SSM
Protocol: JSON 1.1 (X-Amz-Target: AmazonSSM.*)
Endpoint: POST http://localhost:4566/
Supported Actions
Parameter Store
| Action | Description |
|---|---|
PutParameter |
Create or update a parameter |
GetParameter |
Get a single parameter by name |
GetParameters |
Get multiple parameters by name |
GetParametersByPath |
Get all parameters under a path prefix |
DeleteParameter |
Delete a parameter |
DeleteParameters |
Delete multiple parameters |
GetParameterHistory |
List all versions of a parameter |
DescribeParameters |
List parameters with optional filters |
LabelParameterVersion |
Attach a label to a specific version |
AddTagsToResource |
Tag a parameter |
ListTagsForResource |
List tags on a parameter |
RemoveTagsFromResource |
Remove tags from a parameter |
DescribePatchBaselines |
List AWS-owned predefined patch baselines (filter by OWNER, OPERATING_SYSTEM, NAME_PREFIX) |
GetDefaultPatchBaseline |
Get the default patch baseline id for an operating system |
Run Command
| Action | Description |
|---|---|
UpdateInstanceInformation |
Register or update an SSM agent record for an instance |
DescribeInstanceInformation |
List registered SSM managed instances |
SendCommand |
Create command invocations for target instances |
GetCommandInvocation |
Return a command invocation result |
ListCommands |
List command records |
ListCommandInvocations |
List command invocation records |
CancelCommand |
Cancel pending or in-progress command invocations |
ec2messages Agent Protocol
| Action | Description |
|---|---|
GetMessages |
Agent polls for pending command messages |
AcknowledgeMessage |
Agent acknowledges receipt of a command message |
SendReply |
Agent reports command output and status |
Run Command Execution
SendCommand supports the AWS-RunShellScript document. For EC2 instances launched by Floci in real Docker mode, Floci creates the command invocation, returns the command response, and then runs the script asynchronously inside the target instance container. Callers observe completion through GetCommandInvocation. stdout, stderr, response code, start time, and end time are recorded on the invocation.
If the target is not a Floci EC2 container, or if the document is not supported for direct execution, Floci falls back to the SSM agent polling flow. In that mode, SendCommand queues an ec2messages payload and the invocation completes after an agent calls SendReply.
Direct command output follows the AWS inline output limits: first 24,000 characters of stdout and first 8,000 characters of stderr. Commands that exceed TimeoutSeconds are constrained inside the target container when the container has the timeout command available, and terminal timeout results are marked TimedOut with StatusDetails set to Execution Timed Out; commands with nonzero exit codes are marked Failed.
Configuration
| Variable | Default | Description |
|---|---|---|
FLOCI_SERVICES_SSM_ENABLED |
true |
Enable or disable the service |
FLOCI_SERVICES_SSM_MAX_PARAMETER_HISTORY |
5 |
Number of parameter versions retained per parameter |
FLOCI_STORAGE_SERVICES_SSM_MODE |
(global default) | Storage mode override for SSM (memory, persistent, hybrid, wal) |
FLOCI_STORAGE_SERVICES_SSM_FLUSH_INTERVAL_MS |
5000 |
Flush interval for hybrid/wal storage modes (milliseconds) |
Examples
export AWS_ENDPOINT_URL=http://localhost:4566
# Store parameters
aws ssm put-parameter --endpoint-url $AWS_ENDPOINT_URL \
--name /app/db/host --value "localhost" --type String
aws ssm put-parameter --endpoint-url $AWS_ENDPOINT_URL \
--name /app/db/password --value "secret" --type SecureString
# Retrieve
aws ssm get-parameter --endpoint-url $AWS_ENDPOINT_URL \
--name /app/db/host
aws ssm get-parameters-by-path --endpoint-url $AWS_ENDPOINT_URL \
--path /app/ --recursive
# Delete
aws ssm delete-parameter --endpoint-url $AWS_ENDPOINT_URL \
--name /app/db/host
# Run a shell command on a Floci EC2 instance
aws ssm send-command --endpoint-url $AWS_ENDPOINT_URL \
--instance-ids i-0123456789abcdef0 \
--document-name AWS-RunShellScript \
--parameters commands='["echo hello"]'
Parameter Types
All AWS parameter types are accepted: String, StringList, SecureString.
Note
SecureString parameters are stored as-is without actual KMS encryption in Floci. The type is preserved and returned correctly, but the value is not encrypted at rest.