfront_functionaws_cloudfront_origin_access_identityaws_cloudfront_origin_request_policyaws_cloudfront_response_headers_policyaws_cloudsearch_domainaws_cloudtrail_channelaws_cloudtrail_event_data_storeaws_cloudtrail_importaws_cloudtrail_lookup_eventaws_cloudtrail_queryaws_cloudtrail_trailaws_cloudtrail_trail_eventaws_cloudwatch_alarmaws_cloudwatch_log_eventaws_cloudwatch_log_groupaws_cloudwatch_log_metric_filteraws_cloudwatch_log_resource_policyaws_cloudwatch_log_streamaws_cloudwatch_log_subscription_filteraws_cloudwatch_metricaws_cloudwatch_metric_data_pointaws_cloudwatch_metric_statistic_data_pointaws_codeartifact_domainaws_codeartifact_repositoryaws_codebuild_buildaws_codebuild_projectaws_codebuild_source_credentialaws_codecommit_repositoryaws_codedeploy_appaws_codedeploy_deployment_configaws_codedeploy_deployment_groupaws_codepipeline_pipelineaws_cognito_identity_poolaws_cognito_identity_provideraws_cognito_user_poolaws_config_aggregate_authorizationaws_config_configuration_recorderaws_config_conformance_packaws_config_retention_configurationaws_config_ruleaws_cost_by_account_dailyaws_cost_by_account_monthlyaws_cost_by_record_type_dailyaws_cost_by_record_type_monthlyaws_cost_by_service_dailyaws_cost_by_service_monthlyaws_cost_by_service_usage_type_dailyaws_cost_by_service_usage_type_monthlyaws_cost_by_tagaws_cost_forecast_dailyaws_cost_forecast_monthlyaws_cost_usageaws_dax_clusteraws_dax_parameteraws_dax_parameter_groupaws_dax_subnet_groupaws_directory_service_certificateaws_directory_service_directoryaws_directory_service_log_subscriptionaws_directory_servicelog_subscriptionaws_dlm_lifecycle_policyaws_dms_certificateaws_dms_replication_instanceaws_docdb_clusteraws_docdb_cluster_instanceaws_drs_jobaws_drs_recovery_instanceaws_drs_recovery_snapshotaws_drs_source_serveraws_dynamodb_backupaws_dynamodb_global_tableaws_dynamodb_metric_account_provisioned_read_capacity_utilaws_dynamodb_metric_account_provisioned_write_capacity_utilaws_dynamodb_tableaws_dynamodb_table_exportaws_ebs_snapshotaws_ebs_volumeaws_ebs_volume_metric_read_opsaws_ebs_volume_metric_read_ops_dailyaws_ebs_volume_metric_read_ops_hourlyaws_ebs_volume_metric_write_opsaws_ebs_volume_metric_write_ops_dailyaws_ebs_volume_metric_write_ops_hourlyaws_ec2_amiaws_ec2_ami_sharedaws_ec2_application_load_balanceraws_ec2_application_load_balancer_metric_request_countaws_ec2_application_load_balancer_metric_request_count_dailyaws_ec2_autoscaling_groupaws_ec2_capacity_reservationaws_ec2_classic_load_balanceraws_ec2_client_vpn_endpointaws_ec2_gateway_load_balanceraws_ec2_instanceaws_ec2_instance_availabilityaws_ec2_instance_metric_cpu_utilizationaws_ec2_instance_metric_cpu_utilization_dailyaws_ec2_instance_metric_cpu_utilization_hourlyaws_ec2_instance_typeaws_ec2_key_pairaws_ec2_launch_configurationaws_ec2_launch_templateaws_ec2_launch_template_versionaws_ec2_load_balancer_listeneraws_ec2_managed_prefix_listaws_ec2_managed_prefix_list_entryaws_ec2_network_interfaceaws_ec2_network_load_balanceraws_ec2_network_load_balancer_metric_net_flow_countaws_ec2_network_load_balancer_metric_net_flow_count_dailyaws_ec2_regional_settingsaws_ec2_reserved_instanceaws_ec2_spot_priceaws_ec2_ssl_policyaws_ec2_target_groupaws_ec2_transit_gatewayaws_ec2_transit_gateway_routeaws_ec2_transit_gateway_route_tableaws_ec2_transit_gateway_vpc_attachmentaws_ecr_imageaws_ecr_image_scan_findingaws_ecr_registry_scanning_configurationaws_ecr_repositoryaws_ecrpublic_repositoryaws_ecs_clusteraws_ecs_cluster_metric_cpu_utilizationaws_ecs_cluster_metric_cpu_utilization_dailyaws_ecs_cluster_metric_cpu_utilization_hourlyaws_ecs_container_instanceaws_ecs_serviceaws_ecs_taskaws_ecs_task_definitionaws_efs_access_pointaws_efs_file_systemaws_efs_mount_targetaws_eks_addonaws_eks_addon_versionaws_eks_clusteraws_eks_fargate_profileaws_eks_identity_provider_configaws_eks_node_groupaws_elastic_beanstalk_applicationaws_elastic_beanstalk_environmentaws_elasticache_clusteraws_elasticache_parameter_groupaws_elasticache_redis_metric_cache_hits_hourlyaws_elasticache_redis_metric_curr_connections_hourlyaws_elasticache_redis_metric_engine_cpu_utilization_dailyaws_elasticache_redis_metric_engine_cpu_utilization_hourlyaws_elasticache_redis_metric_get_type_cmds_hourlyaws_elasticache_redis_metric_list_based_cmds_hourlyaws_elasticache_redis_metric_new_connections_hourlyaws_elasticache_replication_groupaws_elasticache_reserved_cache_nodeaws_elasticache_subnet_groupaws_elasticsearch_domainaws_emr_block_public_access_configurationaws_emr_clusteraws_emr_cluster_metric_is_idleaws_emr_instanceaws_emr_instance_fleetaws_emr_instance_groupaws_emr_security_configurationaws_eventbridge_busaws_eventbridge_ruleaws_fms_app_listaws_fms_policyaws_fsx_file_systemaws_glacier_vaultaws_globalaccelerator_acceleratoraws_globalaccelerator_endpoint_groupaws_globalaccelerator_listeneraws_glue_catalog_databaseaws_glue_catalog_tableaws_glue_connectionaws_glue_crawleraws_glue_data_catalog_encryption_settingsaws_glue_data_quality_rulesetaws_glue_dev_endpointaws_glue_jobaws_glue_security_configurationaws_guardduty_detectoraws_guardduty_filteraws_guardduty_findingaws_guardduty_ipsetaws_guardduty_memberaws_guardduty_publishing_destinationaws_guardduty_threat_intel_setaws_health_affected_entityaws_health_eventaws_iam_access_advisoraws_iam_access_keyaws_iam_account_password_policyaws_iam_account_summaryaws_iam_actionaws_iam_credential_reportaws_iam_groupaws_iam_open_id_connect_provideraws_iam_policyaws_iam_policy_attachmentaws_iam_policy_simulatoraws_iam_roleaws_iam_saml_provideraws_iam_server_certificateaws_iam_service_specific_credentialaws_iam_useraws_iam_virtual_mfa_deviceaws_identitystore_groupaws_identitystore_group_membershipaws_identitystore_useraws_inspector2_coverageaws_inspector2_coverage_statisticsaws_inspector2_findingaws_inspector2_memberaws_inspector_assessment_runaws_inspector_assessment_targetaws_inspector_assessment_templateaws_inspector_exclusionaws_inspector_findingaws_iot_thingaws_kinesis_consumeraws_kinesis_firehose_delivery_streamaws_kinesis_streamaws_kinesis_video_streamaws_kinesisanalyticsv2_applicationaws_kms_aliasaws_kms_keyaws_lambda_aliasaws_lambda_event_source_mappingaws_lambda_functionaws_lambda_function_metric_duration_dailyaws_lambda_function_metric_errors_dailyaws_lambda_function_metric_invocations_dailyaws_lambda_layeraws_lambda_layer_versionaws_lambda_versionaws_lightsail_instanceaws_macie2_classification_jobaws_media_store_containeraws_mgn_applicationaws_mq_brokeraws_msk_clusteraws_msk_serverless_clusteraws_neptune_db_clusteraws_neptune_db_cluster_snapshotaws_networkfirewall_firewallaws_networkfirewall_firewall_policyaws_networkfirewall_rule_groupaws_oam_linkaws_oam_sinkaws_opensearch_domainaws_organizations_accountaws_organizations_organizational_unitaws_organizations_policyaws_organizations_policy_targetaws_organizations_rootaws_pinpoint_appaws_pipes_pipeaws_pricing_productaws_pricing_service_attributeaws_ram_principal_associationaws_ram_resource_associationaws_rds_db_clusteraws_rds_db_cluster_parameter_groupaws_rds_db_cluster_snapshotaws_rds_db_event_subscriptionaws_rds_db_instanceaws_rds_db_instance_automated_backupaws_rds_db_instance_metric_connectionsaws_rds_db_instance_metric_connections_dailyaws_rds_db_instance_metric_connections_hourlyaws_rds_db_instance_metric_cpu_utilizationaws_rds_db_instance_metric_cpu_utilization_dailyaws_rds_db_instance_metric_cpu_utilization_hourlyaws_rds_db_instance_metric_read_iopsaws_rds_db_instance_metric_read_iops_dailyaws_rds_db_instance_metric_read_iops_hourlyaws_rds_db_instance_metric_write_iopsaws_rds_db_instance_metric_write_iops_dailyaws_rds_db_instance_metric_write_iops_hourlyaws_rds_db_option_groupaws_rds_db_parameter_groupaws_rds_db_proxyaws_rds_db_snapshotaws_rds_db_subnet_groupaws_rds_reserved_db_instanceaws_redshift_clusteraws_redshift_cluster_metric_cpu_utilization_dailyaws_redshift_event_subscriptionaws_redshift_parameter_groupaws_redshift_snapshotaws_redshift_subnet_groupaws_redshiftserverless_namespaceaws_redshiftserverless_workgroupaws_regionaws_resource_explorer_indexaws_resource_explorer_searchaws_resource_explorer_supported_resource_typeaws_route53_domainaws_route53_health_checkaws_route53_query_logaws_route53_recordaws_route53_resolver_endpointaws_route53_resolver_query_log_configaws_route53_resolver_ruleaws_route53_traffic_policyaws_route53_traffic_policy_instanceaws_route53_zoneaws_s3_access_pointaws_s3_account_settingsaws_s3_bucketaws_s3_bucket_intelligent_tiering_configurationaws_s3_multi_region_access_pointaws_s3_objectaws_sagemaker_appaws_sagemaker_domainaws_sagemaker_endpoint_configurationaws_sagemaker_modelaws_sagemaker_notebook_instanceaws_sagemaker_training_jobaws_secretsmanager_secretaws_securityhub_action_targetaws_securityhub_findingaws_securityhub_finding_aggregatoraws_securityhub_hubaws_securityhub_insightaws_securityhub_memberaws_securityhub_productaws_securityhub_standards_controlaws_securityhub_standards_subscriptionaws_securitylake_data_lakeaws_securitylake_subscriberaws_serverlessapplicationrepository_applicationaws_service_discovery_instanceaws_service_discovery_namespaceaws_service_discovery_serviceaws_servicecatalog_portfolioaws_servicecatalog_productaws_servicecatalog_provisioned_productaws_servicequotas_default_service_quotaaws_servicequotas_service_quotaaws_servicequotas_service_quota_change_requestaws_ses_domain_identityaws_ses_email_identityaws_sfn_state_machineaws_sfn_state_machine_executionaws_sfn_state_machine_execution_historyaws_simspaceweaver_simulationaws_sns_subscriptionaws_sns_topicaws_sns_topic_subscriptionaws_sqs_queueaws_ssm_associationaws_ssm_documentaws_ssm_document_permissionaws_ssm_inventoryaws_ssm_inventory_entryaws_ssm_maintenance_windowaws_ssm_managed_instanceaws_ssm_managed_instance_complianceaws_ssm_managed_instance_patch_stateaws_ssm_parameteraws_ssm_patch_baselineaws_ssmincidents_response_planaws_ssoadmin_account_assignmentaws_ssoadmin_instanceaws_ssoadmin_managed_policy_attachmentaws_ssoadmin_permission_setaws_sts_caller_identityaws_tagging_resourceaws_transfer_serveraws_trusted_advisor_check_summaryaws_vpcaws_vpc_customer_gatewayaws_vpc_dhcp_optionsaws_vpc_egress_only_internet_gatewayaws_vpc_eipaws_vpc_eip_address_transferaws_vpc_endpointaws_vpc_endpoint_serviceaws_vpc_flow_logaws_vpc_flow_log_eventaws_vpc_internet_gatewayaws_vpc_nat_gatewayaws_vpc_nat_gateway_metric_bytes_out_to_destinationaws_vpc_network_aclaws_vpc_peering_connectionaws_vpc_routeaws_vpc_route_tableaws_vpc_security_groupaws_vpc_security_group_ruleaws_vpc_subnetaws_vpc_verified_access_endpointaws_vpc_verified_access_groupaws_vpc_verified_access_instanceaws_vpc_verified_access_trust_provideraws_vpc_vpn_connectionaws_vpc_vpn_gatewayaws_waf_rate_based_ruleaws_waf_ruleaws_waf_rule_groupaws_waf_web_aclaws_wafregional_ruleaws_wafregional_rule_groupaws_wafregional_web_aclaws_wafv2_ip_setaws_wafv2_regex_pattern_setaws_wafv2_rule_groupaws_wafv2_web_aclaws_wellarchitected_answeraws_wellarchitected_check_detailaws_wellarchitected_check_summaryaws_wellarchitected_consolidated_reportaws_wellarchitected_lensaws_wellarchitected_lens_reviewaws_wellarchitected_lens_review_improvementaws_wellarchitected_lens_review_reportaws_wellarchitected_lens_shareaws_wellarchitected_milestoneaws_wellarchitected_notificationaws_wellarchitected_share_invitationaws_wellarchitected_workloadaws_wellarchitected_workload_shareaws_workspaces_directoryaws_workspaces_workspace

Table: aws_ssm_inventory - Query AWS Systems Manager Inventory using SQL

The AWS Systems Manager Inventory provides visibility into your Amazon EC2 and on-premises compute infrastructure. It collects metadata from your managed instances about applications, files, Windows updates, network configurations, and other details. This collected data assists in managing your systems, tracking software inventory, and applying patches.

Table Usage Guide

The aws_ssm_inventory table in Steampipe provides you with information about managed instances within AWS Systems Manager. This table enables you, as a DevOps engineer, to query instance-specific details, including instance name, type, platform type, and associated metadata. You can utilize this table to gather insights on instances, such as their status, their associated tags, and more. The schema outlines for you the various attributes of the managed instance, including the instance ID, instance type, platform type, and associated tags.

Examples

Basic info

Explore which AWS Simple Systems Manager (SSM) inventory items have been captured at a specific time, allowing you to understand the historical state of your resources and their schema versions across different regions. This information can aid in resource management and tracking changes in your AWS environment.

select
id,
type_name,
capture_time,
schema_version,
content,
region
from
aws_ssm_inventory;
select
id,
type_name,
capture_time,
schema_version,
content,
region
from
aws_ssm_inventory;

Get content details of a managed instance

Explore the essential characteristics of a particular managed instance, such as its platform type, agent version, and status. This information can be useful for understanding the instance's current configuration and performance, as well as for troubleshooting potential issues.

select
si.id,
c ->> 'AgentType' as agent_type,
c ->> 'IpAddress' as ip_address,
c ->> 'AgentVersion' as agent_version,
c ->> 'ComputerName' as computer_name,
c ->> 'PlatformName' as platform_name,
c ->> 'PlatformType' as platform_type,
c ->> 'ResourceType' as resource_type,
c ->> 'InstanceStatus' as instance_status,
c ->> 'PlatformVersion' as platform_version
from
aws_ssm_inventory as si,
jsonb_array_elements(content) as c
where
id = 'i-0665a65b1a1c2b47g';
select
si.id,
json_extract(c, '$.AgentType') as agent_type,
json_extract(c, '$.IpAddress') as ip_address,
json_extract(c, '$.AgentVersion') as agent_version,
json_extract(c, '$.ComputerName') as computer_name,
json_extract(c, '$.PlatformName') as platform_name,
json_extract(c, '$.PlatformType') as platform_type,
json_extract(c, '$.ResourceType') as resource_type,
json_extract(c, '$.InstanceStatus') as instance_status,
json_extract(c, '$.PlatformVersion') as platform_version
from
aws_ssm_inventory as si,
json_each(content) as c
where
id = 'i-0665a65b1a1c2b47g';

List schema definitions of inventories

This query helps you gain insights into the structure and organization of your AWS Systems Manager (SSM) inventories. It's useful for understanding the types of data stored in each inventory and how they are presented, which can aid in managing and utilizing your SSM resources effectively.

select
id,
s ->> 'Version' as schema_version,
s ->> 'TypeName' as type_name,
s ->> 'DisplayName' as display_name,
jsonb_pretty(s -> 'Attributes') as attributes
from
aws_ssm_inventory,
jsonb_array_elements(schema) as s
order by
id;
select
si.id,
json_extract(s.value, '$.Version') as schema_version,
json_extract(s.value, '$.TypeName') as type_name,
json_extract(s.value, '$.DisplayName') as display_name,
json_extract(s.value, '$.Attributes') as attributes
from
aws_ssm_inventory as si,
json_each(schema) as s
order by
si.id;

Get inventory details from the last 10 days

Explore recent changes in your AWS inventory by identifying items that have been added or modified in the last 10 days. This is useful for keeping track of inventory updates and ensuring system integrity.

select
id,
type_name,
capture_time,
schema_version,
content
from
aws_ssm_inventory
where
capture_time >= now() - interval '10' day;
select
id,
type_name,
capture_time,
schema_version,
content
from
aws_ssm_inventory
where
capture_time >= datetime('now', '-10 day');

Get inventory content of all running instances

Explore the specific attributes of all operational instances, including details such as their agent type, IP address, platform, and status. This is useful for effectively managing and monitoring your active instances in a cloud environment.

select
v.id,
i.instance_state,
i.instance_type,
c ->> 'AgentType' as agent_type,
c ->> 'IpAddress' as ip_address,
c ->> 'AgentVersion' as agent_version,
c ->> 'ComputerName' as computer_name,
c ->> 'PlatformName' as platform_name,
c ->> 'PlatformType' as platform_type,
c ->> 'ResourceType' as resource_type,
c ->> 'InstanceStatus' as instance_status,
c ->> 'PlatformVersion' as platform_version
from
aws_ssm_inventory as v,
aws_ec2_instance as i,
jsonb_array_elements(content) as c
where
v.id = i.instance_id
and i.instance_state = 'running';
select
v.id,
i.instance_state,
i.instance_type,
json_extract(c.value, '$.AgentType') as agent_type,
json_extract(c.value, '$.IpAddress') as ip_address,
json_extract(c.value, '$.AgentVersion') as agent_version,
json_extract(c.value, '$.ComputerName') as computer_name,
json_extract(c.value, '$.PlatformName') as platform_name,
json_extract(c.value, '$.PlatformType') as platform_type,
json_extract(c.value, '$.ResourceType') as resource_type,
json_extract(c.value, '$.InstanceStatus') as instance_status,
json_extract(c.value, '$.PlatformVersion') as platform_version
from
aws_ssm_inventory as v,
aws_ec2_instance as i,
json_each(v.content) as c
where
v.id = i.instance_id
and i.instance_state = 'running';

Schema for aws_ssm_inventory

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form, e.g. connection_name.
account_idtextThe AWS Account ID in which the resource is located.
application_attribute_keytext=The attribute key of the type name AWS:Application.
application_attribute_valuetext=The value for the attribute key of the type name AWS:Application.
capture_timetimestamp with time zoneThe time that inventory information was collected for the managed node(s).
compliance_attribute_keytext=The attribute key of the type name AWS:ComplianceItem.
compliance_attribute_valuetext=The value for the attribute key of the type name AWS:ComplianceItem.
component_attribute_keytext=The attribute key that are supported for type name AWS:AWSComponent, Possible values are: Name,ApplicationType,Publisher,Version,InstalledTime,Architecture and URL.
component_attribute_valuetext=The value for the component attribute key.
contentjsonbContains all the inventory data of the item type. Results include attribute names and values.
file_attribute_keytext=The attribute key of the type name AWS:File.
file_attribute_valuetext=The value for the attribute key of the type name AWS:File.
filter_keytext=The name of the filter key. Example: inventory filter key where managed node ID 'AWS:InstanceInformation.InstanceId'.
filter_valuetext=, !=, >, <, >=, <=Inventory filter values. Example: inventory filter where managed node IDs are specified as values 'i-a12b3c4d5e6g'.
idtext=ID of the inventory result entity.
instance_detailed_information_attribute_keytext=The attribute key of the type name AWS:InstanceDetailedInformation.
instance_detailed_information_attribute_valuetext=The value for the attribute key of the type name AWS:InstanceDetailedInformation.
instance_information_attribute_keytext=The attribute key of the type name AWS:InstanceInformation.
instance_information_attribute_valuetext=The value for the attribute key of the type name AWS:InstanceInformation.
network_attribute_keytext=The attribute key of the type name AWS:Network.
network_attribute_valuetext=The value for the attribute key of the type name AWS:Network.
partitiontextThe AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
patch_compliance_attribute_keytext=The attribute key of the type name AWS:PatchCompliance.
patch_compliance_attribute_valuetext=The value for the attribute key of the type name AWS:PatchCompliance.
patch_summary_attribute_keytext=The attribute key of the type name AWS:PatchSummary.
patch_summary_attribute_valuetext=The value for the attribute key of the type name AWS:PatchSummary.
regiontextThe AWS Region in which the resource is located.
resource_group_attribute_keytext=The attribute key of the type name AWS:ResourceGroup.
resource_group_attribute_valuetext=The value for the attribute key of the type name AWS:ResourceGroup.
schemajsonbThe inventory item schema definition. Users can use this to compose inventory query filters.
schema_versiontextThe inventory schema version used by the managed node(s).
service_attribute_keytext=The attribute key of the type name AWS:Service.
service_attribute_valuetext=The value for the attribute key of the type name AWS:Service.
tag_attribute_keytext=The attribute key of the type name AWS:Tag.
tag_attribute_valuetext=The value for the attribute key of the type name AWS:Tag.
titletextTitle of the resource.
type_nametext=The type of inventory item returned by the request.
windows_registry_attribute_keytext=The attribute key of the type name AWS:WindowsRegistry.
windows_registry_attribute_valuetext=The value for the attribute key of the type name AWS:WindowsRegistry.
windows_role_attribute_keytext=The attribute key of the type name AWS:WindowsRole.
windows_role_attribute_valuetext=The value for the attribute key of the type name AWS:WindowsRole.
windows_update_attribute_keytext=The attribute key of the type name AWS:WindowsUpdate.
windows_update_attribute_valuetext=The value for the attribute key of the type name AWS:WindowsUpdate.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_ssm_inventory