Configuration

AMI Access Manager (aam) configuration syntax defines the work the program will do. The configuration is stored in a file named “aam.json”. The following directories are searched with the first match winning:

• current working directory (./aam.json)
• users home directory ($HOME/aam.json)
• system configuration directory (/etc/aam.json)

Jobs

Configuration is provided as a JSON object. It begins with a jobs array containing one or more job objects. Each job object combines a query with a list of accounts. For example:

{
    "jobs": [
        {
            "query": { SOME_QUERY },
            "accounts": [ SOME_ACCOUNTS ]
        },
        {
            "query": { ANOTHER_QUERY },
            "accounts": [ OTHER_ACCOUNTS ]
        },

        ...

    ]
}

BEWARE: Query objects must be mutually exclusive when running the full command, unless the lists of accounts match. You will get non-deterministic results if the account lists do not match.

Query

A query is used to identify the Amazon Machine Image(s) to manage. The query may be any selection criteria accepted by the describeImages API method, as documented here and expressed in JSON syntax. For example:

"query": {
    "Filters": [
        {
            "Name": "name",
            "Values": [
                "your-amis-name"
            ]
        }
    ]
}

Accounts

One or more Amazon account IDs are used to mutate the launch permissions of an Amazon Machine Image. For example:

"accounts": [
    "000000000000",
    "111111111111"
]

The accounts listed may be added, removed, or explicitly set depending on how the program is run.