Skip to content
This repository was archived by the owner on Aug 29, 2025. It is now read-only.

[AWS::SSM::Document] Support named document version updates without changing default version #205

@4naesthetic

Description

@4naesthetic

When setting UpdateMethod to NewVersion while updating an existing named SSM document, the current behaviour is to also automatically set the $DEFAULT version to the new latest version [1]. This extra effect is not always desirable. For example, you may own a document that has shared the $DEFAULT version with others (either publicly or with other specific AWS accounts), and by updating in this way the new document version will immediately be shared without giving you (the publisher) the chance to test it first.

It would be good to have an option to opt-out of this automatic version update, perhaps as a new UpdateMethod flag (NewVersionNoUpdateDefaultVersion or something...). This would enable the following workflow:

  1. Create new document using CloudFormation (implicitly setting $DEFAULT and $LATEST versions).
  2. Share $DEFAULT version of document to end users.
  3. Update document with new version using CloudFormation (updating $LATEST version only)
  4. Test changes to $LATEST version.
  5. Update $DEFAULT version to match $LATEST

NB: Currently steps (2) and (5) require custom resources and eventually it would be good to have a new CloudFormation resource that can handle document sharing, however this feature would still help with step (1).

[1] From the CloudFormation docs:

If the document resource you specify in your template already exists, this parameter determines whether a new version of the existing document is created, or the existing document is replaced. Replace is the default method. If you specify NewVersion for the UpdateMethod parameter, and the Name of the document does not match an existing resource, a new document is created. When you specify NewVersion, the default version of the document is changed to the newly created version.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions